SQL injection vulnerabilities arise when user-controllable data is incorporated into database SQL queries in an unsafe manner. An attacker can supply crafted input to break out of the data context in which their input appears and interfere with the structure of the surrounding query.
Various attacks can be delivered via SQL injection, including reading or modifying critical application data, interfering with application logic, escalating privileges within the database and executing operating system commands.
Remediation background
The most effective way to prevent SQL injection attacks is to use parameterised queries (also known as prepared statements) for all database access. This method uses two steps to incorporate potentially tainted data into SQL queries: first, the application specifies the structure of the query, leaving placeholders for each item of user input; second, the application specifies the contents of each placeholder. Because the structure of the query has already defined in the first step, it is not possible for malformed data in the second step to interfere with the query structure. You should review the documentation for your database and application platform to determine the appropriate APIs which you can use to perform parameterised queries. It is strongly recommended that you parameterise every variable data item that is incorporated into database queries, even if it is not obviously tainted, to prevent oversights occurring and avoid vulnerabilities being introduced by changes elsewhere within the code base of the application.
You should be aware that some commonly employed and recommended mitigations for SQL injection vulnerabilities are not always effective:
One common defense is to double up any single quotation marks appearing within user input before incorporating that input into a SQL query. This defense is designed to prevent malformed data from terminating the string in which it is inserted. However, if the data being incorporated into queries is numeric, then the defense may fail, because numeric data may not be encapsulated within quotes, in which case only a space is required to break out of the data context and interfere with the query. Further, in second-order SQL injection attacks, data that has been safely escaped when initially inserted into the database is subsequently read from the database and then passed back to it again. Quotation marks that have been doubled up initially will return to their original form when the data is reused, allowing the defense to be bypassed.
Another often cited defense is to use stored procedures for database access. While stored procedures can provide security benefits, they are not guaranteed to prevent SQL injection attacks. The same kinds of vulnerabilities that arise within standard dynamic SQL queries can arise if any SQL is dynamically constructed within stored procedures. Further, even if the procedure is sound, SQL injection can arise if the procedure is invoked in an unsafe manner using user-controllable data.
The ki_t cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the ki_t cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.
Remediation detail
There is probably no need to perform a second URL-decode of the value of the ki_t cookie as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.
Request 1
GET / HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.bing.com/search?q=www.analyticspros.com&src=IE-SearchBox&Form=IE8SRC Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11%2527; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 1
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 03:52:24 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 Connection: close Content-Type: text/html Content-Length: 76
Database Error: Unable to connect to the database:Could not connect to MySQL
Request 2
GET / HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.bing.com/search?q=www.analyticspros.com&src=IE-SearchBox&Form=IE8SRC Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11%2527%2527; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 2
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 03:52:26 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Expires: Mon, 1 Jan 2001 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 03:52:27 GMT; path=/ Last-Modified: Sat, 06 Nov 2010 03:52:27 GMT Connection: close Content-Type: text/html; charset=utf-8 Content-Length: 30611
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The User-Agent HTTP header appears to be vulnerable to SQL injection attacks. A single quote was submitted in the User-Agent HTTP header, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
Request 1
GET /about/ HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)' Connection: close Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 1
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 07:37:55 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 Connection: close Content-Type: text/html Content-Length: 76
Database Error: Unable to connect to the database:Could not connect to MySQL
Request 2
GET /about/ HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)'' Connection: close Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 2
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 07:37:56 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Connection: close Content-Type: text/html Content-Length: 326
<br /> <b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: User apros_apros already has more than 'max_user_connections' active connections in <b>/home/apro ...[SNIP]...
The Referer HTTP header appears to be vulnerable to SQL injection attacks. A single quote was submitted in the Referer HTTP header, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.
Remediation detail
There is probably no need to perform a second URL-decode of the value of the Referer HTTP header as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.
Request 1
GET /administrator/ HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.google.com/search?hl=en&q=%2527 Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 1
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 05:09:13 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 Connection: close Content-Type: text/html Content-Length: 76
Database Error: Unable to connect to the database:Could not connect to MySQL
Request 2
GET /administrator/ HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.google.com/search?hl=en&q=%2527%2527 Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 2
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 05:09:14 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Expires: Mon, 1 Jan 2001 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: 1ee73a388da0bb7ec3d7afe3beccac53=93b4d0d3c5817b851bdd0e6edb426ad7; path=/ Last-Modified: Sat, 06 Nov 2010 05:09:15 GMT Connection: close Content-Type: text/html; charset=utf-8 Content-Length: 4718
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" dir=" ...[SNIP]...
The REST URL parameter 3 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 3, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.
Remediation detail
There is probably no need to perform a second URL-decode of the value of REST URL parameter 3 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.
Request 1
GET /administrator/templates/khepri%2527/favicon.ico HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/administrator/ Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; 7876d45a49f537da76cfb9e129203eee=17d32965e1c37afc808ffaa1ef2087ef; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;
Response 1
HTTP/1.1 404 Component not found Date: Sat, 06 Nov 2010 08:26:08 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Expires: Mon, 1 Jan 2001 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Last-Modified: Sat, 06 Nov 2010 08:26:11 GMT Connection: close Content-Type: text/html; charset=utf-8 Content-Length: 3015
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" dir=" ...[SNIP]... <title>404 - Error: 404</title> ...[SNIP]...
Request 2
GET /administrator/templates/khepri%2527%2527/favicon.ico HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/administrator/ Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; 7876d45a49f537da76cfb9e129203eee=17d32965e1c37afc808ffaa1ef2087ef; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;
Response 2
HTTP/1.1 404 Not Found Date: Sat, 06 Nov 2010 08:26:12 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Connection: close Content-Type: text/html Content-Length: 326
<br /> <b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: User apros_apros already has more than 'max_user_connections' active connections in <b>/home/apro ...[SNIP]...
The __utmmobile cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the __utmmobile cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.
Remediation detail
There is probably no need to perform a second URL-decode of the value of the __utmmobile cookie as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.
Request 1
GET /blog.html?utm_source=members-list&utm_medium=email&utm_campaign=monday-QnA&utm_link=main-promo-link HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog/55-googleanalytics/117-campaign-tracking-with-google-analytics-email-banners-and-more.html Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c%2527; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 1
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 08:17:51 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Expires: Mon, 1 Jan 2001 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 08:17:52 GMT; path=/ Last-Modified: Sat, 06 Nov 2010 08:17:52 GMT Connection: close Content-Type: text/html; charset=utf-8 Content-Length: 30159
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The apros2.0_tpl cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the apros2.0_tpl cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Fri, 05 Nov 2010 23:44:02 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Content-Type: text/html Content-Length: 326
<br /> <b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: User apros_apros already has more than 'max_user_connections' active connections in <b>/home/apro ...[SNIP]...
1.7. http://www.analyticspros.com/blog.html [name of an arbitrarily supplied request parameter]previousnext
Summary
Severity:
High
Confidence:
Tentative
Host:
http://www.analyticspros.com
Path:
/blog.html
Issue detail
The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the name of an arbitrarily supplied request parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The optimizelyEndUserId cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the optimizelyEndUserId cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 08:05:34 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Content-Type: text/html Content-Length: 326
<br /> <b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: User apros_apros already has more than 'max_user_connections' active connections in <b>/home/apro ...[SNIP]...
The utm_campaign parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the utm_campaign parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
Request 1
GET /blog.html?utm_source=members-list&utm_medium=email&utm_campaign=monday-QnA'&utm_link=main-promo-link HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog/55-googleanalytics/117-campaign-tracking-with-google-analytics-email-banners-and-more.html Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 1
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 08:06:53 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 Connection: close Content-Type: text/html Content-Length: 76
Database Error: Unable to connect to the database:Could not connect to MySQL
Request 2
GET /blog.html?utm_source=members-list&utm_medium=email&utm_campaign=monday-QnA''&utm_link=main-promo-link HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog/55-googleanalytics/117-campaign-tracking-with-google-analytics-email-banners-and-more.html Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 2
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 08:06:53 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Expires: Mon, 1 Jan 2001 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 08:06:56 GMT; path=/ Last-Modified: Sat, 06 Nov 2010 08:06:57 GMT Connection: close Content-Type: text/html; charset=utf-8 Content-Length: 30090
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The utm_source parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the utm_source parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.
Remediation detail
There is probably no need to perform a second URL-decode of the value of the utm_source request parameter as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.
Request 1
GET /blog.html?utm_source=members-list%2527&utm_medium=email&utm_campaign=monday-QnA&utm_link=main-promo-link HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog/55-googleanalytics/117-campaign-tracking-with-google-analytics-email-banners-and-more.html Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 1
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 08:04:38 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 Connection: close Content-Type: text/html Content-Length: 76
Database Error: Unable to connect to the database:Could not connect to MySQL
Request 2
GET /blog.html?utm_source=members-list%2527%2527&utm_medium=email&utm_campaign=monday-QnA&utm_link=main-promo-link HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog/55-googleanalytics/117-campaign-tracking-with-google-analytics-email-banners-and-more.html Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 2
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 08:04:39 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Expires: Mon, 1 Jan 2001 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 08:04:42 GMT; path=/ Last-Modified: Sat, 06 Nov 2010 08:04:42 GMT Connection: close Content-Type: text/html; charset=utf-8 Content-Length: 30094
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The __utma cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the __utma cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.
Remediation detail
There is probably no need to perform a second URL-decode of the value of the __utma cookie as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.
Request 1
GET /blog/55-googleanalytics.html HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog/55-googleanalytics/115-analytics-toolbar-for-dma-known-issues.html?itemid=70#comment Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1%2527; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 1
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 07:22:14 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 Connection: close Content-Type: text/html Content-Length: 76
Database Error: Unable to connect to the database:Could not connect to MySQL
Request 2
GET /blog/55-googleanalytics.html HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog/55-googleanalytics/115-analytics-toolbar-for-dma-known-issues.html?itemid=70#comment Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1%2527%2527; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 2
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 07:22:16 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Connection: close Content-Type: text/html Content-Length: 326
<br /> <b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: User apros_apros already has more than 'max_user_connections' active connections in <b>/home/apro ...[SNIP]...
The __utmc cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the __utmc cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
Request 1
GET /blog/55-googleanalytics.html HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog/55-googleanalytics/115-analytics-toolbar-for-dma-known-issues.html?itemid=70#comment Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141'; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 1
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 07:23:38 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 Connection: close Content-Type: text/html Content-Length: 76
Database Error: Unable to connect to the database:Could not connect to MySQL
Request 2
GET /blog/55-googleanalytics.html HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog/55-googleanalytics/115-analytics-toolbar-for-dma-known-issues.html?itemid=70#comment Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141''; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 2
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 07:23:39 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Expires: Mon, 1 Jan 2001 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 07:23:41 GMT; path=/ Last-Modified: Sat, 06 Nov 2010 07:23:41 GMT Connection: close Content-Type: text/html; charset=utf-8 Content-Length: 28572
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The apros2.0_tpl cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the apros2.0_tpl cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.
Remediation detail
There is probably no need to perform a second URL-decode of the value of the apros2.0_tpl cookie as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.
Request 1
GET /blog/55-googleanalytics/ HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0%2527; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 1
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 04:14:15 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 Connection: close Content-Type: text/html Content-Length: 76
Database Error: Unable to connect to the database:Could not connect to MySQL
Request 2
GET /blog/55-googleanalytics/ HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0%2527%2527; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 2
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 04:14:15 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Connection: close Content-Type: text/html Content-Length: 326
<br /> <b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: User apros_apros already has more than 'max_user_connections' active connections in <b>/home/apro ...[SNIP]...
The ki_u cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the ki_u cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.
Remediation detail
There is probably no need to perform a second URL-decode of the value of the ki_u cookie as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.
Request 1
GET /blog/55-googleanalytics/ HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a%2527; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 1
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 04:17:41 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 Connection: close Content-Type: text/html Content-Length: 76
Database Error: Unable to connect to the database:Could not connect to MySQL
Request 2
GET /blog/55-googleanalytics/ HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a%2527%2527; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 2
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 04:17:41 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Expires: Mon, 1 Jan 2001 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 04:17:43 GMT; path=/ Last-Modified: Sat, 06 Nov 2010 04:17:43 GMT Connection: close Content-Type: text/html; charset=utf-8 Content-Length: 28432
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
1.15. http://www.analyticspros.com/blog/55-googleanalytics/ [name of an arbitrarily supplied request parameter]previousnext
Summary
Severity:
High
Confidence:
Tentative
Host:
http://www.analyticspros.com
Path:
/blog/55-googleanalytics/
Issue detail
The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the name of an arbitrarily supplied request parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.
Remediation detail
There is probably no need to perform a second URL-decode of the name of an arbitrarily supplied request parameter as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.
Request 1
GET /blog/55-googleanalytics/?1%2527=1 HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 1
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 04:21:44 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 Connection: close Content-Type: text/html Content-Length: 76
Database Error: Unable to connect to the database:Could not connect to MySQL
Request 2
GET /blog/55-googleanalytics/?1%2527%2527=1 HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 2
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 04:21:44 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Expires: Mon, 1 Jan 2001 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 04:21:48 GMT; path=/ Last-Modified: Sat, 06 Nov 2010 04:21:48 GMT Connection: close Content-Type: text/html; charset=utf-8 Content-Length: 28549
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The optimizelyBuckets cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the optimizelyBuckets cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
Request 1
GET /blog/55-googleanalytics/ HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D'; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 1
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 04:18:29 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 Connection: close Content-Type: text/html Content-Length: 76
Database Error: Unable to connect to the database:Could not connect to MySQL
Request 2
GET /blog/55-googleanalytics/ HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D''; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 2
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 04:18:30 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Expires: Mon, 1 Jan 2001 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 04:18:32 GMT; path=/ Last-Modified: Sat, 06 Nov 2010 04:18:32 GMT Connection: close Content-Type: text/html; charset=utf-8 Content-Length: 28432
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 1, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.
Remediation detail
There is probably no need to perform a second URL-decode of the value of REST URL parameter 1 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.
Request 1
GET /blog%2527/55-googleanalytics/100-google-analytics-training-toronto-emetrics-2010.html HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 1
HTTP/1.1 404 Component not found Date: Sat, 06 Nov 2010 06:51:03 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Expires: Mon, 1 Jan 2001 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Last-Modified: Sat, 06 Nov 2010 06:51:06 GMT Connection: close Content-Type: text/html; charset=utf-8 Content-Length: 3015
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" dir=" ...[SNIP]... <title>404 - Error: 404</title> ...[SNIP]...
Request 2
GET /blog%2527%2527/55-googleanalytics/100-google-analytics-training-toronto-emetrics-2010.html HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 2
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 06:51:07 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Connection: close Content-Type: text/html Content-Length: 326
<br /> <b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: User apros_apros already has more than 'max_user_connections' active connections in <b>/home/apro ...[SNIP]...
The User-Agent HTTP header appears to be vulnerable to SQL injection attacks. A single quote was submitted in the User-Agent HTTP header, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.
Remediation detail
There is probably no need to perform a second URL-decode of the value of the User-Agent HTTP header as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.
Request 1
GET /blog/55-googleanalytics/100-google-analytics-training-toronto-emetrics-2010.html?itemid=70#comment HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)%2527 Connection: close Referer: http://www.analyticspros.com/blog.html?start=10 Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 1
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 06:52:57 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 Connection: close Content-Type: text/html Content-Length: 76
Database Error: Unable to connect to the database:Could not connect to MySQL
Request 2
GET /blog/55-googleanalytics/100-google-analytics-training-toronto-emetrics-2010.html?itemid=70#comment HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)%2527%2527 Connection: close Referer: http://www.analyticspros.com/blog.html?start=10 Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 2
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 06:52:58 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Connection: close Content-Type: text/html Content-Length: 326
<br /> <b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: User apros_apros already has more than 'max_user_connections' active connections in <b>/home/apro ...[SNIP]...
The __utmb cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the __utmb cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
Request 1
GET /blog/55-googleanalytics/100-google-analytics-training-toronto-emetrics-2010.html HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937'; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 1
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 06:44:55 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 Connection: close Content-Type: text/html Content-Length: 76
Database Error: Unable to connect to the database:Could not connect to MySQL
Request 2
GET /blog/55-googleanalytics/100-google-analytics-training-toronto-emetrics-2010.html HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937''; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 2
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 06:44:57 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Expires: Mon, 1 Jan 2001 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 06:45:00 GMT; path=/ Last-Modified: Sat, 06 Nov 2010 06:45:00 GMT Connection: close Content-Type: text/html; charset=utf-8 Content-Length: 22044
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 2, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.
Remediation detail
There is probably no need to perform a second URL-decode of the value of REST URL parameter 2 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.
Request 1
GET /blog/55-googleanalytics%2527/103-google-analytics-opt-out-feature.html?itemid=70#comment HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog.html?start=10 Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 1
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 06:54:14 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 Connection: close Content-Type: text/html Content-Length: 76
Database Error: Unable to connect to the database:Could not connect to MySQL
Request 2
GET /blog/55-googleanalytics%2527%2527/103-google-analytics-opt-out-feature.html?itemid=70#comment HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog.html?start=10 Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 2
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 06:54:17 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Expires: Mon, 1 Jan 2001 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 06:54:30 GMT; path=/ Last-Modified: Sat, 06 Nov 2010 06:54:30 GMT Connection: close Content-Type: text/html; charset=utf-8 Content-Length: 33652
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The __utmc cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the __utmc cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.
Remediation detail
There is probably no need to perform a second URL-decode of the value of the __utmc cookie as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.
Request 1
GET /blog/55-googleanalytics/103-google-analytics-opt-out-feature.html?itemid=70#comment HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog.html?start=10 Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141%2527; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 1
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 06:41:32 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 Connection: close Content-Type: text/html Content-Length: 76
Database Error: Unable to connect to the database:Could not connect to MySQL
Request 2
GET /blog/55-googleanalytics/103-google-analytics-opt-out-feature.html?itemid=70#comment HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog.html?start=10 Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141%2527%2527; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 2
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 06:41:33 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Connection: close Content-Type: text/html Content-Length: 326
<br /> <b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: User apros_apros already has more than 'max_user_connections' active connections in <b>/home/apro ...[SNIP]...
The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 2, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
Request 1
GET /blog/55-googleanalytics'/106-google-analytics-health-check.html HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 1
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 07:03:27 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 Connection: close Content-Type: text/html Content-Length: 76
Database Error: Unable to connect to the database:Could not connect to MySQL
Request 2
GET /blog/55-googleanalytics''/106-google-analytics-health-check.html HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 2
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 07:03:28 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Expires: Mon, 1 Jan 2001 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 07:03:31 GMT; path=/ Last-Modified: Sat, 06 Nov 2010 07:03:31 GMT Connection: close Content-Type: text/html; charset=utf-8 Content-Length: 26170
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The apros2.0_tpl cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the apros2.0_tpl cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
Request 1
GET /blog/55-googleanalytics/106-google-analytics-health-check.html HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0'; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 1
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 06:52:58 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 Connection: close Content-Type: text/html Content-Length: 76
Database Error: Unable to connect to the database:Could not connect to MySQL
Request 2
GET /blog/55-googleanalytics/106-google-analytics-health-check.html HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0''; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 2
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 06:52:58 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Expires: Mon, 1 Jan 2001 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 06:53:02 GMT; path=/ Last-Modified: Sat, 06 Nov 2010 06:53:02 GMT Connection: close Content-Type: text/html; charset=utf-8 Content-Length: 26145
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
1.24. http://www.analyticspros.com/blog/55-googleanalytics/109-google-analytics-training-san-jose-2010.html [name of an arbitrarily supplied request parameter]previousnext
The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the name of an arbitrarily supplied request parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The application attempts to block SQL injection attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) before the characters that are being blocked.
Remediation detail
NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.
Request 1
GET /blog/55-googleanalytics/109-google-analytics-training-san-jose-2010.html?itemid=70#comment&1%00'=1 HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog.html?start=5 Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 1
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 07:01:52 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 Connection: close Content-Type: text/html Content-Length: 76
Database Error: Unable to connect to the database:Could not connect to MySQL
Request 2
GET /blog/55-googleanalytics/109-google-analytics-training-san-jose-2010.html?itemid=70#comment&1%00''=1 HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog.html?start=5 Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 2
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 07:01:53 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Expires: Mon, 1 Jan 2001 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 07:01:54 GMT; path=/ Last-Modified: Sat, 06 Nov 2010 07:01:54 GMT Connection: close Content-Type: text/html; charset=utf-8 Content-Length: 21090
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The ki_u cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the ki_u cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.
Remediation detail
There is probably no need to perform a second URL-decode of the value of the ki_u cookie as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.
Request 1
GET /blog/55-googleanalytics/113-domain-hostname-content-reports.html?itemid=70#comment HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog.html?start=5 Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a%2527; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 1
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 06:57:06 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 Connection: close Content-Type: text/html Content-Length: 76
Database Error: Unable to connect to the database:Could not connect to MySQL
Request 2
GET /blog/55-googleanalytics/113-domain-hostname-content-reports.html?itemid=70#comment HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog.html?start=5 Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a%2527%2527; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 2
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 06:57:07 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Expires: Mon, 1 Jan 2001 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 06:57:11 GMT; path=/ Last-Modified: Sat, 06 Nov 2010 06:57:11 GMT Connection: close Content-Type: text/html; charset=utf-8 Content-Length: 39325
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The Referer HTTP header appears to be vulnerable to SQL injection attacks. A single quote was submitted in the Referer HTTP header, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The application attempts to block SQL injection attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) before the characters that are being blocked.
Remediation detail
NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.
Request 1
GET /blog/55-googleanalytics/114-share-advanced-segment-google-analytics.html HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; Referer: http://www.google.com/search?hl=en&q=%00'
Response 1
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 06:57:38 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 Connection: close Content-Type: text/html Content-Length: 76
Database Error: Unable to connect to the database:Could not connect to MySQL
Request 2
GET /blog/55-googleanalytics/114-share-advanced-segment-google-analytics.html HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; Referer: http://www.google.com/search?hl=en&q=%00''
Response 2
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 06:57:39 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Connection: close Content-Type: text/html Content-Length: 326
<br /> <b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: User apros_apros already has more than 'max_user_connections' active connections in <b>/home/apro ...[SNIP]...
The __utmc cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the __utmc cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
Request 1
GET /blog/55-googleanalytics/122-traning-workshop-washington-dc-2010.html HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141'; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 1
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 06:37:01 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 Connection: close Content-Type: text/html Content-Length: 76
Database Error: Unable to connect to the database:Could not connect to MySQL
Request 2
GET /blog/55-googleanalytics/122-traning-workshop-washington-dc-2010.html HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141''; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 2
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 06:37:03 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Expires: Mon, 1 Jan 2001 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 06:37:04 GMT; path=/ Last-Modified: Sat, 06 Nov 2010 06:37:04 GMT Connection: close Content-Type: text/html; charset=utf-8 Content-Length: 26022
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 2, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
Request 1
GET /blog/55-googleanalytics'/60-ga-extended-segments-part-1.html?itemid=70#comment HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog.html?start=30 Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;
Response 1
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 07:19:56 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 Connection: close Content-Type: text/html Content-Length: 76
Database Error: Unable to connect to the database:Could not connect to MySQL
Request 2
GET /blog/55-googleanalytics''/60-ga-extended-segments-part-1.html?itemid=70#comment HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog.html?start=30 Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;
Response 2
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 07:19:58 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Expires: Mon, 1 Jan 2001 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 07:19:59 GMT; path=/ Last-Modified: Sat, 06 Nov 2010 07:19:59 GMT Connection: close Content-Type: text/html; charset=utf-8 Content-Length: 28840
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The __utmmobile cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the __utmmobile cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.
Remediation detail
There is probably no need to perform a second URL-decode of the value of the __utmmobile cookie as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.
Request 1
GET /blog/55-googleanalytics/60-ga-extended-segments-part-1.html?itemid=70#comment HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog.html?start=30 Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c%2527;
Response 1
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 07:14:19 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 Connection: close Content-Type: text/html Content-Length: 76
Database Error: Unable to connect to the database:Could not connect to MySQL
Request 2
GET /blog/55-googleanalytics/60-ga-extended-segments-part-1.html?itemid=70#comment HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog.html?start=30 Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c%2527%2527;
Response 2
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 07:14:19 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Expires: Mon, 1 Jan 2001 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 07:14:22 GMT; path=/ Last-Modified: Sat, 06 Nov 2010 07:14:22 GMT Connection: close Content-Type: text/html; charset=utf-8 Content-Length: 28830
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The optimizelyEndUserId cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the optimizelyEndUserId cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.
Remediation detail
There is probably no need to perform a second URL-decode of the value of the optimizelyEndUserId cookie as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.
Request 1
GET /blog/55-googleanalytics/60-ga-extended-segments-part-1.html HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169%2527; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;
Response 1
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 07:03:23 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 Connection: close Content-Type: text/html Content-Length: 76
Database Error: Unable to connect to the database:Could not connect to MySQL
Request 2
GET /blog/55-googleanalytics/60-ga-extended-segments-part-1.html HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169%2527%2527; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;
Response 2
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 07:03:24 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Connection: close Content-Type: text/html Content-Length: 326
<br /> <b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: User apros_apros already has more than 'max_user_connections' active connections in <b>/home/apro ...[SNIP]...
The __utmb cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the __utmb cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
Request 1
GET /blog/55-googleanalytics/63-kintiskton-llc-in-google-analytics.html?itemid=70#comment HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog.html?start=30 Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937'; __utmmobile=0xade0ac5896f84b3c;
Response 1
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 07:11:48 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 Connection: close Content-Type: text/html Content-Length: 76
Database Error: Unable to connect to the database:Could not connect to MySQL
Request 2
GET /blog/55-googleanalytics/63-kintiskton-llc-in-google-analytics.html?itemid=70#comment HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog.html?start=30 Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937''; __utmmobile=0xade0ac5896f84b3c;
Response 2
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 07:11:48 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Expires: Mon, 1 Jan 2001 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 07:11:49 GMT; path=/ Last-Modified: Sat, 06 Nov 2010 07:11:50 GMT Connection: close Content-Type: text/html; charset=utf-8 Content-Length: 35356
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The __utmz cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the __utmz cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.
Remediation detail
There is probably no need to perform a second URL-decode of the value of the __utmz cookie as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.
Request 1
GET /blog/55-googleanalytics/63-kintiskton-llc-in-google-analytics.html HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)%2527; 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;
Response 1
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 07:00:15 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 Connection: close Content-Type: text/html Content-Length: 76
Database Error: Unable to connect to the database:Could not connect to MySQL
Request 2
GET /blog/55-googleanalytics/63-kintiskton-llc-in-google-analytics.html HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)%2527%2527; 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;
Response 2
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 07:00:16 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Connection: close Content-Type: text/html Content-Length: 326
<br /> <b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: User apros_apros already has more than 'max_user_connections' active connections in <b>/home/apro ...[SNIP]...
The itemid parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the itemid parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The application attempts to block SQL injection attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) before the characters that are being blocked.
Remediation detail
NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.
Request 1
GET /blog/55-googleanalytics/63-kintiskton-llc-in-google-analytics.html?itemid=70#comment%00' HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog.html?start=30 Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;
Response 1
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 06:58:32 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 Connection: close Content-Type: text/html Content-Length: 76
Database Error: Unable to connect to the database:Could not connect to MySQL
Request 2
GET /blog/55-googleanalytics/63-kintiskton-llc-in-google-analytics.html?itemid=70#comment%00'' HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog.html?start=30 Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;
Response 2
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 06:58:33 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Connection: close Content-Type: text/html Content-Length: 326
<br /> <b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: User apros_apros already has more than 'max_user_connections' active connections in <b>/home/apro ...[SNIP]...
The __utmmobile cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the __utmmobile cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
Request 1
GET /blog/55-googleanalytics/68-unobfuscate-gajs-file.html HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c';
Response 1
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 07:07:38 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 Connection: close Content-Type: text/html Content-Length: 76
Database Error: Unable to connect to the database:Could not connect to MySQL
Request 2
GET /blog/55-googleanalytics/68-unobfuscate-gajs-file.html HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c'';
Response 2
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 07:07:40 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Expires: Mon, 1 Jan 2001 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 07:07:41 GMT; path=/ Last-Modified: Sat, 06 Nov 2010 07:07:41 GMT Connection: close Content-Type: text/html; charset=utf-8 Content-Length: 21212
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The ki_t cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the ki_t cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
Request 1
GET /blog/55-googleanalytics/68-unobfuscate-gajs-file.html HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11'; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;
Response 1
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 06:58:04 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 Connection: close Content-Type: text/html Content-Length: 76
Database Error: Unable to connect to the database:Could not connect to MySQL
Request 2
GET /blog/55-googleanalytics/68-unobfuscate-gajs-file.html HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11''; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;
Response 2
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 06:58:06 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Connection: close Content-Type: text/html Content-Length: 326
<br /> <b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: User apros_apros already has more than 'max_user_connections' active connections in <b>/home/apro ...[SNIP]...
The __utma cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the __utma cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.
Remediation detail
There is probably no need to perform a second URL-decode of the value of the __utma cookie as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.
Request 1
GET /blog/55-googleanalytics/77-refresh-rate-content-metric.html HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1%2527; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;
Response 1
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 07:01:58 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Expires: Mon, 1 Jan 2001 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 07:01:59 GMT; path=/ Last-Modified: Sat, 06 Nov 2010 07:01:59 GMT Connection: close Content-Type: text/html; charset=utf-8 Content-Length: 27914
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
< ...[SNIP]... <h2>Finding the proverbial Needle in the Haystack</h2> ...[SNIP]...
Request 2
GET /blog/55-googleanalytics/77-refresh-rate-content-metric.html HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1%2527%2527; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;
Response 2
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 07:02:00 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Connection: close Content-Type: text/html Content-Length: 326
<br /> <b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: User apros_apros already has more than 'max_user_connections' active connections in <b>/home/apro ...[SNIP]...
The d4dad6935f632ac35975e3001dc7bbe8 cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the d4dad6935f632ac35975e3001dc7bbe8 cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.
Remediation detail
There is probably no need to perform a second URL-decode of the value of the d4dad6935f632ac35975e3001dc7bbe8 cookie as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.
Request 1
GET /blog/55-googleanalytics/77-refresh-rate-content-metric.html?itemid=70#comment HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog.html?start=25 Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb%2527; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;
Response 1
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 06:54:39 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 Connection: close Content-Type: text/html Content-Length: 76
Database Error: Unable to connect to the database:Could not connect to MySQL
Request 2
GET /blog/55-googleanalytics/77-refresh-rate-content-metric.html?itemid=70#comment HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog.html?start=25 Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb%2527%2527; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;
Response 2
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 06:54:40 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Connection: close Content-Type: text/html Content-Length: 326
<br /> <b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: User apros_apros already has more than 'max_user_connections' active connections in <b>/home/apro ...[SNIP]...
The __utma cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the __utma cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
Request 1
GET /blog/55-googleanalytics/79-google-analytincs-training-emetrics-dc-2009.html HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1'; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;
Response 1
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 06:59:06 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 Connection: close Content-Type: text/html Content-Length: 76
Database Error: Unable to connect to the database:Could not connect to MySQL
Request 2
GET /blog/55-googleanalytics/79-google-analytincs-training-emetrics-dc-2009.html HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1''; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;
Response 2
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 06:59:07 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Connection: close Content-Type: text/html Content-Length: 326
<br /> <b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: User apros_apros already has more than 'max_user_connections' active connections in <b>/home/apro ...[SNIP]...
The fpssCookie cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the fpssCookie cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.
Remediation detail
There is probably no need to perform a second URL-decode of the value of the fpssCookie cookie as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.
Request 1
GET /blog/55-googleanalytics/79-google-analytincs-training-emetrics-dc-2009.html HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true%2527; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;
Response 1
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 06:52:43 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 Connection: close Content-Type: text/html Content-Length: 76
Database Error: Unable to connect to the database:Could not connect to MySQL
Request 2
GET /blog/55-googleanalytics/79-google-analytincs-training-emetrics-dc-2009.html HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true%2527%2527; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;
Response 2
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 06:52:44 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Expires: Mon, 1 Jan 2001 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 06:52:48 GMT; path=/ Last-Modified: Sat, 06 Nov 2010 06:52:48 GMT Connection: close Content-Type: text/html; charset=utf-8 Content-Length: 21758
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The __utmmobile cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the __utmmobile cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.
Remediation detail
There is probably no need to perform a second URL-decode of the value of the __utmmobile cookie as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.
Request 1
GET /blog/55-googleanalytics/86-google-analytics-intelligence.html HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c%2527;
Response 1
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 07:09:51 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 Connection: close Content-Type: text/html Content-Length: 76
Database Error: Unable to connect to the database:Could not connect to MySQL
Request 2
GET /blog/55-googleanalytics/86-google-analytics-intelligence.html HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c%2527%2527;
Response 2
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 07:09:53 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Expires: Mon, 1 Jan 2001 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 07:09:56 GMT; path=/ Last-Modified: Sat, 06 Nov 2010 07:09:56 GMT Connection: close Content-Type: text/html; charset=utf-8 Content-Length: 21634
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The 1ee73a388da0bb7ec3d7afe3beccac53 cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the 1ee73a388da0bb7ec3d7afe3beccac53 cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.
Remediation detail
There is probably no need to perform a second URL-decode of the value of the 1ee73a388da0bb7ec3d7afe3beccac53 cookie as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.
Request 1
GET /blog/55-googleanalytics/89-dont-kill-the-messenger.html HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00%2527; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;
Response 1
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 06:59:17 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 Connection: close Content-Type: text/html Content-Length: 76
Database Error: Unable to connect to the database:Could not connect to MySQL
Request 2
GET /blog/55-googleanalytics/89-dont-kill-the-messenger.html HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00%2527%2527; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;
Response 2
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 06:59:18 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Expires: Mon, 1 Jan 2001 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 06:59:20 GMT; path=/ Last-Modified: Sat, 06 Nov 2010 06:59:20 GMT Connection: close Content-Type: text/html; charset=utf-8 Content-Length: 23610
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 2, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
Request 1
GET /blog/55-googleanalytics'/91-google-analytics-cookies-and-domains.html HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;
Response 1
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 07:14:16 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 Connection: close Content-Type: text/html Content-Length: 76
Database Error: Unable to connect to the database:Could not connect to MySQL
Request 2
GET /blog/55-googleanalytics''/91-google-analytics-cookies-and-domains.html HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;
Response 2
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 07:14:17 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Expires: Mon, 1 Jan 2001 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 07:14:19 GMT; path=/ Last-Modified: Sat, 06 Nov 2010 07:14:20 GMT Connection: close Content-Type: text/html; charset=utf-8 Content-Length: 51606
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The User-Agent HTTP header appears to be vulnerable to SQL injection attacks. A single quote was submitted in the User-Agent HTTP header, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
Request 1
GET /blog/55-googleanalytics/91-google-analytics-cookies-and-domains.html?itemid=70#comment HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)' Connection: close Referer: http://www.analyticspros.com/blog.html?start=20 Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;
Response 1
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 07:12:24 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 Connection: close Content-Type: text/html Content-Length: 76
Database Error: Unable to connect to the database:Could not connect to MySQL
Request 2
GET /blog/55-googleanalytics/91-google-analytics-cookies-and-domains.html?itemid=70#comment HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)'' Connection: close Referer: http://www.analyticspros.com/blog.html?start=20 Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;
Response 2
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 07:12:26 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Expires: Mon, 1 Jan 2001 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 07:12:26 GMT; path=/ Last-Modified: Sat, 06 Nov 2010 07:12:26 GMT Connection: close Content-Type: text/html; charset=utf-8 Content-Length: 51710
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The __utmz cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the __utmz cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
Request 1
GET /blog/55-googleanalytics/91-google-analytics-cookies-and-domains.html?itemid=70#comment HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog.html?start=20 Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)'; 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;
Response 1
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 06:58:33 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 Connection: close Content-Type: text/html Content-Length: 76
Database Error: Unable to connect to the database:Could not connect to MySQL
Request 2
GET /blog/55-googleanalytics/91-google-analytics-cookies-and-domains.html?itemid=70#comment HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog.html?start=20 Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)''; 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;
Response 2
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 06:58:33 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Connection: close Content-Type: text/html Content-Length: 326
<br /> <b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: User apros_apros already has more than 'max_user_connections' active connections in <b>/home/apro ...[SNIP]...
The ki_t cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the ki_t cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.
Remediation detail
There is probably no need to perform a second URL-decode of the value of the ki_t cookie as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.
Request 1
GET /blog/55-googleanalytics/91-google-analytics-cookies-and-domains.html HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11%2527; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;
Response 1
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 06:58:40 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 Connection: close Content-Type: text/html Content-Length: 76
Database Error: Unable to connect to the database:Could not connect to MySQL
Request 2
GET /blog/55-googleanalytics/91-google-analytics-cookies-and-domains.html HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11%2527%2527; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;
Response 2
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 06:58:40 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Expires: Mon, 1 Jan 2001 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 06:58:43 GMT; path=/ Last-Modified: Sat, 06 Nov 2010 06:58:43 GMT Connection: close Content-Type: text/html; charset=utf-8 Content-Length: 51581
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The __utma cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the __utma cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
Request 1
GET /blog/55-googleanalytics/93-dimensionator-google-analytics-dimensions.html HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1'; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;
Response 1
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 06:55:41 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 Connection: close Content-Type: text/html Content-Length: 76
Database Error: Unable to connect to the database:Could not connect to MySQL
Request 2
GET /blog/55-googleanalytics/93-dimensionator-google-analytics-dimensions.html HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1''; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;
Response 2
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 06:55:42 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Connection: close Content-Type: text/html Content-Length: 326
<br /> <b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: User apros_apros already has more than 'max_user_connections' active connections in <b>/home/apro ...[SNIP]...
The __utmb cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the __utmb cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
Request 1
GET /blog/55-googleanalytics/93-dimensionator-google-analytics-dimensions.html HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937'; __utmmobile=0xade0ac5896f84b3c;
Response 1
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 06:59:15 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 Connection: close Content-Type: text/html Content-Length: 76
Database Error: Unable to connect to the database:Could not connect to MySQL
Request 2
GET /blog/55-googleanalytics/93-dimensionator-google-analytics-dimensions.html HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937''; __utmmobile=0xade0ac5896f84b3c;
Response 2
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 06:59:15 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Connection: close Content-Type: text/html Content-Length: 326
<br /> <b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: User apros_apros already has more than 'max_user_connections' active connections in <b>/home/apro ...[SNIP]...
The apros2.0_tpl cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the apros2.0_tpl cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
Request 1
GET /blog/55-googleanalytics/93-dimensionator-google-analytics-dimensions.html HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; apros2.0_tpl=apros2.0'; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;
Response 1
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 06:56:45 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 Connection: close Content-Type: text/html Content-Length: 76
Database Error: Unable to connect to the database:Could not connect to MySQL
Request 2
GET /blog/55-googleanalytics/93-dimensionator-google-analytics-dimensions.html HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; apros2.0_tpl=apros2.0''; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;
Response 2
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 06:56:45 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Connection: close Content-Type: text/html Content-Length: 326
<br /> <b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: User apros_apros already has more than 'max_user_connections' active connections in <b>/home/apro ...[SNIP]...
The d4dad6935f632ac35975e3001dc7bbe8 cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the d4dad6935f632ac35975e3001dc7bbe8 cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.
Remediation detail
There is probably no need to perform a second URL-decode of the value of the d4dad6935f632ac35975e3001dc7bbe8 cookie as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.
Request 1
GET /blog/55-googleanalytics/93-dimensionator-google-analytics-dimensions.html HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb%2527; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;
Response 1
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 06:48:14 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 Connection: close Content-Type: text/html Content-Length: 76
Database Error: Unable to connect to the database:Could not connect to MySQL
Request 2
GET /blog/55-googleanalytics/93-dimensionator-google-analytics-dimensions.html HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb%2527%2527; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;
Response 2
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 06:48:15 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Expires: Mon, 1 Jan 2001 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 06:48:17 GMT; path=/ Last-Modified: Sat, 06 Nov 2010 06:48:17 GMT Connection: close Content-Type: text/html; charset=utf-8 Content-Length: 37445
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The 1ee73a388da0bb7ec3d7afe3beccac53 cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the 1ee73a388da0bb7ec3d7afe3beccac53 cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
Request 1
GET /blog/55-googleanalytics/95-more-dimensions-site-search-source-medium.html?itemid=70#comment HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog.html?start=15 Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00'; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;
Response 1
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 06:52:27 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 Connection: close Content-Type: text/html Content-Length: 76
Database Error: Unable to connect to the database:Could not connect to MySQL
Request 2
GET /blog/55-googleanalytics/95-more-dimensions-site-search-source-medium.html?itemid=70#comment HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog.html?start=15 Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00''; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;
Response 2
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 06:52:27 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Connection: close Content-Type: text/html Content-Length: 326
<br /> <b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: User apros_apros already has more than 'max_user_connections' active connections in <b>/home/apro ...[SNIP]...
The apros2.0_tpl cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the apros2.0_tpl cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.
Remediation detail
There is probably no need to perform a second URL-decode of the value of the apros2.0_tpl cookie as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.
Request 1
GET /blog/55-googleanalytics/95-more-dimensions-site-search-source-medium.html?itemid=70#comment HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog.html?start=15 Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; apros2.0_tpl=apros2.0%2527; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;
Response 1
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 06:59:36 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 Connection: close Content-Type: text/html Content-Length: 76
Database Error: Unable to connect to the database:Could not connect to MySQL
Request 2
GET /blog/55-googleanalytics/95-more-dimensions-site-search-source-medium.html?itemid=70#comment HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog.html?start=15 Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; apros2.0_tpl=apros2.0%2527%2527; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;
Response 2
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 06:59:37 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Expires: Mon, 1 Jan 2001 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 06:59:39 GMT; path=/ Last-Modified: Sat, 06 Nov 2010 06:59:39 GMT Connection: close Content-Type: text/html; charset=utf-8 Content-Length: 22780
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The REST URL parameter 3 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 3, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.
Remediation detail
There is probably no need to perform a second URL-decode of the value of REST URL parameter 3 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.
Request 1
GET /blog/55-googleanalytics/97-workshop-january-29th-dimensionator.html%2527 HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 1
HTTP/1.1 404 Not Found Date: Sat, 06 Nov 2010 06:58:32 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 Connection: close Content-Type: text/html Content-Length: 76
Database Error: Unable to connect to the database:Could not connect to MySQL
Request 2
GET /blog/55-googleanalytics/97-workshop-january-29th-dimensionator.html%2527%2527 HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 2
HTTP/1.1 404 Not Found Date: Sat, 06 Nov 2010 06:58:33 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Connection: close Content-Type: text/html Content-Length: 326
<br /> <b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: User apros_apros already has more than 'max_user_connections' active connections in <b>/home/apro ...[SNIP]...
1.53. http://www.analyticspros.com/blog/55-googleanalytics/97-workshop-january-29th-dimensionator.html [name of an arbitrarily supplied request parameter]previousnext
The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the name of an arbitrarily supplied request parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
Request 1
GET /blog/55-googleanalytics/97-workshop-january-29th-dimensionator.html?1'=1 HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 1
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 06:54:09 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 Connection: close Content-Type: text/html Content-Length: 76
Database Error: Unable to connect to the database:Could not connect to MySQL
Request 2
GET /blog/55-googleanalytics/97-workshop-january-29th-dimensionator.html?1''=1 HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 2
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 06:54:10 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Expires: Mon, 1 Jan 2001 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 06:54:13 GMT; path=/ Last-Modified: Sat, 06 Nov 2010 06:54:13 GMT Connection: close Content-Type: text/html; charset=utf-8 Content-Length: 21379
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The __utmmobile cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the __utmmobile cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.
Remediation detail
There is probably no need to perform a second URL-decode of the value of the __utmmobile cookie as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.
Request 1
GET /blog/56-seo/59-search-ranking-position-with-ga.html?itemid=70#comment HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog.html?start=15 Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c%2527;
Response 1
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 07:31:41 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 Connection: close Content-Type: text/html Content-Length: 76
Database Error: Unable to connect to the database:Could not connect to MySQL
Request 2
GET /blog/56-seo/59-search-ranking-position-with-ga.html?itemid=70#comment HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog.html?start=15 Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c%2527%2527;
Response 2
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 07:31:42 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Expires: Mon, 1 Jan 2001 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 07:31:43 GMT; path=/ Last-Modified: Sat, 06 Nov 2010 07:31:43 GMT Connection: close Content-Type: text/html; charset=utf-8 Content-Length: 27790
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The d4dad6935f632ac35975e3001dc7bbe8 cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the d4dad6935f632ac35975e3001dc7bbe8 cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.
Remediation detail
There is probably no need to perform a second URL-decode of the value of the d4dad6935f632ac35975e3001dc7bbe8 cookie as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.
Request 1
GET /blog/56-seo/78-best-seo-video-matt-cutts-wordpress.html?itemid=70#comment HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog.html?start=25 Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb%2527; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;
Response 1
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 07:18:31 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 Connection: close Content-Type: text/html Content-Length: 76
Database Error: Unable to connect to the database:Could not connect to MySQL
Request 2
GET /blog/56-seo/78-best-seo-video-matt-cutts-wordpress.html?itemid=70#comment HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog.html?start=25 Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb%2527%2527; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;
Response 2
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 07:18:34 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Expires: Mon, 1 Jan 2001 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 07:18:35 GMT; path=/ Last-Modified: Sat, 06 Nov 2010 07:18:35 GMT Connection: close Content-Type: text/html; charset=utf-8 Content-Length: 25557
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The __utmz cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the __utmz cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
Request 1
GET /blog/62-urchin/118-urchin-7-now-available.html HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)'; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 1
HTTP/1.1 200 OK Date: Fri, 05 Nov 2010 23:39:06 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 Connection: close Content-Type: text/html Content-Length: 76
Database Error: Unable to connect to the database:Could not connect to MySQL
Request 2
GET /blog/62-urchin/118-urchin-7-now-available.html HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)''; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 2
HTTP/1.1 200 OK Date: Fri, 05 Nov 2010 23:39:07 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Expires: Mon, 1 Jan 2001 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: apros2.0_tpl=apros2.0; expires=Wed, 26-Oct-2011 23:39:11 GMT; path=/ Last-Modified: Fri, 05 Nov 2010 23:39:11 GMT Connection: close Content-Type: text/html; charset=utf-8 Content-Length: 28924
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The REST URL parameter 3 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 3, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
Request 1
GET /blog/62-urchin/121-urchin-7-new-interface-first-look.html'?itemid=70#comment HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog.html Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 1
HTTP/1.1 404 Not Found Date: Sat, 06 Nov 2010 07:21:22 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 Connection: close Content-Type: text/html Content-Length: 76
Database Error: Unable to connect to the database:Could not connect to MySQL
Request 2
GET /blog/62-urchin/121-urchin-7-new-interface-first-look.html''?itemid=70#comment HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog.html Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 2
HTTP/1.1 404 Not Found Date: Sat, 06 Nov 2010 07:21:24 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Expires: Mon, 1 Jan 2001 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 07:21:28 GMT; path=/ Last-Modified: Sat, 06 Nov 2010 07:21:28 GMT Connection: close Content-Type: text/html; charset=utf-8 Content-Length: 23780
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The __utmc cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the __utmc cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
Request 1
GET /blog/62-urchin/121-urchin-7-new-interface-first-look.html HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141'; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 1
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 07:07:32 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 Connection: close Content-Type: text/html Content-Length: 76
Database Error: Unable to connect to the database:Could not connect to MySQL
Request 2
GET /blog/62-urchin/121-urchin-7-new-interface-first-look.html HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141''; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 2
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 07:07:35 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Expires: Mon, 1 Jan 2001 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 07:07:37 GMT; path=/ Last-Modified: Sat, 06 Nov 2010 07:07:37 GMT Connection: close Content-Type: text/html; charset=utf-8 Content-Length: 23684
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The __utmmobile cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the __utmmobile cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.
Remediation detail
There is probably no need to perform a second URL-decode of the value of the __utmmobile cookie as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.
Request 1
GET /blog/62-urchin/121-urchin-7-new-interface-first-look.html?itemid=70#comment HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog.html Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c%2527; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 1
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 07:10:26 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 Connection: close Content-Type: text/html Content-Length: 76
Database Error: Unable to connect to the database:Could not connect to MySQL
Request 2
GET /blog/62-urchin/121-urchin-7-new-interface-first-look.html?itemid=70#comment HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog.html Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c%2527%2527; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 2
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 07:10:26 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Expires: Mon, 1 Jan 2001 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 07:10:28 GMT; path=/ Last-Modified: Sat, 06 Nov 2010 07:10:29 GMT Connection: close Content-Type: text/html; charset=utf-8 Content-Length: 23763
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The apros2.0_tpl cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the apros2.0_tpl cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
Request 1
GET /blog/62-urchin/121-urchin-7-new-interface-first-look.html HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0'; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 1
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 07:08:36 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 Connection: close Content-Type: text/html Content-Length: 76
Database Error: Unable to connect to the database:Could not connect to MySQL
Request 2
GET /blog/62-urchin/121-urchin-7-new-interface-first-look.html HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0''; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 2
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 07:08:37 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Connection: close Content-Type: text/html Content-Length: 326
<br /> <b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: User apros_apros already has more than 'max_user_connections' active connections in <b>/home/apro ...[SNIP]...
The ki_u cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the ki_u cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
Request 1
GET /blog/62-urchin/121-urchin-7-new-interface-first-look.html?itemid=70#comment HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog.html Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a'; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 1
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 07:12:58 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 Connection: close Content-Type: text/html Content-Length: 76
Database Error: Unable to connect to the database:Could not connect to MySQL
Request 2
GET /blog/62-urchin/121-urchin-7-new-interface-first-look.html?itemid=70#comment HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog.html Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a''; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 2
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 07:12:58 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Expires: Mon, 1 Jan 2001 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 07:13:00 GMT; path=/ Last-Modified: Sat, 06 Nov 2010 07:13:01 GMT Connection: close Content-Type: text/html; charset=utf-8 Content-Length: 23763
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The 1ee73a388da0bb7ec3d7afe3beccac53 cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the 1ee73a388da0bb7ec3d7afe3beccac53 cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.
Remediation detail
There is probably no need to perform a second URL-decode of the value of the 1ee73a388da0bb7ec3d7afe3beccac53 cookie as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.
Request 1
GET /blog/62-urchin/75-convert-u5data-error-changing-directories.html HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00%2527; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;
Response 1
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 07:09:02 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Expires: Mon, 1 Jan 2001 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 07:09:04 GMT; path=/ Last-Modified: Sat, 06 Nov 2010 07:09:04 GMT Connection: close Content-Type: text/html; charset=utf-8 Content-Length: 22387
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
< ...[SNIP]... <div>However, the documentation (at the time of writing this) fails to call out a common issue that I've seen coming up for a number of Urchin users: <strong> ...[SNIP]...
Request 2
GET /blog/62-urchin/75-convert-u5data-error-changing-directories.html HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00%2527%2527; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;
Response 2
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 07:09:05 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Connection: close Content-Type: text/html Content-Length: 326
<br /> <b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: User apros_apros already has more than 'max_user_connections' active connections in <b>/home/apro ...[SNIP]...
The ki_u cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the ki_u cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.
Remediation detail
There is probably no need to perform a second URL-decode of the value of the ki_u cookie as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.
Request 1
GET /blog/62-urchin/75-convert-u5data-error-changing-directories.html HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a%2527; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;
Response 1
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 07:13:13 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Expires: Mon, 1 Jan 2001 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 07:13:14 GMT; path=/ Last-Modified: Sat, 06 Nov 2010 07:13:14 GMT Connection: close Content-Type: text/html; charset=utf-8 Content-Length: 22387
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
< ...[SNIP]... <div>However, the documentation (at the time of writing this) fails to call out a common issue that I've seen coming up for a number of Urchin users: <strong> ...[SNIP]...
Request 2
GET /blog/62-urchin/75-convert-u5data-error-changing-directories.html HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a%2527%2527; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;
Response 2
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 07:13:15 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 Content-Length: 76 Connection: close Content-Type: text/html
Database Error: Unable to connect to the database:Could not connect to MySQL
The 1ee73a388da0bb7ec3d7afe3beccac53 cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the 1ee73a388da0bb7ec3d7afe3beccac53 cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
Request 1
GET /blog/62-urchin/87-visitor-scoring-with-urchin.html?itemid=70#comment HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog.html?start=20 Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00'; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;
Response 1
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 07:11:45 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 Connection: close Content-Type: text/html Content-Length: 76
Database Error: Unable to connect to the database:Could not connect to MySQL
Request 2
GET /blog/62-urchin/87-visitor-scoring-with-urchin.html?itemid=70#comment HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog.html?start=20 Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00''; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;
Response 2
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 07:11:46 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Expires: Mon, 1 Jan 2001 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 07:11:48 GMT; path=/ Last-Modified: Sat, 06 Nov 2010 07:11:48 GMT Connection: close Content-Type: text/html; charset=utf-8 Content-Length: 23268
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The optimizelyEndUserId cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the optimizelyEndUserId cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.
Remediation detail
There is probably no need to perform a second URL-decode of the value of the optimizelyEndUserId cookie as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.
Request 1
GET /blog/62-urchin/87-visitor-scoring-with-urchin.html?itemid=70#comment HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog.html?start=20 Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169%2527; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;
Response 1
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 07:14:12 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 Connection: close Content-Type: text/html Content-Length: 76
Database Error: Unable to connect to the database:Could not connect to MySQL
Request 2
GET /blog/62-urchin/87-visitor-scoring-with-urchin.html?itemid=70#comment HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog.html?start=20 Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169%2527%2527; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;
Response 2
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 07:14:12 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Connection: close Content-Type: text/html Content-Length: 326
<br /> <b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: User apros_apros already has more than 'max_user_connections' active connections in <b>/home/apro ...[SNIP]...
The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 1, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
Request 1
GET /blog'/62-urchin/88-urchin-vs-google-analytics.html?itemid=70#comment HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog.html?start=20 Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;
Response 1
HTTP/1.1 404 Component not found Date: Sat, 06 Nov 2010 07:28:31 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Expires: Mon, 1 Jan 2001 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Last-Modified: Sat, 06 Nov 2010 07:28:32 GMT Connection: close Content-Type: text/html; charset=utf-8 Content-Length: 3015
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" dir=" ...[SNIP]... <title>404 - Error: 404</title> ...[SNIP]...
Request 2
GET /blog''/62-urchin/88-urchin-vs-google-analytics.html?itemid=70#comment HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog.html?start=20 Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;
Response 2
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 07:28:32 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Connection: close Content-Type: text/html Content-Length: 326
<br /> <b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: User apros_apros already has more than 'max_user_connections' active connections in <b>/home/apro ...[SNIP]...
The d4dad6935f632ac35975e3001dc7bbe8 cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the d4dad6935f632ac35975e3001dc7bbe8 cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
Request 1
GET /blog/62-urchin/88-urchin-vs-google-analytics.html HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb'; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;
Response 1
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 07:06:11 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 Connection: close Content-Type: text/html Content-Length: 76
Database Error: Unable to connect to the database:Could not connect to MySQL
Request 2
GET /blog/62-urchin/88-urchin-vs-google-analytics.html HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb''; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;
Response 2
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 07:06:13 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Set-Cookie: d4dad6935f632ac35975e3001dc7bbe8=40a1140278fbef8b07f02061e9721c9c; path=/ Connection: close Content-Type: text/html Content-Length: 326
<br /> <b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: User apros_apros already has more than 'max_user_connections' active connections in <b>/home/apro ...[SNIP]...
1.68. http://www.analyticspros.com/blog/62-urchin/88-urchin-vs-google-analytics.html [name of an arbitrarily supplied request parameter]previousnext
The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the name of an arbitrarily supplied request parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
Request 1
GET /blog/62-urchin/88-urchin-vs-google-analytics.html?itemid=70#comment&1'=1 HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog.html?start=20 Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;
Response 1
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 07:25:54 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 Connection: close Content-Type: text/html Content-Length: 76
Database Error: Unable to connect to the database:Could not connect to MySQL
Request 2
GET /blog/62-urchin/88-urchin-vs-google-analytics.html?itemid=70#comment&1''=1 HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog.html?start=20 Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;
Response 2
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 07:25:55 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Expires: Mon, 1 Jan 2001 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 07:25:57 GMT; path=/ Last-Modified: Sat, 06 Nov 2010 07:25:57 GMT Connection: close Content-Type: text/html; charset=utf-8 Content-Length: 29793
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The __utmz cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the __utmz cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.
Remediation detail
There is probably no need to perform a second URL-decode of the value of the __utmz cookie as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.
Request 1
GET /blog/62-urchin/94-exclude-bots-in-urchin.html?itemid=70#comment HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog.html?start=15 Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)%2527; 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;
Response 1
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 07:09:10 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 Connection: close Content-Type: text/html Content-Length: 76
Database Error: Unable to connect to the database:Could not connect to MySQL
Request 2
GET /blog/62-urchin/94-exclude-bots-in-urchin.html?itemid=70#comment HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog.html?start=15 Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)%2527%2527; 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;
Response 2
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 07:09:12 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Expires: Mon, 1 Jan 2001 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 07:09:15 GMT; path=/ Last-Modified: Sat, 06 Nov 2010 07:09:15 GMT Connection: close Content-Type: text/html; charset=utf-8 Content-Length: 22465
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The 1ee73a388da0bb7ec3d7afe3beccac53 cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the 1ee73a388da0bb7ec3d7afe3beccac53 cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.
Remediation detail
There is probably no need to perform a second URL-decode of the value of the 1ee73a388da0bb7ec3d7afe3beccac53 cookie as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.
Request 1
GET /blog/googleanalytics.feed HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00%2527; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;
Response 1
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 07:22:32 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 Connection: close Content-Type: text/html Content-Length: 76
Database Error: Unable to connect to the database:Could not connect to MySQL
Request 2
GET /blog/googleanalytics.feed HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00%2527%2527; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;
Response 2
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 07:22:33 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Connection: close Content-Type: text/html Content-Length: 326
<br /> <b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: User apros_apros already has more than 'max_user_connections' active connections in <b>/home/apro ...[SNIP]...
The __utmmobile cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the __utmmobile cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
Request 1
GET /blog/googleanalytics.feed HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c';
Response 1
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 07:34:02 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 Connection: close Content-Type: text/html Content-Length: 76
Database Error: Unable to connect to the database:Could not connect to MySQL
Request 2
GET /blog/googleanalytics.feed HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c'';
Response 2
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 07:34:04 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Connection: close Content-Type: text/html Content-Length: 326
<br /> <b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: User apros_apros already has more than 'max_user_connections' active connections in <b>/home/apro ...[SNIP]...
The optimizelyEndUserId cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the optimizelyEndUserId cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
Request 1
GET /blog/googleanalytics.feed?type=rss HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog/googleanalytics.html Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169'; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;
Response 1
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 07:26:51 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 Connection: close Content-Type: text/html Content-Length: 76
Database Error: Unable to connect to the database:Could not connect to MySQL
Request 2
GET /blog/googleanalytics.feed?type=rss HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog/googleanalytics.html Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169''; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;
Response 2
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 07:26:53 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Expires: Mon, 1 Jan 2001 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 07:26:54 GMT; path=/ Last-Modified: Sat, 06 Nov 2010 07:26:54 GMT Connection: close Content-Type: text/html; charset=utf-8 Content-Length: 29089
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The 1ee73a388da0bb7ec3d7afe3beccac53 cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the 1ee73a388da0bb7ec3d7afe3beccac53 cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.
Remediation detail
There is probably no need to perform a second URL-decode of the value of the 1ee73a388da0bb7ec3d7afe3beccac53 cookie as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.
Request 1
GET /blog/googleanalytics.html?type=atom HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog/googleanalytics.html?type=atom&start=10 Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00%2527; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; 7876d45a49f537da76cfb9e129203eee=17d32965e1c37afc808ffaa1ef2087ef; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;
Response 1
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 06:34:16 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 Connection: close Content-Type: text/html Content-Length: 76
Database Error: Unable to connect to the database:Could not connect to MySQL
Request 2
GET /blog/googleanalytics.html?type=atom HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog/googleanalytics.html?type=atom&start=10 Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00%2527%2527; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; 7876d45a49f537da76cfb9e129203eee=17d32965e1c37afc808ffaa1ef2087ef; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;
Response 2
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 06:34:17 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Expires: Mon, 1 Jan 2001 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 06:34:19 GMT; path=/ Last-Modified: Sat, 06 Nov 2010 06:34:19 GMT Connection: close Content-Type: text/html; charset=utf-8 Content-Length: 29400
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 1, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.
Remediation detail
There is probably no need to perform a second URL-decode of the value of REST URL parameter 1 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.
Request 1
GET /blog%2527/googleanalytics.html?start=5 HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog/googleanalytics.html Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;
Response 1
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 06:47:03 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 Connection: close Content-Type: text/html Content-Length: 76
Database Error: Unable to connect to the database:Could not connect to MySQL
Request 2
GET /blog%2527%2527/googleanalytics.html?start=5 HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog/googleanalytics.html Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;
Response 2
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 06:47:06 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Connection: close Content-Type: text/html Content-Length: 326
<br /> <b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: User apros_apros already has more than 'max_user_connections' active connections in <b>/home/apro ...[SNIP]...
The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 2, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
Request 1
GET /blog/googleanalytics.html'?start=5 HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog/googleanalytics.html Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;
Response 1
HTTP/1.1 404 Not Found Date: Sat, 06 Nov 2010 06:48:41 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 Connection: close Content-Type: text/html Content-Length: 76
Database Error: Unable to connect to the database:Could not connect to MySQL
Request 2
GET /blog/googleanalytics.html''?start=5 HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog/googleanalytics.html Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;
Response 2
HTTP/1.1 404 Not Found Date: Sat, 06 Nov 2010 06:48:42 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Expires: Mon, 1 Jan 2001 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 06:48:45 GMT; path=/ Last-Modified: Sat, 06 Nov 2010 06:48:45 GMT Connection: close Content-Type: text/html; charset=utf-8 Content-Length: 29851
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The User-Agent HTTP header appears to be vulnerable to SQL injection attacks. A single quote was submitted in the User-Agent HTTP header, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
Request 1
GET /blog/googleanalytics.html?start=5 HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)' Connection: close Referer: http://www.analyticspros.com/blog/googleanalytics.html Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;
Response 1
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 06:45:59 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 Connection: close Content-Type: text/html Content-Length: 76
Database Error: Unable to connect to the database:Could not connect to MySQL
Request 2
GET /blog/googleanalytics.html?start=5 HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)'' Connection: close Referer: http://www.analyticspros.com/blog/googleanalytics.html Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;
Response 2
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 06:46:01 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Expires: Mon, 1 Jan 2001 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 06:46:03 GMT; path=/ Last-Modified: Sat, 06 Nov 2010 06:46:03 GMT Connection: close Content-Type: text/html; charset=utf-8 Content-Length: 29839
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The d4dad6935f632ac35975e3001dc7bbe8 cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the d4dad6935f632ac35975e3001dc7bbe8 cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
Request 1
GET /blog/googleanalytics.html HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/consulting.html Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb'; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 1
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 06:25:34 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 Connection: close Content-Type: text/html Content-Length: 76
Database Error: Unable to connect to the database:Could not connect to MySQL
Request 2
GET /blog/googleanalytics.html HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/consulting.html Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb''; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 2
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 06:25:36 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Set-Cookie: d4dad6935f632ac35975e3001dc7bbe8=2d14b64a6cbe67f6c9be7adeede1758a; path=/ Connection: close Content-Type: text/html Content-Length: 326
<br /> <b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: User apros_apros already has more than 'max_user_connections' active connections in <b>/home/apro ...[SNIP]...
The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 1, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
Request 1
GET /blog'/googleanalytics/101-dimensionator-day-of-week-month-date-analysis.html?itemid=70#comment HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog/googleanalytics.html?type=atom&start=5 Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; 7876d45a49f537da76cfb9e129203eee=17d32965e1c37afc808ffaa1ef2087ef; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;
Response 1
HTTP/1.1 404 Component not found Date: Sat, 06 Nov 2010 06:23:12 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Expires: Mon, 1 Jan 2001 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Last-Modified: Sat, 06 Nov 2010 06:23:13 GMT Connection: close Content-Type: text/html; charset=utf-8 Content-Length: 3015
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" dir=" ...[SNIP]... <title>404 - Error: 404</title> ...[SNIP]...
Request 2
GET /blog''/googleanalytics/101-dimensionator-day-of-week-month-date-analysis.html?itemid=70#comment HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog/googleanalytics.html?type=atom&start=5 Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; 7876d45a49f537da76cfb9e129203eee=17d32965e1c37afc808ffaa1ef2087ef; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;
Response 2
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 06:23:14 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Connection: close Content-Type: text/html Content-Length: 326
<br /> <b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: User apros_apros already has more than 'max_user_connections' active connections in <b>/home/apro ...[SNIP]...
The __utmmobile cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the __utmmobile cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
Request 1
GET /blog/googleanalytics/101-dimensionator-day-of-week-month-date-analysis.html?itemid=70#comment HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog/googleanalytics.html?type=atom&start=5 Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; 7876d45a49f537da76cfb9e129203eee=17d32965e1c37afc808ffaa1ef2087ef; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c';
Response 1
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 06:18:44 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 Connection: close Content-Type: text/html Content-Length: 76
Database Error: Unable to connect to the database:Could not connect to MySQL
Request 2
GET /blog/googleanalytics/101-dimensionator-day-of-week-month-date-analysis.html?itemid=70#comment HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog/googleanalytics.html?type=atom&start=5 Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; 7876d45a49f537da76cfb9e129203eee=17d32965e1c37afc808ffaa1ef2087ef; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c'';
Response 2
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 06:18:45 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Connection: close Content-Type: text/html Content-Length: 326
<br /> <b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: User apros_apros already has more than 'max_user_connections' active connections in <b>/home/apro ...[SNIP]...
The optimizelyEndUserId cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the optimizelyEndUserId cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
Request 1
GET /blog/googleanalytics/101-dimensionator-day-of-week-month-date-analysis.html HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog.html?start=10 Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169';
Response 1
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 06:14:02 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 Connection: close Content-Type: text/html Content-Length: 76
Database Error: Unable to connect to the database:Could not connect to MySQL
Request 2
GET /blog/googleanalytics/101-dimensionator-day-of-week-month-date-analysis.html HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog.html?start=10 Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169'';
Response 2
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 06:14:05 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Expires: Mon, 1 Jan 2001 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 06:14:07 GMT; path=/ Last-Modified: Sat, 06 Nov 2010 06:14:07 GMT Connection: close Content-Type: text/html; charset=utf-8 Content-Length: 34465
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The 7876d45a49f537da76cfb9e129203eee cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the 7876d45a49f537da76cfb9e129203eee cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.
Remediation detail
There is probably no need to perform a second URL-decode of the value of the 7876d45a49f537da76cfb9e129203eee cookie as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.
Request 1
GET /blog/googleanalytics/103-google-analytics-opt-out-feature.html?itemid=70#comment HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog/googleanalytics.html?type=atom&start=5 Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; 7876d45a49f537da76cfb9e129203eee=17d32965e1c37afc808ffaa1ef2087ef%2527; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;
Response 1
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 06:10:36 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 Connection: close Content-Type: text/html Content-Length: 76
Database Error: Unable to connect to the database:Could not connect to MySQL
Request 2
GET /blog/googleanalytics/103-google-analytics-opt-out-feature.html?itemid=70#comment HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog/googleanalytics.html?type=atom&start=5 Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; 7876d45a49f537da76cfb9e129203eee=17d32965e1c37afc808ffaa1ef2087ef%2527%2527; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;
Response 2
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 06:10:37 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Expires: Mon, 1 Jan 2001 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 06:10:38 GMT; path=/ Last-Modified: Sat, 06 Nov 2010 06:10:39 GMT Connection: close Content-Type: text/html; charset=utf-8 Content-Length: 33669
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The Referer HTTP header appears to be vulnerable to SQL injection attacks. A single quote was submitted in the Referer HTTP header, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
Request 1
GET /blog/googleanalytics/103-google-analytics-opt-out-feature.html HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.google.com/search?hl=en&q=' Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 1
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 01:12:03 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 Connection: close Content-Type: text/html Content-Length: 76
Database Error: Unable to connect to the database:Could not connect to MySQL
Request 2
GET /blog/googleanalytics/103-google-analytics-opt-out-feature.html HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.google.com/search?hl=en&q='' Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 2
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 01:12:03 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Expires: Mon, 1 Jan 2001 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 01:12:04 GMT; path=/ Last-Modified: Sat, 06 Nov 2010 01:12:04 GMT Connection: close Content-Type: text/html; charset=utf-8 Content-Length: 33583
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The apros2.0_tpl cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the apros2.0_tpl cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
Request 1
GET /blog/googleanalytics/103-google-analytics-opt-out-feature.html?itemid=70#comment HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog/googleanalytics.html?type=atom&start=5 Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; 7876d45a49f537da76cfb9e129203eee=17d32965e1c37afc808ffaa1ef2087ef; apros2.0_tpl=apros2.0'; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;
Response 1
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 06:12:04 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 Connection: close Content-Type: text/html Content-Length: 76
Database Error: Unable to connect to the database:Could not connect to MySQL
Request 2
GET /blog/googleanalytics/103-google-analytics-opt-out-feature.html?itemid=70#comment HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog/googleanalytics.html?type=atom&start=5 Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; 7876d45a49f537da76cfb9e129203eee=17d32965e1c37afc808ffaa1ef2087ef; apros2.0_tpl=apros2.0''; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;
Response 2
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 06:12:09 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Connection: close Content-Type: text/html Content-Length: 326
<br /> <b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: User apros_apros already has more than 'max_user_connections' active connections in <b>/home/apro ...[SNIP]...
The optimizelyBuckets cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the optimizelyBuckets cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
Request 1
GET /blog/googleanalytics/103-google-analytics-opt-out-feature.html?itemid=70#comment HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog/googleanalytics.html?type=atom&start=5 Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D'; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; 7876d45a49f537da76cfb9e129203eee=17d32965e1c37afc808ffaa1ef2087ef; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;
Response 1
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 06:06:29 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 Connection: close Content-Type: text/html Content-Length: 76
Database Error: Unable to connect to the database:Could not connect to MySQL
Request 2
GET /blog/googleanalytics/103-google-analytics-opt-out-feature.html?itemid=70#comment HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog/googleanalytics.html?type=atom&start=5 Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D''; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; 7876d45a49f537da76cfb9e129203eee=17d32965e1c37afc808ffaa1ef2087ef; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;
Response 2
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 06:06:30 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Connection: close Content-Type: text/html Content-Length: 326
<br /> <b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: User apros_apros already has more than 'max_user_connections' active connections in <b>/home/apro ...[SNIP]...
The REST URL parameter 3 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 3, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.
Remediation detail
There is probably no need to perform a second URL-decode of the value of REST URL parameter 3 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.
Request 1
GET /blog/googleanalytics/106-google-analytics-health-check.html%2527 HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog.html?start=5 Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 1
HTTP/1.1 404 Not Found Date: Sat, 06 Nov 2010 06:22:44 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Expires: Mon, 1 Jan 2001 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 06:22:46 GMT; path=/ Last-Modified: Sat, 06 Nov 2010 06:22:47 GMT Connection: close Content-Type: text/html; charset=utf-8 Content-Length: 26267
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
< ...[SNIP]... sn't because of an inherent problem with Google Analytics, but rather a problem with how it has been implemented on the site in question... The most common mistake for implementing Google Analytics is failing to configure the tracking tags for your particular site... This is a pervasive problem because it's really easy to get started with Google Analytics using the <em> ...[SNIP]...
Request 2
GET /blog/googleanalytics/106-google-analytics-health-check.html%2527%2527 HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog.html?start=5 Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 2
HTTP/1.1 404 Not Found Date: Sat, 06 Nov 2010 06:22:47 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 Connection: close Content-Type: text/html Content-Length: 76
Database Error: Unable to connect to the database:Could not connect to MySQL
The fpssCookie cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the fpssCookie cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.
Remediation detail
There is probably no need to perform a second URL-decode of the value of the fpssCookie cookie as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.
Request 1
GET /blog/googleanalytics/106-google-analytics-health-check.html HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog.html?start=5 Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true%2527; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 1
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 06:04:37 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Expires: Mon, 1 Jan 2001 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 06:04:40 GMT; path=/ Last-Modified: Sat, 06 Nov 2010 06:04:40 GMT Connection: close Content-Type: text/html; charset=utf-8 Content-Length: 26246
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
< ...[SNIP]... sn't because of an inherent problem with Google Analytics, but rather a problem with how it has been implemented on the site in question... The most common mistake for implementing Google Analytics is failing to configure the tracking tags for your particular site... This is a pervasive problem because it's really easy to get started with Google Analytics using the <em> ...[SNIP]...
Request 2
GET /blog/googleanalytics/106-google-analytics-health-check.html HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog.html?start=5 Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true%2527%2527; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 2
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 06:04:40 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Connection: close Content-Type: text/html Content-Length: 326
<br /> <b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: User apros_apros already has more than 'max_user_connections' active connections in <b>/home/apro ...[SNIP]...
The ki_t cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the ki_t cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.
Remediation detail
There is probably no need to perform a second URL-decode of the value of the ki_t cookie as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.
Request 1
GET /blog/googleanalytics/106-google-analytics-health-check.html?itemid=70#comment HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog/googleanalytics.html?type=atom&start=5 Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11%2527; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; 7876d45a49f537da76cfb9e129203eee=17d32965e1c37afc808ffaa1ef2087ef; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;
Response 1
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 06:10:23 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Expires: Mon, 1 Jan 2001 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 06:10:25 GMT; path=/ Last-Modified: Sat, 06 Nov 2010 06:10:25 GMT Connection: close Content-Type: text/html; charset=utf-8 Content-Length: 26334
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
< ...[SNIP]... sn't because of an inherent problem with Google Analytics, but rather a problem with how it has been implemented on the site in question... The most common mistake for implementing Google Analytics is failing to configure the tracking tags for your particular site... This is a pervasive problem because it's really easy to get started with Google Analytics using the <em> ...[SNIP]...
Request 2
GET /blog/googleanalytics/106-google-analytics-health-check.html?itemid=70#comment HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog/googleanalytics.html?type=atom&start=5 Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11%2527%2527; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; 7876d45a49f537da76cfb9e129203eee=17d32965e1c37afc808ffaa1ef2087ef; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;
Response 2
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 06:10:25 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Connection: close Content-Type: text/html Content-Length: 326
<br /> <b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: User apros_apros already has more than 'max_user_connections' active connections in <b>/home/apro ...[SNIP]...
The ki_u cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the ki_u cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.
Remediation detail
There is probably no need to perform a second URL-decode of the value of the ki_u cookie as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.
Request 1
GET /blog/googleanalytics/106-google-analytics-health-check.html HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog.html?start=5 Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a%2527; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 1
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 06:14:19 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Expires: Mon, 1 Jan 2001 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 06:14:22 GMT; path=/ Last-Modified: Sat, 06 Nov 2010 06:14:22 GMT Connection: close Content-Type: text/html; charset=utf-8 Content-Length: 26246
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
< ...[SNIP]... sn't because of an inherent problem with Google Analytics, but rather a problem with how it has been implemented on the site in question... The most common mistake for implementing Google Analytics is failing to configure the tracking tags for your particular site... This is a pervasive problem because it's really easy to get started with Google Analytics using the <em> ...[SNIP]...
Request 2
GET /blog/googleanalytics/106-google-analytics-health-check.html HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog.html?start=5 Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a%2527%2527; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 2
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 06:14:22 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 Connection: close Content-Type: text/html Content-Length: 76
Database Error: Unable to connect to the database:Could not connect to MySQL
The ki_t cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the ki_t cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
Request 1
GET /blog/googleanalytics/109-google-analytics-training-san-jose-2010.html HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog.html Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11'; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 1
HTTP/1.1 200 OK Date: Fri, 05 Nov 2010 23:44:20 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 Connection: close Content-Type: text/html Content-Length: 76
Database Error: Unable to connect to the database:Could not connect to MySQL
Request 2
GET /blog/googleanalytics/109-google-analytics-training-san-jose-2010.html HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog.html Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11''; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 2
HTTP/1.1 200 OK Date: Fri, 05 Nov 2010 23:44:26 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Connection: close Content-Type: text/html Content-Length: 326
<br /> <b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: User apros_apros already has more than 'max_user_connections' active connections in <b>/home/apro ...[SNIP]...
The ki_t cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the ki_t cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.
Remediation detail
There is probably no need to perform a second URL-decode of the value of the ki_t cookie as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.
Request 1
GET /blog/googleanalytics/113-domain-hostname-content-reports.html HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog.html Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11%2527; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 1
HTTP/1.1 200 OK Date: Fri, 05 Nov 2010 23:46:26 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 Connection: close Content-Type: text/html Content-Length: 76
Database Error: Unable to connect to the database:Could not connect to MySQL
Request 2
GET /blog/googleanalytics/113-domain-hostname-content-reports.html HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog.html Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11%2527%2527; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 2
HTTP/1.1 200 OK Date: Fri, 05 Nov 2010 23:46:38 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Expires: Mon, 1 Jan 2001 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: apros2.0_tpl=apros2.0; expires=Wed, 26-Oct-2011 23:46:40 GMT; path=/ Last-Modified: Fri, 05 Nov 2010 23:46:41 GMT Connection: close Content-Type: text/html; charset=utf-8 Content-Length: 39301
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 1, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.
Remediation detail
There is probably no need to perform a second URL-decode of the value of REST URL parameter 1 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.
Request 1
GET /blog%2527/googleanalytics/114-share-advanced-segment-google-analytics.html HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog.html Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 1
HTTP/1.1 404 Component not found Date: Sat, 06 Nov 2010 05:56:38 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Expires: Mon, 1 Jan 2001 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Last-Modified: Sat, 06 Nov 2010 05:56:40 GMT Connection: close Content-Type: text/html; charset=utf-8 Content-Length: 3015
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" dir=" ...[SNIP]... <title>404 - Error: 404</title> ...[SNIP]...
Request 2
GET /blog%2527%2527/googleanalytics/114-share-advanced-segment-google-analytics.html HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog.html Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 2
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 05:56:40 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Connection: close Content-Type: text/html Content-Length: 326
<br /> <b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: User apros_apros already has more than 'max_user_connections' active connections in <b>/home/apro ...[SNIP]...
The d4dad6935f632ac35975e3001dc7bbe8 cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the d4dad6935f632ac35975e3001dc7bbe8 cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.
Remediation detail
There is probably no need to perform a second URL-decode of the value of the d4dad6935f632ac35975e3001dc7bbe8 cookie as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.
Request 1
GET /blog/googleanalytics/114-share-advanced-segment-google-analytics.html HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog.html Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb%2527; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 1
HTTP/1.1 200 OK Date: Fri, 05 Nov 2010 23:38:42 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 Connection: close Content-Type: text/html Content-Length: 76
Database Error: Unable to connect to the database:Could not connect to MySQL
Request 2
GET /blog/googleanalytics/114-share-advanced-segment-google-analytics.html HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog.html Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb%2527%2527; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 2
HTTP/1.1 200 OK Date: Fri, 05 Nov 2010 23:38:43 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Connection: close Content-Type: text/html Content-Length: 326
<br /> <b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: User apros_apros already has more than 'max_user_connections' active connections in <b>/home/apro ...[SNIP]...
The ki_t cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the ki_t cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
Request 1
GET /blog/googleanalytics/114-share-advanced-segment-google-analytics.html HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog.html Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11'; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 1
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 05:43:41 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 Connection: close Content-Type: text/html Content-Length: 76
Database Error: Unable to connect to the database:Could not connect to MySQL
Request 2
GET /blog/googleanalytics/114-share-advanced-segment-google-analytics.html HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog.html Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11''; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 2
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 05:43:42 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Connection: close Content-Type: text/html Content-Length: 326
<br /> <b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: User apros_apros already has more than 'max_user_connections' active connections in <b>/home/apro ...[SNIP]...
The ki_t cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the ki_t cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.
Remediation detail
There is probably no need to perform a second URL-decode of the value of the ki_t cookie as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.
Request 1
GET /blog/googleanalytics/114-share-advanced-segment-google-analytics.html?itemid=70#comment HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog/googleanalytics.html Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11%2527; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 1
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 05:45:35 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 Connection: close Content-Type: text/html Content-Length: 76
Database Error: Unable to connect to the database:Could not connect to MySQL
Request 2
GET /blog/googleanalytics/114-share-advanced-segment-google-analytics.html?itemid=70#comment HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog/googleanalytics.html Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11%2527%2527; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 2
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 05:45:36 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Connection: close Content-Type: text/html Content-Length: 326
<br /> <b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: User apros_apros already has more than 'max_user_connections' active connections in <b>/home/apro ...[SNIP]...
1.95. http://www.analyticspros.com/blog/googleanalytics/114-share-advanced-segment-google-analytics.html [name of an arbitrarily supplied request parameter]previousnext
The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the name of an arbitrarily supplied request parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.
Remediation detail
There is probably no need to perform a second URL-decode of the name of an arbitrarily supplied request parameter as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.
Request 1
GET /blog/googleanalytics/114-share-advanced-segment-google-analytics.html?itemid=70#comment&1%2527=1 HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog/googleanalytics.html Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 1
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 05:58:14 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 Connection: close Content-Type: text/html Content-Length: 76
Database Error: Unable to connect to the database:Could not connect to MySQL
Request 2
GET /blog/googleanalytics/114-share-advanced-segment-google-analytics.html?itemid=70#comment&1%2527%2527=1 HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog/googleanalytics.html Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 2
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 05:58:16 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Expires: Mon, 1 Jan 2001 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 05:58:18 GMT; path=/ Last-Modified: Sat, 06 Nov 2010 05:58:18 GMT Connection: close Content-Type: text/html; charset=utf-8 Content-Length: 21425
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The REST URL parameter 3 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 3, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
Request 1
GET /blog/googleanalytics/115-analytics-toolbar-for-dma-known-issues.html'?itemid=70#comment HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog/googleanalytics.html Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 1
HTTP/1.1 404 Not Found Date: Sat, 06 Nov 2010 06:00:11 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 Connection: close Content-Type: text/html Content-Length: 76
Database Error: Unable to connect to the database:Could not connect to MySQL
Request 2
GET /blog/googleanalytics/115-analytics-toolbar-for-dma-known-issues.html''?itemid=70#comment HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog/googleanalytics.html Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 2
HTTP/1.1 404 Not Found Date: Sat, 06 Nov 2010 06:00:18 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Expires: Mon, 1 Jan 2001 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 06:00:19 GMT; path=/ Last-Modified: Sat, 06 Nov 2010 06:00:19 GMT Connection: close Content-Type: text/html; charset=utf-8 Content-Length: 22288
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The Referer HTTP header appears to be vulnerable to SQL injection attacks. A single quote was submitted in the Referer HTTP header, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.
Remediation detail
There is probably no need to perform a second URL-decode of the value of the Referer HTTP header as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.
Request 1
GET /blog/googleanalytics/115-analytics-toolbar-for-dma-known-issues.html?itemid=70#comment HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.google.com/search?hl=en&q=%2527 Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 1
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 05:57:17 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 Connection: close Content-Type: text/html Content-Length: 76
Database Error: Unable to connect to the database:Could not connect to MySQL
Request 2
GET /blog/googleanalytics/115-analytics-toolbar-for-dma-known-issues.html?itemid=70#comment HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.google.com/search?hl=en&q=%2527%2527 Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 2
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 05:57:18 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Connection: close Content-Type: text/html Content-Length: 326
<br /> <b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: User apros_apros already has more than 'max_user_connections' active connections in <b>/home/apro ...[SNIP]...
The optimizelyEndUserId cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the optimizelyEndUserId cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
Request 1
GET /blog/googleanalytics/115-analytics-toolbar-for-dma-known-issues.html?itemid=70#comment HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog/googleanalytics.html Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169';
Response 1
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 05:53:34 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 Connection: close Content-Type: text/html Content-Length: 76
Database Error: Unable to connect to the database:Could not connect to MySQL
Request 2
GET /blog/googleanalytics/115-analytics-toolbar-for-dma-known-issues.html?itemid=70#comment HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog/googleanalytics.html Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169'';
Response 2
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 05:53:36 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Expires: Mon, 1 Jan 2001 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 05:53:40 GMT; path=/ Last-Modified: Sat, 06 Nov 2010 05:53:40 GMT Connection: close Content-Type: text/html; charset=utf-8 Content-Length: 22270
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The d4dad6935f632ac35975e3001dc7bbe8 cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the d4dad6935f632ac35975e3001dc7bbe8 cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
Request 1
GET /blog/googleanalytics/60-ga-extended-segments-part-1.html HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog.html?start=15 Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb'; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 1
HTTP/1.1 200 OK Date: Fri, 05 Nov 2010 23:39:56 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 Connection: close Content-Type: text/html Content-Length: 76
Database Error: Unable to connect to the database:Could not connect to MySQL
Request 2
GET /blog/googleanalytics/60-ga-extended-segments-part-1.html HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog.html?start=15 Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb''; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 2
HTTP/1.1 200 OK Date: Fri, 05 Nov 2010 23:39:58 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Expires: Mon, 1 Jan 2001 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: d4dad6935f632ac35975e3001dc7bbe8=103ed91c731dbf91fdf70a26e6f77494; path=/ Set-Cookie: apros2.0_tpl=apros2.0; expires=Wed, 26-Oct-2011 23:40:04 GMT; path=/ Last-Modified: Fri, 05 Nov 2010 23:40:04 GMT Connection: close Content-Type: text/html; charset=utf-8 Content-Length: 28803
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The REST URL parameter 3 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 3, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
Request 1
GET /blog/googleanalytics/63-kintiskton-llc-in-google-analytics.html'?itemid=70#comment HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog/googleanalytics.html?start=20 Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; 7876d45a49f537da76cfb9e129203eee=17d32965e1c37afc808ffaa1ef2087ef; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;
Response 1
HTTP/1.1 404 Not Found Date: Sat, 06 Nov 2010 06:36:28 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 Connection: close Content-Type: text/html Content-Length: 76
Database Error: Unable to connect to the database:Could not connect to MySQL
Request 2
GET /blog/googleanalytics/63-kintiskton-llc-in-google-analytics.html''?itemid=70#comment HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog/googleanalytics.html?start=20 Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; 7876d45a49f537da76cfb9e129203eee=17d32965e1c37afc808ffaa1ef2087ef; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;
Response 2
HTTP/1.1 404 Not Found Date: Sat, 06 Nov 2010 06:36:30 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Expires: Mon, 1 Jan 2001 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 06:36:32 GMT; path=/ Last-Modified: Sat, 06 Nov 2010 06:36:32 GMT Connection: close Content-Type: text/html; charset=utf-8 Content-Length: 35425
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The d4dad6935f632ac35975e3001dc7bbe8 cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the d4dad6935f632ac35975e3001dc7bbe8 cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.
Remediation detail
There is probably no need to perform a second URL-decode of the value of the d4dad6935f632ac35975e3001dc7bbe8 cookie as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.
Request 1
GET /blog/googleanalytics/63-kintiskton-llc-in-google-analytics.html HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog.html?start=25 Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb%2527; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 1
HTTP/1.1 200 OK Date: Fri, 05 Nov 2010 23:39:41 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 Connection: close Content-Type: text/html Content-Length: 76
Database Error: Unable to connect to the database:Could not connect to MySQL
Request 2
GET /blog/googleanalytics/63-kintiskton-llc-in-google-analytics.html HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog.html?start=25 Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb%2527%2527; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 2
HTTP/1.1 200 OK Date: Fri, 05 Nov 2010 23:39:42 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Connection: close Content-Type: text/html Content-Length: 326
<br /> <b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: User apros_apros already has more than 'max_user_connections' active connections in <b>/home/apro ...[SNIP]...
The 1ee73a388da0bb7ec3d7afe3beccac53 cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the 1ee73a388da0bb7ec3d7afe3beccac53 cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
Request 1
GET /blog/googleanalytics/77-refresh-rate-content-metric.html?itemid=70#comment HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog/googleanalytics.html?start=20 Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00'; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; 7876d45a49f537da76cfb9e129203eee=17d32965e1c37afc808ffaa1ef2087ef; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;
Response 1
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 06:14:56 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Expires: Mon, 1 Jan 2001 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 06:14:58 GMT; path=/ Last-Modified: Sat, 06 Nov 2010 06:14:58 GMT Connection: close Content-Type: text/html; charset=utf-8 Content-Length: 28123
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The __utma cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the __utma cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.
Remediation detail
There is probably no need to perform a second URL-decode of the value of the __utma cookie as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.
Request 1
GET /blog/googleanalytics/77-refresh-rate-content-metric.html HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog.html?start=25 Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1%2527; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 1
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 06:12:55 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 Connection: close Content-Type: text/html Content-Length: 76
Database Error: Unable to connect to the database:Could not connect to MySQL
Request 2
GET /blog/googleanalytics/77-refresh-rate-content-metric.html HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog.html?start=25 Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1%2527%2527; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 2
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 06:12:56 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Connection: close Content-Type: text/html Content-Length: 326
<br /> <b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: User apros_apros already has more than 'max_user_connections' active connections in <b>/home/apro ...[SNIP]...
The __utmz cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the __utmz cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.
Remediation detail
There is probably no need to perform a second URL-decode of the value of the __utmz cookie as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.
Request 1
GET /blog/googleanalytics/77-refresh-rate-content-metric.html?itemid=70#comment HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog/googleanalytics.html?start=20 Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)%2527; 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; 7876d45a49f537da76cfb9e129203eee=17d32965e1c37afc808ffaa1ef2087ef; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;
Response 1
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 06:13:35 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Expires: Mon, 1 Jan 2001 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 06:13:35 GMT; path=/ Last-Modified: Sat, 06 Nov 2010 06:13:36 GMT Connection: close Content-Type: text/html; charset=utf-8 Content-Length: 28124
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
< ...[SNIP]... <h2>Finding the proverbial Needle in the Haystack</h2> ...[SNIP]...
Request 2
GET /blog/googleanalytics/77-refresh-rate-content-metric.html?itemid=70#comment HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog/googleanalytics.html?start=20 Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)%2527%2527; 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; 7876d45a49f537da76cfb9e129203eee=17d32965e1c37afc808ffaa1ef2087ef; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;
Response 2
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 06:13:36 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Connection: close Content-Type: text/html Content-Length: 326
<br /> <b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: User apros_apros already has more than 'max_user_connections' active connections in <b>/home/apro ...[SNIP]...
The ki_t cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the ki_t cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.
Remediation detail
There is probably no need to perform a second URL-decode of the value of the ki_t cookie as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.
Request 1
GET /blog/googleanalytics/77-refresh-rate-content-metric.html?itemid=70#comment HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog/googleanalytics.html?start=20 Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11%2527; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; 7876d45a49f537da76cfb9e129203eee=17d32965e1c37afc808ffaa1ef2087ef; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;
Response 1
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 06:16:29 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Expires: Mon, 1 Jan 2001 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 06:16:31 GMT; path=/ Last-Modified: Sat, 06 Nov 2010 06:16:32 GMT Connection: close Content-Type: text/html; charset=utf-8 Content-Length: 28124
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The ki_u cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the ki_u cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.
Remediation detail
There is probably no need to perform a second URL-decode of the value of the ki_u cookie as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.
Request 1
GET /blog/googleanalytics/77-refresh-rate-content-metric.html?itemid=70#comment HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog/googleanalytics.html?start=20 Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a%2527; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; 7876d45a49f537da76cfb9e129203eee=17d32965e1c37afc808ffaa1ef2087ef; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;
Response 1
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 06:20:09 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Expires: Mon, 1 Jan 2001 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 06:20:11 GMT; path=/ Last-Modified: Sat, 06 Nov 2010 06:20:11 GMT Connection: close Content-Type: text/html; charset=utf-8 Content-Length: 28124
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
< ...[SNIP]... <h2>Finding the proverbial Needle in the Haystack</h2> ...[SNIP]...
Request 2
GET /blog/googleanalytics/77-refresh-rate-content-metric.html?itemid=70#comment HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog/googleanalytics.html?start=20 Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a%2527%2527; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; 7876d45a49f537da76cfb9e129203eee=17d32965e1c37afc808ffaa1ef2087ef; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;
Response 2
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 06:20:11 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Connection: close Content-Type: text/html Content-Length: 326
<br /> <b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: User apros_apros already has more than 'max_user_connections' active connections in <b>/home/apro ...[SNIP]...
1.107. http://www.analyticspros.com/blog/googleanalytics/77-refresh-rate-content-metric.html [name of an arbitrarily supplied request parameter]previousnext
The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the name of an arbitrarily supplied request parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.
Remediation detail
There is probably no need to perform a second URL-decode of the name of an arbitrarily supplied request parameter as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.
Request 1
GET /blog/googleanalytics/77-refresh-rate-content-metric.html?1%2527=1 HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog.html?start=25 Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 1
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 06:23:36 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 Connection: close Content-Type: text/html Content-Length: 76
Database Error: Unable to connect to the database:Could not connect to MySQL
Request 2
GET /blog/googleanalytics/77-refresh-rate-content-metric.html?1%2527%2527=1 HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog.html?start=25 Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 2
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 06:23:39 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Connection: close Content-Type: text/html Content-Length: 326
<br /> <b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: User apros_apros already has more than 'max_user_connections' active connections in <b>/home/apro ...[SNIP]...
The Referer HTTP header appears to be vulnerable to SQL injection attacks. A single quote was submitted in the Referer HTTP header, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
Request 1
GET /blog/googleanalytics/86-google-analytics-intelligence.html?itemid=70#comment HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.google.com/search?hl=en&q=' Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; 7876d45a49f537da76cfb9e129203eee=17d32965e1c37afc808ffaa1ef2087ef; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;
Response 1
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 06:37:33 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 Connection: close Content-Type: text/html Content-Length: 76
Database Error: Unable to connect to the database:Could not connect to MySQL
Request 2
GET /blog/googleanalytics/86-google-analytics-intelligence.html?itemid=70#comment HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.google.com/search?hl=en&q='' Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; 7876d45a49f537da76cfb9e129203eee=17d32965e1c37afc808ffaa1ef2087ef; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;
Response 2
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 06:37:33 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Connection: close Content-Type: text/html Content-Length: 326
<br /> <b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: User apros_apros already has more than 'max_user_connections' active connections in <b>/home/apro ...[SNIP]...
The __utmc cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the __utmc cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
Request 1
GET /blog/googleanalytics/86-google-analytics-intelligence.html HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog.html?start=20 Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141'; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 1
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 06:18:23 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 Connection: close Content-Type: text/html Content-Length: 76
Database Error: Unable to connect to the database:Could not connect to MySQL
Request 2
GET /blog/googleanalytics/86-google-analytics-intelligence.html HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog.html?start=20 Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141''; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 2
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 06:18:25 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Connection: close Content-Type: text/html Content-Length: 326
<br /> <b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: User apros_apros already has more than 'max_user_connections' active connections in <b>/home/apro ...[SNIP]...
The __utmmobile cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the __utmmobile cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
Request 1
GET /blog/googleanalytics/86-google-analytics-intelligence.html HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog.html?start=20 Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c'; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 1
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 06:20:43 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 Connection: close Content-Type: text/html Content-Length: 76
Database Error: Unable to connect to the database:Could not connect to MySQL
Request 2
GET /blog/googleanalytics/86-google-analytics-intelligence.html HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog.html?start=20 Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c''; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 2
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 06:20:45 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Expires: Mon, 1 Jan 2001 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 06:20:46 GMT; path=/ Last-Modified: Sat, 06 Nov 2010 06:20:46 GMT Connection: close Content-Type: text/html; charset=utf-8 Content-Length: 21791
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The fpssCookie cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the fpssCookie cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
Request 1
GET /blog/googleanalytics/86-google-analytics-intelligence.html HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog.html?start=20 Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true'; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 1
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 06:15:18 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 Connection: close Content-Type: text/html Content-Length: 76
Database Error: Unable to connect to the database:Could not connect to MySQL
Request 2
GET /blog/googleanalytics/86-google-analytics-intelligence.html HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog.html?start=20 Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true''; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 2
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 06:15:19 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Expires: Mon, 1 Jan 2001 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 06:15:19 GMT; path=/ Last-Modified: Sat, 06 Nov 2010 06:15:19 GMT Connection: close Content-Type: text/html; charset=utf-8 Content-Length: 21791
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The ki_t cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the ki_t cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.
Remediation detail
There is probably no need to perform a second URL-decode of the value of the ki_t cookie as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.
Request 1
GET /blog/googleanalytics/86-google-analytics-intelligence.html HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog.html?start=20 Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11%2527; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 1
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 06:16:21 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 Connection: close Content-Type: text/html Content-Length: 76
Database Error: Unable to connect to the database:Could not connect to MySQL
Request 2
GET /blog/googleanalytics/86-google-analytics-intelligence.html HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog.html?start=20 Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11%2527%2527; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 2
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 06:16:21 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Expires: Mon, 1 Jan 2001 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 06:16:22 GMT; path=/ Last-Modified: Sat, 06 Nov 2010 06:16:22 GMT Connection: close Content-Type: text/html; charset=utf-8 Content-Length: 21791
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The 7876d45a49f537da76cfb9e129203eee cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the 7876d45a49f537da76cfb9e129203eee cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.
Remediation detail
There is probably no need to perform a second URL-decode of the value of the 7876d45a49f537da76cfb9e129203eee cookie as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.
Request 1
GET /blog/googleanalytics/89-dont-kill-the-messenger.html?itemid=70#comment HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog/googleanalytics.html?start=15 Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; 7876d45a49f537da76cfb9e129203eee=17d32965e1c37afc808ffaa1ef2087ef%2527; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;
Response 1
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 06:19:29 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 Connection: close Content-Type: text/html Content-Length: 76
Database Error: Unable to connect to the database:Could not connect to MySQL
Request 2
GET /blog/googleanalytics/89-dont-kill-the-messenger.html?itemid=70#comment HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog/googleanalytics.html?start=15 Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; 7876d45a49f537da76cfb9e129203eee=17d32965e1c37afc808ffaa1ef2087ef%2527%2527; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;
Response 2
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 06:19:30 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Expires: Mon, 1 Jan 2001 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 06:19:31 GMT; path=/ Last-Modified: Sat, 06 Nov 2010 06:19:31 GMT Connection: close Content-Type: text/html; charset=utf-8 Content-Length: 23821
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The REST URL parameter 3 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 3, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.
Remediation detail
There is probably no need to perform a second URL-decode of the value of REST URL parameter 3 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.
Request 1
GET /blog/googleanalytics/89-dont-kill-the-messenger.html%2527?itemid=70#comment HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog/googleanalytics.html?start=15 Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; 7876d45a49f537da76cfb9e129203eee=17d32965e1c37afc808ffaa1ef2087ef; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;
Response 1
HTTP/1.1 404 Not Found Date: Sat, 06 Nov 2010 06:32:18 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 Connection: close Content-Type: text/html Content-Length: 76
Database Error: Unable to connect to the database:Could not connect to MySQL
Request 2
GET /blog/googleanalytics/89-dont-kill-the-messenger.html%2527%2527?itemid=70#comment HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog/googleanalytics.html?start=15 Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; 7876d45a49f537da76cfb9e129203eee=17d32965e1c37afc808ffaa1ef2087ef; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;
Response 2
HTTP/1.1 404 Not Found Date: Sat, 06 Nov 2010 06:32:19 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Expires: Mon, 1 Jan 2001 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 06:32:21 GMT; path=/ Last-Modified: Sat, 06 Nov 2010 06:32:21 GMT Connection: close Content-Type: text/html; charset=utf-8 Content-Length: 23848
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The __utmz cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the __utmz cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
Request 1
GET /blog/googleanalytics/89-dont-kill-the-messenger.html HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog.html?start=15 Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)'; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 1
HTTP/1.1 200 OK Date: Fri, 05 Nov 2010 23:45:07 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 Connection: close Content-Type: text/html Content-Length: 76
Database Error: Unable to connect to the database:Could not connect to MySQL
Request 2
GET /blog/googleanalytics/89-dont-kill-the-messenger.html HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog.html?start=15 Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)''; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 2
HTTP/1.1 200 OK Date: Fri, 05 Nov 2010 23:45:20 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Connection: close Content-Type: text/html Content-Length: 326
<br /> <b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: User apros_apros already has more than 'max_user_connections' active connections in <b>/home/apro ...[SNIP]...
The apros2.0_tpl cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the apros2.0_tpl cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.
Remediation detail
There is probably no need to perform a second URL-decode of the value of the apros2.0_tpl cookie as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.
Request 1
GET /blog/googleanalytics/89-dont-kill-the-messenger.html HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog.html?start=15 Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0%2527; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 1
HTTP/1.1 200 OK Date: Fri, 05 Nov 2010 23:56:57 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 Connection: close Content-Type: text/html Content-Length: 76
Database Error: Unable to connect to the database:Could not connect to MySQL
Request 2
GET /blog/googleanalytics/89-dont-kill-the-messenger.html HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog.html?start=15 Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0%2527%2527; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 2
HTTP/1.1 200 OK Date: Fri, 05 Nov 2010 23:57:00 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Connection: close Content-Type: text/html Content-Length: 326
<br /> <b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: User apros_apros already has more than 'max_user_connections' active connections in <b>/home/apro ...[SNIP]...
The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 1, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
Request 1
GET /blog'/googleanalytics/91-google-analytics-cookies-and-domains.html?itemid=70#comment HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog/googleanalytics.html?start=15 Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; 7876d45a49f537da76cfb9e129203eee=17d32965e1c37afc808ffaa1ef2087ef; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;
Response 1
HTTP/1.1 404 Component not found Date: Sat, 06 Nov 2010 06:29:28 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Expires: Mon, 1 Jan 2001 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Last-Modified: Sat, 06 Nov 2010 06:29:28 GMT Connection: close Content-Type: text/html; charset=utf-8 Content-Length: 3015
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" dir=" ...[SNIP]... <title>404 - Error: 404</title> ...[SNIP]...
Request 2
GET /blog''/googleanalytics/91-google-analytics-cookies-and-domains.html?itemid=70#comment HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog/googleanalytics.html?start=15 Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; 7876d45a49f537da76cfb9e129203eee=17d32965e1c37afc808ffaa1ef2087ef; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;
Response 2
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 06:29:28 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Connection: close Content-Type: text/html Content-Length: 326
<br /> <b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: User apros_apros already has more than 'max_user_connections' active connections in <b>/home/apro ...[SNIP]...
The User-Agent HTTP header appears to be vulnerable to SQL injection attacks. A single quote was submitted in the User-Agent HTTP header, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
Request 1
GET /blog/googleanalytics/93-dimensionator-google-analytics-dimensions.html HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)' Connection: close Referer: http://www.analyticspros.com/blog.html Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 1
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 05:54:07 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 Connection: close Content-Type: text/html Content-Length: 76
Database Error: Unable to connect to the database:Could not connect to MySQL
Request 2
GET /blog/googleanalytics/93-dimensionator-google-analytics-dimensions.html HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)'' Connection: close Referer: http://www.analyticspros.com/blog.html Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 2
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 05:54:09 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Expires: Mon, 1 Jan 2001 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 05:54:09 GMT; path=/ Last-Modified: Sat, 06 Nov 2010 05:54:09 GMT Connection: close Content-Type: text/html; charset=utf-8 Content-Length: 37533
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The __utma cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the __utma cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.
Remediation detail
There is probably no need to perform a second URL-decode of the value of the __utma cookie as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.
Request 1
GET /blog/googleanalytics/93-dimensionator-google-analytics-dimensions.html HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog.html Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1%2527; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 1
HTTP/1.1 200 OK Date: Fri, 05 Nov 2010 23:49:04 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 Connection: close Content-Type: text/html Content-Length: 76
Database Error: Unable to connect to the database:Could not connect to MySQL
Request 2
GET /blog/googleanalytics/93-dimensionator-google-analytics-dimensions.html HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog.html Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1%2527%2527; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 2
HTTP/1.1 200 OK Date: Fri, 05 Nov 2010 23:49:13 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Expires: Mon, 1 Jan 2001 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: apros2.0_tpl=apros2.0; expires=Wed, 26-Oct-2011 23:49:27 GMT; path=/ Last-Modified: Fri, 05 Nov 2010 23:49:28 GMT Connection: close Content-Type: text/html; charset=utf-8 Content-Length: 37533
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The __utmc cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the __utmc cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
Request 1
GET /blog/googleanalytics/93-dimensionator-google-analytics-dimensions.html HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog.html Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141'; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 1
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 05:45:07 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 Connection: close Content-Type: text/html Content-Length: 76
Database Error: Unable to connect to the database:Could not connect to MySQL
Request 2
GET /blog/googleanalytics/93-dimensionator-google-analytics-dimensions.html HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog.html Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141''; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 2
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 05:45:08 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Expires: Mon, 1 Jan 2001 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 05:45:11 GMT; path=/ Last-Modified: Sat, 06 Nov 2010 05:45:11 GMT Connection: close Content-Type: text/html; charset=utf-8 Content-Length: 37532
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The apros2.0_tpl cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the apros2.0_tpl cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.
Remediation detail
There is probably no need to perform a second URL-decode of the value of the apros2.0_tpl cookie as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.
Request 1
GET /blog/googleanalytics/93-dimensionator-google-analytics-dimensions.html HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog.html Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0%2527; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 1
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 05:46:05 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 Connection: close Content-Type: text/html Content-Length: 76
Database Error: Unable to connect to the database:Could not connect to MySQL
Request 2
GET /blog/googleanalytics/93-dimensionator-google-analytics-dimensions.html HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog.html Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0%2527%2527; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 2
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 05:46:07 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Expires: Mon, 1 Jan 2001 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 05:46:11 GMT; path=/ Last-Modified: Sat, 06 Nov 2010 05:46:11 GMT Connection: close Content-Type: text/html; charset=utf-8 Content-Length: 37533
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The optimizelyEndUserId cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the optimizelyEndUserId cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.
Remediation detail
There is probably no need to perform a second URL-decode of the value of the optimizelyEndUserId cookie as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.
Request 1
GET /blog/googleanalytics/93-dimensionator-google-analytics-dimensions.html HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog.html Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169%2527;
Response 1
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 05:52:17 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 Connection: close Content-Type: text/html Content-Length: 76
Database Error: Unable to connect to the database:Could not connect to MySQL
Request 2
GET /blog/googleanalytics/93-dimensionator-google-analytics-dimensions.html HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog.html Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169%2527%2527;
Response 2
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 05:52:26 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Expires: Mon, 1 Jan 2001 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 05:52:27 GMT; path=/ Last-Modified: Sat, 06 Nov 2010 05:52:27 GMT Connection: close Content-Type: text/html; charset=utf-8 Content-Length: 37532
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The __utma cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the __utma cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
Request 1
GET /blog/googleanalytics/95-more-dimensions-site-search-source-medium.html HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog.html?start=10 Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1'; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 1
HTTP/1.1 200 OK Date: Fri, 05 Nov 2010 23:47:36 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 Connection: close Content-Type: text/html Content-Length: 76
Database Error: Unable to connect to the database:Could not connect to MySQL
Request 2
GET /blog/googleanalytics/95-more-dimensions-site-search-source-medium.html HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog.html?start=10 Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1''; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 2
HTTP/1.1 200 OK Date: Fri, 05 Nov 2010 23:47:43 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Expires: Mon, 1 Jan 2001 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: apros2.0_tpl=apros2.0; expires=Wed, 26-Oct-2011 23:47:56 GMT; path=/ Last-Modified: Fri, 05 Nov 2010 23:47:56 GMT Connection: close Content-Type: text/html; charset=utf-8 Content-Length: 22847
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The __utmmobile cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the __utmmobile cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.
Remediation detail
There is probably no need to perform a second URL-decode of the value of the __utmmobile cookie as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.
Request 1
GET /blog/googleanalytics/95-more-dimensions-site-search-source-medium.html HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog.html?start=10 Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c%2527; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 1
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 06:09:20 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 Connection: close Content-Type: text/html Content-Length: 76
Database Error: Unable to connect to the database:Could not connect to MySQL
Request 2
GET /blog/googleanalytics/95-more-dimensions-site-search-source-medium.html HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog.html?start=10 Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c%2527%2527; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 2
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 06:09:20 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Expires: Mon, 1 Jan 2001 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 06:09:23 GMT; path=/ Last-Modified: Sat, 06 Nov 2010 06:09:23 GMT Connection: close Content-Type: text/html; charset=utf-8 Content-Length: 22847
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The __utmmobile cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the __utmmobile cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
Request 1
GET /blog/googleanalytics/95-more-dimensions-site-search-source-medium.html HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog.html?start=10 Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c'; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 1
HTTP/1.1 200 OK Date: Fri, 05 Nov 2010 23:56:35 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 Connection: close Content-Type: text/html Content-Length: 76
Database Error: Unable to connect to the database:Could not connect to MySQL
Request 2
GET /blog/googleanalytics/95-more-dimensions-site-search-source-medium.html HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog.html?start=10 Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c''; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 2
HTTP/1.1 200 OK Date: Fri, 05 Nov 2010 23:56:36 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Expires: Mon, 1 Jan 2001 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: apros2.0_tpl=apros2.0; expires=Wed, 26-Oct-2011 23:57:01 GMT; path=/ Last-Modified: Fri, 05 Nov 2010 23:57:01 GMT Connection: close Content-Type: text/html; charset=utf-8 Content-Length: 22847
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The ki_t cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the ki_t cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
Request 1
GET /blog/googleanalytics/95-more-dimensions-site-search-source-medium.html HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog.html?start=10 Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11'; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 1
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 06:04:01 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 Connection: close Content-Type: text/html Content-Length: 76
Database Error: Unable to connect to the database:Could not connect to MySQL
Request 2
GET /blog/googleanalytics/95-more-dimensions-site-search-source-medium.html HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog.html?start=10 Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11''; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 2
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 06:04:04 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Expires: Mon, 1 Jan 2001 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 06:04:07 GMT; path=/ Last-Modified: Sat, 06 Nov 2010 06:04:07 GMT Connection: close Content-Type: text/html; charset=utf-8 Content-Length: 22846
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
1.127. http://www.analyticspros.com/blog/googleanalytics/95-more-dimensions-site-search-source-medium.html [name of an arbitrarily supplied request parameter]previousnext
The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the name of an arbitrarily supplied request parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
Request 1
GET /blog/googleanalytics/95-more-dimensions-site-search-source-medium.html?1'=1 HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog.html?start=10 Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 1
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 06:15:28 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 Connection: close Content-Type: text/html Content-Length: 76
Database Error: Unable to connect to the database:Could not connect to MySQL
Request 2
GET /blog/googleanalytics/95-more-dimensions-site-search-source-medium.html?1''=1 HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog.html?start=10 Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 2
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 06:15:29 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Expires: Mon, 1 Jan 2001 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 06:15:30 GMT; path=/ Last-Modified: Sat, 06 Nov 2010 06:15:30 GMT Connection: close Content-Type: text/html; charset=utf-8 Content-Length: 22865
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 1, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
Request 1
GET /blog'/googleanalytics/97-workshop-january-29th-dimensionator.html?itemid=70#comment HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog/googleanalytics.html?type=atom&start=10 Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; 7876d45a49f537da76cfb9e129203eee=17d32965e1c37afc808ffaa1ef2087ef; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;
Response 1
HTTP/1.1 404 Component not found Date: Sat, 06 Nov 2010 06:24:14 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Expires: Mon, 1 Jan 2001 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Last-Modified: Sat, 06 Nov 2010 06:24:17 GMT Connection: close Content-Type: text/html; charset=utf-8 Content-Length: 3015
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" dir=" ...[SNIP]... <title>404 - Error: 404</title> ...[SNIP]...
Request 2
GET /blog''/googleanalytics/97-workshop-january-29th-dimensionator.html?itemid=70#comment HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog/googleanalytics.html?type=atom&start=10 Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; 7876d45a49f537da76cfb9e129203eee=17d32965e1c37afc808ffaa1ef2087ef; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;
Response 2
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 06:24:17 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Content-Length: 326 Connection: close Content-Type: text/html
<br /> <b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: User apros_apros already has more than 'max_user_connections' active connections in <b>/home/apro ...[SNIP]...
The REST URL parameter 3 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 3, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
Request 1
GET /blog/googleanalytics/97-workshop-january-29th-dimensionator.html' HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog.html?start=10 Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 1
HTTP/1.1 404 Not Found Date: Sat, 06 Nov 2010 01:59:12 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 Connection: close Content-Type: text/html Content-Length: 76
Database Error: Unable to connect to the database:Could not connect to MySQL
Request 2
GET /blog/googleanalytics/97-workshop-january-29th-dimensionator.html'' HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog.html?start=10 Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 2
HTTP/1.1 404 Not Found Date: Sat, 06 Nov 2010 01:59:13 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Expires: Mon, 1 Jan 2001 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 01:59:14 GMT; path=/ Last-Modified: Sat, 06 Nov 2010 01:59:14 GMT Connection: close Content-Type: text/html; charset=utf-8 Content-Length: 21528
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The apros2.0_tpl cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the apros2.0_tpl cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
Request 1
GET /blog/seo.feed HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog/seo.feed?type=atom Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0'; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 1
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 07:26:50 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 Connection: close Content-Type: text/html Content-Length: 76
Database Error: Unable to connect to the database:Could not connect to MySQL
Request 2
GET /blog/seo.feed HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog/seo.feed?type=atom Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0''; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 2
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 07:26:51 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Expires: Mon, 1 Jan 2001 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 07:26:55 GMT; path=/ Last-Modified: Sat, 06 Nov 2010 07:26:55 GMT Connection: close Content-Type: text/html; charset=utf-8 Content-Length: 21579
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The fpssCookie cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the fpssCookie cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
Request 1
GET /blog/seo.feed?type=rss HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog/seo.html Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true'; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 1
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 07:22:56 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 Connection: close Content-Type: text/html Content-Length: 76
Database Error: Unable to connect to the database:Could not connect to MySQL
Request 2
GET /blog/seo.feed?type=rss HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog/seo.html Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true''; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 2
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 07:22:58 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Expires: Mon, 1 Jan 2001 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 07:22:59 GMT; path=/ Last-Modified: Sat, 06 Nov 2010 07:22:59 GMT Connection: close Content-Type: text/html; charset=utf-8 Content-Length: 21580
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The type parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the type parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.
Remediation detail
There is probably no need to perform a second URL-decode of the value of the type request parameter as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.
Request 1
GET /blog/seo.feed?type=rss%2527 HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog/seo.html Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 1
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 07:20:35 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 Connection: close Content-Type: text/html Content-Length: 76
Database Error: Unable to connect to the database:Could not connect to MySQL
Request 2
GET /blog/seo.feed?type=rss%2527%2527 HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog/seo.html Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 2
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 07:20:36 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Expires: Mon, 1 Jan 2001 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 07:20:39 GMT; path=/ Last-Modified: Sat, 06 Nov 2010 07:20:39 GMT Connection: close Content-Type: text/html; charset=utf-8 Content-Length: 21594
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The User-Agent HTTP header appears to be vulnerable to SQL injection attacks. A single quote was submitted in the User-Agent HTTP header, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.
Remediation detail
There is probably no need to perform a second URL-decode of the value of the User-Agent HTTP header as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.
Request 1
GET /blog/seo.html HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)%2527 Connection: close Referer: http://www.analyticspros.com/consulting.html Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 1
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 06:44:52 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 Connection: close Content-Type: text/html Content-Length: 76
Database Error: Unable to connect to the database:Could not connect to MySQL
Request 2
GET /blog/seo.html HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)%2527%2527 Connection: close Referer: http://www.analyticspros.com/consulting.html Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 2
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 06:44:53 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Connection: close Content-Type: text/html Content-Length: 326
<br /> <b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: User apros_apros already has more than 'max_user_connections' active connections in <b>/home/apro ...[SNIP]...
The Referer HTTP header appears to be vulnerable to SQL injection attacks. A single quote was submitted in the Referer HTTP header, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The application attempts to block SQL injection attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) before the characters that are being blocked.
Remediation detail
NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.
Request 1
GET /blog/seo/ HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; Referer: http://www.google.com/search?hl=en&q=%00'
Response 1
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 07:25:55 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 Connection: close Content-Type: text/html Content-Length: 76
Database Error: Unable to connect to the database:Could not connect to MySQL
Request 2
GET /blog/seo/ HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; Referer: http://www.google.com/search?hl=en&q=%00''
Response 2
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 07:25:56 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Expires: Mon, 1 Jan 2001 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 07:25:59 GMT; path=/ Last-Modified: Sat, 06 Nov 2010 07:25:59 GMT Connection: close Content-Type: text/html; charset=utf-8 Content-Length: 21849
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The apros2.0_tpl cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the apros2.0_tpl cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
Request 1
GET /blog/seo/ HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0'; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 1
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 04:14:59 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 Connection: close Content-Type: text/html Content-Length: 76
Database Error: Unable to connect to the database:Could not connect to MySQL
Request 2
GET /blog/seo/ HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0''; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 2
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 04:15:00 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Connection: close Content-Type: text/html Content-Length: 326
<br /> <b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: User apros_apros already has more than 'max_user_connections' active connections in <b>/home/apro ...[SNIP]...
The fpssCookie cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the fpssCookie cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
Request 1
GET /blog/seo/ HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true'; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 1
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 07:12:08 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 Connection: close Content-Type: text/html Content-Length: 76
Database Error: Unable to connect to the database:Could not connect to MySQL
Request 2
GET /blog/seo/ HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true''; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 2
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 07:12:09 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Expires: Mon, 1 Jan 2001 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 07:12:11 GMT; path=/ Last-Modified: Sat, 06 Nov 2010 07:12:11 GMT Connection: close Content-Type: text/html; charset=utf-8 Content-Length: 21785
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The User-Agent HTTP header appears to be vulnerable to SQL injection attacks. A single quote was submitted in the User-Agent HTTP header, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
Request 1
GET /blog/seo/59-search-ranking-position-with-ga.html?itemid=70#comment HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)' Connection: close Referer: http://www.analyticspros.com/blog/seo.html Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 1
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 07:30:18 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 Connection: close Content-Type: text/html Content-Length: 76
Database Error: Unable to connect to the database:Could not connect to MySQL
Request 2
GET /blog/seo/59-search-ranking-position-with-ga.html?itemid=70#comment HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)'' Connection: close Referer: http://www.analyticspros.com/blog/seo.html Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 2
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 07:30:22 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Expires: Mon, 1 Jan 2001 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 07:30:23 GMT; path=/ Last-Modified: Sat, 06 Nov 2010 07:30:23 GMT Connection: close Content-Type: text/html; charset=utf-8 Content-Length: 27737
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The optimizelyBuckets cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the optimizelyBuckets cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.
Remediation detail
There is probably no need to perform a second URL-decode of the value of the optimizelyBuckets cookie as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.
Request 1
GET /blog/seo/59-search-ranking-position-with-ga.html HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog.html?start=10 Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D%2527; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 1
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 07:24:12 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 Connection: close Content-Type: text/html Content-Length: 76
Database Error: Unable to connect to the database:Could not connect to MySQL
Request 2
GET /blog/seo/59-search-ranking-position-with-ga.html HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog.html?start=10 Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D%2527%2527; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 2
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 07:24:13 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Expires: Mon, 1 Jan 2001 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 07:24:17 GMT; path=/ Last-Modified: Sat, 06 Nov 2010 07:24:17 GMT Connection: close Content-Type: text/html; charset=utf-8 Content-Length: 27675
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The ki_u cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the ki_u cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
Request 1
GET /blog/seo/78-best-seo-video-matt-cutts-wordpress.html?itemid=70#comment HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog/seo.html Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a'; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 1
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 07:26:50 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 Connection: close Content-Type: text/html Content-Length: 76
Database Error: Unable to connect to the database:Could not connect to MySQL
Request 2
GET /blog/seo/78-best-seo-video-matt-cutts-wordpress.html?itemid=70#comment HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog/seo.html Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a''; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 2
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 07:26:53 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Expires: Mon, 1 Jan 2001 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 07:27:14 GMT; path=/ Last-Modified: Sat, 06 Nov 2010 07:27:14 GMT Connection: close Content-Type: text/html; charset=utf-8 Content-Length: 25533
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The optimizelyBuckets cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the optimizelyBuckets cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.
Remediation detail
There is probably no need to perform a second URL-decode of the value of the optimizelyBuckets cookie as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.
Request 1
GET /blog/seo/78-best-seo-video-matt-cutts-wordpress.html?itemid=70#comment HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog/seo.html Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D%2527; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 1
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 07:28:32 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 Connection: close Content-Type: text/html Content-Length: 76
Database Error: Unable to connect to the database:Could not connect to MySQL
Request 2
GET /blog/seo/78-best-seo-video-matt-cutts-wordpress.html?itemid=70#comment HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog/seo.html Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D%2527%2527; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 2
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 07:28:33 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Expires: Mon, 1 Jan 2001 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 07:28:34 GMT; path=/ Last-Modified: Sat, 06 Nov 2010 07:28:34 GMT Connection: close Content-Type: text/html; charset=utf-8 Content-Length: 25534
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The d4dad6935f632ac35975e3001dc7bbe8 cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the d4dad6935f632ac35975e3001dc7bbe8 cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.
Remediation detail
There is probably no need to perform a second URL-decode of the value of the d4dad6935f632ac35975e3001dc7bbe8 cookie as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.
Request 1
GET /blog/urchin.html HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/consulting.html Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb%2527; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 1
HTTP/1.1 200 OK Date: Fri, 05 Nov 2010 23:40:19 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 Connection: close Content-Type: text/html Content-Length: 76
Database Error: Unable to connect to the database:Could not connect to MySQL
Request 2
GET /blog/urchin.html HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/consulting.html Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb%2527%2527; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 2
HTTP/1.1 200 OK Date: Fri, 05 Nov 2010 23:40:28 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Connection: close Content-Type: text/html Content-Length: 326
<br /> <b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: User apros_apros already has more than 'max_user_connections' active connections in <b>/home/apro ...[SNIP]...
The ki_t cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the ki_t cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
Request 1
GET /blog/urchin/118-urchin-7-now-available.html?itemid=70#comment HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog/urchin.html Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11'; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;
Response 1
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 06:28:04 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 Connection: close Content-Type: text/html Content-Length: 76
Database Error: Unable to connect to the database:Could not connect to MySQL
Request 2
GET /blog/urchin/118-urchin-7-now-available.html?itemid=70#comment HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog/urchin.html Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11''; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;
Response 2
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 06:28:07 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Connection: close Content-Type: text/html Content-Length: 326
<br /> <b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: User apros_apros already has more than 'max_user_connections' active connections in <b>/home/apro ...[SNIP]...
The REST URL parameter 3 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 3, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.
Remediation detail
There is probably no need to perform a second URL-decode of the value of REST URL parameter 3 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.
Request 1
GET /blog/urchin/121-urchin-7-new-interface-first-look.html%2527 HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/consulting.html Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 1
HTTP/1.1 404 Not Found Date: Sat, 06 Nov 2010 06:37:55 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 Connection: close Content-Type: text/html Content-Length: 76
Database Error: Unable to connect to the database:Could not connect to MySQL
Request 2
GET /blog/urchin/121-urchin-7-new-interface-first-look.html%2527%2527 HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/consulting.html Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 2
HTTP/1.1 404 Not Found Date: Sat, 06 Nov 2010 06:37:55 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Expires: Mon, 1 Jan 2001 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 06:37:56 GMT; path=/ Last-Modified: Sat, 06 Nov 2010 06:37:56 GMT Connection: close Content-Type: text/html; charset=utf-8 Content-Length: 23700
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The apros2.0_tpl cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the apros2.0_tpl cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
Request 1
GET /blog/urchin/121-urchin-7-new-interface-first-look.html HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/consulting.html Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0'; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 1
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 06:26:32 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 Connection: close Content-Type: text/html Content-Length: 76
Database Error: Unable to connect to the database:Could not connect to MySQL
Request 2
GET /blog/urchin/121-urchin-7-new-interface-first-look.html HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/consulting.html Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0''; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 2
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 06:26:34 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Connection: close Content-Type: text/html Content-Length: 326
<br /> <b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: User apros_apros already has more than 'max_user_connections' active connections in <b>/home/apro ...[SNIP]...
The optimizelyBuckets cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the optimizelyBuckets cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
Request 1
GET /blog/urchin/121-urchin-7-new-interface-first-look.html HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/consulting.html Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D'; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 1
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 06:31:01 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 Connection: close Content-Type: text/html Content-Length: 76
Database Error: Unable to connect to the database:Could not connect to MySQL
Request 2
GET /blog/urchin/121-urchin-7-new-interface-first-look.html HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/consulting.html Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D''; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 2
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 06:31:01 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Expires: Mon, 1 Jan 2001 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 06:31:06 GMT; path=/ Last-Modified: Sat, 06 Nov 2010 06:31:06 GMT Connection: close Content-Type: text/html; charset=utf-8 Content-Length: 23679
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 2, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
Request 1
GET /blog/urchin'/87-visitor-scoring-with-urchin.html HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/ Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 1
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 04:25:02 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 Connection: close Content-Type: text/html Content-Length: 76
Database Error: Unable to connect to the database:Could not connect to MySQL
Request 2
GET /blog/urchin''/87-visitor-scoring-with-urchin.html HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/ Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 2
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 04:25:06 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Expires: Mon, 1 Jan 2001 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 04:25:09 GMT; path=/ Last-Modified: Sat, 06 Nov 2010 04:25:10 GMT Connection: close Content-Type: text/html; charset=utf-8 Content-Length: 23209
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The ki_u cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the ki_u cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
Request 1
GET /blog/urchin/87-visitor-scoring-with-urchin.html HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/ Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a'; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 1
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 06:35:09 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 Connection: close Content-Type: text/html Content-Length: 76
Database Error: Unable to connect to the database:Could not connect to MySQL
Request 2
GET /blog/urchin/87-visitor-scoring-with-urchin.html HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/ Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a''; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 2
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 06:35:10 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Expires: Mon, 1 Jan 2001 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 06:35:10 GMT; path=/ Last-Modified: Sat, 06 Nov 2010 06:35:11 GMT Connection: close Content-Type: text/html; charset=utf-8 Content-Length: 23156
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
1.148. http://www.analyticspros.com/blog/urchin/88-urchin-vs-google-analytics.html [name of an arbitrarily supplied request parameter]previousnext
Summary
Severity:
High
Confidence:
Tentative
Host:
http://www.analyticspros.com
Path:
/blog/urchin/88-urchin-vs-google-analytics.html
Issue detail
The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the name of an arbitrarily supplied request parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
Request 1
GET /blog/urchin/88-urchin-vs-google-analytics.html?1'=1 HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/ Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 1
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 06:37:30 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 Connection: close Content-Type: text/html Content-Length: 76
Database Error: Unable to connect to the database:Could not connect to MySQL
Request 2
GET /blog/urchin/88-urchin-vs-google-analytics.html?1''=1 HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/ Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 2
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 06:37:31 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Connection: close Content-Type: text/html Content-Length: 326
<br /> <b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: User apros_apros already has more than 'max_user_connections' active connections in <b>/home/apro ...[SNIP]...
The __utma cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the __utma cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.
Remediation detail
There is probably no need to perform a second URL-decode of the value of the __utma cookie as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.
Request 1
GET /blog/urchin/94-exclude-bots-in-urchin.html HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog.html?start=10 Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1%2527; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 1
HTTP/1.1 200 OK Date: Fri, 05 Nov 2010 23:49:59 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 Connection: close Content-Type: text/html Content-Length: 76
Database Error: Unable to connect to the database:Could not connect to MySQL
Request 2
GET /blog/urchin/94-exclude-bots-in-urchin.html HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog.html?start=10 Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1%2527%2527; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 2
HTTP/1.1 200 OK Date: Fri, 05 Nov 2010 23:50:01 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Connection: close Content-Type: text/html Content-Length: 326
<br /> <b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: User apros_apros already has more than 'max_user_connections' active connections in <b>/home/apro ...[SNIP]...
The ki_u cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the ki_u cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
Request 1
GET /blog/urchin/94-exclude-bots-in-urchin.html HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog.html?start=10 Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a'; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 1
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 02:10:34 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 Connection: close Content-Type: text/html Content-Length: 76
Database Error: Unable to connect to the database:Could not connect to MySQL
Request 2
GET /blog/urchin/94-exclude-bots-in-urchin.html HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/blog.html?start=10 Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a''; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 2
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 02:10:35 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Connection: close Content-Type: text/html Content-Length: 326
<br /> <b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: User apros_apros already has more than 'max_user_connections' active connections in <b>/home/apro ...[SNIP]...
The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 2, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
Request 1
GET /blog/webanalytics.html' HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/consulting.html Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 1
HTTP/1.1 404 Not Found Date: Sat, 06 Nov 2010 06:45:29 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 Connection: close Content-Type: text/html Content-Length: 76
Database Error: Unable to connect to the database:Could not connect to MySQL
Request 2
GET /blog/webanalytics.html'' HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/consulting.html Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 2
HTTP/1.1 404 Not Found Date: Sat, 06 Nov 2010 06:45:34 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Expires: Mon, 1 Jan 2001 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 06:45:36 GMT; path=/ Last-Modified: Sat, 06 Nov 2010 06:45:36 GMT Connection: close Content-Type: text/html; charset=utf-8 Content-Length: 18626
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The apros2.0_tpl cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the apros2.0_tpl cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
Request 1
GET /blog/webanalytics.html HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/consulting.html Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0'; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 1
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 06:35:21 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 Connection: close Content-Type: text/html Content-Length: 76
Database Error: Unable to connect to the database:Could not connect to MySQL
Request 2
GET /blog/webanalytics.html HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/consulting.html Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0''; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 2
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 06:35:22 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Connection: close Content-Type: text/html Content-Length: 326
<br /> <b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: User apros_apros already has more than 'max_user_connections' active connections in <b>/home/apro ...[SNIP]...
The __utmmobile cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the __utmmobile cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
Request 1
GET /component/content/article/62-urchin/118-urchin-7-now-available.html?itemid=70#comment HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/ Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c'; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 1
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 08:19:00 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 Connection: close Content-Type: text/html Content-Length: 76
Database Error: Unable to connect to the database:Could not connect to MySQL
Request 2
GET /component/content/article/62-urchin/118-urchin-7-now-available.html?itemid=70#comment HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/ Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c''; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 2
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 08:19:01 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Expires: Mon, 1 Jan 2001 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 08:19:03 GMT; path=/ Last-Modified: Sat, 06 Nov 2010 08:19:03 GMT Connection: close Content-Type: text/html; charset=utf-8 Content-Length: 27263
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The User-Agent HTTP header appears to be vulnerable to SQL injection attacks. A single quote was submitted in the User-Agent HTTP header, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
Request 1
GET /component/content/article/65-ae/110-analytics-engine.html?itemid=70#comment HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)' Connection: close Referer: http://www.analyticspros.com/ Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 1
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 08:28:32 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Expires: Mon, 1 Jan 2001 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 08:28:34 GMT; path=/ Last-Modified: Sat, 06 Nov 2010 08:28:34 GMT Connection: close Content-Type: text/html; charset=utf-8 Content-Length: 29714
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The __utmc cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the __utmc cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.
Remediation detail
There is probably no need to perform a second URL-decode of the value of the __utmc cookie as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.
Request 1
GET /component/content/article/65-ae/110-analytics-engine.html?itemid=70#comment HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/ Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141%2527; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 1
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 08:18:39 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 Connection: close Content-Type: text/html Content-Length: 76
Database Error: Unable to connect to the database:Could not connect to MySQL
Request 2
GET /component/content/article/65-ae/110-analytics-engine.html?itemid=70#comment HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/ Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141%2527%2527; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 2
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 08:18:40 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Expires: Mon, 1 Jan 2001 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 08:18:43 GMT; path=/ Last-Modified: Sat, 06 Nov 2010 08:18:43 GMT Connection: close Content-Type: text/html; charset=utf-8 Content-Length: 29558
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The __utmmobile cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the __utmmobile cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.
Remediation detail
There is probably no need to perform a second URL-decode of the value of the __utmmobile cookie as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.
Request 1
GET /component/content/article/65-ae/110-analytics-engine.html?itemid=70#comment HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/ Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c%2527; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 1
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 08:21:51 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Expires: Mon, 1 Jan 2001 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 08:21:52 GMT; path=/ Last-Modified: Sat, 06 Nov 2010 08:21:53 GMT Connection: close Content-Type: text/html; charset=utf-8 Content-Length: 29714
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The itemid parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the itemid parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
Request 1
GET /component/content/article/65-ae/110-analytics-engine.html?itemid=70#comment' HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/ Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 1
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 08:13:22 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 Connection: close Content-Type: text/html Content-Length: 76
Database Error: Unable to connect to the database:Could not connect to MySQL
Request 2
GET /component/content/article/65-ae/110-analytics-engine.html?itemid=70#comment'' HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/ Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 2
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 08:13:24 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Connection: close Content-Type: text/html Content-Length: 326
<br /> <b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: User apros_apros already has more than 'max_user_connections' active connections in <b>/home/apro ...[SNIP]...
The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 1, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.
Remediation detail
There is probably no need to perform a second URL-decode of the value of REST URL parameter 1 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.
Request 1
GET /component%2527/jsetup/comment/ HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 1
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 05:03:23 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 Connection: close Content-Type: text/html Content-Length: 76
Database Error: Unable to connect to the database:Could not connect to MySQL
Request 2
GET /component%2527%2527/jsetup/comment/ HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 2
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 05:03:24 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Expires: Mon, 1 Jan 2001 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 05:03:25 GMT; path=/ Last-Modified: Sat, 06 Nov 2010 05:03:25 GMT Connection: close Content-Type: text/html; charset=utf-8 Content-Length: 16559
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The REST URL parameter 3 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 3, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
Request 1
GET /component/jsetup/comment'/ HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 1
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 08:24:00 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Expires: Mon, 1 Jan 2001 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 08:24:04 GMT; path=/ Last-Modified: Sat, 06 Nov 2010 08:24:04 GMT Connection: close Content-Type: text/html; charset=utf-8 Content-Length: 16792
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The Referer HTTP header appears to be vulnerable to SQL injection attacks. A single quote was submitted in the Referer HTTP header, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.
Remediation detail
There is probably no need to perform a second URL-decode of the value of the Referer HTTP header as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.
Request 1
GET /component/jsetup/comment/ HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; Referer: http://www.google.com/search?hl=en&q=%2527
Response 1
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 08:20:59 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 Connection: close Content-Type: text/html Content-Length: 76
Database Error: Unable to connect to the database:Could not connect to MySQL
Request 2
GET /component/jsetup/comment/ HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; Referer: http://www.google.com/search?hl=en&q=%2527%2527
Response 2
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 08:21:01 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Connection: close Content-Type: text/html Content-Length: 326
<br /> <b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: User apros_apros already has more than 'max_user_connections' active connections in <b>/home/apro ...[SNIP]...
The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 2, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
Request 1
GET /component/jsetup'/comment/add.html?commenttype=20&etid=51&returnid=aW5kZXgucGhwP29wdGlvbj1jb21fY29udGVudCZlaWQ9QXJyYXkmSXRlbWlkPTY0JmZvcm1hdD1odG1sJnZpZXc9YXJ0aWNsZSZpZD01MSZsYXlvdXQ9ZGVmYXVsdCZjb21tZW50dHlwZT0yMA%3D%3D&titleheader=%5B HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/index.php?option=com_jsetup&controller=comment&task=add&commenttype=20&etid=51&returnid=aW5kZXgucGhwP29wdGlvbj1jb21fY29udGVudCZlaWQ9QXJyYXkmSXRlbWlkPTY0JmZvcm1hdD1odG1sJnZpZXc9YXJ0aWNsZSZpZD01MSZsYXlvdXQ9ZGVmYXVsdCZjb21tZW50dHlwZT0yMA==&format=html&titleheader=[ Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; apros2.0_tpl=apros2.0; __utmc=26076141; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;
Response 1
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 08:29:38 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Expires: Mon, 1 Jan 2001 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 08:29:39 GMT; path=/ Last-Modified: Sat, 06 Nov 2010 08:29:39 GMT Connection: close Content-Type: text/html; charset=utf-8 Content-Length: 27613
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The REST URL parameter 4 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 4, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.
Remediation detail
There is probably no need to perform a second URL-decode of the value of REST URL parameter 4 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.
Request 1
GET /component/jsetup/comment/add.html%2527?commenttype=20&etid=46&returnid=aW5kZXgucGhwP29wdGlvbj1jb21fY29udGVudCZlaWQ9QXJyYXkmSXRlbWlkPTYwJmZvcm1hdD1odG1sJnZpZXc9YXJ0aWNsZSZpZD00NiZsYXlvdXQ9ZGVmYXVsdCZjb21tZW50dHlwZT0yMA%3D%3D HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/consulting.html Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 1
HTTP/1.1 404 Not Found Date: Sat, 06 Nov 2010 08:26:51 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 Connection: close Content-Type: text/html Content-Length: 76
Database Error: Unable to connect to the database:Could not connect to MySQL
Request 2
GET /component/jsetup/comment/add.html%2527%2527?commenttype=20&etid=46&returnid=aW5kZXgucGhwP29wdGlvbj1jb21fY29udGVudCZlaWQ9QXJyYXkmSXRlbWlkPTYwJmZvcm1hdD1odG1sJnZpZXc9YXJ0aWNsZSZpZD00NiZsYXlvdXQ9ZGVmYXVsdCZjb21tZW50dHlwZT0yMA%3D%3D HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/consulting.html Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 2
HTTP/1.1 404 Not Found Date: Sat, 06 Nov 2010 08:26:53 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Expires: Mon, 1 Jan 2001 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 08:26:56 GMT; path=/ Last-Modified: Sat, 06 Nov 2010 08:26:56 GMT Connection: close Content-Type: text/html; charset=utf-8 Content-Length: 26918
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The User-Agent HTTP header appears to be vulnerable to SQL injection attacks. A single quote was submitted in the User-Agent HTTP header, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.
Remediation detail
There is probably no need to perform a second URL-decode of the value of the User-Agent HTTP header as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.
The __utmc cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the __utmc cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
Request 1
GET /component/jsetup/comment/add.html HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141'; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 1
HTTP/1.1 200 OK Date: Fri, 05 Nov 2010 23:49:06 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 Connection: close Content-Type: text/html Content-Length: 76
Database Error: Unable to connect to the database:Could not connect to MySQL
Request 2
GET /component/jsetup/comment/add.html HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141''; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 2
HTTP/1.1 200 OK Date: Fri, 05 Nov 2010 23:49:22 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Connection: close Content-Type: text/html Content-Length: 326
<br /> <b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: User apros_apros already has more than 'max_user_connections' active connections in <b>/home/apro ...[SNIP]...
The __utmc cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the __utmc cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.
Remediation detail
There is probably no need to perform a second URL-decode of the value of the __utmc cookie as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.
Request 1
GET /component/jsetup/comment/add.html?commenttype=20&etid=51&returnid=aW5kZXgucGhwP29wdGlvbj1jb21fY29udGVudCZlaWQ9QXJyYXkmSXRlbWlkPTY0JmZvcm1hdD1odG1sJnZpZXc9YXJ0aWNsZSZpZD01MSZsYXlvdXQ9ZGVmYXVsdCZjb21tZW50dHlwZT0yMA%3D%3D&titleheader=%5B HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/index.php?option=com_jsetup&controller=comment&task=add&commenttype=20&etid=51&returnid=aW5kZXgucGhwP29wdGlvbj1jb21fY29udGVudCZlaWQ9QXJyYXkmSXRlbWlkPTY0JmZvcm1hdD1odG1sJnZpZXc9YXJ0aWNsZSZpZD01MSZsYXlvdXQ9ZGVmYXVsdCZjb21tZW50dHlwZT0yMA==&format=html&titleheader=[ Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; apros2.0_tpl=apros2.0; __utmc=26076141%2527; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;
Response 1
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 08:22:35 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 Connection: close Content-Type: text/html Content-Length: 76
Database Error: Unable to connect to the database:Could not connect to MySQL
Request 2
GET /component/jsetup/comment/add.html?commenttype=20&etid=51&returnid=aW5kZXgucGhwP29wdGlvbj1jb21fY29udGVudCZlaWQ9QXJyYXkmSXRlbWlkPTY0JmZvcm1hdD1odG1sJnZpZXc9YXJ0aWNsZSZpZD01MSZsYXlvdXQ9ZGVmYXVsdCZjb21tZW50dHlwZT0yMA%3D%3D&titleheader=%5B HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/index.php?option=com_jsetup&controller=comment&task=add&commenttype=20&etid=51&returnid=aW5kZXgucGhwP29wdGlvbj1jb21fY29udGVudCZlaWQ9QXJyYXkmSXRlbWlkPTY0JmZvcm1hdD1odG1sJnZpZXc9YXJ0aWNsZSZpZD01MSZsYXlvdXQ9ZGVmYXVsdCZjb21tZW50dHlwZT0yMA==&format=html&titleheader=[ Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 1ee73a388da0bb7ec3d7afe3beccac53=25b524d5f4fc269e9c37e5569ac51b00; ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; optimizelyEndUserId=oeu1288999536936r0.7062593474984169; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; apros2.0_tpl=apros2.0; __utmc=26076141%2527%2527; __utmb=26076141.28.9.1288999622937; __utmmobile=0xade0ac5896f84b3c;
Response 2
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 08:22:36 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Expires: Mon, 1 Jan 2001 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 08:22:38 GMT; path=/ Last-Modified: Sat, 06 Nov 2010 08:22:38 GMT Connection: close Content-Type: text/html; charset=utf-8 Content-Length: 27449
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The apros2.0_tpl cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the apros2.0_tpl cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.
Remediation detail
There is probably no need to perform a second URL-decode of the value of the apros2.0_tpl cookie as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.
Request 1
GET /component/jsetup/comment/add.html?commenttype=20&etid=46&returnid=aW5kZXgucGhwP29wdGlvbj1jb21fY29udGVudCZlaWQ9QXJyYXkmSXRlbWlkPTYwJmZvcm1hdD1odG1sJnZpZXc9YXJ0aWNsZSZpZD00NiZsYXlvdXQ9ZGVmYXVsdCZjb21tZW50dHlwZT0yMA%3D%3D HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/consulting.html Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0%2527; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 1
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 08:13:53 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 Connection: close Content-Type: text/html Content-Length: 76
Database Error: Unable to connect to the database:Could not connect to MySQL
Request 2
GET /component/jsetup/comment/add.html?commenttype=20&etid=46&returnid=aW5kZXgucGhwP29wdGlvbj1jb21fY29udGVudCZlaWQ9QXJyYXkmSXRlbWlkPTYwJmZvcm1hdD1odG1sJnZpZXc9YXJ0aWNsZSZpZD00NiZsYXlvdXQ9ZGVmYXVsdCZjb21tZW50dHlwZT0yMA%3D%3D HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/consulting.html Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0%2527%2527; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 2
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 08:13:54 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Expires: Mon, 1 Jan 2001 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 08:13:56 GMT; path=/ Last-Modified: Sat, 06 Nov 2010 08:13:56 GMT Connection: close Content-Type: text/html; charset=utf-8 Content-Length: 27122
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The commenttype parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the commenttype parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.
Remediation detail
There is probably no need to perform a second URL-decode of the value of the commenttype request parameter as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.
Request 1
GET /component/jsetup/comment/add.html?commenttype=20%2527&etid=46&returnid=aW5kZXgucGhwP29wdGlvbj1jb21fY29udGVudCZlaWQ9QXJyYXkmSXRlbWlkPTYwJmZvcm1hdD1odG1sJnZpZXc9YXJ0aWNsZSZpZD00NiZsYXlvdXQ9ZGVmYXVsdCZjb21tZW50dHlwZT0yMA%3D%3D HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/consulting.html Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 1
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 08:05:13 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 Connection: close Content-Type: text/html Content-Length: 76
Database Error: Unable to connect to the database:Could not connect to MySQL
Request 2
GET /component/jsetup/comment/add.html?commenttype=20%2527%2527&etid=46&returnid=aW5kZXgucGhwP29wdGlvbj1jb21fY29udGVudCZlaWQ9QXJyYXkmSXRlbWlkPTYwJmZvcm1hdD1odG1sJnZpZXc9YXJ0aWNsZSZpZD00NiZsYXlvdXQ9ZGVmYXVsdCZjb21tZW50dHlwZT0yMA%3D%3D HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/consulting.html Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 2
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 08:05:15 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Expires: Mon, 1 Jan 2001 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 08:05:18 GMT; path=/ Last-Modified: Sat, 06 Nov 2010 08:05:18 GMT Connection: close Content-Type: text/html; charset=utf-8 Content-Length: 27167
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The fpssCookie cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the fpssCookie cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.
Remediation detail
There is probably no need to perform a second URL-decode of the value of the fpssCookie cookie as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.
The fpssCookie cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the fpssCookie cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
Request 1
GET /component/jsetup/comment/add.html?commenttype=20&etid=46&returnid=aW5kZXgucGhwP29wdGlvbj1jb21fY29udGVudCZlaWQ9QXJyYXkmSXRlbWlkPTYwJmZvcm1hdD1odG1sJnZpZXc9YXJ0aWNsZSZpZD00NiZsYXlvdXQ9ZGVmYXVsdCZjb21tZW50dHlwZT0yMA%3D%3D HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/consulting.html Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true'; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 1
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 08:08:46 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 Connection: close Content-Type: text/html Content-Length: 76
Database Error: Unable to connect to the database:Could not connect to MySQL
Request 2
GET /component/jsetup/comment/add.html?commenttype=20&etid=46&returnid=aW5kZXgucGhwP29wdGlvbj1jb21fY29udGVudCZlaWQ9QXJyYXkmSXRlbWlkPTYwJmZvcm1hdD1odG1sJnZpZXc9YXJ0aWNsZSZpZD00NiZsYXlvdXQ9ZGVmYXVsdCZjb21tZW50dHlwZT0yMA%3D%3D HTTP/1.1 Host: www.analyticspros.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.analyticspros.com/consulting.html Cookie: d4dad6935f632ac35975e3001dc7bbe8=6e73ff6bf3d01901949b4e496f8da4fb; fpssCookie=true''; __utmz=26076141.1288999539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ki_t=1288999540201%3B1288999540201%3B1288999855083%3B1%3B11; __utma=26076141.293438870.1288999539.1288999539.1288999539.1; __utmc=26076141; apros2.0_tpl=apros2.0; __utmmobile=0xade0ac5896f84b3c; __utmb=26076141.28.9.1288999622937; ki_u=44d042cd-dce6-2004-de40-3a4fd7c6011a; optimizelyBuckets=%7B%221925029%22%3A2045008%7D; optimizelyEndUserId=oeu1288999536936r0.7062593474984169;
Response 2
HTTP/1.1 200 OK Date: Sat, 06 Nov 2010 08:08:47 GMT Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 X-Powered-By: PHP/5.2.14 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Expires: Mon, 1 Jan 2001 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: apros2.0_tpl=apros2.0; expires=Thu, 27-Oct-2011 08:08:51 GMT; path=/ Last-Modified: Sat, 06 Nov 2010 08:08:51 GMT Connection: close Content-Type: text/html; charset=utf-8 Content-Length: 27121
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
The ki_t cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the ki_t cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.