XSS, DORK, Cross Site Scripting, ip2location.com REPORT SUMMARY

Loading

Netsparker - Scan Report Summary
TARGET URL
http://www.ip2location.com/login.aspx
SCAN DATE
3/20/2011 8:40:38 PM
REPORT DATE
3/20/2011 9:09:38 PM
SCAN DURATION
00:13:55

Total Requests

0

Average Speed

0 req/sec.
24
identified
6
confirmed
0
critical
13
informational

GHDB, DORK Tests

GHDB, DORK Tests
PROFILE
Previous Settings
ENABLED ENGINES
Static Tests, Find Backup Files, Blind Command Injection, Blind SQL Injection, Boolean SQL Injection, Command Injection, HTTP Header Injection, Local File Inclusion, Open Redirection, Remote Code Evaluation, Remote File Inclusion, SQL Injection, Cross-site Scripting
Authentication
Scheduled

VULNERABILITIES

Vulnerabilities
Netsparker - Web Application Security Scanner
IMPORTANT
4 %
MEDIUM
13 %
LOW
29 %
INFORMATION
54 %
Password Transmitted Over HTTP

Password Transmitted Over HTTP

1 TOTAL
IMPORTANT
CONFIRMED
1
Netsparker identified that password data is sent over HTTP.

Impact

If an attacker can intercept network traffic he/she can steal users credentials.

Actions to Take

  1. See the remedy for solution.
  2. Move all of your critical forms and pages to HTTPS and do not serve them over HTTP.

Remedy

All sensitive data should be transferred over HTTPS rather than HTTP. Forms should be served over HTTPS. All aspects of the application that accept user input starting from the login process should only be served over HTTPS.
- /login.aspx

/login.aspx CONFIRMED

http://www.ip2location.com/login.aspx

Form target action

login.aspx

Request

GET /login.aspx HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.ip2location.com
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 39762
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-AspNet-Version: 1.1.4322
Set-Cookie: ASP.NET_SessionId=dvgahk55kcj1hz45ixhjztem; path=/,firstvisit=firstvisit=2011-03-21 9:39:35; expires=Wed, 20-Mar-2013 16:00:00 GMT; path=/
Date: Mon, 21 Mar 2011 01:39:35 GMT



<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML>
<HEAD>
<title>Login Page</title>
<meta name="description" content="Please login to download the latest IP2Location&trade; database and application for IP to Country, Region, City, Latitude, Longitude, ZIPCode, TimeZone, ISP, Domain, Netspeed Database, ActiveX/COM DLL, IP-Country Web Service, .NET Component and Java Component.">
<meta name="keywords" content="login, login, page, secure login, ip address locator, ip search, ip address location, check ip, ip look up, ip address search">
<LINK href="style.css" type="text/css" rel="stylesheet">
</HEAD>
<body>
<form name="Form1" method="post" action="login.aspx" id="Form1">
<input type="hidden" name="__VIEWSTATE" value="dDwxOTY1MDU3OTYwO3Q8O2w8aTwxPjs+O2w8dDw7bDxpPDE+Oz47bDx0PDtsPGk8MT47aTwzPjtpPDU+O2k8Nz47PjtsPHQ8cDxsPFZpc2libGU7PjtsPG88Zj47Pj47Oz47dDxwPHA8bDxWaXNpYmxlOz47bDxvPGY+Oz4+Oz47Oz47dDxwPGw8VmlzaWJsZTs+O2w8bzxmPjs+Pjs7Pjt0PHA8bDxzcmM7PjtsPGltYWdlcy9sb2dpbi5naWY7Pj47Oz47Pj47Pj47Pj47bDxjaGtSZW1lbWJlck1lO2J0bkxvZ2luO1JpZ2h0QmxvY2sxOmJ0bkZpbmRMb2NhdGlvbjs+PsYxG6OSsn7+bgIl9AUWx91ZbwSD" />

<TABLE id="Table3" cellSpacing="0" cellPadding="0" width="800" align="center" border="0">
<TR>
<TD vAlign="top">

<table cellSpacing="0" cellPadding="0" width="800" border="0">
<tr>
<td>
<table cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td width="160"><img height="94" src="images/ip2locationlogo.gif" width="160"></td>
<td vAlign="top">
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td>
<table width="100%" border="0" cellspacing="0" cellpadding="0" height="22">
<tr>
<td width="484" height="22" align="left">
<div style="width: 484px; height: 22px; position: relative;">
<img src="images/logintop.gif" style="border: 0px; position: absolute; z-index: -1; top: 0px; left: 0px;">
<table id="Table1" cellSpacing="0" cellPadding="0" border="0" align="right" style="position: absolute; z-index: 2; top: 0px; right: 0px;">
<tr>
<td width="16" height="22"></td>
<td height="22" class="fontwhitesmall" vAlign="bottom" style="padding-bottom: 2px;"></td>
<td height="22"></td>
</tr>
</table>
</div>
</td>
<td align="right">
<table width="156" height="22" border="0" cellspacing="0" cellpadding="0">
<tr>
<td><a href="shoppingcart.aspx"><img src="images/headerlogin_05.gif" alt="" width="81" height="22" border="0"></a></td>
<td><img src="images/headerlogin_06.gif" width="9" height="22" alt=""></td>
<td><a href="login.aspx"><img src="images/login.gif" id="Header1_imgLogin" width="66" height="22" border="0" /></a></td>
</tr>
</table>
</td>
</tr>
</table>
</td>
</tr>
<tr>
<td align="right"><img src="images/headertop.gif" width="640" height="72"></td>
</tr>
</table>
</td>
</tr>
</table>
</td>
</tr>
<tr>
<td align="center" background="images/menu_bg_02.gif" height="23">
<table cellSpacing="0" cellPadding="0" width="65%" border="0">
<tr>
<td><a class="fontbluesmall" href="default.aspx">HOME</a></td>
<td><img height="23" src="images/seperator.gif" width="2"></td>
<td align="center"><a class="fontbluesmall" href="buyonline.aspx">BUY ONLINE</a></td>
<td><img height="23" src="images/seperator.gif" width="2"></td>
<td align="center"><a class="fontbluesmall" href="developers.aspx">DEVELOPERS</a></td>
<td><img height="23" src="images/seperator.gif" width="2"></td>
<td align="center"><a class="fontbluesmall" href="partners.aspx">PARTNERS</a></td>
<td><img height="23" src="images/seperator.gif" width="2"></td>
<td align="center"><a class="fontbluesmall" href="support.aspx">SUPPORT</a></td>
<td><img height="23" src="images/seperator.gif" width="2"></td>
<td align="center"><A class="fontbluesmall" href="aboutus.aspx">ABOUT US</a></td>
<td><img height="23" src="images/seperator.gif" width="2"></td>
<td align="center"><A class="fontbluesmall" href="contactus.aspx">CONTACT US</a></td>
</tr>
</table>
</td>
</tr>
</table></TD>
</TR>
<TR>
<TD>
<TABLE id="Table2" cellSpacing="0" cellPadding="0" width="100%" border="0">
<TR>
<TD vAlign="top" width="162" bgColor="#e0ebf5">

<table cellSpacing="0" cellPadding="0" width="162" border="0">
<tr>
<td vAlign="top" width="162" bgColor="#e0ebf5">
<table cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td height="1"></td>
</tr>
<tr>
<td><a href="/products.aspx"><img height="24" alt="products" src="/images/dataproducts.gif" width="162" border="0"></a></td>
</tr>
<tr>
<td>
<table class="leftbarborder" cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td vAlign="middle" width="100%">
<table cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td align="center" width="25" bgColor="#b9deff"><a class="border16" href="/ip-country.aspx">DB1</a></td>
<td class="pad" valign="middle"><a class="fontbluesmaller2" href="/ip-country.aspx">IP2Location&trade; IP-<br>Country</a></td>
</tr>
</table>
</td>
</tr>
<tr>
<td bgColor="#73b5ed" height="1"></td>
</tr>
<tr>
<td vAlign="middle" width="100%">
<table cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td align="center" width="25" bgColor="#b9deff"><a class="border16" href="/ip-country-isp.aspx">DB2</a></td>
<td class="pad" vAlign="middle"><a class="fontbluesmaller2" href="/ip-country-isp.aspx">IP2Location&trade; IP-<br>Country-ISP</a></td>
</tr>
</table>
</td>
</tr>
<tr>
<td bgColor="#73b5ed" height="1"></td>
</tr>
<tr>
<td vAlign="middle" width="100%">
<table cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td align="center" width="25" bgColor="#b9deff"><a class="border16" href="/ip-country-region-city.aspx">DB3</a></td>
<td class="pad" vAlign="middle"><a class="fontbluesmaller2" href="/ip-country-region-city.aspx">IP2Location&trade; IP-<br>Country-Region-City</a></td>
</tr>
</table>
</td>
</tr>
<tr>
<td bgColor="#73b5ed" height="1"></td>
</tr>
<tr>
<td vAlign="middle" width="100%">
<table cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td align="center" width="25" bgColor="#b9deff"><a class="border16" href="/ip-country-region-city-isp.aspx">DB4</a></td>
<td class="pad" vAlign="middle"><a class="fontbluesmaller2" href="/ip-country-region-city-isp.aspx">IP2Location&trade; IP-<br>Country-Region-City-ISP </a></td>
</tr>
</table>
</td>
</tr>
<tr>
<td bgColor="#73b5ed" height="1"></td>
</tr>
<tr>
<td vAlign="middle" width="100%">
<table cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td align="center" width="25" bgColor="#b9deff"><a class="border16" href="/ip-country-region-city-latitude-longitude.aspx">DB5</a></td>
<td class="pad" vAlign="middle"><a class="fontbluesmaller2" href="/ip-country-region-city-latitude-longitude.aspx">IP2Location&trade; IP-<br>Country-Region-City-<br>Latitude-Longitude</a></td>
</tr>
</table>
</td>
</tr>
<tr>
<td bgColor="#73b5ed" height="1"></td>
</tr>
<tr>
<td vAlign="middle" width="100%">
<table cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td align="center" width="25" bgColor="#b9deff"><a class="border16" href="/ip-country-region-city-latitude-longitude-isp.aspx">DB6</a></td>
<td class="pad" vAlign="middle"><a class="fontbluesmaller2" href="/ip-country-region-city-latitude-longitude-isp.aspx">IP2Location&trade; IP-<br>Country-Region-City-<br>Latitude-Longitude-ISP </a></td>
</tr>
</table>
</td>
</tr>
<tr>
<td bgColor="#73b5ed" height="1"></td>
</tr>
<tr>
<td vAlign="middle" width="100%">
<table cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td align="center" width="25" bgColor="#b9deff"><a class="border16" href="/ip-country-region-city-isp-domain.aspx">DB7</a></td>
<td class="pad" vAlign="middle"><a class="fontbluesmaller2" href="/ip-country-region-city-isp-domain.aspx">IP2Location&trade; IP-<br>Country-Region-City-<br>ISP-Domain</a></td>
</tr>
</table>
</td>
</tr>
<tr>
<td bgColor="#73b5ed" height="1"></td>
</tr>
<tr>
<td vAlign="middle" width="100%">
<table cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td align="center" width="25" bgColor="#b9deff"><a class="border16" href="/ip-country-region-city-latitude-longitude-isp-domain.aspx">DB8</a></td>
<td class="pad" vAlign="middle"><a class="fontbluesmaller2" href="/ip-country-region-city-latitude-longitude-isp-domain.aspx">IP2Location&trade; IP-<br>Country-Region-City-<br>Latitude-Longitude-ISP-<br>Domain </a></td>
</tr>
</table>
</td>
</tr>
<tr>
<td bgColor="#73b5ed" height="1"></td>
</tr>
<tr>
<td vAlign="middle" width="100%">
<table cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td align="center" width="25" bgColor="#b9deff"><a class="border16" href="/ip-country-region-city-latitude-longitude-zipcode.aspx">DB9</a></td>
<td class="pad" vAlign="middle"><a class="fontbluesmaller2" href="/ip-country-region-city-latitude-longitude-zipcode.aspx">IP2Location&trade; IP-<br>Country-Region-City-<br>Latitude-Longitude-<br>ZIPCode</a></td>
</tr>
</table>
</td>
</tr>
<tr>
<td bgColor="#73b5ed" height="1"></td>
</tr>
<tr>
<td vAlign="middle" width="100%">
<table cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td align="center" width="25" bgColor="#b9deff"><a class="border16" href="/ip-country-region-city-latitude-longitude-zipcode-isp-domain.aspx">DB10</a></td>
<td class="pad" vAlign="middle"><a class="fontbluesmaller2" href="/ip-country-region-city-latitude-longitude-zipcode-isp-domain.aspx">IP2Location&trade; IP-<br>Country-Region-City-<br>Latitude-Longitude-<br>ZIPCode-ISP-<br>Domain </a></td>
</tr>
</table>
</td>
</tr>
<tr>
<td bgColor="#73b5ed" height="1"></td>
</tr>
<tr>
<td vAlign="middle" width="100%">
<table cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td align="center" width="25" bgColor="#b9deff"><a class="border16" href="/ip-country-region-city-latitude-longitude-zipcode-timezone.aspx">DB11</a></td>
<td class="pad" vAlign="middle"><a class="fontbluesmaller2" href="/ip-country-region-city-latitude-longitude-zipcode-timezone.aspx">IP2Location&trade; IP-<br>Country-Region-City-<br>Latitude-Longitude-<br>ZIPCode-Timezone</a></td>
</tr>
</table>
</td>
</tr>
<tr>
<td bgColor="#73b5ed" height="1"></td>
</tr>
<tr>
<td vAlign="middle" width="100%">
<table cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td align="center" width="25" bgColor="#b9deff"><a class="border16" href="/ip-country-region-city-latitude-longitude-zipcode-timezone-isp-domain.aspx">DB12</a></td>
<td class="pad" vAlign="middle"><a class="fontbluesmaller2" href="/ip-country-region-city-latitude-longitude-zipcode-timezone-isp-domain.aspx">IP2Location&trade; IP-<br>Country-Region-City-<br>Latitude-Longitude-<br>ZIPCode-TimeZone<br>-ISP-Domain</a></td>
</tr>
</table>
</td>
</tr>
<tr>
<td bgColor="#73b5ed" height="1"></td>
</tr>
<tr>
<td vAlign="middle" width="100%">
<table cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td align="center" width="25" bgColor="#b9deff"><a class="border16" href="/ip-country-region-city-latitude-longitude-timezone-netspeed.aspx">DB13</a></td>
<td class="pad" vAlign="middle"><a class="fontbluesmaller2" href="/ip-country-region-city-latitude-longitude-timezone-netspeed.aspx">IP2Location&trade; IP-<br>Country-Region-City-<br>Latitude-Longitude-<br>Timezone-Netspeed</a></td>
</tr>
</table>
</td>
</tr>
<tr>
<td bgColor="#73b5ed" height="1"></td>
</tr>
<tr>
<td vAlign="middle" width="100%">
<table cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td align="center" width="25" bgColor="#b9deff"><a class="border16" href="/ip-countr..
MAC is not Enabled in ViewState

MAC is not Enabled in ViewState

1 TOTAL
MEDIUM
Netsparker identified that the target web application does not use MAC validation in ViewState data.

Impact

An attacker can tamper with the application's state variables located in the ViewState data structure.

Remedy

ASP.NET uses a hash code based integrity solution called "ViewStateMac" to protect ViewState parameters against tampering attacks. You can implement this solution on a page or application level.

For page based protection, place the following directive at the top of affected page.
<%@Page EnableViewStateMAC=true %>
You can also set this option for the whole application by using web.config files. Apply the following configuration for your application's web.config file.
<System.Web>
	<pages enableViewState="true">
</System.Web>      

Remedy References

- /emailtracer.aspx

/emailtracer.aspx

http://www.ip2location.com/emailtracer.aspx

ViewState Version

.NET Framework 1.x

Request

GET /emailtracer.aspx HTTP/1.1
Referer: http://www.ip2location.com/login.aspx
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.ip2location.com
Cookie: ASP.NET_SessionId=hvn3ghec0iybbw45uquc4s3c; firstvisit=firstvisit=2011-03-21 9:39:35
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 31173
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-AspNet-Version: 1.1.4322
Date: Mon, 21 Mar 2011 01:41:04 GMT



<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML>
<HEAD>
<title>Free Email Header Tracer</title>
<meta content="IP2Location&trade; Email Header Tracer tracks the original IP address location of an email from Microsoft Outlook, Hotmail, Yahoo and Gmail, helps you to identify the true source of emails, help to track suspects, verify the sender of a message, trace email abusers or hackers."
name="description">
<meta content="email search, email address, email lookup, email hacking, email sender, email tracker, email domain, email tracer, email spoofing, email headers"
name="keywords">
<LINK href="style.css" type="text/css" rel="stylesheet">
<STYLE type="text/css">#dek { Z-INDEX: 200; VISIBILITY: hidden; POSITION: absolute }
</STYLE>
</HEAD>
<body>
<form name="Form1" method="post" action="emailtracer.aspx" id="Form1">
<input type="hidden" name="__VIEWSTATE" value="dDw5MDQyMzA4OTc7dDw7bDxpPDE+Oz47bDx0PDtsPGk8MT47aTw5Pjs+O2w8dDw7bDxpPDE+O2k8Mz47aTw1PjtpPDc+Oz47bDx0PHA8bDxWaXNpYmxlOz47bDxvPGY+Oz4+Ozs+O3Q8cDxwPGw8VmlzaWJsZTs+O2w8bzxmPjs+Pjs+Ozs+O3Q8cDxsPFZpc2libGU7PjtsPG88Zj47Pj47Oz47dDxwPGw8c3JjOz47bDxpbWFnZXMvbG9naW4uZ2lmOz4+Ozs+Oz4+O3Q8cDxwPGw8VGV4dDs+O2w8TWFyY2ggMjAxMTs+Pjs+Ozs+Oz4+Oz4+O2w8YnRuRmluZExvY2F0aW9uOz4+" />

<TABLE id="Table3" cellSpacing="0" cellPadding="0" width="800" align="center" border="0">
<TR>
<TD vAlign="top">
<table cellSpacing="0" cellPadding="0" width="800" border="0">
<tr>
<td>
<table cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td width="160"><img height="94" src="images/ip2locationlogo.gif" width="160"></td>
<td vAlign="top">
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td>
<table width="100%" border="0" cellspacing="0" cellpadding="0" height="22">
<tr>
<td width="484" height="22" align="left">
<div style="width: 484px; height: 22px; position: relative;">
<img src="images/logintop.gif" style="border: 0px; position: absolute; z-index: -1; top: 0px; left: 0px;">
<table id="Table1" cellSpacing="0" cellPadding="0" border="0" align="right" style="position: absolute; z-index: 2; top: 0px; right: 0px;">
<tr>
<td width="16" height="22"></td>
<td height="22" class="fontwhitesmall" vAlign="bottom" style="padding-bottom: 2px;"></td>
<td height="22"></td>
</tr>
</table>
</div>
</td>
<td align="right">
<table width="156" height="22" border="0" cellspacing="0" cellpadding="0">
<tr>
<td><a href="shoppingcart.aspx"><img src="images/headerlogin_05.gif" alt="" width="81" height="22" border="0"></a></td>
<td><img src="images/headerlogin_06.gif" width="9" height="22" alt=""></td>
<td><a href="login.aspx"><img src="images/login.gif" id="Header1_imgLogin" width="66" height="22" border="0" /></a></td>
</tr>
</table>
</td>
</tr>
</table>
</td>
</tr>
<tr>
<td align="right"><img src="images/headertop.gif" width="640" height="72"></td>
</tr>
</table>
</td>
</tr>
</table>
</td>
</tr>
<tr>
<td align="center" background="images/menu_bg_02.gif" height="23">
<table cellSpacing="0" cellPadding="0" width="65%" border="0">
<tr>
<td><a class="fontbluesmall" href="default.aspx">HOME</a></td>
<td><img height="23" src="images/seperator.gif" width="2"></td>
<td align="center"><a class="fontbluesmall" href="buyonline.aspx">BUY ONLINE</a></td>
<td><img height="23" src="images/seperator.gif" width="2"></td>
<td align="center"><a class="fontbluesmall" href="developers.aspx">DEVELOPERS</a></td>
<td><img height="23" src="images/seperator.gif" width="2"></td>
<td align="center"><a class="fontbluesmall" href="partners.aspx">PARTNERS</a></td>
<td><img height="23" src="images/seperator.gif" width="2"></td>
<td align="center"><a class="fontbluesmall" href="support.aspx">SUPPORT</a></td>
<td><img height="23" src="images/seperator.gif" width="2"></td>
<td align="center"><A class="fontbluesmall" href="aboutus.aspx">ABOUT US</a></td>
<td><img height="23" src="images/seperator.gif" width="2"></td>
<td align="center"><A class="fontbluesmall" href="contactus.aspx">CONTACT US</a></td>
</tr>
</table>
</td>
</tr>
</table></TD>
</TR>
<TR>
<TD>
<TABLE id="Table2" cellSpacing="0" cellPadding="0" width="100%" border="0">
<TR>
<TD vAlign="top" width="162" bgColor="#e0ebf5">
<table cellSpacing="0" cellPadding="0" width="162" border="0">
<tr>
<td vAlign="top" width="162" bgColor="#e0ebf5">
<table cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td height="1"></td>
</tr>
<tr>
<td><a href="/products.aspx"><img height="24" alt="products" src="/images/dataproducts.gif" width="162" border="0"></a></td>
</tr>
<tr>
<td>
<table class="leftbarborder" cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td vAlign="middle" width="100%">
<table cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td align="center" width="25" bgColor="#b9deff"><a class="border16" href="/ip-country.aspx">DB1</a></td>
<td class="pad" valign="middle"><a class="fontbluesmaller2" href="/ip-country.aspx">IP2Location&trade; IP-<br>Country</a></td>
</tr>
</table>
</td>
</tr>
<tr>
<td bgColor="#73b5ed" height="1"></td>
</tr>
<tr>
<td vAlign="middle" width="100%">
<table cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td align="center" width="25" bgColor="#b9deff"><a class="border16" href="/ip-country-isp.aspx">DB2</a></td>
<td class="pad" vAlign="middle"><a class="fontbluesmaller2" href="/ip-country-isp.aspx">IP2Location&trade; IP-<br>Country-ISP</a></td>
</tr>
</table>
</td>
</tr>
<tr>
<td bgColor="#73b5ed" height="1"></td>
</tr>
<tr>
<td vAlign="middle" width="100%">
<table cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td align="center" width="25" bgColor="#b9deff"><a class="border16" href="/ip-country-region-city.aspx">DB3</a></td>
<td class="pad" vAlign="middle"><a class="fontbluesmaller2" href="/ip-country-region-city.aspx">IP2Location&trade; IP-<br>Country-Region-City</a></td>
</tr>
</table>
</td>
</tr>
<tr>
<td bgColor="#73b5ed" height="1"></td>
</tr>
<tr>
<td vAlign="middle" width="100%">
<table cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td align="center" width="25" bgColor="#b9deff"><a class="border16" href="/ip-country-region-city-isp.aspx">DB4</a></td>
<td class="pad" vAlign="middle"><a class="fontbluesmaller2" href="/ip-country-region-city-isp.aspx">IP2Location&trade; IP-<br>Country-Region-City-ISP </a></td>
</tr>
</table>
</td>
</tr>
<tr>
<td bgColor="#73b5ed" height="1"></td>
</tr>
<tr>
<td vAlign="middle" width="100%">
<table cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td align="center" width="25" bgColor="#b9deff"><a class="border16" href="/ip-country-region-city-latitude-longitude.aspx">DB5</a></td>
<td class="pad" vAlign="middle"><a class="fontbluesmaller2" href="/ip-country-region-city-latitude-longitude.aspx">IP2Location&trade; IP-<br>Country-Region-City-<br>Latitude-Longitude</a></td>
</tr>
</table>
</td>
</tr>
<tr>
<td bgColor="#73b5ed" height="1"></td>
</tr>
<tr>
<td vAlign="middle" width="100%">
<table cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td align="center" width="25" bgColor="#b9deff"><a class="border16" href="/ip-country-region-city-latitude-longitude-isp.aspx">DB6</a></td>
<td class="pad" vAlign="middle"><a class="fontbluesmaller2" href="/ip-country-region-city-latitude-longitude-isp.aspx">IP2Location&trade; IP-<br>Country-Region-City-<br>Latitude-Longitude-ISP </a></td>
</tr>
</table>
</td>
</tr>
<tr>
<td bgColor="#73b5ed" height="1"></td>
</tr>
<tr>
<td vAlign="middle" width="100%">
<table cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td align="center" width="25" bgColor="#b9deff"><a class="border16" href="/ip-country-region-city-isp-domain.aspx">DB7</a></td>
<td class="pad" vAlign="middle"><a class="fontbluesmaller2" href="/ip-country-region-city-isp-domain.aspx">IP2Location&trade; IP-<br>Country-Region-City-<br>ISP-Domain</a></td>
</tr>
</table>
</td>
</tr>
<tr>
<td bgColor="#73b5ed" height="1"></td>
</tr>
<tr>
<td vAlign="middle" width="100%">
<table cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td align="center" width="25" bgColor="#b9deff"><a class="border16" href="/ip-country-region-city-latitude-longitude-isp-domain.aspx">DB8</a></td>
<td class="pad" vAlign="middle"><a class="fontbluesmaller2" href="/ip-country-region-city-latitude-longitude-isp-domain.aspx">IP2Location&trade; IP-<br>Country-Region-City-<br>Latitude-Longitude-ISP-<br>Domain </a></td>
</tr>
</table>
</td>
</tr>
<tr>
<td bgColor="#73b5ed" height="1"></td>
</tr>
<tr>
<td vAlign="middle" width="100%">
<table cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td align="center" width="25" bgColor="#b9deff"><a class="border16" href="/ip-country-region-city-latitude-longitude-zipcode.aspx">DB9</a></td>
<td class="pad" vAlign="middle"><a class="fontbluesmaller2" href="/ip-country-region-city-latitude-longitude-zipcode.aspx">IP2Location&trade; IP-<br>Country-Region-City-<br>Latitude-Longitude-<br>ZIPCode</a></td>
</tr>
</table>
</td>
</tr>
<tr>
<td bgColor="#73b5ed" height="1"></td>
</tr>
<tr>
<td vAlign="middle" width="100%">
<table cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td align="center" width="25" bgColor="#b9deff"><a class="border16" href="/ip-country-region-city-latitude-longitude-zipcode-isp-domain.aspx">DB10</a></td>
<td class="pad" vAlign="middle"><a class="fontbluesmaller2" href="/ip-country-region-city-latitude-longitude-zipcode-isp-domain.aspx">IP2Location&trade; IP-<br>Country-Region-City-<br>Latitude-Longitude-<br>ZIPCode-ISP-<br>Domain </a></td>
</tr>
</table>
</td>
</tr>
<tr>
<td bgColor="#73b5ed" height="1"></td>
</tr>
<tr>
<td vAlign="middle" width="100%">
<table cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td align="center" width="25" bgColor="#b9deff"><a class="border16" href="/ip-country-region-city-latitude-longitude-zipcode-timezone.aspx">DB11</a></td>
<td class="pad" vAlign="middle"><a class="fontbluesmaller2" href="/ip-country-region-city-latitude-longitude-zipcode-timezone.aspx">IP2Location&trade; IP-<br>Country-Region-City-<br>Latitude-Longitude-<br>ZIPCode-Timezone</a></td>
</tr>
</table>
</td>
</tr>
<tr>
<td bgColor="#73b5ed" height="1"></td>
</tr>
<tr>
<td vAlign="middle" width="100%">
<table cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td align="center" width="25" bgColor="#b9deff"><a class="border16" href="/ip-country-region-city-latitude-longitude-zipcode-timezone-isp-domain.aspx">DB12</a></td>
<td class="pad" vAlign="middle"><a class="fontbluesmaller2" href="/ip-country-region-city-latitude-longitude-zipcode-timezone-isp-domain.aspx">IP2Location&trade; IP-<br>Country-Region-City-<br>Latitude-Longitude-<br>ZIPCode-TimeZone<br>-ISP-Domain</a></td>
</tr>
</table>
</td>
</tr>
<tr>
<td bgColor="#73b5ed" height="1"></td>
</tr>
<tr>
<td vAlign="middle" width="100%">
<table cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td align="center" width="25" bgColor="#b9deff"><a class="border16" href="/ip-country-region-city-latitude-longitude-timezone-netspeed.aspx">DB13</a></td>
<td class="pad" vAlign="middle"><a class="fontbluesmaller2" href="/ip-country-region-city-latitude-longitude-timezone-netspeed.aspx">IP2Location&trade; IP-<br>Country-Region-City-<br>Latitude-Longitude-<br>Timezone-Netspeed</a></td>
</tr>
</table>
</td>
</tr>
<tr>
<td bgColor="#73b5ed" height="1"></td>
</tr>
<tr>
<td vAlign="middle" width="100%">
<table cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td align="center" width="25" bgColor="#b9deff"><a class="border16" href="/ip-country-r..
[Possible] Cross-site Scripting

[Possible] Cross-site Scripting

2 TOTAL
MEDIUM
XSS (Cross-site Scripting) allows an attacker to execute a dynamic script (Javascript, VbScript) in the context of the application. This allows several different attack opportunities, mostly hijacking the current session of the user or changing the look of the page by changing the HTML on the fly to steal the user's credentials. This happens because the input entered by a user has been interpreted as HTML/Javascript/VbScript by the browser.

Netsparker believes that there is a XSS (Cross-site Scripting) in here it could not confirm it. We strongly recommend investigating the issue manually to ensure that it is an XSS (Cross-site Scripting) and needs to be addressed.

XSS targets the users of the application instead of the server. Although this is a limitation, since it allows attackers to hijack other users' session, an attacker might attack an administrator to gain full control over the application.

Impact

There are many different attacks that can be leveraged through the use of XSS, including:

Remedy

The issue occurs because the browser interprets the input as active HTML, Javascript or VbScript. To avoid this, all input and output from the application should be filtered / encoded. Output should be filtered / encoded according to the output format and location.

There are a number of pre-defined, well structured white-list libraries available for many different environments, good examples of these include, OWASP Reform and Microsoft Anti Cross-site Scripting libraries are good examples.

Remedy References

External References

- /ib1/

/ib1/

http://www.ip2location.com/ib1/?'"--></style></script><script>alert(0x000A9D)</script>

Parameters

Parameter Type Value
Query Based QUERYSTRING '"--></style></script><script>alert(0x000A9D)</script>

Notes

This page responses with HTTP redirect status therefore detected XSS vulnerability might not be exploitable in many conditions however it still indicates lack of correct filtering and should be addressed.

Request

GET /ib1/?'"--></style></script><script>netsparker(0x000A9D)</script> HTTP/1.1
Referer: http://www.ip2location.com/sitemap.xml
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.ip2location.com
Cookie: ASP.NET_SessionId=xsedntjlq0hssu45r03ill55; firstvisit=firstvisit=2011-03-21 9:44:6; ip2locationshoppingcart=91=1&88=1&90=20; ASPSESSIONIDCCCSTRCB=GKOODNEDCMMAHMENGLCOFLEF
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 302 Found
Date: Mon, 21 Mar 2011 01:46:42 GMT
Server: Microsoft-IIS/6.0
Location: http://tools.ip2location.com/ib1?'"--></style></script><script>netsparker(0x000A9D)</script>
Content-Length: 278
Content-type: text/html


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1><p>The document has moved <a href="http://tools.ip2location.com/ib1?'"--></style></script><script>netsparker(0x000A9D)</script>">here</a>.</p></body></html>
- /ib2/

/ib2/

http://www.ip2location.com/ib2/?'"--></style></script><script>alert(0x000AA5)</script>

Parameters

Parameter Type Value
Query Based QUERYSTRING '"--></style></script><script>alert(0x000AA5)</script>

Notes

This page responses with HTTP redirect status therefore detected XSS vulnerability might not be exploitable in many conditions however it still indicates lack of correct filtering and should be addressed.

Request

GET /ib2/?'"--></style></script><script>netsparker(0x000AA5)</script> HTTP/1.1
Referer: http://www.ip2location.com/sitemap.xml
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.ip2location.com
Cookie: ASP.NET_SessionId=xsedntjlq0hssu45r03ill55; firstvisit=firstvisit=2011-03-21 9:44:6; ip2locationshoppingcart=91=1&88=1&90=20; ASPSESSIONIDCCCSTRCB=GKOODNEDCMMAHMENGLCOFLEF
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 302 Found
Date: Mon, 21 Mar 2011 01:46:42 GMT
Server: Microsoft-IIS/6.0
Location: http://tools.ip2location.com/ib2?'"--></style></script><script>netsparker(0x000AA5)</script>
Content-Length: 278
Content-type: text/html


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1><p>The document has moved <a href="http://tools.ip2location.com/ib2?'"--></style></script><script>netsparker(0x000AA5)</script>">here</a>.</p></body></html>
Internal Server Error

Internal Server Error

1 TOTAL
LOW
CONFIRMED
1
The Server responded with an HTTP status 500. This indicates that there is a server-side error. Reasons may vary. The behavior should be analysed carefully. If Netsparker is able to find a security issue in the same resource it will report this as a separate vulnerability.

Impact

The impact may vary depending on the condition. Generally this indicates poor coding practices, not enough error checking, sanitization and whitelisting. However there might be a bigger issue such as SQL Injection. If that's the case Netsparker will check for other possible issues and report them separately.

Remedy

Analyse this issue and review the application code in order to handle unexpected errors, this should be a generic practice which does not disclose further information upon an error. All errors should be handled server side only.
- /login.aspx

/login.aspx CONFIRMED

http://www.ip2location.com/login.aspx?__VIEWSTATE=dDwxOTY1MDU3OTYwO3Q8O2w8aTwxPjs%2bO2w8dDw7bDxpPDE%..

Parameters

Parameter Type Value
__VIEWSTATE GET dDwxOTY1MDU3OTYwO3Q8O2w8aTwxPjs+O2w8dDw7bDxpPDE+Oz47bDx0PDtsPGk8MT47aTwzPjtpPDU+O2k8Nz47PjtsPHQ8cDxsPFZpc2libGU7PjtsPG88Zj47Pj47Oz47dDxwPHA8bDxWaXNpYmxlOz47bDxvPGY+Oz4+Oz47Oz47dDxwPGw8VmlzaWJsZTs+O2w8bzxmPjs+Pjs7Pjt0PHA8bDxzcmM7PjtsPGltYWdlcy9sb2dpbi5naWY7Pj47Oz47Pj47Pj47Pj47bDxjaGtSZW1lbWJlck1lO2J0bkxvZ2luO1JpZ2h0QmxvY2sxOmJ0bkZpbmRMb2NhdGlvbjs+PsYxG6OSsn7+bgIl9AUWx91ZbwSD
btnLogin GET '"--></style></script><script>netsparker(0x0004B6)</script>
chkRememberMe GET 3
RightBlock1:btnFindLocation GET 3
RightBlock1:txtLookup GET 173.193.214.243
txtEmailAddress GET netsparker@example.com
txtPassword GET 3

Request

GET /login.aspx?__VIEWSTATE=dDwxOTY1MDU3OTYwO3Q8O2w8aTwxPjs%2bO2w8dDw7bDxpPDE%2bOz47bDx0PDtsPGk8MT47aTwzPjtpPDU%2bO2k8Nz47PjtsPHQ8cDxsPFZpc2libGU7PjtsPG88Zj47Pj47Oz47dDxwPHA8bDxWaXNpYmxlOz47bDxvPGY%2bOz4%2bOz47Oz47dDxwPGw8VmlzaWJsZTs%2bO2w8bzxmPjs%2bPjs7Pjt0PHA8bDxzcmM7PjtsPGltYWdlcy9sb2dpbi5naWY7Pj47Oz47Pj47Pj47Pj47bDxjaGtSZW1lbWJlck1lO2J0bkxvZ2luO1JpZ2h0QmxvY2sxOmJ0bkZpbmRMb2NhdGlvbjs%2bPsYxG6OSsn7%2bbgIl9AUWx91ZbwSD&btnLogin='%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0004B6)%3C/script%3E&chkRememberMe=3&RightBlock1:btnFindLocation=3&RightBlock1:txtLookup=173.193.214.243&txtEmailAddress=netsparker@example.com&txtPassword=3 HTTP/1.1
Referer: http://www.ip2location.com/login.aspx
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.ip2location.com
Cookie: ASP.NET_SessionId=hvn3ghec0iybbw45uquc4s3c; firstvisit=firstvisit=2011-03-21 9:41:53; ip2locationshoppingcart=91=1&88=1; ASPSESSIONIDCCCSTRCB=GKOODNEDCMMAHMENGLCOFLEF
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 500 Internal Server Error
Date: Mon, 21 Mar 2011 01:42:39 GMT
Server: Microsoft-IIS/6.0
X-AspNet-Version: 1.1.4322
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 5264


<html>
<head>
<title>A potentially dangerous Request.QueryString value was detected from the client (btnLogin=&quot;'&quot;--&gt;&lt;/style&gt;&lt;/script&gt;&lt;sc...&quot;).</title>
<style>
body {font-family:"Verdana";font-weight:normal;font-size: .7em;color:black;}
p {font-family:"Verdana";font-weight:normal;color:black;margin-top: -5px}
b {font-family:"Verdana";font-weight:bold;color:black;margin-top: -5px}
H1 { font-family:"Verdana";font-weight:normal;font-size:18pt;color:red }
H2 { font-family:"Verdana";font-weight:normal;font-size:14pt;color:maroon }
pre {font-family:"Lucida Console";font-size: .9em}
.marker {font-weight: bold; color: black;text-decoration: none;}
.version {color: gray;}
.error {margin-bottom: 10px;}
.expandable { text-decoration:underline; font-weight:bold; color:navy; cursor:hand; }
</style>
</head>

<body bgcolor="white">

<span><H1>Server Error in '/' Application.<hr width=100% size=1 color=silver></H1>

<h2> <i>A potentially dangerous Request.QueryString value was detected from the client (btnLogin=&quot;'&quot;--&gt;&lt;/style&gt;&lt;/script&gt;&lt;sc...&quot;).</i> </h2></span>

<font face="Arial, Helvetica, Geneva, SunSans-Regular, sans-serif ">

<b> Description: </b>Request Validation has detected a potentially dangerous client input value, and processing of the request has been aborted. This value may indicate an attempt to compromise the security of your application, such as a cross-site scripting attack. You can disable request validation by setting validateRequest=false in the Page directive or in the <pages> configuration section. However, it is strongly recommended that your application explicitly check all inputs in this case.
<br><br>

<b> Exception Details: </b>System.Web.HttpRequestValidationException: A potentially dangerous Request.QueryString value was detected from the client (btnLogin=&quot;'&quot;--&gt;&lt;/style&gt;&lt;/script&gt;&lt;sc...&quot;).<br><br>

<b>Source Error:</b> <br><br>

<table width=100% bgcolor="#ffffcc">
<tr>
<td>
<code>

An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.</code>

</td>
</tr>
</table>

<br>

<b>Stack Trace:</b> <br><br>

<table width=100% bgcolor="#ffffcc">
<tr>
<td>
<code><pre>

[HttpRequestValidationException (0x80004005): A potentially dangerous Request.QueryString value was detected from the client (btnLogin=&quot;'&quot;--&gt;&lt;/style&gt;&lt;/script&gt;&lt;sc...&quot;).]
System.Web.HttpRequest.ValidateString(String s, String valueName, String collectionName) +240
System.Web.HttpRequest.ValidateNameValueCollection(NameValueCollection nvc, String collectionName) +99
System.Web.HttpRequest.get_QueryString() +122
System.Web.UI.Page.GetCollectionBasedOnMethod() +85
System.Web.UI.Page.DeterminePostBackMode() +128
System.Web.UI.Page.ProcessRequestMain() +2112
System.Web.UI.Page.ProcessRequest() +218
System.Web.UI.Page.ProcessRequest(HttpContext context) +18
System.Web.CallHandlerExecutionStep.System.Web.HttpApplication+IExecutionStep.Execute() +179
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean&amp; completedSynchronously) +87
</pre></code>

</td>
</tr>
</table>

<br>

<hr width=100% size=1 color=silver>

<b>Version Information:</b>&nbsp;Microsoft .NET Framework Version:1.1.4322.2443; ASP.NET Version:1.1.4322.2470

</font>

</body>
</html>
<!--
[HttpRequestValidationException]: A potentially dangerous Request.QueryString value was detected from the client (btnLogin=&quot;'&quot;--&gt;&lt;/style&gt;&lt;/script&gt;&lt;sc...&quot;).
at System.Web.HttpRequest.ValidateString(String s, String valueName, String collectionName)
at System.Web.HttpRequest.ValidateNameValueCollection(NameValueCollection nvc, String collectionName)
at System.Web.HttpRequest.get_QueryString()
at System.Web.UI.Page.GetCollectionBasedOnMethod()
at System.Web.UI.Page.DeterminePostBackMode()
at System.Web.UI.Page.ProcessRequestMain()
at System.Web.UI.Page.ProcessRequest()
at System.Web.UI.Page.ProcessRequest(HttpContext context)
at System.Web.CallHandlerExecutionStep.System.Web.HttpApplication+IExecutionStep.Execute()
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
--><!--
This error page might contain sensitive information because ASP.NET is configured to show verbose error messages using &lt;customErrors mode="Off"/&gt;. Consider using &lt;customErrors mode="On"/&gt; or &lt;customErrors mode="RemoteOnly"/&gt; in production environments.-->
Auto Complete Enabled

Auto Complete Enabled

1 TOTAL
LOW
CONFIRMED
1
"Auto Complete" was enabled in one or more of the form fields. These were either "password" fields or important fields such as "Credit Card".

Impact

Data entered in these fields will be cached by the browser. An attacker who can access the victim's browser could steal this information. This is especially important if the application is commonly used in shared computers such as cyber cafes or airport terminals.

Remedy

Add the attribute autocomplete="off" to the form tag or to individual "input" fields.

Actions to Take

  1. See the remedy for the solution.
  2. Find all instances of inputs which store private data and disable autocomplete. Fields which contain data such as "Credit Card" or "CCV" type data should not be cached. You can allow the application to cache usernames and remember passwords, however, in most cases this is not recommended.
  3. Re-scan the application after addressing the identified issues to ensure that all of the fixes have been applied properly.

Required Skills for Successful Exploitation

Dumping all data from a browser can be fairly easy and there exist a number of automated tools to undertake this. Where the attacker cannot dump the data, he/she could still browse the recently visited websites and activate the auto-complete feature to see previously entered values.

External References

- /login.aspx

/login.aspx CONFIRMED

http://www.ip2location.com/login.aspx

Identified Field Name

txtPassword

Request

GET /login.aspx HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.ip2location.com
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 39762
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-AspNet-Version: 1.1.4322
Set-Cookie: ASP.NET_SessionId=dvgahk55kcj1hz45ixhjztem; path=/,firstvisit=firstvisit=2011-03-21 9:39:35; expires=Wed, 20-Mar-2013 16:00:00 GMT; path=/
Date: Mon, 21 Mar 2011 01:39:35 GMT



<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML>
<HEAD>
<title>Login Page</title>
<meta name="description" content="Please login to download the latest IP2Location&trade; database and application for IP to Country, Region, City, Latitude, Longitude, ZIPCode, TimeZone, ISP, Domain, Netspeed Database, ActiveX/COM DLL, IP-Country Web Service, .NET Component and Java Component.">
<meta name="keywords" content="login, login, page, secure login, ip address locator, ip search, ip address location, check ip, ip look up, ip address search">
<LINK href="style.css" type="text/css" rel="stylesheet">
</HEAD>
<body>
<form name="Form1" method="post" action="login.aspx" id="Form1">
<input type="hidden" name="__VIEWSTATE" value="dDwxOTY1MDU3OTYwO3Q8O2w8aTwxPjs+O2w8dDw7bDxpPDE+Oz47bDx0PDtsPGk8MT47aTwzPjtpPDU+O2k8Nz47PjtsPHQ8cDxsPFZpc2libGU7PjtsPG88Zj47Pj47Oz47dDxwPHA8bDxWaXNpYmxlOz47bDxvPGY+Oz4+Oz47Oz47dDxwPGw8VmlzaWJsZTs+O2w8bzxmPjs+Pjs7Pjt0PHA8bDxzcmM7PjtsPGltYWdlcy9sb2dpbi5naWY7Pj47Oz47Pj47Pj47Pj47bDxjaGtSZW1lbWJlck1lO2J0bkxvZ2luO1JpZ2h0QmxvY2sxOmJ0bkZpbmRMb2NhdGlvbjs+PsYxG6OSsn7+bgIl9AUWx91ZbwSD" />

<TABLE id="Table3" cellSpacing="0" cellPadding="0" width="800" align="center" border="0">
<TR>
<TD vAlign="top">

<table cellSpacing="0" cellPadding="0" width="800" border="0">
<tr>
<td>
<table cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td width="160"><img height="94" src="images/ip2locationlogo.gif" width="160"></td>
<td vAlign="top">
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td>
<table width="100%" border="0" cellspacing="0" cellpadding="0" height="22">
<tr>
<td width="484" height="22" align="left">
<div style="width: 484px; height: 22px; position: relative;">
<img src="images/logintop.gif" style="border: 0px; position: absolute; z-index: -1; top: 0px; left: 0px;">
<table id="Table1" cellSpacing="0" cellPadding="0" border="0" align="right" style="position: absolute; z-index: 2; top: 0px; right: 0px;">
<tr>
<td width="16" height="22"></td>
<td height="22" class="fontwhitesmall" vAlign="bottom" style="padding-bottom: 2px;"></td>
<td height="22"></td>
</tr>
</table>
</div>
</td>
<td align="right">
<table width="156" height="22" border="0" cellspacing="0" cellpadding="0">
<tr>
<td><a href="shoppingcart.aspx"><img src="images/headerlogin_05.gif" alt="" width="81" height="22" border="0"></a></td>
<td><img src="images/headerlogin_06.gif" width="9" height="22" alt=""></td>
<td><a href="login.aspx"><img src="images/login.gif" id="Header1_imgLogin" width="66" height="22" border="0" /></a></td>
</tr>
</table>
</td>
</tr>
</table>
</td>
</tr>
<tr>
<td align="right"><img src="images/headertop.gif" width="640" height="72"></td>
</tr>
</table>
</td>
</tr>
</table>
</td>
</tr>
<tr>
<td align="center" background="images/menu_bg_02.gif" height="23">
<table cellSpacing="0" cellPadding="0" width="65%" border="0">
<tr>
<td><a class="fontbluesmall" href="default.aspx">HOME</a></td>
<td><img height="23" src="images/seperator.gif" width="2"></td>
<td align="center"><a class="fontbluesmall" href="buyonline.aspx">BUY ONLINE</a></td>
<td><img height="23" src="images/seperator.gif" width="2"></td>
<td align="center"><a class="fontbluesmall" href="developers.aspx">DEVELOPERS</a></td>
<td><img height="23" src="images/seperator.gif" width="2"></td>
<td align="center"><a class="fontbluesmall" href="partners.aspx">PARTNERS</a></td>
<td><img height="23" src="images/seperator.gif" width="2"></td>
<td align="center"><a class="fontbluesmall" href="support.aspx">SUPPORT</a></td>
<td><img height="23" src="images/seperator.gif" width="2"></td>
<td align="center"><A class="fontbluesmall" href="aboutus.aspx">ABOUT US</a></td>
<td><img height="23" src="images/seperator.gif" width="2"></td>
<td align="center"><A class="fontbluesmall" href="contactus.aspx">CONTACT US</a></td>
</tr>
</table>
</td>
</tr>
</table></TD>
</TR>
<TR>
<TD>
<TABLE id="Table2" cellSpacing="0" cellPadding="0" width="100%" border="0">
<TR>
<TD vAlign="top" width="162" bgColor="#e0ebf5">

<table cellSpacing="0" cellPadding="0" width="162" border="0">
<tr>
<td vAlign="top" width="162" bgColor="#e0ebf5">
<table cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td height="1"></td>
</tr>
<tr>
<td><a href="/products.aspx"><img height="24" alt="products" src="/images/dataproducts.gif" width="162" border="0"></a></td>
</tr>
<tr>
<td>
<table class="leftbarborder" cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td vAlign="middle" width="100%">
<table cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td align="center" width="25" bgColor="#b9deff"><a class="border16" href="/ip-country.aspx">DB1</a></td>
<td class="pad" valign="middle"><a class="fontbluesmaller2" href="/ip-country.aspx">IP2Location&trade; IP-<br>Country</a></td>
</tr>
</table>
</td>
</tr>
<tr>
<td bgColor="#73b5ed" height="1"></td>
</tr>
<tr>
<td vAlign="middle" width="100%">
<table cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td align="center" width="25" bgColor="#b9deff"><a class="border16" href="/ip-country-isp.aspx">DB2</a></td>
<td class="pad" vAlign="middle"><a class="fontbluesmaller2" href="/ip-country-isp.aspx">IP2Location&trade; IP-<br>Country-ISP</a></td>
</tr>
</table>
</td>
</tr>
<tr>
<td bgColor="#73b5ed" height="1"></td>
</tr>
<tr>
<td vAlign="middle" width="100%">
<table cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td align="center" width="25" bgColor="#b9deff"><a class="border16" href="/ip-country-region-city.aspx">DB3</a></td>
<td class="pad" vAlign="middle"><a class="fontbluesmaller2" href="/ip-country-region-city.aspx">IP2Location&trade; IP-<br>Country-Region-City</a></td>
</tr>
</table>
</td>
</tr>
<tr>
<td bgColor="#73b5ed" height="1"></td>
</tr>
<tr>
<td vAlign="middle" width="100%">
<table cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td align="center" width="25" bgColor="#b9deff"><a class="border16" href="/ip-country-region-city-isp.aspx">DB4</a></td>
<td class="pad" vAlign="middle"><a class="fontbluesmaller2" href="/ip-country-region-city-isp.aspx">IP2Location&trade; IP-<br>Country-Region-City-ISP </a></td>
</tr>
</table>
</td>
</tr>
<tr>
<td bgColor="#73b5ed" height="1"></td>
</tr>
<tr>
<td vAlign="middle" width="100%">
<table cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td align="center" width="25" bgColor="#b9deff"><a class="border16" href="/ip-country-region-city-latitude-longitude.aspx">DB5</a></td>
<td class="pad" vAlign="middle"><a class="fontbluesmaller2" href="/ip-country-region-city-latitude-longitude.aspx">IP2Location&trade; IP-<br>Country-Region-City-<br>Latitude-Longitude</a></td>
</tr>
</table>
</td>
</tr>
<tr>
<td bgColor="#73b5ed" height="1"></td>
</tr>
<tr>
<td vAlign="middle" width="100%">
<table cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td align="center" width="25" bgColor="#b9deff"><a class="border16" href="/ip-country-region-city-latitude-longitude-isp.aspx">DB6</a></td>
<td class="pad" vAlign="middle"><a class="fontbluesmaller2" href="/ip-country-region-city-latitude-longitude-isp.aspx">IP2Location&trade; IP-<br>Country-Region-City-<br>Latitude-Longitude-ISP </a></td>
</tr>
</table>
</td>
</tr>
<tr>
<td bgColor="#73b5ed" height="1"></td>
</tr>
<tr>
<td vAlign="middle" width="100%">
<table cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td align="center" width="25" bgColor="#b9deff"><a class="border16" href="/ip-country-region-city-isp-domain.aspx">DB7</a></td>
<td class="pad" vAlign="middle"><a class="fontbluesmaller2" href="/ip-country-region-city-isp-domain.aspx">IP2Location&trade; IP-<br>Country-Region-City-<br>ISP-Domain</a></td>
</tr>
</table>
</td>
</tr>
<tr>
<td bgColor="#73b5ed" height="1"></td>
</tr>
<tr>
<td vAlign="middle" width="100%">
<table cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td align="center" width="25" bgColor="#b9deff"><a class="border16" href="/ip-country-region-city-latitude-longitude-isp-domain.aspx">DB8</a></td>
<td class="pad" vAlign="middle"><a class="fontbluesmaller2" href="/ip-country-region-city-latitude-longitude-isp-domain.aspx">IP2Location&trade; IP-<br>Country-Region-City-<br>Latitude-Longitude-ISP-<br>Domain </a></td>
</tr>
</table>
</td>
</tr>
<tr>
<td bgColor="#73b5ed" height="1"></td>
</tr>
<tr>
<td vAlign="middle" width="100%">
<table cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td align="center" width="25" bgColor="#b9deff"><a class="border16" href="/ip-country-region-city-latitude-longitude-zipcode.aspx">DB9</a></td>
<td class="pad" vAlign="middle"><a class="fontbluesmaller2" href="/ip-country-region-city-latitude-longitude-zipcode.aspx">IP2Location&trade; IP-<br>Country-Region-City-<br>Latitude-Longitude-<br>ZIPCode</a></td>
</tr>
</table>
</td>
</tr>
<tr>
<td bgColor="#73b5ed" height="1"></td>
</tr>
<tr>
<td vAlign="middle" width="100%">
<table cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td align="center" width="25" bgColor="#b9deff"><a class="border16" href="/ip-country-region-city-latitude-longitude-zipcode-isp-domain.aspx">DB10</a></td>
<td class="pad" vAlign="middle"><a class="fontbluesmaller2" href="/ip-country-region-city-latitude-longitude-zipcode-isp-domain.aspx">IP2Location&trade; IP-<br>Country-Region-City-<br>Latitude-Longitude-<br>ZIPCode-ISP-<br>Domain </a></td>
</tr>
</table>
</td>
</tr>
<tr>
<td bgColor="#73b5ed" height="1"></td>
</tr>
<tr>
<td vAlign="middle" width="100%">
<table cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td align="center" width="25" bgColor="#b9deff"><a class="border16" href="/ip-country-region-city-latitude-longitude-zipcode-timezone.aspx">DB11</a></td>
<td class="pad" vAlign="middle"><a class="fontbluesmaller2" href="/ip-country-region-city-latitude-longitude-zipcode-timezone.aspx">IP2Location&trade; IP-<br>Country-Region-City-<br>Latitude-Longitude-<br>ZIPCode-Timezone</a></td>
</tr>
</table>
</td>
</tr>
<tr>
<td bgColor="#73b5ed" height="1"></td>
</tr>
<tr>
<td vAlign="middle" width="100%">
<table cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td align="center" width="25" bgColor="#b9deff"><a class="border16" href="/ip-country-region-city-latitude-longitude-zipcode-timezone-isp-domain.aspx">DB12</a></td>
<td class="pad" vAlign="middle"><a class="fontbluesmaller2" href="/ip-country-region-city-latitude-longitude-zipcode-timezone-isp-domain.aspx">IP2Location&trade; IP-<br>Country-Region-City-<br>Latitude-Longitude-<br>ZIPCode-TimeZone<br>-ISP-Domain</a></td>
</tr>
</table>
</td>
</tr>
<tr>
<td bgColor="#73b5ed" height="1"></td>
</tr>
<tr>
<td vAlign="middle" width="100%">
<table cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td align="center" width="25" bgColor="#b9deff"><a class="border16" href="/ip-country-region-city-latitude-longitude-timezone-netspeed.aspx">DB13</a></td>
<td class="pad" vAlign="middle"><a class="fontbluesmaller2" href="/ip-country-region-city-latitude-longitude-timezone-netspeed.aspx">IP2Location&trade; IP-<br>Country-Region-City-<br>Latitude-Longitude-<br>Timezone-Netspeed</a></td>
</tr>
</table>
</td>
</tr>
<tr>
<td bgColor="#73b5ed" height="1"></td>
</tr>
<tr>
<td vAlign="middle" width="100%">
<table cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td align="center" width="25" bgColor="#b9deff"><a class="border16" href="/ip-countr..
Cookie Not Marked As HttpOnly

Cookie Not Marked As HttpOnly

1 TOTAL
LOW
CONFIRMED
1
Cookie was not marked as HTTPOnly. HTTPOnly cookies can not be read by client-side scripts therefore marking a cookie as HTTPOnly can provide an additional layer of protection against Cross-site Scripting attacks..

Impact

During a Cross-site Scripting attack an attacker might easily access cookies and hijack the victim's session.

Actions to Take

  1. See the remedy for solution
  2. Consider marking all of the cookies used by the application as HTTPOnly (After these changes javascript code will not able to read cookies.

Remedy

Mark the cookie as HTTPOnly. This will be an extra layer of defence against XSS. However this is not a silver bullet and will not protect the system against Cross-site Scripting attacks. An attacker can use a tool such as XSS Tunnel to bypass HTTPOnly protection.

External References

- /login.aspx

/login.aspx CONFIRMED

http://www.ip2location.com/login.aspx

Identified Cookie

ASP.NET_SessionId

Request

GET /login.aspx HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.ip2location.com
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 39762
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-AspNet-Version: 1.1.4322
Set-Cookie: ASP.NET_SessionId=dvgahk55kcj1hz45ixhjztem; path=/,firstvisit=firstvisit=2011-03-21 9:39:35; expires=Wed, 20-Mar-2013 16:00:00 GMT; path=/
Date: Mon, 21 Mar 2011 01:39:35 GMT



<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML>
<HEAD>
<title>Login Page</title>
<meta name="description" content="Please login to download the latest IP2Location&trade; database and application for IP to Country, Region, City, Latitude, Longitude, ZIPCode, TimeZone, ISP, Domain, Netspeed Database, ActiveX/COM DLL, IP-Country Web Service, .NET Component and Java Component.">
<meta name="keywords" content="login, login, page, secure login, ip address locator, ip search, ip address location, check ip, ip look up, ip address search">
<LINK href="style.css" type="text/css" rel="stylesheet">
</HEAD>
<body>
<form name="Form1" method="post" action="login.aspx" id="Form1">
<input type="hidden" name="__VIEWSTATE" value="dDwxOTY1MDU3OTYwO3Q8O2w8aTwxPjs+O2w8dDw7bDxpPDE+Oz47bDx0PDtsPGk8MT47aTwzPjtpPDU+O2k8Nz47PjtsPHQ8cDxsPFZpc2libGU7PjtsPG88Zj47Pj47Oz47dDxwPHA8bDxWaXNpYmxlOz47bDxvPGY+Oz4+Oz47Oz47dDxwPGw8VmlzaWJsZTs+O2w8bzxmPjs+Pjs7Pjt0PHA8bDxzcmM7PjtsPGltYWdlcy9sb2dpbi5naWY7Pj47Oz47Pj47Pj47Pj47bDxjaGtSZW1lbWJlck1lO2J0bkxvZ2luO1JpZ2h0QmxvY2sxOmJ0bkZpbmRMb2NhdGlvbjs+PsYxG6OSsn7+bgIl9AUWx91ZbwSD" />

<TABLE id="Table3" cellSpacing="0" cellPadding="0" width="800" align="center" border="0">
<TR>
<TD vAlign="top">

<table cellSpacing="0" cellPadding="0" width="800" border="0">
<tr>
<td>
<table cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td width="160"><img height="94" src="images/ip2locationlogo.gif" width="160"></td>
<td vAlign="top">
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td>
<table width="100%" border="0" cellspacing="0" cellpadding="0" height="22">
<tr>
<td width="484" height="22" align="left">
<div style="width: 484px; height: 22px; position: relative;">
<img src="images/logintop.gif" style="border: 0px; position: absolute; z-index: -1; top: 0px; left: 0px;">
<table id="Table1" cellSpacing="0" cellPadding="0" border="0" align="right" style="position: absolute; z-index: 2; top: 0px; right: 0px;">
<tr>
<td width="16" height="22"></td>
<td height="22" class="fontwhitesmall" vAlign="bottom" style="padding-bottom: 2px;"></td>
<td height="22"></td>
</tr>
</table>
</div>
</td>
<td align="right">
<table width="156" height="22" border="0" cellspacing="0" cellpadding="0">
<tr>
<td><a href="shoppingcart.aspx"><img src="images/headerlogin_05.gif" alt="" width="81" height="22" border="0"></a></td>
<td><img src="images/headerlogin_06.gif" width="9" height="22" alt=""></td>
<td><a href="login.aspx"><img src="images/login.gif" id="Header1_imgLogin" width="66" height="22" border="0" /></a></td>
</tr>
</table>
</td>
</tr>
</table>
</td>
</tr>
<tr>
<td align="right"><img src="images/headertop.gif" width="640" height="72"></td>
</tr>
</table>
</td>
</tr>
</table>
</td>
</tr>
<tr>
<td align="center" background="images/menu_bg_02.gif" height="23">
<table cellSpacing="0" cellPadding="0" width="65%" border="0">
<tr>
<td><a class="fontbluesmall" href="default.aspx">HOME</a></td>
<td><img height="23" src="images/seperator.gif" width="2"></td>
<td align="center"><a class="fontbluesmall" href="buyonline.aspx">BUY ONLINE</a></td>
<td><img height="23" src="images/seperator.gif" width="2"></td>
<td align="center"><a class="fontbluesmall" href="developers.aspx">DEVELOPERS</a></td>
<td><img height="23" src="images/seperator.gif" width="2"></td>
<td align="center"><a class="fontbluesmall" href="partners.aspx">PARTNERS</a></td>
<td><img height="23" src="images/seperator.gif" width="2"></td>
<td align="center"><a class="fontbluesmall" href="support.aspx">SUPPORT</a></td>
<td><img height="23" src="images/seperator.gif" width="2"></td>
<td align="center"><A class="fontbluesmall" href="aboutus.aspx">ABOUT US</a></td>
<td><img height="23" src="images/seperator.gif" width="2"></td>
<td align="center"><A class="fontbluesmall" href="contactus.aspx">CONTACT US</a></td>
</tr>
</table>
</td>
</tr>
</table></TD>
</TR>
<TR>
<TD>
<TABLE id="Table2" cellSpacing="0" cellPadding="0" width="100%" border="0">
<TR>
<TD vAlign="top" width="162" bgColor="#e0ebf5">

<table cellSpacing="0" cellPadding="0" width="162" border="0">
<tr>
<td vAlign="top" width="162" bgColor="#e0ebf5">
<table cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td height="1"></td>
</tr>
<tr>
<td><a href="/products.aspx"><img height="24" alt="products" src="/images/dataproducts.gif" width="162" border="0"></a></td>
</tr>
<tr>
<td>
<table class="leftbarborder" cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td vAlign="middle" width="100%">
<table cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td align="center" width="25" bgColor="#b9deff"><a class="border16" href="/ip-country.aspx">DB1</a></td>
<td class="pad" valign="middle"><a class="fontbluesmaller2" href="/ip-country.aspx">IP2Location&trade; IP-<br>Country</a></td>
</tr>
</table>
</td>
</tr>
<tr>
<td bgColor="#73b5ed" height="1"></td>
</tr>
<tr>
<td vAlign="middle" width="100%">
<table cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td align="center" width="25" bgColor="#b9deff"><a class="border16" href="/ip-country-isp.aspx">DB2</a></td>
<td class="pad" vAlign="middle"><a class="fontbluesmaller2" href="/ip-country-isp.aspx">IP2Location&trade; IP-<br>Country-ISP</a></td>
</tr>
</table>
</td>
</tr>
<tr>
<td bgColor="#73b5ed" height="1"></td>
</tr>
<tr>
<td vAlign="middle" width="100%">
<table cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td align="center" width="25" bgColor="#b9deff"><a class="border16" href="/ip-country-region-city.aspx">DB3</a></td>
<td class="pad" vAlign="middle"><a class="fontbluesmaller2" href="/ip-country-region-city.aspx">IP2Location&trade; IP-<br>Country-Region-City</a></td>
</tr>
</table>
</td>
</tr>
<tr>
<td bgColor="#73b5ed" height="1"></td>
</tr>
<tr>
<td vAlign="middle" width="100%">
<table cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td align="center" width="25" bgColor="#b9deff"><a class="border16" href="/ip-country-region-city-isp.aspx">DB4</a></td>
<td class="pad" vAlign="middle"><a class="fontbluesmaller2" href="/ip-country-region-city-isp.aspx">IP2Location&trade; IP-<br>Country-Region-City-ISP </a></td>
</tr>
</table>
</td>
</tr>
<tr>
<td bgColor="#73b5ed" height="1"></td>
</tr>
<tr>
<td vAlign="middle" width="100%">
<table cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td align="center" width="25" bgColor="#b9deff"><a class="border16" href="/ip-country-region-city-latitude-longitude.aspx">DB5</a></td>
<td class="pad" vAlign="middle"><a class="fontbluesmaller2" href="/ip-country-region-city-latitude-longitude.aspx">IP2Location&trade; IP-<br>Country-Region-City-<br>Latitude-Longitude</a></td>
</tr>
</table>
</td>
</tr>
<tr>
<td bgColor="#73b5ed" height="1"></td>
</tr>
<tr>
<td vAlign="middle" width="100%">
<table cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td align="center" width="25" bgColor="#b9deff"><a class="border16" href="/ip-country-region-city-latitude-longitude-isp.aspx">DB6</a></td>
<td class="pad" vAlign="middle"><a class="fontbluesmaller2" href="/ip-country-region-city-latitude-longitude-isp.aspx">IP2Location&trade; IP-<br>Country-Region-City-<br>Latitude-Longitude-ISP </a></td>
</tr>
</table>
</td>
</tr>
<tr>
<td bgColor="#73b5ed" height="1"></td>
</tr>
<tr>
<td vAlign="middle" width="100%">
<table cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td align="center" width="25" bgColor="#b9deff"><a class="border16" href="/ip-country-region-city-isp-domain.aspx">DB7</a></td>
<td class="pad" vAlign="middle"><a class="fontbluesmaller2" href="/ip-country-region-city-isp-domain.aspx">IP2Location&trade; IP-<br>Country-Region-City-<br>ISP-Domain</a></td>
</tr>
</table>
</td>
</tr>
<tr>
<td bgColor="#73b5ed" height="1"></td>
</tr>
<tr>
<td vAlign="middle" width="100%">
<table cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td align="center" width="25" bgColor="#b9deff"><a class="border16" href="/ip-country-region-city-latitude-longitude-isp-domain.aspx">DB8</a></td>
<td class="pad" vAlign="middle"><a class="fontbluesmaller2" href="/ip-country-region-city-latitude-longitude-isp-domain.aspx">IP2Location&trade; IP-<br>Country-Region-City-<br>Latitude-Longitude-ISP-<br>Domain </a></td>
</tr>
</table>
</td>
</tr>
<tr>
<td bgColor="#73b5ed" height="1"></td>
</tr>
<tr>
<td vAlign="middle" width="100%">
<table cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td align="center" width="25" bgColor="#b9deff"><a class="border16" href="/ip-country-region-city-latitude-longitude-zipcode.aspx">DB9</a></td>
<td class="pad" vAlign="middle"><a class="fontbluesmaller2" href="/ip-country-region-city-latitude-longitude-zipcode.aspx">IP2Location&trade; IP-<br>Country-Region-City-<br>Latitude-Longitude-<br>ZIPCode</a></td>
</tr>
</table>
</td>
</tr>
<tr>
<td bgColor="#73b5ed" height="1"></td>
</tr>
<tr>
<td vAlign="middle" width="100%">
<table cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td align="center" width="25" bgColor="#b9deff"><a class="border16" href="/ip-country-region-city-latitude-longitude-zipcode-isp-domain.aspx">DB10</a></td>
<td class="pad" vAlign="middle"><a class="fontbluesmaller2" href="/ip-country-region-city-latitude-longitude-zipcode-isp-domain.aspx">IP2Location&trade; IP-<br>Country-Region-City-<br>Latitude-Longitude-<br>ZIPCode-ISP-<br>Domain </a></td>
</tr>
</table>
</td>
</tr>
<tr>
<td bgColor="#73b5ed" height="1"></td>
</tr>
<tr>
<td vAlign="middle" width="100%">
<table cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td align="center" width="25" bgColor="#b9deff"><a class="border16" href="/ip-country-region-city-latitude-longitude-zipcode-timezone.aspx">DB11</a></td>
<td class="pad" vAlign="middle"><a class="fontbluesmaller2" href="/ip-country-region-city-latitude-longitude-zipcode-timezone.aspx">IP2Location&trade; IP-<br>Country-Region-City-<br>Latitude-Longitude-<br>ZIPCode-Timezone</a></td>
</tr>
</table>
</td>
</tr>
<tr>
<td bgColor="#73b5ed" height="1"></td>
</tr>
<tr>
<td vAlign="middle" width="100%">
<table cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td align="center" width="25" bgColor="#b9deff"><a class="border16" href="/ip-country-region-city-latitude-longitude-zipcode-timezone-isp-domain.aspx">DB12</a></td>
<td class="pad" vAlign="middle"><a class="fontbluesmaller2" href="/ip-country-region-city-latitude-longitude-zipcode-timezone-isp-domain.aspx">IP2Location&trade; IP-<br>Country-Region-City-<br>Latitude-Longitude-<br>ZIPCode-TimeZone<br>-ISP-Domain</a></td>
</tr>
</table>
</td>
</tr>
<tr>
<td bgColor="#73b5ed" height="1"></td>
</tr>
<tr>
<td vAlign="middle" width="100%">
<table cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td align="center" width="25" bgColor="#b9deff"><a class="border16" href="/ip-country-region-city-latitude-longitude-timezone-netspeed.aspx">DB13</a></td>
<td class="pad" vAlign="middle"><a class="fontbluesmaller2" href="/ip-country-region-city-latitude-longitude-timezone-netspeed.aspx">IP2Location&trade; IP-<br>Country-Region-City-<br>Latitude-Longitude-<br>Timezone-Netspeed</a></td>
</tr>
</table>
</td>
</tr>
<tr>
<td bgColor="#73b5ed" height="1"></td>
</tr>
<tr>
<td vAlign="middle" width="100%">
<table cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td align="center" width="25" bgColor="#b9deff"><a class="border16" href="/ip-countr..
ASP.NET Version Disclosure

ASP.NET Version Disclosure

1 TOTAL
LOW
Netsparker identified that the target web server is disclosing ASP.NET version in the HTTP response. This information can help an attacker to develop further attacks and also the system can become an easier target for automated attacks. It was leaked from X-AspNet-Version banner of HTTP response or default ASP.NET error page.

Impact

An attacker can use disclosed information to harvest specific security vulnerabilities for the version identified. The attacker can also use this information in conjunction with the other vulnerabilities in the application or web server.

Remedy

Apply the following changes on your web.config file to prevent information leakage by using custom error pages and removing X-AspNet-Version from HTTP responses.
<System.Web>
     < httpRuntime enableVersionHeader="false" /> 
     <customErrors mode="On" defaultRedirect="~/error/GeneralError.aspx">
          <error statusCode="403" redirect="~/error/Forbidden.aspx" />
          <error statusCode="404" redirect="~/error/PageNotFound.aspx" />
          <error statusCode="500" redirect="~/error/InternalError.aspx" />
     </customErrors>
</System.Web>

Remedy References

- /login.aspx

/login.aspx

http://www.ip2location.com/login.aspx

Extracted Version

X-AspNet-Version: 1.1.4322

Request

GET /login.aspx HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.ip2location.com
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 39762
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-AspNet-Version: 1.1.4322
Set-Cookie: ASP.NET_SessionId=02lv0tqhis4nb255220fq03i; path=/,firstvisit=firstvisit=2011-03-21 9:39:38; expires=Wed, 20-Mar-2013 16:00:00 GMT; path=/
Date: Mon, 21 Mar 2011 01:39:38 GMT



<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML>
<HEAD>
<title>Login Page</title>
<meta name="description" content="Please login to download the latest IP2Location&trade; database and application for IP to Country, Region, City, Latitude, Longitude, ZIPCode, TimeZone, ISP, Domain, Netspeed Database, ActiveX/COM DLL, IP-Country Web Service, .NET Component and Java Component.">
<meta name="keywords" content="login, login, page, secure login, ip address locator, ip search, ip address location, check ip, ip look up, ip address search">
<LINK href="style.css" type="text/css" rel="stylesheet">
</HEAD>
<body>
<form name="Form1" method="post" action="login.aspx" id="Form1">
<input type="hidden" name="__VIEWSTATE" value="dDwxOTY1MDU3OTYwO3Q8O2w8aTwxPjs+O2w8dDw7bDxpPDE+Oz47bDx0PDtsPGk8MT47aTwzPjtpPDU+O2k8Nz47PjtsPHQ8cDxsPFZpc2libGU7PjtsPG88Zj47Pj47Oz47dDxwPHA8bDxWaXNpYmxlOz47bDxvPGY+Oz4+Oz47Oz47dDxwPGw8VmlzaWJsZTs+O2w8bzxmPjs+Pjs7Pjt0PHA8bDxzcmM7PjtsPGltYWdlcy9sb2dpbi5naWY7Pj47Oz47Pj47Pj47Pj47bDxjaGtSZW1lbWJlck1lO2J0bkxvZ2luO1JpZ2h0QmxvY2sxOmJ0bkZpbmRMb2NhdGlvbjs+PsYxG6OSsn7+bgIl9AUWx91ZbwSD" />

<TABLE id="Table3" cellSpacing="0" cellPadding="0" width="800" align="center" border="0">
<TR>
<TD vAlign="top">

<table cellSpacing="0" cellPadding="0" width="800" border="0">
<tr>
<td>
<table cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td width="160"><img height="94" src="images/ip2locationlogo.gif" width="160"></td>
<td vAlign="top">
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td>
<table width="100%" border="0" cellspacing="0" cellpadding="0" height="22">
<tr>
<td width="484" height="22" align="left">
<div style="width: 484px; height: 22px; position: relative;">
<img src="images/logintop.gif" style="border: 0px; position: absolute; z-index: -1; top: 0px; left: 0px;">
<table id="Table1" cellSpacing="0" cellPadding="0" border="0" align="right" style="position: absolute; z-index: 2; top: 0px; right: 0px;">
<tr>
<td width="16" height="22"></td>
<td height="22" class="fontwhitesmall" vAlign="bottom" style="padding-bottom: 2px;"></td>
<td height="22"></td>
</tr>
</table>
</div>
</td>
<td align="right">
<table width="156" height="22" border="0" cellspacing="0" cellpadding="0">
<tr>
<td><a href="shoppingcart.aspx"><img src="images/headerlogin_05.gif" alt="" width="81" height="22" border="0"></a></td>
<td><img src="images/headerlogin_06.gif" width="9" height="22" alt=""></td>
<td><a href="login.aspx"><img src="images/login.gif" id="Header1_imgLogin" width="66" height="22" border="0" /></a></td>
</tr>
</table>
</td>
</tr>
</table>
</td>
</tr>
<tr>
<td align="right"><img src="images/headertop.gif" width="640" height="72"></td>
</tr>
</table>
</td>
</tr>
</table>
</td>
</tr>
<tr>
<td align="center" background="images/menu_bg_02.gif" height="23">
<table cellSpacing="0" cellPadding="0" width="65%" border="0">
<tr>
<td><a class="fontbluesmall" href="default.aspx">HOME</a></td>
<td><img height="23" src="images/seperator.gif" width="2"></td>
<td align="center"><a class="fontbluesmall" href="buyonline.aspx">BUY ONLINE</a></td>
<td><img height="23" src="images/seperator.gif" width="2"></td>
<td align="center"><a class="fontbluesmall" href="developers.aspx">DEVELOPERS</a></td>
<td><img height="23" src="images/seperator.gif" width="2"></td>
<td align="center"><a class="fontbluesmall" href="partners.aspx">PARTNERS</a></td>
<td><img height="23" src="images/seperator.gif" width="2"></td>
<td align="center"><a class="fontbluesmall" href="support.aspx">SUPPORT</a></td>
<td><img height="23" src="images/seperator.gif" width="2"></td>
<td align="center"><A class="fontbluesmall" href="aboutus.aspx">ABOUT US</a></td>
<td><img height="23" src="images/seperator.gif" width="2"></td>
<td align="center"><A class="fontbluesmall" href="contactus.aspx">CONTACT US</a></td>
</tr>
</table>
</td>
</tr>
</table></TD>
</TR>
<TR>
<TD>
<TABLE id="Table2" cellSpacing="0" cellPadding="0" width="100%" border="0">
<TR>
<TD vAlign="top" width="162" bgColor="#e0ebf5">

<table cellSpacing="0" cellPadding="0" width="162" border="0">
<tr>
<td vAlign="top" width="162" bgColor="#e0ebf5">
<table cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td height="1"></td>
</tr>
<tr>
<td><a href="/products.aspx"><img height="24" alt="products" src="/images/dataproducts.gif" width="162" border="0"></a></td>
</tr>
<tr>
<td>
<table class="leftbarborder" cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td vAlign="middle" width="100%">
<table cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td align="center" width="25" bgColor="#b9deff"><a class="border16" href="/ip-country.aspx">DB1</a></td>
<td class="pad" valign="middle"><a class="fontbluesmaller2" href="/ip-country.aspx">IP2Location&trade; IP-<br>Country</a></td>
</tr>
</table>
</td>
</tr>
<tr>
<td bgColor="#73b5ed" height="1"></td>
</tr>
<tr>
<td vAlign="middle" width="100%">
<table cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td align="center" width="25" bgColor="#b9deff"><a class="border16" href="/ip-country-isp.aspx">DB2</a></td>
<td class="pad" vAlign="middle"><a class="fontbluesmaller2" href="/ip-country-isp.aspx">IP2Location&trade; IP-<br>Country-ISP</a></td>
</tr>
</table>
</td>
</tr>
<tr>
<td bgColor="#73b5ed" height="1"></td>
</tr>
<tr>
<td vAlign="middle" width="100%">
<table cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td align="center" width="25" bgColor="#b9deff"><a class="border16" href="/ip-country-region-city.aspx">DB3</a></td>
<td class="pad" vAlign="middle"><a class="fontbluesmaller2" href="/ip-country-region-city.aspx">IP2Location&trade; IP-<br>Country-Region-City</a></td>
</tr>
</table>
</td>
</tr>
<tr>
<td bgColor="#73b5ed" height="1"></td>
</tr>
<tr>
<td vAlign="middle" width="100%">
<table cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td align="center" width="25" bgColor="#b9deff"><a class="border16" href="/ip-country-region-city-isp.aspx">DB4</a></td>
<td class="pad" vAlign="middle"><a class="fontbluesmaller2" href="/ip-country-region-city-isp.aspx">IP2Location&trade; IP-<br>Country-Region-City-ISP </a></td>
</tr>
</table>
</td>
</tr>
<tr>
<td bgColor="#73b5ed" height="1"></td>
</tr>
<tr>
<td vAlign="middle" width="100%">
<table cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td align="center" width="25" bgColor="#b9deff"><a class="border16" href="/ip-country-region-city-latitude-longitude.aspx">DB5</a></td>
<td class="pad" vAlign="middle"><a class="fontbluesmaller2" href="/ip-country-region-city-latitude-longitude.aspx">IP2Location&trade; IP-<br>Country-Region-City-<br>Latitude-Longitude</a></td>
</tr>
</table>
</td>
</tr>
<tr>
<td bgColor="#73b5ed" height="1"></td>
</tr>
<tr>
<td vAlign="middle" width="100%">
<table cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td align="center" width="25" bgColor="#b9deff"><a class="border16" href="/ip-country-region-city-latitude-longitude-isp.aspx">DB6</a></td>
<td class="pad" vAlign="middle"><a class="fontbluesmaller2" href="/ip-country-region-city-latitude-longitude-isp.aspx">IP2Location&trade; IP-<br>Country-Region-City-<br>Latitude-Longitude-ISP </a></td>
</tr>
</table>
</td>
</tr>
<tr>
<td bgColor="#73b5ed" height="1"></td>
</tr>
<tr>
<td vAlign="middle" width="100%">
<table cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td align="center" width="25" bgColor="#b9deff"><a class="border16" href="/ip-country-region-city-isp-domain.aspx">DB7</a></td>
<td class="pad" vAlign="middle"><a class="fontbluesmaller2" href="/ip-country-region-city-isp-domain.aspx">IP2Location&trade; IP-<br>Country-Region-City-<br>ISP-Domain</a></td>
</tr>
</table>
</td>
</tr>
<tr>
<td bgColor="#73b5ed" height="1"></td>
</tr>
<tr>
<td vAlign="middle" width="100%">
<table cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td align="center" width="25" bgColor="#b9deff"><a class="border16" href="/ip-country-region-city-latitude-longitude-isp-domain.aspx">DB8</a></td>
<td class="pad" vAlign="middle"><a class="fontbluesmaller2" href="/ip-country-region-city-latitude-longitude-isp-domain.aspx">IP2Location&trade; IP-<br>Country-Region-City-<br>Latitude-Longitude-ISP-<br>Domain </a></td>
</tr>
</table>
</td>
</tr>
<tr>
<td bgColor="#73b5ed" height="1"></td>
</tr>
<tr>
<td vAlign="middle" width="100%">
<table cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td align="center" width="25" bgColor="#b9deff"><a class="border16" href="/ip-country-region-city-latitude-longitude-zipcode.aspx">DB9</a></td>
<td class="pad" vAlign="middle"><a class="fontbluesmaller2" href="/ip-country-region-city-latitude-longitude-zipcode.aspx">IP2Location&trade; IP-<br>Country-Region-City-<br>Latitude-Longitude-<br>ZIPCode</a></td>
</tr>
</table>
</td>
</tr>
<tr>
<td bgColor="#73b5ed" height="1"></td>
</tr>
<tr>
<td vAlign="middle" width="100%">
<table cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td align="center" width="25" bgColor="#b9deff"><a class="border16" href="/ip-country-region-city-latitude-longitude-zipcode-isp-domain.aspx">DB10</a></td>
<td class="pad" vAlign="middle"><a class="fontbluesmaller2" href="/ip-country-region-city-latitude-longitude-zipcode-isp-domain.aspx">IP2Location&trade; IP-<br>Country-Region-City-<br>Latitude-Longitude-<br>ZIPCode-ISP-<br>Domain </a></td>
</tr>
</table>
</td>
</tr>
<tr>
<td bgColor="#73b5ed" height="1"></td>
</tr>
<tr>
<td vAlign="middle" width="100%">
<table cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td align="center" width="25" bgColor="#b9deff"><a class="border16" href="/ip-country-region-city-latitude-longitude-zipcode-timezone.aspx">DB11</a></td>
<td class="pad" vAlign="middle"><a class="fontbluesmaller2" href="/ip-country-region-city-latitude-longitude-zipcode-timezone.aspx">IP2Location&trade; IP-<br>Country-Region-City-<br>Latitude-Longitude-<br>ZIPCode-Timezone</a></td>
</tr>
</table>
</td>
</tr>
<tr>
<td bgColor="#73b5ed" height="1"></td>
</tr>
<tr>
<td vAlign="middle" width="100%">
<table cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td align="center" width="25" bgColor="#b9deff"><a class="border16" href="/ip-country-region-city-latitude-longitude-zipcode-timezone-isp-domain.aspx">DB12</a></td>
<td class="pad" vAlign="middle"><a class="fontbluesmaller2" href="/ip-country-region-city-latitude-longitude-zipcode-timezone-isp-domain.aspx">IP2Location&trade; IP-<br>Country-Region-City-<br>Latitude-Longitude-<br>ZIPCode-TimeZone<br>-ISP-Domain</a></td>
</tr>
</table>
</td>
</tr>
<tr>
<td bgColor="#73b5ed" height="1"></td>
</tr>
<tr>
<td vAlign="middle" width="100%">
<table cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td align="center" width="25" bgColor="#b9deff"><a class="border16" href="/ip-country-region-city-latitude-longitude-timezone-netspeed.aspx">DB13</a></td>
<td class="pad" vAlign="middle"><a class="fontbluesmaller2" href="/ip-country-region-city-latitude-longitude-timezone-netspeed.aspx">IP2Location&trade; IP-<br>Country-Region-City-<br>Latitude-Longitude-<br>Timezone-Netspeed</a></td>
</tr>
</table>
</td>
</tr>
<tr>
<td bgColor="#73b5ed" height="1"></td>
</tr>
<tr>
<td vAlign="middle" width="100%">
<table cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td align="center" width="25" bgColor="#b9deff"><a class="border16" href="/ip-countr..
ASP.NET Stack Trace Disclosure

ASP.NET Stack Trace Disclosure

1 TOTAL
LOW
Netsparker identified that the target web server is disclosing ASP.NET stack trace data in the HTTP response.

Impact

An attacker can obtain information such as: This information can help an attacker to gain more information and to potentially focus the development of further attacks for the target system.

Remedy

Apply following changes on your web.config file to prevent information leakage by applying custom error pages.
<System.Web>
     <customErrors mode="On" defaultRedirect="~/error/GeneralError.aspx">
          <error statusCode="403" redirect="~/error/Forbidden.aspx" />
          <error statusCode="404" redirect="~/error/PageNotFound.aspx" />
          <error statusCode="500" redirect="~/error/InternalError.aspx" />
     </customErrors>
</System.Web>

Remedy References

- /login.aspx

/login.aspx

http://www.ip2location.com/login.aspx?__VIEWSTATE=dDwxOTY1MDU3OTYwO3Q8O2w8aTwxPjs%2bO2w8dDw7bDxpPDE%..

Parameters

Parameter Type Value
__VIEWSTATE GET dDwxOTY1MDU3OTYwO3Q8O2w8aTwxPjs+O2w8dDw7bDxpPDE+Oz47bDx0PDtsPGk8MT47aTwzPjtpPDU+O2k8Nz47PjtsPHQ8cDxsPFZpc2libGU7PjtsPG88Zj47Pj47Oz47dDxwPHA8bDxWaXNpYmxlOz47bDxvPGY+Oz4+Oz47Oz47dDxwPGw8VmlzaWJsZTs+O2w8bzxmPjs+Pjs7Pjt0PHA8bDxzcmM7PjtsPGltYWdlcy9sb2dpbi5naWY7Pj47Oz47Pj47Pj47Pj47bDxjaGtSZW1lbWJlck1lO2J0bkxvZ2luO1JpZ2h0QmxvY2sxOmJ0bkZpbmRMb2NhdGlvbjs+PsYxG6OSsn7+bgIl9AUWx91ZbwSD
btnLogin GET '"--></style></script><script>netsparker(0x0004B6)</script>
chkRememberMe GET 3
RightBlock1:btnFindLocation GET 3
RightBlock1:txtLookup GET 173.193.214.243
txtEmailAddress GET netsparker@example.com
txtPassword GET 3

Request

GET /login.aspx?__VIEWSTATE=dDwxOTY1MDU3OTYwO3Q8O2w8aTwxPjs%2bO2w8dDw7bDxpPDE%2bOz47bDx0PDtsPGk8MT47aTwzPjtpPDU%2bO2k8Nz47PjtsPHQ8cDxsPFZpc2libGU7PjtsPG88Zj47Pj47Oz47dDxwPHA8bDxWaXNpYmxlOz47bDxvPGY%2bOz4%2bOz47Oz47dDxwPGw8VmlzaWJsZTs%2bO2w8bzxmPjs%2bPjs7Pjt0PHA8bDxzcmM7PjtsPGltYWdlcy9sb2dpbi5naWY7Pj47Oz47Pj47Pj47Pj47bDxjaGtSZW1lbWJlck1lO2J0bkxvZ2luO1JpZ2h0QmxvY2sxOmJ0bkZpbmRMb2NhdGlvbjs%2bPsYxG6OSsn7%2bbgIl9AUWx91ZbwSD&btnLogin='%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0004B6)%3C/script%3E&chkRememberMe=3&RightBlock1:btnFindLocation=3&RightBlock1:txtLookup=173.193.214.243&txtEmailAddress=netsparker@example.com&txtPassword=3 HTTP/1.1
Referer: http://www.ip2location.com/login.aspx
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.ip2location.com
Cookie: ASP.NET_SessionId=hvn3ghec0iybbw45uquc4s3c; firstvisit=firstvisit=2011-03-21 9:41:53; ip2locationshoppingcart=91=1&88=1; ASPSESSIONIDCCCSTRCB=GKOODNEDCMMAHMENGLCOFLEF
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 500 Internal Server Error
Date: Mon, 21 Mar 2011 01:42:39 GMT
Server: Microsoft-IIS/6.0
X-AspNet-Version: 1.1.4322
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 5264


<html>
<head>
<title>A potentially dangerous Request.QueryString value was detected from the client (btnLogin=&quot;'&quot;--&gt;&lt;/style&gt;&lt;/script&gt;&lt;sc...&quot;).</title>
<style>
body {font-family:"Verdana";font-weight:normal;font-size: .7em;color:black;}
p {font-family:"Verdana";font-weight:normal;color:black;margin-top: -5px}
b {font-family:"Verdana";font-weight:bold;color:black;margin-top: -5px}
H1 { font-family:"Verdana";font-weight:normal;font-size:18pt;color:red }
H2 { font-family:"Verdana";font-weight:normal;font-size:14pt;color:maroon }
pre {font-family:"Lucida Console";font-size: .9em}
.marker {font-weight: bold; color: black;text-decoration: none;}
.version {color: gray;}
.error {margin-bottom: 10px;}
.expandable { text-decoration:underline; font-weight:bold; color:navy; cursor:hand; }
</style>
</head>

<body bgcolor="white">

<span><H1>Server Error in '/' Application.<hr width=100% size=1 color=silver></H1>

<h2> <i>A potentially dangerous Request.QueryString value was detected from the client (btnLogin=&quot;'&quot;--&gt;&lt;/style&gt;&lt;/script&gt;&lt;sc...&quot;).</i> </h2></span>

<font face="Arial, Helvetica, Geneva, SunSans-Regular, sans-serif ">

<b> Description: </b>Request Validation has detected a potentially dangerous client input value, and processing of the request has been aborted. This value may indicate an attempt to compromise the security of your application, such as a cross-site scripting attack. You can disable request validation by setting validateRequest=false in the Page directive or in the <pages> configuration section. However, it is strongly recommended that your application explicitly check all inputs in this case.
<br><br>

<b> Exception Details: </b>System.Web.HttpRequestValidationException: A potentially dangerous Request.QueryString value was detected from the client (btnLogin=&quot;'&quot;--&gt;&lt;/style&gt;&lt;/script&gt;&lt;sc...&quot;).<br><br>

<b>Source Error:</b> <br><br>

<table width=100% bgcolor="#ffffcc">
<tr>
<td>
<code>

An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.</code>

</td>
</tr>
</table>

<br>

<b>Stack Trace:</b> <br><br>

<table width=100% bgcolor="#ffffcc">
<tr>
<td>
<code><pre>

[HttpRequestValidationException (0x80004005): A potentially dangerous Request.QueryString value was detected from the client (btnLogin=&quot;'&quot;--&gt;&lt;/style&gt;&lt;/script&gt;&lt;sc...&quot;).]
System.Web.HttpRequest.ValidateString(String s, String valueName, String collectionName) +240
System.Web.HttpRequest.ValidateNameValueCollection(NameValueCollection nvc, String collectionName) +99
System.Web.HttpRequest.get_QueryString() +122
System.Web.UI.Page.GetCollectionBasedOnMethod() +85
System.Web.UI.Page.DeterminePostBackMode() +128
System.Web.UI.Page.ProcessRequestMain() +2112
System.Web.UI.Page.ProcessRequest() +218
System.Web.UI.Page.ProcessRequest(HttpContext context) +18
System.Web.CallHandlerExecutionStep.System.Web.HttpApplication+IExecutionStep.Execute() +179
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean&amp; completedSynchronously) +87
</pre></code>

</td>
</tr>
</table>

<br>

<hr width=100% size=1 color=silver>

<b>Version Information:</b>&nbsp;Microsoft .NET Framework Version:1.1.4322.2443; ASP.NET Version:1.1.4322.2470

</font>

</body>
</html>
<!--
[HttpRequestValidationException]: A potentially dangerous Request.QueryString value was detected from the client (btnLogin=&quot;'&quot;--&gt;&lt;/style&gt;&lt;/script&gt;&lt;sc...&quot;).
at System.Web.HttpRequest.ValidateString(String s, String valueName, String collectionName)
at System.Web.HttpRequest.ValidateNameValueCollection(NameValueCollection nvc, String collectionName)
at System.Web.HttpRequest.get_QueryString()
at System.Web.UI.Page.GetCollectionBasedOnMethod()
at System.Web.UI.Page.DeterminePostBackMode()
at System.Web.UI.Page.ProcessRequestMain()
at System.Web.UI.Page.ProcessRequest()
at System.Web.UI.Page.ProcessRequest(HttpContext context)
at System.Web.CallHandlerExecutionStep.System.Web.HttpApplication+IExecutionStep.Execute()
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
--><!--
This error page might contain sensitive information because ASP.NET is configured to show verbose error messages using &lt;customErrors mode="Off"/&gt;. Consider using &lt;customErrors mode="On"/&gt; or &lt;customErrors mode="RemoteOnly"/&gt; in production environments.-->
ViewState is not Encrypted

ViewState is not Encrypted

1 TOTAL
LOW
Netsparker identified that the target web application doesn't use encryption on ViewState data.

Impact

An attacker can study the application's state management logic for possible vulnerabilities and if your application stores application-critical information in the ViewState; it will also be revealed.

Remedy

ASP.NET provides encryption for ViewState parameters.

For page based protection, place the following directive at the top of affected page.
<%@Page ViewStateEncryptionMode="Always" %>
You can also set this option for the whole application by using web.config files. Apply the following configuration for your application's web.config file.
<System.Web>
	<pages viewStateEncryptionMode="Always"> 
</System.Web>      

Remedy References

- /login.aspx

/login.aspx

http://www.ip2location.com/login.aspx

ViewState Version

.NET Framework 1.x

Request

GET /login.aspx HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.ip2location.com
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 39762
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-AspNet-Version: 1.1.4322
Set-Cookie: ASP.NET_SessionId=02lv0tqhis4nb255220fq03i; path=/,firstvisit=firstvisit=2011-03-21 9:39:38; expires=Wed, 20-Mar-2013 16:00:00 GMT; path=/
Date: Mon, 21 Mar 2011 01:39:38 GMT



<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML>
<HEAD>
<title>Login Page</title>
<meta name="description" content="Please login to download the latest IP2Location&trade; database and application for IP to Country, Region, City, Latitude, Longitude, ZIPCode, TimeZone, ISP, Domain, Netspeed Database, ActiveX/COM DLL, IP-Country Web Service, .NET Component and Java Component.">
<meta name="keywords" content="login, login, page, secure login, ip address locator, ip search, ip address location, check ip, ip look up, ip address search">
<LINK href="style.css" type="text/css" rel="stylesheet">
</HEAD>
<body>
<form name="Form1" method="post" action="login.aspx" id="Form1">
<input type="hidden" name="__VIEWSTATE" value="dDwxOTY1MDU3OTYwO3Q8O2w8aTwxPjs+O2w8dDw7bDxpPDE+Oz47bDx0PDtsPGk8MT47aTwzPjtpPDU+O2k8Nz47PjtsPHQ8cDxsPFZpc2libGU7PjtsPG88Zj47Pj47Oz47dDxwPHA8bDxWaXNpYmxlOz47bDxvPGY+Oz4+Oz47Oz47dDxwPGw8VmlzaWJsZTs+O2w8bzxmPjs+Pjs7Pjt0PHA8bDxzcmM7PjtsPGltYWdlcy9sb2dpbi5naWY7Pj47Oz47Pj47Pj47Pj47bDxjaGtSZW1lbWJlck1lO2J0bkxvZ2luO1JpZ2h0QmxvY2sxOmJ0bkZpbmRMb2NhdGlvbjs+PsYxG6OSsn7+bgIl9AUWx91ZbwSD" />

<TABLE id="Table3" cellSpacing="0" cellPadding="0" width="800" align="center" border="0">
<TR>
<TD vAlign="top">

<table cellSpacing="0" cellPadding="0" width="800" border="0">
<tr>
<td>
<table cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td width="160"><img height="94" src="images/ip2locationlogo.gif" width="160"></td>
<td vAlign="top">
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td>
<table width="100%" border="0" cellspacing="0" cellpadding="0" height="22">
<tr>
<td width="484" height="22" align="left">
<div style="width: 484px; height: 22px; position: relative;">
<img src="images/logintop.gif" style="border: 0px; position: absolute; z-index: -1; top: 0px; left: 0px;">
<table id="Table1" cellSpacing="0" cellPadding="0" border="0" align="right" style="position: absolute; z-index: 2; top: 0px; right: 0px;">
<tr>
<td width="16" height="22"></td>
<td height="22" class="fontwhitesmall" vAlign="bottom" style="padding-bottom: 2px;"></td>
<td height="22"></td>
</tr>
</table>
</div>
</td>
<td align="right">
<table width="156" height="22" border="0" cellspacing="0" cellpadding="0">
<tr>
<td><a href="shoppingcart.aspx"><img src="images/headerlogin_05.gif" alt="" width="81" height="22" border="0"></a></td>
<td><img src="images/headerlogin_06.gif" width="9" height="22" alt=""></td>
<td><a href="login.aspx"><img src="images/login.gif" id="Header1_imgLogin" width="66" height="22" border="0" /></a></td>
</tr>
</table>
</td>
</tr>
</table>
</td>
</tr>
<tr>
<td align="right"><img src="images/headertop.gif" width="640" height="72"></td>
</tr>
</table>
</td>
</tr>
</table>
</td>
</tr>
<tr>
<td align="center" background="images/menu_bg_02.gif" height="23">
<table cellSpacing="0" cellPadding="0" width="65%" border="0">
<tr>
<td><a class="fontbluesmall" href="default.aspx">HOME</a></td>
<td><img height="23" src="images/seperator.gif" width="2"></td>
<td align="center"><a class="fontbluesmall" href="buyonline.aspx">BUY ONLINE</a></td>
<td><img height="23" src="images/seperator.gif" width="2"></td>
<td align="center"><a class="fontbluesmall" href="developers.aspx">DEVELOPERS</a></td>
<td><img height="23" src="images/seperator.gif" width="2"></td>
<td align="center"><a class="fontbluesmall" href="partners.aspx">PARTNERS</a></td>
<td><img height="23" src="images/seperator.gif" width="2"></td>
<td align="center"><a class="fontbluesmall" href="support.aspx">SUPPORT</a></td>
<td><img height="23" src="images/seperator.gif" width="2"></td>
<td align="center"><A class="fontbluesmall" href="aboutus.aspx">ABOUT US</a></td>
<td><img height="23" src="images/seperator.gif" width="2"></td>
<td align="center"><A class="fontbluesmall" href="contactus.aspx">CONTACT US</a></td>
</tr>
</table>
</td>
</tr>
</table></TD>
</TR>
<TR>
<TD>
<TABLE id="Table2" cellSpacing="0" cellPadding="0" width="100%" border="0">
<TR>
<TD vAlign="top" width="162" bgColor="#e0ebf5">

<table cellSpacing="0" cellPadding="0" width="162" border="0">
<tr>
<td vAlign="top" width="162" bgColor="#e0ebf5">
<table cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td height="1"></td>
</tr>
<tr>
<td><a href="/products.aspx"><img height="24" alt="products" src="/images/dataproducts.gif" width="162" border="0"></a></td>
</tr>
<tr>
<td>
<table class="leftbarborder" cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td vAlign="middle" width="100%">
<table cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td align="center" width="25" bgColor="#b9deff"><a class="border16" href="/ip-country.aspx">DB1</a></td>
<td class="pad" valign="middle"><a class="fontbluesmaller2" href="/ip-country.aspx">IP2Location&trade; IP-<br>Country</a></td>
</tr>
</table>
</td>
</tr>
<tr>
<td bgColor="#73b5ed" height="1"></td>
</tr>
<tr>
<td vAlign="middle" width="100%">
<table cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td align="center" width="25" bgColor="#b9deff"><a class="border16" href="/ip-country-isp.aspx">DB2</a></td>
<td class="pad" vAlign="middle"><a class="fontbluesmaller2" href="/ip-country-isp.aspx">IP2Location&trade; IP-<br>Country-ISP</a></td>
</tr>
</table>
</td>
</tr>
<tr>
<td bgColor="#73b5ed" height="1"></td>
</tr>
<tr>
<td vAlign="middle" width="100%">
<table cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td align="center" width="25" bgColor="#b9deff"><a class="border16" href="/ip-country-region-city.aspx">DB3</a></td>
<td class="pad" vAlign="middle"><a class="fontbluesmaller2" href="/ip-country-region-city.aspx">IP2Location&trade; IP-<br>Country-Region-City</a></td>
</tr>
</table>
</td>
</tr>
<tr>
<td bgColor="#73b5ed" height="1"></td>
</tr>
<tr>
<td vAlign="middle" width="100%">
<table cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td align="center" width="25" bgColor="#b9deff"><a class="border16" href="/ip-country-region-city-isp.aspx">DB4</a></td>
<td class="pad" vAlign="middle"><a class="fontbluesmaller2" href="/ip-country-region-city-isp.aspx">IP2Location&trade; IP-<br>Country-Region-City-ISP </a></td>
</tr>
</table>
</td>
</tr>
<tr>
<td bgColor="#73b5ed" height="1"></td>
</tr>
<tr>
<td vAlign="middle" width="100%">
<table cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td align="center" width="25" bgColor="#b9deff"><a class="border16" href="/ip-country-region-city-latitude-longitude.aspx">DB5</a></td>
<td class="pad" vAlign="middle"><a class="fontbluesmaller2" href="/ip-country-region-city-latitude-longitude.aspx">IP2Location&trade; IP-<br>Country-Region-City-<br>Latitude-Longitude</a></td>
</tr>
</table>
</td>
</tr>
<tr>
<td bgColor="#73b5ed" height="1"></td>
</tr>
<tr>
<td vAlign="middle" width="100%">
<table cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td align="center" width="25" bgColor="#b9deff"><a class="border16" href="/ip-country-region-city-latitude-longitude-isp.aspx">DB6</a></td>
<td class="pad" vAlign="middle"><a class="fontbluesmaller2" href="/ip-country-region-city-latitude-longitude-isp.aspx">IP2Location&trade; IP-<br>Country-Region-City-<br>Latitude-Longitude-ISP </a></td>
</tr>
</table>
</td>
</tr>
<tr>
<td bgColor="#73b5ed" height="1"></td>
</tr>
<tr>
<td vAlign="middle" width="100%">
<table cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td align="center" width="25" bgColor="#b9deff"><a class="border16" href="/ip-country-region-city-isp-domain.aspx">DB7</a></td>
<td class="pad" vAlign="middle"><a class="fontbluesmaller2" href="/ip-country-region-city-isp-domain.aspx">IP2Location&trade; IP-<br>Country-Region-City-<br>ISP-Domain</a></td>
</tr>
</table>
</td>
</tr>
<tr>
<td bgColor="#73b5ed" height="1"></td>
</tr>
<tr>
<td vAlign="middle" width="100%">
<table cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td align="center" width="25" bgColor="#b9deff"><a class="border16" href="/ip-country-region-city-latitude-longitude-isp-domain.aspx">DB8</a></td>
<td class="pad" vAlign="middle"><a class="fontbluesmaller2" href="/ip-country-region-city-latitude-longitude-isp-domain.aspx">IP2Location&trade; IP-<br>Country-Region-City-<br>Latitude-Longitude-ISP-<br>Domain </a></td>
</tr>
</table>
</td>
</tr>
<tr>
<td bgColor="#73b5ed" height="1"></td>
</tr>
<tr>
<td vAlign="middle" width="100%">
<table cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td align="center" width="25" bgColor="#b9deff"><a class="border16" href="/ip-country-region-city-latitude-longitude-zipcode.aspx">DB9</a></td>
<td class="pad" vAlign="middle"><a class="fontbluesmaller2" href="/ip-country-region-city-latitude-longitude-zipcode.aspx">IP2Location&trade; IP-<br>Country-Region-City-<br>Latitude-Longitude-<br>ZIPCode</a></td>
</tr>
</table>
</td>
</tr>
<tr>
<td bgColor="#73b5ed" height="1"></td>
</tr>
<tr>
<td vAlign="middle" width="100%">
<table cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td align="center" width="25" bgColor="#b9deff"><a class="border16" href="/ip-country-region-city-latitude-longitude-zipcode-isp-domain.aspx">DB10</a></td>
<td class="pad" vAlign="middle"><a class="fontbluesmaller2" href="/ip-country-region-city-latitude-longitude-zipcode-isp-domain.aspx">IP2Location&trade; IP-<br>Country-Region-City-<br>Latitude-Longitude-<br>ZIPCode-ISP-<br>Domain </a></td>
</tr>
</table>
</td>
</tr>
<tr>
<td bgColor="#73b5ed" height="1"></td>
</tr>
<tr>
<td vAlign="middle" width="100%">
<table cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td align="center" width="25" bgColor="#b9deff"><a class="border16" href="/ip-country-region-city-latitude-longitude-zipcode-timezone.aspx">DB11</a></td>
<td class="pad" vAlign="middle"><a class="fontbluesmaller2" href="/ip-country-region-city-latitude-longitude-zipcode-timezone.aspx">IP2Location&trade; IP-<br>Country-Region-City-<br>Latitude-Longitude-<br>ZIPCode-Timezone</a></td>
</tr>
</table>
</td>
</tr>
<tr>
<td bgColor="#73b5ed" height="1"></td>
</tr>
<tr>
<td vAlign="middle" width="100%">
<table cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td align="center" width="25" bgColor="#b9deff"><a class="border16" href="/ip-country-region-city-latitude-longitude-zipcode-timezone-isp-domain.aspx">DB12</a></td>
<td class="pad" vAlign="middle"><a class="fontbluesmaller2" href="/ip-country-region-city-latitude-longitude-zipcode-timezone-isp-domain.aspx">IP2Location&trade; IP-<br>Country-Region-City-<br>Latitude-Longitude-<br>ZIPCode-TimeZone<br>-ISP-Domain</a></td>
</tr>
</table>
</td>
</tr>
<tr>
<td bgColor="#73b5ed" height="1"></td>
</tr>
<tr>
<td vAlign="middle" width="100%">
<table cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td align="center" width="25" bgColor="#b9deff"><a class="border16" href="/ip-country-region-city-latitude-longitude-timezone-netspeed.aspx">DB13</a></td>
<td class="pad" vAlign="middle"><a class="fontbluesmaller2" href="/ip-country-region-city-latitude-longitude-timezone-netspeed.aspx">IP2Location&trade; IP-<br>Country-Region-City-<br>Latitude-Longitude-<br>Timezone-Netspeed</a></td>
</tr>
</table>
</td>
</tr>
<tr>
<td bgColor="#73b5ed" height="1"></td>
</tr>
<tr>
<td vAlign="middle" width="100%">
<table cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td align="center" width="25" bgColor="#b9deff"><a class="border16" href="/ip-countr..
[Possible] Internal IP Address Leakage

[Possible] Internal IP Address Leakage

1 TOTAL
LOW
Netsparker discovered an internal IP address in the page. It was not determined if the IP address was that of the system itself or that of an internal network.

Impact

This kind of information can be useful for an attacker when combined with other vulnerabilities.

Remedy

First ensure that this is not a false positive. Due to the nature of the issue. Netsparker could not confirm that this IP address was actually the real internal IP address of the target web server or internal network. If it is then consider removing it.
- /ip-address-quick-reference-guide.aspx

/ip-address-quick-reference-guide.aspx

http://www.ip2location.com/ip-address-quick-reference-guide.aspx

Extracted IP Address(es)

Request

GET /ip-address-quick-reference-guide.aspx HTTP/1.1
Referer: http://www.ip2location.com/login.aspx
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.ip2location.com
Cookie: ASP.NET_SessionId=hvn3ghec0iybbw45uquc4s3c; firstvisit=firstvisit=2011-03-21 9:39:35
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 18951
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-AspNet-Version: 1.1.4322
Date: Mon, 21 Mar 2011 01:41:08 GMT



<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML>
<HEAD>
<title>IP Address Quick Reference Guide</title>
<meta content="IP2Location&trade; IP Address Quick Reference Guide. Download and Print IP Address Command Syntax in Windows, DOS, Linux and Unix Quick Reference Guide. Request IP Address Quick Reference Guide in PDF Format." name="description">
<meta content="IP command, IP commands, IP addressing commands, TCP/IP commands, TCP/IP quick reference, DOS/Windosw IP Commands, Unix IP Commands, Linux IP Commands, TCP/IP configuration commands, IP command reference" name="keywords">
<LINK href="style.css" type="text/css" rel="stylesheet">
</HEAD>
<body >
<form name="Form1" method="post" action="ip-address-quick-reference-guide.aspx" id="Form1" onSubmit="document.getElementById('txtSecurityCode').value='28240';">
<input type="hidden" name="__VIEWSTATE" value="dDwtNDE4MDQ5Nzg4O3Q8O2w8aTwxPjs+O2w8dDw7bDxpPDE+O2k8Mz47PjtsPHQ8O2w8aTwxPjtpPDM+O2k8NT47aTw3Pjs+O2w8dDxwPGw8VmlzaWJsZTs+O2w8bzxmPjs+Pjs7Pjt0PHA8cDxsPFZpc2libGU7PjtsPG88Zj47Pj47Pjs7Pjt0PHA8bDxWaXNpYmxlOz47bDxvPGY+Oz4+Ozs+O3Q8cDxsPHNyYzs+O2w8aW1hZ2VzL2xvZ2luLmdpZjs+Pjs7Pjs+Pjt0PHA8cDxsPFZpc2libGU7PjtsPG88Zj47Pj47Pjs7Pjs+Pjs+Pjs+bL6fLL5wSevxqDyiHAl5ooRbu2w=" />

<center>
<table width="640">
<tr>
<td>
<table cellSpacing="0" cellPadding="0" width="800" border="0">
<tr>
<td>
<table cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td width="160"><img height="94" src="images/ip2locationlogo.gif" width="160"></td>
<td vAlign="top">
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td>
<table width="100%" border="0" cellspacing="0" cellpadding="0" height="22">
<tr>
<td width="484" height="22" align="left">
<div style="width: 484px; height: 22px; position: relative;">
<img src="images/logintop.gif" style="border: 0px; position: absolute; z-index: -1; top: 0px; left: 0px;">
<table id="Table1" cellSpacing="0" cellPadding="0" border="0" align="right" style="position: absolute; z-index: 2; top: 0px; right: 0px;">
<tr>
<td width="16" height="22"></td>
<td height="22" class="fontwhitesmall" vAlign="bottom" style="padding-bottom: 2px;"></td>
<td height="22"></td>
</tr>
</table>
</div>
</td>
<td align="right">
<table width="156" height="22" border="0" cellspacing="0" cellpadding="0">
<tr>
<td><a href="shoppingcart.aspx"><img src="images/headerlogin_05.gif" alt="" width="81" height="22" border="0"></a></td>
<td><img src="images/headerlogin_06.gif" width="9" height="22" alt=""></td>
<td><a href="login.aspx"><img src="images/login.gif" id="Header1_imgLogin" width="66" height="22" border="0" /></a></td>
</tr>
</table>
</td>
</tr>
</table>
</td>
</tr>
<tr>
<td align="right"><img src="images/headertop.gif" width="640" height="72"></td>
</tr>
</table>
</td>
</tr>
</table>
</td>
</tr>
<tr>
<td align="center" background="images/menu_bg_02.gif" height="23">
<table cellSpacing="0" cellPadding="0" width="65%" border="0">
<tr>
<td><a class="fontbluesmall" href="default.aspx">HOME</a></td>
<td><img height="23" src="images/seperator.gif" width="2"></td>
<td align="center"><a class="fontbluesmall" href="buyonline.aspx">BUY ONLINE</a></td>
<td><img height="23" src="images/seperator.gif" width="2"></td>
<td align="center"><a class="fontbluesmall" href="developers.aspx">DEVELOPERS</a></td>
<td><img height="23" src="images/seperator.gif" width="2"></td>
<td align="center"><a class="fontbluesmall" href="partners.aspx">PARTNERS</a></td>
<td><img height="23" src="images/seperator.gif" width="2"></td>
<td align="center"><a class="fontbluesmall" href="support.aspx">SUPPORT</a></td>
<td><img height="23" src="images/seperator.gif" width="2"></td>
<td align="center"><A class="fontbluesmall" href="aboutus.aspx">ABOUT US</a></td>
<td><img height="23" src="images/seperator.gif" width="2"></td>
<td align="center"><A class="fontbluesmall" href="contactus.aspx">CONTACT US</a></td>
</tr>
</table>
</td>
</tr>
</table></td>
</tr>
<tr>
<td valign="top">
<h2>IP Address Quick Reference Guide</h2>

<br>
<span class="fontgrayregular">
<b>Introduction</b><br><br>
<u>What is an IP Address?</u><br>
An Internet Protocol (IP) address is a numerical identification of logical address that is assigned to devices participating in a computer network utilizing the Internet Protocol for communication between its nodes. IP addresses are usually displayed in human-readable notations, such as 208.77.188.166 (for IPv4) and 2001:db8:0:1234:0:567:1:1 (for IPv6).
<br><br>
The original designers of TCP/IP defined an IP address as a 32-bit number and this system, now named Internet Protocol Version 4 (IPv4), is still in use today. A new addressing system (IPv6) using 128 bits for the address was developed (RFC 1883) due to the enormous growth of the Internet and the resulting depletion of the address space.
<br><br>
The Internet Protocol also routes data packets between networks and IP addresses specify the locations of the source and destination nodes in the topology of the routing system.
<br><br><br><br>
<u>IP Versions</u><br>
The Internet Protocol (IP) has two versions and each version has its own definition of an IP address. The generic term IP address still refers to the addresses defined by IPv4.
<br><br>
IP version 4 addresses: IPv4 uses 32-bit (4 bytes) addresses, which limits the address space to 4,294,967,296 (232) possible unique addresses. IPv4 also reserves some addresses for special purposes such as private networks or multicast addresses.
<br><br>
IP version 6 addresses: IPv6 uses 128 bits (16 bytes) and provides the potential for a maximum of 2128 new addresses space, or about 3.403 × 1038 unique addresses.
<br><br><br><br>
<u>Static and Dynamic IP addresses</u><br>
When a computer is configured to use the same IP address each time it powers up, this is known as a Static IP address. Dynamic IP address refers to the computer's IP address which is assigned automatically.
Uses of static addressing: Some infrastructure situations have to use static addressing, when finding the Domain Name System host that will translate domain names to IP addresses.
<br><br>
Uses of dynamic addressing: Dynamic IP addresses are most frequently assigned on LANs and broadband networks by Dynamic Host Configuration Protocol (DHCP) servers. It avoids the administrative burden of assigning specific static addresses to each device on a network and allows many devices to share limited address space on a network.
<br><br><br><br>
<b>IP Address Command Syntax in Windows, DOS, Linux and Unix</b><br><br>
<table width="780" bordercolor="#003399" border="1" style="border-collapse: collapse;" class="fontgrayregular">
<tr bgcolor="#006699" align="center">
<td style="color: white;"><b>Windows / DOS</b></td>
<td style="color: white;"><b>Linux</b></td>
<td style="color: white;"><b>Unix</b></td>
</tr>
<tr>
<td>
<div style="font-family: Courier New;">ipconfig /all</div>
Display full configuration information.
</td>
<td>
<div style="font-family: Courier New;">ifconfig</div>
Display current configuration for all NIC's.
</td>
<td>
<div style="font-family: Courier New;">ifconfig</div>
Display current configuration for all NIC's.
</td>
</tr>
<tr>
<td>
<div style="font-family: Courier New;">ipconfig /release [adapter]</div>
Release the IP address for the specified adapter.
</td>
<td>
<div style="font-family: Courier New;">ifconfig eth0</div>
Display current configuration for eth0.
</td>
<td>
<div style="font-family: Courier New;">ifconfig dc0</div>
Display current configuration for dc0.
</td>
</tr>
<tr>
<td>
<div style="font-family: Courier New;">ipconfig /renew [adapter]</div>
Renew the IP address for the specified adapter.
</td>
<td>
<div style="font-family: Courier New;">ifconfig eth0 192.168.1.2</div>
Assign IP address 192.168.1.2 to eth0.
</td>
<td>
<div style="font-family: Courier New;">ifconfig dc0 inet 192.168.1.2 netmask 255.255.255.0</div>
Assign IP/Subnet to dc0.
</td>
</tr>
<tr>
<td>
<div style="font-family: Courier New;">ipconfig /flushdns</div>
Purge the DNS Resolver cache.
</td>
<td>
<div style="font-family: Courier New;">ifconfig eth0:0 192.168.1.2</div>
Assign multiple IP's to eth0.
</td>
<td>
<div style="font-family: Courier New;">route delete default && route add default 192.168.1.1</div>
Assign default gateway.
</td>
</tr>
<tr>
<td>
<div style="font-family: Courier New;">ipconfig /registerdns</div>
Refresh all DHCP leases and re-register DNS names.
</td>
<td>
<div style="font-family: Courier New;">ifconfig eth0:1 192.168.1.3</div>
Assign second IP address to eth0:.
</td>
<td>
<div style="font-family: Courier New;">ifconfig dc0:0 192.168.1.2</div>
Assign multiple IP's to dc0.
</td>
</tr>
<tr>
<td>
<div style="font-family: Courier New;">ipconfig /displaydns</div>
Display the contents of the DNS Resolver Cache.
</td>
<td>
<div style="font-family: Courier New;">route add default gw 192.168.1.1</div>
Assign default gateway.
</td>
<td>
<div style="font-family: Courier New;">ifconfig dc0:1 192.168.1.3</div>
Assign second IP to dc0.
</td>
</tr>
<tr>
<td>
<div style="font-family: Courier New;">ipconfig /showclassid adapter</div>
Display all the DHCP class IDs allowed for adapter.
</td>
<td>
<div style="font-family: Courier New;">ifconfig eth0 down</div>
Disable network interface card.
</td>
<td>
<div style="font-family: Courier New;">ifconfig dc0 down</div>
Disable network card.
</td>
</tr>
<tr>
<td>
<div style="font-family: Courier New;">ipconfig /setclassid adapter [classid]</div>
Modify the DHCP class id.
</td>
<td>
<div style="font-family: Courier New;">ifconfig eth0 up</div>
Enable network interface card.
</td>
<td>
<div style="font-family: Courier New;">ifconfig dc0 up</div>
Enable network card.
</td>
</tr>
<tr>
<td>
<div style="font-family: Courier New;">control netconnections</div>
Launch "Network Connections".
</td>
<td>
<div style="font-family: Courier New;">ifconfig eth0 192.168.1.2 netmask 255.255.255.0</div>
Assign IP/Subnet to eth0.
</td>
<td>&nbsp;</td>
</tr>
<tr>
<td>
<div style="font-family: Courier New;">netsetup.cpl</div>
Launch "Network Setup Wizard".
</td>
<td>
<div style="font-family: Courier New;">route / route -n</div>
View current routing table.
</td>
<td>&nbsp;</td>
</tr>
<tr>
<td>
<div style="font-family: Courier New;">ping www.ip2location.com</div>
Send ping packet to www.ip2location.com to test network connectivity.
</td>
<td>
<div style="font-family: Courier New;">arp / arp -n</div>
View arp cache
</td>
<td>&nbsp;</td>
</tr>
<tr>
<td>
<div style="font-family: Courier New;">tracert www.ip2location.com</div>
Trace network route from desktop to www.ip2location.com.
</td>
<td>
<div style="font-family: Courier New;">ping -c 3 www.ip2location.com</div>
Send ping packet to www.ip2location.com to test network connectivity.
</td>
<td>&nbsp;</td>
</tr>
<tr>
<td>
<div style="font-family: Courier New;">route</div>
Display and manipulate network routing tables.
</td>
<td>
<div style="font-family: Courier New;">traceroute www.ip2location.com</div>
Trace network route from desktop to www.ip2location.com.
</td>
<td>&nbsp;</td>
</tr>
<tr>
<td>
<div style="font-family: Courier New;">netstat</div>
Displays the TCP/IP protocol sessions
</td>
<td>
<div style="font-family: Courier New;">tracepath www.ip2location.com</div>
Trace network path from desktop to www.ip2location.com.
</td>
<td>&nbsp;</td>
</tr>
<tr>
<td>
<div style="font-family: Courier New;">arp</div>
Display resolved MAC addresses.
</td>
<td>
<div style="font-family: Courier New;">host www.ip2location.com</div>
DNS test using www.ip2location.com.
</td>
<td>&nbsp;</td>
</tr>
<tr>
<td>
<div style="font-family: Courier New;">hostname</div>
Display name of computer currently on.
</td>
<td>
<div style="font-family: Courier New;">host 44.11.22.33</div>
Reverse host lookup by IP address.
</td>
<td>&nbsp;</td>
</tr>
<tr>
<td>&nbsp;</td>
<td>
<div style="font-family: Courier New;">dig www.ip2location.com</div>
Advanced DNS test using www.ip2location.com.
</td>
<td>&nbsp;</td>
</tr>
<tr>
<td>&nbsp;</td>
<td>
<div style="font-family: Courier New;">dig -x 44.11.22.33</div>
Advanced reverse DNS lookup by IP address.
</td>
<td>&nbsp;</td>
</tr>
</table>
<br>
<font color="red">*</font> Please get the table in PDF format using the below form if you want to print it out or forward it to your friends.
<br><br><br><br>
<b>About IP2Location.com</b><br>
IP2Location is a geoIP solution to help you to identify visitor’s geographical location, i.e. country, region, city, latitude, longitude, ZIP code, time zone, connection speed, ISP and domain name, IDD country code, area code, weather station code and name using a proprietary IP address lookup database and technology without invading the Internet user’s privacy. For more information please visit <a href="http://www.ip2location.com">http://www.ip2location.com</a>.
<br><br><br><br>
</span>
</td>
</tr>
<TR>
<TD align=center>
<div id="pnlRequest">

<div align="center">
<TABLE id=Table9 cellSpacing=0 cellPadding=0 width="70%" border=0>
<TR>
<TD bgColor=#cccccc>
<TABLE id=Table14 cellSpacing=1 cellPaddin..
Forbidden Resource

Forbidden Resource

1 TOTAL
INFORMATION
CONFIRMED
1
Access to this resource has been denied by the web server. This is generally not a security issue, and is reported here for information purposes.

Impact

There is no impact resulting from this issue.
- /zipcodes/

/zipcodes/ CONFIRMED

http://www.ip2location.com/zipcodes/

Request

GET /zipcodes/ HTTP/1.1
Referer: http://www.ip2location.com/zipcodes/NC.htm
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.ip2location.com
Cookie: ASP.NET_SessionId=hvn3ghec0iybbw45uquc4s3c; firstvisit=firstvisit=2011-03-21 9:39:35; ip2locationshoppingcart=91=1
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 403 Forbidden
Content-Length: 1758
Content-Type: text/html
Server: Microsoft-IIS/6.0
Date: Mon, 21 Mar 2011 01:41:35 GMT


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>The page cannot be displayed</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; charset=Windows-1252">
<STYLE type="text/css">
BODY { font: 8pt/12pt verdana }
H1 { font: 13pt/15pt verdana }
H2 { font: 8pt/12pt verdana }
A:link { color: red }
A:visited { color: maroon }
</STYLE>
</HEAD><BODY><TABLE width=500 border=0 cellspacing=10><TR><TD>

<h1>The page cannot be displayed</h1>
You have attempted to execute a CGI, ISAPI, or other executable program from a directory that does not allow programs to be executed.
<hr>
<p>Please try the following:</p>
<ul>
<li>Contact the Web site administrator if you believe this directory should allow execute access.</li>
</ul>
<h2>HTTP Error 403.1 - Forbidden: Execute access is denied.<br>Internet Information Services (IIS)</h2>
<hr>
<p>Technical Information (for support personnel)</p>
<ul>
<li>Go to <a href="http://go.microsoft.com/fwlink/?linkid=8180">Microsoft Product Support Services</a> and perform a title search for the words <b>HTTP</b> and <b>403</b>.</li>
<li>Open <b>IIS Help</b>, which is accessible in IIS Manager (inetmgr),
and search for topics titled <b>Configuring ISAPI Extensions</b>, <b>Configuring CGI Applications</b>, <b>Securing Your Site with Web Site Permissions</b>, and <b>About Custom Error Messages</b>.</li>
<li>In the IIS Software Development Kit (SDK) or at the <a href="http://go.microsoft.com/fwlink/?LinkId=8181">MSDN Online Library</a>, search for topics titled <b>Developing ISAPI Extensions</b>, <b>ISAPI and CGI</b>, and <b>Debugging ISAPI Extensions and Filters</b>.</li>
</ul>

</TD></TR></TABLE></BODY></HTML>
E-mail Address Disclosure

E-mail Address Disclosure

1 TOTAL
INFORMATION
Netsparker found e-mail addresses on the web site.

Impact

E-mail addresses discovered within the application can be used by both spam email engines and also brute force tools. Furthermore valid email addresses may lead to social engineering attacks .

Remedy

Use generic email addresses such as contact@ or info@ for general communications, remove user/people specific e-mail addresses from the web site, should this be required use submission forms for this purpose.

External References

- /partners.aspx

/partners.aspx

http://www.ip2location.com/partners.aspx

Found E-mails

info@ip2location.com

Request

GET /partners.aspx HTTP/1.1
Referer: http://www.ip2location.com/login.aspx
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.ip2location.com
Cookie: ASP.NET_SessionId=hvn3ghec0iybbw45uquc4s3c; firstvisit=firstvisit=2011-03-21 9:39:35
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 37854
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-AspNet-Version: 1.1.4322
Date: Mon, 21 Mar 2011 01:39:35 GMT



<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML xmlns:o>
<HEAD>
<title>Affiliate Partners</title>
<meta name="description" content="IP2Location&trade; Affiliate Program. Free affiliate program which let you earn up to 20% Commission on Affiliate Sales from New Customer and 2-Year Return Commission.">
<meta name="keywords" content="affiliate, affiliate marketing, affiliate programs, affiliate program, affiliates, affiliate network, affiliate marketing programs, best affiliate program, free affiliate programs, top affiliate programs">
<LINK href="style.css" type="text/css" rel="stylesheet">
</HEAD>
<body>
<form name="Form1" method="post" action="partners.aspx" id="Form1">
<input type="hidden" name="__VIEWSTATE" value="dDwxNzA5MDMzOTQzO3Q8O2w8aTwxPjs+O2w8dDw7bDxpPDE+Oz47bDx0PDtsPGk8MT47aTwzPjtpPDU+O2k8Nz47PjtsPHQ8cDxsPFZpc2libGU7PjtsPG88Zj47Pj47Oz47dDxwPHA8bDxWaXNpYmxlOz47bDxvPGY+Oz4+Oz47Oz47dDxwPGw8VmlzaWJsZTs+O2w8bzxmPjs+Pjs7Pjt0PHA8bDxzcmM7PjtsPGltYWdlcy9sb2dpbi5naWY7Pj47Oz47Pj47Pj47Pj47Ph/BxJ04LQsC4GrKrqBxSzmESWdJ" />

<TABLE id="Table1" cellSpacing="0" cellPadding="0" width="800" align="center" border="0">
<TR>
<TD vAlign="top">

<table cellSpacing="0" cellPadding="0" width="800" border="0">
<tr>
<td>
<table cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td width="160"><img height="94" src="images/ip2locationlogo.gif" width="160"></td>
<td vAlign="top">
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td>
<table width="100%" border="0" cellspacing="0" cellpadding="0" height="22">
<tr>
<td width="484" height="22" align="left">
<div style="width: 484px; height: 22px; position: relative;">
<img src="images/logintop.gif" style="border: 0px; position: absolute; z-index: -1; top: 0px; left: 0px;">
<table id="Table1" cellSpacing="0" cellPadding="0" border="0" align="right" style="position: absolute; z-index: 2; top: 0px; right: 0px;">
<tr>
<td width="16" height="22"></td>
<td height="22" class="fontwhitesmall" vAlign="bottom" style="padding-bottom: 2px;"></td>
<td height="22"></td>
</tr>
</table>
</div>
</td>
<td align="right">
<table width="156" height="22" border="0" cellspacing="0" cellpadding="0">
<tr>
<td><a href="shoppingcart.aspx"><img src="images/headerlogin_05.gif" alt="" width="81" height="22" border="0"></a></td>
<td><img src="images/headerlogin_06.gif" width="9" height="22" alt=""></td>
<td><a href="login.aspx"><img src="images/login.gif" id="Header1_imgLogin" width="66" height="22" border="0" /></a></td>
</tr>
</table>
</td>
</tr>
</table>
</td>
</tr>
<tr>
<td align="right"><img src="images/headertop.gif" width="640" height="72"></td>
</tr>
</table>
</td>
</tr>
</table>
</td>
</tr>
<tr>
<td align="center" background="images/menu_bg_02.gif" height="23">
<table cellSpacing="0" cellPadding="0" width="65%" border="0">
<tr>
<td><a class="fontbluesmall" href="default.aspx">HOME</a></td>
<td><img height="23" src="images/seperator.gif" width="2"></td>
<td align="center"><a class="fontbluesmall" href="buyonline.aspx">BUY ONLINE</a></td>
<td><img height="23" src="images/seperator.gif" width="2"></td>
<td align="center"><a class="fontbluesmall" href="developers.aspx">DEVELOPERS</a></td>
<td><img height="23" src="images/seperator.gif" width="2"></td>
<td align="center"><a class="fontbluesmall" href="partners.aspx">PARTNERS</a></td>
<td><img height="23" src="images/seperator.gif" width="2"></td>
<td align="center"><a class="fontbluesmall" href="support.aspx">SUPPORT</a></td>
<td><img height="23" src="images/seperator.gif" width="2"></td>
<td align="center"><A class="fontbluesmall" href="aboutus.aspx">ABOUT US</a></td>
<td><img height="23" src="images/seperator.gif" width="2"></td>
<td align="center"><A class="fontbluesmall" href="contactus.aspx">CONTACT US</a></td>
</tr>
</table>
</td>
</tr>
</table></TD>
</TR>
<TR>
<TD>
<TABLE id="Table2" cellSpacing="0" cellPadding="0" width="100%" border="0">
<TR>
<TD vAlign="top" width="162" bgColor="#e0ebf5">

<table cellSpacing="0" cellPadding="0" width="162" border="0">
<tr>
<td vAlign="top" width="162" bgColor="#e0ebf5">
<table cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td height="1"></td>
</tr>
<tr>
<td><a href="/products.aspx"><img height="24" alt="products" src="/images/dataproducts.gif" width="162" border="0"></a></td>
</tr>
<tr>
<td>
<table class="leftbarborder" cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td vAlign="middle" width="100%">
<table cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td align="center" width="25" bgColor="#b9deff"><a class="border16" href="/ip-country.aspx">DB1</a></td>
<td class="pad" valign="middle"><a class="fontbluesmaller2" href="/ip-country.aspx">IP2Location&trade; IP-<br>Country</a></td>
</tr>
</table>
</td>
</tr>
<tr>
<td bgColor="#73b5ed" height="1"></td>
</tr>
<tr>
<td vAlign="middle" width="100%">
<table cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td align="center" width="25" bgColor="#b9deff"><a class="border16" href="/ip-country-isp.aspx">DB2</a></td>
<td class="pad" vAlign="middle"><a class="fontbluesmaller2" href="/ip-country-isp.aspx">IP2Location&trade; IP-<br>Country-ISP</a></td>
</tr>
</table>
</td>
</tr>
<tr>
<td bgColor="#73b5ed" height="1"></td>
</tr>
<tr>
<td vAlign="middle" width="100%">
<table cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td align="center" width="25" bgColor="#b9deff"><a class="border16" href="/ip-country-region-city.aspx">DB3</a></td>
<td class="pad" vAlign="middle"><a class="fontbluesmaller2" href="/ip-country-region-city.aspx">IP2Location&trade; IP-<br>Country-Region-City</a></td>
</tr>
</table>
</td>
</tr>
<tr>
<td bgColor="#73b5ed" height="1"></td>
</tr>
<tr>
<td vAlign="middle" width="100%">
<table cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td align="center" width="25" bgColor="#b9deff"><a class="border16" href="/ip-country-region-city-isp.aspx">DB4</a></td>
<td class="pad" vAlign="middle"><a class="fontbluesmaller2" href="/ip-country-region-city-isp.aspx">IP2Location&trade; IP-<br>Country-Region-City-ISP </a></td>
</tr>
</table>
</td>
</tr>
<tr>
<td bgColor="#73b5ed" height="1"></td>
</tr>
<tr>
<td vAlign="middle" width="100%">
<table cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td align="center" width="25" bgColor="#b9deff"><a class="border16" href="/ip-country-region-city-latitude-longitude.aspx">DB5</a></td>
<td class="pad" vAlign="middle"><a class="fontbluesmaller2" href="/ip-country-region-city-latitude-longitude.aspx">IP2Location&trade; IP-<br>Country-Region-City-<br>Latitude-Longitude</a></td>
</tr>
</table>
</td>
</tr>
<tr>
<td bgColor="#73b5ed" height="1"></td>
</tr>
<tr>
<td vAlign="middle" width="100%">
<table cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td align="center" width="25" bgColor="#b9deff"><a class="border16" href="/ip-country-region-city-latitude-longitude-isp.aspx">DB6</a></td>
<td class="pad" vAlign="middle"><a class="fontbluesmaller2" href="/ip-country-region-city-latitude-longitude-isp.aspx">IP2Location&trade; IP-<br>Country-Region-City-<br>Latitude-Longitude-ISP </a></td>
</tr>
</table>
</td>
</tr>
<tr>
<td bgColor="#73b5ed" height="1"></td>
</tr>
<tr>
<td vAlign="middle" width="100%">
<table cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td align="center" width="25" bgColor="#b9deff"><a class="border16" href="/ip-country-region-city-isp-domain.aspx">DB7</a></td>
<td class="pad" vAlign="middle"><a class="fontbluesmaller2" href="/ip-country-region-city-isp-domain.aspx">IP2Location&trade; IP-<br>Country-Region-City-<br>ISP-Domain</a></td>
</tr>
</table>
</td>
</tr>
<tr>
<td bgColor="#73b5ed" height="1"></td>
</tr>
<tr>
<td vAlign="middle" width="100%">
<table cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td align="center" width="25" bgColor="#b9deff"><a class="border16" href="/ip-country-region-city-latitude-longitude-isp-domain.aspx">DB8</a></td>
<td class="pad" vAlign="middle"><a class="fontbluesmaller2" href="/ip-country-region-city-latitude-longitude-isp-domain.aspx">IP2Location&trade; IP-<br>Country-Region-City-<br>Latitude-Longitude-ISP-<br>Domain </a></td>
</tr>
</table>
</td>
</tr>
<tr>
<td bgColor="#73b5ed" height="1"></td>
</tr>
<tr>
<td vAlign="middle" width="100%">
<table cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td align="center" width="25" bgColor="#b9deff"><a class="border16" href="/ip-country-region-city-latitude-longitude-zipcode.aspx">DB9</a></td>
<td class="pad" vAlign="middle"><a class="fontbluesmaller2" href="/ip-country-region-city-latitude-longitude-zipcode.aspx">IP2Location&trade; IP-<br>Country-Region-City-<br>Latitude-Longitude-<br>ZIPCode</a></td>
</tr>
</table>
</td>
</tr>
<tr>
<td bgColor="#73b5ed" height="1"></td>
</tr>
<tr>
<td vAlign="middle" width="100%">
<table cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td align="center" width="25" bgColor="#b9deff"><a class="border16" href="/ip-country-region-city-latitude-longitude-zipcode-isp-domain.aspx">DB10</a></td>
<td class="pad" vAlign="middle"><a class="fontbluesmaller2" href="/ip-country-region-city-latitude-longitude-zipcode-isp-domain.aspx">IP2Location&trade; IP-<br>Country-Region-City-<br>Latitude-Longitude-<br>ZIPCode-ISP-<br>Domain </a></td>
</tr>
</table>
</td>
</tr>
<tr>
<td bgColor="#73b5ed" height="1"></td>
</tr>
<tr>
<td vAlign="middle" width="100%">
<table cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td align="center" width="25" bgColor="#b9deff"><a class="border16" href="/ip-country-region-city-latitude-longitude-zipcode-timezone.aspx">DB11</a></td>
<td class="pad" vAlign="middle"><a class="fontbluesmaller2" href="/ip-country-region-city-latitude-longitude-zipcode-timezone.aspx">IP2Location&trade; IP-<br>Country-Region-City-<br>Latitude-Longitude-<br>ZIPCode-Timezone</a></td>
</tr>
</table>
</td>
</tr>
<tr>
<td bgColor="#73b5ed" height="1"></td>
</tr>
<tr>
<td vAlign="middle" width="100%">
<table cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td align="center" width="25" bgColor="#b9deff"><a class="border16" href="/ip-country-region-city-latitude-longitude-zipcode-timezone-isp-domain.aspx">DB12</a></td>
<td class="pad" vAlign="middle"><a class="fontbluesmaller2" href="/ip-country-region-city-latitude-longitude-zipcode-timezone-isp-domain.aspx">IP2Location&trade; IP-<br>Country-Region-City-<br>Latitude-Longitude-<br>ZIPCode-TimeZone<br>-ISP-Domain</a></td>
</tr>
</table>
</td>
</tr>
<tr>
<td bgColor="#73b5ed" height="1"></td>
</tr>
<tr>
<td vAlign="middle" width="100%">
<table cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td align="center" width="25" bgColor="#b9deff"><a class="border16" href="/ip-country-region-city-latitude-longitude-timezone-netspeed.aspx">DB13</a></td>
<td class="pad" vAlign="middle"><a class="fontbluesmaller2" href="/ip-country-region-city-latitude-longitude-timezone-netspeed.aspx">IP2Location&trade; IP-<br>Country-Region-City-<br>Latitude-Longitude-<br>Timezone-Netspeed</a></td>
</tr>
</table>
</td>
</tr>
<tr>
<td bgColor="#73b5ed" height="1"></td>
</tr>
<tr>
<td vAlign="middle" width="100%">
<table cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td align="center" width="25" bgColor="#b9deff"><a class="border16" href="/ip-country-region-city-latitude-longitude-zipcode-timezone-isp-domain-netspeed.aspx">DB14</a></td>
<td class="pad" vAlign="middle"><a class="fontbluesmaller2" href="/..
IIS Version Disclosure

IIS Version Disclosure

1 TOTAL
INFORMATION
Netsparker identified that the target web server is disclosing the web server's version in the HTTP response. This information can help an attacker to gain a greater understanding of the system in use and potentially develop further attacks targeted at the specific web server version.

Impact

An attacker can look for specific security vulnerabilities for the version identified through the SERVER header information.

Remediation

Configure your web server to prevent information leakage from the SERVER header of its HTTP response.
- /sitemap.xml

/sitemap.xml

http://www.ip2location.com/sitemap.xml

Extracted Version

Microsoft-IIS/6.0

Request

GET /sitemap.xml HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.ip2location.com
Cookie: ASP.NET_SessionId=hvn3ghec0iybbw45uquc4s3c; firstvisit=firstvisit=2011-03-21 9:39:35
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Content-Length: 68070
Content-Type: text/xml
Last-Modified: Wed, 03 Mar 2010 03:26:23 GMT
Accept-Ranges: bytes
ETag: "5ed3924c81baca1:8c4"
Server: Microsoft-IIS/6.0
Date: Mon, 21 Mar 2011 01:39:35 GMT


<?xml version="1.0" encoding="UTF-8"?>
<?xml-stylesheet type="text/xsl" href="gss.xsl"?>
<urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.google.com/schemas/sitemap/0.84 http://www.sitemaps.org/schemas/sitemap/0.9/sitemap.xsd">
<!--#Generated by SOFTplus GSiteCrawler v1.23 rev. 286 by SOFTplus Entwicklungen GmbH, http://gsitecrawler.com/, http://johannesmueller.com/gs/ -->
<url><loc>http://www.ip2location.com/</loc><lastmod>2009-05-05T06:59:24+00:00</lastmod><changefreq>daily</changefreq><priority>1.00</priority></url>
<url><loc>http://www.ip2location.com/countryinformation.aspx</loc><lastmod>2009-05-05T06:58:41+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/demo.aspx</loc><lastmod>2009-05-05T06:58:50+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/pt.aspx</loc><lastmod>2009-05-05T06:59:06+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/python.aspx</loc><lastmod>2009-05-05T06:59:12+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/iso3166.aspx</loc><lastmod>2009-05-05T06:59:22+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/newsletter.aspx</loc><lastmod>2009-05-05T06:59:22+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/termsofuse.aspx</loc><lastmod>2009-05-05T06:59:49+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/featured.aspx</loc><lastmod>2009-05-05T06:59:50+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/ip2map.aspx</loc><lastmod>2009-05-05T06:59:50+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/emailtracer.aspx</loc><lastmod>2009-05-05T06:59:50+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/it.aspx</loc><lastmod>2009-05-05T07:00:14+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/c.aspx</loc><lastmod>2009-05-05T07:00:29+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/kr.aspx</loc><lastmod>2009-05-05T07:00:58+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/testimonials.aspx</loc><lastmod>2009-05-05T07:00:59+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/apache.aspx</loc><lastmod>2009-05-05T07:01:10+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/clientlist.aspx</loc><lastmod>2009-05-05T07:01:10+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/shoppingcart.aspx</loc><lastmod>2009-05-05T07:01:10+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/articles.aspx</loc><lastmod>2009-05-05T07:01:10+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/ip2location-bind-dns.aspx</loc><lastmod>2009-12-22T07:01:10+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/forgetpassword.aspx</loc><lastmod>2009-05-05T07:01:23+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/support.aspx</loc><lastmod>2009-05-05T07:01:23+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/de.aspx</loc><lastmod>2009-05-05T07:01:40+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/fr.aspx</loc><lastmod>2009-05-05T07:01:52+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/downloader.aspx</loc><lastmod>2009-05-05T07:01:54+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/feedback.aspx</loc><lastmod>2009-05-05T07:02:02+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/productcomparison.aspx</loc><lastmod>2009-05-05T07:02:07+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/flagsoftheworld.aspx</loc><lastmod>2009-05-05T07:02:11+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/developers.aspx</loc><lastmod>2009-05-05T06:59:23+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/jp</loc><lastmod>2009-05-05T06:59:23+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/cn</loc><lastmod>2009-05-05T06:59:23+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/jp.aspx</loc><lastmod>2009-05-05T06:59:49+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/affiliatefaq.aspx</loc><lastmod>2009-05-05T06:59:50+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/php.aspx</loc><lastmod>2009-05-05T07:00:12+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/aboutus.aspx</loc><lastmod>2009-05-05T07:00:13+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/sitemap.aspx</loc><lastmod>2009-05-05T07:00:13+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/licensing.aspx</loc><lastmod>2009-05-05T07:00:59+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/privacystatement.aspx</loc><lastmod>2009-05-05T07:00:14+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/webservices.aspx</loc><lastmod>2009-05-05T07:01:09+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/partners.aspx</loc><lastmod>2009-05-05T07:01:09+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/es.aspx</loc><lastmod>2009-05-05T07:01:22+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/linktous.aspx</loc><lastmod>2009-05-05T07:01:22+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/dataenrichment.aspx</loc><lastmod>2009-05-05T07:01:23+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/contactus.aspx</loc><lastmod>2009-05-05T07:01:23+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/ruby.aspx</loc><lastmod>2009-05-05T07:01:53+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/ip2phrase.aspx</loc><lastmod>2009-05-05T07:01:53+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/perl.aspx</loc><lastmod>2009-05-05T07:01:53+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/browserobject.aspx</loc><lastmod>2009-05-05T07:01:53+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/cn.aspx</loc><lastmod>2009-05-05T07:02:12+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/demoaccount.aspx</loc><lastmod>2009-05-05T07:02:22+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/affiliateagreement.aspx</loc><lastmod>2009-05-05T07:02:22+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/free.asp</loc><lastmod>2009-05-05T07:02:23+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/zipcodes/NC.htm</loc><lastmod>2009-05-05T07:02:37+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/zipcodes/MI.htm</loc><lastmod>2009-05-05T07:02:39+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/zipcodes/NV.htm</loc><lastmod>2009-05-05T07:02:46+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/zipcodes/GA.htm</loc><lastmod>2009-05-05T07:03:11+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/zipcodes/CO.htm</loc><lastmod>2009-05-05T07:03:13+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/zipcodes/AR.htm</loc><lastmod>2009-05-05T07:03:29+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/zipcodes/IL.htm</loc><lastmod>2009-05-05T07:03:30+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/products.aspx</loc><lastmod>2009-05-05T07:02:13+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/login.aspx</loc><lastmod>2009-05-05T07:02:23+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/customprogramming.aspx</loc><lastmod>2009-05-05T07:02:23+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/productpicker.aspx</loc><lastmod>2009-05-05T07:02:25+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/zipcodes/NH.htm</loc><lastmod>2009-05-05T07:02:47+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/zipcodes/OR.htm</loc><lastmod>2009-05-05T07:02:57+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/zipcodes/NM.htm</loc><lastmod>2009-05-05T07:02:58+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/zipcodes/MN.htm</loc><lastmod>2009-05-05T07:03:00+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/zipcodes/MD.htm</loc><lastmod>2009-05-05T07:03:35+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/demo-ip2proxy.aspx</loc><lastmod>2009-05-05T07:03:39+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/zipcodes/LA.htm</loc><lastmod>2009-05-05T07:03:47+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/zipcodes/MT.htm</loc><lastmod>2009-05-05T07:03:50+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/zipcodes/PR.htm</loc><lastmod>2009-05-05T07:03:52+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/zipcodes/TN.htm</loc><lastmod>2009-05-05T07:04:02+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/zipcodes/KS.htm</loc><lastmod>2009-05-05T07:04:03+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/zipcodes/NJ.htm</loc><lastmod>2009-05-05T07:04:31+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/ip-country.aspx</loc><lastmod>2009-05-05T07:04:32+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/zipcodes/AE.htm</loc><lastmod>2009-05-05T07:04:32+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/IPV6-COUNTRY.aspx</loc><lastmod>2009-05-05T07:04:33+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/default.aspx</loc><lastmod>2009-05-05T07:05:06+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/ip-country-region-city.aspx</loc><lastmod>2009-05-05T07:05:19+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/ip-country-isp.aspx</loc><lastmod>2009-05-05T07:05:20+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/ip-country-region-city-isp.aspx</loc><lastmod>2009-05-05T07:05:31+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/zipcodes/OH.htm</loc><lastmod>2009-05-05T07:04:55+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/zipcodes/ID.htm</loc><lastmod>2009-05-05T07:05:32+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority>..
Sitemap Identified

Sitemap Identified

1 TOTAL
INFORMATION
Netsparker identified Sitemap file on the target web site. This issue is reported as extra information.

Impact

This issue is reported as extra information, there is no direct impact resulting from this.
- /sitemap.xml

/sitemap.xml

http://www.ip2location.com/sitemap.xml

Request

GET /sitemap.xml HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.ip2location.com
Cookie: ASP.NET_SessionId=hvn3ghec0iybbw45uquc4s3c; firstvisit=firstvisit=2011-03-21 9:39:35
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Content-Length: 68070
Content-Type: text/xml
Last-Modified: Wed, 03 Mar 2010 03:26:23 GMT
Accept-Ranges: bytes
ETag: "5ed3924c81baca1:8c4"
Server: Microsoft-IIS/6.0
Date: Mon, 21 Mar 2011 01:39:35 GMT


<?xml version="1.0" encoding="UTF-8"?>
<?xml-stylesheet type="text/xsl" href="gss.xsl"?>
<urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.google.com/schemas/sitemap/0.84 http://www.sitemaps.org/schemas/sitemap/0.9/sitemap.xsd">
<!--#Generated by SOFTplus GSiteCrawler v1.23 rev. 286 by SOFTplus Entwicklungen GmbH, http://gsitecrawler.com/, http://johannesmueller.com/gs/ -->
<url><loc>http://www.ip2location.com/</loc><lastmod>2009-05-05T06:59:24+00:00</lastmod><changefreq>daily</changefreq><priority>1.00</priority></url>
<url><loc>http://www.ip2location.com/countryinformation.aspx</loc><lastmod>2009-05-05T06:58:41+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/demo.aspx</loc><lastmod>2009-05-05T06:58:50+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/pt.aspx</loc><lastmod>2009-05-05T06:59:06+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/python.aspx</loc><lastmod>2009-05-05T06:59:12+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/iso3166.aspx</loc><lastmod>2009-05-05T06:59:22+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/newsletter.aspx</loc><lastmod>2009-05-05T06:59:22+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/termsofuse.aspx</loc><lastmod>2009-05-05T06:59:49+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/featured.aspx</loc><lastmod>2009-05-05T06:59:50+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/ip2map.aspx</loc><lastmod>2009-05-05T06:59:50+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/emailtracer.aspx</loc><lastmod>2009-05-05T06:59:50+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/it.aspx</loc><lastmod>2009-05-05T07:00:14+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/c.aspx</loc><lastmod>2009-05-05T07:00:29+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/kr.aspx</loc><lastmod>2009-05-05T07:00:58+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/testimonials.aspx</loc><lastmod>2009-05-05T07:00:59+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/apache.aspx</loc><lastmod>2009-05-05T07:01:10+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/clientlist.aspx</loc><lastmod>2009-05-05T07:01:10+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/shoppingcart.aspx</loc><lastmod>2009-05-05T07:01:10+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/articles.aspx</loc><lastmod>2009-05-05T07:01:10+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/ip2location-bind-dns.aspx</loc><lastmod>2009-12-22T07:01:10+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/forgetpassword.aspx</loc><lastmod>2009-05-05T07:01:23+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/support.aspx</loc><lastmod>2009-05-05T07:01:23+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/de.aspx</loc><lastmod>2009-05-05T07:01:40+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/fr.aspx</loc><lastmod>2009-05-05T07:01:52+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/downloader.aspx</loc><lastmod>2009-05-05T07:01:54+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/feedback.aspx</loc><lastmod>2009-05-05T07:02:02+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/productcomparison.aspx</loc><lastmod>2009-05-05T07:02:07+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/flagsoftheworld.aspx</loc><lastmod>2009-05-05T07:02:11+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/developers.aspx</loc><lastmod>2009-05-05T06:59:23+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/jp</loc><lastmod>2009-05-05T06:59:23+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/cn</loc><lastmod>2009-05-05T06:59:23+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/jp.aspx</loc><lastmod>2009-05-05T06:59:49+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/affiliatefaq.aspx</loc><lastmod>2009-05-05T06:59:50+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/php.aspx</loc><lastmod>2009-05-05T07:00:12+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/aboutus.aspx</loc><lastmod>2009-05-05T07:00:13+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/sitemap.aspx</loc><lastmod>2009-05-05T07:00:13+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/licensing.aspx</loc><lastmod>2009-05-05T07:00:59+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/privacystatement.aspx</loc><lastmod>2009-05-05T07:00:14+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/webservices.aspx</loc><lastmod>2009-05-05T07:01:09+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/partners.aspx</loc><lastmod>2009-05-05T07:01:09+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/es.aspx</loc><lastmod>2009-05-05T07:01:22+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/linktous.aspx</loc><lastmod>2009-05-05T07:01:22+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/dataenrichment.aspx</loc><lastmod>2009-05-05T07:01:23+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/contactus.aspx</loc><lastmod>2009-05-05T07:01:23+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/ruby.aspx</loc><lastmod>2009-05-05T07:01:53+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/ip2phrase.aspx</loc><lastmod>2009-05-05T07:01:53+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/perl.aspx</loc><lastmod>2009-05-05T07:01:53+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/browserobject.aspx</loc><lastmod>2009-05-05T07:01:53+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/cn.aspx</loc><lastmod>2009-05-05T07:02:12+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/demoaccount.aspx</loc><lastmod>2009-05-05T07:02:22+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/affiliateagreement.aspx</loc><lastmod>2009-05-05T07:02:22+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/free.asp</loc><lastmod>2009-05-05T07:02:23+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/zipcodes/NC.htm</loc><lastmod>2009-05-05T07:02:37+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/zipcodes/MI.htm</loc><lastmod>2009-05-05T07:02:39+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/zipcodes/NV.htm</loc><lastmod>2009-05-05T07:02:46+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/zipcodes/GA.htm</loc><lastmod>2009-05-05T07:03:11+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/zipcodes/CO.htm</loc><lastmod>2009-05-05T07:03:13+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/zipcodes/AR.htm</loc><lastmod>2009-05-05T07:03:29+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/zipcodes/IL.htm</loc><lastmod>2009-05-05T07:03:30+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/products.aspx</loc><lastmod>2009-05-05T07:02:13+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/login.aspx</loc><lastmod>2009-05-05T07:02:23+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/customprogramming.aspx</loc><lastmod>2009-05-05T07:02:23+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/productpicker.aspx</loc><lastmod>2009-05-05T07:02:25+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/zipcodes/NH.htm</loc><lastmod>2009-05-05T07:02:47+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/zipcodes/OR.htm</loc><lastmod>2009-05-05T07:02:57+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/zipcodes/NM.htm</loc><lastmod>2009-05-05T07:02:58+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/zipcodes/MN.htm</loc><lastmod>2009-05-05T07:03:00+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/zipcodes/MD.htm</loc><lastmod>2009-05-05T07:03:35+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/demo-ip2proxy.aspx</loc><lastmod>2009-05-05T07:03:39+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/zipcodes/LA.htm</loc><lastmod>2009-05-05T07:03:47+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/zipcodes/MT.htm</loc><lastmod>2009-05-05T07:03:50+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/zipcodes/PR.htm</loc><lastmod>2009-05-05T07:03:52+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/zipcodes/TN.htm</loc><lastmod>2009-05-05T07:04:02+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/zipcodes/KS.htm</loc><lastmod>2009-05-05T07:04:03+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/zipcodes/NJ.htm</loc><lastmod>2009-05-05T07:04:31+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/ip-country.aspx</loc><lastmod>2009-05-05T07:04:32+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/zipcodes/AE.htm</loc><lastmod>2009-05-05T07:04:32+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/IPV6-COUNTRY.aspx</loc><lastmod>2009-05-05T07:04:33+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/default.aspx</loc><lastmod>2009-05-05T07:05:06+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/ip-country-region-city.aspx</loc><lastmod>2009-05-05T07:05:19+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/ip-country-isp.aspx</loc><lastmod>2009-05-05T07:05:20+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/ip-country-region-city-isp.aspx</loc><lastmod>2009-05-05T07:05:31+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/zipcodes/OH.htm</loc><lastmod>2009-05-05T07:04:55+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority></url>
<url><loc>http://www.ip2location.com/zipcodes/ID.htm</loc><lastmod>2009-05-05T07:05:32+00:00</lastmod><changefreq>daily</changefreq><priority>0.50</priority>..
Robots.txt Identified

Robots.txt Identified

1 TOTAL
INFORMATION
CONFIRMED
1
Netsparker identified a possibly sensitive Robots.txt file with potentially sensitive content.

Impact

Depending on the content of the file, an attacker might discover hidden directories. Ensure that you have got nothing sensitive exposed within this folder such as the path of the administration panel.

Remedy

- /robots.txt

/robots.txt CONFIRMED

http://www.ip2location.com/robots.txt

Interesting Robots.txt Entries

Request

GET /robots.txt HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.ip2location.com
Cookie: ASP.NET_SessionId=hvn3ghec0iybbw45uquc4s3c; firstvisit=firstvisit=2011-03-21 9:39:35
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Content-Length: 61
Content-Type: text/plain
Content-Encoding:
Last-Modified: Mon, 20 Dec 2010 08:16:58 GMT
Accept-Ranges: bytes
ETag: "07929451ea0cb1:8c4"
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
Date: Mon, 21 Mar 2011 01:39:37 GMT


User-agent: *
Disallow:
ASP.NET Debugging Enabled

ASP.NET Debugging Enabled

1 TOTAL
INFORMATION
Netsparker identified that ASP.NET Debugging is enabled.

Impact

This indicates that the debugging flag was left enabled in the production system. There is no direct impact of this issue and it is presented here only for information.

Remedy

Apply the following changes on your web.config file to disable ASP.NET debugging.
<System.Web>
     < compilation debug="false" /> 
</System.Web>

External References

- /login.aspx

/login.aspx

http://www.ip2location.com/login.aspx

Request

DEBUG /login.aspx HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.ip2location.com
Cookie: ASP.NET_SessionId=hvn3ghec0iybbw45uquc4s3c; firstvisit=firstvisit=2011-03-21 9:39:35
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 500 Internal Server Error
Date: Mon, 21 Mar 2011 01:39:35 GMT
Server: Microsoft-IIS/6.0
X-AspNet-Version: 1.1.4322
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 27


DEBUG request is not valid.
[Possible] Internal Path Leakage (*nix)

[Possible] Internal Path Leakage (*nix)

3 TOTAL
INFORMATION
Netsparker identified an internal path in the document.

Impact

There is no direct impact however this information can help an attacker during the exploitation of some other vulnerabilities.

Remediation

External References

- /apache.aspx

/apache.aspx

http://www.ip2location.com/apache.aspx

Identified Internal Path(s)

/usr/local/lib/

Request

GET /apache.aspx HTTP/1.1
Referer: http://www.ip2location.com/sitemap.xml
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.ip2location.com
Cookie: ASP.NET_SessionId=hvn3ghec0iybbw45uquc4s3c; firstvisit=firstvisit=2011-03-21 9:39:35; ip2locationshoppingcart=91=1
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 63952
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-AspNet-Version: 1.1.4322
Date: Mon, 21 Mar 2011 01:41:28 GMT



<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML>
<HEAD>
<title>Apache Module</title>
<meta name="description" content="IP2Location&trade; Apache Module enables the user to identify the country, region, city, latitude, longitude, zip code, time zone, ISP, domain name, connection type, area code and weather by IP address.">
<meta name="keywords" content="apache, apache module, ip location, ip locator, ip search, ip lookup location, ip address locator, ip locate, ip to country">
<LINK href="style.css" type="text/css" rel="stylesheet">
</HEAD>
<body>
<form name="Form1" method="post" action="apache.aspx" id="Form1">
<input type="hidden" name="__VIEWSTATE" value="dDwtMTczNjE0OTQ3Nzt0PDtsPGk8MT47PjtsPHQ8O2w8aTwxPjs+O2w8dDw7bDxpPDE+O2k8Mz47aTw1PjtpPDc+Oz47bDx0PHA8bDxWaXNpYmxlOz47bDxvPGY+Oz4+Ozs+O3Q8cDxwPGw8VmlzaWJsZTs+O2w8bzxmPjs+Pjs+Ozs+O3Q8cDxsPFZpc2libGU7PjtsPG88Zj47Pj47Oz47dDxwPGw8c3JjOz47bDxpbWFnZXMvbG9naW4uZ2lmOz4+Ozs+Oz4+Oz4+Oz4+O2w8UmlnaHRCbG9jazE6YnRuRmluZExvY2F0aW9uOz4+sBp0Y3Ooa4BUEN0gp6EyM1UzSOk=" />

<TABLE id="Table1" cellSpacing="0" cellPadding="0" width="800" align="center" border="0">
<TR>
<TD vAlign="top">

<table cellSpacing="0" cellPadding="0" width="800" border="0">
<tr>
<td>
<table cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td width="160"><img height="94" src="images/ip2locationlogo.gif" width="160"></td>
<td vAlign="top">
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td>
<table width="100%" border="0" cellspacing="0" cellpadding="0" height="22">
<tr>
<td width="484" height="22" align="left">
<div style="width: 484px; height: 22px; position: relative;">
<img src="images/logintop.gif" style="border: 0px; position: absolute; z-index: -1; top: 0px; left: 0px;">
<table id="Table1" cellSpacing="0" cellPadding="0" border="0" align="right" style="position: absolute; z-index: 2; top: 0px; right: 0px;">
<tr>
<td width="16" height="22"></td>
<td height="22" class="fontwhitesmall" vAlign="bottom" style="padding-bottom: 2px;"></td>
<td height="22"></td>
</tr>
</table>
</div>
</td>
<td align="right">
<table width="156" height="22" border="0" cellspacing="0" cellpadding="0">
<tr>
<td><a href="shoppingcart.aspx"><img src="images/headerlogin_05.gif" alt="" width="81" height="22" border="0"></a></td>
<td><img src="images/headerlogin_06.gif" width="9" height="22" alt=""></td>
<td><a href="login.aspx"><img src="images/login.gif" id="Header1_imgLogin" width="66" height="22" border="0" /></a></td>
</tr>
</table>
</td>
</tr>
</table>
</td>
</tr>
<tr>
<td align="right"><img src="images/headertop.gif" width="640" height="72"></td>
</tr>
</table>
</td>
</tr>
</table>
</td>
</tr>
<tr>
<td align="center" background="images/menu_bg_02.gif" height="23">
<table cellSpacing="0" cellPadding="0" width="65%" border="0">
<tr>
<td><a class="fontbluesmall" href="default.aspx">HOME</a></td>
<td><img height="23" src="images/seperator.gif" width="2"></td>
<td align="center"><a class="fontbluesmall" href="buyonline.aspx">BUY ONLINE</a></td>
<td><img height="23" src="images/seperator.gif" width="2"></td>
<td align="center"><a class="fontbluesmall" href="developers.aspx">DEVELOPERS</a></td>
<td><img height="23" src="images/seperator.gif" width="2"></td>
<td align="center"><a class="fontbluesmall" href="partners.aspx">PARTNERS</a></td>
<td><img height="23" src="images/seperator.gif" width="2"></td>
<td align="center"><a class="fontbluesmall" href="support.aspx">SUPPORT</a></td>
<td><img height="23" src="images/seperator.gif" width="2"></td>
<td align="center"><A class="fontbluesmall" href="aboutus.aspx">ABOUT US</a></td>
<td><img height="23" src="images/seperator.gif" width="2"></td>
<td align="center"><A class="fontbluesmall" href="contactus.aspx">CONTACT US</a></td>
</tr>
</table>
</td>
</tr>
</table></TD>
</TR>
<TR>
<TD>
<TABLE id="Table2" cellSpacing="0" cellPadding="0" width="100%" border="0">
<TR>
<TD vAlign="top" width="162" bgColor="#e0ebf5">

<table cellSpacing="0" cellPadding="0" width="162" border="0">
<tr>
<td vAlign="top" width="162" bgColor="#e0ebf5">
<table cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td height="1"></td>
</tr>
<tr>
<td><a href="/products.aspx"><img height="24" alt="products" src="/images/dataproducts.gif" width="162" border="0"></a></td>
</tr>
<tr>
<td>
<table class="leftbarborder" cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td vAlign="middle" width="100%">
<table cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td align="center" width="25" bgColor="#b9deff"><a class="border16" href="/ip-country.aspx">DB1</a></td>
<td class="pad" valign="middle"><a class="fontbluesmaller2" href="/ip-country.aspx">IP2Location&trade; IP-<br>Country</a></td>
</tr>
</table>
</td>
</tr>
<tr>
<td bgColor="#73b5ed" height="1"></td>
</tr>
<tr>
<td vAlign="middle" width="100%">
<table cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td align="center" width="25" bgColor="#b9deff"><a class="border16" href="/ip-country-isp.aspx">DB2</a></td>
<td class="pad" vAlign="middle"><a class="fontbluesmaller2" href="/ip-country-isp.aspx">IP2Location&trade; IP-<br>Country-ISP</a></td>
</tr>
</table>
</td>
</tr>
<tr>
<td bgColor="#73b5ed" height="1"></td>
</tr>
<tr>
<td vAlign="middle" width="100%">
<table cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td align="center" width="25" bgColor="#b9deff"><a class="border16" href="/ip-country-region-city.aspx">DB3</a></td>
<td class="pad" vAlign="middle"><a class="fontbluesmaller2" href="/ip-country-region-city.aspx">IP2Location&trade; IP-<br>Country-Region-City</a></td>
</tr>
</table>
</td>
</tr>
<tr>
<td bgColor="#73b5ed" height="1"></td>
</tr>
<tr>
<td vAlign="middle" width="100%">
<table cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td align="center" width="25" bgColor="#b9deff"><a class="border16" href="/ip-country-region-city-isp.aspx">DB4</a></td>
<td class="pad" vAlign="middle"><a class="fontbluesmaller2" href="/ip-country-region-city-isp.aspx">IP2Location&trade; IP-<br>Country-Region-City-ISP </a></td>
</tr>
</table>
</td>
</tr>
<tr>
<td bgColor="#73b5ed" height="1"></td>
</tr>
<tr>
<td vAlign="middle" width="100%">
<table cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td align="center" width="25" bgColor="#b9deff"><a class="border16" href="/ip-country-region-city-latitude-longitude.aspx">DB5</a></td>
<td class="pad" vAlign="middle"><a class="fontbluesmaller2" href="/ip-country-region-city-latitude-longitude.aspx">IP2Location&trade; IP-<br>Country-Region-City-<br>Latitude-Longitude</a></td>
</tr>
</table>
</td>
</tr>
<tr>
<td bgColor="#73b5ed" height="1"></td>
</tr>
<tr>
<td vAlign="middle" width="100%">
<table cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td align="center" width="25" bgColor="#b9deff"><a class="border16" href="/ip-country-region-city-latitude-longitude-isp.aspx">DB6</a></td>
<td class="pad" vAlign="middle"><a class="fontbluesmaller2" href="/ip-country-region-city-latitude-longitude-isp.aspx">IP2Location&trade; IP-<br>Country-Region-City-<br>Latitude-Longitude-ISP </a></td>
</tr>
</table>
</td>
</tr>
<tr>
<td bgColor="#73b5ed" height="1"></td>
</tr>
<tr>
<td vAlign="middle" width="100%">
<table cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td align="center" width="25" bgColor="#b9deff"><a class="border16" href="/ip-country-region-city-isp-domain.aspx">DB7</a></td>
<td class="pad" vAlign="middle"><a class="fontbluesmaller2" href="/ip-country-region-city-isp-domain.aspx">IP2Location&trade; IP-<br>Country-Region-City-<br>ISP-Domain</a></td>
</tr>
</table>
</td>
</tr>
<tr>
<td bgColor="#73b5ed" height="1"></td>
</tr>
<tr>
<td vAlign="middle" width="100%">
<table cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td align="center" width="25" bgColor="#b9deff"><a class="border16" href="/ip-country-region-city-latitude-longitude-isp-domain.aspx">DB8</a></td>
<td class="pad" vAlign="middle"><a class="fontbluesmaller2" href="/ip-country-region-city-latitude-longitude-isp-domain.aspx">IP2Location&trade; IP-<br>Country-Region-City-<br>Latitude-Longitude-ISP-<br>Domain </a></td>
</tr>
</table>
</td>
</tr>
<tr>
<td bgColor="#73b5ed" height="1"></td>
</tr>
<tr>
<td vAlign="middle" width="100%">
<table cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td align="center" width="25" bgColor="#b9deff"><a class="border16" href="/ip-country-region-city-latitude-longitude-zipcode.aspx">DB9</a></td>
<td class="pad" vAlign="middle"><a class="fontbluesmaller2" href="/ip-country-region-city-latitude-longitude-zipcode.aspx">IP2Location&trade; IP-<br>Country-Region-City-<br>Latitude-Longitude-<br>ZIPCode</a></td>
</tr>
</table>
</td>
</tr>
<tr>
<td bgColor="#73b5ed" height="1"></td>
</tr>
<tr>
<td vAlign="middle" width="100%">
<table cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td align="center" width="25" bgColor="#b9deff"><a class="border16" href="/ip-country-region-city-latitude-longitude-zipcode-isp-domain.aspx">DB10</a></td>
<td class="pad" vAlign="middle"><a class="fontbluesmaller2" href="/ip-country-region-city-latitude-longitude-zipcode-isp-domain.aspx">IP2Location&trade; IP-<br>Country-Region-City-<br>Latitude-Longitude-<br>ZIPCode-ISP-<br>Domain </a></td>
</tr>
</table>
</td>
</tr>
<tr>
<td bgColor="#73b5ed" height="1"></td>
</tr>
<tr>
<td vAlign="middle" width="100%">
<table cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td align="center" width="25" bgColor="#b9deff"><a class="border16" href="/ip-country-region-city-latitude-longitude-zipcode-timezone.aspx">DB11</a></td>
<td class="pad" vAlign="middle"><a class="fontbluesmaller2" href="/ip-country-region-city-latitude-longitude-zipcode-timezone.aspx">IP2Location&trade; IP-<br>Country-Region-City-<br>Latitude-Longitude-<br>ZIPCode-Timezone</a></td>
</tr>
</table>
</td>
</tr>
<tr>
<td bgColor="#73b5ed" height="1"></td>
</tr>
<tr>
<td vAlign="middle" width="100%">
<table cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td align="center" width="25" bgColor="#b9deff"><a class="border16" href="/ip-country-region-city-latitude-longitude-zipcode-timezone-isp-domain.aspx">DB12</a></td>
<td class="pad" vAlign="middle"><a class="fontbluesmaller2" href="/ip-country-region-city-latitude-longitude-zipcode-timezone-isp-domain.aspx">IP2Location&trade; IP-<br>Country-Region-City-<br>Latitude-Longitude-<br>ZIPCode-TimeZone<br>-ISP-Domain</a></td>
</tr>
</table>
</td>
</tr>
<tr>
<td bgColor="#73b5ed" height="1"></td>
</tr>
<tr>
<td vAlign="middle" width="100%">
<table cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td align="center" width="25" bgColor="#b9deff"><a class="border16" href="/ip-country-region-city-latitude-longitude-timezone-netspeed.aspx">DB13</a></td>
<td class="pad" vAlign="middle"><a class="fontbluesmaller2" href="/ip-country-region-city-latitude-longitude-timezone-netspeed.aspx">IP2Location&trade; IP-<br>Country-Region-City-<br>Latitude-Longitude-<br>Timezone-Netspeed</a></td>
</tr>
</table>
</td>
</tr>
<tr>
<td bgColor="#73b5ed" height="1"></td>
</tr>
<tr>
<td vAlign="middle" width="100%">
<table cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td align="center" width="25" bgColor="#b9deff"><a class="border16" href="/ip-country-region-city-latitude-longitude-zipcode-timezone-isp-domain-netspeed.aspx">DB14</a></td>
<td class="pad" vAlign="middle"><a class="fontbluesmaller2" href="/ip-country-regio..
- /c.aspx

/c.aspx

http://www.ip2location.com/c.aspx

Identified Internal Path(s)

/usr/local/lib/libIP2Location.so

Request

GET /c.aspx HTTP/1.1
Referer: http://www.ip2location.com/sitemap.xml
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.ip2location.com
Cookie: ASP.NET_SessionId=hvn3ghec0iybbw45uquc4s3c; firstvisit=firstvisit=2011-03-21 9:39:35; ip2locationshoppingcart=91=1
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 70412
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-AspNet-Version: 1.1.4322
Date: Mon, 21 Mar 2011 01:41:28 GMT



<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML>
<HEAD>
<title>C Language API Library</title>
<meta name="description" content="IP2Location&trade; C Library enables the user to find the country, region, city, coordinates, zip code, time zone, ISP, domain name, connection type, area code and weather that any IP address or hostname originates from.">
<meta name="keywords" content="c, c language, c library, ip geolocation, ip lookup location, ip address locator, search ip address, ip country, ip locate, ip to country">
<LINK href="style.css" type="text/css" rel="stylesheet">
</HEAD>
<body>
<form name="Form1" method="post" action="c.aspx" id="Form1">
<input type="hidden" name="__VIEWSTATE" value="dDwtMTczNjE0OTQ3Nzt0PDtsPGk8MT47PjtsPHQ8O2w8aTwxPjs+O2w8dDw7bDxpPDE+O2k8Mz47aTw1PjtpPDc+Oz47bDx0PHA8bDxWaXNpYmxlOz47bDxvPGY+Oz4+Ozs+O3Q8cDxwPGw8VmlzaWJsZTs+O2w8bzxmPjs+Pjs+Ozs+O3Q8cDxsPFZpc2libGU7PjtsPG88Zj47Pj47Oz47dDxwPGw8c3JjOz47bDxpbWFnZXMvbG9naW4uZ2lmOz4+Ozs+Oz4+Oz4+Oz4+O2w8UmlnaHRCbG9jazE6YnRuRmluZExvY2F0aW9uOz4+sEie7uTYU5fYYOzOLKTbgF+fdSM=" />

<TABLE id="Table1" cellSpacing="0" cellPadding="0" width="800" align="center" border="0">
<TR>
<TD vAlign="top">

<table cellSpacing="0" cellPadding="0" width="800" border="0">
<tr>
<td>
<table cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td width="160"><img height="94" src="images/ip2locationlogo.gif" width="160"></td>
<td vAlign="top">
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td>
<table width="100%" border="0" cellspacing="0" cellpadding="0" height="22">
<tr>
<td width="484" height="22" align="left">
<div style="width: 484px; height: 22px; position: relative;">
<img src="images/logintop.gif" style="border: 0px; position: absolute; z-index: -1; top: 0px; left: 0px;">
<table id="Table1" cellSpacing="0" cellPadding="0" border="0" align="right" style="position: absolute; z-index: 2; top: 0px; right: 0px;">
<tr>
<td width="16" height="22"></td>
<td height="22" class="fontwhitesmall" vAlign="bottom" style="padding-bottom: 2px;"></td>
<td height="22"></td>
</tr>
</table>
</div>
</td>
<td align="right">
<table width="156" height="22" border="0" cellspacing="0" cellpadding="0">
<tr>
<td><a href="shoppingcart.aspx"><img src="images/headerlogin_05.gif" alt="" width="81" height="22" border="0"></a></td>
<td><img src="images/headerlogin_06.gif" width="9" height="22" alt=""></td>
<td><a href="login.aspx"><img src="images/login.gif" id="Header1_imgLogin" width="66" height="22" border="0" /></a></td>
</tr>
</table>
</td>
</tr>
</table>
</td>
</tr>
<tr>
<td align="right"><img src="images/headertop.gif" width="640" height="72"></td>
</tr>
</table>
</td>
</tr>
</table>
</td>
</tr>
<tr>
<td align="center" background="images/menu_bg_02.gif" height="23">
<table cellSpacing="0" cellPadding="0" width="65%" border="0">
<tr>
<td><a class="fontbluesmall" href="default.aspx">HOME</a></td>
<td><img height="23" src="images/seperator.gif" width="2"></td>
<td align="center"><a class="fontbluesmall" href="buyonline.aspx">BUY ONLINE</a></td>
<td><img height="23" src="images/seperator.gif" width="2"></td>
<td align="center"><a class="fontbluesmall" href="developers.aspx">DEVELOPERS</a></td>
<td><img height="23" src="images/seperator.gif" width="2"></td>
<td align="center"><a class="fontbluesmall" href="partners.aspx">PARTNERS</a></td>
<td><img height="23" src="images/seperator.gif" width="2"></td>
<td align="center"><a class="fontbluesmall" href="support.aspx">SUPPORT</a></td>
<td><img height="23" src="images/seperator.gif" width="2"></td>
<td align="center"><A class="fontbluesmall" href="aboutus.aspx">ABOUT US</a></td>
<td><img height="23" src="images/seperator.gif" width="2"></td>
<td align="center"><A class="fontbluesmall" href="contactus.aspx">CONTACT US</a></td>
</tr>
</table>
</td>
</tr>
</table></TD>
</TR>
<TR>
<TD>
<TABLE id="Table2" cellSpacing="0" cellPadding="0" width="100%" border="0">
<TR>
<TD vAlign="top" width="162" bgColor="#e0ebf5">

<table cellSpacing="0" cellPadding="0" width="162" border="0">
<tr>
<td vAlign="top" width="162" bgColor="#e0ebf5">
<table cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td height="1"></td>
</tr>
<tr>
<td><a href="/products.aspx"><img height="24" alt="products" src="/images/dataproducts.gif" width="162" border="0"></a></td>
</tr>
<tr>
<td>
<table class="leftbarborder" cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td vAlign="middle" width="100%">
<table cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td align="center" width="25" bgColor="#b9deff"><a class="border16" href="/ip-country.aspx">DB1</a></td>
<td class="pad" valign="middle"><a class="fontbluesmaller2" href="/ip-country.aspx">IP2Location&trade; IP-<br>Country</a></td>
</tr>
</table>
</td>
</tr>
<tr>
<td bgColor="#73b5ed" height="1"></td>
</tr>
<tr>
<td vAlign="middle" width="100%">
<table cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td align="center" width="25" bgColor="#b9deff"><a class="border16" href="/ip-country-isp.aspx">DB2</a></td>
<td class="pad" vAlign="middle"><a class="fontbluesmaller2" href="/ip-country-isp.aspx">IP2Location&trade; IP-<br>Country-ISP</a></td>
</tr>
</table>
</td>
</tr>
<tr>
<td bgColor="#73b5ed" height="1"></td>
</tr>
<tr>
<td vAlign="middle" width="100%">
<table cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td align="center" width="25" bgColor="#b9deff"><a class="border16" href="/ip-country-region-city.aspx">DB3</a></td>
<td class="pad" vAlign="middle"><a class="fontbluesmaller2" href="/ip-country-region-city.aspx">IP2Location&trade; IP-<br>Country-Region-City</a></td>
</tr>
</table>
</td>
</tr>
<tr>
<td bgColor="#73b5ed" height="1"></td>
</tr>
<tr>
<td vAlign="middle" width="100%">
<table cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td align="center" width="25" bgColor="#b9deff"><a class="border16" href="/ip-country-region-city-isp.aspx">DB4</a></td>
<td class="pad" vAlign="middle"><a class="fontbluesmaller2" href="/ip-country-region-city-isp.aspx">IP2Location&trade; IP-<br>Country-Region-City-ISP </a></td>
</tr>
</table>
</td>
</tr>
<tr>
<td bgColor="#73b5ed" height="1"></td>
</tr>
<tr>
<td vAlign="middle" width="100%">
<table cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td align="center" width="25" bgColor="#b9deff"><a class="border16" href="/ip-country-region-city-latitude-longitude.aspx">DB5</a></td>
<td class="pad" vAlign="middle"><a class="fontbluesmaller2" href="/ip-country-region-city-latitude-longitude.aspx">IP2Location&trade; IP-<br>Country-Region-City-<br>Latitude-Longitude</a></td>
</tr>
</table>
</td>
</tr>
<tr>
<td bgColor="#73b5ed" height="1"></td>
</tr>
<tr>
<td vAlign="middle" width="100%">
<table cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td align="center" width="25" bgColor="#b9deff"><a class="border16" href="/ip-country-region-city-latitude-longitude-isp.aspx">DB6</a></td>
<td class="pad" vAlign="middle"><a class="fontbluesmaller2" href="/ip-country-region-city-latitude-longitude-isp.aspx">IP2Location&trade; IP-<br>Country-Region-City-<br>Latitude-Longitude-ISP </a></td>
</tr>
</table>
</td>
</tr>
<tr>
<td bgColor="#73b5ed" height="1"></td>
</tr>
<tr>
<td vAlign="middle" width="100%">
<table cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td align="center" width="25" bgColor="#b9deff"><a class="border16" href="/ip-country-region-city-isp-domain.aspx">DB7</a></td>
<td class="pad" vAlign="middle"><a class="fontbluesmaller2" href="/ip-country-region-city-isp-domain.aspx">IP2Location&trade; IP-<br>Country-Region-City-<br>ISP-Domain</a></td>
</tr>
</table>
</td>
</tr>
<tr>
<td bgColor="#73b5ed" height="1"></td>
</tr>
<tr>
<td vAlign="middle" width="100%">
<table cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td align="center" width="25" bgColor="#b9deff"><a class="border16" href="/ip-country-region-city-latitude-longitude-isp-domain.aspx">DB8</a></td>
<td class="pad" vAlign="middle"><a class="fontbluesmaller2" href="/ip-country-region-city-latitude-longitude-isp-domain.aspx">IP2Location&trade; IP-<br>Country-Region-City-<br>Latitude-Longitude-ISP-<br>Domain </a></td>
</tr>
</table>
</td>
</tr>
<tr>
<td bgColor="#73b5ed" height="1"></td>
</tr>
<tr>
<td vAlign="middle" width="100%">
<table cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td align="center" width="25" bgColor="#b9deff"><a class="border16" href="/ip-country-region-city-latitude-longitude-zipcode.aspx">DB9</a></td>
<td class="pad" vAlign="middle"><a class="fontbluesmaller2" href="/ip-country-region-city-latitude-longitude-zipcode.aspx">IP2Location&trade; IP-<br>Country-Region-City-<br>Latitude-Longitude-<br>ZIPCode</a></td>
</tr>
</table>
</td>
</tr>
<tr>
<td bgColor="#73b5ed" height="1"></td>
</tr>
<tr>
<td vAlign="middle" width="100%">
<table cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td align="center" width="25" bgColor="#b9deff"><a class="border16" href="/ip-country-region-city-latitude-longitude-zipcode-isp-domain.aspx">DB10</a></td>
<td class="pad" vAlign="middle"><a class="fontbluesmaller2" href="/ip-country-region-city-latitude-longitude-zipcode-isp-domain.aspx">IP2Location&trade; IP-<br>Country-Region-City-<br>Latitude-Longitude-<br>ZIPCode-ISP-<br>Domain </a></td>
</tr>
</table>
</td>
</tr>
<tr>
<td bgColor="#73b5ed" height="1"></td>
</tr>
<tr>
<td vAlign="middle" width="100%">
<table cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td align="center" width="25" bgColor="#b9deff"><a class="border16" href="/ip-country-region-city-latitude-longitude-zipcode-timezone.aspx">DB11</a></td>
<td class="pad" vAlign="middle"><a class="fontbluesmaller2" href="/ip-country-region-city-latitude-longitude-zipcode-timezone.aspx">IP2Location&trade; IP-<br>Country-Region-City-<br>Latitude-Longitude-<br>ZIPCode-Timezone</a></td>
</tr>
</table>
</td>
</tr>
<tr>
<td bgColor="#73b5ed" height="1"></td>
</tr>
<tr>
<td vAlign="middle" width="100%">
<table cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td align="center" width="25" bgColor="#b9deff"><a class="border16" href="/ip-country-region-city-latitude-longitude-zipcode-timezone-isp-domain.aspx">DB12</a></td>
<td class="pad" vAlign="middle"><a class="fontbluesmaller2" href="/ip-country-region-city-latitude-longitude-zipcode-timezone-isp-domain.aspx">IP2Location&trade; IP-<br>Country-Region-City-<br>Latitude-Longitude-<br>ZIPCode-TimeZone<br>-ISP-Domain</a></td>
</tr>
</table>
</td>
</tr>
<tr>
<td bgColor="#73b5ed" height="1"></td>
</tr>
<tr>
<td vAlign="middle" width="100%">
<table cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td align="center" width="25" bgColor="#b9deff"><a class="border16" href="/ip-country-region-city-latitude-longitude-timezone-netspeed.aspx">DB13</a></td>
<td class="pad" vAlign="middle"><a class="fontbluesmaller2" href="/ip-country-region-city-latitude-longitude-timezone-netspeed.aspx">IP2Location&trade; IP-<br>Country-Region-City-<br>Latitude-Longitude-<br>Timezone-Netspeed</a></td>
</tr>
</table>
</td>
</tr>
<tr>
<td bgColor="#73b5ed" height="1"></td>
</tr>
<tr>
<td vAlign="middle" width="100%">
<table cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td align="center" width="25" bgColor="#b9deff"><a class="border16" href="/ip-country-region-city-latitude-longitude-zipcode-timezone-isp-domain-netspeed.aspx">DB14</a></td>
<td class="pad" vAlign="middle"><a class="fontbluesmaller..
- /c.htm

/c.htm

http://www.ip2location.com/c.htm

Identified Internal Path(s)

/usr/local/lib/libIP2Location.so

Request

GET /c.htm HTTP/1.1
Referer: http://www.ip2location.com/sitemap.xml
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.ip2location.com
Cookie: ASP.NET_SessionId=hvn3ghec0iybbw45uquc4s3c; firstvisit=firstvisit=2011-03-21 9:39:35; ip2locationshoppingcart=91=1&88=1; ASPSESSIONIDCCCSTRCB=GKOODNEDCMMAHMENGLCOFLEF
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 70412
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-AspNet-Version: 1.1.4322
Date: Mon, 21 Mar 2011 01:41:44 GMT



<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML>
<HEAD>
<title>C Language API Library</title>
<meta name="description" content="IP2Location&trade; C Library enables the user to find the country, region, city, coordinates, zip code, time zone, ISP, domain name, connection type, area code and weather that any IP address or hostname originates from.">
<meta name="keywords" content="c, c language, c library, ip geolocation, ip lookup location, ip address locator, search ip address, ip country, ip locate, ip to country">
<LINK href="style.css" type="text/css" rel="stylesheet">
</HEAD>
<body>
<form name="Form1" method="post" action="c.aspx" id="Form1">
<input type="hidden" name="__VIEWSTATE" value="dDwtMTczNjE0OTQ3Nzt0PDtsPGk8MT47PjtsPHQ8O2w8aTwxPjs+O2w8dDw7bDxpPDE+O2k8Mz47aTw1PjtpPDc+Oz47bDx0PHA8bDxWaXNpYmxlOz47bDxvPGY+Oz4+Ozs+O3Q8cDxwPGw8VmlzaWJsZTs+O2w8bzxmPjs+Pjs+Ozs+O3Q8cDxsPFZpc2libGU7PjtsPG88Zj47Pj47Oz47dDxwPGw8c3JjOz47bDxpbWFnZXMvbG9naW4uZ2lmOz4+Ozs+Oz4+Oz4+Oz4+O2w8UmlnaHRCbG9jazE6YnRuRmluZExvY2F0aW9uOz4+sEie7uTYU5fYYOzOLKTbgF+fdSM=" />

<TABLE id="Table1" cellSpacing="0" cellPadding="0" width="800" align="center" border="0">
<TR>
<TD vAlign="top">

<table cellSpacing="0" cellPadding="0" width="800" border="0">
<tr>
<td>
<table cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td width="160"><img height="94" src="images/ip2locationlogo.gif" width="160"></td>
<td vAlign="top">
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td>
<table width="100%" border="0" cellspacing="0" cellpadding="0" height="22">
<tr>
<td width="484" height="22" align="left">
<div style="width: 484px; height: 22px; position: relative;">
<img src="images/logintop.gif" style="border: 0px; position: absolute; z-index: -1; top: 0px; left: 0px;">
<table id="Table1" cellSpacing="0" cellPadding="0" border="0" align="right" style="position: absolute; z-index: 2; top: 0px; right: 0px;">
<tr>
<td width="16" height="22"></td>
<td height="22" class="fontwhitesmall" vAlign="bottom" style="padding-bottom: 2px;"></td>
<td height="22"></td>
</tr>
</table>
</div>
</td>
<td align="right">
<table width="156" height="22" border="0" cellspacing="0" cellpadding="0">
<tr>
<td><a href="shoppingcart.aspx"><img src="images/headerlogin_05.gif" alt="" width="81" height="22" border="0"></a></td>
<td><img src="images/headerlogin_06.gif" width="9" height="22" alt=""></td>
<td><a href="login.aspx"><img src="images/login.gif" id="Header1_imgLogin" width="66" height="22" border="0" /></a></td>
</tr>
</table>
</td>
</tr>
</table>
</td>
</tr>
<tr>
<td align="right"><img src="images/headertop.gif" width="640" height="72"></td>
</tr>
</table>
</td>
</tr>
</table>
</td>
</tr>
<tr>
<td align="center" background="images/menu_bg_02.gif" height="23">
<table cellSpacing="0" cellPadding="0" width="65%" border="0">
<tr>
<td><a class="fontbluesmall" href="default.aspx">HOME</a></td>
<td><img height="23" src="images/seperator.gif" width="2"></td>
<td align="center"><a class="fontbluesmall" href="buyonline.aspx">BUY ONLINE</a></td>
<td><img height="23" src="images/seperator.gif" width="2"></td>
<td align="center"><a class="fontbluesmall" href="developers.aspx">DEVELOPERS</a></td>
<td><img height="23" src="images/seperator.gif" width="2"></td>
<td align="center"><a class="fontbluesmall" href="partners.aspx">PARTNERS</a></td>
<td><img height="23" src="images/seperator.gif" width="2"></td>
<td align="center"><a class="fontbluesmall" href="support.aspx">SUPPORT</a></td>
<td><img height="23" src="images/seperator.gif" width="2"></td>
<td align="center"><A class="fontbluesmall" href="aboutus.aspx">ABOUT US</a></td>
<td><img height="23" src="images/seperator.gif" width="2"></td>
<td align="center"><A class="fontbluesmall" href="contactus.aspx">CONTACT US</a></td>
</tr>
</table>
</td>
</tr>
</table></TD>
</TR>
<TR>
<TD>
<TABLE id="Table2" cellSpacing="0" cellPadding="0" width="100%" border="0">
<TR>
<TD vAlign="top" width="162" bgColor="#e0ebf5">

<table cellSpacing="0" cellPadding="0" width="162" border="0">
<tr>
<td vAlign="top" width="162" bgColor="#e0ebf5">
<table cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td height="1"></td>
</tr>
<tr>
<td><a href="/products.aspx"><img height="24" alt="products" src="/images/dataproducts.gif" width="162" border="0"></a></td>
</tr>
<tr>
<td>
<table class="leftbarborder" cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td vAlign="middle" width="100%">
<table cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td align="center" width="25" bgColor="#b9deff"><a class="border16" href="/ip-country.aspx">DB1</a></td>
<td class="pad" valign="middle"><a class="fontbluesmaller2" href="/ip-country.aspx">IP2Location&trade; IP-<br>Country</a></td>
</tr>
</table>
</td>
</tr>
<tr>
<td bgColor="#73b5ed" height="1"></td>
</tr>
<tr>
<td vAlign="middle" width="100%">
<table cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td align="center" width="25" bgColor="#b9deff"><a class="border16" href="/ip-country-isp.aspx">DB2</a></td>
<td class="pad" vAlign="middle"><a class="fontbluesmaller2" href="/ip-country-isp.aspx">IP2Location&trade; IP-<br>Country-ISP</a></td>
</tr>
</table>
</td>
</tr>
<tr>
<td bgColor="#73b5ed" height="1"></td>
</tr>
<tr>
<td vAlign="middle" width="100%">
<table cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td align="center" width="25" bgColor="#b9deff"><a class="border16" href="/ip-country-region-city.aspx">DB3</a></td>
<td class="pad" vAlign="middle"><a class="fontbluesmaller2" href="/ip-country-region-city.aspx">IP2Location&trade; IP-<br>Country-Region-City</a></td>
</tr>
</table>
</td>
</tr>
<tr>
<td bgColor="#73b5ed" height="1"></td>
</tr>
<tr>
<td vAlign="middle" width="100%">
<table cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td align="center" width="25" bgColor="#b9deff"><a class="border16" href="/ip-country-region-city-isp.aspx">DB4</a></td>
<td class="pad" vAlign="middle"><a class="fontbluesmaller2" href="/ip-country-region-city-isp.aspx">IP2Location&trade; IP-<br>Country-Region-City-ISP </a></td>
</tr>
</table>
</td>
</tr>
<tr>
<td bgColor="#73b5ed" height="1"></td>
</tr>
<tr>
<td vAlign="middle" width="100%">
<table cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td align="center" width="25" bgColor="#b9deff"><a class="border16" href="/ip-country-region-city-latitude-longitude.aspx">DB5</a></td>
<td class="pad" vAlign="middle"><a class="fontbluesmaller2" href="/ip-country-region-city-latitude-longitude.aspx">IP2Location&trade; IP-<br>Country-Region-City-<br>Latitude-Longitude</a></td>
</tr>
</table>
</td>
</tr>
<tr>
<td bgColor="#73b5ed" height="1"></td>
</tr>
<tr>
<td vAlign="middle" width="100%">
<table cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td align="center" width="25" bgColor="#b9deff"><a class="border16" href="/ip-country-region-city-latitude-longitude-isp.aspx">DB6</a></td>
<td class="pad" vAlign="middle"><a class="fontbluesmaller2" href="/ip-country-region-city-latitude-longitude-isp.aspx">IP2Location&trade; IP-<br>Country-Region-City-<br>Latitude-Longitude-ISP </a></td>
</tr>
</table>
</td>
</tr>
<tr>
<td bgColor="#73b5ed" height="1"></td>
</tr>
<tr>
<td vAlign="middle" width="100%">
<table cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td align="center" width="25" bgColor="#b9deff"><a class="border16" href="/ip-country-region-city-isp-domain.aspx">DB7</a></td>
<td class="pad" vAlign="middle"><a class="fontbluesmaller2" href="/ip-country-region-city-isp-domain.aspx">IP2Location&trade; IP-<br>Country-Region-City-<br>ISP-Domain</a></td>
</tr>
</table>
</td>
</tr>
<tr>
<td bgColor="#73b5ed" height="1"></td>
</tr>
<tr>
<td vAlign="middle" width="100%">
<table cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td align="center" width="25" bgColor="#b9deff"><a class="border16" href="/ip-country-region-city-latitude-longitude-isp-domain.aspx">DB8</a></td>
<td class="pad" vAlign="middle"><a class="fontbluesmaller2" href="/ip-country-region-city-latitude-longitude-isp-domain.aspx">IP2Location&trade; IP-<br>Country-Region-City-<br>Latitude-Longitude-ISP-<br>Domain </a></td>
</tr>
</table>
</td>
</tr>
<tr>
<td bgColor="#73b5ed" height="1"></td>
</tr>
<tr>
<td vAlign="middle" width="100%">
<table cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td align="center" width="25" bgColor="#b9deff"><a class="border16" href="/ip-country-region-city-latitude-longitude-zipcode.aspx">DB9</a></td>
<td class="pad" vAlign="middle"><a class="fontbluesmaller2" href="/ip-country-region-city-latitude-longitude-zipcode.aspx">IP2Location&trade; IP-<br>Country-Region-City-<br>Latitude-Longitude-<br>ZIPCode</a></td>
</tr>
</table>
</td>
</tr>
<tr>
<td bgColor="#73b5ed" height="1"></td>
</tr>
<tr>
<td vAlign="middle" width="100%">
<table cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td align="center" width="25" bgColor="#b9deff"><a class="border16" href="/ip-country-region-city-latitude-longitude-zipcode-isp-domain.aspx">DB10</a></td>
<td class="pad" vAlign="middle"><a class="fontbluesmaller2" href="/ip-country-region-city-latitude-longitude-zipcode-isp-domain.aspx">IP2Location&trade; IP-<br>Country-Region-City-<br>Latitude-Longitude-<br>ZIPCode-ISP-<br>Domain </a></td>
</tr>
</table>
</td>
</tr>
<tr>
<td bgColor="#73b5ed" height="1"></td>
</tr>
<tr>
<td vAlign="middle" width="100%">
<table cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td align="center" width="25" bgColor="#b9deff"><a class="border16" href="/ip-country-region-city-latitude-longitude-zipcode-timezone.aspx">DB11</a></td>
<td class="pad" vAlign="middle"><a class="fontbluesmaller2" href="/ip-country-region-city-latitude-longitude-zipcode-timezone.aspx">IP2Location&trade; IP-<br>Country-Region-City-<br>Latitude-Longitude-<br>ZIPCode-Timezone</a></td>
</tr>
</table>
</td>
</tr>
<tr>
<td bgColor="#73b5ed" height="1"></td>
</tr>
<tr>
<td vAlign="middle" width="100%">
<table cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td align="center" width="25" bgColor="#b9deff"><a class="border16" href="/ip-country-region-city-latitude-longitude-zipcode-timezone-isp-domain.aspx">DB12</a></td>
<td class="pad" vAlign="middle"><a class="fontbluesmaller2" href="/ip-country-region-city-latitude-longitude-zipcode-timezone-isp-domain.aspx">IP2Location&trade; IP-<br>Country-Region-City-<br>Latitude-Longitude-<br>ZIPCode-TimeZone<br>-ISP-Domain</a></td>
</tr>
</table>
</td>
</tr>
<tr>
<td bgColor="#73b5ed" height="1"></td>
</tr>
<tr>
<td vAlign="middle" width="100%">
<table cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td align="center" width="25" bgColor="#b9deff"><a class="border16" href="/ip-country-region-city-latitude-longitude-timezone-netspeed.aspx">DB13</a></td>
<td class="pad" vAlign="middle"><a class="fontbluesmaller2" href="/ip-country-region-city-latitude-longitude-timezone-netspeed.aspx">IP2Location&trade; IP-<br>Country-Region-City-<br>Latitude-Longitude-<br>Timezone-Netspeed</a></td>
</tr>
</table>
</td>
</tr>
<tr>
<td bgColor="#73b5ed" height="1"></td>
</tr>
<tr>
<td vAlign="middle" width="100%">
<table cellSpacing="0" cellPadding="0" width="100%" border="0">
<tr>
<td align="center" width="25" bgColor="#b9deff"><a class="border16" href="/ip-country-region-city-latitude-longitude-zipcode-timezone-isp-domain-netspeed.aspx">DB14</a></td>
<td class="pad" vAlign="middle"><a class="fontbluesmaller..
[Possible] Internal Path Leakage (Windows)

[Possible] Internal Path Leakage (Windows)

4 TOTAL
INFORMATION
Netsparker identified an internal path in the document.

Impact

There is no direct impact however this information can help an attacker either to identify other vulnerabilities or during the exploitation of other identified vulnerabilities.

Remedy

First ensure that this is not a false positive. Due to the nature of the issue. Netsparker could not confirm that this file path was actually the real file path of the target web server.

External References

- /articles/article7.htm

/articles/article7.htm

http://www.ip2location.com/articles/article7.htm

Identified Internal Path(s)

c:\Program Files\IP2Location by default. You need to add a

Request

GET /articles/article7.htm HTTP/1.1
Referer: http://www.ip2location.com/sitemap.xml
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.ip2location.com
Cookie: ASP.NET_SessionId=xsedntjlq0hssu45r03ill55; firstvisit=firstvisit=2011-03-21 9:44:6; ip2locationshoppingcart=91=1&88=2&90=20&251=1; ASPSESSIONIDCCCSTRCB=GKOODNEDCMMAHMENGLCOFLEF; ASPSESSIONIDCCCSTQDB=JKKNBHFDPHHHHOHHLMGICBBA
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 21 Mar 2011 01:51:56 GMT
Content-Type: text/html
Server: Microsoft-IIS/6.0
Content-Encoding:
Vary: Accept-Encoding
Transfer-Encoding: chunked


<HEAD>
<TITLE>Article - Redirect Web Visitors By Country Using .NET Framework in C# or
VB.NET</TITLE></HEAD>
<link rel="stylesheet" href="location.css" type="text/css">
<style type="text/css"> <!-- .style1 {font-family: "Courier New", Courier, monospace}
--></style>

<p><b>
<CENTER>Redirect Web Visitors By Country Using .NET Framework in C# or VB.NET<BR>
</CENTER>
<CENTER>&nbsp;</CENTER>
<CENTER><BR>
Hexasoft Development Sdn. Bhd. (645996-K)</b><br>
1-2-15 Mayang Mall Complex,<br>
Jalan Mayang Pasir 1,<br>
11950 Bandar Bayan Baru,<br>
Penang, Malaysia.<br>
URL: <a class="black" href="http://www.ip2location.com">http://www.ip2location.com </a>
<br>
<br>
{ <a class="black" href="mailto:sales@ip2location.com">sales@ip2location.com</a>
}<BR>
</CENTER><p>
</p>
<P align="left">
There are times when it is useful to redirect a visitor to different default
web page based on the visitor's country of origin. One practical usage is to
redirect visitor to web page with the language recognized by the visitor.</P>This article shows you how by using .NET
component, it can be done.
<P></P>
<p>Let us take a simple case study. Company XYZ is multi-national company with
major customers from United States and Japan.
The company official website is developed in both English and Japanese languages.
The default page is in English language
and visitor can switch to Japanese by changing the default language option.
There exists a potential problem when a
Japanese visitor does not understand English and it could not navigate the web
site. So let us develop a simple
solution to help Company XYZ redirecting all Internet traffic from country Japan
to the Japanese language site.
Meanwhile it drives the rest traffic to English site.
<p style="Z-INDEX: 0">In this example, we use a fully functional IP2Location� .NET
component available at <a class="black" href="http://www.ip2location.net/download/IP2LocationDotNetComponent.ZIP"
target="_blank">http://www.ip2location.net/download/IP2LocationDotNetComponent.ZIP
</a>to query country by visitor's IP address. Firstly, install the IP2Location�
.NET component. The IP2Location� .NET component will be installed in your local
drive. Next, get the IP2Location.DLL .NET component and sample database from
the directory, ie. c:\Program Files\IP2Location by default. You need to add a
reference to this component from your Visual Studio web project. A copy of this
component will be copied into /bin directory under the project. For
unregistered component, there is a random 5-second delay in one out of ten
queries.</p>
<p>Let's assume the English web page as index_en.htm and Japanese web page as
index_jp.htm. We implement a simple script default.asp to detect visitor's
country of origin. If the visitor is from Japan, then redirect him/her to
index_jp.htm, otherwise index_en.htm. Simple? Here is the code and the comments
serve as explanation default.asp.</p>
<p><b>Sample Codes in VB.NET Webform</b><br>
------------------------------</p>
<p align="left">
<span class="style1">Imports IP2Location<br>
Private Sub Query(ByVal strIPAddress As String)<br>
&nbsp;&nbsp; Dim oIPResult As New IP2Location.IPResult<br>
&nbsp;&nbsp; Try<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; If strIPAddress &lt;&gt; "" Then<br>
&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;
IP2Location.Component.IPDatabasePath = "C:\\Program
Files\\IP2Location\\Database\\IP-COUNTRY.SAMPLE.BIN"<br>
&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp; oIPResult =
IP2Location.Component.IPQuery(strIPAddress)<br>
&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
Select Case oIPResult.Status<br>
&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Case
"OK"<br>
&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
If oIPResult.CountryShort = "JP" Then<br>
&nbsp;&nbsp;&nbsp;&nbsp;
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; ' Visitor is
from Japan<br>
&nbsp;&nbsp;&nbsp;&nbsp;
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; ' Redirect
the URL to index_jp.htm<br>
&nbsp;&nbsp;&nbsp;&nbsp;
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
&nbsp;&nbsp;Response.Redirect("index_jp.htm")<br>
&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
Else<br>
&nbsp;&nbsp;&nbsp;&nbsp;
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;'
Visitor is not from Japan<br>
&nbsp;&nbsp;&nbsp;&nbsp;
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;'
Redirect the URL to index_en.htm<br>
&nbsp;&nbsp;&nbsp;&nbsp;
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;
Response.Redirect("index_en.htm")<br>
&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; End
If
<br>
&nbsp;&nbsp;&nbsp;&nbsp;
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;
Case "EMPTY_IP_ADDRESS"<br>
&nbsp;&nbsp;&nbsp;&nbsp;
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
&nbsp;&nbsp;&nbsp;&nbsp; Response.Write("IP Address cannot be blank.")<br>
&nbsp;&nbsp;&nbsp;&nbsp;
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;
Case "INVALID_IP_ADDRESS"<br>
&nbsp;&nbsp;&nbsp;&nbsp;
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
&nbsp;&nbsp;&nbsp;&nbsp; Response.Write("Invalid IP Address.")<br>
&nbsp;&nbsp;&nbsp;&nbsp;
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;
Case "MISSING_FILE"<br>
&nbsp;&nbsp;&nbsp;&nbsp;
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
&nbsp;&nbsp;&nbsp;&nbsp; Response.Write("Invalid Database Path.")<br>
&nbsp;&nbsp;&nbsp;&nbsp;
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;
End Select<br>
&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp; Else<br>
&nbsp;&nbsp;&nbsp;&nbsp;
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Response.Write("IP
Address cannot be blank.")<br>
&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp; End If<br>
&nbsp;&nbsp; Catch ex As Exception<br>
&nbsp;&nbsp;&nbsp;&nbsp;Response.Write(ex.Message)<br>
&nbsp;&nbsp; Finally<br>
&nbsp;&nbsp;&nbsp;&nbsp;oIPResult = Nothing<br>
&nbsp;&nbsp; End Try<br>
End Sub</span></p>

<p><b>Sample Codes in C# Webform<br>
</b>--------------------------</p>
<span class="style1">Using IP2Location;<br>
private void Query(string strIPAddress)<br>
{<br>
&nbsp;&nbsp;&nbsp;&nbsp;IPResult oIPResult = new IP2Location.IPResult();<br>
&nbsp;&nbsp;&nbsp;&nbsp; try<br>
&nbsp;&nbsp;&nbsp;&nbsp;{<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;if (strIPAddress !=
"")<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;{<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;IP2Location.Component.IPDatabasePath
= "C:\\Program Files\\IP2Location\\Database\\IP-COUNTRY.SAMPLE.BIN";<br>
oIPResult = IP2Location.Component.IPQuery(strIPAddress);<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;switch(oIPResult.Status.ToString())<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;{<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;case "OK":<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;if
(oIPResult.CountryShort == "JP") {<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Response.Redirect("index_jp.htm")<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;} else
{<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Response.Redirect("index_en.htm")<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;}<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;break;<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;case
"EMPTY_IP_ADDRESS":<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Response.Write("IP
Address cannot be blank.");<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;break;<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;case
"INVALID_IP_ADDRESS":<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Response.Write("Invalid
IP Address.");<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;break;<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;case
"MISSING_FILE":<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Response.Write("Invalid
Database Path.");<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;break;<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; }<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;}<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;else<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; {<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Response.Write("IP
Address cannot be blank.");<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; }<br>
&nbsp;&nbsp;&nbsp;&nbsp;}<br>
&nbsp;&nbsp;&nbsp;&nbsp;catch(Exception ex)<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;{<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Response.Write(ex.Message);<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;}<br>
&nbsp;&nbsp;&nbsp;&nbsp;finally<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;{<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;oIPResult =
null;<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;}<br>
}
<P></P>
</span>
<p>Compile and upload this project to the web site. All visitors will go through this
screening before redirect to an appropriate web page.<br>
</p>

<p><center>Hexasoft Development Sdn. Bhd. � 2001-2011
All Right Reserved</center>
<P></P>
<p><center>To obtain permission to reuse or republish this article, please write to <a class="black" href="mailto:sales@ip2location.com">
sales@ip2location.com</a>. Republication is welcome for no charge.</center>
<P></P>
- /articles/article16.html

/articles/article16.html

http://www.ip2location.com/articles/article16.html

Identified Internal Path(s)

c:\Program Files\IP2Location by default. You need to add a

Request

GET /articles/article16.html HTTP/1.1
Referer: http://www.ip2location.com/sitemap.xml
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.ip2location.com
Cookie: ASP.NET_SessionId=xsedntjlq0hssu45r03ill55; firstvisit=firstvisit=2011-03-21 9:44:6; ip2locationshoppingcart=91=1&88=2&90=20&251=1&4=1&54=1; ASPSESSIONIDCCCSTRCB=GKOODNEDCMMAHMENGLCOFLEF; ASPSESSIONIDCCCSTQDB=JKKNBHFDPHHHHOHHLMGICBBA
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 21 Mar 2011 01:51:57 GMT
Content-Type: text/html
Server: Microsoft-IIS/6.0
Content-Encoding:
Vary: Accept-Encoding
Transfer-Encoding: chunked


<HEAD>
<TITLE>Article - Display Advertisement by Country Using .NET Framework in C# or
VB.NET</TITLE></HEAD>
<link rel="stylesheet" href="location.css" type="text/css">
<style type="text/css"> <!-- .style1 {font-family: "Courier New", Courier, monospace}
--></style>
<p><center>
<strong>Display Advertisement by Country&nbsp;Using .NET Framework in C# or VB.NET<br>
</strong>
<br>
<br>
<STRONG>Hexasoft Development Sdn. Bhd. (645996-K)</B><br>
</STRONG>1-2-15 Mayang Mall Complex,<br>
Jalan Mayang Pasir 1,<br>
11950 Bandar Bayan Baru,<br>
Penang, Malaysia.<br>
<CENTER>URL: <a href="http://www.ip2location.com" class="black"><strong>http://www.ip2location.com</strong></a><br>
<br>
{ <a class="black" href="mailto:sales@ip2location.com">sales@ip2location.com</a>
}<br>
</CENTER>
<P></P>
<p>Online advertising is another way to promote company products. It�s very
important to show the right advertisements to the right consumers to have an
optimum respond. A company selling their products in Japan showing their
advertisement to visitors from United States is totally ineffective. On the
other hand, localized advertisements catch visitor attention and improve sales.<br>
</p>
<p><br>
In this example, we use a fully functional IP2Location� .NET component
available at <a href="http://www.ip2location.net/download/IP2LocationDotNetComponent.ZIP" class="black">
http://www.ip2location.net/download/IP2LocationDotNetComponent.ZIP</a>&nbsp;
to query country by visitor's IP address. Firstly, install the IP2Location�
.NET component. The IP2Location� .NET component will be installed in your local
drive. Next, get the IP2Location.DLL .NET component and sample database from
the directory, ie. c:\Program Files\IP2Location by default. You need to add a
reference to this component from your Visual Studio web project. A copy of this
component will be copied into /bin directory under the project. For
unregistered component, there is a random 5-second delay in one out of ten
queries.</p>
<p><b>Sample Codes in VB.NET Webform</b><br>
------------------------------</p>
<p><span class="style1">Imports IP2Location<br>
Private Sub Query(ByVal strIPAddress As String)<br>
&nbsp;&nbsp; Dim oIPResult As New IP2Location.IPResult<br>
&nbsp;&nbsp; Try<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; If strIPAddress &lt;&gt; "" Then<br>
&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; IP2Location.Component.IPDatabasePath = "C:\\Program Files\\IP2Location\\Database\\IP-COUNTRY.SAMPLE.BIN"<br>
&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp; oIPResult = IP2Location.Component.IPQuery(strIPAddress)<br>
&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Select Case oIPResult.Status<br>
&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Case "OK"<br>
&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; If oIPResult.CountryShort = "JP" Then<br>
&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; ' Visitor is from Japan<br>
&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; ' Show advertisement from JP<br>
&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Response.Write "&lt;img src=\"Japan.jpg\" border=\"0\" width=\"100\" height=\"200\"&gt;"<br>
&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Else<br>
&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;' Visitor is not from Japan<br>
&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;' Show other advertisement<br>
&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Response.Write "&lt;img src=\"US.jpg\" border=\"0\" width=\"100\" height=\"200\"&gt;"<br>
&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; End If <br>
&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp; Case "EMPTY_IP_ADDRESS"<br>
&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp; Response.Write("IP Address cannot be blank.")<br>
&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp; Case "INVALID_IP_ADDRESS"<br>
&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp; Response.Write("Invalid IP Address.")<br>
&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp; Case "MISSING_FILE"<br>
&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp; Response.Write("Invalid Database Path.")<br>
&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp; End Select<br>
&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp; Else<br>
&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Response.Write("IP Address cannot be blank.")<br>
&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp; End If<br>
&nbsp;&nbsp; Catch ex As Exception<br>
&nbsp;&nbsp;&nbsp;&nbsp;<br>
&nbsp;&nbsp; Finally<br>
&nbsp;&nbsp;&nbsp;&nbsp;oIPResult = Nothing<br>
&nbsp;&nbsp; End Try<br>
End Sub</span><br>
<br>
<p><b>Sample Codes in C# Webform</b><br>
--------------------------</p>
<p><span class="style1">Using IP2Location;<br>
private void Query(string strIPAddress)<br>
{<br>
&nbsp;&nbsp;&nbsp;&nbsp;IPResult oIPResult = new IP2Location.IPResult();<br>
&nbsp;&nbsp;&nbsp;&nbsp; try<br>
&nbsp;&nbsp;&nbsp;&nbsp;{<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;if (strIPAddress !=
"")<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;{<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;IP2Location.Component.IPDatabasePath = "C:\\Program Files\\IP2Location\\Database\\IP-COUNTRY.SAMPLE.BIN";<br>
oIPResult = IP2Location.Component.IPQuery(strIPAddress);<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;switch(oIPResult.Status.ToString())<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;{<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;case "OK":<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;if (oIPResult.CountryShort == "JP") {<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Response.Write "&lt;img src=\"Japan.jpg\" border=\"0\" width=\"100\" height=\"200\"&gt;"<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;}<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;else {<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Response.Write "&lt;img src=\"US.jpg\" border=\"0\" width=\"100\" height=\"200\"&gt;"<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;}<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;break;<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;case "EMPTY_IP_ADDRESS":<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Response.Write("IP Address cannot be blank.");<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;break;<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;case "INVALID_IP_ADDRESS":<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Response.Write("Invalid IP Address.");<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;break;<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;case "MISSING_FILE":<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Response.Write("Invalid Database Path.");<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;break;<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; }<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;}<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;else<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; {<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Response.Write("IP Address cannot be blank.");<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; }<br>
&nbsp;&nbsp;&nbsp;&nbsp;}<br>
&nbsp;&nbsp;&nbsp;&nbsp;catch(Exception ex)<br>
&nbsp;&nbsp;&nbsp;&nbsp;{<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;;<br>
&nbsp;&nbsp;&nbsp;&nbsp;}<br>
&nbsp;&nbsp;&nbsp;&nbsp;finally<br>
&nbsp;&nbsp;&nbsp;&nbsp;{<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;oIPResult =
null;<br>
&nbsp;&nbsp;&nbsp;&nbsp;}<br>
}</span></p>
<p align="left">&nbsp;</p>
<p align="left">
</p>
<p><center>Hexasoft Development Sdn. Bhd. � 2001-2011
All Right Reserved</center>
<P></P>
<p><center>To obtain permission to reuse or republish this article, please write to <a class="black" href="mailto:sales@ip2location.com">
sales@ip2location.com</a>. Republication is welcome for no charge.</center>
<P></P>
</center>
- /articles/article8.htm

/articles/article8.htm

http://www.ip2location.com/articles/article8.htm

Identified Internal Path(s)

c:\Program Files\IP2Location by default. You need to add a

Request

GET /articles/article8.htm HTTP/1.1
Referer: http://www.ip2location.com/sitemap.xml
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.ip2location.com
Cookie: ASP.NET_SessionId=xsedntjlq0hssu45r03ill55; firstvisit=firstvisit=2011-03-21 9:44:6; ip2locationshoppingcart=91=1&88=2&90=20&251=1&4=1&54=1; ASPSESSIONIDCCCSTRCB=GKOODNEDCMMAHMENGLCOFLEF; ASPSESSIONIDCCCSTQDB=JKKNBHFDPHHHHOHHLMGICBBA
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 21 Mar 2011 01:51:57 GMT
Content-Type: text/html
Server: Microsoft-IIS/6.0
Content-Encoding:
Vary: Accept-Encoding
Transfer-Encoding: chunked


<HEAD>
<TITLE>Article - Credit Card Fraud Prevention Using .NET Framework in C# or VB.NET</TITLE></HEAD>
<link rel="stylesheet" href="location.css" type="text/css">
<style type="text/css"> <!-- .style1 {font-family: "Courier New", Courier, monospace}
--></style>
<p><b>
<CENTER>Credit Card Fraud Prevention Using .NET Framework in C# or VB.NET<BR>
</CENTER>
<CENTER><BR>
<BR>
Hexasoft Development Sdn. Bhd. (645996-K)</b><br>
1-2-15 Mayang Mall Complex,<br>
Jalan Mayang Pasir 1,<br>
11950 Bandar Bayan Baru,<br>
Penang, Malaysia.<br>
URL: <a class="black" href="http://www.ip2location.com">http://www.ip2location.com </a>
</A><br>
<br>
{ <a class="black" href="mailto:sales@ip2location.com">sales@ip2location.com</a>
}<br></CENTER>
<P></P>
<p align="left">
Credit card fraud has become pervasive on the Internet. According to MasterCard
International, account takeover fraud has increased by 369% since 1995. It has
become one of the fastest growing types of fraud, and one of the more difficult
to combat. More than $700 million in online sales were lost to fraud in 2001,
representing 1.14 percent of total annual online sales of $61.8 billion,
according to GartnerG2. Even if the credit card company has given the
authorization as to the validity of the card, there are several ways fraudulent
cards can be used on your site. The card may have been lost or stolen, but the
card owner is yet to report its loss. Or the number on the card (and not the
card itself) may have been lifted without the knowledge of the owner. There is
also a scam called identity theft, where the card has been issued under false
pretenses using someone else's identity and data.<br>
<br>
As an online merchant, you need to have a system to check the authenticity of
orders placed to safeguard your business. While the effort may require
additional time and money, it can save you the cost and stress caused by
charge-backs for fraudulent orders. You lost your physical products; you lose
the sale price; you lose another business opportunity; and you will be fined an
additional $15-$50 charge-back fee. If you have a high percentage of
charge-backs, your card services company can even blacklist you and cancel your
merchant account. You will also spend time looking up the order and provide the
requested information to your card services company. All of these hassles are
things you can surely do without.<br>
<br>
How can you protect your business from credit card frauds? Here are a few steps
that can be taken to ensure that the transaction is being requested by the real
cardholder.<br>
<br>
<b>Suspect shipping address.</b><br>
According to ClearCommerce Corporation, a provider of payment processing and
fraud protection software for e-commerce, orders from Ukraine, Indonesia,
Yugoslavia, Lithuania, Egypt, Romania, Bulgaria, Turkey, Russia and Pakistan
have a very high incidence of fraud, and often have unverifiable addresses.<br>
<br>
<b>Untraceable email address.</b><br>
In many fraudulent orders, the customer's email address is often at one of the
free email services, like hotmail.com and yahoo.com, which are relatively
untraceable.<br>
<br>
<b>Expensive items.</b><br>
Be wary of expensive orders, especially for expensive brand-name items.<br>
<br>
<b>Multiple items.</b><br>
It can be a bad sign, for example, if someone orders three X-Box or three DVD
players at once, especially where the items have a high resale value.<br>
<br>
<b>Express shipping.</b><br>
Most fraudulent orders specify overnight or 1-day shipping without hesitation.<br>
<br>
<b>Shipping address differs from billing address.</b><br>
Receiving point and billing address are different in fraud orders. If you are
selling valuable items, it can be a good policy only to ship to the billing
address of the card's holder.<br>
<br>
<b>Suspicious billing address.</b><br>
The address looks too simple or invalid. If the billing address is 123 Main St,
New York, the order is probably fraud. You can use or online location tool to
see if the address can be verified.<br>
<br>
<b>Leave at door or post office box.</b><br>
If the courier service cannot guarantee delivery of goods, the risk of fraud is
very high.<br>
<br>
The advancement of geo-targeting in the Internet allows us to pinpoint the
geographical region for an order. The information can be used to reduce the
fraud by verifying it with the billing address and delivery address. This
method can identify the scenario where someone from country X has stolen the
credit card data from country Y. The IP address lookup service will reveal the
real country instead of relying on the country filled in the order form.<br>
<br>
IP2Location� provides technology to translate IP address to country origin. The
lookup table is available in several formats such as database and COM. It is
the perfect solution to automate the fraud detection using client side
programming languages like C++ &amp; Visual Basic; or service side programming
languages like ASP, PHP, JSP and CFML.<br>
<br>
For example, company XYZ received a credit-card order from IP address
161.139.12.3. The order details are as following:<br>
&nbsp;&nbsp;<b>Name:</b> John Ma<br>
&nbsp;&nbsp;<b>Address:</b> 123 Main St<br>
&nbsp;&nbsp;<b>City:</b> New York<br>
&nbsp;&nbsp;<b>ZIP Code:</b> 11111<br>
&nbsp;&nbsp;<b>Country:</b> United States<br>
&nbsp;&nbsp;<b>Tel:</b> (503) 111-1111<br>
&nbsp;&nbsp;<b>Credit Card No:</b> 1234 5678 9012 3456<br>
&nbsp;&nbsp;<b>Expired Date:</b> December 2010<br>
<br>
Credit card merchant processor will authorize this order if the billing address
matches the order details. Unluckily, the credit card data has been stolen
earlier by Mr. ABC from another country through the Internet. Later, he made a
purchase of digital products from company XYZ using the information. His order
approved by the merchant because all the details matched John's record in the
bank's database. IP2Location� technology can filter the difference between
order's country and record's country upfront to protect your business. You can
classify this kind of order for manual inspection before delivering the goods.
You will be surprise how much this method will help in identifying fraud
orders.<br>
<br>
In this example, we use a fully functional IP2Location� .NET component
available at <a class="black" href="http://www.ip2location.net/download/IP2LocationDotNetComponent.ZIP"
target="_blank">http://www.ip2location.net/download/IP2LocationDotNetComponent.ZIP
</a>to query country by visitor's IP address. Firstly, install the IP2Location�
.NET component. The IP2Location� .NET component will be installed in your local
drive. Next, get the IP2Location.DLL .NET component and sample database from
the directory, ie. c:\Program Files\IP2Location by default. You need to add a
reference to this component from your Visual Studio web project. A copy of this
component will be copied into /bin directory under the project. For
unregistered component, there is a random 5-second delay in one out of ten
queries.</p>
<p><b>Sample Codes in VB.NET Webform</b><br>
------------------------------</p>
<p align="left">
<span class="style1">Imports IP2Location<br>
Private Sub Query(ByVal strIPAddress As String, billingCountry As String)<br>
&nbsp;&nbsp;&nbsp; Dim oIPResult As New IP2Location.IPResult<br>
&nbsp;&nbsp;&nbsp; Try<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;If strIPAddress &lt;&gt; ""
Then<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;IP2Location.Component.IPDatabasePath
= "C:\\Program Files\\IP2Location\\Database\\IP-COUNTRY.SAMPLE.BIN"<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;oIPResult =
IP2Location.Component.IPQuery(strIPAddress)<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Select Case
oIPResult.Status<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Case "OK"<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; If
oIPResult.CountryShort = billingCountry Then<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'
buyer is from the same country by IP address<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Else<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'
buyer is from the different country by IP address<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;End If
<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Case
"EMPTY_IP_ADDRESS"<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Response.Write("IP
Address cannot be blank.")<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Case
"INVALID_IP_ADDRESS"<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Response.Write("Invalid
IP Address.")<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Case
"MISSING_FILE"<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Response.Write("Invalid
Database Path.")<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;End Select<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Else<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Response.Write("IP
Address cannot be blank.")<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;End If<br>
&nbsp;&nbsp;&nbsp; Catch ex As Exception<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Response.Write(ex.Message)<br>
&nbsp;&nbsp;&nbsp; Finally<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;oIPResult
= Nothing<br>
&nbsp;&nbsp;&nbsp; End Try<br>
End Sub</span>
</p>
<br>
<b>Sample Codes in C# Webform</b><br>
--------------------------<br>
<p align="left"><span class="style1">Using IP2Location;<br>
private void Query(string strIPAddress, string billingCountry)<br>
{<br>
&nbsp; IPResult oIPResult = new IP2Location.IPResult();<br>
&nbsp; try<br>
&nbsp; {<br>
&nbsp;&nbsp;&nbsp; if (strIPAddress != "")<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;{<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;IP2Location.Component.IPDatabasePath =
"C:\\Program Files\\IP2Location\\Database\\IP-COUNTRY.SAMPLE.BIN";<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;oIPResult =
IP2Location.Component.IPQuery(strIPAddress);<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;switch(oIPResult.Status.ToString())<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;{<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;case
"OK":<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;if
(oIPResult.CountryShort == billingCountry) {<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;//
buyer is from the same country by IP address<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;}
else {<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;//
buyer is from the different country by IP address<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;}<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;break;<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;case
"EMPTY_IP_ADDRESS":<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Response.Write("IP
Address cannot be blank.");<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;break;<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;case
"INVALID_IP_ADDRESS":<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Response.Write("Invalid
IP Address.");<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;break;<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;case
"MISSING_FILE":<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Response.Write("Invalid
Database Path.");<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;break;<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;}<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;}<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;else<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; {<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Response.Write("IP Address
cannot be blank.");<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; }<br>
&nbsp;&nbsp; }<br>
&nbsp;&nbsp;&nbsp;&nbsp;catch(Exception ex)<br>
&nbsp;&nbsp;&nbsp;&nbsp; {<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Response.Write(ex.Message);<br>
&nbsp;&nbsp;&nbsp;&nbsp; }<br>
&nbsp;&nbsp;&nbsp; finally<br>
&nbsp;&nbsp;&nbsp;&nbsp; {<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; oIPResult = null;<br>
&nbsp;&nbsp;&nbsp;&nbsp; }<br>
}</span></p>
<p>Compile and upload this project to the web site. All visitors will go through this
screening before redirect to an appropriate web page.<br>
</p>
<p><center>Hexa Software Development Center � 2001-2011
All Right Reserved</center>
<P></P>
<p><center>To obtain permission to reuse or republish this article, please write to <a class="black" href="mailto:sales@ip2location.com">
sales@ip2location.com</a>. Republication is welcome for no charge.</center>
<P></P>
- /articles/article12.htm

/articles/article12.htm

http://www.ip2location.com/articles/article12.htm

Identified Internal Path(s)

c:\Program Files\IP2Location by default. You need to add a

Request

GET /articles/article12.htm HTTP/1.1
Referer: http://www.ip2location.com/sitemap.xml
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.ip2location.com
Cookie: ASP.NET_SessionId=xsedntjlq0hssu45r03ill55; firstvisit=firstvisit=2011-03-21 9:44:6; ip2locationshoppingcart=91=1&88=2&90=20&251=1&7=1; ASPSESSIONIDCCCSTRCB=GKOODNEDCMMAHMENGLCOFLEF; ASPSESSIONIDCCCSTQDB=JKKNBHFDPHHHHOHHLMGICBBA
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 21 Mar 2011 01:51:57 GMT
Content-Type: text/html
Server: Microsoft-IIS/6.0
Content-Encoding:
Vary: Accept-Encoding
Transfer-Encoding: chunked


<HEAD>
<TITLE>Article - Determine Web Visitors Country of Origin in the Drop Down List
using .NET Framework in C# or VB.NET</TITLE></HEAD>
<link rel="stylesheet" href="location.css" type="text/css">
<style type="text/css"> <!-- .style1 {font-family: "Courier New", Courier, monospace}
--></style>
<p>
<CENTER>
<strong>Determine Web Visitors Country of Origin in the Drop Down List using .NET
Framework in C# or VB.NET</strong>
<br>
<br>
<br>
<STRONG>Hexasoft Development Sdn. Bhd. (645996-K)</B><br>
</STRONG>1-2-15 Mayang Mall Complex,<br>
Jalan Mayang Pasir 1,<br>
11950 Bandar Bayan Baru,<br>
Penang, Malaysia.</CENTER>
<CENTER>URL: <a href="http://www.ip2location.com" class="black"><strong>http://www.ip2location.com</strong></a></CENTER>
<CENTER><br>
{ <a class="black" href="mailto:sales@ip2location.com">sales@ip2location.com</a>
}<br>
</CENTER>
<P></P>
<p>
With the emergence of online technologies such as the Internet, people and
businesses have increased their reliance and use of these mediums as an avenue
for commerce as it can be more convenient. During the transaction online, there
are times when it is important to preset the web visitor's country of origin,
ZIP code, ISP and domain name at the drop down list to prevent fraud and to
ease the complexity of registration task. This article shows you how by using
.NET Framework, it can be done.</p>
<p>Let us take a simple example of a user login from Canada and he needs to fill up
a shopping cart. The form may be quite complex as some businesses need more
information to prevent fraud. In this case, there are needs to preset certain
info in the drop down list such as country of origin, ZIP code, ip and domain
name of where the users login. As a result, the drop down list in this example
will preset to Cananda, with the correct zip code and ip address.</p>
<p>
<br>
In this example, we use a fully functional IP2Location� .NET component
available at <a class="black" href="http://www.ip2location.net/download/IP2LocationDotNetComponent.ZIP"
target="_blank">http://www.ip2location.net/download/IP2LocationDotNetComponent.ZIP
</a>to query country by visitor's IP address. Firstly, install the IP2Location�
.NET component. The IP2Location� .NET component will be installed in your local
drive. Next, get the IP2Location.DLL .NET component and sample database from
the directory, ie. c:\Program Files\IP2Location by default. You need to add a
reference to this component from your Visual Studio web project. A copy of this
component will be copied into /bin directory under the project. For
unregistered component, there is a random 5-second delay in one out of ten
queries.</p>
<p><b>Sample Codes in VB.NET Webform</b><br>
------------------------------</p>
<p><span class="style1">Imports IP2Location<br>
Private Sub Query(ByVal strIPAddress As String)<br>
&nbsp;&nbsp;&nbsp;Dim oIPResult As New IP2Location.IPResult<br>
&nbsp;&nbsp;&nbsp;Try<br>
&nbsp;&nbsp;&nbsp;If strIPAddress &lt;&gt; "" Then<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;IP2Location.Component.IPDatabasePath =
"C:\\Program Files\\IP2Location\\Database\\IP-COUNTRY.SAMPLE.BIN"<br>
oIPResult = IP2Location.Component.IPQuery(strIPAddress)<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Select Case oIPResult.Status<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Case "OK"<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;If
oIPResult.CountryShort &lt;&gt; "-" Then<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Response.Write("&lt;select
name=country&gt;")<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Response.Write("&lt;option
value="&amp;<br>
oIPResult.CountryShort &amp; "&gt;" &amp; oIPResult.CountryLong &amp;
"&lt;/option&gt;")<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Response.Write("&lt;option
value=AF&gt;AFGHANISTAN&lt;/option&gt;")<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Response.Write("&lt;option
value=AL&gt;ALBANIA&lt;/option&gt;")<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Response.Write("&lt;option
value=DZ&gt;ALGERIA&lt;/option&gt;")<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Response.Write("&lt;option
value=AS&gt;AMERICAN SAMOA&lt;/option&gt;")<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Response.Write("&lt;option
value=AD&gt;ANDORRA&lt;/option&gt;")<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Response.Write("&lt;option
value=AO&gt;ANGOLA&lt;/option&gt;")<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Response.Write("&lt;option
value=AI&gt;ANGUILLA&lt;/option&gt;")<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Response.Write("&lt;option
value=AQ&gt;ANTARCTICA&lt;/option&gt;")<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Response.Write("&lt;option
value=AG&gt;ANTIGUA AND BARBUDA&lt;/option&gt;")<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Response.Write("&lt;option
value=AR&gt;ARGENTINA&lt;/option&gt;")<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Response.Write("&lt;option
value=AM&gt;ARMENIA&lt;/option&gt;")<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Response.Write("&lt;option
value=AW&gt;ARUBA&lt;/option&gt;")<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Response.Write("&lt;option
value=AP&gt;ASIA PACIFIC&lt;/option&gt;")<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Response.Write("&lt;option
value=AU&gt;AUSTRALIA&lt;/option&gt;")<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Response.Write("&lt;option
value=AT&gt;AUSTRIA&lt;/option&gt;")<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Response.Write("&lt;option
value=AZ&gt;AZERBAIJAN&lt;/option&gt;")<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Response.Write("&lt;option
value=BS&gt;BAHAMAS&lt;/option&gt;")<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Response.Write("&lt;option
value=BH&gt;BAHRAIN&lt;/option&gt;")<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Response.Write("&lt;option
value=BD&gt;BANGLADESH&lt;/option&gt;")<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Response.Write("&lt;option
value=BB&gt;BARBADOS&lt;/option&gt;")<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Response.Write("&lt;option
value=BY&gt;BELARUS&lt;/option&gt;")<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Response.Write("&lt;option
value=BE&gt;BELGIUM&lt;/option&gt;")<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Response.Write("&lt;option
value=BZ&gt;BELIZE&lt;/option&gt;")<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Response.Write("&lt;option
value=BJ&gt;BENIN&lt;/option&gt;")<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Response.Write("&lt;option
value=BM&gt;BERMUDA&lt;/option&gt;")<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Response.Write("&lt;option
value=BT&gt;BHUTAN&lt;/option&gt;")<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Response.Write("&lt;option
value=BO&gt;BOLIVIA&lt;/option&gt;")<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Response.Write("&lt;option
value=BA&gt;BOSNIA AND HERZEGOWINA&lt;/option&gt;")<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Response.Write("&lt;option
value=BW&gt;BOTSWANA&lt;/option&gt;")<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Response.Write("&lt;option
value=BV&gt;BOUVET ISLAND&lt;/option&gt;")<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Response.Write("&lt;option
value=BR&gt;BRAZIL&lt;/option&gt;")<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Response.Write("&lt;option
value=IO&gt;BRITISH INDIAN OCEAN TERRITORY&lt;/option&gt;")<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Response.Write("&lt;option
value=BN&gt;BRUNEI DARUSSALAM&lt;/option&gt;")<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Response.Write("&lt;option
value=BG&gt;BULGARIA&lt;/option&gt;")<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Response.Write("&lt;option
value=BF&gt;BURKINA FASO&lt;/option&gt;")<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Response.Write("&lt;option
value=BI&gt;BURUNDI&lt;/option&gt;")<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Response.Write("&lt;option
value=KH&gt;CAMBODIA&lt;/option&gt;")<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Response.Write("&lt;option
value=CM&gt;CAMEROON&lt;/option&gt;")<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Response.Write("&lt;option
value=CA&gt;CANADA&lt;/option&gt;")<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Response.Write("&lt;option
value=CV&gt;CAPE VERDE&lt;/option&gt;")<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Response.Write("&lt;option
value=KY&gt;CAYMAN ISLANDS&lt;/option&gt;")<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Response.Write("&lt;option
value=CF&gt;CENTRAL AFRICAN REPUBLIC&lt;/option&gt;")<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Response.Write("&lt;option
value=TD&gt;CHAD&lt;/option&gt;")<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Response.Write("&lt;option
value=CL&gt;CHILE&lt;/option&gt;")<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Response.Write("&lt;option
value=CN&gt;CHINA&lt;/option&gt;")<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Response.Write("&lt;option
value=CX&gt;CHRISTMAS ISLAND&lt;/option&gt;")<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Response.Write("&lt;option
value=CC&gt;COCOS (KEELING) ISLANDS&lt;/option&gt;")<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Response.Write("&lt;option
value=CO&gt;COLOMBIA&lt;/option&gt;")<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Response.Write("&lt;option
value=KM&gt;COMOROS&lt;/option&gt;")<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Response.Write("&lt;option
value=CG&gt;CONGO&lt;/option&gt;")<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Response.Write("&lt;option
value=CD&gt;CONGO, THE DEMOCRATIC REPUBLIC OF THE&lt;/option&gt;")<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Response.Write("&lt;option
value=CK&gt;COOK ISLANDS&lt;/option&gt;")<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Response.Write("&lt;option
value=CR&gt;COSTA RICA&lt;/option&gt;")<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Response.Write("&lt;option
value=CI&gt;COTE D'IVOIRE&lt;/option&gt;")<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Response.Write("&lt;option
value=HR&gt;CROATIA&lt;/option&gt;")<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Response.Write("&lt;option
value=CU&gt;CUBA&lt;/option&gt;")<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Response.Write("&lt;option
value=CY&gt;CYPRUS&lt;/option&gt;")<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Response.Write("&lt;option
value=CZ&gt;CZECH REPUBLIC&lt;/option&gt;")<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Response.Write("&lt;option
value=CS&gt;CZECHOSLOVAKIA (FORMER)&lt;/option&gt;")<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Response.Write("&lt;option
value=DK&gt;DENMARK&lt;/option&gt;")<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Res..