XSS, Cross Site Scripting, Javascript Injection, community.nasdaq.com, CWE-79, CAPEC-86Loading
Netsparker - Scan Report Summary
|
||||||||||
|
Total RequestsAverage Speedreq/sec. |
6
identified
4
confirmed
0
critical
2
informational
|
||||||||
GHDB, DORK TestsGHDB, DORK Tests
|
||||||||||
|
Authentication
Scheduled
|
|||||||||
VULNERABILITIESVulnerabilities
|
||
 |
IMPORTANT
17 %
LOW
50 %
INFORMATION
33 %
|
|
Cookie Not Marked As Secure
Cookie Not Marked As Secure
1
TOTAL
IMPORTANT
CONFIRMED
1
A Cookie was not marked as secure and transmitted over HTTPS. This means the cookie could potentially be stolen by an attacker who can successfully intercept and decrypt the traffic or following a successful MITM (Man in the middle) attack.
Impact
This cookie will be transmitted over a HTTP connection, therefore if this cookie is important (such as a session cookie) an attacker might intercept it and hijack a victim's session. If the attacker can carry out a MITM attack, he/she can force victim to make a HTTP request to steal the cookie.
Actions to Take
- See the remedy for solution.
- Mark all cookies used within the application as secure. (If the cookie is not related to authentication or does not carry any personal information you do not have to mark it as secure.))
Remedy
Mark all cookies used within the application as secure.
Required Skills for Successful Exploitation
To exploit this issue, the attacker needs to be able to intercept traffic. This generally requires local access to the web server or victim's network. Attackers need to be understand layer 2, have physical access to systems either as way points for the traffic, or locally (have gained access to) to a system between the victim and the web server.
|
- /register.aspx
/register.aspx CONFIRMED |
Identified Cookie
ASP.NET_SessionId
Request
GET /register.aspx HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: community.nasdaq.com
Cookie: ecm=user_id=0&isMembershipUser=0&site_id=&username=&new_site=/&unique_id=0&site_preview=0&langvalue=0&DefaultLanguage=1033&NavLanguage=1033&LastValidLanguageID=1033&DefaultCurrency=840&SiteCurrency=840&ContType=&UserCulture=1033&dm=community.nasdaq.com&SiteLanguage=1033; EktGUID=0651780c-1a27-46f6-bf42-4f598cb783dc; EkAnalytics=newuser
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: community.nasdaq.com
Cookie: ecm=user_id=0&isMembershipUser=0&site_id=&username=&new_site=/&unique_id=0&site_preview=0&langvalue=0&DefaultLanguage=1033&NavLanguage=1033&LastValidLanguageID=1033&DefaultCurrency=840&SiteCurrency=840&ContType=&UserCulture=1033&dm=community.nasdaq.com&SiteLanguage=1033; EktGUID=0651780c-1a27-46f6-bf42-4f598cb783dc; EkAnalytics=newuser
Accept-Encoding: gzip, deflate
Response
HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: ASP.NET_SessionId=swgv5c55hbo53i45vjzv0f55; path=/; HttpOnly
Date: Sun, 13 Feb 2011 01:59:07 GMT
Content-Length: 30584
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="Head1"><title>
Welcome to the NASDAQ Community!
</title><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><link rel="shortcut icon" href="https://www.nasdaq.com/images/qfav.ico" type="image/ico" /><link rel="icon" href="https://www.nasdaq.com/images/qfav.ico" type="image/x-icon" /><link rel="shortcut icon" href="https://www.nasdaq.com/images/qfav.ico" type="image/x-icon" />
<!--[if gte IE 6]><!-->
<!--
<link rel="stylesheet" type="text/css" href="https://www.nasdaq.com/includes/community_header.css" media="screen, projection" /><link rel="stylesheet" type="text/css" href="https://www.nasdaq.com/includes/community_footer.css" media="screen, projection" />
-->
<link rel="stylesheet" type="text/css" href="/common/styles/general.css" media="screen, projection" />
<!-- <![endif]-->
<!--[if IE 7]><link rel="stylesheet" type="text/css" media="screen, projection" href="/common/styles/ie7.css" /><![endif]-->
<!--[if IE 6]><link rel="stylesheet" type="text/css" media="screen, projection" href="/common/styles/ie6.css" /><![endif]-->
<link rel="stylesheet" type="text/css" href="/common/styles/print.css" media="print" />
<script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.1/jquery.min.js"></script>
<script type="text/javascript" src="/common/scripts/jquery.qtip.js"></script>
<script type="text/javascript" src="/common/scripts/actions.js"></script>
<script type="text/javascript" src="/common/scripts/jquery-ui-core.js"></script>
<script type="text/javascript" src="/common/scripts/jquery-blockui.js"></script>
<script type="text/javascript">
//<![CDATA[
myPage = 'register1';
sectionId = 'liHome'; //section tab
breadCrumbId = 'Li1'; //page
is_dartSite = "home";
is_dartZone = "home6";
propVar = "NASDAQ Community";
propVar2 = "Registration";
propVar15 = "Community";
googlehints = "stock market, stock investment, trading account, real time stock quotes, investment advice, best investments, mutual funds, portfolio tracking, Stock trading, Personal Finance, Nasdaq stocks, interest rates, Forex trading, equity trading, Pre-market quotes, after hours trading, Business news, company profiles, technology news, Nasdaq companies, online stock";
//]]>
</script>
<script type="text/javascript">
function passwordStrength(password) {
var desc = new Array();
desc[0] = "Very Weak";
desc[1] = "Weak";
desc[2] = "Better";
desc[3] = "Medium";
desc[4] = "Strong";
desc[5] = "Strongest";
var score = 0;
//if password bigger than 6 give 1 point
if (password.length > 6) score++;
//if password has both lower and uppercase characters give 1 point
if ( ( password.match(/[a-z]/) ) && ( password.match(/[A-Z]/) ) ) score++;
//if password has at least one number give 1 point
if (password.match(/\d+/)) score++;
//if password has at least one special caracther give 1 point
if ( password.match(/.[!,@,#,$,%,^,&,*,?,_,~,-,(,)]/) ) score++;
//if password bigger than 12 give another 1 point
if (password.length > 12) score++;
// document.getElementById("passwordDescription").innerHTML = desc[score];
// document.getElementById("passwordStrength").className = "strength" + score;
$('#passwordStrength').attr("class", "strength" + score);
document.getElementById("passwordStrength").innerHTML = desc[score];
}
</script>
<style type="text/css">
#passwordStrength {
display:block;
float:left;
font-size:11px;
font-weight:bold;
height:22px;
margin-top:-1px;
padding-top:3px;
text-align:center;
-webkit-border-bottom-right-radius: 3px;
-webkit-border-bottom-left-radius: 3px;
-moz-border-radius-bottomright: 3px;
-moz-border-radius-bottomleft: 3px;
border-bottom-right-radius: 3px;
border-bottom-left-radius: 3px;
}
.strength0 { width:175px; background:url('/common/images/strength0.png') repeat-x; color:#333; }
.strength1 { width:175px; background:url('/common/images/strength1.png') repeat-x; color:#f7f7f7; }
.strength2 { width:175px; background:url('/common/images/strength2.png') repeat-x; color:#f7f7f7;}
.strength3 { width:175px; background:url('/common/images/strength3.png') repeat-x; color:#f7f7f7;}
.strength4 { width:175px; background:url('/common/images/strength4.png') repeat-x; color:#f7f7f7; }
.strength5 { width:175px; background:url('/common/images/strength5.png') repeat-x; color:#f7f7f7; }
#widget, #view {
margin:0 !important;
}
.error {
font-size:10px;
font-weight:bold;
color: #e64040;
padding-left:6px;
}
.errorSummary {
background: #fff1f1;
border:1px solid #fcd4d4;
color: #e64040;
font-weight: bold;
}
fieldset {
margin-bottom: 10px;
margin-top:10px;
}
legend {
padding: 0 2px;
font-weight: bold;
}
label {
display: inline-block;
line-height: 1.8;
vertical-align: top;
}
fieldset ol {
margin: 0;
padding: 0;
}
fieldset li {
list-style: none;
padding: 5px;
margin: 0;
width:250px;
*width:225px;
}
fieldset fieldset {
border: none;
margin: 3px 0 0;
}
fieldset fieldset legend {
padding: 0 0 5px;
font-weight: normal;
}
fieldset fieldset label {
display: block;
width: auto;
}
em {
font-weight: bold;
font-style: normal;
color: #f00;
}
label {
width: 170px; /* Width of labels */
text-shadow:0 1px #FFFFFF;
}
fieldset fieldset label {
margin-left: 123px; /* Width plus 3 (html space) */
}
input#NASDAQRegistration1_email:focus, input#NASDAQRegistration1_Password:focus,
input#NASDAQRegistration1_ConfirmPassword:focus, input#NASDAQRegistration1_UserName:focus,
input#NASDAQRegistration1_chkAcceptTerms:focus, input#NASDAQRegistration1_chkSignup:focus,
input#NASDAQRegistration1_confirmEmail:focus
{
border:1px solid #7e8388 !important;
}
input#NASDAQRegistration1_email, input#NASDAQRegistration1_Password,
input#NASDAQRegistration1_ConfirmPassword, input#NASDAQRegistration1_UserName,
input#NASDAQRegistration1_chkAcceptTerms, input#NASDAQRegistration1_chkSignup,
input#NASDAQRegistration1_confirmEmail
{
padding: 5px;
-moz-box-shadow:0 1px 1px #DDDDDD inset;
-webkit-box-shadow:0 1px 1px #DDDDDD inset;
-webkit-border-radius: 3px;
-moz-border-radius: 3px;
border-radius: 3px;
}
ul#providers {
float:left;
margin:12px 0 13px 20px;
}
ul#providers a { text-decoration: none; outline:none; }
ul#providers a:hover { font-weight:bold; outline:none; }
ul#providers a:active { position:relative; top:1px; outline;none; }
ul#providers li {
float:left;
font-size:12px;
padding:3px 3px 0;
width:120px;
}
p.label_checkbox_pair {
clear: both;
float: none;
position: relative;
}
p.label_checkbox_pair input {
left: 80px;
position: absolute;
top: 1px;
}
p.label_checkbox_pair label {
display: block;
margin-left: 90px;
width: 200px;
}
</style>
</head>
<body>
<div id="wrapper" class="commlogin" style="width: 680px;margin:0px auto 0">
<form name="form1" method="post" action="/register.aspx" onsubmit="javascript:return WebForm_OnSubmit();" id="form1">
<div>
<input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
<input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTM2Mjk5NTE5Ng9kFgICAxBkZBYMAgEPZBYEAgcPDxYCHgdWaXNpYmxlaGRkAhkPDxYEHhRWYWxpZGF0aW9uRXhwcmVzc2lvbgURXlteIAknIiUjXXs2LDEyfSQeBFRleHQFjgFQYXNzd29yZCBtdXN0IGJlIGF0IGxlYXN0IDYgY2hhcmFjdGVycyBpbiBsZW5ndGggYW5kIG1heSBub3QgY29udGFpbiBzcGFjZXMsIHRhYnMsIHNpbmdsZSBxdW90ZXMsIGRvdWJsZSBxdW90ZXMsIHBlcmNlbnQgc2lnbnMgb3IgcG91bmQgc2lnbnMuZGQCAw8WAh4EaHJlZgWoAWh0dHBzOi8vY29tbXVuaXR5LWxvZ2luLm5hc2RhcS5jb206NDQzL2ZhY2Vib29rL2Nvbm5lY3Rfc3RhcnQ/ZXh0X3Blcm09cHVibGlzaF9zdHJlYW0sZW1haWwsb2ZmbGluZV9hY2Nlc3MmdG9rZW5fdXJsPWh0dHBzJTNhJTJmJTJmY29tbXVuaXR5Lm5hc2RhcS5jb20lM2E0NDMlMmZycHguYXNweGQCBQ8WAh8DBbgBaHR0cHM6Ly9jb21tdW5pdHktbG9naW4ubmFzZGFxLmNvbTo0NDMvb3BlbmlkL3N0YXJ0P29wZW5pZF9pZGVudGlmaWVyPWh0dHBzJTNhJTJmJTJmd3d3Lmdvb2dsZS5jb20lMmZhY2NvdW50cyUyZm84JTJmaWQlM2YmdG9rZW5fdXJsPWh0dHBzJTNhJTJmJTJmY29tbXVuaXR5Lm5hc2RhcS5jb20lM2E0NDMlMmZycHguYXNweGQCBw8WAh8DBXJodHRwczovL2NvbW11bml0eS1sb2dpbi5uYXNkYXEuY29tOjQ0My90d2l0dGVyL3N0YXJ0P3Rva2VuX3VybD1odHRwcyUzYSUyZiUyZmNvbW11bml0eS5uYXNkYXEuY29tJTNhNDQzJTJmcnB4LmFzcHhkAgkPFgIfAwWgAWh0dHBzOi8vY29tbXVuaXR5LWxvZ2luLm5hc2RhcS5jb206NDQzL29wZW5pZC9zdGFydD9vcGVuaWRfaWRlbnRpZmllcj1odHRwJTNhJTJmJTJmbWUueWFob28uY29tJTJmJnRva2VuX3VybD1odHRwcyUzYSUyZiUyZmNvbW11bml0eS5uYXNkYXEuY29tJTNhNDQzJTJmcnB4LmFzcHhkAgsPFgIfAwVzaHR0cHM6Ly9jb21tdW5pdHktbG9naW4ubmFzZGFxLmNvbTo0NDMvbGlua2VkaW4vc3RhcnQ/dG9rZW5fdXJsPWh0dHBzJTNhJTJmJTJmY29tbXVuaXR5Lm5hc2RhcS5jb20lM2E0NDMlMmZycHguYXNweGQYAQUeX19Db250cm9sc1JlcXVpcmVQb3N0QmFja0tleV9fFgIFIk5BU0RBUVJlZ2lzdHJhdGlvbjEkY2hrQWNjZXB0VGVybXMFHU5BU0RBUVJlZ2lzdHJhdGlvbjEkY2hrU2lnbnVwqwOZpiojmA1LcHpXWLCma42kIy0=" />
</div>
<script type="text/javascript">
//<![CDATA[
var theForm = document.forms['form1'];
if (!theForm) {
theForm = document.form1;
}
function __doPostBack(eventTarget, eventArgument) {
if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
theForm.__EVENTTARGET.value = eventTarget;
theForm.__EVENTARGUMENT.value = eventArgument;
theForm.submit();
}
}
//]]>
</script>
<script src="/WebResource.axd?d=9bfn5OaxVg0iI3gTzeAwWZV-6B2T2CIMpJdYjzQ6zPEmUyTvpTqqpbUnP9p8EbeXXOaFVNo1tBaRFTIwPmnTYAhsEKc1&t=634210220576316535" type="text/javascript"></script>
<script src="/WebResource.axd?d=DrXWA32NSi4v0wPod4A9g6qxXOVeiTyn7TSc6VWkZG93PyHJLpg91lB3YIv0UCeueI2CFYn7JGwrFEt6aRyNqoaFYEc1&t=634210220576316535" type="text/javascript"></script>
<script type="text/javascript">
//<![CDATA[
function WebForm_OnSubmit() {
if (typeof(ValidatorOnSubmit) == "function" && ValidatorOnSubmit() == false) return false;
return true;
}
//]]>
</script>
<div>
<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWEALV/YvCAwL0mp3KBgKaibzYCAKWi8fhDwLr95C5BwLVkbeADQKk8vC/DAKXtK+SBgL3uJfYCQL4udOXCQLHjdnqBQKd7P/tCQLKosSICAL61MiUCgLukuV0ArinjJwKNgPTf294OgSI4ZWDbKWl9+wTMyI=" />
</div>
<div id="leftColMed" style="height:737px; *height:752px;">
<div id="loginBox" class="clearfix" style="height:690px;">
<div id="commloginheader">
</div>
<div id="loginHeader" style="background:none repeat scroll 0 0 #F5FAF9;border-bottom:1px dotted #CCCCCC;float:left;height:30px;margin:0 5px 0;width:665px; *border-bottom:none; *margin-left:5px; _margin-left:2px;">
<h1 style="color:#1E4E6A;margin-bottom:0;padding-left:9px;padding-top:5px;width:655px;">
Join the Community. It's Free!<span style="color:#000000;font-size:12px;font-weight:bold;padding-left:185px;padding-top:5px;">Already a member? <a href="https://community.nasdaq.com/login.aspx">Sign In</a></span>
</h1>
</div>
<div id="leftSide" style="width:310px;height:533px; *height:588px; padding-right:5px;padding-top:20px; *padding-right:0px;">
<style type="text/css">
#score { color: #000; text-align: center; width: 100px; font-weight: bold; background-image: url(/common/images/bg_strength_gradient.jpg); background-repeat: no-repeat; background-position: 0 0; }
#scorebarBorder { overflow: hidden; background: #333; border: 1px #000 solid; margin-bottom: 2px; width: 100px; margin-left: 5px; }
</style>
<input type="hidden" name="NASDAQRegistration1$hPassportGuid" id="NASDAQRegistration1_hPassportGuid" />
<input type="hidden" name="NASDAQRegistration1$hFirstName" id="NASDAQRegistration1_hFirstName" />
<input type="hidden" name="NASDAQRegistration1$hLastName" id="NASDAQRegistration1_hLastName" />
<h4>Register Today</h4>
<p style="margin-bottom:10px;">Please provide the following brief information to begin enjoying all that the NASDAQ Community has to offer.</p>
<span id="NASDAQRegistration1_lblUserNameError" style="color:Red;"></span>
<fielset>
<ol>
<!-- email address -->
<li style="padding-bottom:5px;">
<label for="email" style="width:160px;">Your current email address:</label>
<input name="NASDAQRegistration1$email" type="text" id="NASDAQRegistration1_email" autocomplete="off" />
<br />
<span id="NASDAQRegistration1_emailFormatValidator" class="loginError" style="color:Red;display:none;">Please enter a valid email address in the form (name)@(domain).(extension)</span>
<span id="NASDAQRegistration1_emailPresentValidator" class="loginError" style="color:Red;display:none;">An email address is required</span>
</li>
<!-- confirm email address -->
<li style="padding-bottom:5px;">
<label for="confirmemail" style="width:160px;">Confirm Email:</label>
<input name="NASDAQRegistration1$confirmEmail" type="text" id="NASDAQRegistration1_confirmEmail" autocomplete="off" />
<br />
<span id="NASDAQRegistration1_confirmEmailPresentValidator" class="loginError" style="color:Red;display:none;">Confirmation of email address is required</span>
<span id="NASDAQRegistration1_emailComparisonValidator" class="loginError" style="color:Red;visibility:hidden;">Email and Confirm email must match</span>
</li>
<!-- choose password -->
<li>
<label for="Password" style="width:160px;">Choose a Password:</label>
<input name="NASDAQRegistration1$Password" type="password" id="NASDAQRegistration1_Password" autocomplete="off" onkeyup="passwordStrength(this.value);" onblur="passwordStrength(this.value)" onchange="passwordStrength(this.value)" onfocus="passwordStrength(this.value)" />
<div id="passwordStrength" class="strength0"></div>
<span id="NASDAQRegistration1_passwordValidator" class="loginError" style="color:Red;display:none;">Password is required</span>
</li>
<!-- confirm password -->
<li>
<label for="ConfirmPassword" style="width:160px;">Confirm Password:</label>
<input name="NASDAQRegistration1$ConfirmPassword" type="password" id="NASDAQRegistration1_ConfirmPassword" autocomplete="off" />
<br />
<span id="NASDAQRegistration1_confirmPasswordValidator" class="loginError" style="color:Red;visibility:hidden;">Confirm Password is required</span>
<span id="NASDAQRegistration1_passwordComparisonValidator" class="loginError" style="color:Red;visibility:hidden;">Password and Confirm Password must match</span>
</li>
<!-- display name -->
<li>
<label for="UserName" style="width:160px;">Display name:</label>
<input name="NASDAQRegistration1$UserName" type="text" autocomplete="off" maxlength="12" id="NASDAQRegistration1_UserName" autocomplete="off" />
<br />
<span id="NASDAQRegistration1_userNameExpressionValidator" class="loginError" style="color:Red;display:none;">Display name must be between 4 ..
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: ASP.NET_SessionId=swgv5c55hbo53i45vjzv0f55; path=/; HttpOnly
Date: Sun, 13 Feb 2011 01:59:07 GMT
Content-Length: 30584
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="Head1"><title>
Welcome to the NASDAQ Community!
</title><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><link rel="shortcut icon" href="https://www.nasdaq.com/images/qfav.ico" type="image/ico" /><link rel="icon" href="https://www.nasdaq.com/images/qfav.ico" type="image/x-icon" /><link rel="shortcut icon" href="https://www.nasdaq.com/images/qfav.ico" type="image/x-icon" />
<!--[if gte IE 6]><!-->
<!--
<link rel="stylesheet" type="text/css" href="https://www.nasdaq.com/includes/community_header.css" media="screen, projection" /><link rel="stylesheet" type="text/css" href="https://www.nasdaq.com/includes/community_footer.css" media="screen, projection" />
-->
<link rel="stylesheet" type="text/css" href="/common/styles/general.css" media="screen, projection" />
<!-- <![endif]-->
<!--[if IE 7]><link rel="stylesheet" type="text/css" media="screen, projection" href="/common/styles/ie7.css" /><![endif]-->
<!--[if IE 6]><link rel="stylesheet" type="text/css" media="screen, projection" href="/common/styles/ie6.css" /><![endif]-->
<link rel="stylesheet" type="text/css" href="/common/styles/print.css" media="print" />
<script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.1/jquery.min.js"></script>
<script type="text/javascript" src="/common/scripts/jquery.qtip.js"></script>
<script type="text/javascript" src="/common/scripts/actions.js"></script>
<script type="text/javascript" src="/common/scripts/jquery-ui-core.js"></script>
<script type="text/javascript" src="/common/scripts/jquery-blockui.js"></script>
<script type="text/javascript">
//<![CDATA[
myPage = 'register1';
sectionId = 'liHome'; //section tab
breadCrumbId = 'Li1'; //page
is_dartSite = "home";
is_dartZone = "home6";
propVar = "NASDAQ Community";
propVar2 = "Registration";
propVar15 = "Community";
googlehints = "stock market, stock investment, trading account, real time stock quotes, investment advice, best investments, mutual funds, portfolio tracking, Stock trading, Personal Finance, Nasdaq stocks, interest rates, Forex trading, equity trading, Pre-market quotes, after hours trading, Business news, company profiles, technology news, Nasdaq companies, online stock";
//]]>
</script>
<script type="text/javascript">
function passwordStrength(password) {
var desc = new Array();
desc[0] = "Very Weak";
desc[1] = "Weak";
desc[2] = "Better";
desc[3] = "Medium";
desc[4] = "Strong";
desc[5] = "Strongest";
var score = 0;
//if password bigger than 6 give 1 point
if (password.length > 6) score++;
//if password has both lower and uppercase characters give 1 point
if ( ( password.match(/[a-z]/) ) && ( password.match(/[A-Z]/) ) ) score++;
//if password has at least one number give 1 point
if (password.match(/\d+/)) score++;
//if password has at least one special caracther give 1 point
if ( password.match(/.[!,@,#,$,%,^,&,*,?,_,~,-,(,)]/) ) score++;
//if password bigger than 12 give another 1 point
if (password.length > 12) score++;
// document.getElementById("passwordDescription").innerHTML = desc[score];
// document.getElementById("passwordStrength").className = "strength" + score;
$('#passwordStrength').attr("class", "strength" + score);
document.getElementById("passwordStrength").innerHTML = desc[score];
}
</script>
<style type="text/css">
#passwordStrength {
display:block;
float:left;
font-size:11px;
font-weight:bold;
height:22px;
margin-top:-1px;
padding-top:3px;
text-align:center;
-webkit-border-bottom-right-radius: 3px;
-webkit-border-bottom-left-radius: 3px;
-moz-border-radius-bottomright: 3px;
-moz-border-radius-bottomleft: 3px;
border-bottom-right-radius: 3px;
border-bottom-left-radius: 3px;
}
.strength0 { width:175px; background:url('/common/images/strength0.png') repeat-x; color:#333; }
.strength1 { width:175px; background:url('/common/images/strength1.png') repeat-x; color:#f7f7f7; }
.strength2 { width:175px; background:url('/common/images/strength2.png') repeat-x; color:#f7f7f7;}
.strength3 { width:175px; background:url('/common/images/strength3.png') repeat-x; color:#f7f7f7;}
.strength4 { width:175px; background:url('/common/images/strength4.png') repeat-x; color:#f7f7f7; }
.strength5 { width:175px; background:url('/common/images/strength5.png') repeat-x; color:#f7f7f7; }
#widget, #view {
margin:0 !important;
}
.error {
font-size:10px;
font-weight:bold;
color: #e64040;
padding-left:6px;
}
.errorSummary {
background: #fff1f1;
border:1px solid #fcd4d4;
color: #e64040;
font-weight: bold;
}
fieldset {
margin-bottom: 10px;
margin-top:10px;
}
legend {
padding: 0 2px;
font-weight: bold;
}
label {
display: inline-block;
line-height: 1.8;
vertical-align: top;
}
fieldset ol {
margin: 0;
padding: 0;
}
fieldset li {
list-style: none;
padding: 5px;
margin: 0;
width:250px;
*width:225px;
}
fieldset fieldset {
border: none;
margin: 3px 0 0;
}
fieldset fieldset legend {
padding: 0 0 5px;
font-weight: normal;
}
fieldset fieldset label {
display: block;
width: auto;
}
em {
font-weight: bold;
font-style: normal;
color: #f00;
}
label {
width: 170px; /* Width of labels */
text-shadow:0 1px #FFFFFF;
}
fieldset fieldset label {
margin-left: 123px; /* Width plus 3 (html space) */
}
input#NASDAQRegistration1_email:focus, input#NASDAQRegistration1_Password:focus,
input#NASDAQRegistration1_ConfirmPassword:focus, input#NASDAQRegistration1_UserName:focus,
input#NASDAQRegistration1_chkAcceptTerms:focus, input#NASDAQRegistration1_chkSignup:focus,
input#NASDAQRegistration1_confirmEmail:focus
{
border:1px solid #7e8388 !important;
}
input#NASDAQRegistration1_email, input#NASDAQRegistration1_Password,
input#NASDAQRegistration1_ConfirmPassword, input#NASDAQRegistration1_UserName,
input#NASDAQRegistration1_chkAcceptTerms, input#NASDAQRegistration1_chkSignup,
input#NASDAQRegistration1_confirmEmail
{
padding: 5px;
-moz-box-shadow:0 1px 1px #DDDDDD inset;
-webkit-box-shadow:0 1px 1px #DDDDDD inset;
-webkit-border-radius: 3px;
-moz-border-radius: 3px;
border-radius: 3px;
}
ul#providers {
float:left;
margin:12px 0 13px 20px;
}
ul#providers a { text-decoration: none; outline:none; }
ul#providers a:hover { font-weight:bold; outline:none; }
ul#providers a:active { position:relative; top:1px; outline;none; }
ul#providers li {
float:left;
font-size:12px;
padding:3px 3px 0;
width:120px;
}
p.label_checkbox_pair {
clear: both;
float: none;
position: relative;
}
p.label_checkbox_pair input {
left: 80px;
position: absolute;
top: 1px;
}
p.label_checkbox_pair label {
display: block;
margin-left: 90px;
width: 200px;
}
</style>
</head>
<body>
<div id="wrapper" class="commlogin" style="width: 680px;margin:0px auto 0">
<form name="form1" method="post" action="/register.aspx" onsubmit="javascript:return WebForm_OnSubmit();" id="form1">
<div>
<input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
<input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTM2Mjk5NTE5Ng9kFgICAxBkZBYMAgEPZBYEAgcPDxYCHgdWaXNpYmxlaGRkAhkPDxYEHhRWYWxpZGF0aW9uRXhwcmVzc2lvbgURXlteIAknIiUjXXs2LDEyfSQeBFRleHQFjgFQYXNzd29yZCBtdXN0IGJlIGF0IGxlYXN0IDYgY2hhcmFjdGVycyBpbiBsZW5ndGggYW5kIG1heSBub3QgY29udGFpbiBzcGFjZXMsIHRhYnMsIHNpbmdsZSBxdW90ZXMsIGRvdWJsZSBxdW90ZXMsIHBlcmNlbnQgc2lnbnMgb3IgcG91bmQgc2lnbnMuZGQCAw8WAh4EaHJlZgWoAWh0dHBzOi8vY29tbXVuaXR5LWxvZ2luLm5hc2RhcS5jb206NDQzL2ZhY2Vib29rL2Nvbm5lY3Rfc3RhcnQ/ZXh0X3Blcm09cHVibGlzaF9zdHJlYW0sZW1haWwsb2ZmbGluZV9hY2Nlc3MmdG9rZW5fdXJsPWh0dHBzJTNhJTJmJTJmY29tbXVuaXR5Lm5hc2RhcS5jb20lM2E0NDMlMmZycHguYXNweGQCBQ8WAh8DBbgBaHR0cHM6Ly9jb21tdW5pdHktbG9naW4ubmFzZGFxLmNvbTo0NDMvb3BlbmlkL3N0YXJ0P29wZW5pZF9pZGVudGlmaWVyPWh0dHBzJTNhJTJmJTJmd3d3Lmdvb2dsZS5jb20lMmZhY2NvdW50cyUyZm84JTJmaWQlM2YmdG9rZW5fdXJsPWh0dHBzJTNhJTJmJTJmY29tbXVuaXR5Lm5hc2RhcS5jb20lM2E0NDMlMmZycHguYXNweGQCBw8WAh8DBXJodHRwczovL2NvbW11bml0eS1sb2dpbi5uYXNkYXEuY29tOjQ0My90d2l0dGVyL3N0YXJ0P3Rva2VuX3VybD1odHRwcyUzYSUyZiUyZmNvbW11bml0eS5uYXNkYXEuY29tJTNhNDQzJTJmcnB4LmFzcHhkAgkPFgIfAwWgAWh0dHBzOi8vY29tbXVuaXR5LWxvZ2luLm5hc2RhcS5jb206NDQzL29wZW5pZC9zdGFydD9vcGVuaWRfaWRlbnRpZmllcj1odHRwJTNhJTJmJTJmbWUueWFob28uY29tJTJmJnRva2VuX3VybD1odHRwcyUzYSUyZiUyZmNvbW11bml0eS5uYXNkYXEuY29tJTNhNDQzJTJmcnB4LmFzcHhkAgsPFgIfAwVzaHR0cHM6Ly9jb21tdW5pdHktbG9naW4ubmFzZGFxLmNvbTo0NDMvbGlua2VkaW4vc3RhcnQ/dG9rZW5fdXJsPWh0dHBzJTNhJTJmJTJmY29tbXVuaXR5Lm5hc2RhcS5jb20lM2E0NDMlMmZycHguYXNweGQYAQUeX19Db250cm9sc1JlcXVpcmVQb3N0QmFja0tleV9fFgIFIk5BU0RBUVJlZ2lzdHJhdGlvbjEkY2hrQWNjZXB0VGVybXMFHU5BU0RBUVJlZ2lzdHJhdGlvbjEkY2hrU2lnbnVwqwOZpiojmA1LcHpXWLCma42kIy0=" />
</div>
<script type="text/javascript">
//<![CDATA[
var theForm = document.forms['form1'];
if (!theForm) {
theForm = document.form1;
}
function __doPostBack(eventTarget, eventArgument) {
if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
theForm.__EVENTTARGET.value = eventTarget;
theForm.__EVENTARGUMENT.value = eventArgument;
theForm.submit();
}
}
//]]>
</script>
<script src="/WebResource.axd?d=9bfn5OaxVg0iI3gTzeAwWZV-6B2T2CIMpJdYjzQ6zPEmUyTvpTqqpbUnP9p8EbeXXOaFVNo1tBaRFTIwPmnTYAhsEKc1&t=634210220576316535" type="text/javascript"></script>
<script src="/WebResource.axd?d=DrXWA32NSi4v0wPod4A9g6qxXOVeiTyn7TSc6VWkZG93PyHJLpg91lB3YIv0UCeueI2CFYn7JGwrFEt6aRyNqoaFYEc1&t=634210220576316535" type="text/javascript"></script>
<script type="text/javascript">
//<![CDATA[
function WebForm_OnSubmit() {
if (typeof(ValidatorOnSubmit) == "function" && ValidatorOnSubmit() == false) return false;
return true;
}
//]]>
</script>
<div>
<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWEALV/YvCAwL0mp3KBgKaibzYCAKWi8fhDwLr95C5BwLVkbeADQKk8vC/DAKXtK+SBgL3uJfYCQL4udOXCQLHjdnqBQKd7P/tCQLKosSICAL61MiUCgLukuV0ArinjJwKNgPTf294OgSI4ZWDbKWl9+wTMyI=" />
</div>
<div id="leftColMed" style="height:737px; *height:752px;">
<div id="loginBox" class="clearfix" style="height:690px;">
<div id="commloginheader">
</div>
<div id="loginHeader" style="background:none repeat scroll 0 0 #F5FAF9;border-bottom:1px dotted #CCCCCC;float:left;height:30px;margin:0 5px 0;width:665px; *border-bottom:none; *margin-left:5px; _margin-left:2px;">
<h1 style="color:#1E4E6A;margin-bottom:0;padding-left:9px;padding-top:5px;width:655px;">
Join the Community. It's Free!<span style="color:#000000;font-size:12px;font-weight:bold;padding-left:185px;padding-top:5px;">Already a member? <a href="https://community.nasdaq.com/login.aspx">Sign In</a></span>
</h1>
</div>
<div id="leftSide" style="width:310px;height:533px; *height:588px; padding-right:5px;padding-top:20px; *padding-right:0px;">
<style type="text/css">
#score { color: #000; text-align: center; width: 100px; font-weight: bold; background-image: url(/common/images/bg_strength_gradient.jpg); background-repeat: no-repeat; background-position: 0 0; }
#scorebarBorder { overflow: hidden; background: #333; border: 1px #000 solid; margin-bottom: 2px; width: 100px; margin-left: 5px; }
</style>
<input type="hidden" name="NASDAQRegistration1$hPassportGuid" id="NASDAQRegistration1_hPassportGuid" />
<input type="hidden" name="NASDAQRegistration1$hFirstName" id="NASDAQRegistration1_hFirstName" />
<input type="hidden" name="NASDAQRegistration1$hLastName" id="NASDAQRegistration1_hLastName" />
<h4>Register Today</h4>
<p style="margin-bottom:10px;">Please provide the following brief information to begin enjoying all that the NASDAQ Community has to offer.</p>
<span id="NASDAQRegistration1_lblUserNameError" style="color:Red;"></span>
<fielset>
<ol>
<!-- email address -->
<li style="padding-bottom:5px;">
<label for="email" style="width:160px;">Your current email address:</label>
<input name="NASDAQRegistration1$email" type="text" id="NASDAQRegistration1_email" autocomplete="off" />
<br />
<span id="NASDAQRegistration1_emailFormatValidator" class="loginError" style="color:Red;display:none;">Please enter a valid email address in the form (name)@(domain).(extension)</span>
<span id="NASDAQRegistration1_emailPresentValidator" class="loginError" style="color:Red;display:none;">An email address is required</span>
</li>
<!-- confirm email address -->
<li style="padding-bottom:5px;">
<label for="confirmemail" style="width:160px;">Confirm Email:</label>
<input name="NASDAQRegistration1$confirmEmail" type="text" id="NASDAQRegistration1_confirmEmail" autocomplete="off" />
<br />
<span id="NASDAQRegistration1_confirmEmailPresentValidator" class="loginError" style="color:Red;display:none;">Confirmation of email address is required</span>
<span id="NASDAQRegistration1_emailComparisonValidator" class="loginError" style="color:Red;visibility:hidden;">Email and Confirm email must match</span>
</li>
<!-- choose password -->
<li>
<label for="Password" style="width:160px;">Choose a Password:</label>
<input name="NASDAQRegistration1$Password" type="password" id="NASDAQRegistration1_Password" autocomplete="off" onkeyup="passwordStrength(this.value);" onblur="passwordStrength(this.value)" onchange="passwordStrength(this.value)" onfocus="passwordStrength(this.value)" />
<div id="passwordStrength" class="strength0"></div>
<span id="NASDAQRegistration1_passwordValidator" class="loginError" style="color:Red;display:none;">Password is required</span>
</li>
<!-- confirm password -->
<li>
<label for="ConfirmPassword" style="width:160px;">Confirm Password:</label>
<input name="NASDAQRegistration1$ConfirmPassword" type="password" id="NASDAQRegistration1_ConfirmPassword" autocomplete="off" />
<br />
<span id="NASDAQRegistration1_confirmPasswordValidator" class="loginError" style="color:Red;visibility:hidden;">Confirm Password is required</span>
<span id="NASDAQRegistration1_passwordComparisonValidator" class="loginError" style="color:Red;visibility:hidden;">Password and Confirm Password must match</span>
</li>
<!-- display name -->
<li>
<label for="UserName" style="width:160px;">Display name:</label>
<input name="NASDAQRegistration1$UserName" type="text" autocomplete="off" maxlength="12" id="NASDAQRegistration1_UserName" autocomplete="off" />
<br />
<span id="NASDAQRegistration1_userNameExpressionValidator" class="loginError" style="color:Red;display:none;">Display name must be between 4 ..
Internal Server Error
Internal Server Error
1
TOTAL
LOW
CONFIRMED
1
The Server responded with an HTTP status 500. This indicates that there is a server-side error. Reasons may vary. The behavior should be analysed carefully. If Netsparker is able to find a security issue in the same resource it will report this as a separate vulnerability.
Impact
The impact may vary depending on the condition. Generally this indicates poor coding practices, not enough error checking, sanitization and whitelisting. However there might be a bigger issue such as SQL Injection. If that's the case Netsparker will check for other possible issues and report them separately.
Remedy
Analyse this issue and review the application code in order to handle unexpected errors, this should be a generic practice which does not disclose further information upon an error. All errors should be handled server side only.
|
- /register.aspx
/register.aspx CONFIRMED |
Parameters
| Parameter | Type | Value |
| __EVENTTARGET | POST | 3 |
| __EVENTARGUMENT | POST | 3 |
| __VIEWSTATE | POST | /wEPDwUKLTM2Mjk5NTE5Ng9kFgICAxBkZBYMAgEPZBYEAgcPDxYCHgdWaXNpYmxlaGRkAhkPDxYEHhRWYWxpZGF0aW9uRXhwcmVzc2lvbgURXlteIAknIiUjXXs2LDEyfSQeBFRleHQFjgFQYXNzd29yZCBtdXN0IGJlIGF0IGxlYXN0IDYgY2hhcmFjdGVycyBpbiBsZW5ndGggYW5kIG1heSBub3QgY29udGFpbiBzcGFjZXMsIHRhYnMsIHNpbmdsZSBxdW90ZXMsIGRvdWJsZSBxdW90ZXMsIHBlcmNlbnQgc2lnbnMgb3IgcG91bmQgc2lnbnMuZGQCAw8WAh4EaHJlZgWoAWh0dHBzOi8vY29tbXVuaXR5LWxvZ2luLm5hc2RhcS5jb206NDQzL2ZhY2Vib29rL2Nvbm5lY3Rfc3RhcnQ/ZXh0X3Blcm09cHVibGlzaF9zdHJlYW0sZW1haWwsb2ZmbGluZV9hY2Nlc3MmdG9rZW5fdXJsPWh0dHBzJTNhJTJmJTJmY29tbXVuaXR5Lm5hc2RhcS5jb20lM2E0NDMlMmZycHguYXNweGQCBQ8WAh8DBbgBaHR0cHM6Ly9jb21tdW5pdHktbG9naW4ubmFzZGFxLmNvbTo0NDMvb3BlbmlkL3N0YXJ0P29wZW5pZF9pZGVudGlmaWVyPWh0dHBzJTNhJTJmJTJmd3d3Lmdvb2dsZS5jb20lMmZhY2NvdW50cyUyZm84JTJmaWQlM2YmdG9rZW5fdXJsPWh0dHBzJTNhJTJmJTJmY29tbXVuaXR5Lm5hc2RhcS5jb20lM2E0NDMlMmZycHguYXNweGQCBw8WAh8DBXJodHRwczovL2NvbW11bml0eS1sb2dpbi5uYXNkYXEuY29tOjQ0My90d2l0dGVyL3N0YXJ0P3Rva2VuX3VybD1odHRwcyUzYSUyZiUyZmNvbW11bml0eS5uYXNkYXEuY29tJTNhNDQzJTJmcnB4LmFzcHhkAgkPFgIfAwWgAWh0dHBzOi8vY29tbXVuaXR5LWxvZ2luLm5hc2RhcS5jb206NDQzL29wZW5pZC9zdGFydD9vcGVuaWRfaWRlbnRpZmllcj1odHRwJTNhJTJmJTJmbWUueWFob28uY29tJTJmJnRva2VuX3VybD1odHRwcyUzYSUyZiUyZmNvbW11bml0eS5uYXNkYXEuY29tJTNhNDQzJTJmcnB4LmFzcHhkAgsPFgIfAwVzaHR0cHM6Ly9jb21tdW5pdHktbG9naW4ubmFzZGFxLmNvbTo0NDMvbGlua2VkaW4vc3RhcnQ/dG9rZW5fdXJsPWh0dHBzJTNhJTJmJTJmY29tbXVuaXR5Lm5hc2RhcS5jb20lM2E0NDMlMmZycHguYXNweGQYAQUeX19Db250cm9sc1JlcXVpcmVQb3N0QmFja0tleV9fFgIFIk5BU0RBUVJlZ2lzdHJhdGlvbjEkY2hrQWNjZXB0VGVybXMFHU5BU0RBUVJlZ2lzdHJhdGlvbjEkY2hrU2lnbnVwqwOZpiojmA1LcHpXWLCma42kIy0= |
| __EVENTVALIDATION | POST | /wEWEALV/YvCAwL0mp3KBgKaibzYCAKWi8fhDwLr95C5BwLVkbeADQKk8vC/DAKXtK SBgL3uJfYCQL4udOXCQLHjdnqBQKd7P/tCQLKosSICAL61MiUCgLukuV0ArinjJwKNgPTf294OgSI4ZWDbKWl9 wTMyI= |
| NASDAQRegistration1$hPassportGuid | POST | <? print(int)0xFFF9999-22;//?> |
| NASDAQRegistration1$hFirstName | POST | Ronald Smith |
| NASDAQRegistration1$hLastName | POST | Ronald Smith |
| NASDAQRegistration1$email | POST | netsparker@example.com |
| NASDAQRegistration1$confirmEmail | POST | netsparker@example.com |
| NASDAQRegistration1$Password | POST | 3 |
| NASDAQRegistration1$ConfirmPassword | POST | 3 |
| NASDAQRegistration1$UserName | POST | Ronald Smith |
| NASDAQRegistration1$chkAcceptTerms | POST | on |
| NASDAQRegistration1$chkSignup | POST | on |
| openidurl | POST | 3 |
| aolScreenname | POST | Ronald Smith |
Request
POST /register.aspx HTTP/1.1
Referer: https://community.nasdaq.com/register.aspx
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: community.nasdaq.com
Cookie: ecm=user_id=0&isMembershipUser=0&site_id=&username=&new_site=/&unique_id=0&site_preview=0&langvalue=0&DefaultLanguage=1033&NavLanguage=1033&LastValidLanguageID=1033&DefaultCurrency=840&SiteCurrency=840&ContType=&UserCulture=1033&dm=community.nasdaq.com&SiteLanguage=1033; EktGUID=093dc357-2703-46ab-b862-0e92d1e9afab; EkAnalytics=newuser; ASP.NET_SessionId=reawmlbcse2jqw55qofdsy55
Content-Length: 2307
Accept-Encoding: gzip, deflate
__EVENTTARGET=3&__EVENTARGUMENT=3&__VIEWSTATE=%2fwEPDwUKLTM2Mjk5NTE5Ng9kFgICAxBkZBYMAgEPZBYEAgcPDxYCHgdWaXNpYmxlaGRkAhkPDxYEHhRWYWxpZGF0aW9uRXhwcmVzc2lvbgURXlteIAknIiUjXXs2LDEyfSQeBFRleHQFjgFQYXNzd29yZCBtdXN0IGJlIGF0IGxlYXN0IDYgY2hhcmFjdGVycyBpbiBsZW5ndGggYW5kIG1heSBub3QgY29udGFpbiBzcGFjZXMsIHRhYnMsIHNpbmdsZSBxdW90ZXMsIGRvdWJsZSBxdW90ZXMsIHBlcmNlbnQgc2lnbnMgb3IgcG91bmQgc2lnbnMuZGQCAw8WAh4EaHJlZgWoAWh0dHBzOi8vY29tbXVuaXR5LWxvZ2luLm5hc2RhcS5jb206NDQzL2ZhY2Vib29rL2Nvbm5lY3Rfc3RhcnQ%2fZXh0X3Blcm09cHVibGlzaF9zdHJlYW0sZW1haWwsb2ZmbGluZV9hY2Nlc3MmdG9rZW5fdXJsPWh0dHBzJTNhJTJmJTJmY29tbXVuaXR5Lm5hc2RhcS5jb20lM2E0NDMlMmZycHguYXNweGQCBQ8WAh8DBbgBaHR0cHM6Ly9jb21tdW5pdHktbG9naW4ubmFzZGFxLmNvbTo0NDMvb3BlbmlkL3N0YXJ0P29wZW5pZF9pZGVudGlmaWVyPWh0dHBzJTNhJTJmJTJmd3d3Lmdvb2dsZS5jb20lMmZhY2NvdW50cyUyZm84JTJmaWQlM2YmdG9rZW5fdXJsPWh0dHBzJTNhJTJmJTJmY29tbXVuaXR5Lm5hc2RhcS5jb20lM2E0NDMlMmZycHguYXNweGQCBw8WAh8DBXJodHRwczovL2NvbW11bml0eS1sb2dpbi5uYXNkYXEuY29tOjQ0My90d2l0dGVyL3N0YXJ0P3Rva2VuX3VybD1odHRwcyUzYSUyZiUyZmNvbW11bml0eS5uYXNkYXEuY29tJTNhNDQzJTJmcnB4LmFzcHhkAgkPFgIfAwWgAWh0dHBzOi8vY29tbXVuaXR5LWxvZ2luLm5hc2RhcS5jb206NDQzL29wZW5pZC9zdGFydD9vcGVuaWRfaWRlbnRpZmllcj1odHRwJTNhJTJmJTJmbWUueWFob28uY29tJTJmJnRva2VuX3VybD1odHRwcyUzYSUyZiUyZmNvbW11bml0eS5uYXNkYXEuY29tJTNhNDQzJTJmcnB4LmFzcHhkAgsPFgIfAwVzaHR0cHM6Ly9jb21tdW5pdHktbG9naW4ubmFzZGFxLmNvbTo0NDMvbGlua2VkaW4vc3RhcnQ%2fdG9rZW5fdXJsPWh0dHBzJTNhJTJmJTJmY29tbXVuaXR5Lm5hc2RhcS5jb20lM2E0NDMlMmZycHguYXNweGQYAQUeX19Db250cm9sc1JlcXVpcmVQb3N0QmFja0tleV9fFgIFIk5BU0RBUVJlZ2lzdHJhdGlvbjEkY2hrQWNjZXB0VGVybXMFHU5BU0RBUVJlZ2lzdHJhdGlvbjEkY2hrU2lnbnVwqwOZpiojmA1LcHpXWLCma42kIy0%3d&__EVENTVALIDATION=%2fwEWEALV%2fYvCAwL0mp3KBgKaibzYCAKWi8fhDwLr95C5BwLVkbeADQKk8vC%2fDAKXtK%2bSBgL3uJfYCQL4udOXCQLHjdnqBQKd7P%2ftCQLKosSICAL61MiUCgLukuV0ArinjJwKNgPTf294OgSI4ZWDbKWl9%2bwTMyI%3d&NASDAQRegistration1$hPassportGuid=%3c%3f+print(int)0xFFF9999-22%3b%2f%2f%3f%3e&NASDAQRegistration1$hFirstName=Ronald+Smith&NASDAQRegistration1$hLastName=Ronald+Smith&NASDAQRegistration1$email=netsparker%40example.com&NASDAQRegistration1$confirmEmail=netsparker%40example.com&NASDAQRegistration1$Password=3&NASDAQRegistration1$ConfirmPassword=3&NASDAQRegistration1$UserName=Ronald+Smith&NASDAQRegistration1$chkAcceptTerms=on&NASDAQRegistration1$chkSignup=on&openidurl=3&aolScreenname=Ronald+Smith
Referer: https://community.nasdaq.com/register.aspx
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: community.nasdaq.com
Cookie: ecm=user_id=0&isMembershipUser=0&site_id=&username=&new_site=/&unique_id=0&site_preview=0&langvalue=0&DefaultLanguage=1033&NavLanguage=1033&LastValidLanguageID=1033&DefaultCurrency=840&SiteCurrency=840&ContType=&UserCulture=1033&dm=community.nasdaq.com&SiteLanguage=1033; EktGUID=093dc357-2703-46ab-b862-0e92d1e9afab; EkAnalytics=newuser; ASP.NET_SessionId=reawmlbcse2jqw55qofdsy55
Content-Length: 2307
Accept-Encoding: gzip, deflate
__EVENTTARGET=3&__EVENTARGUMENT=3&__VIEWSTATE=%2fwEPDwUKLTM2Mjk5NTE5Ng9kFgICAxBkZBYMAgEPZBYEAgcPDxYCHgdWaXNpYmxlaGRkAhkPDxYEHhRWYWxpZGF0aW9uRXhwcmVzc2lvbgURXlteIAknIiUjXXs2LDEyfSQeBFRleHQFjgFQYXNzd29yZCBtdXN0IGJlIGF0IGxlYXN0IDYgY2hhcmFjdGVycyBpbiBsZW5ndGggYW5kIG1heSBub3QgY29udGFpbiBzcGFjZXMsIHRhYnMsIHNpbmdsZSBxdW90ZXMsIGRvdWJsZSBxdW90ZXMsIHBlcmNlbnQgc2lnbnMgb3IgcG91bmQgc2lnbnMuZGQCAw8WAh4EaHJlZgWoAWh0dHBzOi8vY29tbXVuaXR5LWxvZ2luLm5hc2RhcS5jb206NDQzL2ZhY2Vib29rL2Nvbm5lY3Rfc3RhcnQ%2fZXh0X3Blcm09cHVibGlzaF9zdHJlYW0sZW1haWwsb2ZmbGluZV9hY2Nlc3MmdG9rZW5fdXJsPWh0dHBzJTNhJTJmJTJmY29tbXVuaXR5Lm5hc2RhcS5jb20lM2E0NDMlMmZycHguYXNweGQCBQ8WAh8DBbgBaHR0cHM6Ly9jb21tdW5pdHktbG9naW4ubmFzZGFxLmNvbTo0NDMvb3BlbmlkL3N0YXJ0P29wZW5pZF9pZGVudGlmaWVyPWh0dHBzJTNhJTJmJTJmd3d3Lmdvb2dsZS5jb20lMmZhY2NvdW50cyUyZm84JTJmaWQlM2YmdG9rZW5fdXJsPWh0dHBzJTNhJTJmJTJmY29tbXVuaXR5Lm5hc2RhcS5jb20lM2E0NDMlMmZycHguYXNweGQCBw8WAh8DBXJodHRwczovL2NvbW11bml0eS1sb2dpbi5uYXNkYXEuY29tOjQ0My90d2l0dGVyL3N0YXJ0P3Rva2VuX3VybD1odHRwcyUzYSUyZiUyZmNvbW11bml0eS5uYXNkYXEuY29tJTNhNDQzJTJmcnB4LmFzcHhkAgkPFgIfAwWgAWh0dHBzOi8vY29tbXVuaXR5LWxvZ2luLm5hc2RhcS5jb206NDQzL29wZW5pZC9zdGFydD9vcGVuaWRfaWRlbnRpZmllcj1odHRwJTNhJTJmJTJmbWUueWFob28uY29tJTJmJnRva2VuX3VybD1odHRwcyUzYSUyZiUyZmNvbW11bml0eS5uYXNkYXEuY29tJTNhNDQzJTJmcnB4LmFzcHhkAgsPFgIfAwVzaHR0cHM6Ly9jb21tdW5pdHktbG9naW4ubmFzZGFxLmNvbTo0NDMvbGlua2VkaW4vc3RhcnQ%2fdG9rZW5fdXJsPWh0dHBzJTNhJTJmJTJmY29tbXVuaXR5Lm5hc2RhcS5jb20lM2E0NDMlMmZycHguYXNweGQYAQUeX19Db250cm9sc1JlcXVpcmVQb3N0QmFja0tleV9fFgIFIk5BU0RBUVJlZ2lzdHJhdGlvbjEkY2hrQWNjZXB0VGVybXMFHU5BU0RBUVJlZ2lzdHJhdGlvbjEkY2hrU2lnbnVwqwOZpiojmA1LcHpXWLCma42kIy0%3d&__EVENTVALIDATION=%2fwEWEALV%2fYvCAwL0mp3KBgKaibzYCAKWi8fhDwLr95C5BwLVkbeADQKk8vC%2fDAKXtK%2bSBgL3uJfYCQL4udOXCQLHjdnqBQKd7P%2ftCQLKosSICAL61MiUCgLukuV0ArinjJwKNgPTf294OgSI4ZWDbKWl9%2bwTMyI%3d&NASDAQRegistration1$hPassportGuid=%3c%3f+print(int)0xFFF9999-22%3b%2f%2f%3f%3e&NASDAQRegistration1$hFirstName=Ronald+Smith&NASDAQRegistration1$hLastName=Ronald+Smith&NASDAQRegistration1$email=netsparker%40example.com&NASDAQRegistration1$confirmEmail=netsparker%40example.com&NASDAQRegistration1$Password=3&NASDAQRegistration1$ConfirmPassword=3&NASDAQRegistration1$UserName=Ronald+Smith&NASDAQRegistration1$chkAcceptTerms=on&NASDAQRegistration1$chkSignup=on&openidurl=3&aolScreenname=Ronald+Smith
Response
HTTP/1.1 500 Internal Server Error
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Date: Sun, 13 Feb 2011 01:59:41 GMT
Content-Length: 3026
<html>
<head>
<title>Runtime Error</title>
<style>
body {font-family:"Verdana";font-weight:normal;font-size: .7em;color:black;}
p {font-family:"Verdana";font-weight:normal;color:black;margin-top: -5px}
b {font-family:"Verdana";font-weight:bold;color:black;margin-top: -5px}
H1 { font-family:"Verdana";font-weight:normal;font-size:18pt;color:red }
H2 { font-family:"Verdana";font-weight:normal;font-size:14pt;color:maroon }
pre {font-family:"Lucida Console";font-size: .9em}
.marker {font-weight: bold; color: black;text-decoration: none;}
.version {color: gray;}
.error {margin-bottom: 10px;}
.expandable { text-decoration:underline; font-weight:bold; color:navy; cursor:hand; }
</style>
</head>
<body bgcolor="white">
<span><H1>Server Error in '/' Application.<hr width=100% size=1 color=silver></H1>
<h2> <i>Runtime Error</i> </h2></span>
<font face="Arial, Helvetica, Geneva, SunSans-Regular, sans-serif ">
<b> Description: </b>An application error occurred on the server. The current custom error settings for this application prevent the details of the application error from being viewed remotely (for security reasons). It could, however, be viewed by browsers running on the local server machine.
<br><br>
<b>Details:</b> To enable the details of this specific error message to be viewable on remote machines, please create a <customErrors> tag within a "web.config" configuration file located in the root directory of the current web application. This <customErrors> tag should then have its "mode" attribute set to "Off".<br><br>
<table width=100% bgcolor="#ffffcc">
<tr>
<td>
<code><pre>
<!-- Web.Config Configuration File -->
<configuration>
<system.web>
<customErrors mode="Off"/>
</system.web>
</configuration></pre></code>
</td>
</tr>
</table>
<br>
<b>Notes:</b> The current error page you are seeing can be replaced by a custom error page by modifying the "defaultRedirect" attribute of the application's <customErrors> configuration tag to point to a custom error page URL.<br><br>
<table width=100% bgcolor="#ffffcc">
<tr>
<td>
<code><pre>
<!-- Web.Config Configuration File -->
<configuration>
<system.web>
<customErrors mode="RemoteOnly" defaultRedirect="mycustompage.htm"/>
</system.web>
</configuration></pre></code>
</td>
</tr>
</table>
<br>
</body>
</html>
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Date: Sun, 13 Feb 2011 01:59:41 GMT
Content-Length: 3026
<html>
<head>
<title>Runtime Error</title>
<style>
body {font-family:"Verdana";font-weight:normal;font-size: .7em;color:black;}
p {font-family:"Verdana";font-weight:normal;color:black;margin-top: -5px}
b {font-family:"Verdana";font-weight:bold;color:black;margin-top: -5px}
H1 { font-family:"Verdana";font-weight:normal;font-size:18pt;color:red }
H2 { font-family:"Verdana";font-weight:normal;font-size:14pt;color:maroon }
pre {font-family:"Lucida Console";font-size: .9em}
.marker {font-weight: bold; color: black;text-decoration: none;}
.version {color: gray;}
.error {margin-bottom: 10px;}
.expandable { text-decoration:underline; font-weight:bold; color:navy; cursor:hand; }
</style>
</head>
<body bgcolor="white">
<span><H1>Server Error in '/' Application.<hr width=100% size=1 color=silver></H1>
<h2> <i>Runtime Error</i> </h2></span>
<font face="Arial, Helvetica, Geneva, SunSans-Regular, sans-serif ">
<b> Description: </b>An application error occurred on the server. The current custom error settings for this application prevent the details of the application error from being viewed remotely (for security reasons). It could, however, be viewed by browsers running on the local server machine.
<br><br>
<b>Details:</b> To enable the details of this specific error message to be viewable on remote machines, please create a <customErrors> tag within a "web.config" configuration file located in the root directory of the current web application. This <customErrors> tag should then have its "mode" attribute set to "Off".<br><br>
<table width=100% bgcolor="#ffffcc">
<tr>
<td>
<code><pre>
<!-- Web.Config Configuration File -->
<configuration>
<system.web>
<customErrors mode="Off"/>
</system.web>
</configuration></pre></code>
</td>
</tr>
</table>
<br>
<b>Notes:</b> The current error page you are seeing can be replaced by a custom error page by modifying the "defaultRedirect" attribute of the application's <customErrors> configuration tag to point to a custom error page URL.<br><br>
<table width=100% bgcolor="#ffffcc">
<tr>
<td>
<code><pre>
<!-- Web.Config Configuration File -->
<configuration>
<system.web>
<customErrors mode="RemoteOnly" defaultRedirect="mycustompage.htm"/>
</system.web>
</configuration></pre></code>
</td>
</tr>
</table>
<br>
</body>
</html>
Cookie Not Marked As HttpOnly
Cookie Not Marked As HttpOnly
1
TOTAL
LOW
CONFIRMED
1
Cookie was not marked as HTTPOnly. HTTPOnly cookies can not be read by client-side scripts therefore marking a cookie as HTTPOnly can provide an additional layer of protection against Cross-site Scripting attacks..
Impact
During a Cross-site Scripting attack an attacker might easily access cookies and hijack the victim's session.Actions to Take
- See the remedy for solution
- Consider marking all of the cookies used by the application as HTTPOnly (After these changes javascript code will not able to read cookies.
Remedy
Mark the cookie as HTTPOnly. This will be an extra layer of defence against XSS. However this is not a silver bullet and will not protect the system against Cross-site Scripting attacks. An attacker can use a tool such as XSS Tunnel to bypass HTTPOnly protection.
External References
|
- /register.aspx
/register.aspx CONFIRMED |
Parameters
| Parameter | Type | Value |
| __EVENTTARGET | POST | 3 |
| __EVENTARGUMENT | POST | 3 |
| __VIEWSTATE | POST | /wEPDwUKLTM2Mjk5NTE5Ng9kFgICAxBkZBYMAgEPZBYEAgcPDxYCHgdWaXNpYmxlaGRkAhkPDxYEHhRWYWxpZGF0aW9uRXhwcmVzc2lvbgURXlteIAknIiUjXXs2LDEyfSQeBFRleHQFjgFQYXNzd29yZCBtdXN0IGJlIGF0IGxlYXN0IDYgY2hhcmFjdGVycyBpbiBsZW5ndGggYW5kIG1heSBub3QgY29udGFpbiBzcGFjZXMsIHRhYnMsIHNpbmdsZSBxdW90ZXMsIGRvdWJsZSBxdW90ZXMsIHBlcmNlbnQgc2lnbnMgb3IgcG91bmQgc2lnbnMuZGQCAw8WAh4EaHJlZgWoAWh0dHBzOi8vY29tbXVuaXR5LWxvZ2luLm5hc2RhcS5jb206NDQzL2ZhY2Vib29rL2Nvbm5lY3Rfc3RhcnQ/ZXh0X3Blcm09cHVibGlzaF9zdHJlYW0sZW1haWwsb2ZmbGluZV9hY2Nlc3MmdG9rZW5fdXJsPWh0dHBzJTNhJTJmJTJmY29tbXVuaXR5Lm5hc2RhcS5jb20lM2E0NDMlMmZycHguYXNweGQCBQ8WAh8DBbgBaHR0cHM6Ly9jb21tdW5pdHktbG9naW4ubmFzZGFxLmNvbTo0NDMvb3BlbmlkL3N0YXJ0P29wZW5pZF9pZGVudGlmaWVyPWh0dHBzJTNhJTJmJTJmd3d3Lmdvb2dsZS5jb20lMmZhY2NvdW50cyUyZm84JTJmaWQlM2YmdG9rZW5fdXJsPWh0dHBzJTNhJTJmJTJmY29tbXVuaXR5Lm5hc2RhcS5jb20lM2E0NDMlMmZycHguYXNweGQCBw8WAh8DBXJodHRwczovL2NvbW11bml0eS1sb2dpbi5uYXNkYXEuY29tOjQ0My90d2l0dGVyL3N0YXJ0P3Rva2VuX3VybD1odHRwcyUzYSUyZiUyZmNvbW11bml0eS5uYXNkYXEuY29tJTNhNDQzJTJmcnB4LmFzcHhkAgkPFgIfAwWgAWh0dHBzOi8vY29tbXVuaXR5LWxvZ2luLm5hc2RhcS5jb206NDQzL29wZW5pZC9zdGFydD9vcGVuaWRfaWRlbnRpZmllcj1odHRwJTNhJTJmJTJmbWUueWFob28uY29tJTJmJnRva2VuX3VybD1odHRwcyUzYSUyZiUyZmNvbW11bml0eS5uYXNkYXEuY29tJTNhNDQzJTJmcnB4LmFzcHhkAgsPFgIfAwVzaHR0cHM6Ly9jb21tdW5pdHktbG9naW4ubmFzZGFxLmNvbTo0NDMvbGlua2VkaW4vc3RhcnQ/dG9rZW5fdXJsPWh0dHBzJTNhJTJmJTJmY29tbXVuaXR5Lm5hc2RhcS5jb20lM2E0NDMlMmZycHguYXNweGQYAQUeX19Db250cm9sc1JlcXVpcmVQb3N0QmFja0tleV9fFgIFIk5BU0RBUVJlZ2lzdHJhdGlvbjEkY2hrQWNjZXB0VGVybXMFHU5BU0RBUVJlZ2lzdHJhdGlvbjEkY2hrU2lnbnVwqwOZpiojmA1LcHpXWLCma42kIy0= |
| __EVENTVALIDATION | POST | /wEWEALV/YvCAwL0mp3KBgKaibzYCAKWi8fhDwLr95C5BwLVkbeADQKk8vC/DAKXtK SBgL3uJfYCQL4udOXCQLHjdnqBQKd7P/tCQLKosSICAL61MiUCgLukuV0ArinjJwKNgPTf294OgSI4ZWDbKWl9 wTMyI= |
| NASDAQRegistration1$hPassportGuid | POST | 3 |
| NASDAQRegistration1$hFirstName | POST | Ronald Smith |
| NASDAQRegistration1$hLastName | POST | Ronald Smith |
| NASDAQRegistration1$email | POST | netsparker@example.com |
| NASDAQRegistration1$confirmEmail | POST | netsparker@example.com |
| NASDAQRegistration1$Password | POST | SET /A 0xFFF9999-2 & |
| NASDAQRegistration1$ConfirmPassword | POST | 3 |
| NASDAQRegistration1$UserName | POST | Ronald Smith |
| NASDAQRegistration1$chkAcceptTerms | POST | on |
| NASDAQRegistration1$chkSignup | POST | on |
| openidurl | POST | 3 |
| aolScreenname | POST | Ronald Smith |
Identified Cookie
ecm
Request
POST /register.aspx HTTP/1.1
Referer: https://community.nasdaq.com/register.aspx
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: community.nasdaq.com
Content-Length: 2293
Accept-Encoding: gzip, deflate
__EVENTTARGET=3&__EVENTARGUMENT=3&__VIEWSTATE=%2fwEPDwUKLTM2Mjk5NTE5Ng9kFgICAxBkZBYMAgEPZBYEAgcPDxYCHgdWaXNpYmxlaGRkAhkPDxYEHhRWYWxpZGF0aW9uRXhwcmVzc2lvbgURXlteIAknIiUjXXs2LDEyfSQeBFRleHQFjgFQYXNzd29yZCBtdXN0IGJlIGF0IGxlYXN0IDYgY2hhcmFjdGVycyBpbiBsZW5ndGggYW5kIG1heSBub3QgY29udGFpbiBzcGFjZXMsIHRhYnMsIHNpbmdsZSBxdW90ZXMsIGRvdWJsZSBxdW90ZXMsIHBlcmNlbnQgc2lnbnMgb3IgcG91bmQgc2lnbnMuZGQCAw8WAh4EaHJlZgWoAWh0dHBzOi8vY29tbXVuaXR5LWxvZ2luLm5hc2RhcS5jb206NDQzL2ZhY2Vib29rL2Nvbm5lY3Rfc3RhcnQ%2fZXh0X3Blcm09cHVibGlzaF9zdHJlYW0sZW1haWwsb2ZmbGluZV9hY2Nlc3MmdG9rZW5fdXJsPWh0dHBzJTNhJTJmJTJmY29tbXVuaXR5Lm5hc2RhcS5jb20lM2E0NDMlMmZycHguYXNweGQCBQ8WAh8DBbgBaHR0cHM6Ly9jb21tdW5pdHktbG9naW4ubmFzZGFxLmNvbTo0NDMvb3BlbmlkL3N0YXJ0P29wZW5pZF9pZGVudGlmaWVyPWh0dHBzJTNhJTJmJTJmd3d3Lmdvb2dsZS5jb20lMmZhY2NvdW50cyUyZm84JTJmaWQlM2YmdG9rZW5fdXJsPWh0dHBzJTNhJTJmJTJmY29tbXVuaXR5Lm5hc2RhcS5jb20lM2E0NDMlMmZycHguYXNweGQCBw8WAh8DBXJodHRwczovL2NvbW11bml0eS1sb2dpbi5uYXNkYXEuY29tOjQ0My90d2l0dGVyL3N0YXJ0P3Rva2VuX3VybD1odHRwcyUzYSUyZiUyZmNvbW11bml0eS5uYXNkYXEuY29tJTNhNDQzJTJmcnB4LmFzcHhkAgkPFgIfAwWgAWh0dHBzOi8vY29tbXVuaXR5LWxvZ2luLm5hc2RhcS5jb206NDQzL29wZW5pZC9zdGFydD9vcGVuaWRfaWRlbnRpZmllcj1odHRwJTNhJTJmJTJmbWUueWFob28uY29tJTJmJnRva2VuX3VybD1odHRwcyUzYSUyZiUyZmNvbW11bml0eS5uYXNkYXEuY29tJTNhNDQzJTJmcnB4LmFzcHhkAgsPFgIfAwVzaHR0cHM6Ly9jb21tdW5pdHktbG9naW4ubmFzZGFxLmNvbTo0NDMvbGlua2VkaW4vc3RhcnQ%2fdG9rZW5fdXJsPWh0dHBzJTNhJTJmJTJmY29tbXVuaXR5Lm5hc2RhcS5jb20lM2E0NDMlMmZycHguYXNweGQYAQUeX19Db250cm9sc1JlcXVpcmVQb3N0QmFja0tleV9fFgIFIk5BU0RBUVJlZ2lzdHJhdGlvbjEkY2hrQWNjZXB0VGVybXMFHU5BU0RBUVJlZ2lzdHJhdGlvbjEkY2hrU2lnbnVwqwOZpiojmA1LcHpXWLCma42kIy0%3d&__EVENTVALIDATION=%2fwEWEALV%2fYvCAwL0mp3KBgKaibzYCAKWi8fhDwLr95C5BwLVkbeADQKk8vC%2fDAKXtK%2bSBgL3uJfYCQL4udOXCQLHjdnqBQKd7P%2ftCQLKosSICAL61MiUCgLukuV0ArinjJwKNgPTf294OgSI4ZWDbKWl9%2bwTMyI%3d&NASDAQRegistration1$hPassportGuid=3&NASDAQRegistration1$hFirstName=Ronald+Smith&NASDAQRegistration1$hLastName=Ronald+Smith&NASDAQRegistration1$email=netsparker%40example.com&NASDAQRegistration1$confirmEmail=netsparker%40example.com&NASDAQRegistration1$Password=SET%20%2FA%200xFFF9999-2%20%26&NASDAQRegistration1$ConfirmPassword=3&NASDAQRegistration1$UserName=Ronald+Smith&NASDAQRegistration1$chkAcceptTerms=on&NASDAQRegistration1$chkSignup=on&openidurl=3&aolScreenname=Ronald+Smith
Referer: https://community.nasdaq.com/register.aspx
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: community.nasdaq.com
Content-Length: 2293
Accept-Encoding: gzip, deflate
__EVENTTARGET=3&__EVENTARGUMENT=3&__VIEWSTATE=%2fwEPDwUKLTM2Mjk5NTE5Ng9kFgICAxBkZBYMAgEPZBYEAgcPDxYCHgdWaXNpYmxlaGRkAhkPDxYEHhRWYWxpZGF0aW9uRXhwcmVzc2lvbgURXlteIAknIiUjXXs2LDEyfSQeBFRleHQFjgFQYXNzd29yZCBtdXN0IGJlIGF0IGxlYXN0IDYgY2hhcmFjdGVycyBpbiBsZW5ndGggYW5kIG1heSBub3QgY29udGFpbiBzcGFjZXMsIHRhYnMsIHNpbmdsZSBxdW90ZXMsIGRvdWJsZSBxdW90ZXMsIHBlcmNlbnQgc2lnbnMgb3IgcG91bmQgc2lnbnMuZGQCAw8WAh4EaHJlZgWoAWh0dHBzOi8vY29tbXVuaXR5LWxvZ2luLm5hc2RhcS5jb206NDQzL2ZhY2Vib29rL2Nvbm5lY3Rfc3RhcnQ%2fZXh0X3Blcm09cHVibGlzaF9zdHJlYW0sZW1haWwsb2ZmbGluZV9hY2Nlc3MmdG9rZW5fdXJsPWh0dHBzJTNhJTJmJTJmY29tbXVuaXR5Lm5hc2RhcS5jb20lM2E0NDMlMmZycHguYXNweGQCBQ8WAh8DBbgBaHR0cHM6Ly9jb21tdW5pdHktbG9naW4ubmFzZGFxLmNvbTo0NDMvb3BlbmlkL3N0YXJ0P29wZW5pZF9pZGVudGlmaWVyPWh0dHBzJTNhJTJmJTJmd3d3Lmdvb2dsZS5jb20lMmZhY2NvdW50cyUyZm84JTJmaWQlM2YmdG9rZW5fdXJsPWh0dHBzJTNhJTJmJTJmY29tbXVuaXR5Lm5hc2RhcS5jb20lM2E0NDMlMmZycHguYXNweGQCBw8WAh8DBXJodHRwczovL2NvbW11bml0eS1sb2dpbi5uYXNkYXEuY29tOjQ0My90d2l0dGVyL3N0YXJ0P3Rva2VuX3VybD1odHRwcyUzYSUyZiUyZmNvbW11bml0eS5uYXNkYXEuY29tJTNhNDQzJTJmcnB4LmFzcHhkAgkPFgIfAwWgAWh0dHBzOi8vY29tbXVuaXR5LWxvZ2luLm5hc2RhcS5jb206NDQzL29wZW5pZC9zdGFydD9vcGVuaWRfaWRlbnRpZmllcj1odHRwJTNhJTJmJTJmbWUueWFob28uY29tJTJmJnRva2VuX3VybD1odHRwcyUzYSUyZiUyZmNvbW11bml0eS5uYXNkYXEuY29tJTNhNDQzJTJmcnB4LmFzcHhkAgsPFgIfAwVzaHR0cHM6Ly9jb21tdW5pdHktbG9naW4ubmFzZGFxLmNvbTo0NDMvbGlua2VkaW4vc3RhcnQ%2fdG9rZW5fdXJsPWh0dHBzJTNhJTJmJTJmY29tbXVuaXR5Lm5hc2RhcS5jb20lM2E0NDMlMmZycHguYXNweGQYAQUeX19Db250cm9sc1JlcXVpcmVQb3N0QmFja0tleV9fFgIFIk5BU0RBUVJlZ2lzdHJhdGlvbjEkY2hrQWNjZXB0VGVybXMFHU5BU0RBUVJlZ2lzdHJhdGlvbjEkY2hrU2lnbnVwqwOZpiojmA1LcHpXWLCma42kIy0%3d&__EVENTVALIDATION=%2fwEWEALV%2fYvCAwL0mp3KBgKaibzYCAKWi8fhDwLr95C5BwLVkbeADQKk8vC%2fDAKXtK%2bSBgL3uJfYCQL4udOXCQLHjdnqBQKd7P%2ftCQLKosSICAL61MiUCgLukuV0ArinjJwKNgPTf294OgSI4ZWDbKWl9%2bwTMyI%3d&NASDAQRegistration1$hPassportGuid=3&NASDAQRegistration1$hFirstName=Ronald+Smith&NASDAQRegistration1$hLastName=Ronald+Smith&NASDAQRegistration1$email=netsparker%40example.com&NASDAQRegistration1$confirmEmail=netsparker%40example.com&NASDAQRegistration1$Password=SET%20%2FA%200xFFF9999-2%20%26&NASDAQRegistration1$ConfirmPassword=3&NASDAQRegistration1$UserName=Ronald+Smith&NASDAQRegistration1$chkAcceptTerms=on&NASDAQRegistration1$chkSignup=on&openidurl=3&aolScreenname=Ronald+Smith
Response
HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: ecm=user_id=0&isMembershipUser=0&site_id=&username=&new_site=/&unique_id=0&site_preview=0&langvalue=0&DefaultLanguage=1033&NavLanguage=1033&LastValidLanguageID=1033&DefaultCurrency=840&SiteCurrency=840&ContType=&UserCulture=1033&dm=community.nasdaq.com&SiteLanguage=1033; path=/,EktGUID=859d2849-b73c-4ad2-94d7-e4eff9887ddc; expires=Mon, 13-Feb-2012 01:59:43 GMT; path=/,EkAnalytics=newuser; expires=Mon, 13-Feb-2012 01:59:43 GMT; path=/,ASP.NET_SessionId=euheixapcjw1ka55lqkhjh45; path=/; HttpOnly
Date: Sun, 13 Feb 2011 01:59:42 GMT
Content-Length: 30786
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="Head1"><title>
Welcome to the NASDAQ Community!
</title><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><link rel="shortcut icon" href="https://www.nasdaq.com/images/qfav.ico" type="image/ico" /><link rel="icon" href="https://www.nasdaq.com/images/qfav.ico" type="image/x-icon" /><link rel="shortcut icon" href="https://www.nasdaq.com/images/qfav.ico" type="image/x-icon" />
<!--[if gte IE 6]><!-->
<!--
<link rel="stylesheet" type="text/css" href="https://www.nasdaq.com/includes/community_header.css" media="screen, projection" /><link rel="stylesheet" type="text/css" href="https://www.nasdaq.com/includes/community_footer.css" media="screen, projection" />
-->
<link rel="stylesheet" type="text/css" href="/common/styles/general.css" media="screen, projection" />
<!-- <![endif]-->
<!--[if IE 7]><link rel="stylesheet" type="text/css" media="screen, projection" href="/common/styles/ie7.css" /><![endif]-->
<!--[if IE 6]><link rel="stylesheet" type="text/css" media="screen, projection" href="/common/styles/ie6.css" /><![endif]-->
<link rel="stylesheet" type="text/css" href="/common/styles/print.css" media="print" />
<script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.1/jquery.min.js"></script>
<script type="text/javascript" src="/common/scripts/jquery.qtip.js"></script>
<script type="text/javascript" src="/common/scripts/actions.js"></script>
<script type="text/javascript" src="/common/scripts/jquery-ui-core.js"></script>
<script type="text/javascript" src="/common/scripts/jquery-blockui.js"></script>
<script type="text/javascript">
//<![CDATA[
myPage = 'register1';
sectionId = 'liHome'; //section tab
breadCrumbId = 'Li1'; //page
is_dartSite = "home";
is_dartZone = "home6";
propVar = "NASDAQ Community";
propVar2 = "Registration";
propVar15 = "Community";
googlehints = "stock market, stock investment, trading account, real time stock quotes, investment advice, best investments, mutual funds, portfolio tracking, Stock trading, Personal Finance, Nasdaq stocks, interest rates, Forex trading, equity trading, Pre-market quotes, after hours trading, Business news, company profiles, technology news, Nasdaq companies, online stock";
//]]>
</script>
<script type="text/javascript">
function passwordStrength(password) {
var desc = new Array();
desc[0] = "Very Weak";
desc[1] = "Weak";
desc[2] = "Better";
desc[3] = "Medium";
desc[4] = "Strong";
desc[5] = "Strongest";
var score = 0;
//if password bigger than 6 give 1 point
if (password.length > 6) score++;
//if password has both lower and uppercase characters give 1 point
if ( ( password.match(/[a-z]/) ) && ( password.match(/[A-Z]/) ) ) score++;
//if password has at least one number give 1 point
if (password.match(/\d+/)) score++;
//if password has at least one special caracther give 1 point
if ( password.match(/.[!,@,#,$,%,^,&,*,?,_,~,-,(,)]/) ) score++;
//if password bigger than 12 give another 1 point
if (password.length > 12) score++;
// document.getElementById("passwordDescription").innerHTML = desc[score];
// document.getElementById("passwordStrength").className = "strength" + score;
$('#passwordStrength').attr("class", "strength" + score);
document.getElementById("passwordStrength").innerHTML = desc[score];
}
</script>
<style type="text/css">
#passwordStrength {
display:block;
float:left;
font-size:11px;
font-weight:bold;
height:22px;
margin-top:-1px;
padding-top:3px;
text-align:center;
-webkit-border-bottom-right-radius: 3px;
-webkit-border-bottom-left-radius: 3px;
-moz-border-radius-bottomright: 3px;
-moz-border-radius-bottomleft: 3px;
border-bottom-right-radius: 3px;
border-bottom-left-radius: 3px;
}
.strength0 { width:175px; background:url('/common/images/strength0.png') repeat-x; color:#333; }
.strength1 { width:175px; background:url('/common/images/strength1.png') repeat-x; color:#f7f7f7; }
.strength2 { width:175px; background:url('/common/images/strength2.png') repeat-x; color:#f7f7f7;}
.strength3 { width:175px; background:url('/common/images/strength3.png') repeat-x; color:#f7f7f7;}
.strength4 { width:175px; background:url('/common/images/strength4.png') repeat-x; color:#f7f7f7; }
.strength5 { width:175px; background:url('/common/images/strength5.png') repeat-x; color:#f7f7f7; }
#widget, #view {
margin:0 !important;
}
.error {
font-size:10px;
font-weight:bold;
color: #e64040;
padding-left:6px;
}
.errorSummary {
background: #fff1f1;
border:1px solid #fcd4d4;
color: #e64040;
font-weight: bold;
}
fieldset {
margin-bottom: 10px;
margin-top:10px;
}
legend {
padding: 0 2px;
font-weight: bold;
}
label {
display: inline-block;
line-height: 1.8;
vertical-align: top;
}
fieldset ol {
margin: 0;
padding: 0;
}
fieldset li {
list-style: none;
padding: 5px;
margin: 0;
width:250px;
*width:225px;
}
fieldset fieldset {
border: none;
margin: 3px 0 0;
}
fieldset fieldset legend {
padding: 0 0 5px;
font-weight: normal;
}
fieldset fieldset label {
display: block;
width: auto;
}
em {
font-weight: bold;
font-style: normal;
color: #f00;
}
label {
width: 170px; /* Width of labels */
text-shadow:0 1px #FFFFFF;
}
fieldset fieldset label {
margin-left: 123px; /* Width plus 3 (html space) */
}
input#NASDAQRegistration1_email:focus, input#NASDAQRegistration1_Password:focus,
input#NASDAQRegistration1_ConfirmPassword:focus, input#NASDAQRegistration1_UserName:focus,
input#NASDAQRegistration1_chkAcceptTerms:focus, input#NASDAQRegistration1_chkSignup:focus,
input#NASDAQRegistration1_confirmEmail:focus
{
border:1px solid #7e8388 !important;
}
input#NASDAQRegistration1_email, input#NASDAQRegistration1_Password,
input#NASDAQRegistration1_ConfirmPassword, input#NASDAQRegistration1_UserName,
input#NASDAQRegistration1_chkAcceptTerms, input#NASDAQRegistration1_chkSignup,
input#NASDAQRegistration1_confirmEmail
{
padding: 5px;
-moz-box-shadow:0 1px 1px #DDDDDD inset;
-webkit-box-shadow:0 1px 1px #DDDDDD inset;
-webkit-border-radius: 3px;
-moz-border-radius: 3px;
border-radius: 3px;
}
ul#providers {
float:left;
margin:12px 0 13px 20px;
}
ul#providers a { text-decoration: none; outline:none; }
ul#providers a:hover { font-weight:bold; outline:none; }
ul#providers a:active { position:relative; top:1px; outline;none; }
ul#providers li {
float:left;
font-size:12px;
padding:3px 3px 0;
width:120px;
}
p.label_checkbox_pair {
clear: both;
float: none;
position: relative;
}
p.label_checkbox_pair input {
left: 80px;
position: absolute;
top: 1px;
}
p.label_checkbox_pair label {
display: block;
margin-left: 90px;
width: 200px;
}
</style>
</head>
<body>
<div id="wrapper" class="commlogin" style="width: 680px;margin:0px auto 0">
<form name="form1" method="post" action="/register.aspx" onsubmit="javascript:return WebForm_OnSubmit();" id="form1">
<div>
<input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
<input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTM2Mjk5NTE5Ng9kFgICAxBkZBYMAgEPZBYEAgcPDxYCHgdWaXNpYmxlaGRkAhkPDxYEHhRWYWxpZGF0aW9uRXhwcmVzc2lvbgURXlteIAknIiUjXXs2LDEyfSQeBFRleHQFjgFQYXNzd29yZCBtdXN0IGJlIGF0IGxlYXN0IDYgY2hhcmFjdGVycyBpbiBsZW5ndGggYW5kIG1heSBub3QgY29udGFpbiBzcGFjZXMsIHRhYnMsIHNpbmdsZSBxdW90ZXMsIGRvdWJsZSBxdW90ZXMsIHBlcmNlbnQgc2lnbnMgb3IgcG91bmQgc2lnbnMuZGQCAw8WAh4EaHJlZgWoAWh0dHBzOi8vY29tbXVuaXR5LWxvZ2luLm5hc2RhcS5jb206NDQzL2ZhY2Vib29rL2Nvbm5lY3Rfc3RhcnQ/ZXh0X3Blcm09cHVibGlzaF9zdHJlYW0sZW1haWwsb2ZmbGluZV9hY2Nlc3MmdG9rZW5fdXJsPWh0dHBzJTNhJTJmJTJmY29tbXVuaXR5Lm5hc2RhcS5jb20lM2E0NDMlMmZycHguYXNweGQCBQ8WAh8DBbgBaHR0cHM6Ly9jb21tdW5pdHktbG9naW4ubmFzZGFxLmNvbTo0NDMvb3BlbmlkL3N0YXJ0P29wZW5pZF9pZGVudGlmaWVyPWh0dHBzJTNhJTJmJTJmd3d3Lmdvb2dsZS5jb20lMmZhY2NvdW50cyUyZm84JTJmaWQlM2YmdG9rZW5fdXJsPWh0dHBzJTNhJTJmJTJmY29tbXVuaXR5Lm5hc2RhcS5jb20lM2E0NDMlMmZycHguYXNweGQCBw8WAh8DBXJodHRwczovL2NvbW11bml0eS1sb2dpbi5uYXNkYXEuY29tOjQ0My90d2l0dGVyL3N0YXJ0P3Rva2VuX3VybD1odHRwcyUzYSUyZiUyZmNvbW11bml0eS5uYXNkYXEuY29tJTNhNDQzJTJmcnB4LmFzcHhkAgkPFgIfAwWgAWh0dHBzOi8vY29tbXVuaXR5LWxvZ2luLm5hc2RhcS5jb206NDQzL29wZW5pZC9zdGFydD9vcGVuaWRfaWRlbnRpZmllcj1odHRwJTNhJTJmJTJmbWUueWFob28uY29tJTJmJnRva2VuX3VybD1odHRwcyUzYSUyZiUyZmNvbW11bml0eS5uYXNkYXEuY29tJTNhNDQzJTJmcnB4LmFzcHhkAgsPFgIfAwVzaHR0cHM6Ly9jb21tdW5pdHktbG9naW4ubmFzZGFxLmNvbTo0NDMvbGlua2VkaW4vc3RhcnQ/dG9rZW5fdXJsPWh0dHBzJTNhJTJmJTJmY29tbXVuaXR5Lm5hc2RhcS5jb20lM2E0NDMlMmZycHguYXNweGQYAQUeX19Db250cm9sc1JlcXVpcmVQb3N0QmFja0tleV9fFgIFIk5BU0RBUVJlZ2lzdHJhdGlvbjEkY2hrQWNjZXB0VGVybXMFHU5BU0RBUVJlZ2lzdHJhdGlvbjEkY2hrU2lnbnVwqwOZpiojmA1LcHpXWLCma42kIy0=" />
</div>
<script type="text/javascript">
//<![CDATA[
var theForm = document.forms['form1'];
if (!theForm) {
theForm = document.form1;
}
function __doPostBack(eventTarget, eventArgument) {
if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
theForm.__EVENTTARGET.value = eventTarget;
theForm.__EVENTARGUMENT.value = eventArgument;
theForm.submit();
}
}
//]]>
</script>
<script src="/WebResource.axd?d=9bfn5OaxVg0iI3gTzeAwWZV-6B2T2CIMpJdYjzQ6zPEmUyTvpTqqpbUnP9p8EbeXXOaFVNo1tBaRFTIwPmnTYAhsEKc1&t=634210220576316535" type="text/javascript"></script>
<script src="/WebResource.axd?d=DrXWA32NSi4v0wPod4A9g6qxXOVeiTyn7TSc6VWkZG93PyHJLpg91lB3YIv0UCeueI2CFYn7JGwrFEt6aRyNqoaFYEc1&t=634210220576316535" type="text/javascript"></script>
<script type="text/javascript">
//<![CDATA[
function WebForm_OnSubmit() {
if (typeof(ValidatorOnSubmit) == "function" && ValidatorOnSubmit() == false) return false;
return true;
}
//]]>
</script>
<div>
<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWEALV/YvCAwL0mp3KBgKaibzYCAKWi8fhDwLr95C5BwLVkbeADQKk8vC/DAKXtK+SBgL3uJfYCQL4udOXCQLHjdnqBQKd7P/tCQLKosSICAL61MiUCgLukuV0ArinjJwKNgPTf294OgSI4ZWDbKWl9+wTMyI=" />
</div>
<div id="leftColMed" style="height:737px; *height:752px;">
<div id="loginBox" class="clearfix" style="height:690px;">
<div id="commloginheader">
</div>
<div id="loginHeader" style="background:none repeat scroll 0 0 #F5FAF9;border-bottom:1px dotted #CCCCCC;float:left;height:30px;margin:0 5px 0;width:665px; *border-bottom:none; *margin-left:5px; _margin-left:2px;">
<h1 style="color:#1E4E6A;margin-bottom:0;padding-left:9px;padding-top:5px;width:655px;">
Join the Community. It's Free!<span style="color:#000000;font-size:12px;font-weight:bold;padding-left:185px;padding-top:5px;">Already a member? <a href="https://community.nasdaq.com/login.aspx">Sign In</a></span>
</h1>
</div>
<div id="leftSide" style="width:310px;height:533px; *height:588px; padding-right:5px;padding-top:20px; *padding-right:0px;">
<style type="text/css">
#score { color: #000; text-align: center; width: 100px; font-weight: bold; background-image: url(/common/images/bg_strength_gradient.jpg); background-repeat: no-repeat; background-position: 0 0; }
#scorebarBorder { overflow: hidden; background: #333; border: 1px #000 solid; margin-bottom: 2px; width: 100px; margin-left: 5px; }
</style>
<input type="hidden" name="NASDAQRegistration1$hPassportGuid" id="NASDAQRegistration1_hPassportGuid" value="3" />
<input type="hidden" name="NASDAQRegistration1$hFirstName" id="NASDAQRegistration1_hFirstName" value="Ronald Smith" />
<input type="hidden" name="NASDAQRegistration1$hLastName" id="NASDAQRegistration1_hLastName" value="Ronald Smith" />
<h4>Register Today</h4>
<p style="margin-bottom:10px;">Please provide the following brief information to begin enjoying all that the NASDAQ Community has to offer.</p>
<span id="NASDAQRegistration1_lblUserNameError" style="color:Red;"></span>
<fielset>
<ol>
<!-- email address -->
<li style="padding-bottom:5px;">
<label for="email" style="width:160px;">Your current email address:</label>
<input name="NASDAQRegistration1$email" type="text" value="netsparker@example.com" id="NASDAQRegistration1_email" autocomplete="off" />
<br />
<span id="NASDAQRegistration1_emailFormatValidator" class="loginError" style="color:Red;display:none;">Please enter a valid email address in the form (name)@(domain).(extension)</span>
<span id="NASDAQRegistration1_emailPresentValidator" class="loginError" style="color:Red;display:none;">An email address is required</span>
</li>
<!-- confirm email address -->
<li style="padding-bottom:5px;">
<label for="confirmemail" style="width:160px;">Confirm Email:</label>
<input name="NASDAQRegistration1$confirmEmail" type="text" value="netsparker@example.com" id="NASDAQRegistration1_confirmEmail" autocomplete="off" />
<br />
<span id="NASDAQRegistration1_confirmEmailPresentValidator" class="loginError" style="color:Red;display:none;">Confirmation of email address is required</span>
<span id="NASDAQRegistration1_emailComparisonValidator" class="loginError" style="color:Red;visibility:hidden;">Email and Confirm email must match</span>
</li>
<!-- choose password -->
<li>
<label for="Password" style="width:160px;">Choose a Password:</label>
<input name="NASDAQRegistration1$Password" type="password" id="NASDAQRegistration1_Password" autocomplete="off" onkeyup="passwordStrength(this.value);" onblur="passwordStrength(this.value)" onchange="passwordStrength(this.value)" onfocus="passwordStrength(this.value)" />
<div id="passwordStrength" class="strength0"></div>
<span id="NASDAQRegistration1_passwordValidator" class="loginError" style="color:Red;display:none;">Password is required</span>
</li>
<!-- confirm password -->
<li>
<label for="ConfirmPassword" style="width:160px;">Confirm Password:</label>
<input name="NASDAQRegistration1$ConfirmPassword" type="password" id="NASDAQRegistration1_ConfirmPassword" autocomplete="off" />
<br />
<span id="NASDAQRegistration1_confirmPasswordValidator" class="loginError" style="color:Red;visibility:hidden;">Confirm Password is required</span>
<span id="NASDAQRegistration1_passwordComparisonValidator" class="loginError" style="color:Red;visibility:hidden;">Passwor..
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: ecm=user_id=0&isMembershipUser=0&site_id=&username=&new_site=/&unique_id=0&site_preview=0&langvalue=0&DefaultLanguage=1033&NavLanguage=1033&LastValidLanguageID=1033&DefaultCurrency=840&SiteCurrency=840&ContType=&UserCulture=1033&dm=community.nasdaq.com&SiteLanguage=1033; path=/,EktGUID=859d2849-b73c-4ad2-94d7-e4eff9887ddc; expires=Mon, 13-Feb-2012 01:59:43 GMT; path=/,EkAnalytics=newuser; expires=Mon, 13-Feb-2012 01:59:43 GMT; path=/,ASP.NET_SessionId=euheixapcjw1ka55lqkhjh45; path=/; HttpOnly
Date: Sun, 13 Feb 2011 01:59:42 GMT
Content-Length: 30786
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="Head1"><title>
Welcome to the NASDAQ Community!
</title><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><link rel="shortcut icon" href="https://www.nasdaq.com/images/qfav.ico" type="image/ico" /><link rel="icon" href="https://www.nasdaq.com/images/qfav.ico" type="image/x-icon" /><link rel="shortcut icon" href="https://www.nasdaq.com/images/qfav.ico" type="image/x-icon" />
<!--[if gte IE 6]><!-->
<!--
<link rel="stylesheet" type="text/css" href="https://www.nasdaq.com/includes/community_header.css" media="screen, projection" /><link rel="stylesheet" type="text/css" href="https://www.nasdaq.com/includes/community_footer.css" media="screen, projection" />
-->
<link rel="stylesheet" type="text/css" href="/common/styles/general.css" media="screen, projection" />
<!-- <![endif]-->
<!--[if IE 7]><link rel="stylesheet" type="text/css" media="screen, projection" href="/common/styles/ie7.css" /><![endif]-->
<!--[if IE 6]><link rel="stylesheet" type="text/css" media="screen, projection" href="/common/styles/ie6.css" /><![endif]-->
<link rel="stylesheet" type="text/css" href="/common/styles/print.css" media="print" />
<script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.1/jquery.min.js"></script>
<script type="text/javascript" src="/common/scripts/jquery.qtip.js"></script>
<script type="text/javascript" src="/common/scripts/actions.js"></script>
<script type="text/javascript" src="/common/scripts/jquery-ui-core.js"></script>
<script type="text/javascript" src="/common/scripts/jquery-blockui.js"></script>
<script type="text/javascript">
//<![CDATA[
myPage = 'register1';
sectionId = 'liHome'; //section tab
breadCrumbId = 'Li1'; //page
is_dartSite = "home";
is_dartZone = "home6";
propVar = "NASDAQ Community";
propVar2 = "Registration";
propVar15 = "Community";
googlehints = "stock market, stock investment, trading account, real time stock quotes, investment advice, best investments, mutual funds, portfolio tracking, Stock trading, Personal Finance, Nasdaq stocks, interest rates, Forex trading, equity trading, Pre-market quotes, after hours trading, Business news, company profiles, technology news, Nasdaq companies, online stock";
//]]>
</script>
<script type="text/javascript">
function passwordStrength(password) {
var desc = new Array();
desc[0] = "Very Weak";
desc[1] = "Weak";
desc[2] = "Better";
desc[3] = "Medium";
desc[4] = "Strong";
desc[5] = "Strongest";
var score = 0;
//if password bigger than 6 give 1 point
if (password.length > 6) score++;
//if password has both lower and uppercase characters give 1 point
if ( ( password.match(/[a-z]/) ) && ( password.match(/[A-Z]/) ) ) score++;
//if password has at least one number give 1 point
if (password.match(/\d+/)) score++;
//if password has at least one special caracther give 1 point
if ( password.match(/.[!,@,#,$,%,^,&,*,?,_,~,-,(,)]/) ) score++;
//if password bigger than 12 give another 1 point
if (password.length > 12) score++;
// document.getElementById("passwordDescription").innerHTML = desc[score];
// document.getElementById("passwordStrength").className = "strength" + score;
$('#passwordStrength').attr("class", "strength" + score);
document.getElementById("passwordStrength").innerHTML = desc[score];
}
</script>
<style type="text/css">
#passwordStrength {
display:block;
float:left;
font-size:11px;
font-weight:bold;
height:22px;
margin-top:-1px;
padding-top:3px;
text-align:center;
-webkit-border-bottom-right-radius: 3px;
-webkit-border-bottom-left-radius: 3px;
-moz-border-radius-bottomright: 3px;
-moz-border-radius-bottomleft: 3px;
border-bottom-right-radius: 3px;
border-bottom-left-radius: 3px;
}
.strength0 { width:175px; background:url('/common/images/strength0.png') repeat-x; color:#333; }
.strength1 { width:175px; background:url('/common/images/strength1.png') repeat-x; color:#f7f7f7; }
.strength2 { width:175px; background:url('/common/images/strength2.png') repeat-x; color:#f7f7f7;}
.strength3 { width:175px; background:url('/common/images/strength3.png') repeat-x; color:#f7f7f7;}
.strength4 { width:175px; background:url('/common/images/strength4.png') repeat-x; color:#f7f7f7; }
.strength5 { width:175px; background:url('/common/images/strength5.png') repeat-x; color:#f7f7f7; }
#widget, #view {
margin:0 !important;
}
.error {
font-size:10px;
font-weight:bold;
color: #e64040;
padding-left:6px;
}
.errorSummary {
background: #fff1f1;
border:1px solid #fcd4d4;
color: #e64040;
font-weight: bold;
}
fieldset {
margin-bottom: 10px;
margin-top:10px;
}
legend {
padding: 0 2px;
font-weight: bold;
}
label {
display: inline-block;
line-height: 1.8;
vertical-align: top;
}
fieldset ol {
margin: 0;
padding: 0;
}
fieldset li {
list-style: none;
padding: 5px;
margin: 0;
width:250px;
*width:225px;
}
fieldset fieldset {
border: none;
margin: 3px 0 0;
}
fieldset fieldset legend {
padding: 0 0 5px;
font-weight: normal;
}
fieldset fieldset label {
display: block;
width: auto;
}
em {
font-weight: bold;
font-style: normal;
color: #f00;
}
label {
width: 170px; /* Width of labels */
text-shadow:0 1px #FFFFFF;
}
fieldset fieldset label {
margin-left: 123px; /* Width plus 3 (html space) */
}
input#NASDAQRegistration1_email:focus, input#NASDAQRegistration1_Password:focus,
input#NASDAQRegistration1_ConfirmPassword:focus, input#NASDAQRegistration1_UserName:focus,
input#NASDAQRegistration1_chkAcceptTerms:focus, input#NASDAQRegistration1_chkSignup:focus,
input#NASDAQRegistration1_confirmEmail:focus
{
border:1px solid #7e8388 !important;
}
input#NASDAQRegistration1_email, input#NASDAQRegistration1_Password,
input#NASDAQRegistration1_ConfirmPassword, input#NASDAQRegistration1_UserName,
input#NASDAQRegistration1_chkAcceptTerms, input#NASDAQRegistration1_chkSignup,
input#NASDAQRegistration1_confirmEmail
{
padding: 5px;
-moz-box-shadow:0 1px 1px #DDDDDD inset;
-webkit-box-shadow:0 1px 1px #DDDDDD inset;
-webkit-border-radius: 3px;
-moz-border-radius: 3px;
border-radius: 3px;
}
ul#providers {
float:left;
margin:12px 0 13px 20px;
}
ul#providers a { text-decoration: none; outline:none; }
ul#providers a:hover { font-weight:bold; outline:none; }
ul#providers a:active { position:relative; top:1px; outline;none; }
ul#providers li {
float:left;
font-size:12px;
padding:3px 3px 0;
width:120px;
}
p.label_checkbox_pair {
clear: both;
float: none;
position: relative;
}
p.label_checkbox_pair input {
left: 80px;
position: absolute;
top: 1px;
}
p.label_checkbox_pair label {
display: block;
margin-left: 90px;
width: 200px;
}
</style>
</head>
<body>
<div id="wrapper" class="commlogin" style="width: 680px;margin:0px auto 0">
<form name="form1" method="post" action="/register.aspx" onsubmit="javascript:return WebForm_OnSubmit();" id="form1">
<div>
<input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
<input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTM2Mjk5NTE5Ng9kFgICAxBkZBYMAgEPZBYEAgcPDxYCHgdWaXNpYmxlaGRkAhkPDxYEHhRWYWxpZGF0aW9uRXhwcmVzc2lvbgURXlteIAknIiUjXXs2LDEyfSQeBFRleHQFjgFQYXNzd29yZCBtdXN0IGJlIGF0IGxlYXN0IDYgY2hhcmFjdGVycyBpbiBsZW5ndGggYW5kIG1heSBub3QgY29udGFpbiBzcGFjZXMsIHRhYnMsIHNpbmdsZSBxdW90ZXMsIGRvdWJsZSBxdW90ZXMsIHBlcmNlbnQgc2lnbnMgb3IgcG91bmQgc2lnbnMuZGQCAw8WAh4EaHJlZgWoAWh0dHBzOi8vY29tbXVuaXR5LWxvZ2luLm5hc2RhcS5jb206NDQzL2ZhY2Vib29rL2Nvbm5lY3Rfc3RhcnQ/ZXh0X3Blcm09cHVibGlzaF9zdHJlYW0sZW1haWwsb2ZmbGluZV9hY2Nlc3MmdG9rZW5fdXJsPWh0dHBzJTNhJTJmJTJmY29tbXVuaXR5Lm5hc2RhcS5jb20lM2E0NDMlMmZycHguYXNweGQCBQ8WAh8DBbgBaHR0cHM6Ly9jb21tdW5pdHktbG9naW4ubmFzZGFxLmNvbTo0NDMvb3BlbmlkL3N0YXJ0P29wZW5pZF9pZGVudGlmaWVyPWh0dHBzJTNhJTJmJTJmd3d3Lmdvb2dsZS5jb20lMmZhY2NvdW50cyUyZm84JTJmaWQlM2YmdG9rZW5fdXJsPWh0dHBzJTNhJTJmJTJmY29tbXVuaXR5Lm5hc2RhcS5jb20lM2E0NDMlMmZycHguYXNweGQCBw8WAh8DBXJodHRwczovL2NvbW11bml0eS1sb2dpbi5uYXNkYXEuY29tOjQ0My90d2l0dGVyL3N0YXJ0P3Rva2VuX3VybD1odHRwcyUzYSUyZiUyZmNvbW11bml0eS5uYXNkYXEuY29tJTNhNDQzJTJmcnB4LmFzcHhkAgkPFgIfAwWgAWh0dHBzOi8vY29tbXVuaXR5LWxvZ2luLm5hc2RhcS5jb206NDQzL29wZW5pZC9zdGFydD9vcGVuaWRfaWRlbnRpZmllcj1odHRwJTNhJTJmJTJmbWUueWFob28uY29tJTJmJnRva2VuX3VybD1odHRwcyUzYSUyZiUyZmNvbW11bml0eS5uYXNkYXEuY29tJTNhNDQzJTJmcnB4LmFzcHhkAgsPFgIfAwVzaHR0cHM6Ly9jb21tdW5pdHktbG9naW4ubmFzZGFxLmNvbTo0NDMvbGlua2VkaW4vc3RhcnQ/dG9rZW5fdXJsPWh0dHBzJTNhJTJmJTJmY29tbXVuaXR5Lm5hc2RhcS5jb20lM2E0NDMlMmZycHguYXNweGQYAQUeX19Db250cm9sc1JlcXVpcmVQb3N0QmFja0tleV9fFgIFIk5BU0RBUVJlZ2lzdHJhdGlvbjEkY2hrQWNjZXB0VGVybXMFHU5BU0RBUVJlZ2lzdHJhdGlvbjEkY2hrU2lnbnVwqwOZpiojmA1LcHpXWLCma42kIy0=" />
</div>
<script type="text/javascript">
//<![CDATA[
var theForm = document.forms['form1'];
if (!theForm) {
theForm = document.form1;
}
function __doPostBack(eventTarget, eventArgument) {
if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
theForm.__EVENTTARGET.value = eventTarget;
theForm.__EVENTARGUMENT.value = eventArgument;
theForm.submit();
}
}
//]]>
</script>
<script src="/WebResource.axd?d=9bfn5OaxVg0iI3gTzeAwWZV-6B2T2CIMpJdYjzQ6zPEmUyTvpTqqpbUnP9p8EbeXXOaFVNo1tBaRFTIwPmnTYAhsEKc1&t=634210220576316535" type="text/javascript"></script>
<script src="/WebResource.axd?d=DrXWA32NSi4v0wPod4A9g6qxXOVeiTyn7TSc6VWkZG93PyHJLpg91lB3YIv0UCeueI2CFYn7JGwrFEt6aRyNqoaFYEc1&t=634210220576316535" type="text/javascript"></script>
<script type="text/javascript">
//<![CDATA[
function WebForm_OnSubmit() {
if (typeof(ValidatorOnSubmit) == "function" && ValidatorOnSubmit() == false) return false;
return true;
}
//]]>
</script>
<div>
<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWEALV/YvCAwL0mp3KBgKaibzYCAKWi8fhDwLr95C5BwLVkbeADQKk8vC/DAKXtK+SBgL3uJfYCQL4udOXCQLHjdnqBQKd7P/tCQLKosSICAL61MiUCgLukuV0ArinjJwKNgPTf294OgSI4ZWDbKWl9+wTMyI=" />
</div>
<div id="leftColMed" style="height:737px; *height:752px;">
<div id="loginBox" class="clearfix" style="height:690px;">
<div id="commloginheader">
</div>
<div id="loginHeader" style="background:none repeat scroll 0 0 #F5FAF9;border-bottom:1px dotted #CCCCCC;float:left;height:30px;margin:0 5px 0;width:665px; *border-bottom:none; *margin-left:5px; _margin-left:2px;">
<h1 style="color:#1E4E6A;margin-bottom:0;padding-left:9px;padding-top:5px;width:655px;">
Join the Community. It's Free!<span style="color:#000000;font-size:12px;font-weight:bold;padding-left:185px;padding-top:5px;">Already a member? <a href="https://community.nasdaq.com/login.aspx">Sign In</a></span>
</h1>
</div>
<div id="leftSide" style="width:310px;height:533px; *height:588px; padding-right:5px;padding-top:20px; *padding-right:0px;">
<style type="text/css">
#score { color: #000; text-align: center; width: 100px; font-weight: bold; background-image: url(/common/images/bg_strength_gradient.jpg); background-repeat: no-repeat; background-position: 0 0; }
#scorebarBorder { overflow: hidden; background: #333; border: 1px #000 solid; margin-bottom: 2px; width: 100px; margin-left: 5px; }
</style>
<input type="hidden" name="NASDAQRegistration1$hPassportGuid" id="NASDAQRegistration1_hPassportGuid" value="3" />
<input type="hidden" name="NASDAQRegistration1$hFirstName" id="NASDAQRegistration1_hFirstName" value="Ronald Smith" />
<input type="hidden" name="NASDAQRegistration1$hLastName" id="NASDAQRegistration1_hLastName" value="Ronald Smith" />
<h4>Register Today</h4>
<p style="margin-bottom:10px;">Please provide the following brief information to begin enjoying all that the NASDAQ Community has to offer.</p>
<span id="NASDAQRegistration1_lblUserNameError" style="color:Red;"></span>
<fielset>
<ol>
<!-- email address -->
<li style="padding-bottom:5px;">
<label for="email" style="width:160px;">Your current email address:</label>
<input name="NASDAQRegistration1$email" type="text" value="netsparker@example.com" id="NASDAQRegistration1_email" autocomplete="off" />
<br />
<span id="NASDAQRegistration1_emailFormatValidator" class="loginError" style="color:Red;display:none;">Please enter a valid email address in the form (name)@(domain).(extension)</span>
<span id="NASDAQRegistration1_emailPresentValidator" class="loginError" style="color:Red;display:none;">An email address is required</span>
</li>
<!-- confirm email address -->
<li style="padding-bottom:5px;">
<label for="confirmemail" style="width:160px;">Confirm Email:</label>
<input name="NASDAQRegistration1$confirmEmail" type="text" value="netsparker@example.com" id="NASDAQRegistration1_confirmEmail" autocomplete="off" />
<br />
<span id="NASDAQRegistration1_confirmEmailPresentValidator" class="loginError" style="color:Red;display:none;">Confirmation of email address is required</span>
<span id="NASDAQRegistration1_emailComparisonValidator" class="loginError" style="color:Red;visibility:hidden;">Email and Confirm email must match</span>
</li>
<!-- choose password -->
<li>
<label for="Password" style="width:160px;">Choose a Password:</label>
<input name="NASDAQRegistration1$Password" type="password" id="NASDAQRegistration1_Password" autocomplete="off" onkeyup="passwordStrength(this.value);" onblur="passwordStrength(this.value)" onchange="passwordStrength(this.value)" onfocus="passwordStrength(this.value)" />
<div id="passwordStrength" class="strength0"></div>
<span id="NASDAQRegistration1_passwordValidator" class="loginError" style="color:Red;display:none;">Password is required</span>
</li>
<!-- confirm password -->
<li>
<label for="ConfirmPassword" style="width:160px;">Confirm Password:</label>
<input name="NASDAQRegistration1$ConfirmPassword" type="password" id="NASDAQRegistration1_ConfirmPassword" autocomplete="off" />
<br />
<span id="NASDAQRegistration1_confirmPasswordValidator" class="loginError" style="color:Red;visibility:hidden;">Confirm Password is required</span>
<span id="NASDAQRegistration1_passwordComparisonValidator" class="loginError" style="color:Red;visibility:hidden;">Passwor..
ViewState is not Encrypted
ViewState is not Encrypted
1
TOTAL
LOW
Netsparker identified that the target web application doesn't use encryption on ViewState data.
Impact
An attacker can study the application's state management logic for possible vulnerabilities and if your application stores application-critical information in the ViewState; it will also be revealed.
Remedy
ASP.NET provides encryption for ViewState parameters.
For page based protection, place the following directive at the top of affected page.
For page based protection, place the following directive at the top of affected page.
<%@Page ViewStateEncryptionMode="Always" %>You can also set this option for the whole application by using web.config files. Apply the following configuration for your application's web.config file.
<System.Web> <pages viewStateEncryptionMode="Always"> </System.Web>
Remedy References
|
- /register.aspx
/register.aspx |
ViewState Version
.NET Framework 2.x
Request
GET /register.aspx HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: community.nasdaq.com
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: community.nasdaq.com
Accept-Encoding: gzip, deflate
Response
HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: ecm=user_id=0&isMembershipUser=0&site_id=&username=&new_site=/&unique_id=0&site_preview=0&langvalue=0&DefaultLanguage=1033&NavLanguage=1033&LastValidLanguageID=1033&DefaultCurrency=840&SiteCurrency=840&ContType=&UserCulture=1033&dm=community.nasdaq.com&SiteLanguage=1033; path=/,EktGUID=f91787cb-3ce7-4a66-8483-52dc5cd10e17; expires=Mon, 13-Feb-2012 01:59:08 GMT; path=/,EkAnalytics=newuser; expires=Mon, 13-Feb-2012 01:59:08 GMT; path=/,ASP.NET_SessionId=w1p2zw3rxkpuhsmatxcglgix; path=/; HttpOnly
Date: Sun, 13 Feb 2011 01:59:07 GMT
Content-Length: 30584
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="Head1"><title>
Welcome to the NASDAQ Community!
</title><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><link rel="shortcut icon" href="https://www.nasdaq.com/images/qfav.ico" type="image/ico" /><link rel="icon" href="https://www.nasdaq.com/images/qfav.ico" type="image/x-icon" /><link rel="shortcut icon" href="https://www.nasdaq.com/images/qfav.ico" type="image/x-icon" />
<!--[if gte IE 6]><!-->
<!--
<link rel="stylesheet" type="text/css" href="https://www.nasdaq.com/includes/community_header.css" media="screen, projection" /><link rel="stylesheet" type="text/css" href="https://www.nasdaq.com/includes/community_footer.css" media="screen, projection" />
-->
<link rel="stylesheet" type="text/css" href="/common/styles/general.css" media="screen, projection" />
<!-- <![endif]-->
<!--[if IE 7]><link rel="stylesheet" type="text/css" media="screen, projection" href="/common/styles/ie7.css" /><![endif]-->
<!--[if IE 6]><link rel="stylesheet" type="text/css" media="screen, projection" href="/common/styles/ie6.css" /><![endif]-->
<link rel="stylesheet" type="text/css" href="/common/styles/print.css" media="print" />
<script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.1/jquery.min.js"></script>
<script type="text/javascript" src="/common/scripts/jquery.qtip.js"></script>
<script type="text/javascript" src="/common/scripts/actions.js"></script>
<script type="text/javascript" src="/common/scripts/jquery-ui-core.js"></script>
<script type="text/javascript" src="/common/scripts/jquery-blockui.js"></script>
<script type="text/javascript">
//<![CDATA[
myPage = 'register1';
sectionId = 'liHome'; //section tab
breadCrumbId = 'Li1'; //page
is_dartSite = "home";
is_dartZone = "home6";
propVar = "NASDAQ Community";
propVar2 = "Registration";
propVar15 = "Community";
googlehints = "stock market, stock investment, trading account, real time stock quotes, investment advice, best investments, mutual funds, portfolio tracking, Stock trading, Personal Finance, Nasdaq stocks, interest rates, Forex trading, equity trading, Pre-market quotes, after hours trading, Business news, company profiles, technology news, Nasdaq companies, online stock";
//]]>
</script>
<script type="text/javascript">
function passwordStrength(password) {
var desc = new Array();
desc[0] = "Very Weak";
desc[1] = "Weak";
desc[2] = "Better";
desc[3] = "Medium";
desc[4] = "Strong";
desc[5] = "Strongest";
var score = 0;
//if password bigger than 6 give 1 point
if (password.length > 6) score++;
//if password has both lower and uppercase characters give 1 point
if ( ( password.match(/[a-z]/) ) && ( password.match(/[A-Z]/) ) ) score++;
//if password has at least one number give 1 point
if (password.match(/\d+/)) score++;
//if password has at least one special caracther give 1 point
if ( password.match(/.[!,@,#,$,%,^,&,*,?,_,~,-,(,)]/) ) score++;
//if password bigger than 12 give another 1 point
if (password.length > 12) score++;
// document.getElementById("passwordDescription").innerHTML = desc[score];
// document.getElementById("passwordStrength").className = "strength" + score;
$('#passwordStrength').attr("class", "strength" + score);
document.getElementById("passwordStrength").innerHTML = desc[score];
}
</script>
<style type="text/css">
#passwordStrength {
display:block;
float:left;
font-size:11px;
font-weight:bold;
height:22px;
margin-top:-1px;
padding-top:3px;
text-align:center;
-webkit-border-bottom-right-radius: 3px;
-webkit-border-bottom-left-radius: 3px;
-moz-border-radius-bottomright: 3px;
-moz-border-radius-bottomleft: 3px;
border-bottom-right-radius: 3px;
border-bottom-left-radius: 3px;
}
.strength0 { width:175px; background:url('/common/images/strength0.png') repeat-x; color:#333; }
.strength1 { width:175px; background:url('/common/images/strength1.png') repeat-x; color:#f7f7f7; }
.strength2 { width:175px; background:url('/common/images/strength2.png') repeat-x; color:#f7f7f7;}
.strength3 { width:175px; background:url('/common/images/strength3.png') repeat-x; color:#f7f7f7;}
.strength4 { width:175px; background:url('/common/images/strength4.png') repeat-x; color:#f7f7f7; }
.strength5 { width:175px; background:url('/common/images/strength5.png') repeat-x; color:#f7f7f7; }
#widget, #view {
margin:0 !important;
}
.error {
font-size:10px;
font-weight:bold;
color: #e64040;
padding-left:6px;
}
.errorSummary {
background: #fff1f1;
border:1px solid #fcd4d4;
color: #e64040;
font-weight: bold;
}
fieldset {
margin-bottom: 10px;
margin-top:10px;
}
legend {
padding: 0 2px;
font-weight: bold;
}
label {
display: inline-block;
line-height: 1.8;
vertical-align: top;
}
fieldset ol {
margin: 0;
padding: 0;
}
fieldset li {
list-style: none;
padding: 5px;
margin: 0;
width:250px;
*width:225px;
}
fieldset fieldset {
border: none;
margin: 3px 0 0;
}
fieldset fieldset legend {
padding: 0 0 5px;
font-weight: normal;
}
fieldset fieldset label {
display: block;
width: auto;
}
em {
font-weight: bold;
font-style: normal;
color: #f00;
}
label {
width: 170px; /* Width of labels */
text-shadow:0 1px #FFFFFF;
}
fieldset fieldset label {
margin-left: 123px; /* Width plus 3 (html space) */
}
input#NASDAQRegistration1_email:focus, input#NASDAQRegistration1_Password:focus,
input#NASDAQRegistration1_ConfirmPassword:focus, input#NASDAQRegistration1_UserName:focus,
input#NASDAQRegistration1_chkAcceptTerms:focus, input#NASDAQRegistration1_chkSignup:focus,
input#NASDAQRegistration1_confirmEmail:focus
{
border:1px solid #7e8388 !important;
}
input#NASDAQRegistration1_email, input#NASDAQRegistration1_Password,
input#NASDAQRegistration1_ConfirmPassword, input#NASDAQRegistration1_UserName,
input#NASDAQRegistration1_chkAcceptTerms, input#NASDAQRegistration1_chkSignup,
input#NASDAQRegistration1_confirmEmail
{
padding: 5px;
-moz-box-shadow:0 1px 1px #DDDDDD inset;
-webkit-box-shadow:0 1px 1px #DDDDDD inset;
-webkit-border-radius: 3px;
-moz-border-radius: 3px;
border-radius: 3px;
}
ul#providers {
float:left;
margin:12px 0 13px 20px;
}
ul#providers a { text-decoration: none; outline:none; }
ul#providers a:hover { font-weight:bold; outline:none; }
ul#providers a:active { position:relative; top:1px; outline;none; }
ul#providers li {
float:left;
font-size:12px;
padding:3px 3px 0;
width:120px;
}
p.label_checkbox_pair {
clear: both;
float: none;
position: relative;
}
p.label_checkbox_pair input {
left: 80px;
position: absolute;
top: 1px;
}
p.label_checkbox_pair label {
display: block;
margin-left: 90px;
width: 200px;
}
</style>
</head>
<body>
<div id="wrapper" class="commlogin" style="width: 680px;margin:0px auto 0">
<form name="form1" method="post" action="/register.aspx" onsubmit="javascript:return WebForm_OnSubmit();" id="form1">
<div>
<input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
<input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTM2Mjk5NTE5Ng9kFgICAxBkZBYMAgEPZBYEAgcPDxYCHgdWaXNpYmxlaGRkAhkPDxYEHhRWYWxpZGF0aW9uRXhwcmVzc2lvbgURXlteIAknIiUjXXs2LDEyfSQeBFRleHQFjgFQYXNzd29yZCBtdXN0IGJlIGF0IGxlYXN0IDYgY2hhcmFjdGVycyBpbiBsZW5ndGggYW5kIG1heSBub3QgY29udGFpbiBzcGFjZXMsIHRhYnMsIHNpbmdsZSBxdW90ZXMsIGRvdWJsZSBxdW90ZXMsIHBlcmNlbnQgc2lnbnMgb3IgcG91bmQgc2lnbnMuZGQCAw8WAh4EaHJlZgWoAWh0dHBzOi8vY29tbXVuaXR5LWxvZ2luLm5hc2RhcS5jb206NDQzL2ZhY2Vib29rL2Nvbm5lY3Rfc3RhcnQ/ZXh0X3Blcm09cHVibGlzaF9zdHJlYW0sZW1haWwsb2ZmbGluZV9hY2Nlc3MmdG9rZW5fdXJsPWh0dHBzJTNhJTJmJTJmY29tbXVuaXR5Lm5hc2RhcS5jb20lM2E0NDMlMmZycHguYXNweGQCBQ8WAh8DBbgBaHR0cHM6Ly9jb21tdW5pdHktbG9naW4ubmFzZGFxLmNvbTo0NDMvb3BlbmlkL3N0YXJ0P29wZW5pZF9pZGVudGlmaWVyPWh0dHBzJTNhJTJmJTJmd3d3Lmdvb2dsZS5jb20lMmZhY2NvdW50cyUyZm84JTJmaWQlM2YmdG9rZW5fdXJsPWh0dHBzJTNhJTJmJTJmY29tbXVuaXR5Lm5hc2RhcS5jb20lM2E0NDMlMmZycHguYXNweGQCBw8WAh8DBXJodHRwczovL2NvbW11bml0eS1sb2dpbi5uYXNkYXEuY29tOjQ0My90d2l0dGVyL3N0YXJ0P3Rva2VuX3VybD1odHRwcyUzYSUyZiUyZmNvbW11bml0eS5uYXNkYXEuY29tJTNhNDQzJTJmcnB4LmFzcHhkAgkPFgIfAwWgAWh0dHBzOi8vY29tbXVuaXR5LWxvZ2luLm5hc2RhcS5jb206NDQzL29wZW5pZC9zdGFydD9vcGVuaWRfaWRlbnRpZmllcj1odHRwJTNhJTJmJTJmbWUueWFob28uY29tJTJmJnRva2VuX3VybD1odHRwcyUzYSUyZiUyZmNvbW11bml0eS5uYXNkYXEuY29tJTNhNDQzJTJmcnB4LmFzcHhkAgsPFgIfAwVzaHR0cHM6Ly9jb21tdW5pdHktbG9naW4ubmFzZGFxLmNvbTo0NDMvbGlua2VkaW4vc3RhcnQ/dG9rZW5fdXJsPWh0dHBzJTNhJTJmJTJmY29tbXVuaXR5Lm5hc2RhcS5jb20lM2E0NDMlMmZycHguYXNweGQYAQUeX19Db250cm9sc1JlcXVpcmVQb3N0QmFja0tleV9fFgIFIk5BU0RBUVJlZ2lzdHJhdGlvbjEkY2hrQWNjZXB0VGVybXMFHU5BU0RBUVJlZ2lzdHJhdGlvbjEkY2hrU2lnbnVwqwOZpiojmA1LcHpXWLCma42kIy0=" />
</div>
<script type="text/javascript">
//<![CDATA[
var theForm = document.forms['form1'];
if (!theForm) {
theForm = document.form1;
}
function __doPostBack(eventTarget, eventArgument) {
if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
theForm.__EVENTTARGET.value = eventTarget;
theForm.__EVENTARGUMENT.value = eventArgument;
theForm.submit();
}
}
//]]>
</script>
<script src="/WebResource.axd?d=9bfn5OaxVg0iI3gTzeAwWZV-6B2T2CIMpJdYjzQ6zPEmUyTvpTqqpbUnP9p8EbeXXOaFVNo1tBaRFTIwPmnTYAhsEKc1&t=634210220576316535" type="text/javascript"></script>
<script src="/WebResource.axd?d=DrXWA32NSi4v0wPod4A9g6qxXOVeiTyn7TSc6VWkZG93PyHJLpg91lB3YIv0UCeueI2CFYn7JGwrFEt6aRyNqoaFYEc1&t=634210220576316535" type="text/javascript"></script>
<script type="text/javascript">
//<![CDATA[
function WebForm_OnSubmit() {
if (typeof(ValidatorOnSubmit) == "function" && ValidatorOnSubmit() == false) return false;
return true;
}
//]]>
</script>
<div>
<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWEALV/YvCAwL0mp3KBgKaibzYCAKWi8fhDwLr95C5BwLVkbeADQKk8vC/DAKXtK+SBgL3uJfYCQL4udOXCQLHjdnqBQKd7P/tCQLKosSICAL61MiUCgLukuV0ArinjJwKNgPTf294OgSI4ZWDbKWl9+wTMyI=" />
</div>
<div id="leftColMed" style="height:737px; *height:752px;">
<div id="loginBox" class="clearfix" style="height:690px;">
<div id="commloginheader">
</div>
<div id="loginHeader" style="background:none repeat scroll 0 0 #F5FAF9;border-bottom:1px dotted #CCCCCC;float:left;height:30px;margin:0 5px 0;width:665px; *border-bottom:none; *margin-left:5px; _margin-left:2px;">
<h1 style="color:#1E4E6A;margin-bottom:0;padding-left:9px;padding-top:5px;width:655px;">
Join the Community. It's Free!<span style="color:#000000;font-size:12px;font-weight:bold;padding-left:185px;padding-top:5px;">Already a member? <a href="https://community.nasdaq.com/login.aspx">Sign In</a></span>
</h1>
</div>
<div id="leftSide" style="width:310px;height:533px; *height:588px; padding-right:5px;padding-top:20px; *padding-right:0px;">
<style type="text/css">
#score { color: #000; text-align: center; width: 100px; font-weight: bold; background-image: url(/common/images/bg_strength_gradient.jpg); background-repeat: no-repeat; background-position: 0 0; }
#scorebarBorder { overflow: hidden; background: #333; border: 1px #000 solid; margin-bottom: 2px; width: 100px; margin-left: 5px; }
</style>
<input type="hidden" name="NASDAQRegistration1$hPassportGuid" id="NASDAQRegistration1_hPassportGuid" />
<input type="hidden" name="NASDAQRegistration1$hFirstName" id="NASDAQRegistration1_hFirstName" />
<input type="hidden" name="NASDAQRegistration1$hLastName" id="NASDAQRegistration1_hLastName" />
<h4>Register Today</h4>
<p style="margin-bottom:10px;">Please provide the following brief information to begin enjoying all that the NASDAQ Community has to offer.</p>
<span id="NASDAQRegistration1_lblUserNameError" style="color:Red;"></span>
<fielset>
<ol>
<!-- email address -->
<li style="padding-bottom:5px;">
<label for="email" style="width:160px;">Your current email address:</label>
<input name="NASDAQRegistration1$email" type="text" id="NASDAQRegistration1_email" autocomplete="off" />
<br />
<span id="NASDAQRegistration1_emailFormatValidator" class="loginError" style="color:Red;display:none;">Please enter a valid email address in the form (name)@(domain).(extension)</span>
<span id="NASDAQRegistration1_emailPresentValidator" class="loginError" style="color:Red;display:none;">An email address is required</span>
</li>
<!-- confirm email address -->
<li style="padding-bottom:5px;">
<label for="confirmemail" style="width:160px;">Confirm Email:</label>
<input name="NASDAQRegistration1$confirmEmail" type="text" id="NASDAQRegistration1_confirmEmail" autocomplete="off" />
<br />
<span id="NASDAQRegistration1_confirmEmailPresentValidator" class="loginError" style="color:Red;display:none;">Confirmation of email address is required</span>
<span id="NASDAQRegistration1_emailComparisonValidator" class="loginError" style="color:Red;visibility:hidden;">Email and Confirm email must match</span>
</li>
<!-- choose password -->
<li>
<label for="Password" style="width:160px;">Choose a Password:</label>
<input name="NASDAQRegistration1$Password" type="password" id="NASDAQRegistration1_Password" autocomplete="off" onkeyup="passwordStrength(this.value);" onblur="passwordStrength(this.value)" onchange="passwordStrength(this.value)" onfocus="passwordStrength(this.value)" />
<div id="passwordStrength" class="strength0"></div>
<span id="NASDAQRegistration1_passwordValidator" class="loginError" style="color:Red;display:none;">Password is required</span>
</li>
<!-- confirm password -->
<li>
<label for="ConfirmPassword" style="width:160px;">Confirm Password:</label>
<input name="NASDAQRegistration1$ConfirmPassword" type="password" id="NASDAQRegistration1_ConfirmPassword" autocomplete="off" />
<br />
<span id="NASDAQRegistration1_confirmPasswordValidator" class="loginError" style="color:Red;visibility:hidden;">Confirm Password is required</span>
<span id="NASDAQRegistration1_passwordComparisonValidator" class="loginError" style="color:Red;visibility:hidden;">Password and Confirm Password must match</span>
</li>
<!-- display name -->
<li>
<label for="UserName"..
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: ecm=user_id=0&isMembershipUser=0&site_id=&username=&new_site=/&unique_id=0&site_preview=0&langvalue=0&DefaultLanguage=1033&NavLanguage=1033&LastValidLanguageID=1033&DefaultCurrency=840&SiteCurrency=840&ContType=&UserCulture=1033&dm=community.nasdaq.com&SiteLanguage=1033; path=/,EktGUID=f91787cb-3ce7-4a66-8483-52dc5cd10e17; expires=Mon, 13-Feb-2012 01:59:08 GMT; path=/,EkAnalytics=newuser; expires=Mon, 13-Feb-2012 01:59:08 GMT; path=/,ASP.NET_SessionId=w1p2zw3rxkpuhsmatxcglgix; path=/; HttpOnly
Date: Sun, 13 Feb 2011 01:59:07 GMT
Content-Length: 30584
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="Head1"><title>
Welcome to the NASDAQ Community!
</title><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><link rel="shortcut icon" href="https://www.nasdaq.com/images/qfav.ico" type="image/ico" /><link rel="icon" href="https://www.nasdaq.com/images/qfav.ico" type="image/x-icon" /><link rel="shortcut icon" href="https://www.nasdaq.com/images/qfav.ico" type="image/x-icon" />
<!--[if gte IE 6]><!-->
<!--
<link rel="stylesheet" type="text/css" href="https://www.nasdaq.com/includes/community_header.css" media="screen, projection" /><link rel="stylesheet" type="text/css" href="https://www.nasdaq.com/includes/community_footer.css" media="screen, projection" />
-->
<link rel="stylesheet" type="text/css" href="/common/styles/general.css" media="screen, projection" />
<!-- <![endif]-->
<!--[if IE 7]><link rel="stylesheet" type="text/css" media="screen, projection" href="/common/styles/ie7.css" /><![endif]-->
<!--[if IE 6]><link rel="stylesheet" type="text/css" media="screen, projection" href="/common/styles/ie6.css" /><![endif]-->
<link rel="stylesheet" type="text/css" href="/common/styles/print.css" media="print" />
<script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.1/jquery.min.js"></script>
<script type="text/javascript" src="/common/scripts/jquery.qtip.js"></script>
<script type="text/javascript" src="/common/scripts/actions.js"></script>
<script type="text/javascript" src="/common/scripts/jquery-ui-core.js"></script>
<script type="text/javascript" src="/common/scripts/jquery-blockui.js"></script>
<script type="text/javascript">
//<![CDATA[
myPage = 'register1';
sectionId = 'liHome'; //section tab
breadCrumbId = 'Li1'; //page
is_dartSite = "home";
is_dartZone = "home6";
propVar = "NASDAQ Community";
propVar2 = "Registration";
propVar15 = "Community";
googlehints = "stock market, stock investment, trading account, real time stock quotes, investment advice, best investments, mutual funds, portfolio tracking, Stock trading, Personal Finance, Nasdaq stocks, interest rates, Forex trading, equity trading, Pre-market quotes, after hours trading, Business news, company profiles, technology news, Nasdaq companies, online stock";
//]]>
</script>
<script type="text/javascript">
function passwordStrength(password) {
var desc = new Array();
desc[0] = "Very Weak";
desc[1] = "Weak";
desc[2] = "Better";
desc[3] = "Medium";
desc[4] = "Strong";
desc[5] = "Strongest";
var score = 0;
//if password bigger than 6 give 1 point
if (password.length > 6) score++;
//if password has both lower and uppercase characters give 1 point
if ( ( password.match(/[a-z]/) ) && ( password.match(/[A-Z]/) ) ) score++;
//if password has at least one number give 1 point
if (password.match(/\d+/)) score++;
//if password has at least one special caracther give 1 point
if ( password.match(/.[!,@,#,$,%,^,&,*,?,_,~,-,(,)]/) ) score++;
//if password bigger than 12 give another 1 point
if (password.length > 12) score++;
// document.getElementById("passwordDescription").innerHTML = desc[score];
// document.getElementById("passwordStrength").className = "strength" + score;
$('#passwordStrength').attr("class", "strength" + score);
document.getElementById("passwordStrength").innerHTML = desc[score];
}
</script>
<style type="text/css">
#passwordStrength {
display:block;
float:left;
font-size:11px;
font-weight:bold;
height:22px;
margin-top:-1px;
padding-top:3px;
text-align:center;
-webkit-border-bottom-right-radius: 3px;
-webkit-border-bottom-left-radius: 3px;
-moz-border-radius-bottomright: 3px;
-moz-border-radius-bottomleft: 3px;
border-bottom-right-radius: 3px;
border-bottom-left-radius: 3px;
}
.strength0 { width:175px; background:url('/common/images/strength0.png') repeat-x; color:#333; }
.strength1 { width:175px; background:url('/common/images/strength1.png') repeat-x; color:#f7f7f7; }
.strength2 { width:175px; background:url('/common/images/strength2.png') repeat-x; color:#f7f7f7;}
.strength3 { width:175px; background:url('/common/images/strength3.png') repeat-x; color:#f7f7f7;}
.strength4 { width:175px; background:url('/common/images/strength4.png') repeat-x; color:#f7f7f7; }
.strength5 { width:175px; background:url('/common/images/strength5.png') repeat-x; color:#f7f7f7; }
#widget, #view {
margin:0 !important;
}
.error {
font-size:10px;
font-weight:bold;
color: #e64040;
padding-left:6px;
}
.errorSummary {
background: #fff1f1;
border:1px solid #fcd4d4;
color: #e64040;
font-weight: bold;
}
fieldset {
margin-bottom: 10px;
margin-top:10px;
}
legend {
padding: 0 2px;
font-weight: bold;
}
label {
display: inline-block;
line-height: 1.8;
vertical-align: top;
}
fieldset ol {
margin: 0;
padding: 0;
}
fieldset li {
list-style: none;
padding: 5px;
margin: 0;
width:250px;
*width:225px;
}
fieldset fieldset {
border: none;
margin: 3px 0 0;
}
fieldset fieldset legend {
padding: 0 0 5px;
font-weight: normal;
}
fieldset fieldset label {
display: block;
width: auto;
}
em {
font-weight: bold;
font-style: normal;
color: #f00;
}
label {
width: 170px; /* Width of labels */
text-shadow:0 1px #FFFFFF;
}
fieldset fieldset label {
margin-left: 123px; /* Width plus 3 (html space) */
}
input#NASDAQRegistration1_email:focus, input#NASDAQRegistration1_Password:focus,
input#NASDAQRegistration1_ConfirmPassword:focus, input#NASDAQRegistration1_UserName:focus,
input#NASDAQRegistration1_chkAcceptTerms:focus, input#NASDAQRegistration1_chkSignup:focus,
input#NASDAQRegistration1_confirmEmail:focus
{
border:1px solid #7e8388 !important;
}
input#NASDAQRegistration1_email, input#NASDAQRegistration1_Password,
input#NASDAQRegistration1_ConfirmPassword, input#NASDAQRegistration1_UserName,
input#NASDAQRegistration1_chkAcceptTerms, input#NASDAQRegistration1_chkSignup,
input#NASDAQRegistration1_confirmEmail
{
padding: 5px;
-moz-box-shadow:0 1px 1px #DDDDDD inset;
-webkit-box-shadow:0 1px 1px #DDDDDD inset;
-webkit-border-radius: 3px;
-moz-border-radius: 3px;
border-radius: 3px;
}
ul#providers {
float:left;
margin:12px 0 13px 20px;
}
ul#providers a { text-decoration: none; outline:none; }
ul#providers a:hover { font-weight:bold; outline:none; }
ul#providers a:active { position:relative; top:1px; outline;none; }
ul#providers li {
float:left;
font-size:12px;
padding:3px 3px 0;
width:120px;
}
p.label_checkbox_pair {
clear: both;
float: none;
position: relative;
}
p.label_checkbox_pair input {
left: 80px;
position: absolute;
top: 1px;
}
p.label_checkbox_pair label {
display: block;
margin-left: 90px;
width: 200px;
}
</style>
</head>
<body>
<div id="wrapper" class="commlogin" style="width: 680px;margin:0px auto 0">
<form name="form1" method="post" action="/register.aspx" onsubmit="javascript:return WebForm_OnSubmit();" id="form1">
<div>
<input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
<input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTM2Mjk5NTE5Ng9kFgICAxBkZBYMAgEPZBYEAgcPDxYCHgdWaXNpYmxlaGRkAhkPDxYEHhRWYWxpZGF0aW9uRXhwcmVzc2lvbgURXlteIAknIiUjXXs2LDEyfSQeBFRleHQFjgFQYXNzd29yZCBtdXN0IGJlIGF0IGxlYXN0IDYgY2hhcmFjdGVycyBpbiBsZW5ndGggYW5kIG1heSBub3QgY29udGFpbiBzcGFjZXMsIHRhYnMsIHNpbmdsZSBxdW90ZXMsIGRvdWJsZSBxdW90ZXMsIHBlcmNlbnQgc2lnbnMgb3IgcG91bmQgc2lnbnMuZGQCAw8WAh4EaHJlZgWoAWh0dHBzOi8vY29tbXVuaXR5LWxvZ2luLm5hc2RhcS5jb206NDQzL2ZhY2Vib29rL2Nvbm5lY3Rfc3RhcnQ/ZXh0X3Blcm09cHVibGlzaF9zdHJlYW0sZW1haWwsb2ZmbGluZV9hY2Nlc3MmdG9rZW5fdXJsPWh0dHBzJTNhJTJmJTJmY29tbXVuaXR5Lm5hc2RhcS5jb20lM2E0NDMlMmZycHguYXNweGQCBQ8WAh8DBbgBaHR0cHM6Ly9jb21tdW5pdHktbG9naW4ubmFzZGFxLmNvbTo0NDMvb3BlbmlkL3N0YXJ0P29wZW5pZF9pZGVudGlmaWVyPWh0dHBzJTNhJTJmJTJmd3d3Lmdvb2dsZS5jb20lMmZhY2NvdW50cyUyZm84JTJmaWQlM2YmdG9rZW5fdXJsPWh0dHBzJTNhJTJmJTJmY29tbXVuaXR5Lm5hc2RhcS5jb20lM2E0NDMlMmZycHguYXNweGQCBw8WAh8DBXJodHRwczovL2NvbW11bml0eS1sb2dpbi5uYXNkYXEuY29tOjQ0My90d2l0dGVyL3N0YXJ0P3Rva2VuX3VybD1odHRwcyUzYSUyZiUyZmNvbW11bml0eS5uYXNkYXEuY29tJTNhNDQzJTJmcnB4LmFzcHhkAgkPFgIfAwWgAWh0dHBzOi8vY29tbXVuaXR5LWxvZ2luLm5hc2RhcS5jb206NDQzL29wZW5pZC9zdGFydD9vcGVuaWRfaWRlbnRpZmllcj1odHRwJTNhJTJmJTJmbWUueWFob28uY29tJTJmJnRva2VuX3VybD1odHRwcyUzYSUyZiUyZmNvbW11bml0eS5uYXNkYXEuY29tJTNhNDQzJTJmcnB4LmFzcHhkAgsPFgIfAwVzaHR0cHM6Ly9jb21tdW5pdHktbG9naW4ubmFzZGFxLmNvbTo0NDMvbGlua2VkaW4vc3RhcnQ/dG9rZW5fdXJsPWh0dHBzJTNhJTJmJTJmY29tbXVuaXR5Lm5hc2RhcS5jb20lM2E0NDMlMmZycHguYXNweGQYAQUeX19Db250cm9sc1JlcXVpcmVQb3N0QmFja0tleV9fFgIFIk5BU0RBUVJlZ2lzdHJhdGlvbjEkY2hrQWNjZXB0VGVybXMFHU5BU0RBUVJlZ2lzdHJhdGlvbjEkY2hrU2lnbnVwqwOZpiojmA1LcHpXWLCma42kIy0=" />
</div>
<script type="text/javascript">
//<![CDATA[
var theForm = document.forms['form1'];
if (!theForm) {
theForm = document.form1;
}
function __doPostBack(eventTarget, eventArgument) {
if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
theForm.__EVENTTARGET.value = eventTarget;
theForm.__EVENTARGUMENT.value = eventArgument;
theForm.submit();
}
}
//]]>
</script>
<script src="/WebResource.axd?d=9bfn5OaxVg0iI3gTzeAwWZV-6B2T2CIMpJdYjzQ6zPEmUyTvpTqqpbUnP9p8EbeXXOaFVNo1tBaRFTIwPmnTYAhsEKc1&t=634210220576316535" type="text/javascript"></script>
<script src="/WebResource.axd?d=DrXWA32NSi4v0wPod4A9g6qxXOVeiTyn7TSc6VWkZG93PyHJLpg91lB3YIv0UCeueI2CFYn7JGwrFEt6aRyNqoaFYEc1&t=634210220576316535" type="text/javascript"></script>
<script type="text/javascript">
//<![CDATA[
function WebForm_OnSubmit() {
if (typeof(ValidatorOnSubmit) == "function" && ValidatorOnSubmit() == false) return false;
return true;
}
//]]>
</script>
<div>
<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWEALV/YvCAwL0mp3KBgKaibzYCAKWi8fhDwLr95C5BwLVkbeADQKk8vC/DAKXtK+SBgL3uJfYCQL4udOXCQLHjdnqBQKd7P/tCQLKosSICAL61MiUCgLukuV0ArinjJwKNgPTf294OgSI4ZWDbKWl9+wTMyI=" />
</div>
<div id="leftColMed" style="height:737px; *height:752px;">
<div id="loginBox" class="clearfix" style="height:690px;">
<div id="commloginheader">
</div>
<div id="loginHeader" style="background:none repeat scroll 0 0 #F5FAF9;border-bottom:1px dotted #CCCCCC;float:left;height:30px;margin:0 5px 0;width:665px; *border-bottom:none; *margin-left:5px; _margin-left:2px;">
<h1 style="color:#1E4E6A;margin-bottom:0;padding-left:9px;padding-top:5px;width:655px;">
Join the Community. It's Free!<span style="color:#000000;font-size:12px;font-weight:bold;padding-left:185px;padding-top:5px;">Already a member? <a href="https://community.nasdaq.com/login.aspx">Sign In</a></span>
</h1>
</div>
<div id="leftSide" style="width:310px;height:533px; *height:588px; padding-right:5px;padding-top:20px; *padding-right:0px;">
<style type="text/css">
#score { color: #000; text-align: center; width: 100px; font-weight: bold; background-image: url(/common/images/bg_strength_gradient.jpg); background-repeat: no-repeat; background-position: 0 0; }
#scorebarBorder { overflow: hidden; background: #333; border: 1px #000 solid; margin-bottom: 2px; width: 100px; margin-left: 5px; }
</style>
<input type="hidden" name="NASDAQRegistration1$hPassportGuid" id="NASDAQRegistration1_hPassportGuid" />
<input type="hidden" name="NASDAQRegistration1$hFirstName" id="NASDAQRegistration1_hFirstName" />
<input type="hidden" name="NASDAQRegistration1$hLastName" id="NASDAQRegistration1_hLastName" />
<h4>Register Today</h4>
<p style="margin-bottom:10px;">Please provide the following brief information to begin enjoying all that the NASDAQ Community has to offer.</p>
<span id="NASDAQRegistration1_lblUserNameError" style="color:Red;"></span>
<fielset>
<ol>
<!-- email address -->
<li style="padding-bottom:5px;">
<label for="email" style="width:160px;">Your current email address:</label>
<input name="NASDAQRegistration1$email" type="text" id="NASDAQRegistration1_email" autocomplete="off" />
<br />
<span id="NASDAQRegistration1_emailFormatValidator" class="loginError" style="color:Red;display:none;">Please enter a valid email address in the form (name)@(domain).(extension)</span>
<span id="NASDAQRegistration1_emailPresentValidator" class="loginError" style="color:Red;display:none;">An email address is required</span>
</li>
<!-- confirm email address -->
<li style="padding-bottom:5px;">
<label for="confirmemail" style="width:160px;">Confirm Email:</label>
<input name="NASDAQRegistration1$confirmEmail" type="text" id="NASDAQRegistration1_confirmEmail" autocomplete="off" />
<br />
<span id="NASDAQRegistration1_confirmEmailPresentValidator" class="loginError" style="color:Red;display:none;">Confirmation of email address is required</span>
<span id="NASDAQRegistration1_emailComparisonValidator" class="loginError" style="color:Red;visibility:hidden;">Email and Confirm email must match</span>
</li>
<!-- choose password -->
<li>
<label for="Password" style="width:160px;">Choose a Password:</label>
<input name="NASDAQRegistration1$Password" type="password" id="NASDAQRegistration1_Password" autocomplete="off" onkeyup="passwordStrength(this.value);" onblur="passwordStrength(this.value)" onchange="passwordStrength(this.value)" onfocus="passwordStrength(this.value)" />
<div id="passwordStrength" class="strength0"></div>
<span id="NASDAQRegistration1_passwordValidator" class="loginError" style="color:Red;display:none;">Password is required</span>
</li>
<!-- confirm password -->
<li>
<label for="ConfirmPassword" style="width:160px;">Confirm Password:</label>
<input name="NASDAQRegistration1$ConfirmPassword" type="password" id="NASDAQRegistration1_ConfirmPassword" autocomplete="off" />
<br />
<span id="NASDAQRegistration1_confirmPasswordValidator" class="loginError" style="color:Red;visibility:hidden;">Confirm Password is required</span>
<span id="NASDAQRegistration1_passwordComparisonValidator" class="loginError" style="color:Red;visibility:hidden;">Password and Confirm Password must match</span>
</li>
<!-- display name -->
<li>
<label for="UserName"..
IIS Version Disclosure
IIS Version Disclosure
1
TOTAL
INFORMATION
Netsparker identified that the target web server is disclosing the web server's version in the HTTP response. This information can help an attacker to gain a greater understanding of the system in use and potentially develop further attacks targeted at the specific web server version.
Impact
An attacker can look for specific security vulnerabilities for the version identified through the SERVER header information.
Remediation
Configure your web server to prevent information leakage from the
SERVER header of its HTTP response.
|
- /robots.txt
/robots.txt |
Extracted Version
Microsoft-IIS/7.0
Request
GET /robots.txt HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: community.nasdaq.com
Cookie: ecm=user_id=0&isMembershipUser=0&site_id=&username=&new_site=/&unique_id=0&site_preview=0&langvalue=0&DefaultLanguage=1033&NavLanguage=1033&LastValidLanguageID=1033&DefaultCurrency=840&SiteCurrency=840&ContType=&UserCulture=1033&dm=community.nasdaq.com&SiteLanguage=1033; EktGUID=0651780c-1a27-46f6-bf42-4f598cb783dc; EkAnalytics=newuser
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: community.nasdaq.com
Cookie: ecm=user_id=0&isMembershipUser=0&site_id=&username=&new_site=/&unique_id=0&site_preview=0&langvalue=0&DefaultLanguage=1033&NavLanguage=1033&LastValidLanguageID=1033&DefaultCurrency=840&SiteCurrency=840&ContType=&UserCulture=1033&dm=community.nasdaq.com&SiteLanguage=1033; EktGUID=0651780c-1a27-46f6-bf42-4f598cb783dc; EkAnalytics=newuser
Accept-Encoding: gzip, deflate
Response
HTTP/1.1 200 OK
Cache-Control: public
Content-Length: 214
Content-Type: text/plain
Last-Modified: Mon, 08 Feb 2010 15:11:28 GMT
Server: Microsoft-IIS/7.0
Date: Sun, 13 Feb 2011 01:59:07 GMT
User-agent: *
Disallow:
Disallow: /WorkArea/
Disallow: /Moderation/
Disallow: ETFSymbollookupDataHandler.ashx
Disallow: /ETFSymbollookupDataHandler.ashx
Disallow: cmslogin.aspx
Disallow: /cmslogin.aspx
Cache-Control: public
Content-Length: 214
Content-Type: text/plain
Last-Modified: Mon, 08 Feb 2010 15:11:28 GMT
Server: Microsoft-IIS/7.0
Date: Sun, 13 Feb 2011 01:59:07 GMT
User-agent: *
Disallow:
Disallow: /WorkArea/
Disallow: /Moderation/
Disallow: ETFSymbollookupDataHandler.ashx
Disallow: /ETFSymbollookupDataHandler.ashx
Disallow: cmslogin.aspx
Disallow: /cmslogin.aspx
Robots.txt Identified
Robots.txt Identified
1
TOTAL
INFORMATION
CONFIRMED
1
Netsparker identified a possibly sensitive
Robots.txt file with potentially sensitive content.
Impact
Depending on the content of the file, an attacker might discover hidden directories. Ensure that you have got nothing sensitive exposed within this folder such as the path of the administration panel.
Remedy
- If disallowed paths are sensitive, do not write them in the
robots.txtand ensure that they correctly protected by means of authentication.
|
- /robots.txt
/robots.txt CONFIRMED |
Interesting Robots.txt Entries
- Disallow:
- Disallow: /WorkArea/
- Disallow: /Moderation/
- Disallow: ETFSymbollookupDataHandler.ashx
- Disallow: /ETFSymbollookupDataHandler.ashx
- Disallow: cmslogin.aspx
- Disallow: /cmslogin.aspx
Request
GET /robots.txt HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: community.nasdaq.com
Cookie: ecm=user_id=0&isMembershipUser=0&site_id=&username=&new_site=/&unique_id=0&site_preview=0&langvalue=0&DefaultLanguage=1033&NavLanguage=1033&LastValidLanguageID=1033&DefaultCurrency=840&SiteCurrency=840&ContType=&UserCulture=1033&dm=community.nasdaq.com&SiteLanguage=1033; EktGUID=0651780c-1a27-46f6-bf42-4f598cb783dc; EkAnalytics=newuser
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: community.nasdaq.com
Cookie: ecm=user_id=0&isMembershipUser=0&site_id=&username=&new_site=/&unique_id=0&site_preview=0&langvalue=0&DefaultLanguage=1033&NavLanguage=1033&LastValidLanguageID=1033&DefaultCurrency=840&SiteCurrency=840&ContType=&UserCulture=1033&dm=community.nasdaq.com&SiteLanguage=1033; EktGUID=0651780c-1a27-46f6-bf42-4f598cb783dc; EkAnalytics=newuser
Accept-Encoding: gzip, deflate
Response
HTTP/1.1 200 OK
Cache-Control: public
Content-Length: 214
Content-Type: text/plain
Last-Modified: Mon, 08 Feb 2010 15:11:28 GMT
Server: Microsoft-IIS/7.0
Date: Sun, 13 Feb 2011 01:59:07 GMT
User-agent: *
Disallow:
Disallow: /WorkArea/
Disallow: /Moderation/
Disallow: ETFSymbollookupDataHandler.ashx
Disallow: /ETFSymbollookupDataHandler.ashx
Disallow: cmslogin.aspx
Disallow: /cmslogin.aspx
Cache-Control: public
Content-Length: 214
Content-Type: text/plain
Last-Modified: Mon, 08 Feb 2010 15:11:28 GMT
Server: Microsoft-IIS/7.0
Date: Sun, 13 Feb 2011 01:59:07 GMT
User-agent: *
Disallow:
Disallow: /WorkArea/
Disallow: /Moderation/
Disallow: ETFSymbollookupDataHandler.ashx
Disallow: /ETFSymbollookupDataHandler.ashx
Disallow: cmslogin.aspx
Disallow: /cmslogin.aspx