XSS, Cross Site Scripting, Javascript Injection, gw.vtrenz.net, CWE-79, CAPEC-86

Netsparker - Scan Report Summary
TARGET URL
 http://gw.vtrenz.net/?GTJ25UFT6K
SCAN DATE
 3/7/2011 8:41:29 PM
REPORT DATE
 3/7/2011 8:56:24 PM
SCAN DURATION
 00:14:54

Total Requests

Average Speed

req/sec.
5
identified
3
confirmed
0
critical
2
informational

GHDB, DORK Tests

GHDB, DORK Tests
PROFILE
 Previous Settings
ENABLED ENGINES
 XSS
Authentication
Scheduled

VULNERABILITIES

Vulnerabilities
Netsparker - Web Application Security Scanner
IMPORTANT
20 %
LOW
40 %
INFORMATION
40 %
Permanent Cross-site Scripting

Permanent Cross-site Scripting

1 TOTAL
IMPORTANT

Permanent XSS (Cross-site Scripting) allows an attacker to execute dynamic scripts (Javascript, VbScript) in the context of the application. This allows several different attack opportunities, mostly hijacking the current session of the user or changing the look of the page by changing the HTML on the fly and to steal the user's credentials. This happens because the input entered by the user has been interpreted by HTML/Javascript/VbScript within the browser.

Permanent means that the attack will be stored in the back-end system. In normal XSS attacks an attack needs to e-mail the victim but in a permanent XSS an attacker can just execute the attack and wait for users to see the affected page. As soon as someone visits the page, the attacker's stored payload will get executed.

XSS targets the users of the application instead of the server. Although this is a limitation, since it only allows attackers to hijack other users' session the attacker might attack an administrator to gain full control over the application.

Impact

Permanent XSS is a dangerous issue that has many exploitation vectors, some of which includes:
  • User session sensitive information such as cookies can be stolen.
  • XSS can enable client-side worms which could modify, delete or steal other users' data within the application.
  • The website can be redirected to a new location, defaced or used as a phishing site.

Remedy

The issue occurs because the browser interprets the input as active HTML, Javascript or VbScript. To avoid this, all input and output from the application should be filtered. Output should be filtered according to the output format and location. Typically the output location is HTML. Where the output is HTML ensure that all active content is removed prior to its presentation to the server.

Prior to sanitizing user input, ensure you have a pre-defined list of both expected and acceptable characters with which you populate a white-list. This list needs only be defined once and should be used to sanitize and validate all subsequent input.

There are a number of pre-defined, well structured white-list libraries available for many different environments, good examples of these include, OWASP Reform and Microsoft Anti Cross-site Scripting libraries are good examples.

Remedy References

External References

- /

/

http://gw.vtrenz.net/?GTJ25UFT6K=http://netsparker.com/n?

Unknown Injection Point

Netsparker did not carry out an attack for this page but identified output of a previously completed XSS attack. This might happen because Netsparker run against this website before.

Request

GET /?GTJ25UFT6K=http://netsparker.com/n? HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations)
Cache-Control: no-cache
Host: gw.vtrenz.net
Cookie: CFID=37849954; CFTOKEN=b030ce89b1727d6d-93570F26-5056-8717-43051B69364A00BD; JSESSIONID=983086774913a54512836d7825696476b252
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Connection: close
Date: Tue, 08 Mar 2011 02:41:49 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Expires: Tue, 08 Mar 2011 02:41:49 GMT
Content-Type: text/html; charset=UTF-8


<html>
<head>
<title>Twitter Sign up Form</title>

<meta name="description" content="" />
<meta name="keywords" content="" />

<meta http-equiv="Content-Type" content="text/html; charset=utf-8">

<link href="http://gw.vtrenz.net/css/imarkstyles.css" rel="stylesheet" type="text/css">

<script language="javascript" src="http://gw.vtrenz.net/scripts/validator%20class/validatorv1.js"></script>

<script type="text/javascript" language="javascript">
VTRENZ = {};
VTRENZ.gwParams = {};
VTRENZ.gwParams["nsextt"] = " \'\"--></style></script><script>netsparker(0x000947)</script>";

</script>

</head>

<body bgColor="000000" leftmargin="0" topmargin="0" marginwidth="0" marginheight="0"> <!--www1-vt-ws17.vtrenz.savvis-->


<table align="center" cellpadding="0" cellspacing="0" border="0" borderColor="000000" width="615" bgColor="000000" style="margin-top:0; margin-left:0;">
<tr><td valign="top" bgcolor="FFFFFF" align="center" class="errorMSG"></td></tr>
<tr>
<td valign="top" align="left">
<table align="center" cellpadding="0" cellspacing="0" border="0" width="100%">


<tr>
<td valign="top" align="left" bgColor="FFFFFF"></td>
</tr>


<tr>
<td valign="top" align="left"><table cellpadding="0" cellspacing="0" border="0" borderColor="000000" width="615" bgColor="000000" style="margin-top:5; margin-left:5; margin-bottom:5; margin-right:5;">
<tr>
<td valign="top" align="left" style="padding:5px;"><iframe border="0" width="0" height="0"></iframe><script language="JavaScript"><!--/************************************************ Required field(s) validation ***********************************************/function formCheck(formobj){// Enter name of mandatory fieldsvar fieldRequired = Array("q1","q2","q14","q16","q107","q15","q6","q9","q49198");// Enter field description to appear in the dialog boxvar fieldDescription = Array("First Name", "Last Name", "Email Address", "Phone", "Title", "Company Name", "State/Province", "Country","Company Size");// dialog messagevar alertMsg = "Please complete the following fields:\n";var l_Msg = alertMsg.length;for (var i = 0; i < fieldRequired.length; i++){var obj = formobj.elements[fieldRequired[i]];if (obj){switch(obj.type){case "select-one":if (obj.selectedIndex == 0){alertMsg += " - " + fieldDescription[i] + "\n";}break;case "select-multiple":if (obj.selectedIndex == 0){alertMsg += " - " + fieldDescription[i] + "\n";}break;case "text":case "textarea":if (obj.value == "" || obj.value == null){alertMsg += " - " + fieldDescription[i] + "\n";}break;default:}if (obj.type == undefined){var blnchecked = false;for (var j = 0; j < obj.length; j++){if (obj[j].checked){blnchecked = true;}}if (!blnchecked){alertMsg += " - " + fieldDescription[i] + "\n";}}}}if (alertMsg.length == l_Msg){return true;}else{alert(alertMsg);return false;}}// --></script> <table width="100%" bgcolor="#000000" cellpadding="0" cellspacing="0"> <tbody> <tr> <td align="center" valign="top"> <table width="615" bgcolor="#000000" border="0" cellpadding="0" cellspacing="0"> <tbody> <tr> <td rowspan="3" bgcolor="#000000" valign="top"><img src="https://www1.vtrenz.net/imarkownerfiles/ownerassets/779/top-left.jpg" /><br /> </td> <td colspan="2"><img src="https://www1.vtrenz.net/imarkownerfiles/ownerassets/779/top-blank.jpg" /></td> <td rowspan="3" bgcolor="#000000" valign="top"><img src="https://www1.vtrenz.net/imarkownerfiles/ownerassets/779/top-right.jpg" /><br /> </td> </tr> <tr> <td style="line-height: 19px; padding-left: 20px; padding-right: 20px; font-family: Trebuchet MS,Arial; font-size: 13px" align="left" bgcolor="#ffffff" valign="top"> <h1 style="margin-top: 20px; color: #3399cc; font-size: 20px">Follow Bullhorn on Twitter!</h1> <p> <font size="2"><font color="#000000">Want to know what is happening in the staffing and recruiting industry and at Bullhorn? Be the first to receive our latest compensation and research reports and stay up-to-date on news and announcements from Bullhorn and Bullhorn Live.<br /> <br /> </font></font> </p> <p> &nbsp;<b><font size="4"> </font></b><img src="https://www1.vtrenz.net/imarkownerfiles/ownerassets/779/Megaphone_guy1.jpg" width="80" align="middle" border="0" height="81" /><b><font size="4">&nbsp;&nbsp;&nbsp;&nbsp; </font><a href="http://gw.vtrenz.net/?GTJ25UFT6K:XC88R7DBEN=contactID:0,ssID:0,email:,clicksrc:" target="_blank"><font size="4"><font color="#000000" size="4">Click here to follow @ Bullhornlive</font></font></a> <br /> </b><b><font color="#3399cc" size="3"><br /> <font size="4">Interested in Receiving Email Alerts with the Latest Industry Reports?</font></font> <br /> </b> </p> <b></b> <p> <b><font color="#000000" size="2">Fill out the form below and select &quot;Please send me information&quot; to receive our latest reports and best practices papers. </font></b> </p> <b><font color="#000000" size="2"></font></b> <ul> <b><font color="#000000" size="2"></font></b> </ul> <b><font color="#000000" size="2"></font></b> <form action="http://gw.vtrenz.net/?method=cSurveyWebservice.submit&amp;dkey=D1E25563UJ&amp;questionIDList=90192,3108,1,2,14,16,107,15,6,9,49198,58259&amp;mode=live" name="SurveyInput_D1E25563UJ" method="post" onsubmit="return formCheck(this);"> <b><font color="#000000" size="2"><input name="formRelocateURL" type="hidden" /> <input name="clicksource" type="hidden" /> <input name="iMarketingSyncID" type="hidden" /> <input name="WebSyncID" type="hidden" /> <input name="sessionGuid" type="hidden" /> <input name="q90192" value="IWTwitterSignup2010" type="hidden" /><br /> <input name="q3108" value="Inbound Web" type="hidden" /> <font face="trebuchet ms,geneva"><label><font color="#ff0000">*</font> <font size="1">Required Fields<br /> </font></label></font> <table width="554" border="0" height="244"> <tbody> <tr> <td><font face="trebuchet ms,geneva"><label><font size="2">First Name<font color="#ff0000">*</font></font></label> </font><br /> </td> <td><font face="trebuchet ms,geneva"><input autocomplete="OFF" name="q1" maxlength="50" alt="First Name" /> </font></td> </tr> <tr> <td><font face="trebuchet ms,geneva" size="+0"><font size="2">Last Name<font color="#ff0000">*</font></font></font></td> <td><font face="trebuchet ms,geneva" size="2"><input autocomplete="OFF" name="q2" maxlength="50" alt="Last Name" /> </font></td> </tr> <tr> <td><font face="trebuchet ms,geneva" size="+0"><font size="2">Email Address<font color="#ff0000">*</font></font></font></td> <td><font face="trebuchet ms,geneva"><input autocomplete="OFF" name="q14" maxlength="85" alt="Email Address" /> </font></td> </tr> <tr> <td><font face="trebuchet ms,geneva" size="+0"><font size="2">Work Phone</font></font><font face="trebuchet ms,geneva" size="+0"><font size="2"><font color="#ff0000">*</font></font></font></td> <td><font face="trebuchet ms,geneva"><input autocomplete="OFF" name="q16" size="15" maxlength="25" alt="Work Phone" /> </font></td> </tr> <tr> <td><font face="trebuchet ms,geneva" size="+0"><font size="2">Title<font color="#ff0000">*</font></font></font></td> <td><font face="trebuchet ms,geneva"><input autocomplete="OFF" name="q107" maxlength="40" alt="Job Title" /> </font></td> </tr> <tr> <td><font face="trebuchet ms,geneva" size="+0"><font size="2">Company Name<font color="#ff0000">*</font></font></font></td> <td><font face="trebuchet ms,geneva"><input name="q15" maxlength="100" alt="Company Name" /> </font></td> </tr> <tr> <td><font face="trebuchet ms,geneva" size="+0"><font size="2">State/Province<font color="#ff0000">*</font></font></font></td> <td><select name="q6" class="form_SelectInstruction" id="q6"> <option> -- Select below --</option> <option value="Non US"> Not listed</option> <optgroup label="-- US States --"> <option value="AL"> Alabama</option> <option value="AK"> Alaska</option> <option value="AZ"> Arizona</option> <option value="AR"> Arkansas</option> <option value="CA"> California</option> <option value="CO"> Colorado</option> <option value="CT"> Connecticut</option> <option value="DE"> Delaware</option> <option value="FL"> Florida</option> <option value="GA"> Georgia</option> <option value="HI"> Hawaii</option> <option value="ID"> Idaho</option> <option value="IL"> Illinois</option> <option value="IN"> Indiana</option> <option value="IA"> Iowa</option> <option value="KS"> Kansas</option> <option value="KY"> Kentucky</option> <option value="LA"> Louisiana</option> <option value="ME"> Maine</option> <option value="MD"> Maryland</option> <option value="MA"> Massachusetts</option> <option value="MI"> Michigan</option> <option value="MN"> Minnesota</option> <option value="MS"> Mississippi</option> <option value="MO"> Missouri</option> <option value="MT"> Montana</option> <option value="NE"> Nebraska</option> <option value="NV"> Nevada</option> <option value="NH"> New Hampshire</option> <option value="NJ"> New Jersey</option> <option value="NM"> New Mexico</option> <option value="NY"> New York</option> <option value="NC"> North Carolina</option> <option value="ND"> North Dakota</option> <option value="OH"> Ohio</option> <option value="OK"> Oklahoma</option> <option value="OR"> Oregon</option> <option value="PA"> Pennsylvania</option> <option value="RI"> Rhode Island</option> <option value="SC"> South Carolina</option> <option value="SD"> South Dakota</option> <option value="TN"> Tennessee</option> <option value="TX"> Texas</option> <option value="UT"> Utah</option> <option value="VT"> Vermont</option> <option value="VA"> Virginia</option> <option value="WA"> Washington</option> <option value="DC"> Washington D.C.</option> <option value="WV"> West Virginia</option> <option value="WI"> Wisconsin</option> <option value="WY"> Wyoming</option> </optgroup> <optgroup label="-- Canadian Provinces --"> <option value="AB"> AB - Alberta</option> <option value="BC"> BC - British Columbia</option> <option value="MB"> MB - Manitoba</option> <option value="NB"> NB - New Brunswick</option> <option value="NF"> NF - Newfoundland</option> <option value="NS"> NS - Nova Scotia</option> <option value="NT"> NT - Northwest Territories</option> <option value="NU"> NU - Nunavut</option> <option value="ON"> ON - Ontario</option> <option value="PE"> PE - Prince Edward Island</option> <option value="QC"> QC - Quebec</option> <option value="SK"> SK - Saskatchewan</option> <option value="YT"> YT - Yukon</option> </optgroup> <optgroup label="-- Australia --"> <option value="AU.NSW"> New South Wales</option> <option value="AU.NT"> Northern Territory</option> <option value="AU.QLD"> Queensland</option> <option value="AU.SA"> South Australia</option> <option value="AU.TAS"> Tasmania</option> <option value="AU.VIC"> Victoria</option> <option value="AU.WA"> Western Australia</option> </optgroup> <option value="Non US"> Not listed</option></select></td> </tr> <tr> <td><font face="trebuchet ms,geneva" size="+0"><font size="2">Country<font color="#ff0000">*</font></font></font></td> <td><select name="q9" class="form_SelectInstruction" id="q9"> <option> -- Select Country --</option> <option value="US"> United States</option> <option value="AF"> Afghanistan, Islamic State of</option> <option value="AL"> Albania</option> <option value="DZ"> Algeria</option> <option value="AS"> American Samoa</option> <option value="AD"> Andorra, Principality of</option> <option value="AO"> Angola</option> <option value="AI"> Anguilla</option> <option value="AQ"> Antarctica</option> <option value="AG"> Antigua and Barbuda</option> ..
Internal Server Error

Internal Server Error

1 TOTAL
LOW
CONFIRMED
1
The Server responded with an HTTP status 500. This indicates that there is a server-side error. Reasons may vary. The behavior should be analysed carefully. If Netsparker is able to find a security issue in the same resource it will report this as a separate vulnerability.

Impact

The impact may vary depending on the condition. Generally this indicates poor coding practices, not enough error checking, sanitization and whitelisting. However there might be a bigger issue such as SQL Injection. If that's the case Netsparker will check for other possible issues and report them separately.

Remedy

Analyse this issue and review the application code in order to handle unexpected errors, this should be a generic practice which does not disclose further information upon an error. All errors should be handled server side only.
- /

/ CONFIRMED

http://gw.vtrenz.net/?GTJ25UFT6K=%22%26%20ping%20-n%2026%20127.0.0.1%20%26

Parameters

Parameter Type Value
GTJ25UFT6K GET "& ping -n 26 127.0.0.1 &

Request

GET /?GTJ25UFT6K=%22%26%20ping%20-n%2026%20127.0.0.1%20%26 HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations)
Cache-Control: no-cache
Host: gw.vtrenz.net
Cookie: CFID=37849954; CFTOKEN=b030ce89b1727d6d-93570F26-5056-8717-43051B69364A00BD; JSESSIONID=983086774913a54512836d7825696476b252
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 500 Server Error
Connection: close
Date: Tue, 08 Mar 2011 02:41:36 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Sorry! An error has occurred.</title>

<style>
.errorHeader{
font-family:Arial, Helvetica, sans-serif;
font-weight:bold;
color:#000000;
font-size:14px;
background-color:#f2f2f2;
padding:4px;
border:1px solid #cccccc;
}
.errorText{
font-family:Arial, Helvetica, sans-serif;
font-size:11px;
padding:4px;
}
.errorFooter{
font-family:Arial, Helvetica, sans-serif;
color:#999999;
font-size:11px;
background-color:#f2f2f2;
padding:2px;
border:1px solid #cccccc;
}
</style>
</head>

<body>



<table cellpadding="0" cellspacing="0" border="0" width="585" align="center">
<tr>
<td align="left" valign="middle" class="errorHeader">An Error Has Occurred.</td>
</tr>
<tr>
<td align="left" valign="middle" class="errorText">An unknown error occurred while attempting to process your request.</td>
</tr>
<tr>
<td align="center" valign="middle" class="errorFooter">Silverpop is a registered trademark of Silverpop Systems Inc. All other trademarks are the property of their respective owners. Copyright 2011. All rights reserved.</td>
</tr>
</table>

</body>
</html>
Cookie Not Marked As HttpOnly

Cookie Not Marked As HttpOnly

1 TOTAL
LOW
CONFIRMED
1
Cookie was not marked as HTTPOnly. HTTPOnly cookies can not be read by client-side scripts therefore marking a cookie as HTTPOnly can provide an additional layer of protection against Cross-site Scripting attacks..

Impact

During a Cross-site Scripting attack an attacker might easily access cookies and hijack the victim's session.

Actions to Take

  1. See the remedy for solution
  2. Consider marking all of the cookies used by the application as HTTPOnly (After these changes javascript code will not able to read cookies.

Remedy

Mark the cookie as HTTPOnly. This will be an extra layer of defence against XSS. However this is not a silver bullet and will not protect the system against Cross-site Scripting attacks. An attacker can use a tool such as XSS Tunnel to bypass HTTPOnly protection.

External References

- /

/ CONFIRMED

http://gw.vtrenz.net/?GTJ25UFT6K

Identified Cookie

CFID

Request

GET /?GTJ25UFT6K HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations)
Cache-Control: no-cache
Host: gw.vtrenz.net
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Connection: close
Date: Tue, 08 Mar 2011 02:41:20 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=37849952;expires=Thu, 28-Feb-2041 02:41:20 GMT;path=/,CFTOKEN=21e0e9d451540c9c-93570EF7-5056-8717-4355576A3A24AD57;expires=Thu, 28-Feb-2041 02:41:20 GMT;path=/,JSESSIONID=983086774913a54512836d7825696476b252;path=/,CFID=37849954;expires=Thu, 28-Feb-2041 02:41:20 GMT;path=/,CFTOKEN=b030ce89b1727d6d-93570F26-5056-8717-43051B69364A00BD;expires=Thu, 28-Feb-2041 02:41:20 GMT;path=/
Expires: Tue, 08 Mar 2011 02:41:20 GMT
Content-Type: text/html; charset=UTF-8


<html>
<head>
<title>Twitter Sign up Form</title>

<meta name="description" content="" />
<meta name="keywords" content="" />

<meta http-equiv="Content-Type" content="text/html; charset=utf-8">

<link href="http://gw.vtrenz.net/css/imarkstyles.css" rel="stylesheet" type="text/css">

<script language="javascript" src="http://gw.vtrenz.net/scripts/validator%20class/validatorv1.js"></script>

<script type="text/javascript" language="javascript">
VTRENZ = {};
VTRENZ.gwParams = {};

</script>

</head>

<body bgColor="000000" leftmargin="0" topmargin="0" marginwidth="0" marginheight="0"> <!--www1-vt-ws17.vtrenz.savvis-->


<table align="center" cellpadding="0" cellspacing="0" border="0" borderColor="000000" width="615" bgColor="000000" style="margin-top:0; margin-left:0;">
<tr><td valign="top" bgcolor="FFFFFF" align="center" class="errorMSG"></td></tr>
<tr>
<td valign="top" align="left">
<table align="center" cellpadding="0" cellspacing="0" border="0" width="100%">


<tr>
<td valign="top" align="left" bgColor="FFFFFF"></td>
</tr>


<tr>
<td valign="top" align="left"><table cellpadding="0" cellspacing="0" border="0" borderColor="000000" width="615" bgColor="000000" style="margin-top:5; margin-left:5; margin-bottom:5; margin-right:5;">
<tr>
<td valign="top" align="left" style="padding:5px;"><iframe border="0" width="0" height="0"></iframe><script language="JavaScript"><!--/************************************************ Required field(s) validation ***********************************************/function formCheck(formobj){// Enter name of mandatory fieldsvar fieldRequired = Array("q1","q2","q14","q16","q107","q15","q6","q9","q49198");// Enter field description to appear in the dialog boxvar fieldDescription = Array("First Name", "Last Name", "Email Address", "Phone", "Title", "Company Name", "State/Province", "Country","Company Size");// dialog messagevar alertMsg = "Please complete the following fields:\n";var l_Msg = alertMsg.length;for (var i = 0; i < fieldRequired.length; i++){var obj = formobj.elements[fieldRequired[i]];if (obj){switch(obj.type){case "select-one":if (obj.selectedIndex == 0){alertMsg += " - " + fieldDescription[i] + "\n";}break;case "select-multiple":if (obj.selectedIndex == 0){alertMsg += " - " + fieldDescription[i] + "\n";}break;case "text":case "textarea":if (obj.value == "" || obj.value == null){alertMsg += " - " + fieldDescription[i] + "\n";}break;default:}if (obj.type == undefined){var blnchecked = false;for (var j = 0; j < obj.length; j++){if (obj[j].checked){blnchecked = true;}}if (!blnchecked){alertMsg += " - " + fieldDescription[i] + "\n";}}}}if (alertMsg.length == l_Msg){return true;}else{alert(alertMsg);return false;}}// --></script> <table width="100%" bgcolor="#000000" cellpadding="0" cellspacing="0"> <tbody> <tr> <td align="center" valign="top"> <table width="615" bgcolor="#000000" border="0" cellpadding="0" cellspacing="0"> <tbody> <tr> <td rowspan="3" bgcolor="#000000" valign="top"><img src="https://www1.vtrenz.net/imarkownerfiles/ownerassets/779/top-left.jpg" /><br /> </td> <td colspan="2"><img src="https://www1.vtrenz.net/imarkownerfiles/ownerassets/779/top-blank.jpg" /></td> <td rowspan="3" bgcolor="#000000" valign="top"><img src="https://www1.vtrenz.net/imarkownerfiles/ownerassets/779/top-right.jpg" /><br /> </td> </tr> <tr> <td style="line-height: 19px; padding-left: 20px; padding-right: 20px; font-family: Trebuchet MS,Arial; font-size: 13px" align="left" bgcolor="#ffffff" valign="top"> <h1 style="margin-top: 20px; color: #3399cc; font-size: 20px">Follow Bullhorn on Twitter!</h1> <p> <font size="2"><font color="#000000">Want to know what is happening in the staffing and recruiting industry and at Bullhorn? Be the first to receive our latest compensation and research reports and stay up-to-date on news and announcements from Bullhorn and Bullhorn Live.<br /> <br /> </font></font> </p> <p> &nbsp;<b><font size="4"> </font></b><img src="https://www1.vtrenz.net/imarkownerfiles/ownerassets/779/Megaphone_guy1.jpg" width="80" align="middle" border="0" height="81" /><b><font size="4">&nbsp;&nbsp;&nbsp;&nbsp; </font><a href="http://gw.vtrenz.net/?GTJ25UFT6K:XC88R7DBEN=contactID:0,ssID:0,email:,clicksrc:" target="_blank"><font size="4"><font color="#000000" size="4">Click here to follow @ Bullhornlive</font></font></a> <br /> </b><b><font color="#3399cc" size="3"><br /> <font size="4">Interested in Receiving Email Alerts with the Latest Industry Reports?</font></font> <br /> </b> </p> <b></b> <p> <b><font color="#000000" size="2">Fill out the form below and select &quot;Please send me information&quot; to receive our latest reports and best practices papers. </font></b> </p> <b><font color="#000000" size="2"></font></b> <ul> <b><font color="#000000" size="2"></font></b> </ul> <b><font color="#000000" size="2"></font></b> <form action="http://gw.vtrenz.net/?method=cSurveyWebservice.submit&amp;dkey=D1E25563UJ&amp;questionIDList=90192,3108,1,2,14,16,107,15,6,9,49198,58259&amp;mode=live" name="SurveyInput_D1E25563UJ" method="post" onsubmit="return formCheck(this);"> <b><font color="#000000" size="2"><input name="formRelocateURL" type="hidden" /> <input name="clicksource" type="hidden" /> <input name="iMarketingSyncID" type="hidden" /> <input name="WebSyncID" type="hidden" /> <input name="sessionGuid" type="hidden" /> <input name="q90192" value="IWTwitterSignup2010" type="hidden" /><br /> <input name="q3108" value="Inbound Web" type="hidden" /> <font face="trebuchet ms,geneva"><label><font color="#ff0000">*</font> <font size="1">Required Fields<br /> </font></label></font> <table width="554" border="0" height="244"> <tbody> <tr> <td><font face="trebuchet ms,geneva"><label><font size="2">First Name<font color="#ff0000">*</font></font></label> </font><br /> </td> <td><font face="trebuchet ms,geneva"><input autocomplete="OFF" name="q1" maxlength="50" alt="First Name" /> </font></td> </tr> <tr> <td><font face="trebuchet ms,geneva" size="+0"><font size="2">Last Name<font color="#ff0000">*</font></font></font></td> <td><font face="trebuchet ms,geneva" size="2"><input autocomplete="OFF" name="q2" maxlength="50" alt="Last Name" /> </font></td> </tr> <tr> <td><font face="trebuchet ms,geneva" size="+0"><font size="2">Email Address<font color="#ff0000">*</font></font></font></td> <td><font face="trebuchet ms,geneva"><input autocomplete="OFF" name="q14" maxlength="85" alt="Email Address" /> </font></td> </tr> <tr> <td><font face="trebuchet ms,geneva" size="+0"><font size="2">Work Phone</font></font><font face="trebuchet ms,geneva" size="+0"><font size="2"><font color="#ff0000">*</font></font></font></td> <td><font face="trebuchet ms,geneva"><input autocomplete="OFF" name="q16" size="15" maxlength="25" alt="Work Phone" /> </font></td> </tr> <tr> <td><font face="trebuchet ms,geneva" size="+0"><font size="2">Title<font color="#ff0000">*</font></font></font></td> <td><font face="trebuchet ms,geneva"><input autocomplete="OFF" name="q107" maxlength="40" alt="Job Title" /> </font></td> </tr> <tr> <td><font face="trebuchet ms,geneva" size="+0"><font size="2">Company Name<font color="#ff0000">*</font></font></font></td> <td><font face="trebuchet ms,geneva"><input name="q15" maxlength="100" alt="Company Name" /> </font></td> </tr> <tr> <td><font face="trebuchet ms,geneva" size="+0"><font size="2">State/Province<font color="#ff0000">*</font></font></font></td> <td><select name="q6" class="form_SelectInstruction" id="q6"> <option> -- Select below --</option> <option value="Non US"> Not listed</option> <optgroup label="-- US States --"> <option value="AL"> Alabama</option> <option value="AK"> Alaska</option> <option value="AZ"> Arizona</option> <option value="AR"> Arkansas</option> <option value="CA"> California</option> <option value="CO"> Colorado</option> <option value="CT"> Connecticut</option> <option value="DE"> Delaware</option> <option value="FL"> Florida</option> <option value="GA"> Georgia</option> <option value="HI"> Hawaii</option> <option value="ID"> Idaho</option> <option value="IL"> Illinois</option> <option value="IN"> Indiana</option> <option value="IA"> Iowa</option> <option value="KS"> Kansas</option> <option value="KY"> Kentucky</option> <option value="LA"> Louisiana</option> <option value="ME"> Maine</option> <option value="MD"> Maryland</option> <option value="MA"> Massachusetts</option> <option value="MI"> Michigan</option> <option value="MN"> Minnesota</option> <option value="MS"> Mississippi</option> <option value="MO"> Missouri</option> <option value="MT"> Montana</option> <option value="NE"> Nebraska</option> <option value="NV"> Nevada</option> <option value="NH"> New Hampshire</option> <option value="NJ"> New Jersey</option> <option value="NM"> New Mexico</option> <option value="NY"> New York</option> <option value="NC"> North Carolina</option> <option value="ND"> North Dakota</option> <option value="OH"> Ohio</option> <option value="OK"> Oklahoma</option> <option value="OR"> Oregon</option> <option value="PA"> Pennsylvania</option> <option value="RI"> Rhode Island</option> <option value="SC"> South Carolina</option> <option value="SD"> South Dakota</option> <option value="TN"> Tennessee</option> <option value="TX"> Texas</option> <option value="UT"> Utah</option> <option value="VT"> Vermont</option> <option value="VA"> Virginia</option> <option value="WA"> Washington</option> <option value="DC"> Washington D.C.</option> <option value="WV"> West Virginia</option> <option value="WI"> Wisconsin</option> <option value="WY"> Wyoming</option> </optgroup> <optgroup label="-- Canadian Provinces --"> <option value="AB"> AB - Alberta</option> <option value="BC"> BC - British Columbia</option> <option value="MB"> MB - Manitoba</option> <option value="NB"> NB - New Brunswick</option> <option value="NF"> NF - Newfoundland</option> <option value="NS"> NS - Nova Scotia</option> <option value="NT"> NT - Northwest Territories</option> <option value="NU"> NU - Nunavut</option> <option value="ON"> ON - Ontario</option> <option value="PE"> PE - Prince Edward Island</option> <option value="QC"> QC - Quebec</option> <option value="SK"> SK - Saskatchewan</option> <option value="YT"> YT - Yukon</option> </optgroup> <optgroup label="-- Australia --"> <option value="AU.NSW"> New South Wales</option> <option value="AU.NT"> Northern Territory</option> <option value="AU.QLD"> Queensland</option> <option value="AU.SA"> South Australia</option> <option value="AU.TAS"> Tasmania</option> <option value="AU.VIC"> Victoria</option> <option value="AU.WA"> Western Australia</option> </optgroup> <option value="Non US"> Not listed</option></select></td> </tr> <tr> <td><font face="trebuchet ms,geneva" size="+0"><font size="2">Country<font color="#ff0000">*</font></font></font></td> <td><select name="q9" class="form_SelectInstruction" id="q9"> <option> -- Select Country --</option> <option value="US"> United States</option> <option value="AF"> Afghanistan, Islamic State of</option> <option value="AL"> Albania</option> <option value="DZ"> Algeria</option> <option value="AS"> American Samoa</option> <option value="AD"> Andorra, Principality of</option> <option value="AO"> Angola</option> ..
IIS Version Disclosure

IIS Version Disclosure

1 TOTAL
INFORMATION
Netsparker identified that the target web server is disclosing the web server's version in the HTTP response. This information can help an attacker to gain a greater understanding of the system in use and potentially develop further attacks targeted at the specific web server version.

Impact

An attacker can look for specific security vulnerabilities for the version identified through the SERVER header information.

Remediation

Configure your web server to prevent information leakage from the SERVER header of its HTTP response.
- /robots.txt

/robots.txt

http://gw.vtrenz.net/robots.txt

Extracted Version

Microsoft-IIS/6.0

Request

GET /robots.txt HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations)
Cache-Control: no-cache
Host: gw.vtrenz.net
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Content-Length: 26
Content-Type: text/plain
Content-Location: http://gw.vtrenz.net/robots.txt
Last-Modified: Thu, 17 Dec 2009 23:02:00 GMT
Accept-Ranges: bytes
ETag: "24327ef06c7fca1:474"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 08 Mar 2011 02:41:19 GMT


User-agent: *
Disallow: /
Robots.txt Identified

Robots.txt Identified

1 TOTAL
INFORMATION
CONFIRMED
1
Netsparker identified a possibly sensitive Robots.txt file with potentially sensitive content.

Impact

Depending on the content of the file, an attacker might discover hidden directories. Ensure that you have got nothing sensitive exposed within this folder such as the path of the administration panel.

Remedy

  • If disallowed paths are sensitive, do not write them in the robots.txt and ensure that they correctly protected by means of authentication.
- /robots.txt

/robots.txt CONFIRMED

http://gw.vtrenz.net/robots.txt

Interesting Robots.txt Entries

  • Disallow: /

Request

GET /robots.txt HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations)
Cache-Control: no-cache
Host: gw.vtrenz.net
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Content-Length: 26
Content-Type: text/plain
Content-Location: http://gw.vtrenz.net/robots.txt
Last-Modified: Thu, 17 Dec 2009 23:02:00 GMT
Accept-Ranges: bytes
ETag: "24327ef06c7fca1:474"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 08 Mar 2011 02:41:19 GMT


User-agent: *
Disallow: /