XSS, Cross Site Scripting, Javascript Injection, portal.tidaltv.com, CWE-79, CAPEC-86Loading
Netsparker - Scan Report Summary
|
||||||||||
|
Total RequestsAverage Speedreq/sec. |
7
identified
5
confirmed
0
critical
3
informational
|
||||||||
GHDB, DORK TestsGHDB, DORK Tests
|
||||||||||
|
Authentication
Scheduled
|
|||||||||
VULNERABILITIESVulnerabilities
|
||
 |
IMPORTANT
14 %
LOW
43 %
INFORMATION
43 %
|
|
Password Transmitted Over HTTP
Password Transmitted Over HTTP
1
TOTAL
IMPORTANT
CONFIRMED
1
Netsparker identified that password data is sent over HTTP.
Impact
If an attacker can intercept network traffic he/she can steal users credentials.
Actions to Take
- See the remedy for solution.
- Move all of your critical forms and pages to HTTPS and do not serve them over HTTP.
Remedy
All sensitive data should be transferred over HTTPS rather than HTTP. Forms should be served over HTTPS. All aspects of the application that accept user input starting from the login process should only be served over HTTPS.
|
- /
/ CONFIRMED |
Form target action
/
Request
GET / HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: portal.tidaltv.com
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: portal.tidaltv.com
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
Response
HTTP/1.1 200 OK
Date: Sat, 12 Feb 2011 20:14:23 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
X-AspNetMvc-Version: 2.0
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Content-Length: 10714
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /><meta HTTP-EQUIV="Cache-Control" content="max-age=0" /><meta HTTP-EQUIV="Cache-Control" content="no-cache" /><meta HTTP-EQUIV="Expires" content="0" /><meta HTTP-EQUIV="Expires" content="-1" /><meta HTTP-EQUIV="Pragma" content="no-cache" /><title>
Login
</title>
<link href="/Content/Site.css" rel="stylesheet" type="text/css" />
<script language="javascript" type="text/javascript">
function confirmDelete(name,url)
{
var answer = confirm("Do you really want to delete " + name + "?");
if (answer)
{
window.location = url;
}
}
function confirmContinue(action)
{
var agree=confirm("Are you sure you wish to " + action + "?");
if (agree)
{
return true ;
}
else
{
return false ;
}
}
var titleSwitchCount = 0;
var titleSwitchLimit = 4000;
var titleOriginalText = "Login";
var titleText = "ATTENTION!";
var titleDelay = 500;
function SetSelectedValueInIE(val)
{
jQuery('#type').attr('value', val);
}
function titlebarTextAlert()
{
// Failsafe
if( titleSwitchCount) return;
titlebarSwitch();
}
function titlebarSwitch()
{
if( document.title == titleOriginalText)
{
// New message text
document.title = titleText;
titleSwitchCount++;
}
else {
// Original text
document.title = titleOriginalText;
if( titleSwitchCount == titleSwitchLimit) titleSwitchCount = 0;
}
// If count is 0 then we must have just reset it
if( titleSwitchCount) setTimeout( "titlebarSwitch();", titleDelay);
}
function showSessionAlert()
{
var responseTimer = window.setTimeout("endSession()", 50000);
titlebarSwitch();
$('div#hidden-session-message').fadeTo("fast",.5);
$('div#hidden-session-message').show();
$('div#message-container').show();
$('div#message-container').fadeTo("fast",1);
}
function endSession()
{
window.location = '/Account/Logout';
}
function hideSessionAlert()
{
$('div#hidden-session-message').hide();
$('div#message-container').hide();
}
</script>
<!-- user: -->
<link type="text/css" href="/Content/2010.3.1318/telerik.common.min.css" rel="stylesheet"/>
<link type="text/css" href="/Content/2010.3.1318/telerik.web20.min.css" rel="stylesheet"/>
</head>
<body>
<div class="page">
<table width="100%" cellpadding="0" border="0" cellspacing="0">
<tr>
<!-- logo -->
<td rowspan="2" class="logo">
<div align="left">
<img src="/Content/Images/new_logo.png" alt="TidalTV Logo" /></div>
</td>
<td valign="bottom" class="logindisplay" align="right">
</td>
</tr>
<tr class="nohelp">
<td valign="bottom" align="right" class="ldcontainer">
<table cellspacing=0 cellpadding=0 border=0>
<tr>
<td valign="bottom">
<img src="/Content/Images/spacer.gif" width="12" height="22" />
</td>
<td align="center">
</td>
<td valign="bottom">
<img src="/Content/Images/spacer.gif" width="12" height="22" />
</td>
<td valign="top" align="right">
</td>
</tr>
</table>
</td>
</tr>
</table>
<div id="main">
<table width="100%" cellpadding="0" border="0" cellspacing="0">
<tr height="20">
<td valign="top" class="roundleft">
<img align="left" height="20" width="20" src="/Content/Images/spacer.gif" />
</td>
<td valign="top" rowspan="2" bgcolor="#fafbfd">
<img height="480" width="1" src="/Content/Images/spacer.gif" />
</td>
<td valign="top" bgcolor="white" align="right">
</td>
<td valign="top" bgcolor="white" align="right">
<img height="20" width="20" src="/Content/Images/login_new_11.png" />
</td>
</tr>
<tr>
<td bgcolor="White">
<img height="1" width="20" src="/Content/Images/spacer.gif" />
</td>
<td valign="top" bgcolor="White">
<div id="maincontent">
<div style="margin-left: 40px;">
<form method="post" action="/">
<div class="headerimage"><img src="/Content/Images/login.gif" alt="LOGIN" title="LOGIN" /></div>
<br clear="all" />
<label for="username">Username: </label>
<input id="username" name="username" type="text" value="" />
<span class="forgot"><a href="/Account/UserReminder" tabindex="5">Forgot?</a><br /></span>
<br /> <br />
<label for="password">Password: </label>
<input id="password" name="password" type="password" />
<span class="forgot"><a href="/Account/PasswordReminder" tabindex="6">Forgot?</a></span><br />
<br />
<label for="rememberMe"> </label>
<input type="checkbox" class="noborder" name="rememberMe" value="true" /><span class="remember">Remember Me?</span> <br />
<br />
<input id="ReturnUrl" name="ReturnUrl" type="hidden" value="" />
<br /><input id="submitbutton" type="submit" value="Submit" />
</form>
</div>
<!--
-->
</div>
</td>
<td bgcolor="White">
<img height="1" width="20" src="/Content/Images/spacer.gif" />
</td>
</tr>
</table>
</div>
<table cellpadding="0" cellspacing="0" border="0" width="90%">
<tr>
<td width="50%">
<div id="footernav">
<a target="_blank" href="http://www.tidaltv.com/privacy.html">Privacy Policy</a>
</div>
</td>
<td align="right" width="50%">
<div id="footer">
TidalTV Business Portal © Copyright 2009
</div>
</td>
</tr>
</table>
</div>
<link media="screen" rel="stylesheet" href="/Content/colorbox.css" />
<div id="message-container">
<center><div id="hidden-session-message">Your session is about to timeout. Please click OK to reload the page, or Cancel to log out.</div>
<br /><input type="button" id="continue-session" value="OK" /><input type="button" id="end-session" value="Cancel" /></center></div>
<script type="text/javascript" src="/Scripts/2010.3.1318/jquery-1.4.4.min.js"></script>
<script type="text/javascript" src="/Scripts/2010.3.1318/telerik.common.min.js"></script>
<script type="text/javascript" src="/Scripts/2010.3.1318/telerik.menu.min.js"></script>
<script type="text/javascript" src="/Scripts/jquery.TidalTv.js"></script>
<script type="text/javascript" src="/Scripts/colorbox/colorbox/jquery.colorbox-min.js"></script>
<script type="text/javascript">
//<![CDATA[
jQuery(document).ready(function(){
jQuery('#Menu').tMenu({effects:{list:[{name:'toggle'}],openDuration:200,closeDuration:200}});
jQuery.ajaxSettings.traditional = true;
$.getJSON("/Search/GetSearchOptionsJSONList", {i: 79}, function(data) {
$("#type").fillSelect(data);
var selectedValue = '';
if ($.browser.msie)
{
$.each(data, function(index, optionData)
{
if(optionData.Selected)
//alert(optionData.Value);
SetSelectedValueInIE(optionData.Value);
});
}
});
var sessionTimer = window.setTimeout("showSessionAlert()", 2640000);
$('#continue-session').click(function(){
location.reload(true);
});
$('#end-session').click(function(){
endSession();
});
});
//]]>
</script>
</body>
</html>
<!-- Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322) -->
Date: Sat, 12 Feb 2011 20:14:23 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
X-AspNetMvc-Version: 2.0
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Content-Length: 10714
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /><meta HTTP-EQUIV="Cache-Control" content="max-age=0" /><meta HTTP-EQUIV="Cache-Control" content="no-cache" /><meta HTTP-EQUIV="Expires" content="0" /><meta HTTP-EQUIV="Expires" content="-1" /><meta HTTP-EQUIV="Pragma" content="no-cache" /><title>
Login
</title>
<link href="/Content/Site.css" rel="stylesheet" type="text/css" />
<script language="javascript" type="text/javascript">
function confirmDelete(name,url)
{
var answer = confirm("Do you really want to delete " + name + "?");
if (answer)
{
window.location = url;
}
}
function confirmContinue(action)
{
var agree=confirm("Are you sure you wish to " + action + "?");
if (agree)
{
return true ;
}
else
{
return false ;
}
}
var titleSwitchCount = 0;
var titleSwitchLimit = 4000;
var titleOriginalText = "Login";
var titleText = "ATTENTION!";
var titleDelay = 500;
function SetSelectedValueInIE(val)
{
jQuery('#type').attr('value', val);
}
function titlebarTextAlert()
{
// Failsafe
if( titleSwitchCount) return;
titlebarSwitch();
}
function titlebarSwitch()
{
if( document.title == titleOriginalText)
{
// New message text
document.title = titleText;
titleSwitchCount++;
}
else {
// Original text
document.title = titleOriginalText;
if( titleSwitchCount == titleSwitchLimit) titleSwitchCount = 0;
}
// If count is 0 then we must have just reset it
if( titleSwitchCount) setTimeout( "titlebarSwitch();", titleDelay);
}
function showSessionAlert()
{
var responseTimer = window.setTimeout("endSession()", 50000);
titlebarSwitch();
$('div#hidden-session-message').fadeTo("fast",.5);
$('div#hidden-session-message').show();
$('div#message-container').show();
$('div#message-container').fadeTo("fast",1);
}
function endSession()
{
window.location = '/Account/Logout';
}
function hideSessionAlert()
{
$('div#hidden-session-message').hide();
$('div#message-container').hide();
}
</script>
<!-- user: -->
<link type="text/css" href="/Content/2010.3.1318/telerik.common.min.css" rel="stylesheet"/>
<link type="text/css" href="/Content/2010.3.1318/telerik.web20.min.css" rel="stylesheet"/>
</head>
<body>
<div class="page">
<table width="100%" cellpadding="0" border="0" cellspacing="0">
<tr>
<!-- logo -->
<td rowspan="2" class="logo">
<div align="left">
<img src="/Content/Images/new_logo.png" alt="TidalTV Logo" /></div>
</td>
<td valign="bottom" class="logindisplay" align="right">
</td>
</tr>
<tr class="nohelp">
<td valign="bottom" align="right" class="ldcontainer">
<table cellspacing=0 cellpadding=0 border=0>
<tr>
<td valign="bottom">
<img src="/Content/Images/spacer.gif" width="12" height="22" />
</td>
<td align="center">
</td>
<td valign="bottom">
<img src="/Content/Images/spacer.gif" width="12" height="22" />
</td>
<td valign="top" align="right">
</td>
</tr>
</table>
</td>
</tr>
</table>
<div id="main">
<table width="100%" cellpadding="0" border="0" cellspacing="0">
<tr height="20">
<td valign="top" class="roundleft">
<img align="left" height="20" width="20" src="/Content/Images/spacer.gif" />
</td>
<td valign="top" rowspan="2" bgcolor="#fafbfd">
<img height="480" width="1" src="/Content/Images/spacer.gif" />
</td>
<td valign="top" bgcolor="white" align="right">
</td>
<td valign="top" bgcolor="white" align="right">
<img height="20" width="20" src="/Content/Images/login_new_11.png" />
</td>
</tr>
<tr>
<td bgcolor="White">
<img height="1" width="20" src="/Content/Images/spacer.gif" />
</td>
<td valign="top" bgcolor="White">
<div id="maincontent">
<div style="margin-left: 40px;">
<form method="post" action="/">
<div class="headerimage"><img src="/Content/Images/login.gif" alt="LOGIN" title="LOGIN" /></div>
<br clear="all" />
<label for="username">Username: </label>
<input id="username" name="username" type="text" value="" />
<span class="forgot"><a href="/Account/UserReminder" tabindex="5">Forgot?</a><br /></span>
<br /> <br />
<label for="password">Password: </label>
<input id="password" name="password" type="password" />
<span class="forgot"><a href="/Account/PasswordReminder" tabindex="6">Forgot?</a></span><br />
<br />
<label for="rememberMe"> </label>
<input type="checkbox" class="noborder" name="rememberMe" value="true" /><span class="remember">Remember Me?</span> <br />
<br />
<input id="ReturnUrl" name="ReturnUrl" type="hidden" value="" />
<br /><input id="submitbutton" type="submit" value="Submit" />
</form>
</div>
<!--
-->
</div>
</td>
<td bgcolor="White">
<img height="1" width="20" src="/Content/Images/spacer.gif" />
</td>
</tr>
</table>
</div>
<table cellpadding="0" cellspacing="0" border="0" width="90%">
<tr>
<td width="50%">
<div id="footernav">
<a target="_blank" href="http://www.tidaltv.com/privacy.html">Privacy Policy</a>
</div>
</td>
<td align="right" width="50%">
<div id="footer">
TidalTV Business Portal © Copyright 2009
</div>
</td>
</tr>
</table>
</div>
<link media="screen" rel="stylesheet" href="/Content/colorbox.css" />
<div id="message-container">
<center><div id="hidden-session-message">Your session is about to timeout. Please click OK to reload the page, or Cancel to log out.</div>
<br /><input type="button" id="continue-session" value="OK" /><input type="button" id="end-session" value="Cancel" /></center></div>
<script type="text/javascript" src="/Scripts/2010.3.1318/jquery-1.4.4.min.js"></script>
<script type="text/javascript" src="/Scripts/2010.3.1318/telerik.common.min.js"></script>
<script type="text/javascript" src="/Scripts/2010.3.1318/telerik.menu.min.js"></script>
<script type="text/javascript" src="/Scripts/jquery.TidalTv.js"></script>
<script type="text/javascript" src="/Scripts/colorbox/colorbox/jquery.colorbox-min.js"></script>
<script type="text/javascript">
//<![CDATA[
jQuery(document).ready(function(){
jQuery('#Menu').tMenu({effects:{list:[{name:'toggle'}],openDuration:200,closeDuration:200}});
jQuery.ajaxSettings.traditional = true;
$.getJSON("/Search/GetSearchOptionsJSONList", {i: 79}, function(data) {
$("#type").fillSelect(data);
var selectedValue = '';
if ($.browser.msie)
{
$.each(data, function(index, optionData)
{
if(optionData.Selected)
//alert(optionData.Value);
SetSelectedValueInIE(optionData.Value);
});
}
});
var sessionTimer = window.setTimeout("showSessionAlert()", 2640000);
$('#continue-session').click(function(){
location.reload(true);
});
$('#end-session').click(function(){
endSession();
});
});
//]]>
</script>
</body>
</html>
<!-- Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322) -->
Internal Server Error
Internal Server Error
1
TOTAL
LOW
CONFIRMED
1
The Server responded with an HTTP status 500. This indicates that there is a server-side error. Reasons may vary. The behavior should be analysed carefully. If Netsparker is able to find a security issue in the same resource it will report this as a separate vulnerability.
Impact
The impact may vary depending on the condition. Generally this indicates poor coding practices, not enough error checking, sanitization and whitelisting. However there might be a bigger issue such as SQL Injection. If that's the case Netsparker will check for other possible issues and report them separately.
Remedy
Analyse this issue and review the application code in order to handle unexpected errors, this should be a generic practice which does not disclose further information upon an error. All errors should be handled server side only.
|
- /
/ CONFIRMED |
Parameters
| Parameter | Type | Value |
| username | POST | '"--></style></script><script>netsparker(0x000066)</script> |
| password | POST | 3 |
| rememberMe | POST | true |
| ReturnUrl | POST | 3 |
Request
POST / HTTP/1.1
Referer: http://portal.tidaltv.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: portal.tidaltv.com
Content-Length: 133
Accept-Encoding: gzip, deflate
username='%22--%3e%3c%2fstyle%3e%3c%2fscript%3e%3cscript%3enetsparker(0x000066)%3c%2fscript%3e&password=3&rememberMe=true&ReturnUrl=3
Referer: http://portal.tidaltv.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: portal.tidaltv.com
Content-Length: 133
Accept-Encoding: gzip, deflate
username='%22--%3e%3c%2fstyle%3e%3c%2fscript%3e%3cscript%3enetsparker(0x000066)%3c%2fscript%3e&password=3&rememberMe=true&ReturnUrl=3
Response
HTTP/1.1 500 Internal Server Error
Date: Sat, 12 Feb 2011 20:14:48 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
X-AspNetMvc-Version: 2.0
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 9712
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /><meta HTTP-EQUIV="Cache-Control" content="max-age=0" /><meta HTTP-EQUIV="Cache-Control" content="no-cache" /><meta HTTP-EQUIV="Expires" content="0" /><meta HTTP-EQUIV="Expires" content="-1" /><meta HTTP-EQUIV="Pragma" content="no-cache" /><title>
</title>
<link href="/Content/Site.css" rel="stylesheet" type="text/css" />
<script language="javascript" type="text/javascript">
function confirmDelete(name,url)
{
var answer = confirm("Do you really want to delete " + name + "?");
if (answer)
{
window.location = url;
}
}
function confirmContinue(action)
{
var agree=confirm("Are you sure you wish to " + action + "?");
if (agree)
{
return true ;
}
else
{
return false ;
}
}
var titleSwitchCount = 0;
var titleSwitchLimit = 4000;
var titleOriginalText = "";
var titleText = "ATTENTION!";
var titleDelay = 500;
function SetSelectedValueInIE(val)
{
jQuery('#type').attr('value', val);
}
function titlebarTextAlert()
{
// Failsafe
if( titleSwitchCount) return;
titlebarSwitch();
}
function titlebarSwitch()
{
if( document.title == titleOriginalText)
{
// New message text
document.title = titleText;
titleSwitchCount++;
}
else {
// Original text
document.title = titleOriginalText;
if( titleSwitchCount == titleSwitchLimit) titleSwitchCount = 0;
}
// If count is 0 then we must have just reset it
if( titleSwitchCount) setTimeout( "titlebarSwitch();", titleDelay);
}
function showSessionAlert()
{
var responseTimer = window.setTimeout("endSession()", 50000);
titlebarSwitch();
$('div#hidden-session-message').fadeTo("fast",.5);
$('div#hidden-session-message').show();
$('div#message-container').show();
$('div#message-container').fadeTo("fast",1);
}
function endSession()
{
window.location = '/Account/Logout';
}
function hideSessionAlert()
{
$('div#hidden-session-message').hide();
$('div#message-container').hide();
}
</script>
<!-- user: -->
<link type="text/css" href="/Content/2010.3.1318/telerik.common.min.css" rel="stylesheet"/>
<link type="text/css" href="/Content/2010.3.1318/telerik.web20.min.css" rel="stylesheet"/>
</head>
<body>
<div class="page">
<table width="100%" cellpadding="0" border="0" cellspacing="0">
<tr>
<!-- logo -->
<td rowspan="2" class="logo">
<div align="left">
<img src="/Content/Images/new_logo.png" alt="TidalTV Logo" /></div>
</td>
<td valign="bottom" class="logindisplay" align="right">
</td>
</tr>
<tr class="nohelp">
<td valign="bottom" align="right" class="ldcontainer">
<table cellspacing=0 cellpadding=0 border=0>
<tr>
<td valign="bottom">
<img src="/Content/Images/spacer.gif" width="12" height="22" />
</td>
<td align="center">
</td>
<td valign="bottom">
<img src="/Content/Images/spacer.gif" width="12" height="22" />
</td>
<td valign="top" align="right">
</td>
</tr>
</table>
</td>
</tr>
</table>
<div id="main">
<table width="100%" cellpadding="0" border="0" cellspacing="0">
<tr height="20">
<td valign="top" class="roundleft">
<img align="left" height="20" width="20" src="/Content/Images/spacer.gif" />
</td>
<td valign="top" rowspan="2" bgcolor="#fafbfd">
<img height="480" width="1" src="/Content/Images/spacer.gif" />
</td>
<td valign="top" bgcolor="white" align="right">
</td>
<td valign="top" bgcolor="white" align="right">
<img height="20" width="20" src="/Content/Images/login_new_11.png" />
</td>
</tr>
<tr>
<td bgcolor="White">
<img height="1" width="20" src="/Content/Images/spacer.gif" />
</td>
<td valign="top" bgcolor="White">
<div id="maincontent">
<h2>
Sorry, an error occurred while processing your request.
</h2>
</div>
</td>
<td bgcolor="White">
<img height="1" width="20" src="/Content/Images/spacer.gif" />
</td>
</tr>
</table>
</div>
<table cellpadding="0" cellspacing="0" border="0" width="90%">
<tr>
<td width="50%">
<div id="footernav">
<a target="_blank" href="http://www.tidaltv.com/privacy.html">Privacy Policy</a>
</div>
</td>
<td align="right" width="50%">
<div id="footer">
TidalTV Business Portal © Copyright 2009
</div>
</td>
</tr>
</table>
</div>
<link media="screen" rel="stylesheet" href="/Content/colorbox.css" />
<div id="message-container">
<center><div id="hidden-session-message">Your session is about to timeout. Please click OK to reload the page, or Cancel to log out.</div>
<br /><input type="button" id="continue-session" value="OK" /><input type="button" id="end-session" value="Cancel" /></center></div>
<script type="text/javascript" src="/Scripts/2010.3.1318/jquery-1.4.4.min.js"></script>
<script type="text/javascript" src="/Scripts/2010.3.1318/telerik.common.min.js"></script>
<script type="text/javascript" src="/Scripts/2010.3.1318/telerik.menu.min.js"></script>
<script type="text/javascript" src="/Scripts/jquery.TidalTv.js"></script>
<script type="text/javascript" src="/Scripts/colorbox/colorbox/jquery.colorbox-min.js"></script>
<script type="text/javascript">
//<![CDATA[
jQuery(document).ready(function(){
jQuery('#Menu').tMenu({effects:{list:[{name:'toggle'}],openDuration:200,closeDuration:200}});
jQuery.ajaxSettings.traditional = true;
$.getJSON("/Search/GetSearchOptionsJSONList", {i: 712}, function(data) {
$("#type").fillSelect(data);
var selectedValue = '';
if ($.browser.msie)
{
$.each(data, function(index, optionData)
{
if(optionData.Selected)
//alert(optionData.Value);
SetSelectedValueInIE(optionData.Value);
});
}
});
var sessionTimer = window.setTimeout("showSessionAlert()", 2640000);
$('#continue-session').click(function(){
location.reload(true);
});
$('#end-session').click(function(){
endSession();
});
});
//]]>
</script>
</body>
</html>
<!-- Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322) -->
Date: Sat, 12 Feb 2011 20:14:48 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
X-AspNetMvc-Version: 2.0
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 9712
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /><meta HTTP-EQUIV="Cache-Control" content="max-age=0" /><meta HTTP-EQUIV="Cache-Control" content="no-cache" /><meta HTTP-EQUIV="Expires" content="0" /><meta HTTP-EQUIV="Expires" content="-1" /><meta HTTP-EQUIV="Pragma" content="no-cache" /><title>
</title>
<link href="/Content/Site.css" rel="stylesheet" type="text/css" />
<script language="javascript" type="text/javascript">
function confirmDelete(name,url)
{
var answer = confirm("Do you really want to delete " + name + "?");
if (answer)
{
window.location = url;
}
}
function confirmContinue(action)
{
var agree=confirm("Are you sure you wish to " + action + "?");
if (agree)
{
return true ;
}
else
{
return false ;
}
}
var titleSwitchCount = 0;
var titleSwitchLimit = 4000;
var titleOriginalText = "";
var titleText = "ATTENTION!";
var titleDelay = 500;
function SetSelectedValueInIE(val)
{
jQuery('#type').attr('value', val);
}
function titlebarTextAlert()
{
// Failsafe
if( titleSwitchCount) return;
titlebarSwitch();
}
function titlebarSwitch()
{
if( document.title == titleOriginalText)
{
// New message text
document.title = titleText;
titleSwitchCount++;
}
else {
// Original text
document.title = titleOriginalText;
if( titleSwitchCount == titleSwitchLimit) titleSwitchCount = 0;
}
// If count is 0 then we must have just reset it
if( titleSwitchCount) setTimeout( "titlebarSwitch();", titleDelay);
}
function showSessionAlert()
{
var responseTimer = window.setTimeout("endSession()", 50000);
titlebarSwitch();
$('div#hidden-session-message').fadeTo("fast",.5);
$('div#hidden-session-message').show();
$('div#message-container').show();
$('div#message-container').fadeTo("fast",1);
}
function endSession()
{
window.location = '/Account/Logout';
}
function hideSessionAlert()
{
$('div#hidden-session-message').hide();
$('div#message-container').hide();
}
</script>
<!-- user: -->
<link type="text/css" href="/Content/2010.3.1318/telerik.common.min.css" rel="stylesheet"/>
<link type="text/css" href="/Content/2010.3.1318/telerik.web20.min.css" rel="stylesheet"/>
</head>
<body>
<div class="page">
<table width="100%" cellpadding="0" border="0" cellspacing="0">
<tr>
<!-- logo -->
<td rowspan="2" class="logo">
<div align="left">
<img src="/Content/Images/new_logo.png" alt="TidalTV Logo" /></div>
</td>
<td valign="bottom" class="logindisplay" align="right">
</td>
</tr>
<tr class="nohelp">
<td valign="bottom" align="right" class="ldcontainer">
<table cellspacing=0 cellpadding=0 border=0>
<tr>
<td valign="bottom">
<img src="/Content/Images/spacer.gif" width="12" height="22" />
</td>
<td align="center">
</td>
<td valign="bottom">
<img src="/Content/Images/spacer.gif" width="12" height="22" />
</td>
<td valign="top" align="right">
</td>
</tr>
</table>
</td>
</tr>
</table>
<div id="main">
<table width="100%" cellpadding="0" border="0" cellspacing="0">
<tr height="20">
<td valign="top" class="roundleft">
<img align="left" height="20" width="20" src="/Content/Images/spacer.gif" />
</td>
<td valign="top" rowspan="2" bgcolor="#fafbfd">
<img height="480" width="1" src="/Content/Images/spacer.gif" />
</td>
<td valign="top" bgcolor="white" align="right">
</td>
<td valign="top" bgcolor="white" align="right">
<img height="20" width="20" src="/Content/Images/login_new_11.png" />
</td>
</tr>
<tr>
<td bgcolor="White">
<img height="1" width="20" src="/Content/Images/spacer.gif" />
</td>
<td valign="top" bgcolor="White">
<div id="maincontent">
<h2>
Sorry, an error occurred while processing your request.
</h2>
</div>
</td>
<td bgcolor="White">
<img height="1" width="20" src="/Content/Images/spacer.gif" />
</td>
</tr>
</table>
</div>
<table cellpadding="0" cellspacing="0" border="0" width="90%">
<tr>
<td width="50%">
<div id="footernav">
<a target="_blank" href="http://www.tidaltv.com/privacy.html">Privacy Policy</a>
</div>
</td>
<td align="right" width="50%">
<div id="footer">
TidalTV Business Portal © Copyright 2009
</div>
</td>
</tr>
</table>
</div>
<link media="screen" rel="stylesheet" href="/Content/colorbox.css" />
<div id="message-container">
<center><div id="hidden-session-message">Your session is about to timeout. Please click OK to reload the page, or Cancel to log out.</div>
<br /><input type="button" id="continue-session" value="OK" /><input type="button" id="end-session" value="Cancel" /></center></div>
<script type="text/javascript" src="/Scripts/2010.3.1318/jquery-1.4.4.min.js"></script>
<script type="text/javascript" src="/Scripts/2010.3.1318/telerik.common.min.js"></script>
<script type="text/javascript" src="/Scripts/2010.3.1318/telerik.menu.min.js"></script>
<script type="text/javascript" src="/Scripts/jquery.TidalTv.js"></script>
<script type="text/javascript" src="/Scripts/colorbox/colorbox/jquery.colorbox-min.js"></script>
<script type="text/javascript">
//<![CDATA[
jQuery(document).ready(function(){
jQuery('#Menu').tMenu({effects:{list:[{name:'toggle'}],openDuration:200,closeDuration:200}});
jQuery.ajaxSettings.traditional = true;
$.getJSON("/Search/GetSearchOptionsJSONList", {i: 712}, function(data) {
$("#type").fillSelect(data);
var selectedValue = '';
if ($.browser.msie)
{
$.each(data, function(index, optionData)
{
if(optionData.Selected)
//alert(optionData.Value);
SetSelectedValueInIE(optionData.Value);
});
}
});
var sessionTimer = window.setTimeout("showSessionAlert()", 2640000);
$('#continue-session').click(function(){
location.reload(true);
});
$('#end-session').click(function(){
endSession();
});
});
//]]>
</script>
</body>
</html>
<!-- Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322) -->
Auto Complete Enabled
Auto Complete Enabled
1
TOTAL
LOW
CONFIRMED
1
"Auto Complete" was enabled in one or more of the form fields. These were either "password" fields or important fields such as "Credit Card".
Impact
Data entered in these fields will be cached by the browser. An attacker who can access the victim's browser could steal this information. This is especially important if the application is commonly used in shared computers such as cyber cafes or airport terminals.Remedy
Add the attribute
autocomplete="off" to the form tag or to individual "input" fields.Actions to Take
- See the remedy for the solution.
- Find all instances of inputs which store private data and disable autocomplete. Fields which contain data such as "Credit Card" or "CCV" type data should not be cached. You can allow the application to cache usernames and remember passwords, however, in most cases this is not recommended.
- Re-scan the application after addressing the identified issues to ensure that all of the fixes have been applied properly.
Required Skills for Successful Exploitation
Dumping all data from a browser can be fairly easy and there exist a number of automated tools to undertake this. Where the attacker cannot dump the data, he/she could still browse the recently visited websites and activate the auto-complete feature to see previously entered values.
External References
|
- /
/ CONFIRMED |
Identified Field Name
password
Request
GET / HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: portal.tidaltv.com
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: portal.tidaltv.com
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
Response
HTTP/1.1 200 OK
Date: Sat, 12 Feb 2011 20:14:23 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
X-AspNetMvc-Version: 2.0
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Content-Length: 10714
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /><meta HTTP-EQUIV="Cache-Control" content="max-age=0" /><meta HTTP-EQUIV="Cache-Control" content="no-cache" /><meta HTTP-EQUIV="Expires" content="0" /><meta HTTP-EQUIV="Expires" content="-1" /><meta HTTP-EQUIV="Pragma" content="no-cache" /><title>
Login
</title>
<link href="/Content/Site.css" rel="stylesheet" type="text/css" />
<script language="javascript" type="text/javascript">
function confirmDelete(name,url)
{
var answer = confirm("Do you really want to delete " + name + "?");
if (answer)
{
window.location = url;
}
}
function confirmContinue(action)
{
var agree=confirm("Are you sure you wish to " + action + "?");
if (agree)
{
return true ;
}
else
{
return false ;
}
}
var titleSwitchCount = 0;
var titleSwitchLimit = 4000;
var titleOriginalText = "Login";
var titleText = "ATTENTION!";
var titleDelay = 500;
function SetSelectedValueInIE(val)
{
jQuery('#type').attr('value', val);
}
function titlebarTextAlert()
{
// Failsafe
if( titleSwitchCount) return;
titlebarSwitch();
}
function titlebarSwitch()
{
if( document.title == titleOriginalText)
{
// New message text
document.title = titleText;
titleSwitchCount++;
}
else {
// Original text
document.title = titleOriginalText;
if( titleSwitchCount == titleSwitchLimit) titleSwitchCount = 0;
}
// If count is 0 then we must have just reset it
if( titleSwitchCount) setTimeout( "titlebarSwitch();", titleDelay);
}
function showSessionAlert()
{
var responseTimer = window.setTimeout("endSession()", 50000);
titlebarSwitch();
$('div#hidden-session-message').fadeTo("fast",.5);
$('div#hidden-session-message').show();
$('div#message-container').show();
$('div#message-container').fadeTo("fast",1);
}
function endSession()
{
window.location = '/Account/Logout';
}
function hideSessionAlert()
{
$('div#hidden-session-message').hide();
$('div#message-container').hide();
}
</script>
<!-- user: -->
<link type="text/css" href="/Content/2010.3.1318/telerik.common.min.css" rel="stylesheet"/>
<link type="text/css" href="/Content/2010.3.1318/telerik.web20.min.css" rel="stylesheet"/>
</head>
<body>
<div class="page">
<table width="100%" cellpadding="0" border="0" cellspacing="0">
<tr>
<!-- logo -->
<td rowspan="2" class="logo">
<div align="left">
<img src="/Content/Images/new_logo.png" alt="TidalTV Logo" /></div>
</td>
<td valign="bottom" class="logindisplay" align="right">
</td>
</tr>
<tr class="nohelp">
<td valign="bottom" align="right" class="ldcontainer">
<table cellspacing=0 cellpadding=0 border=0>
<tr>
<td valign="bottom">
<img src="/Content/Images/spacer.gif" width="12" height="22" />
</td>
<td align="center">
</td>
<td valign="bottom">
<img src="/Content/Images/spacer.gif" width="12" height="22" />
</td>
<td valign="top" align="right">
</td>
</tr>
</table>
</td>
</tr>
</table>
<div id="main">
<table width="100%" cellpadding="0" border="0" cellspacing="0">
<tr height="20">
<td valign="top" class="roundleft">
<img align="left" height="20" width="20" src="/Content/Images/spacer.gif" />
</td>
<td valign="top" rowspan="2" bgcolor="#fafbfd">
<img height="480" width="1" src="/Content/Images/spacer.gif" />
</td>
<td valign="top" bgcolor="white" align="right">
</td>
<td valign="top" bgcolor="white" align="right">
<img height="20" width="20" src="/Content/Images/login_new_11.png" />
</td>
</tr>
<tr>
<td bgcolor="White">
<img height="1" width="20" src="/Content/Images/spacer.gif" />
</td>
<td valign="top" bgcolor="White">
<div id="maincontent">
<div style="margin-left: 40px;">
<form method="post" action="/">
<div class="headerimage"><img src="/Content/Images/login.gif" alt="LOGIN" title="LOGIN" /></div>
<br clear="all" />
<label for="username">Username: </label>
<input id="username" name="username" type="text" value="" />
<span class="forgot"><a href="/Account/UserReminder" tabindex="5">Forgot?</a><br /></span>
<br /> <br />
<label for="password">Password: </label>
<input id="password" name="password" type="password" />
<span class="forgot"><a href="/Account/PasswordReminder" tabindex="6">Forgot?</a></span><br />
<br />
<label for="rememberMe"> </label>
<input type="checkbox" class="noborder" name="rememberMe" value="true" /><span class="remember">Remember Me?</span> <br />
<br />
<input id="ReturnUrl" name="ReturnUrl" type="hidden" value="" />
<br /><input id="submitbutton" type="submit" value="Submit" />
</form>
</div>
<!--
-->
</div>
</td>
<td bgcolor="White">
<img height="1" width="20" src="/Content/Images/spacer.gif" />
</td>
</tr>
</table>
</div>
<table cellpadding="0" cellspacing="0" border="0" width="90%">
<tr>
<td width="50%">
<div id="footernav">
<a target="_blank" href="http://www.tidaltv.com/privacy.html">Privacy Policy</a>
</div>
</td>
<td align="right" width="50%">
<div id="footer">
TidalTV Business Portal © Copyright 2009
</div>
</td>
</tr>
</table>
</div>
<link media="screen" rel="stylesheet" href="/Content/colorbox.css" />
<div id="message-container">
<center><div id="hidden-session-message">Your session is about to timeout. Please click OK to reload the page, or Cancel to log out.</div>
<br /><input type="button" id="continue-session" value="OK" /><input type="button" id="end-session" value="Cancel" /></center></div>
<script type="text/javascript" src="/Scripts/2010.3.1318/jquery-1.4.4.min.js"></script>
<script type="text/javascript" src="/Scripts/2010.3.1318/telerik.common.min.js"></script>
<script type="text/javascript" src="/Scripts/2010.3.1318/telerik.menu.min.js"></script>
<script type="text/javascript" src="/Scripts/jquery.TidalTv.js"></script>
<script type="text/javascript" src="/Scripts/colorbox/colorbox/jquery.colorbox-min.js"></script>
<script type="text/javascript">
//<![CDATA[
jQuery(document).ready(function(){
jQuery('#Menu').tMenu({effects:{list:[{name:'toggle'}],openDuration:200,closeDuration:200}});
jQuery.ajaxSettings.traditional = true;
$.getJSON("/Search/GetSearchOptionsJSONList", {i: 79}, function(data) {
$("#type").fillSelect(data);
var selectedValue = '';
if ($.browser.msie)
{
$.each(data, function(index, optionData)
{
if(optionData.Selected)
//alert(optionData.Value);
SetSelectedValueInIE(optionData.Value);
});
}
});
var sessionTimer = window.setTimeout("showSessionAlert()", 2640000);
$('#continue-session').click(function(){
location.reload(true);
});
$('#end-session').click(function(){
endSession();
});
});
//]]>
</script>
</body>
</html>
<!-- Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322) -->
Date: Sat, 12 Feb 2011 20:14:23 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
X-AspNetMvc-Version: 2.0
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Content-Length: 10714
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /><meta HTTP-EQUIV="Cache-Control" content="max-age=0" /><meta HTTP-EQUIV="Cache-Control" content="no-cache" /><meta HTTP-EQUIV="Expires" content="0" /><meta HTTP-EQUIV="Expires" content="-1" /><meta HTTP-EQUIV="Pragma" content="no-cache" /><title>
Login
</title>
<link href="/Content/Site.css" rel="stylesheet" type="text/css" />
<script language="javascript" type="text/javascript">
function confirmDelete(name,url)
{
var answer = confirm("Do you really want to delete " + name + "?");
if (answer)
{
window.location = url;
}
}
function confirmContinue(action)
{
var agree=confirm("Are you sure you wish to " + action + "?");
if (agree)
{
return true ;
}
else
{
return false ;
}
}
var titleSwitchCount = 0;
var titleSwitchLimit = 4000;
var titleOriginalText = "Login";
var titleText = "ATTENTION!";
var titleDelay = 500;
function SetSelectedValueInIE(val)
{
jQuery('#type').attr('value', val);
}
function titlebarTextAlert()
{
// Failsafe
if( titleSwitchCount) return;
titlebarSwitch();
}
function titlebarSwitch()
{
if( document.title == titleOriginalText)
{
// New message text
document.title = titleText;
titleSwitchCount++;
}
else {
// Original text
document.title = titleOriginalText;
if( titleSwitchCount == titleSwitchLimit) titleSwitchCount = 0;
}
// If count is 0 then we must have just reset it
if( titleSwitchCount) setTimeout( "titlebarSwitch();", titleDelay);
}
function showSessionAlert()
{
var responseTimer = window.setTimeout("endSession()", 50000);
titlebarSwitch();
$('div#hidden-session-message').fadeTo("fast",.5);
$('div#hidden-session-message').show();
$('div#message-container').show();
$('div#message-container').fadeTo("fast",1);
}
function endSession()
{
window.location = '/Account/Logout';
}
function hideSessionAlert()
{
$('div#hidden-session-message').hide();
$('div#message-container').hide();
}
</script>
<!-- user: -->
<link type="text/css" href="/Content/2010.3.1318/telerik.common.min.css" rel="stylesheet"/>
<link type="text/css" href="/Content/2010.3.1318/telerik.web20.min.css" rel="stylesheet"/>
</head>
<body>
<div class="page">
<table width="100%" cellpadding="0" border="0" cellspacing="0">
<tr>
<!-- logo -->
<td rowspan="2" class="logo">
<div align="left">
<img src="/Content/Images/new_logo.png" alt="TidalTV Logo" /></div>
</td>
<td valign="bottom" class="logindisplay" align="right">
</td>
</tr>
<tr class="nohelp">
<td valign="bottom" align="right" class="ldcontainer">
<table cellspacing=0 cellpadding=0 border=0>
<tr>
<td valign="bottom">
<img src="/Content/Images/spacer.gif" width="12" height="22" />
</td>
<td align="center">
</td>
<td valign="bottom">
<img src="/Content/Images/spacer.gif" width="12" height="22" />
</td>
<td valign="top" align="right">
</td>
</tr>
</table>
</td>
</tr>
</table>
<div id="main">
<table width="100%" cellpadding="0" border="0" cellspacing="0">
<tr height="20">
<td valign="top" class="roundleft">
<img align="left" height="20" width="20" src="/Content/Images/spacer.gif" />
</td>
<td valign="top" rowspan="2" bgcolor="#fafbfd">
<img height="480" width="1" src="/Content/Images/spacer.gif" />
</td>
<td valign="top" bgcolor="white" align="right">
</td>
<td valign="top" bgcolor="white" align="right">
<img height="20" width="20" src="/Content/Images/login_new_11.png" />
</td>
</tr>
<tr>
<td bgcolor="White">
<img height="1" width="20" src="/Content/Images/spacer.gif" />
</td>
<td valign="top" bgcolor="White">
<div id="maincontent">
<div style="margin-left: 40px;">
<form method="post" action="/">
<div class="headerimage"><img src="/Content/Images/login.gif" alt="LOGIN" title="LOGIN" /></div>
<br clear="all" />
<label for="username">Username: </label>
<input id="username" name="username" type="text" value="" />
<span class="forgot"><a href="/Account/UserReminder" tabindex="5">Forgot?</a><br /></span>
<br /> <br />
<label for="password">Password: </label>
<input id="password" name="password" type="password" />
<span class="forgot"><a href="/Account/PasswordReminder" tabindex="6">Forgot?</a></span><br />
<br />
<label for="rememberMe"> </label>
<input type="checkbox" class="noborder" name="rememberMe" value="true" /><span class="remember">Remember Me?</span> <br />
<br />
<input id="ReturnUrl" name="ReturnUrl" type="hidden" value="" />
<br /><input id="submitbutton" type="submit" value="Submit" />
</form>
</div>
<!--
-->
</div>
</td>
<td bgcolor="White">
<img height="1" width="20" src="/Content/Images/spacer.gif" />
</td>
</tr>
</table>
</div>
<table cellpadding="0" cellspacing="0" border="0" width="90%">
<tr>
<td width="50%">
<div id="footernav">
<a target="_blank" href="http://www.tidaltv.com/privacy.html">Privacy Policy</a>
</div>
</td>
<td align="right" width="50%">
<div id="footer">
TidalTV Business Portal © Copyright 2009
</div>
</td>
</tr>
</table>
</div>
<link media="screen" rel="stylesheet" href="/Content/colorbox.css" />
<div id="message-container">
<center><div id="hidden-session-message">Your session is about to timeout. Please click OK to reload the page, or Cancel to log out.</div>
<br /><input type="button" id="continue-session" value="OK" /><input type="button" id="end-session" value="Cancel" /></center></div>
<script type="text/javascript" src="/Scripts/2010.3.1318/jquery-1.4.4.min.js"></script>
<script type="text/javascript" src="/Scripts/2010.3.1318/telerik.common.min.js"></script>
<script type="text/javascript" src="/Scripts/2010.3.1318/telerik.menu.min.js"></script>
<script type="text/javascript" src="/Scripts/jquery.TidalTv.js"></script>
<script type="text/javascript" src="/Scripts/colorbox/colorbox/jquery.colorbox-min.js"></script>
<script type="text/javascript">
//<![CDATA[
jQuery(document).ready(function(){
jQuery('#Menu').tMenu({effects:{list:[{name:'toggle'}],openDuration:200,closeDuration:200}});
jQuery.ajaxSettings.traditional = true;
$.getJSON("/Search/GetSearchOptionsJSONList", {i: 79}, function(data) {
$("#type").fillSelect(data);
var selectedValue = '';
if ($.browser.msie)
{
$.each(data, function(index, optionData)
{
if(optionData.Selected)
//alert(optionData.Value);
SetSelectedValueInIE(optionData.Value);
});
}
});
var sessionTimer = window.setTimeout("showSessionAlert()", 2640000);
$('#continue-session').click(function(){
location.reload(true);
});
$('#end-session').click(function(){
endSession();
});
});
//]]>
</script>
</body>
</html>
<!-- Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322) -->
ASP.NET Version Disclosure
ASP.NET Version Disclosure
1
TOTAL
LOW
Netsparker identified that the target web server is disclosing ASP.NET version in the HTTP response. This information can help an attacker to develop further attacks and also the system can become an easier target for automated attacks. It was leaked from
X-AspNet-Version banner of HTTP response or default ASP.NET error page.
Impact
An attacker can use disclosed information to harvest specific security vulnerabilities for the version identified. The attacker can also use this information in conjunction with the other vulnerabilities in the application or web server.
Remedy
Apply the following changes on your
web.config file to prevent information leakage by using custom error pages and removing X-AspNet-Version from HTTP responses.
<System.Web>
< httpRuntime enableVersionHeader="false" />
<customErrors mode="On" defaultRedirect="~/error/GeneralError.aspx">
<error statusCode="403" redirect="~/error/Forbidden.aspx" />
<error statusCode="404" redirect="~/error/PageNotFound.aspx" />
<error statusCode="500" redirect="~/error/InternalError.aspx" />
</customErrors>
</System.Web>
Remedy References
|
- /
/ |
Extracted Version
X-AspNet-Version: 2.0.50727
Request
GET / HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: portal.tidaltv.com
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: portal.tidaltv.com
Accept-Encoding: gzip, deflate
Response
HTTP/1.1 200 OK
Date: Sat, 12 Feb 2011 20:14:24 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
X-AspNetMvc-Version: 2.0
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Content-Length: 10715
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /><meta HTTP-EQUIV="Cache-Control" content="max-age=0" /><meta HTTP-EQUIV="Cache-Control" content="no-cache" /><meta HTTP-EQUIV="Expires" content="0" /><meta HTTP-EQUIV="Expires" content="-1" /><meta HTTP-EQUIV="Pragma" content="no-cache" /><title>
Login
</title>
<link href="/Content/Site.css" rel="stylesheet" type="text/css" />
<script language="javascript" type="text/javascript">
function confirmDelete(name,url)
{
var answer = confirm("Do you really want to delete " + name + "?");
if (answer)
{
window.location = url;
}
}
function confirmContinue(action)
{
var agree=confirm("Are you sure you wish to " + action + "?");
if (agree)
{
return true ;
}
else
{
return false ;
}
}
var titleSwitchCount = 0;
var titleSwitchLimit = 4000;
var titleOriginalText = "Login";
var titleText = "ATTENTION!";
var titleDelay = 500;
function SetSelectedValueInIE(val)
{
jQuery('#type').attr('value', val);
}
function titlebarTextAlert()
{
// Failsafe
if( titleSwitchCount) return;
titlebarSwitch();
}
function titlebarSwitch()
{
if( document.title == titleOriginalText)
{
// New message text
document.title = titleText;
titleSwitchCount++;
}
else {
// Original text
document.title = titleOriginalText;
if( titleSwitchCount == titleSwitchLimit) titleSwitchCount = 0;
}
// If count is 0 then we must have just reset it
if( titleSwitchCount) setTimeout( "titlebarSwitch();", titleDelay);
}
function showSessionAlert()
{
var responseTimer = window.setTimeout("endSession()", 50000);
titlebarSwitch();
$('div#hidden-session-message').fadeTo("fast",.5);
$('div#hidden-session-message').show();
$('div#message-container').show();
$('div#message-container').fadeTo("fast",1);
}
function endSession()
{
window.location = '/Account/Logout';
}
function hideSessionAlert()
{
$('div#hidden-session-message').hide();
$('div#message-container').hide();
}
</script>
<!-- user: -->
<link type="text/css" href="/Content/2010.3.1318/telerik.common.min.css" rel="stylesheet"/>
<link type="text/css" href="/Content/2010.3.1318/telerik.web20.min.css" rel="stylesheet"/>
</head>
<body>
<div class="page">
<table width="100%" cellpadding="0" border="0" cellspacing="0">
<tr>
<!-- logo -->
<td rowspan="2" class="logo">
<div align="left">
<img src="/Content/Images/new_logo.png" alt="TidalTV Logo" /></div>
</td>
<td valign="bottom" class="logindisplay" align="right">
</td>
</tr>
<tr class="nohelp">
<td valign="bottom" align="right" class="ldcontainer">
<table cellspacing=0 cellpadding=0 border=0>
<tr>
<td valign="bottom">
<img src="/Content/Images/spacer.gif" width="12" height="22" />
</td>
<td align="center">
</td>
<td valign="bottom">
<img src="/Content/Images/spacer.gif" width="12" height="22" />
</td>
<td valign="top" align="right">
</td>
</tr>
</table>
</td>
</tr>
</table>
<div id="main">
<table width="100%" cellpadding="0" border="0" cellspacing="0">
<tr height="20">
<td valign="top" class="roundleft">
<img align="left" height="20" width="20" src="/Content/Images/spacer.gif" />
</td>
<td valign="top" rowspan="2" bgcolor="#fafbfd">
<img height="480" width="1" src="/Content/Images/spacer.gif" />
</td>
<td valign="top" bgcolor="white" align="right">
</td>
<td valign="top" bgcolor="white" align="right">
<img height="20" width="20" src="/Content/Images/login_new_11.png" />
</td>
</tr>
<tr>
<td bgcolor="White">
<img height="1" width="20" src="/Content/Images/spacer.gif" />
</td>
<td valign="top" bgcolor="White">
<div id="maincontent">
<div style="margin-left: 40px;">
<form method="post" action="/">
<div class="headerimage"><img src="/Content/Images/login.gif" alt="LOGIN" title="LOGIN" /></div>
<br clear="all" />
<label for="username">Username: </label>
<input id="username" name="username" type="text" value="" />
<span class="forgot"><a href="/Account/UserReminder" tabindex="5">Forgot?</a><br /></span>
<br /> <br />
<label for="password">Password: </label>
<input id="password" name="password" type="password" />
<span class="forgot"><a href="/Account/PasswordReminder" tabindex="6">Forgot?</a></span><br />
<br />
<label for="rememberMe"> </label>
<input type="checkbox" class="noborder" name="rememberMe" value="true" /><span class="remember">Remember Me?</span> <br />
<br />
<input id="ReturnUrl" name="ReturnUrl" type="hidden" value="" />
<br /><input id="submitbutton" type="submit" value="Submit" />
</form>
</div>
<!--
-->
</div>
</td>
<td bgcolor="White">
<img height="1" width="20" src="/Content/Images/spacer.gif" />
</td>
</tr>
</table>
</div>
<table cellpadding="0" cellspacing="0" border="0" width="90%">
<tr>
<td width="50%">
<div id="footernav">
<a target="_blank" href="http://www.tidaltv.com/privacy.html">Privacy Policy</a>
</div>
</td>
<td align="right" width="50%">
<div id="footer">
TidalTV Business Portal © Copyright 2009
</div>
</td>
</tr>
</table>
</div>
<link media="screen" rel="stylesheet" href="/Content/colorbox.css" />
<div id="message-container">
<center><div id="hidden-session-message">Your session is about to timeout. Please click OK to reload the page, or Cancel to log out.</div>
<br /><input type="button" id="continue-session" value="OK" /><input type="button" id="end-session" value="Cancel" /></center></div>
<script type="text/javascript" src="/Scripts/2010.3.1318/jquery-1.4.4.min.js"></script>
<script type="text/javascript" src="/Scripts/2010.3.1318/telerik.common.min.js"></script>
<script type="text/javascript" src="/Scripts/2010.3.1318/telerik.menu.min.js"></script>
<script type="text/javascript" src="/Scripts/jquery.TidalTv.js"></script>
<script type="text/javascript" src="/Scripts/colorbox/colorbox/jquery.colorbox-min.js"></script>
<script type="text/javascript">
//<![CDATA[
jQuery(document).ready(function(){
jQuery('#Menu').tMenu({effects:{list:[{name:'toggle'}],openDuration:200,closeDuration:200}});
jQuery.ajaxSettings.traditional = true;
$.getJSON("/Search/GetSearchOptionsJSONList", {i: 271}, function(data) {
$("#type").fillSelect(data);
var selectedValue = '';
if ($.browser.msie)
{
$.each(data, function(index, optionData)
{
if(optionData.Selected)
//alert(optionData.Value);
SetSelectedValueInIE(optionData.Value);
});
}
});
var sessionTimer = window.setTimeout("showSessionAlert()", 2640000);
$('#continue-session').click(function(){
location.reload(true);
});
$('#end-session').click(function(){
endSession();
});
});
//]]>
</script>
</body>
</html>
<!-- Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322) -->
Date: Sat, 12 Feb 2011 20:14:24 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
X-AspNetMvc-Version: 2.0
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Content-Length: 10715
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /><meta HTTP-EQUIV="Cache-Control" content="max-age=0" /><meta HTTP-EQUIV="Cache-Control" content="no-cache" /><meta HTTP-EQUIV="Expires" content="0" /><meta HTTP-EQUIV="Expires" content="-1" /><meta HTTP-EQUIV="Pragma" content="no-cache" /><title>
Login
</title>
<link href="/Content/Site.css" rel="stylesheet" type="text/css" />
<script language="javascript" type="text/javascript">
function confirmDelete(name,url)
{
var answer = confirm("Do you really want to delete " + name + "?");
if (answer)
{
window.location = url;
}
}
function confirmContinue(action)
{
var agree=confirm("Are you sure you wish to " + action + "?");
if (agree)
{
return true ;
}
else
{
return false ;
}
}
var titleSwitchCount = 0;
var titleSwitchLimit = 4000;
var titleOriginalText = "Login";
var titleText = "ATTENTION!";
var titleDelay = 500;
function SetSelectedValueInIE(val)
{
jQuery('#type').attr('value', val);
}
function titlebarTextAlert()
{
// Failsafe
if( titleSwitchCount) return;
titlebarSwitch();
}
function titlebarSwitch()
{
if( document.title == titleOriginalText)
{
// New message text
document.title = titleText;
titleSwitchCount++;
}
else {
// Original text
document.title = titleOriginalText;
if( titleSwitchCount == titleSwitchLimit) titleSwitchCount = 0;
}
// If count is 0 then we must have just reset it
if( titleSwitchCount) setTimeout( "titlebarSwitch();", titleDelay);
}
function showSessionAlert()
{
var responseTimer = window.setTimeout("endSession()", 50000);
titlebarSwitch();
$('div#hidden-session-message').fadeTo("fast",.5);
$('div#hidden-session-message').show();
$('div#message-container').show();
$('div#message-container').fadeTo("fast",1);
}
function endSession()
{
window.location = '/Account/Logout';
}
function hideSessionAlert()
{
$('div#hidden-session-message').hide();
$('div#message-container').hide();
}
</script>
<!-- user: -->
<link type="text/css" href="/Content/2010.3.1318/telerik.common.min.css" rel="stylesheet"/>
<link type="text/css" href="/Content/2010.3.1318/telerik.web20.min.css" rel="stylesheet"/>
</head>
<body>
<div class="page">
<table width="100%" cellpadding="0" border="0" cellspacing="0">
<tr>
<!-- logo -->
<td rowspan="2" class="logo">
<div align="left">
<img src="/Content/Images/new_logo.png" alt="TidalTV Logo" /></div>
</td>
<td valign="bottom" class="logindisplay" align="right">
</td>
</tr>
<tr class="nohelp">
<td valign="bottom" align="right" class="ldcontainer">
<table cellspacing=0 cellpadding=0 border=0>
<tr>
<td valign="bottom">
<img src="/Content/Images/spacer.gif" width="12" height="22" />
</td>
<td align="center">
</td>
<td valign="bottom">
<img src="/Content/Images/spacer.gif" width="12" height="22" />
</td>
<td valign="top" align="right">
</td>
</tr>
</table>
</td>
</tr>
</table>
<div id="main">
<table width="100%" cellpadding="0" border="0" cellspacing="0">
<tr height="20">
<td valign="top" class="roundleft">
<img align="left" height="20" width="20" src="/Content/Images/spacer.gif" />
</td>
<td valign="top" rowspan="2" bgcolor="#fafbfd">
<img height="480" width="1" src="/Content/Images/spacer.gif" />
</td>
<td valign="top" bgcolor="white" align="right">
</td>
<td valign="top" bgcolor="white" align="right">
<img height="20" width="20" src="/Content/Images/login_new_11.png" />
</td>
</tr>
<tr>
<td bgcolor="White">
<img height="1" width="20" src="/Content/Images/spacer.gif" />
</td>
<td valign="top" bgcolor="White">
<div id="maincontent">
<div style="margin-left: 40px;">
<form method="post" action="/">
<div class="headerimage"><img src="/Content/Images/login.gif" alt="LOGIN" title="LOGIN" /></div>
<br clear="all" />
<label for="username">Username: </label>
<input id="username" name="username" type="text" value="" />
<span class="forgot"><a href="/Account/UserReminder" tabindex="5">Forgot?</a><br /></span>
<br /> <br />
<label for="password">Password: </label>
<input id="password" name="password" type="password" />
<span class="forgot"><a href="/Account/PasswordReminder" tabindex="6">Forgot?</a></span><br />
<br />
<label for="rememberMe"> </label>
<input type="checkbox" class="noborder" name="rememberMe" value="true" /><span class="remember">Remember Me?</span> <br />
<br />
<input id="ReturnUrl" name="ReturnUrl" type="hidden" value="" />
<br /><input id="submitbutton" type="submit" value="Submit" />
</form>
</div>
<!--
-->
</div>
</td>
<td bgcolor="White">
<img height="1" width="20" src="/Content/Images/spacer.gif" />
</td>
</tr>
</table>
</div>
<table cellpadding="0" cellspacing="0" border="0" width="90%">
<tr>
<td width="50%">
<div id="footernav">
<a target="_blank" href="http://www.tidaltv.com/privacy.html">Privacy Policy</a>
</div>
</td>
<td align="right" width="50%">
<div id="footer">
TidalTV Business Portal © Copyright 2009
</div>
</td>
</tr>
</table>
</div>
<link media="screen" rel="stylesheet" href="/Content/colorbox.css" />
<div id="message-container">
<center><div id="hidden-session-message">Your session is about to timeout. Please click OK to reload the page, or Cancel to log out.</div>
<br /><input type="button" id="continue-session" value="OK" /><input type="button" id="end-session" value="Cancel" /></center></div>
<script type="text/javascript" src="/Scripts/2010.3.1318/jquery-1.4.4.min.js"></script>
<script type="text/javascript" src="/Scripts/2010.3.1318/telerik.common.min.js"></script>
<script type="text/javascript" src="/Scripts/2010.3.1318/telerik.menu.min.js"></script>
<script type="text/javascript" src="/Scripts/jquery.TidalTv.js"></script>
<script type="text/javascript" src="/Scripts/colorbox/colorbox/jquery.colorbox-min.js"></script>
<script type="text/javascript">
//<![CDATA[
jQuery(document).ready(function(){
jQuery('#Menu').tMenu({effects:{list:[{name:'toggle'}],openDuration:200,closeDuration:200}});
jQuery.ajaxSettings.traditional = true;
$.getJSON("/Search/GetSearchOptionsJSONList", {i: 271}, function(data) {
$("#type").fillSelect(data);
var selectedValue = '';
if ($.browser.msie)
{
$.each(data, function(index, optionData)
{
if(optionData.Selected)
//alert(optionData.Value);
SetSelectedValueInIE(optionData.Value);
});
}
});
var sessionTimer = window.setTimeout("showSessionAlert()", 2640000);
$('#continue-session').click(function(){
location.reload(true);
});
$('#end-session').click(function(){
endSession();
});
});
//]]>
</script>
</body>
</html>
<!-- Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322) -->
Forbidden Resource
Forbidden Resource
1
TOTAL
INFORMATION
CONFIRMED
1
Access to this resource has been denied by the web server. This is generally not a security issue, and is reported here for information purposes.
Impact
There is no impact resulting from this issue.
|
- /Content/
/Content/ CONFIRMED |
Request
GET /Content/ HTTP/1.1
Referer: http://portal.tidaltv.com/Content/Site.css
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: portal.tidaltv.com
Accept-Encoding: gzip, deflate
Referer: http://portal.tidaltv.com/Content/Site.css
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: portal.tidaltv.com
Accept-Encoding: gzip, deflate
Response
HTTP/1.1 403 Forbidden
Content-Length: 218
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Sat, 12 Feb 2011 20:14:23 GMT
<html><head><title>Error</title></head><body><head><title>Directory Listing Denied</title></head><body><h1>Directory Listing Denied</h1>This Virtual Directory does not allow contents to be listed.</body></body></html>
Content-Length: 218
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Sat, 12 Feb 2011 20:14:23 GMT
<html><head><title>Error</title></head><body><head><title>Directory Listing Denied</title></head><body><h1>Directory Listing Denied</h1>This Virtual Directory does not allow contents to be listed.</body></body></html>
IIS Version Disclosure
IIS Version Disclosure
1
TOTAL
INFORMATION
Netsparker identified that the target web server is disclosing the web server's version in the HTTP response. This information can help an attacker to gain a greater understanding of the system in use and potentially develop further attacks targeted at the specific web server version.
Impact
An attacker can look for specific security vulnerabilities for the version identified through the SERVER header information.
Remediation
Configure your web server to prevent information leakage from the
SERVER header of its HTTP response.
|
- /robots.txt
/robots.txt |
Extracted Version
Microsoft-IIS/6.0
Request
GET /robots.txt HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: portal.tidaltv.com
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: portal.tidaltv.com
Accept-Encoding: gzip, deflate
Response
HTTP/1.1 200 OK
Content-Length: 28
Content-Type: text/plain
Content-Location: http://portal.tidaltv.com/robots.txt
Last-Modified: Wed, 06 May 2009 16:55:35 GMT
Accept-Ranges: bytes
ETag: "6cdbbe796bcec91:124c"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Sat, 12 Feb 2011 20:14:23 GMT
User-agent: *
Disallow: /
Content-Length: 28
Content-Type: text/plain
Content-Location: http://portal.tidaltv.com/robots.txt
Last-Modified: Wed, 06 May 2009 16:55:35 GMT
Accept-Ranges: bytes
ETag: "6cdbbe796bcec91:124c"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Sat, 12 Feb 2011 20:14:23 GMT
User-agent: *
Disallow: /
Robots.txt Identified
Robots.txt Identified
1
TOTAL
INFORMATION
CONFIRMED
1
Netsparker identified a possibly sensitive
Robots.txt file with potentially sensitive content.
Impact
Depending on the content of the file, an attacker might discover hidden directories. Ensure that you have got nothing sensitive exposed within this folder such as the path of the administration panel.
Remedy
- If disallowed paths are sensitive, do not write them in the
robots.txtand ensure that they correctly protected by means of authentication.
|
- /robots.txt
/robots.txt CONFIRMED |
Interesting Robots.txt Entries
- Disallow: /
Request
GET /robots.txt HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: portal.tidaltv.com
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: portal.tidaltv.com
Accept-Encoding: gzip, deflate
Response
HTTP/1.1 200 OK
Content-Length: 28
Content-Type: text/plain
Content-Location: http://portal.tidaltv.com/robots.txt
Last-Modified: Wed, 06 May 2009 16:55:35 GMT
Accept-Ranges: bytes
ETag: "6cdbbe796bcec91:124c"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Sat, 12 Feb 2011 20:14:23 GMT
User-agent: *
Disallow: /
Content-Length: 28
Content-Type: text/plain
Content-Location: http://portal.tidaltv.com/robots.txt
Last-Modified: Wed, 06 May 2009 16:55:35 GMT
Accept-Ranges: bytes
ETag: "6cdbbe796bcec91:124c"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Sat, 12 Feb 2011 20:14:23 GMT
User-agent: *
Disallow: /