Paltel Ps

Follow us on Twitter.
@Amenefus @IsraeliElite
// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps Internet provider to Gaza.
Scan of http://www.paltelgroup.ps/
Scan details
Scan information Starttime Finish time Scan time Profile Server information Responsive Server banner Server OS Server technologies Threat level Threat Level 3 One or more high-severity type vulnerabilities have been discovered by the scanner. A malicious user can exploit these vulnerabilities and compromise the backend database and/or deface your website.
12-Apr-13 4:29:56 PM 13-Apr-13 10:07:04 AM 17 hours, 37 minutes Default
True Apache Unknown
Alerts distribution Total alerts found High Medium Low Informational 257 184 35 27 11
Knowledge base
List of file extensions File extensions can provide information on what technologies are being used on this website. List of file extensions detected: - php => 18 file(s) - DS_Store => 13 file(s) - css => 21 file(s) - js => 19 file(s) - cvsignore => 1 file(s) - html => 1 file(s) - asp => 1 file(s) - txt => 1 file(s)
Top 10 response times
The files listed bellow had the slowest response times measured during the crawling process. The average response time for this site was 297.43 ms. These files could be targetted in denial of service attacks. 1. /js/jquery-ui.js, response time 983 ms GET /js/jquery-ui.js HTTP/1.1 Pragma: no-cache Referer: http://www.paltelgroup.ps/ 2
Acunetix-Aspect: enabled Acunetix-Aspect-Password: 082119f75623eb7abd7bf357698ff66c Acunetix-Aspect-Queries: filelist;aspectalerts Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* 2. /CaptchaSecurityImages.php, response time 531 ms GET /CaptchaSecurityImages.php HTTP/1.1 Pragma: no-cache Referer: http://www.paltelgroup.ps/index.php Acunetix-Aspect: enabled Acunetix-Aspect-Password: 082119f75623eb7abd7bf357698ff66c Acunetix-Aspect-Queries: filelist;aspectalerts Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */*
List of client scripts These files contain Javascript code referenced from the website. - /js/jq.js - /js/jquery.hoverIntent.minified.js - /js/jqc.js - /js/jqEasing.js - /js/exCanvas.js - /js/jquery.fancybox.pack.js - /js/jq.selectBox.js - /js/expCanvas.js - /js/warning.js - /js/jquery-ui.js - /js/jquery.dcmegamenu.1.3.3_ar.js - /js/home_ar.js - /js/menuInner_ar.js - /js/all.js - /js/home.js - /js/jquery.dcmegamenu.1.3.3.js - /js/menuInner.js - /js/datetimepicker_css.js - /support/menu/js.js
List of files with inputs
These files have at least one input (GET or POST). - / - 7 inputs - /index.php - 28 inputs - /ajax/cal.php - 1 inputs - /ajax/getReports.php - 1 inputs - /ajax/getTheNews.php - 1 inputs - /ajax/getMoreNews.php - 1 inputs - /ajax/contact.php - 1 inputs - /ajax/getStaff.php - 1 inputs - /CaptchaSecurityImages.php - 1 inputs - /application_corporate_action.php - 1 inputs - /support/index.php - 1 inputs - /support/CaptchaSecurityImages.php - 1 inputs - /support/FCKeditor/editor/filemanager/connectors/php/connector.php - 1 inputs
- /support/FCKeditor/editor/filemanager/connectors/test.html - 1 inputs - /support/FCKeditor/editor/filemanager/connectors/asp/connector.asp - 1 inputs
List of external hosts These hosts were linked from this website but they were not scanned because they are not listed in the list of hosts allowed.(Settings->Scanners settings->Scanner->List of hosts allowed). - www.zoom.ps - www.reach.ps - www.paltel.ps - www.jawwal.ps - www.hulul.com - www.hadara.ps - www.palmedia.ps - www.pgfoundation.ps - paltelgroup.ps - twitter.com - www.facebook.com - www.youtube.com - s7.addthis.com - ecareer.jawwal.ps - paltel.ps
List of email addresses List of all email addresses found on this host. - brian@cherne.net - info@zoom.ps - license@php.net
Alerts summary
Affects /ajax/getMoreNews.php /support/index.php
Variations 160 1
Affects /info.php
Variations 1
Affects /ajax/getMoreNews.php
Variations 22
Affects /ajax/getMoreNews.php
Variations 22
Variations Affects /support/FCKeditor/editor/filemanager/connectors/php/connector.php?Command=FileUpload&Type=File&Curr 1 entFolder=/
Affects / / (975a4a1b7430a0d8d05b765506281cce) /index.php (49d67861bd12777a7a2650a300089e02) /index.php (9fc54a9bc9d01b713855ba23fe521a28) /index.php (a43aa64b6c7f5b32aff137a508ade340) /support /support/FCKeditor/editor/filemanager/connectors/test.html
Variations 1 1 1 1 1 1 1
Affects /info.php
Variations 1
Affects /info.php
Variations 2
Affects /support/FCKeditor/editor/filemanager/connectors/asp/connector.asp
Variations 1
Affects /support
Variations 1
Affects /application_corporate_action.php /support/FCKeditor/editor/filemanager/connectors/test.html
Variations 1 1
Affects /support/index.php
Variations 1
Affects /images/staff /support/FCKeditor /support/FCKeditor/editor/_source /support/FCKeditor/editor/filemanager /uploads
Variations 1 1 1 1 1
Affects /banners/.DS_Store /banners/images/.DS_Store /classes/.DS_Store /css/.DS_Store /downloads/.DS_Store /downloads/reports/.DS_Store /downloads/reports_thumb/.DS_Store /images/.DS_Store /images/images/.DS_Store /images/staff/.DS_Store /images/stories/.DS_Store /js/.DS_Store /support/.DS_Store /support/FCKeditor/.cvsignore /support/FCKeditor/editor/filemanager/connectors/test.html /support/menu/test.php
Variations 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1
Affects /
Variations 1
Affects /
Variations 1
Affects Web Server
Variations 1
Affects /a /ajax/images/staff
Variations 1 1
Affects /index.php /info.php /js/jquery.hoverIntent.minified.js
Variations 1 1 1
Affects /info.php
Variations 1
Affects /info.php
Variations 1
Affects /info.php
Variations 1
Affects /support
Variations 1
Affects /info.php
Variations 1
Affects /js/jq.js
Variations 1
Alert details
Cross Site Scripting (verified)
Severity High Type Validation Reported by module Scripting (XSS.script) Description This script is possibly vulnerable to Cross Site Scripting (XSS) attacks. Cross site scripting (also referred to as XSS) is a vulnerability that allows an attacker to send malicious code (usually in the form of Javascript) to another user. Because a browser cannot know if the script should be trusted or not, it will execute the script in the user context allowing the attacker to access any cookies or session tokens retained by the browser. Impact Malicious users may inject JavaScript, VBScript, ActiveX, HTML or Flash into a vulnerable application to fool a user in order to gather data from them. An attacker can steal the session cookie and take over the account, impersonating the user. It is also possible to modify the content of the page presented to the user. Recommendation Your script should filter metacharacters from user input. References OWASP PHP Top 5 Security Focus - Penetration Testing for Web Applications (Part Two) How To: Prevent Cross-Site Scripting in ASP.NET Allowing HTML and Preventing XSS Microsoft ASP.NET request filtering flaw ASP.NET Unicode Character Conversion XSS XSS cheat sheet XSS Annihilation Acunetix Cross Site Scripting Attack The Cross Site Scripting Faq OWASP Cross Site Scripting Cross site scripting Affected items /ajax/getMoreNews.php Details URL encoded POST input link was set to " onmouseover=prompt(965379) bad=" The input is reflected inside a tag parameter between double quotes. Request headers
POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 90 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=20&Lang=ar&link=%22%20onmouseover%3dprompt%28965379%29%20bad%3d%22&perPage=20
/ajax/getMoreNews.php Details URL encoded POST input link was set to javascript:prompt(913649);undefined The input is reflected inside A tag href parameter, a FORM tag action parameter or (I)FRAME src parameter. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 83 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=20&Lang=ar&link=javascript%3aprompt%28913649%29%3bundefined&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to " onmouseover=prompt(926630) bad=" The input is reflected inside a tag parameter between double quotes. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 90 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=20&Lang=ar&link=%22%20onmouseover%3dprompt%28926630%29%20bad%3d%22&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to javascript:prompt(912406);undefined The input is reflected inside A tag href parameter, a FORM tag action parameter or (I)FRAME src parameter. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 83 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=20&Lang=ar&link=javascript%3aprompt%28912406%29%3bundefined&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to " onmouseover=prompt(954053) bad=" The input is reflected inside a tag parameter between double quotes. Request headers
POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 90
Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=20&Lang=ar&link=%22%20onmouseover%3dprompt%28954053%29%20bad%3d%22&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to javascript:prompt(916409);undefined The input is reflected inside A tag href parameter, a FORM tag action parameter or (I)FRAME src parameter. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 83 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=20&Lang=ar&link=javascript%3aprompt%28916409%29%3bundefined&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to " onmouseover=prompt(950581) bad=" The input is reflected inside a tag parameter between double quotes. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 90 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=20&Lang=ar&link=%22%20onmouseover%3dprompt%28950581%29%20bad%3d%22&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to javascript:prompt(980397);undefined The input is reflected inside A tag href parameter, a FORM tag action parameter or (I)FRAME src parameter. Request headers
POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 83 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=20&Lang=ar&link=javascript%3aprompt%28980397%29%3bundefined&perPage=20 10
/ajax/getMoreNews.php Details URL encoded POST input link was set to " onmouseover=prompt(991664) bad=" The input is reflected inside a tag parameter between double quotes. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 90 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=20&Lang=ar&link=%22%20onmouseover%3dprompt%28991664%29%20bad%3d%22&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to javascript:prompt(932032);undefined The input is reflected inside A tag href parameter, a FORM tag action parameter or (I)FRAME src parameter. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 83 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=20&Lang=ar&link=javascript%3aprompt%28932032%29%3bundefined&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to " onmouseover=prompt(976396) bad=" The input is reflected inside a tag parameter between double quotes. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 90 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=20&Lang=ar&link=%22%20onmouseover%3dprompt%28976396%29%20bad%3d%22&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to javascript:prompt(975413);undefined The input is reflected inside A tag href parameter, a FORM tag action parameter or (I)FRAME src parameter. Request headers
POST /ajax/getMoreNews.php HTTP/1.1 11
Content-Length: 83 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=20&Lang=ar&link=javascript%3aprompt%28975413%29%3bundefined&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to " onmouseover=prompt(996033) bad=" The input is reflected inside a tag parameter between double quotes. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 90 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=20&Lang=ar&link=%22%20onmouseover%3dprompt%28996033%29%20bad%3d%22&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to javascript:prompt(915046);undefined The input is reflected inside A tag href parameter, a FORM tag action parameter or (I)FRAME src parameter. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 83 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=20&Lang=ar&link=javascript%3aprompt%28915046%29%3bundefined&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to " onmouseover=prompt(900112) bad=" The input is reflected inside a tag parameter between double quotes. Request headers
POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 90 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=20&Lang=ar&link=%22%20onmouseover%3dprompt%28900112%29%20bad%3d%22&perPage 12
=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to javascript:prompt(987174);undefined The input is reflected inside A tag href parameter, a FORM tag action parameter or (I)FRAME src parameter. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 83 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=20&Lang=ar&link=javascript%3aprompt%28987174%29%3bundefined&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to " onmouseover=prompt(929909) bad=" The input is reflected inside a tag parameter between double quotes. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 90 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=20&Lang=ar&link=%22%20onmouseover%3dprompt%28929909%29%20bad%3d%22&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to javascript:prompt(941992);undefined The input is reflected inside A tag href parameter, a FORM tag action parameter or (I)FRAME src parameter. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 83 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=20&Lang=ar&link=javascript%3aprompt%28941992%29%3bundefined&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to " onmouseover=prompt(946777) bad=" The input is reflected inside a tag parameter between double quotes.
Request headers POST /ajax/getMoreNews.php HTTP/1.1 13
Content-Length: 90 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=20&Lang=ar&link=%22%20onmouseover%3dprompt%28946777%29%20bad%3d%22&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to javascript:prompt(921838);undefined The input is reflected inside A tag href parameter, a FORM tag action parameter or (I)FRAME src parameter. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 83 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=20&Lang=ar&link=javascript%3aprompt%28921838%29%3bundefined&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to " onmouseover=prompt(928458) bad=" The input is reflected inside a tag parameter between double quotes. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 90 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=20&Lang=ar&link=%22%20onmouseover%3dprompt%28928458%29%20bad%3d%22&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to javascript:prompt(991033);undefined The input is reflected inside A tag href parameter, a FORM tag action parameter or (I)FRAME src parameter. Request headers
POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 83 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* @Amenefus 14
catId=2&from=20&Lang=ar&link=javascript%3aprompt%28991033%29%3bundefined&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to " onmouseover=prompt(999007) bad=" The input is reflected inside a tag parameter between double quotes. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 90 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=20&Lang=ar&link=%22%20onmouseover%3dprompt%28999007%29%20bad%3d%22&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to javascript:prompt(959770);undefined The input is reflected inside A tag href parameter, a FORM tag action parameter or (I)FRAME src parameter. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 83 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=20&Lang=ar&link=javascript%3aprompt%28959770%29%3bundefined&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to " onmouseover=prompt(924012) bad=" The input is reflected inside a tag parameter between double quotes. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 90 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=20&Lang=ar&link=%22%20onmouseover%3dprompt%28924012%29%20bad%3d%22&perPage=20 /ajax/getMoreNews.php Details
URL encoded POST input link was set to javascript:prompt(994852);undefined The input is reflected inside A tag href parameter, a FORM tag action parameter or (I)FRAME src parameter. Request headers @Amenefus 15
POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 83 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=20&Lang=ar&link=javascript%3aprompt%28994852%29%3bundefined&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to " onmouseover=prompt(933398) bad=" The input is reflected inside a tag parameter between double quotes. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 90 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=20&Lang=ar&link=%22%20onmouseover%3dprompt%28933398%29%20bad%3d%22&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to javascript:prompt(982492);undefined The input is reflected inside A tag href parameter, a FORM tag action parameter or (I)FRAME src parameter. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 83 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=20&Lang=ar&link=javascript%3aprompt%28982492%29%3bundefined&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to " onmouseover=prompt(965494) bad=" The input is reflected inside a tag parameter between double quotes. Request headers
catId=2&from=20&Lang=ar&link=%22%20onmouseover%3dprompt%28965494%29%20bad%3d%22&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to javascript:prompt(997489);undefined The input is reflected inside A tag href parameter, a FORM tag action parameter or (I)FRAME src parameter. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 83 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=20&Lang=ar&link=javascript%3aprompt%28997489%29%3bundefined&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to " onmouseover=prompt(941010) bad=" The input is reflected inside a tag parameter between double quotes. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 90 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=20&Lang=ar&link=%22%20onmouseover%3dprompt%28941010%29%20bad%3d%22&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to javascript:prompt(964867);undefined The input is reflected inside A tag href parameter, a FORM tag action parameter or (I)FRAME src parameter. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 83 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=20&Lang=ar&link=javascript%3aprompt%28964867%29%3bundefined&perPage=20 /ajax/getMoreNews.php Details
URL encoded POST input link was set to " onmouseover=prompt(944124) bad=" The input is reflected inside a tag parameter between double quotes. Request headers @Amenefus 17
POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 90 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=20&Lang=ar&link=%22%20onmouseover%3dprompt%28944124%29%20bad%3d%22&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to javascript:prompt(929716);undefined The input is reflected inside A tag href parameter, a FORM tag action parameter or (I)FRAME src parameter. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 83 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=20&Lang=ar&link=javascript%3aprompt%28929716%29%3bundefined&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to " onmouseover=prompt(934269) bad=" The input is reflected inside a tag parameter between double quotes. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 90 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=20&Lang=ar&link=%22%20onmouseover%3dprompt%28934269%29%20bad%3d%22&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to javascript:prompt(914949);undefined The input is reflected inside A tag href parameter, a FORM tag action parameter or (I)FRAME src parameter. Request headers
URL encoded POST input link was set to javascript:prompt(905717);undefined The input is reflected inside A tag href parameter, a FORM tag action parameter or (I)FRAME src parameter. @Amenefus 19
Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 83 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=20&Lang=ar&link=javascript%3aprompt%28905717%29%3bundefined&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to " onmouseover=prompt(993373) bad=" The input is reflected inside a tag parameter between double quotes. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 90 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=20&Lang=ar&link=%22%20onmouseover%3dprompt%28993373%29%20bad%3d%22&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to javascript:prompt(929962);undefined The input is reflected inside A tag href parameter, a FORM tag action parameter or (I)FRAME src parameter. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 83 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=20&Lang=ar&link=javascript%3aprompt%28929962%29%3bundefined&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to " onmouseover=prompt(920283) bad=" The input is reflected inside a tag parameter between double quotes. Request headers
POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 90 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) @Amenefus 20
Accept: */* catId=2&from=20&Lang=ar&link=%22%20onmouseover%3dprompt%28920283%29%20bad%3d%22&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to javascript:prompt(926474);undefined The input is reflected inside A tag href parameter, a FORM tag action parameter or (I)FRAME src parameter. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 83 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=20&Lang=ar&link=javascript%3aprompt%28926474%29%3bundefined&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to " onmouseover=prompt(937269) bad=" The input is reflected inside a tag parameter between double quotes. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 90 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=20&Lang=ar&link=%22%20onmouseover%3dprompt%28937269%29%20bad%3d%22&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to javascript:prompt(935788);undefined The input is reflected inside A tag href parameter, a FORM tag action parameter or (I)FRAME src parameter. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 83 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=20&Lang=ar&link=javascript%3aprompt%28935788%29%3bundefined&perPage=20
@Amenefus
21
POST /ajax/getMoreNews.php HTTP/1.1 @Amenefus 22
POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 90 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=1&from=20&Lang=ar&link=%22%20onmouseover%3dprompt%28996681%29%20bad%3d%22&perPage @Amenefus 23
Request headers POST /ajax/getMoreNews.php HTTP/1.1 @Amenefus
24
POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 90 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=1&from=20&Lang=ar&link=%22%20onmouseover%3dprompt%28957027%29%20bad%3d%22&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to javascript:prompt(927678);undefined The input is reflected inside A tag href parameter, a FORM tag action parameter or (I)FRAME src parameter. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 83 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=1&from=20&Lang=ar&link=javascript%3aprompt%28927678%29%3bundefined&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to " onmouseover=prompt(984211) bad=" The input is reflected inside a tag parameter between double quotes. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 90 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=1&from=20&Lang=ar&link=%22%20onmouseover%3dprompt%28984211%29%20bad%3d%22&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to javascript:prompt(984469);undefined The input is reflected inside A tag href parameter, a FORM tag action parameter or (I)FRAME src parameter. Request headers
URL encoded POST input link was set to javascript:prompt(957472);undefined The input is reflected inside A tag href parameter, a FORM tag action parameter or (I)FRAME src parameter. @Amenefus 30
Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 83 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=20&Lang=ar&link=javascript%3aprompt%28957472%29%3bundefined&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to " onmouseover=prompt(919463) bad=" The input is reflected inside a tag parameter between double quotes. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 90 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=20&Lang=ar&link=%22%20onmouseover%3dprompt%28919463%29%20bad%3d%22&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to javascript:prompt(946332);undefined The input is reflected inside A tag href parameter, a FORM tag action parameter or (I)FRAME src parameter. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 83 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=20&Lang=ar&link=javascript%3aprompt%28946332%29%3bundefined&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to " onmouseover=prompt(918243) bad=" The input is reflected inside a tag parameter between double quotes. Request headers
Accept: */* catId=1&from=20&Lang=ar&link=%22%20onmouseover%3dprompt%28918243%29%20bad%3d%22&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to javascript:prompt(929451);undefined The input is reflected inside A tag href parameter, a FORM tag action parameter or (I)FRAME src parameter. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 83 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=20&Lang=ar&link=javascript%3aprompt%28929451%29%3bundefined&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to " onmouseover=prompt(967597) bad=" The input is reflected inside a tag parameter between double quotes. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 90 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=20&Lang=ar&link=%22%20onmouseover%3dprompt%28967597%29%20bad%3d%22&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to javascript:prompt(947392);undefined The input is reflected inside A tag href parameter, a FORM tag action parameter or (I)FRAME src parameter. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 83 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=20&Lang=ar&link=javascript%3aprompt%28947392%29%3bundefined&perPage=20
@Amenefus
32
35
POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 83 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=1&from=20&Lang=ar&link=javascript%3aprompt%28938879%29%3bundefined&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to javascript:prompt(941984);undefined The input is reflected inside A tag href parameter, a FORM tag action parameter or (I)FRAME src parameter. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 83 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=1&from=20&Lang=ar&link=javascript%3aprompt%28941984%29%3bundefined&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to " onmouseover=prompt(955326) bad=" The input is reflected inside a tag parameter between double quotes. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 90 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=1&from=20&Lang=ar&link=%22%20onmouseover%3dprompt%28955326%29%20bad%3d%22&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to javascript:prompt(994874);undefined The input is reflected inside A tag href parameter, a FORM tag action parameter or (I)FRAME src parameter. Request headers
POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 90 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=1&from=20&Lang=ar&link=%22%20onmouseover%3dprompt%28923470%29%20bad%3d%22&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to " onmouseover=prompt(956081) bad=" The input is reflected inside a tag parameter between double quotes. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 90 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=1&from=20&Lang=ar&link=%22%20onmouseover%3dprompt%28956081%29%20bad%3d%22&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to " onmouseover=prompt(903295) bad=" The input is reflected inside a tag parameter between double quotes. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 90 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=1&from=20&Lang=ar&link=%22%20onmouseover%3dprompt%28903295%29%20bad%3d%22&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to javascript:prompt(934144);undefined The input is reflected inside A tag href parameter, a FORM tag action parameter or (I)FRAME src parameter. Request headers
Accept: */* catId=1&from=20&Lang=ar&link=javascript%3aprompt%28934144%29%3bundefined&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to " onmouseover=prompt(949615) bad=" The input is reflected inside a tag parameter between double quotes. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 90 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=1&from=20&Lang=ar&link=%22%20onmouseover%3dprompt%28949615%29%20bad%3d%22&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to javascript:prompt(925448);undefined The input is reflected inside A tag href parameter, a FORM tag action parameter or (I)FRAME src parameter. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 83 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=1&from=20&Lang=ar&link=javascript%3aprompt%28925448%29%3bundefined&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to " onmouseover=prompt(963927) bad=" The input is reflected inside a tag parameter between double quotes. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 90 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=1&from=20&Lang=ar&link=%22%20onmouseover%3dprompt%28963927%29%20bad%3d%22&perPage=20
@Amenefus
43
/ajax/getMoreNews.php Details URL encoded POST input link was set to javascript:prompt(998132);undefined The input is reflected inside A tag href parameter, a FORM tag action parameter or (I)FRAME src parameter. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 83 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=1&from=20&Lang=ar&link=javascript%3aprompt%28998132%29%3bundefined&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to " onmouseover=prompt(920636) bad=" The input is reflected inside a tag parameter between double quotes. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 90 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=1&from=20&Lang=ar&link=%22%20onmouseover%3dprompt%28920636%29%20bad%3d%22&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to javascript:prompt(936447);undefined The input is reflected inside A tag href parameter, a FORM tag action parameter or (I)FRAME src parameter. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 83 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=1&from=20&Lang=ar&link=javascript%3aprompt%28936447%29%3bundefined&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to " onmouseover=prompt(928537) bad=" The input is reflected inside a tag parameter between double quotes. Request headers
POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 90 @Amenefus 44
POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 83 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=1&from=20&Lang=ar&link=javascript%3aprompt%28991626%29%3bundefined&perPage=20 @Amenefus
45
/ajax/getMoreNews.php Details URL encoded POST input link was set to " onmouseover=prompt(978369) bad=" The input is reflected inside a tag parameter between double quotes. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 90 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=1&from=20&Lang=ar&link=%22%20onmouseover%3dprompt%28978369%29%20bad%3d%22&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to javascript:prompt(900138);undefined The input is reflected inside A tag href parameter, a FORM tag action parameter or (I)FRAME src parameter. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 83 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=1&from=20&Lang=ar&link=javascript%3aprompt%28900138%29%3bundefined&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to javascript:prompt(912658);undefined The input is reflected inside A tag href parameter, a FORM tag action parameter or (I)FRAME src parameter. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 83 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=1&from=20&Lang=ar&link=javascript%3aprompt%28912658%29%3bundefined&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to " onmouseover=prompt(973968) bad=" The input is reflected inside a tag parameter between double quotes. Request headers
POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 90 @Amenefus
46
47
=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to javascript:prompt(918214);undefined The input is reflected inside A tag href parameter, a FORM tag action parameter or (I)FRAME src parameter. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 83 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=20&Lang=ar&link=javascript%3aprompt%28918214%29%3bundefined&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to " onmouseover=prompt(988107) bad=" The input is reflected inside a tag parameter between double quotes. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 90 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=20&Lang=ar&link=%22%20onmouseover%3dprompt%28988107%29%20bad%3d%22&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to javascript:prompt(900145);undefined The input is reflected inside A tag href parameter, a FORM tag action parameter or (I)FRAME src parameter. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 83 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=20&Lang=ar&link=javascript%3aprompt%28900145%29%3bundefined&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to javascript:prompt(972656);undefined The input is reflected inside A tag href parameter, a FORM tag action parameter or (I)FRAME src parameter.
50
Content-Length: 83 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=20&Lang=ar&link=javascript%3aprompt%28972656%29%3bundefined&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to javascript:prompt(927890);undefined The input is reflected inside A tag href parameter, a FORM tag action parameter or (I)FRAME src parameter. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 83 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=1&from=20&Lang=ar&link=javascript%3aprompt%28927890%29%3bundefined&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to " onmouseover=prompt(910814) bad=" The input is reflected inside a tag parameter between double quotes. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 90 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=1&from=20&Lang=ar&link=%22%20onmouseover%3dprompt%28910814%29%20bad%3d%22&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to javascript:prompt(912408);undefined The input is reflected inside A tag href parameter, a FORM tag action parameter or (I)FRAME src parameter. Request headers
51
/ajax/getMoreNews.php Details URL encoded POST input link was set to " onmouseover=prompt(925348) bad=" The input is reflected inside a tag parameter between double quotes. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 90 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=1&from=20&Lang=ar&link=%22%20onmouseover%3dprompt%28925348%29%20bad%3d%22&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to javascript:prompt(984538);undefined The input is reflected inside A tag href parameter, a FORM tag action parameter or (I)FRAME src parameter. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 83 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=1&from=20&Lang=ar&link=javascript%3aprompt%28984538%29%3bundefined&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to " onmouseover=prompt(914465) bad=" The input is reflected inside a tag parameter between double quotes. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 90 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=1&from=20&Lang=ar&link=%22%20onmouseover%3dprompt%28914465%29%20bad%3d%22&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to " onmouseover=prompt(978508) bad=" The input is reflected inside a tag parameter between double quotes. Request headers
POST /ajax/getMoreNews.php HTTP/1.1 @Amenefus
52
Content-Length: 90 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=1&from=20&Lang=ar&link=%22%20onmouseover%3dprompt%28978508%29%20bad%3d%22&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to " onmouseover=prompt(966154) bad=" The input is reflected inside a tag parameter between double quotes. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 90 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=20&Lang=ar&link=%22%20onmouseover%3dprompt%28966154%29%20bad%3d%22&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to javascript:prompt(911026);undefined The input is reflected inside A tag href parameter, a FORM tag action parameter or (I)FRAME src parameter. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 83 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=20&Lang=ar&link=javascript%3aprompt%28911026%29%3bundefined&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to " onmouseover=prompt(926648) bad=" The input is reflected inside a tag parameter between double quotes. Request headers
catId=2&from=20&Lang=ar&link=%22%20onmouseover%3dprompt%28926648%29%20bad%3d%22&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to " onmouseover=prompt(971460) bad=" The input is reflected inside a tag parameter between double quotes. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 90 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=1&from=20&Lang=ar&link=%22%20onmouseover%3dprompt%28971460%29%20bad%3d%22&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to javascript:prompt(986057);undefined The input is reflected inside A tag href parameter, a FORM tag action parameter or (I)FRAME src parameter. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 83 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=1&from=20&Lang=ar&link=javascript%3aprompt%28986057%29%3bundefined&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to javascript:prompt(979069);undefined The input is reflected inside A tag href parameter, a FORM tag action parameter or (I)FRAME src parameter. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 83 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=1&from=20&Lang=ar&link=javascript%3aprompt%28979069%29%3bundefined&perPage=20 /support/index.php Details
URI was set to " onmouseover=prompt(972822) // The input is reflected inside a tag parameter between double quotes. Request headers @Amenefus 54
GET /support/index.php/%F6%22%20onmouseover=prompt(972822)%20// HTTP/1.1 Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */*
@Amenefus
55
PHP allow_url_fopen enabled

Severity High Type Configuration Reported by module Scripting (PHPInfo.script) Description The PHP configuration directive allow_url_fopen is enabled. When enabled, this directive allows data retrieval from remote locations (web site or FTP server). A large number of code injection vulnerabilities reported in PHP-based web applications are caused by the combination of enabling allow_url_fopen and bad input filtering. allow_url_fopen is enabled by default. Impact Application dependant - possible remote file inclusion. Recommendation You can disable allow_url_fopen from php.ini or .htaccess. php.ini allow_url_fopen = 'off' .htaccess php_flag allow_url_fopen off
Affected items /info.php Details This vulnerability was detected using the information from phpinfo() page /info.php allow_url_fopen: On Request headers GET /info.php HTTP/1.1 Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */*
@Amenefus
56
SQL injection
Severity High Type Validation Reported by module Scripting (Sql_Injection.script) Description This script is possibly vulnerable to SQL Injection attacks. SQL injection is a vulnerability that allows an attacker to alter backend SQL statements by manipulating the user input. An SQL injection occurs when web applications accept user input that is directly placed into a SQL statement and doesn't properly filter out dangerous characters. This is one of the most common application layer attacks currently being used on the Internet. Despite the fact that it is relatively easy to protect against, there is a large number of web applications vulnerable. Impact An attacker may execute arbitrary SQL statements on the vulnerable system. This may compromise the integrity of your database and/or expose sensitive information. Depending on the back-end database in use, SQL injection vulnerabilities lead to varying levels of data/system access for the attacker. It may be possible to not only manipulate existing queries, but to UNION in arbitrary data, use subselects, or append additional queries. In some cases, it may be possible to read in or write out to files, or to execute shell commands on the underlying operating system. Certain SQL Servers such as Microsoft SQL Server contain stored and extended procedures (database server functions). If an attacker can obtain access to these procedures it may be possible to compromise the entire machine. Recommendation Your script should filter metacharacters from user input. Check detailed information for more information about fixing this vulnerability. References More Advanced SQL Injection OWASP PHP Top 5 SQL Injection Walkthrough OWASP Injection Flaws Security Focus - Penetration Testing for Web Applications (Part Two) Advanced SQL Injection Acunetix SQL Injection Attack SQL Injection Attacks by Example Affected items /ajax/getMoreNews.php Details URL encoded POST input from was set to 1'" Error message found: You have an error in your SQL syntax Request headers
POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 116 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=5&from=1%27%22&Lang=ar&link=%3FcatId%3D5%26Lang%3Dar%26MenuId%3D20%26ParentId%3D14%26T emplateId%3D2&perPage=20 @Amenefus 57
/ajax/getMoreNews.php Details URL encoded POST input from was set to 1'" Error message found: You have an error in your SQL syntax Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 119 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=8&from=1%27%22&Lang=ar&link=%3FLang%3Dar%26MenuId%3D91%26PageId%3D20%26ParentId%3D48%2 6TemplateId%3D24&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input from was set to 1'" Error message found: You have an error in your SQL syntax Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 116 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=1&from=1%27%22&Lang=ar&link=%3FLang%3Dar%26MenuId%3D41%26PageId%3D0%26ParentId%3D3%26T emplateId%3D2&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input from was set to 1'" Error message found: You have an error in your SQL syntax Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 115 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=1%27%22&Lang=ar&link=%3FcatId%3D2%26Lang%3Dar%26MenuId%3D68%26ParentId%3D4%26Te mplateId%3D2&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input from was set to 1'" Error message found: You have an error in your SQL syntax Request headers
POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 129 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 @Amenefus 58
Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=1%27%22&Lang=ar&link=%3FcatId%3D2%26Lang%3Dar%26MenuId%3D68%26PageId%3D0%26Pare ntId%3D14%26TemplateId%3D2&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input from was set to 1'" Error message found: You have an error in your SQL syntax Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 104 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=5&from=1%27%22&Lang=ar&link=%3FcatId%3D5%26MenuId%3D20%26ParentId%3D14%26TemplateId%3D 2&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input from was set to 1'" Error message found: You have an error in your SQL syntax Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 129 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=1%27%22&Lang=en&link=%3FcatId%3D2%26Lang%3Den%26MenuId%3D68%26PageId%3D0%26Pare ntId%3D14%26TemplateId%3D2&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input from was set to 1'" Error message found: You have an error in your SQL syntax Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 116 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=1&from=1%27%22&Lang=en&link=%3FLang%3Den%26MenuId%3D41%26PageId%3D0%26ParentId%3D3%26T emplateId%3D2&perPage=20
@Amenefus
59
/ajax/getMoreNews.php Details URL encoded POST input from was set to 1'" Error message found: You have an error in your SQL syntax Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 104 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=1&from=1%27%22&Lang=ar&link=%3FMenuId%3D41%26PageId%3D0%26ParentId%3D3%26TemplateId%3D 2&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input from was set to 1'" Error message found: You have an error in your SQL syntax Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 103 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=1%27%22&Lang=ar&link=%3FcatId%3D2%26MenuId%3D68%26ParentId%3D4%26TemplateId%3D2 &perPage=20 /ajax/getMoreNews.php Details URL encoded POST input from was set to 1'" Error message found: You have an error in your SQL syntax Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 115 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=1%27%22&Lang=en&link=%3FcatId%3D2%26Lang%3Den%26MenuId%3D68%26ParentId%3D4%26Te mplateId%3D2&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input perPage was set to 1'" Error message found: You have an error in your SQL syntax Request headers
Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=8&from=20&Lang=ar&link=%3FLang%3Dar%26MenuId%3D91%26PageId%3D20%26ParentId%3D48%26Temp lateId%3D24&perPage=1%27%22 /ajax/getMoreNews.php Details URL encoded POST input perPage was set to 1'" Error message found: You have an error in your SQL syntax Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 129 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=20&Lang=ar&link=%3FcatId%3D2%26Lang%3Dar%26MenuId%3D68%26PageId%3D0%26ParentId% 3D14%26TemplateId%3D2&perPage=1%27%22 /ajax/getMoreNews.php Details URL encoded POST input perPage was set to 1'" Error message found: You have an error in your SQL syntax Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 116 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=5&from=20&Lang=ar&link=%3FcatId%3D5%26Lang%3Dar%26MenuId%3D20%26ParentId%3D14%26Templa teId%3D2&perPage=1%27%22 /ajax/getMoreNews.php Details URL encoded POST input perPage was set to 1'" Error message found: You have an error in your SQL syntax Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 116 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=1&from=20&Lang=ar&link=%3FLang%3Dar%26MenuId%3D41%26PageId%3D0%26ParentId%3D3%26Templa teId%3D2&perPage=1%27%22
@Amenefus
61
/ajax/getMoreNews.php Details URL encoded POST input perPage was set to 1'" Error message found: You have an error in your SQL syntax Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 115 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=20&Lang=ar&link=%3FcatId%3D2%26Lang%3Dar%26MenuId%3D68%26ParentId%3D4%26Templat eId%3D2&perPage=1%27%22 /ajax/getMoreNews.php Details URL encoded POST input perPage was set to 1'" Error message found: You have an error in your SQL syntax Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 104 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=1&from=20&Lang=ar&link=%3FMenuId%3D41%26PageId%3D0%26ParentId%3D3%26TemplateId%3D2&per Page=1%27%22 /ajax/getMoreNews.php Details URL encoded POST input perPage was set to 1'" Error message found: You have an error in your SQL syntax Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 129 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=20&Lang=en&link=%3FcatId%3D2%26Lang%3Den%26MenuId%3D68%26PageId%3D0%26ParentId% 3D14%26TemplateId%3D2&perPage=1%27%22 /ajax/getMoreNews.php Details URL encoded POST input perPage was set to 1'" Error message found: You have an error in your SQL syntax Request headers
Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=1&from=20&Lang=en&link=%3FLang%3Den%26MenuId%3D41%26PageId%3D0%26ParentId%3D3%26Templa teId%3D2&perPage=1%27%22 /ajax/getMoreNews.php Details URL encoded POST input perPage was set to 1'" Error message found: You have an error in your SQL syntax Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 104 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=5&from=20&Lang=ar&link=%3FcatId%3D5%26MenuId%3D20%26ParentId%3D14%26TemplateId%3D2&per Page=1%27%22 /ajax/getMoreNews.php Details URL encoded POST input perPage was set to 1'" Error message found: You have an error in your SQL syntax Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 103 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=20&Lang=ar&link=%3FcatId%3D2%26MenuId%3D68%26ParentId%3D4%26TemplateId%3D2&perP age=1%27%22 /ajax/getMoreNews.php Details URL encoded POST input perPage was set to 1'" Error message found: You have an error in your SQL syntax Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 115 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=20&Lang=en&link=%3FcatId%3D2%26Lang%3Den%26MenuId%3D68%26ParentId%3D4%26Templat eId%3D2&perPage=1%27%22
@Amenefus
63
Application error message

Severity Medium Type Validation Reported by module Scripting (Error_Message.script) Description This page contains an error/warning message that may disclose sensitive information.The message can also contain the location of the file that produced the unhandled exception. This may be a false positive if the error message is found in documentation pages. Impact The error messages may disclose sensitive information. This information can be used to launch further attacks. Recommendation Review the source code for this script. References PHP Runtime Configuration Affected items /ajax/getMoreNews.php Details URL encoded POST input from was set to 1e309 Error message found: You have an error in your SQL syntax Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 114 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=5&from=1e309&Lang=ar&link=%3FcatId%3D5%26Lang%3Dar%26MenuId%3D20%26ParentId%3D14%26Tem plateId%3D2&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input from was set to 1e309 Error message found: You have an error in your SQL syntax Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 117 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=8&from=1e309&Lang=ar&link=%3FLang%3Dar%26MenuId%3D91%26PageId%3D20%26ParentId%3D48%26T emplateId%3D24&perPage=20
@Amenefus
64
/ajax/getMoreNews.php Details URL encoded POST input from was set to 1e309 Error message found: You have an error in your SQL syntax Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 114 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=1&from=1e309&Lang=ar&link=%3FLang%3Dar%26MenuId%3D41%26PageId%3D0%26ParentId%3D3%26Tem plateId%3D2&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input from was set to 1e309 Error message found: You have an error in your SQL syntax Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 113 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=1e309&Lang=ar&link=%3FcatId%3D2%26Lang%3Dar%26MenuId%3D68%26ParentId%3D4%26Temp lateId%3D2&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input from was set to 1e309 Error message found: You have an error in your SQL syntax Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 127 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=1e309&Lang=ar&link=%3FcatId%3D2%26Lang%3Dar%26MenuId%3D68%26PageId%3D0%26Parent Id%3D14%26TemplateId%3D2&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input from was set to 1e309 Error message found: You have an error in your SQL syntax Request headers
Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=5&from=1e309&Lang=ar&link=%3FcatId%3D5%26MenuId%3D20%26ParentId%3D14%26TemplateId%3D2& perPage=20 /ajax/getMoreNews.php Details URL encoded POST input from was set to 1e309 Error message found: You have an error in your SQL syntax Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 114 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=1&from=1e309&Lang=en&link=%3FLang%3Den%26MenuId%3D41%26PageId%3D0%26ParentId%3D3%26Tem plateId%3D2&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input from was set to 1e309 Error message found: You have an error in your SQL syntax Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 127 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=1e309&Lang=en&link=%3FcatId%3D2%26Lang%3Den%26MenuId%3D68%26PageId%3D0%26Parent Id%3D14%26TemplateId%3D2&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input from was set to 1e309 Error message found: You have an error in your SQL syntax Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 102 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=1&from=1e309&Lang=ar&link=%3FMenuId%3D41%26PageId%3D0%26ParentId%3D3%26TemplateId%3D2& perPage=20
@Amenefus
66
/ajax/getMoreNews.php Details URL encoded POST input from was set to 1e309 Error message found: You have an error in your SQL syntax Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 101 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=1e309&Lang=ar&link=%3FcatId%3D2%26MenuId%3D68%26ParentId%3D4%26TemplateId%3D2&p erPage=20 /ajax/getMoreNews.php Details URL encoded POST input from was set to 1e309 Error message found: You have an error in your SQL syntax Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 113 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=1e309&Lang=en&link=%3FcatId%3D2%26Lang%3Den%26MenuId%3D68%26ParentId%3D4%26Temp lateId%3D2&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input perPage was set to 1e309 Error message found: You have an error in your SQL syntax Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 117 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=8&from=20&Lang=ar&link=%3FLang%3Dar%26MenuId%3D91%26PageId%3D20%26ParentId%3D48%26Temp lateId%3D24&perPage=1e309 /ajax/getMoreNews.php Details URL encoded POST input perPage was set to 1e309 Error message found: You have an error in your SQL syntax Request headers
Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=20&Lang=ar&link=%3FcatId%3D2%26Lang%3Dar%26MenuId%3D68%26PageId%3D0%26ParentId% 3D14%26TemplateId%3D2&perPage=1e309 /ajax/getMoreNews.php Details URL encoded POST input perPage was set to 1e309 Error message found: You have an error in your SQL syntax Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 114 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=5&from=20&Lang=ar&link=%3FcatId%3D5%26Lang%3Dar%26MenuId%3D20%26ParentId%3D14%26Templa teId%3D2&perPage=1e309 /ajax/getMoreNews.php Details URL encoded POST input perPage was set to 1e309 Error message found: You have an error in your SQL syntax Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 114 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=1&from=20&Lang=ar&link=%3FLang%3Dar%26MenuId%3D41%26PageId%3D0%26ParentId%3D3%26Templa teId%3D2&perPage=1e309 /ajax/getMoreNews.php Details URL encoded POST input perPage was set to 1e309 Error message found: You have an error in your SQL syntax Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 113 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=20&Lang=ar&link=%3FcatId%3D2%26Lang%3Dar%26MenuId%3D68%26ParentId%3D4%26Templat eId%3D2&perPage=1e309
@Amenefus
68
/ajax/getMoreNews.php Details URL encoded POST input perPage was set to 1e309 Error message found: You have an error in your SQL syntax Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 102 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=1&from=20&Lang=ar&link=%3FMenuId%3D41%26PageId%3D0%26ParentId%3D3%26TemplateId%3D2&per Page=1e309 /ajax/getMoreNews.php Details URL encoded POST input perPage was set to 1e309 Error message found: You have an error in your SQL syntax Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 114 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=1&from=20&Lang=en&link=%3FLang%3Den%26MenuId%3D41%26PageId%3D0%26ParentId%3D3%26Templa teId%3D2&perPage=1e309 /ajax/getMoreNews.php Details URL encoded POST input perPage was set to 1e309 Error message found: You have an error in your SQL syntax Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 127 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=20&Lang=en&link=%3FcatId%3D2%26Lang%3Den%26MenuId%3D68%26PageId%3D0%26ParentId% 3D14%26TemplateId%3D2&perPage=1e309 /ajax/getMoreNews.php Details URL encoded POST input perPage was set to 1e309 Error message found: You have an error in your SQL syntax Request headers
Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=5&from=20&Lang=ar&link=%3FcatId%3D5%26MenuId%3D20%26ParentId%3D14%26TemplateId%3D2&per Page=1e309 /ajax/getMoreNews.php Details URL encoded POST input perPage was set to 1e309 Error message found: You have an error in your SQL syntax Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 101 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=20&Lang=ar&link=%3FcatId%3D2%26MenuId%3D68%26ParentId%3D4%26TemplateId%3D2&perP age=1e309 /ajax/getMoreNews.php Details URL encoded POST input perPage was set to 1e309 Error message found: You have an error in your SQL syntax Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 113 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=20&Lang=en&link=%3FcatId%3D2%26Lang%3Den%26MenuId%3D68%26ParentId%3D4%26Templat eId%3D2&perPage=1e309
@Amenefus
70
FCKeditor Arbitrary File Upload

Severity Medium Type Validation Reported by module Scripting (FCKEditor_Audit.script) Description Multiple vendor applications utilize FCKeditor. FCKeditor contains functionality to handle file uploads and file management. A remote attacker could use this functionality to upload malicous executable files on the system. To test file upload capabilities, Acunetix WVS created a file named Acunetix_WVS_File_Upload_test.txt on the server. Impact An attacker could upload and execute malicious code. Recommendation It is recommended to disable the file upload functionality in FCKeditor (if not required). References FCKeditor FCKeditor CurrentFolder directory traversal Affected items /support/FCKeditor/editor/filemanager/connectors/php/connector.php?Command=FileUpload&Type=File&Curren tFolder=/ Details No details are available. Request headers POST /support/FCKeditor/editor/filemanager/connectors/php/connector.php?Command=FileUpload&Typ e=File&CurrentFolder=/ HTTP/1.1 Content-Type: multipart/form-data; boundary=---------------------------29565348729577 Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Content-Length: 270 Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* -----------------------------29565348729577 Content-Disposition: form-data; name="NewFile"; filename="Acunetix_WVS_File_Upload_test.txt" Content-Type: text/plain Testing file upload (HoXmZQwLEznHU7iQe10g231W1wjTrX5m) -----------------------------29565348729577--
@Amenefus
71
HTML form without CSRF protection

Severity Medium Type Informational Reported by module Crawler Description This alert may be a false positive, manual confirmation is required. Cross-site request forgery, also known as a one-click attack or session riding and abbreviated as CSRF or XSRF, is a type of malicious exploit of a website whereby unauthorized commands are transmitted from a user that the website trusts. Acunetix WVS found a HTML form with no apparent CSRF protection implemented. Consult details for more information about the affected HTML form. Impact An attacker may force the users of a web application to execute actions of the attacker's choosing. A successful CSRF exploit can compromise end user data and operation in case of normal user. If the targeted end user is the administrator account, this can compromise the entire web application. Recommendation Check if this form requires CSRF protection and implement CSRF countermeasures if necessary. Affected items / Details Form name: <empty> Form action: http://www.paltelgroup.ps/index.php?TemplateId=17&Lang=ar Form method: POST Form inputs: - search [Text] - searchButton [Submit]
Request headers GET / HTTP/1.1 Pragma: no-cache Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Acunetix-Aspect-Queries: filelist;aspectalerts Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* / (975a4a1b7430a0d8d05b765506281cce) Details
Form name: <empty> Form action: http://www.paltelgroup.ps/index.php?TemplateId=17&Lang=en Form method: POST Form inputs: - search [Text] - searchButton [Submit]
@Amenefus
72
Request headers GET /?Lang=en HTTP/1.1 Pragma: no-cache Referer: http://www.paltelgroup.ps/ Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Acunetix-Aspect-Queries: filelist;aspectalerts Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* /index.php (49d67861bd12777a7a2650a300089e02) Details Form name: reg Form action: http://www.paltelgroup.ps/application_corporate_action.php Form method: POST Form inputs: - opt [Hidden] - corporates_name [Text] - corporates_owner [Text] - corporates_contact [Text] - corporates_mobile [Text] - corporates_mobile_pre [Select] - corporates_contact_mobile [Text] - corporates_contact_mobile_pre [Select] - corporates_phone [Text][/l ... (line truncated) Request headers GET /index.php?Lang=ar&MenuId=50&ParentId=4&TemplateId=15 HTTP/1.1 Pragma: no-cache Referer: http://www.paltelgroup.ps/ Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Acunetix-Aspect-Queries: filelist;aspectalerts Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* /index.php (9fc54a9bc9d01b713855ba23fe521a28) Details Form name: <empty> Form action: http://www.paltelgroup.ps/index.php Form method: POST Form inputs: - Lang [Hidden] - name [Text] - email [Text] - telenum [Text] - org [Text] - country [Select] - subject [Text] - feedback [TextArea] - capa [Text]
Request headers
GET /index.php?Lang=ar&ParentId=0&TemplateId=22 HTTP/1.1 Pragma: no-cache @Amenefus 73
Referer: http://www.paltelgroup.ps/ Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Acunetix-Aspect-Queries: filelist;aspectalerts Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* /index.php (a43aa64b6c7f5b32aff137a508ade340) Details Form name: <empty> Form action: http://www.paltelgroup.ps/index.php Form method: POST Form inputs: - Lang [Hidden] - name [Text] - email [Text] - telenum [Text] - org [Text] - country [Select] - subject [Text] - feedback [TextArea] - capa [Text]
Request headers GET /index.php?Lang=en&ParentId=0&TemplateId=22 HTTP/1.1 Pragma: no-cache Referer: http://www.paltelgroup.ps/ Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Acunetix-Aspect-Queries: filelist;aspectalerts Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* /support Details Form name: form1 Form action: http://www.paltelgroup.ps/support/index.php Form method: POST Form inputs: - name [Text] - password [Password] - security_code [Text] - login [Hidden]
Request headers
GET /support/ HTTP/1.1 Pragma: no-cache Referer: http://www.paltelgroup.ps/support/ Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Acunetix-Aspect-Queries: filelist;aspectalerts Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps @Amenefus 74
Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* /support/FCKeditor/editor/filemanager/connectors/test.html Details Form name: <empty> Form action: http://www.paltelgroup.ps/support/FCKeditor/editor/filemanager/connectors/test.html Form method: POST Form inputs: - NewFile [File]
Request headers GET /support/FCKeditor/editor/filemanager/connectors/test.html HTTP/1.1 Pragma: no-cache Referer: http://www.paltelgroup.ps/support/FCKeditor/editor/filemanager/connectors/ Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Acunetix-Aspect-Queries: filelist;aspectalerts Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */*
@Amenefus
75
PHP open_basedir is not set

Severity Medium Type Configuration Reported by module Scripting (PHPInfo.script) Description The open_basedir configuration directive will limit the files that can be opened by PHP to the specified directory-tree. When a script tries to open a file with, for example, fopen() or gzopen(), the location of the file is checked. When the file is outside the specified directory-tree, PHP will refuse to open it. open_basedir is a good protection against remote file inclusion vulnerabilities. For a remote attacker it is not possible to break out of the open_basedir restrictions if he is only able to inject the name of a file to be included. Therefore the number of files he will be able to include with such a local file include vulnerability is limited. Impact Application dependant - possible remote code inclusion. Recommendation You can set open_basedir from php.ini php.ini open_basedir = your_application_directory
Affected items /info.php Details This vulnerability was detected using the information from phpinfo() page /info.php open_basedir: no value Request headers GET /info.php HTTP/1.1 Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */*
@Amenefus
76
PHPinfo page found

Severity Medium Type Validation Reported by module Scripting (PHPInfo.script) Description PHPinfo page has been found in this directory. The PHPinfo page outputs a large amount of information about the current state of PHP. This includes information about PHP compilation options and extensions, the PHP version, server information and environment (if compiled as a module), the PHP environment, OS version information, paths, master and local values of configuration options, HTTP headers, and the PHP License. Impact This file may expose sensitive information that may help an malicious user to prepare more advanced attacks. Recommendation Remove the file from production systems. References PHP phpinfo Affected items /info.php Details phpinfo() page found at : /info.php Request headers GET /info.php HTTP/1.1 Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* /info.php Details Pattern found: <title>phpinfo()</title> Request headers GET /info.php HTTP/1.1 Pragma: no-cache Referer: http://www.paltelgroup.ps/ Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Acunetix-Aspect-Queries: filelist;aspectalerts Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */*
@Amenefus
77
Source code disclosure

Severity Medium Type Validation Reported by module Scripting (Text_Search.script) Description Looks like the source code for this script is available. This check is using pattern matching to determine if server side tags are found in the file. In some cases this alert may generate false positives. Impact An attacker can gather sensitive information (database connection strings, application logic) by analysing the source code. This information can be used to conduct further attacks. Recommendation Remove this file from your website or change its permissions to remove access. References iMPERVA Source Code Disclosure Affected items /support/FCKeditor/editor/filemanager/connectors/asp/connector.asp Details Pattern found: <%@ CodePage=65001 Language="VBScript"%> Request headers GET /support/FCKeditor/editor/filemanager/connectors/asp/connector.asp HTTP/1.1 Pragma: no-cache Referer: http://www.paltelgroup.ps/support/FCKeditor/editor/filemanager/connectors/test.html Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Acunetix-Aspect-Queries: filelist;aspectalerts Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */*
@Amenefus
78
User credentials are sent in clear text

Severity Medium Type Informational Reported by module Crawler Description User credentials are transmitted over an unencrypted channel. This information should always be transferred via an encrypted channel (HTTPS) to avoid being intercepted by malicious users. Impact A third party may be able to read the user credentials by intercepting an unencrypted HTTP connection. Recommendation Because user credentials are considered sensitive information, should always be transferred to the server over an encrypted connection (HTTPS). Affected items /support Details Form name: form1 Form action: http://www.paltelgroup.ps/support/index.php Form method: POST Form inputs: - name [Text] - password [Password] - security_code [Text] - login [Hidden]
Request headers GET /support/ HTTP/1.1 Pragma: no-cache Referer: http://www.paltelgroup.ps/support/ Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Acunetix-Aspect-Queries: filelist;aspectalerts Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */*
@Amenefus
79
File upload
Severity Low Type Informational Reported by module Crawler Description This page allows visitors to upload files to the server. Various web applications allow users to upload files (such as pictures, images, sounds, ...). Uploaded files may pose a significant risk if not handled correctly. A remote attacker could send a multipart/form-data POST request with a specially-crafted filename or mime type and execute arbitrary code. Impact If the uploaded files are not safely checked an attacker may upload malicious files. Recommendation Restrict file types accepted for upload: check the file extension and only allow certain files to be uploaded. Use a whitelist approach instead of a blacklist. Check for double extensions such as .php.png. Check for files without a filename like .htaccess (on ASP.NET, check for configuration files like web.config). Change the permissions on the upload folder so the files within it are not executable. If possible, rename the files that are uploaded. Affected items /application_corporate_action.php Details Form name: reg Form action: http://www.paltelgroup.ps/application_corporate_action.php Form method: POST Form inputs: - opt [Hidden] - corporates_name [Text] - corporates_owner [Text] - corporates_contact [Text] - corporates_mobile [Text] - corporates_mobile_pre [Select] - corporates_contact_mobile [Text] - corporates_contact_mobile_pre [Select] - corporates_phone [Text][/l ... (line truncated) Request headers GET / HTTP/1.1 /support/FCKeditor/editor/filemanager/connectors/test.html Details Form name: <empty> Form action: http://www.paltelgroup.ps/support/FCKeditor/editor/filemanager/connectors/test.html Form method: POST Form inputs: - NewFile [File]
Request headers
GET /support/FCKeditor/editor/filemanager/connectors/test.html HTTP/1.1 Pragma: no-cache Referer: http://www.paltelgroup.ps/support/FCKeditor/editor/filemanager/connectors/ Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Acunetix-Aspect-Queries: filelist;aspectalerts @Amenefus 80
Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */*
@Amenefus
81
Login page password-guessing attack

Severity Low Type Validation Reported by module Scripting (Html_Authentication_Audit.script) Description A common threat web developers face is a password-guessing attack known as a brute force attack. A brute-force attack is an attempt to discover a password by systematically trying every possible combination of letters, numbers, and symbols until you discover the one correct combination that works. This login page doesn't have any protection against password-guessing attacks (brute force attacks). It's recommended to implement some type of account lockout after a defined number of incorrect password attempts. Consult Web references for more information about fixing this problem. Impact An attacker may attempt to discover a weak password by systematically trying every possible combination of letters, numbers, and symbols until it discovers the one correct combination that works. Recommendation It's recommended to implement some type of account lockout after a defined number of incorrect password attempts. References Blocking Brute Force Attacks Affected items /support/index.php Details The scanner tested 10 invalid credentials and no account lockout was detected. Request headers POST /support/index.php HTTP/1.1 Content-Length: 56 Content-Type: application/x-www-form-urlencoded Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* login=yes&name=nAw6F8aD&password=Hya7Kb5P&security_code=
@Amenefus
82
Possible sensitive directories

Severity Low Type Validation Reported by module Scripting (Possible_Sensitive_Directories.script) Description A possible sensitive directory has been found. This directory is not directly linked from the website.This check looks for common sensitive resources like backup directories, database dumps, administration pages, temporary directories. Each one of these directories could help an attacker to learn more about his target. Impact This directory may expose sensitive information that could help a malicious user to prepare more advanced attacks. Recommendation Restrict access to this directory or remove it from the website. References Web Server Security and Database Server Security Affected items /images/staff Details No details are available. Request headers GET /images/staff HTTP/1.1 Accept: acunetix/wvs Range: bytes=0-99999 Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) /support/FCKeditor Details No details are available. Request headers GET /support/FCKeditor HTTP/1.1 Accept: acunetix/wvs Range: bytes=0-99999 Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) /support/FCKeditor/editor/_source Details No details are available. Request headers
GET /support/FCKeditor/editor/_source HTTP/1.1 Accept: acunetix/wvs Range: bytes=0-99999 Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) @Amenefus 83
/support/FCKeditor/editor/filemanager Details No details are available. Request headers GET /support/FCKeditor/editor/filemanager HTTP/1.1 Accept: acunetix/wvs Range: bytes=0-99999 Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) /uploads Details No details are available. Request headers GET /uploads HTTP/1.1 Accept: acunetix/wvs Range: bytes=0-99999 Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
@Amenefus
84
Possible sensitive files

Severity Low Type Validation Reported by module Scripting (Possible_Sensitive_Files.script) Description A possible sensitive file has been found. This file is not directly linked from the website. This check looks for common sensitive resources like password files, configuration files, log files, include files, statistics data, database dumps. Each one of these files could help an attacker to learn more about his target. Impact This file may expose sensitive information that could help a malicious user to prepare more advanced attacks. Recommendation Restrict access to this file or remove it from the website. References Web Server Security and Database Server Security Affected items /banners/.DS_Store Details No details are available. Request headers GET /banners/.DS_Store HTTP/1.1 Accept: acunetix/wvs Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) /banners/images/.DS_Store Details No details are available. Request headers GET /banners/images/.DS_Store HTTP/1.1 Accept: acunetix/wvs Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) /classes/.DS_Store Details No details are available. Request headers GET /classes/.DS_Store HTTP/1.1 Accept: acunetix/wvs Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
@Amenefus
85
/css/.DS_Store Details No details are available. Request headers GET /css/.DS_Store HTTP/1.1 Accept: acunetix/wvs Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) /downloads/.DS_Store Details No details are available. Request headers GET /downloads/.DS_Store HTTP/1.1 Accept: acunetix/wvs Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) /downloads/reports/.DS_Store Details No details are available. Request headers GET /downloads/reports/.DS_Store HTTP/1.1 Accept: acunetix/wvs Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) /downloads/reports_thumb/.DS_Store Details No details are available. Request headers GET /downloads/reports_thumb/.DS_Store HTTP/1.1 Accept: acunetix/wvs Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) /images/.DS_Store Details No details are available. Request headers GET /images/.DS_Store HTTP/1.1 Accept: acunetix/wvs Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
@Amenefus
86
/images/images/.DS_Store Details No details are available. Request headers GET /images/images/.DS_Store HTTP/1.1 Accept: acunetix/wvs Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) /images/staff/.DS_Store Details No details are available. Request headers GET /images/staff/.DS_Store HTTP/1.1 Accept: acunetix/wvs Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) /images/stories/.DS_Store Details No details are available. Request headers GET /images/stories/.DS_Store HTTP/1.1 Accept: acunetix/wvs Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) /js/.DS_Store Details No details are available. Request headers GET /js/.DS_Store HTTP/1.1 Accept: acunetix/wvs Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) /support/.DS_Store Details No details are available. Request headers GET /support/.DS_Store HTTP/1.1 Accept: acunetix/wvs Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
@Amenefus
87
/support/FCKeditor/.cvsignore Details No details are available. Request headers GET /support/FCKeditor/.cvsignore HTTP/1.1 Accept: acunetix/wvs Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) /support/FCKeditor/editor/filemanager/connectors/test.html Details No details are available. Request headers GET /support/FCKeditor/editor/filemanager/connectors/test.html HTTP/1.1 Accept: acunetix/wvs Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) /support/menu/test.php Details No details are available. Request headers GET /support/menu/test.php HTTP/1.1 Accept: acunetix/wvs Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
@Amenefus
88
Session Cookie without HttpOnly flag set

Severity Low Type Informational Reported by module Crawler Description This session cookie doesn't have the HTTPOnly flag set. When a cookie is set with the HTTPOnly flag, it instructs the browser that the cookie can only be accessed by the server and not by client-side scripts. This is an important security protection for session cookies. Impact None Recommendation If possible, you should set the HTTPOnly flag for this cookie. Affected items / Details Cookie name: "PHPSESSID" Cookie domain: "www.paltelgroup.ps" Request headers GET / HTTP/1.1 Pragma: no-cache Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Acunetix-Aspect-Queries: filelist;aspectalerts Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */*
@Amenefus
89
Session Cookie without Secure flag set

Severity Low Type Informational Reported by module Crawler Description This session cookie doesn't have the Secure flag set. When a cookie is set with the Secure flag, it instructs the browser that the cookie can only be accessed over secure SSL channels. This is an important security protection for session cookies. Impact None Recommendation If possible, you should set the Secure flag for this cookie. Affected items / Details Cookie name: "PHPSESSID" Cookie domain: "www.paltelgroup.ps" Request headers GET / HTTP/1.1 Pragma: no-cache Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Acunetix-Aspect-Queries: filelist;aspectalerts Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */*
@Amenefus
90
TRACE method is enabled

Severity Low Type Validation Reported by module Scripting (Track_Trace_Server_Methods.script) Description HTTP TRACE method is enabled on this web server. In the presence of other cross-domain vulnerabilities in web browsers, sensitive header information could be read from any domains that support the HTTP TRACE method. Impact Attackers may abuse HTTP TRACE functionality to gain access to information in HTTP headers such as cookies and authentication data. Recommendation Disable TRACE Method on the web server. References US-CERT VU#867593 IIS 6 WWW Service Registry Entries Cross-site tracing (XST) W3C - RFC 2616 Affected items Web Server Details No details are available. Request headers TRACE /sJg6vZcsot HTTP/1.1 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */*
@Amenefus
91
Broken links
Severity Informational Type Informational Reported by module Crawler Description A broken link refers to any link that should take you to a document, image or webpage, that actually results in an error. This page was linked from the website but it is inaccessible. Impact Problems navigating the site. Recommendation Remove the links to this file or make it accessible. Affected items /a Details No details are available. Request headers GET /a HTTP/1.1 Pragma: no-cache Referer: http://www.paltelgroup.ps/ Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Acunetix-Aspect-Queries: filelist;aspectalerts Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* /ajax/images/staff Details No details are available. Request headers GET /ajax/images/staff/ HTTP/1.1 Pragma: no-cache Referer: http://www.paltelgroup.ps/ajax/images/staff Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Acunetix-Aspect-Queries: filelist;aspectalerts Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */*
@Amenefus
92
Email address found

Severity Informational Type Informational Reported by module Scripting (Text_Search.script) Description One or more email addresses have been found on this page. The majority of spam comes from email addresses harvested off the internet. The spam-bots (also known as email harvesters and email extractors) are programs that scour the internet looking for email addresses on any website they come across. Spambot programs look for strings like myname@mydomain.com and then record any addresses found. Impact Email addresses posted on Web sites may attract spam. Recommendation Check references for details on how to solve this problem. References Why Am I Getting All This Spam? Spam-Proofing Your Website Affected items /index.php Details Pattern found: info@zoom.ps Request headers GET /index.php HTTP/1.1 Pragma: no-cache Referer: http://www.paltelgroup.ps/ Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Acunetix-Aspect-Queries: filelist;aspectalerts Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* /info.php Details Pattern found: license@php.net Request headers GET /info.php HTTP/1.1 Pragma: no-cache Referer: http://www.paltelgroup.ps/ Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Acunetix-Aspect-Queries: filelist;aspectalerts Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */*
@Amenefus
93
/js/jquery.hoverIntent.minified.js Details Pattern found: brian@cherne.net Request headers GET /js/jquery.hoverIntent.minified.js HTTP/1.1 Pragma: no-cache Referer: http://www.paltelgroup.ps/ Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Acunetix-Aspect-Queries: filelist;aspectalerts Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */*
@Amenefus
94
GHDB: Default phpinfo page

Severity Informational Type Informational Reported by module GHDB Description The description for this alert is contributed by the GHDB community, it may contain inappropriate language. Category : Files containing passwords This will look throught default phpinfo pages for ones that have a default mysql password. The Google Hacking Database (GHDB) appears courtesy of the Google Hacking community. Impact Not available. Check description. Recommendation Not available. Check description. References The Google Hacking Database (GHDB) community Acunetix Google hacking Affected items /info.php Details We found intitle:"phpinfo()" +"mysql.default_password" +"Zend Scripting Language Engine" Request headers GET /info.php HTTP/1.1 Pragma: no-cache Referer: http://www.paltelgroup.ps/ Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Acunetix-Aspect-Queries: filelist;aspectalerts Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */*
@Amenefus
95
GHDB: phpinfo()
Severity Informational Type Informational Reported by module GHDB Description The description for this alert is contributed by the GHDB community, it may contain inappropriate language. Category : Files containing juicy info this brings up sites with phpinfo(). There is SO much cool stuff in here that you just have to check one out for yourself! I mean full blown system versioning, SSL version, sendmail version and path, ftp, LDAP, SQL info, Apache mods, Apache env vars, *sigh* the list goes on and on! Thanks "joe!" =) The Google Hacking Database (GHDB) appears courtesy of the Google Hacking community. Impact Not available. Check description. Recommendation Not available. Check description. References Acunetix Google hacking The Google Hacking Database (GHDB) community Affected items /info.php Details We found intitle:phpinfo "PHP Version" Request headers GET /info.php HTTP/1.1 Pragma: no-cache Referer: http://www.paltelgroup.ps/ Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Acunetix-Aspect-Queries: filelist;aspectalerts Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */*
@Amenefus
96
GHDB: Possible mysql configuration file

Severity Informational Type Informational Reported by module GHDB Description The description for this alert is contributed by the GHDB community, it may contain inappropriate language. Category : Files containing juicy info This file contains port number, version number and path info to MySQL server. The Google Hacking Database (GHDB) appears courtesy of the Google Hacking community. Impact Not available. Check description. Recommendation Not available. Check description. References The Google Hacking Database (GHDB) community Acunetix Google hacking Affected items /info.php Details We found intitle:"index of" mysql.conf OR mysql_config Request headers GET /info.php HTTP/1.1 Pragma: no-cache Referer: http://www.paltelgroup.ps/ Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Acunetix-Aspect-Queries: filelist;aspectalerts Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */*
@Amenefus
97
Password type input with autocomplete enabled

Severity Informational Type Informational Reported by module Crawler Description When a new name and password is entered in a form and the form is submitted, the browser asks if the password should be saved. Thereafter when the form is displayed, the name and password are filled in automatically or are completed as the name is entered. An attacker with local access could obtain the cleartext password from the browser cache. Impact Possible sensitive information disclosure Recommendation The password autocomplete should be disabled in sensitive applications. To disable autocomplete, you may use a code similar to: <INPUT TYPE="password" AUTOCOMPLETE="off">
Affected items /support Details Password type input named password from form named form1 with action /support/index.php has autocomplete enabled. Request headers GET /support/ HTTP/1.1 Pragma: no-cache Referer: http://www.paltelgroup.ps/support/ Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Acunetix-Aspect-Queries: filelist;aspectalerts Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */*
@Amenefus
98
Possible internal IP address disclosure

Severity Informational Type Informational Reported by module Scripting (Text_Search.script) Description A string matching an internal IPv4 address was found on this page. This may disclose information about the IP addressing scheme of the internal network. This information can be used to conduct further attacks. This alert may be a false positive, manual confirmation is required. Impact Possible sensitive information disclosure. Recommendation Prevent this information from being displayed to the user. Affected items /info.php Details Pattern found: 10.160.130.11 Request headers GET /info.php HTTP/1.1 Pragma: no-cache Referer: http://www.paltelgroup.ps/ Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Acunetix-Aspect-Queries: filelist;aspectalerts Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */*
@Amenefus
99
Possible username or password disclosure

Severity Informational Type Informational Reported by module Scripting (Text_Search.script) Description A username and/or password was found in this file. This information could be sensitive. This alert may be a false positive, manual confirmation is required. Impact Possible sensitive information disclosure. Recommendation Remove this file from your website or change its permissions to remove access. Affected items /js/jq.js Details Pattern found: password:function Request headers GET /js/jq.js HTTP/1.1 Pragma: no-cache Referer: http://www.paltelgroup.ps/ Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Acunetix-Aspect-Queries: filelist;aspectalerts Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */*
@Amenefus
100
Scanned items (coverage report)

URL: http://www.paltelgroup.ps/ Vulnerabilities has been identified for this URL 26 input(s) found for this URL Inputs Input scheme 1 Input name Lang MenuId PageId ParentId TemplateId Input scheme 2 Input name catId Lang MenuId ParentId TemplateId Input scheme 3 Input name Lang MenuId ParentId TemplateId Input scheme 4 Input name Lang Input scheme 5 Input name MenuId PageId ParentId TemplateId Input scheme 6 Input name catId MenuId ParentId TemplateId Input scheme 7 Input name MenuId ParentId TemplateId URL: http://www.paltelgroup.ps/index.php Vulnerabilities has been identified for this URL 144 input(s) found for this URL Input type URL encoded GET URL encoded GET URL encoded GET URL encoded GET URL encoded GET Input type URL encoded GET URL encoded GET URL encoded GET URL encoded GET URL encoded GET Input type URL encoded GET URL encoded GET URL encoded GET URL encoded GET Input type URL encoded GET Input type URL encoded GET URL encoded GET URL encoded GET URL encoded GET Input type URL encoded GET URL encoded GET URL encoded GET URL encoded GET Input type URL encoded GET URL encoded GET URL encoded GET
Inputs @Amenefus 101
Input scheme 1 Input name Lang TemplateId search searchButton Input scheme 2 Input name Lang MenuId PageId ParentId TemplateId Input scheme 3 Input name Lang PageId ParentId TemplateId Input scheme 4 Input name AlbumCat Lang MenuId ParentId TemplateId Input scheme 5 Input name catId Lang MenuId ParentId TemplateId Input scheme 6 Input name Lang ParentId TemplateId Input scheme 7 Input name Lang TemplateId Input scheme 8 Input name Lang Input scheme 9 Input name Lang MenuId
Input type URL encoded GET URL encoded GET URL encoded POST URL encoded POST Input type URL encoded GET URL encoded GET URL encoded GET URL encoded GET URL encoded GET Input type URL encoded GET URL encoded GET URL encoded GET URL encoded GET Input type URL encoded GET URL encoded GET URL encoded GET URL encoded GET URL encoded GET Input type URL encoded GET URL encoded GET URL encoded GET URL encoded GET URL encoded GET Input type URL encoded GET URL encoded GET URL encoded GET Input type URL encoded GET URL encoded GET Input type URL encoded GET Input type URL encoded GET URL encoded GET
ParentId @Amenefus
URL encoded GET 102
TemplateId Input scheme 10 Input name catId Lang MenuId NewsId PageId ParentId TemplateId Input scheme 11 Input name catId Lang MenuId PageId ParentId TemplateId Input scheme 12 Input name AlbumCat catId Lang MenuId ParentId TemplateId Input scheme 13 Input name MenuId PageId ParentId TemplateId Input scheme 14 Input name Lang Lang MenuId PageId ParentId TemplateId Input scheme 15 Input name AlbumCat MenuId ParentId TemplateId Input scheme 16 Input name AlbumCat ipp
URL encoded GET Input type URL encoded GET URL encoded GET URL encoded GET URL encoded GET URL encoded GET URL encoded GET URL encoded GET Input type URL encoded GET URL encoded GET URL encoded GET URL encoded GET URL encoded GET URL encoded GET Input type URL encoded GET URL encoded GET URL encoded GET URL encoded GET URL encoded GET URL encoded GET Input type URL encoded GET URL encoded GET URL encoded GET URL encoded GET Input type URL encoded GET URL encoded GET URL encoded GET URL encoded GET URL encoded GET URL encoded GET Input type URL encoded GET URL encoded GET URL encoded GET URL encoded GET Input type URL encoded GET URL encoded GET
Lang @Amenefus
URL encoded GET 103
MenuId page ParentId TemplateId Input scheme 17 Input name catId MenuId ParentId TemplateId Input scheme 18 Input name catId ipp Lang MenuId page ParentId TemplateId Input scheme 19 Input name capa country email feedback Lang name org subject telenum Input scheme 20 Input name MenuId ParentId TemplateId Input scheme 21 Input name Lang MenuId NewsId PageId ParentId TemplateId Input scheme 22 Input name AlbumCat catId MenuId ParentId TemplateId
URL encoded GET URL encoded GET URL encoded GET URL encoded GET Input type URL encoded GET URL encoded GET URL encoded GET URL encoded GET Input type URL encoded GET URL encoded GET URL encoded GET URL encoded GET URL encoded GET URL encoded GET URL encoded GET Input type URL encoded POST URL encoded POST URL encoded POST URL encoded POST URL encoded POST URL encoded POST URL encoded POST URL encoded POST URL encoded POST Input type URL encoded GET URL encoded GET URL encoded GET Input type URL encoded GET URL encoded GET URL encoded GET URL encoded GET URL encoded GET URL encoded GET Input type URL encoded GET URL encoded GET URL encoded GET URL encoded GET URL encoded GET
@Amenefus
104
Input scheme 23 Input name AlbumCat catId ipp Lang MenuId page ParentId TemplateId Input scheme 24 Input name full id Lang MenuId ParentId TemplateId Input scheme 25 Input name ipp Lang MenuId page ParentId TemplateId Input scheme 26 Input name AlbumCat ipp MenuId page ParentId TemplateId Input scheme 27 Input name catId ipp MenuId page ParentId TemplateId Input scheme 28 Input name errro Lang MenuId ParentId TemplateId
Input type URL encoded GET URL encoded GET URL encoded GET URL encoded GET URL encoded GET URL encoded GET URL encoded GET URL encoded GET Input type URL encoded GET URL encoded GET URL encoded GET URL encoded GET URL encoded GET URL encoded GET Input type URL encoded GET URL encoded GET URL encoded GET URL encoded GET URL encoded GET URL encoded GET Input type URL encoded GET URL encoded GET URL encoded GET URL encoded GET URL encoded GET URL encoded GET Input type URL encoded GET URL encoded GET URL encoded GET URL encoded GET URL encoded GET URL encoded GET Input type URL encoded GET URL encoded GET URL encoded GET URL encoded GET URL encoded GET
@Amenefus
105
URL: http://www.paltelgroup.ps/images/ Vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/images/menu/ No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/images/press/ No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/images/inner/ No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/images/slideshow/ No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/images/slideshow/thumbs/ No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/images/stories/ Vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/images/stories/.DS_Store No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/images/banner/ No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/images/banner/icons/ No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/images/banner/icons/ar/ No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/images/staff/ Vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/images/staff/.DS_Store No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/images/.DS_Store No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/images/images/ Vulnerabilities has been identified for this URL
No input(s) found for this URL @Amenefus 106
URL: http://www.paltelgroup.ps/images/images/.DS_Store No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/images/audio/ No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/images/audio/mp3/ No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/images/projects/ No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/css_ar/ No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/css_ar/reset.css No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/css_ar/style.css No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/css_ar/paltel.css No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/css_ar/chartstyle.css No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/css_ar/style_ie8.css No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/css_ar/style_ie7.css No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/css_ar/style_ie9.css No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/css_ar/dcmegamenu.css No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/css/ Vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/css/jquery-ui.css No vulnerabilities has been identified for this URL
URL: http://www.paltelgroup.ps/css/jquery.fancybox.css No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/css/style.css No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/css/reset.css No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/css/paltel.css No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/css/chartstyle.css No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/css/form.css No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/css/images/ No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/css/style_ie7.css No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/css/style_ie8.css No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/css/dcmegamenu.css No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/css/.DS_Store No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/js/ Vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/js/jq.js Vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/js/jquery.hoverIntent.minified.js Vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/js/jqc.js No vulnerabilities has been identified for this URL
URL: http://www.paltelgroup.ps/js/jqEasing.js No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/js/exCanvas.js No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/js/jquery.fancybox.pack.js No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/js/jq.selectBox.js No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/js/expCanvas.js No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/js/warning.js No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/js/jquery-ui.js No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/js/jquery.dcmegamenu.1.3.3_ar.js No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/js/home_ar.js No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/js/menuInner_ar.js No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/js/all.js No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/js/home.js No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/js/jquery.dcmegamenu.1.3.3.js No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/js/menuInner.js No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/js/datetimepicker_css.js No vulnerabilities has been identified for this URL
URL: http://www.paltelgroup.ps/js/.DS_Store No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/uploads/ No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/uploads/image/ No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/uploads/image/news%20and%20events%20/ No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/uploads/image/press%20release/ No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/uploads/file/ No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/uploads/flash/ No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/ajax/ No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/ajax/cal.php No vulnerabilities has been identified for this URL 2 input(s) found for this URL Inputs Input scheme 1 Input name id Lang URL: http://www.paltelgroup.ps/ajax/getReports.php No vulnerabilities has been identified for this URL 2 input(s) found for this URL Inputs Input scheme 1 Input name lang year URL: http://www.paltelgroup.ps/ajax/getTheNews.php No vulnerabilities has been identified for this URL 3 input(s) found for this URL Inputs Input scheme 1 Input type URL encoded POST URL encoded POST Input type URL encoded GET URL encoded GET
Input name @Amenefus
Input type 110
catId id Lang URL: http://www.paltelgroup.ps/ajax/getMoreNews.php Vulnerabilities has been identified for this URL 5 input(s) found for this URL Inputs Input scheme 1 Input name catId from Lang link perPage URL: http://www.paltelgroup.ps/ajax/contact.php No vulnerabilities has been identified for this URL 8 input(s) found for this URL Inputs Input scheme 1 Input name capa country email Lang name org subject telenum URL: http://www.paltelgroup.ps/ajax/getStaff.php No vulnerabilities has been identified for this URL 2 input(s) found for this URL Inputs Input scheme 1 Input name id Lang URL: http://www.paltelgroup.ps/ajax/images No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/ajax/images/staff/ Vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/downloads/ Vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/downloads/reports/ Vulnerabilities has been identified for this URL
URL encoded POST URL encoded POST URL encoded POST
Input type URL encoded POST URL encoded POST URL encoded POST URL encoded POST URL encoded POST
Input type URL encoded POST URL encoded POST URL encoded POST URL encoded POST URL encoded POST URL encoded POST URL encoded POST URL encoded POST
Input type URL encoded POST URL encoded POST
URL: http://www.paltelgroup.ps/downloads/reports/.DS_Store No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/downloads/reports_thumb/ Vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/downloads/reports_thumb/.DS_Store No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/downloads/.DS_Store No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/CaptchaSecurityImages.php No vulnerabilities has been identified for this URL 3 input(s) found for this URL Inputs Input scheme 1 Input name characters height width URL: http://www.paltelgroup.ps/application_corporate_action.php Vulnerabilities has been identified for this URL 69 input(s) found for this URL Inputs Input scheme 1 Input name about_project board_director button captcha city_1 city_10 city_11 city_12 city_13 city_14 city_15 city_16 city_2 city_3 city_4 city_5 city_6 city_7 city_8 city_9 corporate_address corporate_area Input type POST (multipart) POST (multipart) POST (multipart) POST (multipart) POST (multipart) POST (multipart) POST (multipart) POST (multipart) POST (multipart) POST (multipart) POST (multipart) POST (multipart) POST (multipart) POST (multipart) POST (multipart) POST (multipart) POST (multipart) POST (multipart) POST (multipart) POST (multipart) POST (multipart) POST (multipart) Input type URL encoded GET URL encoded GET URL encoded GET
corporate_non_pofet @Amenefus
POST (multipart) 112
corporate_reg_licen_attachment corporate_register2 corporates_contact corporates_contact_mobile corporates_contact_mobile_pre corporates_email corporates_fax corporates_fax_pre corporates_mobile corporates_mobile_pre corporates_name corporates_owner corporates_phone corporates_phone_pre corporates_web corporatr_types domain_1 domain_10 domain_11 domain_12 domain_2 domain_3 domain_4 domain_5 domain_6 domain_7 domain_8 domain_9 fi2at_1 fi2at_2 fi2at_4 fi2at_5 fi2at_6 fi2at_7 fund_ammount ghayah_from_application opt prject_duration prject_serve_fi2at prject_start_date project_attachments project_finance_reports project_majal project_mustafeed project_name requested_fund URL: http://www.paltelgroup.ps/captcha.php No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/a Vulnerabilities has been identified for this URL No input(s) found for this URL
POST (multipart) POST (multipart) POST (multipart) POST (multipart) POST (multipart) POST (multipart) POST (multipart) POST (multipart) POST (multipart) POST (multipart) POST (multipart) POST (multipart) POST (multipart) POST (multipart) POST (multipart) POST (multipart) POST (multipart) POST (multipart) POST (multipart) POST (multipart) POST (multipart) POST (multipart) POST (multipart) POST (multipart) POST (multipart) POST (multipart) POST (multipart) POST (multipart) POST (multipart) POST (multipart) POST (multipart) POST (multipart) POST (multipart) POST (multipart) POST (multipart) POST (multipart) POST (multipart) POST (multipart) POST (multipart) POST (multipart) POST (multipart) POST (multipart) POST (multipart) POST (multipart) POST (multipart) POST (multipart)
@Amenefus
113
URL: http://www.paltelgroup.ps/application_corporate_action1.php No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/application_corporate_action2.php No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/info.php Vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/banners/ Vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/banners/.DS_Store No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/banners/images/ Vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/banners/images/.DS_Store No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/classes/ Vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/classes/.DS_Store No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/support/ Vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/support/index.php Vulnerabilities has been identified for this URL 4 input(s) found for this URL Inputs Input scheme 1 Input name login name password security_code URL: http://www.paltelgroup.ps/support/style.css No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/support/images/ No vulnerabilities has been identified for this URL Input type URL encoded POST URL encoded POST URL encoded POST URL encoded POST
URL: http://www.paltelgroup.ps/support/CaptchaSecurityImages.php No vulnerabilities has been identified for this URL 3 input(s) found for this URL Inputs Input scheme 1 Input name characters height width URL: http://www.paltelgroup.ps/support/.DS_Store No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/support/FCKeditor/ Vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/support/FCKeditor/.cvsignore No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/support/FCKeditor/editor/ Vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/support/FCKeditor/editor/filemanager/ No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/support/FCKeditor/editor/filemanager/connectors/ Vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/support/FCKeditor/editor/filemanager/connectors/php/ No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/support/FCKeditor/editor/filemanager/connectors/php/connector.php No vulnerabilities has been identified for this URL 4 input(s) found for this URL Inputs Input scheme 1 Input name NewFile Command CurrentFolder Type Input type POST (multipart) URL encoded GET URL encoded GET URL encoded GET Input type URL encoded GET URL encoded GET URL encoded GET
URL: http://www.paltelgroup.ps/support/FCKeditor/editor/filemanager/connectors/php/config.php No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/support/FCKeditor/editor/filemanager/connectors/test.html Vulnerabilities has been identified for this URL 1 input(s) found for this URL
Inputs @Amenefus
115
Input scheme 1 Input name NewFile
Input type POST (multipart)
URL: http://www.paltelgroup.ps/support/FCKeditor/editor/filemanager/connectors/asp/ No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/support/FCKeditor/editor/filemanager/connectors/asp/connector.asp Vulnerabilities has been identified for this URL 3 input(s) found for this URL Inputs Input scheme 1 Input name Command CurrentFolder Type URL: http://www.paltelgroup.ps/support/FCKeditor/editor/_source/ No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/support/FCKeditor/editor/_source/classes/ No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/support/FCKeditor/editor/plugins/ No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/support/FCKeditor/editor/js/ No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/support/FCKeditor/editor/images/ No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/support/menu/ Vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/support/menu/test.php No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/support/menu/readme.txt No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/support/menu/css.css No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/support/menu/js.js No vulnerabilities has been identified for this URL No input(s) found for this URL Input type URL encoded GET URL encoded GET URL encoded GET
@Amenefus
116
URL: http://www.paltelgroup.ps/support/menu/hack.css No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/support/scripts/ No vulnerabilities has been identified for this URL No input(s) found for this URL
@Amenefus
117

Paltel Ps

Caricato da

Informazioni sul documento

Titolo originale

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

Paltel Ps

Caricato da

Copyright:

Formati disponibili

Follow us on Twitter.

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps Internet provider to Gaza.

12-Apr-13 4:29:56 PM 13-Apr-13 10:07:04 AM 17 hours, 37 minutes Default

True Apache Unknown

Top 10 response times

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps Internet provider to Gaza.

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps Internet provider to Gaza.

List of files with inputs

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps Internet provider to Gaza.

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps Internet provider to Gaza.

- /support/FCKeditor/editor/filemanager/connectors/test.html - 1 inputs - /support/FCKeditor/editor/filemanager/connectors/asp/connector.asp - 1 inputs

Affects /ajax/getMoreNews.php /support/index.php

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps Internet provider to Gaza.

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps Internet provider to Gaza.

Variations Affects /support/FCKeditor/editor/filemanager/connectors/php/connector.php?Command=FileUpload&Type=File&Curr 1 entFolder=/

Affects /application_corporate_action.php /support/FCKeditor/editor/filemanager/connectors/test.html

Affects /images/staff /support/FCKeditor /support/FCKeditor/editor/_source /support/FCKeditor/editor/filemanager /uploads

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps Internet provider to Gaza.

Affects Web Server

Affects /index.php /info.php /js/jquery.hoverIntent.minified.js

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps Internet provider to Gaza.

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps Internet provider to Gaza.

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps Internet provider to Gaza.

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps Internet provider to Gaza.

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps Internet provider to Gaza.

POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 90

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps Internet provider to Gaza.

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps Internet provider to Gaza.

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps Internet provider to Gaza.

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps Internet provider to Gaza.

POST /ajax/getMoreNews.php HTTP/1.1 11

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps Internet provider to Gaza.

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps Internet provider to Gaza.

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps Internet provider to Gaza.

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps Internet provider to Gaza.

Request headers POST /ajax/getMoreNews.php HTTP/1.1 13

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps Internet provider to Gaza.

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps Internet provider to Gaza.

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps Internet provider to Gaza.

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps Internet provider to Gaza.

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps Internet provider to Gaza.

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps Internet provider to Gaza.

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps Internet provider to Gaza.

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps Internet provider to Gaza.

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps Internet provider to Gaza.

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps Internet provider to Gaza.

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps Internet provider to Gaza.

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps Internet provider to Gaza.

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps Internet provider to Gaza.

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps Internet provider to Gaza.

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps Internet provider to Gaza.

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps Internet provider to Gaza.

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps Internet provider to Gaza.

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps Internet provider to Gaza.

POST /ajax/getMoreNews.php HTTP/1.1 @Amenefus 22

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps Internet provider to Gaza.

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps Internet provider to Gaza.

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps Internet provider to Gaza.

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps Internet provider to Gaza.

Request headers POST /ajax/getMoreNews.php HTTP/1.1 @Amenefus

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps Internet provider to Gaza.

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps Internet provider to Gaza.

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps Internet provider to Gaza.