Vulnerability report

Vulnerability Name

(1) Cross Site Scripting

(2) Shell Injection
(3) SQL Injection
 AT A GLANCE

• Resource: /blog/influencer-marketing- rent-

or-own

• Parameter: hs_amp

• Method: GET
•
• Risk: High
 REQUEST

• GET /blog/influencer-marketing-rent-or-
own?hs_amp=true'%20-->">'>'"
 DISCUSSION

• Cross-site scripting (XSS) is a class of vulnerabilities affecting web

applications that can result in security controls implemented in browsers
being circumvented. When a browser visits a page on a website, script
code originating in the website domain can access and manipulate the
DOM (document object model), a representation of the page and its
properties in the browser. Script code from another website can not. This
is known as the "same origin policy", a critical control in the browser
security model. Cross-site scripting vulnerabilities occur when a lack of
input validation permits users to inject script code into the target
website such that it runs in the browser of another user who is visiting
the same website. This would circumvent the browser same-origin policy
because the browser has no way to distinguish authentic script code
from inauthentic, apart from its origin.
 IMPACT

• The precise impact depends greatly on the application.

• XSS is generally a threat to web applications which have
authenticated users or are otherwise security sensitive.
• Malicious code may be able to manipulate the content of the
site, changing its appearance and/or function for another user.
• This includes modifying the behavior of the web application
(such as redirecting forms, etc).
• The code may also be able to perform actions within the
application without user knowledge.
• Script code can also obtain and retransmit cookie values if they
haven't been set HttpOnly.
 REMEDIATION

• The developer must identify how the

untrustworthy data is being output to the
client without adequate filtering.
• There are various language/platform specific
techniques for filtering untrustworthy data.
• General rules for preventing XSS can be found
in the recommended OWASP XSS Prevention
Cheat Sheet (see references).
 REFERENCES

• Some additional links with relevant

information published by third-parties:

Cross-Site Scripting (Wikipedia)

• Cross-Site Scripting (OWASP)
• XSS Prevention Cheat Sheet
• Cross-Site Scripting (WASC)
POC
request
 .
response
 Cross Site Scripting (2)
• Resource: /blog/new-leadership-new-
vision-a-new-day-for-ambassador

• Parameter: hs_amp
POC
request
 .
response
 Cross Site Scripting (3)
• Resource : /blog/the-executives-no-
nonsense- guide-to-referral-marketing-1

• Parameter : hs_amp
POC
request
 .
response
 Cross Site Scripting (4)
• Resource : /hs-fs/

• Parameter : width, height And name

POC
request
 .
response
 Cross Site Scripting (5)
• Resource : /hs-search-results

• Parameter : type and term

POC
request
 .
response
 Cross Site Scripting (6)
• Resource : /request-a-demo

• Parameter: ref
POC
request
 .
response
.
 Shell Injection
• Classification : Information

• Resource : /@marketplace/nosuchpage123

• Parameter: jschl_answer

• Method : POST

• Risk : High
 REQUEST
• POST /@marketplace/nosuchpage123 [md=7pmMnfTCM4rTu7QKAxtBbX3JPeCAR1l5AtVoT.Qtsts-1652605806-0-
AZYcstztD2CEwyAbWn1CpvLCgsmB_NDEqE0y4_Pd89FXbSj94KnYUogSekr4VP_x8cly1IOLnI8kfRy4kgL3zqX2M4kgl6q_frA6by06qc9a02ZePA9gpI
dVjeZP1aUFbNUJH6tcjiMgBDd4dKsbvkvfLt8BGaxf9KqQROHUr1bB_jfmZGpzTo4I-lZpINb6E32LsTQwOCPb0gPOlu-6xjlp1-
v3_pnX6X8fxUUBWuNzEbxp4G7RNn5jegiRi-
geHqSApbfsCwlwtT6U7PxY8BBDgm3PMmYVZ2Q6lV2cXjSHJCabNen6xvkendMNihaKbGJwp49y0bPS4bklf0mwM8ur4Es7_t8wn1GdF0Y7xQqCYL
phi_vAtYrDenlC6Nbw0Y8lShUD-s6okRlbN3M_97kq6bnxeV0O32Uu-Rt-
WJa8OjUxrRaqq2riaBcmSaUHOm0uTsD0Hq7lf8B8xqLPVRCAfM0DZODoS_wnRQVCbmQeVbrKGJaTCk--
MU_ejQ5Qkw36dgA6ZPjeL35Wfsfiz_stpUK5LkwiHyWt8KIjCCZZIpWfYFmZQBzxTL-MtyMAlXQJ5gTsj98Jl6rOSFEowwHn5wG9RLHw4cNb1y0Ru-
osTT3qsyNYc4z0aTjlUkFfjDUj70IH4wopgGswODcbOa_vidBph5PQRhXqkbndAlwW r=pFymDSZqJ2_lFSgFc0wKRg4eD7HzN.eqjjZOLwc4UuY-
1652605806-0-Act2bN2pxEqJ/C/qcwpu5vh7YG3MhASXf3wV9Kqbf8jVZsa/
tzCWPgVRLq1w5RIJJGdPz36j72l+aHNRNGeS60upHOiDXK7W4WssKKxbCyGYwncgh1InTm4/
CYHqgQutA8F3SNA8N2N6AboWK7IA7cHIFhdvrdwHO8KP2JXJogKAYxdUsRa2wQXHFYWTNrlMJzqbAQry+ByUympiVe8/
Dfupe6qaRTaKOU8Sr7DSe0Mrw22L5w85wZ6dsB/Tmaxu1rT/DNsleJRmqbjXzNTA31w47BmCYfGgYG0fJfjJHcqtdudr5rJm570wPOy6IhG/
5sZWG7cOB6ZEwjv7Uv+7h2+xOqkZoL9Vr+fSgWIQRUMaB5xQJ2YZhiSKykISivk4CKpu7D/B2Snx18FsFpaA4URrS23tW7N9ouCdimFgU/
YnmebcdtjCYRO6yvZxwq9z0L19J7n+DD+DxhXDizbJ5OMJpQWh7+NFCRLKkKh/FAzL70c1FVuevzugm/
kr3cXwDP2KruB3n+p9gElurdXOsSnFVGXwuN896iKPXepyq4eVO26+
+2Un9RgfACJKJcPhehs9RtqmS8YZhs0JKkLVg7xnMH6CvNsZUBQRw03hBIAFDuInPEqAFaq9eGscl2uET95wCzp6fbm+mKWdFUeDpYTGivromfXYug
yJb/SfGfPszuYUN2YzTCRrvW8L75lo2qfN9mk7snsogo/CUH0RiZWJt3V2xwuP2+P6v7TF8vJy6Ya1pvjM8nDOcbZIdT+
+ZfU7x2qkko9AorCHeRygrfedsR80jeOZBNi0lvwfU2oWL+yYtkYKw91u/AN/e95uB3+YYFduqV/VCAZqoWssNCkuXB6x/
qQzJbNbHmbzLZcxXjOel61fBGql3pGGvMxmv3Tq6Dz+FOsWjhokrCqNwWG94Du0IHbehjdDLHntgX6QCMX19Zynd3+Ivcgzszx9Q3DS/K3vSolN/
WWtGKZwAqLDaH0oC/ss/bKPfErYU1+T0S1PD/JoGQIt2DdT8WrSiZgArcbYzkL/DYliLGzwAJ36io7XvCYtDhiRHgzloZ8CQ4l//
XNTGVePCoPFVoTeOE31F6S9rbVU2FdRNWFyHbQQev0HyQpTTy8YjAI7ubV8hyyGvzBVfJqj+eYvupyOqU27RgHolESSOeOw5OlhyI1PUdkjkSGohX
++JclEr1ZlIu5p8a/
IfsZdXv3ywCNyfyTOcdsvDKycmGQVxHJGpGywhU9+DTIHZpu6NJL+vdmxRijRhIzGCJf06hlgFqqUinbFOBc9q5IuWkyceL2ZCikmwG18FI/
zuxvR9YgTKwZigM3xI9haFLTJCWvUksgFcq3yRzIF1XoRoNvSqFgaXSXlKNOLJ2p954RtP3WTgP1uMMin3NF+AuwX71Da0jMEDA==
jschl_vc=c696c0c05130c3ecafa7ef3aa61ccf97 pass=1652605807.988-iUXWGJRjLk jschl_answer=1'true' ]
 DISCUSSION

• Command injection vulnerabilities often occur when

inadequately sanitized externally supplied data is as part
of a system command executed through a command
interpreter, or shell. Vulnerabilities such as these can be
exploited by using shell metacharacters to run additional
commands that were not intended to be executed by
the application developer. The system() function, and
derivatives, are often responsible, as these functions are
very simple to use. These vulnerabilities can grant
remote access to attackers, if exploited successfully
 IMPACT

• Vega has detected a possible command

injection vulnerability.
• Attackers may be able to run commands on
the server.
• Exploitation may lead to unauthorized remote
access.
 REMEDIATION

• Developers should examine the code

corresponding to the page in detail to
determine if the vulnerability exists.
• Execution of system commands through a
command interpreter, such as with system(),
should be avoided.
• If absolutely necessary, the developer should
take extra care with validating the input before
it is passed to the interpreter.
 REFERENCES

• Some additional links with relevant

information published by third-parties:

Command Injection (OWASP)

• Reviewing Code for OS Injection (OWASP)
• Shell Injection (Wikipedia)
POC
request
 .
response
 SQL Injection
• Resource :
https://www.getambassador.com/@marketplace/kalungicom/
atlas-theme/templates/partials/nosuchpage123

• Parameter : md

• Method : POST

• Detection Type : Blind Arithmetic Evaluation Differential

• Risk : High
 REQUEST

• POST /@marketplace/kalungicom/atlas-theme/templates/partials/nosuchpage123 [md=NoaRJxzS56P5srv87Ht4RhHmlSzpa271hlrxQFuYQ5g-

1652605807-0-Af2R-otrQ7zFCamgZ0BUHmwpaN5_-k8wv3JOQDMQveFXqlf_-
Wl1uZlzSVWxYFrqfyMFb_BRgDMs5fsDSzifXrt3XdoTfxJm70ExQpaSKIGzo6_GuNNFNbbSwFDzKWxFs-aWEVrYj4w5aTXVK-
Qv9jfoUDwZRGhz05AUbBwKaQaGzK5upy__JOKW9toeGJGgXdbTxhRKd8VFmN6x39oOwSrEO1z7hF2T-TkJ2ubartjGyBjoT9Nm8FPpd-
3Vc3mO1T5_ih-ubrADKMyr4-rpYE0H1NPiXaXCXVQCGaod5FXKMY-
NbiDQXRIB48eYrtGHhurDPdkxLBHEjmhPfQSTdh6XL3T314zNR3JNS1FMCksB7iQGMbsqaMjoE1c3RjJ_7DWk5hBLCZICfkQfkHtLbYxkVzt6xY_SPQ5
bn0JVjzbCDO1f9FwsLSg_ef2mVnEe6TN8c7sT4WMOB9PQgjHlSRpkJLo4H2czGFlQSlYxjY3PruIG_VWBHlXKBEdfmq50_1q8GsG_HmxUBz3EN2FIpK
h3Wnkr8dRWY-I-xn0dJJ2FgmK-2U2kav67rZzeB5Aq2jj4c8bLz5mQwGBdjbgnli9d49g6Wan6zcM6PyyYY76HzpHZrMYk-gtS-OpBKkqk8VfMg-
wcp2XNOHhafyf4QBmTcgN9eTZrLByjpVjLosuQmOUoGlHVwc2dEYxOWd5Mo-Q_jPXwPr9Qf6Re0jUYkG-Sw2_Ee1ca1L-W9Tdl_GS3JIj-5Ti-
4VzNkgUP5yk6hdCI79WNtqqTxlCKEF4k1pX9nY2D_5VSmCGZdZkj6JOM-0 r=EfJLr0T6XejW..KLEnZAmZyPTNIsUNuvXLa9kFrOEwo-1652605807-0-
AW1gzvhhgAP1ClClnepUpP1Q1MhIy+1PI+LOigjnUb0uF43nHeR5dKBCvYVFudhhsWg+My8nxKOvEqC32uurokmIdKya72gpwN80ckA5X9jw2D7dE
yI61TVjyIDEGIM9CLZ6bvIz4iNAhoEh5RBg22eXLP44pNAlIXiPJhDJISJ9Ipx7R9kySxuNn2nabVw3X3hS2run4x7QCuJoAZE2GXiGmKuKWpXFrqWwnv
r7+VRIn+LvVZFS1RD+UHtPAzzYug9/FagqmyEJjE8+IrJNS+BdPbrwhS6NCMik6rW9NBywTEJdLlGuSpJrHVoUC/
8LTWb7vwdtgQvqUxUj6ebBy6Kc8Uk6U00FG987lwk0fggiA5+MX2nXSfs9CLe/
EavWv11m7zwltzzxb+lIPEwE5XvsjAuStqeW9KXIsVME3Mgx0ExeRH9aiDZ0h3hkIeIEpcwDby13jRXi6kylrN8jlHoB8jnKDhtMcgs19H+pWzg3cqFP/
BxYxMc8ZxVXy6fC/
ur1eznFXKO6XDCrA2YnCQmVeK7lDfk3yVaY+EdniXfSoWG1HPH3Qzbf609KxDDP2b89KqyQDQHICx80dZfZbpzihEpZbD0oHLABrLP0VMSF9Ccpic6Y
QBi4r9efwmhvpqCEnn2Cx5xX4FvB8lO38foF11/GXzaNHEeyyCkhkAFvGs/Gn5kYiD+1CFEpuag+s8/DGyipJFcc7TKRCZN65JUT8fIx3FozEFFtVC/isl/
L3dD/ot/GMe24LxZsQLefl0kiXAcq3b2P/rwRLpQSOUCNgS5WK2rwx2eKwPmJH+Uf4PI0G0JT6GyJU3CAGTJrUTyhRzupPusHNy534ik5ns/
DCyFEgHay3QlGEjvMaL/rFSDEYwuwRNezVYeXkvoGjb3S7ARvjasYV38c+g7/UWS2PWUUdZs/ZBbydIUzZvFq2qThjfBL/
gight7b8Y6jgc7YbMjCpfWwTSGFeuAFgEBkrSYwQDnB56txwGwl9aTK4JmNBfr6nOFlOEADFUSW1cTYS91+cCP0NJ2Si+zwShVa/
yOHjHnbFjDMMbB+JD51GiHV6dqINAzVg6HkPCNbcEXS6kes5lhcPTtAMEIuGKN2DOfMC4r96nB33jehONIyF1Kv+4lu9HPp+pM0a/
QnLZsSadOqV9zPk6BU9bftLUHEl1fG3lx/
HVfwc7GwU5vsISDt6fZ1/65WVaqtVGdkWcEuLKEpkebHNoz1oRyhqpk9yKzYtFeWi4pJaRe2cI8j5dVtCyD3oWJtUZD5+CqWip/
CE5hVfLA0xEuEM84DmmwBD6sXdF6DOAVYJriAG9WYV4acE5lQvMM9y3Cf9Ic/lQ/
KVXuClHsiMKbq19sRvhHfYHNP6P4QYKHXLiFEJBIVPmC2SgdN1Pr9+4ScTjM0XQ== jschl_vc=b5bc582bbfac4beed5b7fbd4772cfd65
pass=1652605808.072-h+a/TIRNsp jschl_answer=1 ]
 RESOURCE CONTENT

• .

Request Forbidden
 DISCUSSION

• Vega has detected a possible SQL injection

vulnerability. These vulnerabilities are present when
externally-supplied input is used to construct a SQL
query. If precautions are not taken, the externally-
supplied input (usually a GET or POST parameter)
can modify the query string such that it performs
unintented actions. These actions include gaining
unauthorized read or write access to the data
stored in the database, as well as modifying the
logic of the application.
 IMPACT

• Vega has detected a possible SQL injection

vulnerability.
• These vulnerabilities can be exploited by remote
attackers to gain unauthorized read or write access
to the underlying database.
• Exploitation of SQL injection vulnerabilities can also
allow for attacks against the logic of the application.
• Attackers may be able to obtain unauthorized access
to the server hosting the database.
 REMEDIATION

• The developer should review the request and response against the code
to manually verify whether or not a vulnerability is present.
• The best defense against SQL injection vulnerabilities is to use
parameterized statements.
• Sanitizing input can prevent these vulnerabilities. Variables of string types
should be filtered for escape characters, and numeric types should be
checked to ensure that they are valid.
• Use of stored procedures can simplify complex queries and allow for
tighter access control settings.
• Configuring database access controls can limit the impact of exploited
vulnerabilities. This is a mitigating strategy that can be employed in
environments where the code is not modifiable.
• Object-relational mapping eliminates the need for SQL.
 REFERENCES

• Some additional links with relevant information

published by third-parties:

SQL Injection (Wikipedia)

• mysql_real_escape_string() (PHP Manual)
• SQL Injection (Rails security guide)
• How To: Protect from SQL Injection in ASP.NET (M
SDN)
• Dynamic SQL and SQL Injection (Raul Garcia's blo
g)
• SQL Injection Prevention Cheat Sheet (OWASP)
POC
request
 .
response
fast step
.
.
 Have a nice day! Waiting for your positive reply

• Have a nice day! Waiting for your positive reply.

• Thanks and Regards,

• lemon_in_the_spoon