Project Detail

Description

Hello. My site has failed a recent security test from Security Metrics. I am copying an email sent to me describing how to fix the issue to achieve a passing report. I will also attach a copy of the report. I need the site fixed so that the site gets a passing grade.

Please take a look.

-------------------------------------------------------------------------------
Possible cross site scripting on

https://combinedenergyservices.com/achpa y_check.php

<https://combinedenergyservices.com/achpay_check.php> Use the following

commands to verify this: wp --inject

"https://combinedenergyservices.com/achp

ay_check.php?routing_number=%22%3E%3Cscrip

t%3Ealert%28123%29%3C%2Fscript%3E&city="

<https://combinedenergyservices.com/achpay_check.php?routing_number=%22%3E%3Cscript%3Ealert%28123%29%3C%2Fscript%3E&city=%22>

POST curl -L -k -d "routing_number=%22%3E%3Cscript%3Ealert%2

8123%29%3C%2Fscript%3E&city=" "https://combinedenergyservices.com/achp

ay_check.php"|

<https://combinedenergyservices.com/achpay_check.php%22%7C> grep "123"

This website may have other injection related vulnerabilities.





Typically, with cross site scripting, you will want to make sure that

the page source being returned by the web server is properly validated

and that we are not seeing any injected scripts returning unsanitized in

the page source. You will need to make sure that all user input is

properly validated.



http://msdn.microsoft.com/en-us/library/ms533047.aspx

http://www.ibm.com/developerworks/tivoli/library/s-csscript/

----------------------------------------------------------------------------

the site is located at:

combinedenergyservices.com

Please Help.


Additional files submitted:
GAF.pdf