Privacy Violation: Autocomplete - http://zero.webappsecurity.com:80/adcenter.cgi
Created by: armorcodegithubpreprod[bot]
Category: Privacy Violation: Autocomplete
Instance Id: 50d978fa-ff66-4ce9-b399-6f8e3fb9f398
Vulnerability Id: de0227ad-14ae-4363-9dc5-68a544c54cfb
Scan Type: Dynamic
severity: -1
CheckType: Best Practices
Abstract: Most recent browsers have features that will save form field content entered by users and then automatically complete form entry the next time the fields are encountered. This feature is enabled by default and could leak sensitive information since it is stored on the hard drive of the user. The risk of this issue is greatly increased if users are accessing the application from a shared environment. Recommendations include setting autocomplete to "off" on all your forms.
Request: GET /adcenter.cgi HTTP/1.1
Referer: http://zero.webappsecurity.com:80/pindex.asp
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Accept: /
Pragma: no-cache
Host: zero.webappsecurity.com
X-Scan-Memo: Category="Crawl"; Function="CreateStateRequest"; SID="8B91FAA33009378BA04E34B6FD189311"; PSID="DDAF520E2E30901117999914F5CB2876"; SessionType="Crawl"; CrawlType="HTML"; AttackType="None"; OriginatingEngineID="00000000-0000-0000-0000-000000000000"; ThreadId="51"; ThreadType="CrawlBreadthFirstDBReader";
Connection: Keep-Alive
Cookie: CustomCookie=WebInspect69383ZXB3FCEA2CCD6849B0A63D3EFF65615601Y3637;status=yes;username=;userid=;sessionid=;ASPSESSIONIDCARBTACT=BFDJMBECKAHAMJENBDMOPBPC;state=;passes3=;passes=;passes2=
Response:
HTTP/1.1 200 OK
Content-Length: 3118
Content-Type: application/octet-stream
Last-Modified: Sun, 15 Jul 2001 22:38:20 GMT
Accept-Ranges: bytes
ETag: "016f4d87edc11:277c"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Fri, 13 May 2011 19:45:00 GMT
<HTML>
<HEAD>
<TITLE>AdCenter Login Page</TITLE>
</HEAD>
<BODY BGCOLOR="#FFFFFF" LINK="#0000FF" VLINK="#0000FF">
<CENTER>
<TABLE CELLPADDING=0 CELLSPACING=0 WIDTH=625 BORDER=0 BGCOLOR="#33CC99">
<TR>
<TD>
<IMG SRC="http://www.heardinthehive.com/adimages/account_header.gif" WIDTH="625" HEIGHT="45" BORDER=0>
</TD>
</TR>
</TABLE>
<TABLE CELLPADDING=4 CELLSPACING=0 WIDTH=625 BORDER=0 BGCOLOR="#33CC99">
<TR>
<TD>
<CENTER>
<iframe src="http://pluto.adcycle.com/go/adcycle.cgi?group=1&media=1&id=681&delivery=iframe" height=60 width=468 border=0 marginheight=0 scrolling=no marginwidth=0 frameborder=no>
<a href="http://pluto.adcycle.com/go/adclick.cgi?manager=adcycle.com&id=681" target="_top"><img src="http://pluto.adcycle.com/go/adcycle.cgi?group=1&media=1&id=681" width=468 height=60 border=1 ALT="Click to Visit"></a>
</iframe><BR>
</CENTER>
</TD>
</TR>
</TABLE>
<TABLE CELLPADDING=0 CELLSPACING=0 WIDTH=625 BORDER=0>
<TR>
<TD BGCOLOR="#33CC99" VALIGN="TOP">
<IMG SRC="http://www.heardinthehive.com/adimages/clear.gif" WIDTH=20 HEIGHT=55><BR>
</TD>
<TD>
<IMG SRC="http://www.heardinthehive.com/adimages/top_blend.gif" WIDTH=585 HEIGHT=15><BR>
<TABLE CELLPADDING=20 CELLSPACING=0 width="100%" BORDER=0>
<TR>
<TD BGCOLOR="#FFFFFF">
<BR>
<FORM NAME="form1" ACTION="http://www.heardinthehive.com/cgi-bin/adcycle/adcenter.cgi" METHOD="GET">
<TABLE CELLPADDING=3 CELLSPACING=0 BORDER=0 BGCOLOR="000000">
<TR>
<TD ALIGN=LEFT WIDTH=95%>
<FONT FACE="VERDANA,ARIAL" SIZE=2 COLOR="WHITE"><STRONG> Account Login</STRONG></FONT>
</TD>
</TR>
<TR>
<TD BGCOLOR="FFFFFF">
<FONT FACE="VERDANA,ARIAL" SIZE=2>
User Name: <FONT FACE="VERDANA,ARIAL" SIZE=3><INPUT TYPE="TEXT" NAME="account" VALUE="" SIZE=14></FONT><BR>
<IMG SRC="http://www.heardinthehive.com/adimages/clear.gif" WIDTH=1 HEIGHT=4><BR>
<FONT FACE="VERDANA,ARIAL" SIZE=2>
Password: <FONT FACE="VERDANA,ARIAL" SIZE=3><INPUT TYPE="PASSWORD" NAME="pwd" VALUE="" SIZE=12></FONT><BR>
<FONT SIZE=2 FACE="VERDANA,ARIAL"><b>
<BR>
<INPUT TYPE="SUBMIT" NAME="change" VALUE="Login">
</TD>
</TR>
</TABLE>
<INPUT TYPE="HIDDEN" NAME="cache" VALUE="681">
</FORM>
<SCRIPT LANGUAGE="JavaScript">
<!--
var MC=document.cookie;
var temp;
if(MC){
var start=MC.indexOf("!!");
var end=MC.indexOf("!!",start+2);
temp=MC.substring(start+2,end);
if(temp.length > 1 && temp.length < 20){
document.form1.account.value=temp;
}
}
// -->
</SCRIPT>
<BR>
</TD>
</TR>
</TABLE>
<IMG SRC="http://www.heardinthehive.com/adimages/bottom_blend.gif" WIDTH=585 HEIGHT=15><BR>
</TD>
<TD BGCOLOR="#33CC99"><IMG SRC="http://www.heardinthehive.com/adimages/clear.gif" WIDTH=20 HEIGHT=1><BR></TD>
</TR>
</TABLE>
<IMG SRC="http://www.heardinthehive.com/adimages/account_footer.gif" WIDTH=625 HEIGHT=25><BR>
<TABLE CELLPADDING=0 CELLSPACING=0 WIDTH=625 BORDER=0>
<TR>
<TD align=right>
<font face=arial size=1>powered by <a href="http://www.adcycle.com">adcycle.com</a> v0.77b <IMG SRC="http://www.heardinthehive.com/adimages/clear.gif" WIDTH=20 HEIGHT=1><BR>
</TD>
</TR>
</TABLE>
</BODY>
</HTML>
File Path: //zero.webappsecurity.com:0
Finding Id : 7244726