Follow us on Twitter.

@Amenefus @IsraeliElite

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

Scan of http://www.paltelgroup.ps/
Scan details
Scan information Starttime Finish time Scan time Profile Server information Responsive Server banner Server OS Server technologies Threat level Threat Level 3 One or more high-severity type vulnerabilities have been discovered by the scanner. A malicious user can exploit these vulnerabilities and compromise the backend database and/or deface your website.

12-Apr-13 4:29:56 PM 13-Apr-13 10:07:04 AM 17 hours, 37 minutes Default

True Apache Unknown

Alerts distribution Total alerts found High Medium Low Informational 257 184 35 27 11

Knowledge base
List of file extensions File extensions can provide information on what technologies are being used on this website. List of file extensions detected: - php => 18 file(s) - DS_Store => 13 file(s) - css => 21 file(s) - js => 19 file(s) - cvsignore => 1 file(s) - html => 1 file(s) - asp => 1 file(s) - txt => 1 file(s)

Top 10 response times

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

The files listed bellow had the slowest response times measured during the crawling process. The average response time for this site was 297.43 ms. These files could be targetted in denial of service attacks. 1. /js/jquery-ui.js, response time 983 ms GET /js/jquery-ui.js HTTP/1.1 Pragma: no-cache Referer: http://www.paltelgroup.ps/ 2

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

Acunetix-Aspect: enabled Acunetix-Aspect-Password: 082119f75623eb7abd7bf357698ff66c Acunetix-Aspect-Queries: filelist;aspectalerts Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* 2. /CaptchaSecurityImages.php, response time 531 ms GET /CaptchaSecurityImages.php HTTP/1.1 Pragma: no-cache Referer: http://www.paltelgroup.ps/index.php Acunetix-Aspect: enabled Acunetix-Aspect-Password: 082119f75623eb7abd7bf357698ff66c Acunetix-Aspect-Queries: filelist;aspectalerts Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */*

List of client scripts These files contain Javascript code referenced from the website. - /js/jq.js - /js/jquery.hoverIntent.minified.js - /js/jqc.js - /js/jqEasing.js - /js/exCanvas.js - /js/jquery.fancybox.pack.js - /js/jq.selectBox.js - /js/expCanvas.js - /js/warning.js - /js/jquery-ui.js - /js/jquery.dcmegamenu.1.3.3_ar.js - /js/home_ar.js - /js/menuInner_ar.js - /js/all.js - /js/home.js - /js/jquery.dcmegamenu.1.3.3.js - /js/menuInner.js - /js/datetimepicker_css.js - /support/menu/js.js

List of files with inputs

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

These files have at least one input (GET or POST). - / - 7 inputs - /index.php - 28 inputs - /ajax/cal.php - 1 inputs - /ajax/getReports.php - 1 inputs - /ajax/getTheNews.php - 1 inputs - /ajax/getMoreNews.php - 1 inputs - /ajax/contact.php - 1 inputs - /ajax/getStaff.php - 1 inputs - /CaptchaSecurityImages.php - 1 inputs - /application_corporate_action.php - 1 inputs - /support/index.php - 1 inputs - /support/CaptchaSecurityImages.php - 1 inputs - /support/FCKeditor/editor/filemanager/connectors/php/connector.php - 1 inputs

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

- /support/FCKeditor/editor/filemanager/connectors/test.html - 1 inputs - /support/FCKeditor/editor/filemanager/connectors/asp/connector.asp - 1 inputs

List of external hosts These hosts were linked from this website but they were not scanned because they are not listed in the list of hosts allowed.(Settings->Scanners settings->Scanner->List of hosts allowed). - www.zoom.ps - www.reach.ps - www.paltel.ps - www.jawwal.ps - www.hulul.com - www.hadara.ps - www.palmedia.ps - www.pgfoundation.ps - paltelgroup.ps - twitter.com - www.facebook.com - www.youtube.com - s7.addthis.com - ecareer.jawwal.ps - paltel.ps

List of email addresses List of all email addresses found on this host. - brian@cherne.net - info@zoom.ps - license@php.net

Alerts summary

Affects /ajax/getMoreNews.php /support/index.php

Variations 160 1

Affects /info.php

Variations 1

Affects /ajax/getMoreNews.php

Variations 22

Affects /ajax/getMoreNews.php

Variations 22

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

Variations Affects /support/FCKeditor/editor/filemanager/connectors/php/connector.php?Command=FileUpload&Type=File&Curr 1 entFolder=/

Affects / / (975a4a1b7430a0d8d05b765506281cce) /index.php (49d67861bd12777a7a2650a300089e02) /index.php (9fc54a9bc9d01b713855ba23fe521a28) /index.php (a43aa64b6c7f5b32aff137a508ade340) /support /support/FCKeditor/editor/filemanager/connectors/test.html

Variations 1 1 1 1 1 1 1

Affects /info.php

Variations 1

Affects /info.php

Variations 2

Affects /support/FCKeditor/editor/filemanager/connectors/asp/connector.asp

Variations 1

Affects /support

Variations 1

Affects /application_corporate_action.php /support/FCKeditor/editor/filemanager/connectors/test.html

Variations 1 1

Affects /support/index.php

Variations 1

Affects /images/staff /support/FCKeditor /support/FCKeditor/editor/_source /support/FCKeditor/editor/filemanager /uploads

Variations 1 1 1 1 1

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

Affects /banners/.DS_Store /banners/images/.DS_Store /classes/.DS_Store /css/.DS_Store /downloads/.DS_Store /downloads/reports/.DS_Store /downloads/reports_thumb/.DS_Store /images/.DS_Store /images/images/.DS_Store /images/staff/.DS_Store /images/stories/.DS_Store /js/.DS_Store /support/.DS_Store /support/FCKeditor/.cvsignore /support/FCKeditor/editor/filemanager/connectors/test.html /support/menu/test.php

Variations 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1

Affects /

Variations 1

Affects /

Variations 1

Affects Web Server

Variations 1

Affects /a /ajax/images/staff

Variations 1 1

Affects /index.php /info.php /js/jquery.hoverIntent.minified.js

Variations 1 1 1

Affects /info.php

Variations 1

Affects /info.php

Variations 1

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

Affects /info.php

Variations 1

Affects /support

Variations 1

Affects /info.php

Variations 1

Affects /js/jq.js

Variations 1

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

Alert details
Cross Site Scripting (verified)
Severity High Type Validation Reported by module Scripting (XSS.script) Description This script is possibly vulnerable to Cross Site Scripting (XSS) attacks. Cross site scripting (also referred to as XSS) is a vulnerability that allows an attacker to send malicious code (usually in the form of Javascript) to another user. Because a browser cannot know if the script should be trusted or not, it will execute the script in the user context allowing the attacker to access any cookies or session tokens retained by the browser. Impact Malicious users may inject JavaScript, VBScript, ActiveX, HTML or Flash into a vulnerable application to fool a user in order to gather data from them. An attacker can steal the session cookie and take over the account, impersonating the user. It is also possible to modify the content of the page presented to the user. Recommendation Your script should filter metacharacters from user input. References OWASP PHP Top 5 Security Focus - Penetration Testing for Web Applications (Part Two) How To: Prevent Cross-Site Scripting in ASP.NET Allowing HTML and Preventing XSS Microsoft ASP.NET request filtering flaw ASP.NET Unicode Character Conversion XSS XSS cheat sheet XSS Annihilation Acunetix Cross Site Scripting Attack The Cross Site Scripting Faq OWASP Cross Site Scripting Cross site scripting Affected items /ajax/getMoreNews.php Details URL encoded POST input link was set to " onmouseover=prompt(965379) bad=" The input is reflected inside a tag parameter between double quotes. Request headers

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 90 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=20&Lang=ar&link=%22%20onmouseover%3dprompt%28965379%29%20bad%3d%22&perPage=20

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

/ajax/getMoreNews.php Details URL encoded POST input link was set to javascript:prompt(913649);undefined The input is reflected inside A tag href parameter, a FORM tag action parameter or (I)FRAME src parameter. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 83 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=20&Lang=ar&link=javascript%3aprompt%28913649%29%3bundefined&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to " onmouseover=prompt(926630) bad=" The input is reflected inside a tag parameter between double quotes. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 90 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=20&Lang=ar&link=%22%20onmouseover%3dprompt%28926630%29%20bad%3d%22&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to javascript:prompt(912406);undefined The input is reflected inside A tag href parameter, a FORM tag action parameter or (I)FRAME src parameter. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 83 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=20&Lang=ar&link=javascript%3aprompt%28912406%29%3bundefined&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to " onmouseover=prompt(954053) bad=" The input is reflected inside a tag parameter between double quotes. Request headers

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 90

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=20&Lang=ar&link=%22%20onmouseover%3dprompt%28954053%29%20bad%3d%22&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to javascript:prompt(916409);undefined The input is reflected inside A tag href parameter, a FORM tag action parameter or (I)FRAME src parameter. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 83 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=20&Lang=ar&link=javascript%3aprompt%28916409%29%3bundefined&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to " onmouseover=prompt(950581) bad=" The input is reflected inside a tag parameter between double quotes. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 90 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=20&Lang=ar&link=%22%20onmouseover%3dprompt%28950581%29%20bad%3d%22&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to javascript:prompt(980397);undefined The input is reflected inside A tag href parameter, a FORM tag action parameter or (I)FRAME src parameter. Request headers

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 83 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=20&Lang=ar&link=javascript%3aprompt%28980397%29%3bundefined&perPage=20 10

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

/ajax/getMoreNews.php Details URL encoded POST input link was set to " onmouseover=prompt(991664) bad=" The input is reflected inside a tag parameter between double quotes. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 90 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=20&Lang=ar&link=%22%20onmouseover%3dprompt%28991664%29%20bad%3d%22&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to javascript:prompt(932032);undefined The input is reflected inside A tag href parameter, a FORM tag action parameter or (I)FRAME src parameter. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 83 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=20&Lang=ar&link=javascript%3aprompt%28932032%29%3bundefined&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to " onmouseover=prompt(976396) bad=" The input is reflected inside a tag parameter between double quotes. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 90 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=20&Lang=ar&link=%22%20onmouseover%3dprompt%28976396%29%20bad%3d%22&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to javascript:prompt(975413);undefined The input is reflected inside A tag href parameter, a FORM tag action parameter or (I)FRAME src parameter. Request headers

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

POST /ajax/getMoreNews.php HTTP/1.1 11

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

Content-Length: 83 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=20&Lang=ar&link=javascript%3aprompt%28975413%29%3bundefined&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to " onmouseover=prompt(996033) bad=" The input is reflected inside a tag parameter between double quotes. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 90 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=20&Lang=ar&link=%22%20onmouseover%3dprompt%28996033%29%20bad%3d%22&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to javascript:prompt(915046);undefined The input is reflected inside A tag href parameter, a FORM tag action parameter or (I)FRAME src parameter. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 83 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=20&Lang=ar&link=javascript%3aprompt%28915046%29%3bundefined&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to " onmouseover=prompt(900112) bad=" The input is reflected inside a tag parameter between double quotes. Request headers

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 90 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=20&Lang=ar&link=%22%20onmouseover%3dprompt%28900112%29%20bad%3d%22&perPage 12

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to javascript:prompt(987174);undefined The input is reflected inside A tag href parameter, a FORM tag action parameter or (I)FRAME src parameter. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 83 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=20&Lang=ar&link=javascript%3aprompt%28987174%29%3bundefined&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to " onmouseover=prompt(929909) bad=" The input is reflected inside a tag parameter between double quotes. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 90 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=20&Lang=ar&link=%22%20onmouseover%3dprompt%28929909%29%20bad%3d%22&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to javascript:prompt(941992);undefined The input is reflected inside A tag href parameter, a FORM tag action parameter or (I)FRAME src parameter. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 83 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=20&Lang=ar&link=javascript%3aprompt%28941992%29%3bundefined&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to " onmouseover=prompt(946777) bad=" The input is reflected inside a tag parameter between double quotes.

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

Request headers POST /ajax/getMoreNews.php HTTP/1.1 13

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

Content-Length: 90 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=20&Lang=ar&link=%22%20onmouseover%3dprompt%28946777%29%20bad%3d%22&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to javascript:prompt(921838);undefined The input is reflected inside A tag href parameter, a FORM tag action parameter or (I)FRAME src parameter. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 83 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=20&Lang=ar&link=javascript%3aprompt%28921838%29%3bundefined&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to " onmouseover=prompt(928458) bad=" The input is reflected inside a tag parameter between double quotes. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 90 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=20&Lang=ar&link=%22%20onmouseover%3dprompt%28928458%29%20bad%3d%22&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to javascript:prompt(991033);undefined The input is reflected inside A tag href parameter, a FORM tag action parameter or (I)FRAME src parameter. Request headers

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 83 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* @Amenefus 14

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

catId=2&from=20&Lang=ar&link=javascript%3aprompt%28991033%29%3bundefined&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to " onmouseover=prompt(999007) bad=" The input is reflected inside a tag parameter between double quotes. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 90 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=20&Lang=ar&link=%22%20onmouseover%3dprompt%28999007%29%20bad%3d%22&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to javascript:prompt(959770);undefined The input is reflected inside A tag href parameter, a FORM tag action parameter or (I)FRAME src parameter. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 83 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=20&Lang=ar&link=javascript%3aprompt%28959770%29%3bundefined&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to " onmouseover=prompt(924012) bad=" The input is reflected inside a tag parameter between double quotes. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 90 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=20&Lang=ar&link=%22%20onmouseover%3dprompt%28924012%29%20bad%3d%22&perPage=20 /ajax/getMoreNews.php Details

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

URL encoded POST input link was set to javascript:prompt(994852);undefined The input is reflected inside A tag href parameter, a FORM tag action parameter or (I)FRAME src parameter. Request headers @Amenefus 15

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 83 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=20&Lang=ar&link=javascript%3aprompt%28994852%29%3bundefined&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to " onmouseover=prompt(933398) bad=" The input is reflected inside a tag parameter between double quotes. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 90 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=20&Lang=ar&link=%22%20onmouseover%3dprompt%28933398%29%20bad%3d%22&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to javascript:prompt(982492);undefined The input is reflected inside A tag href parameter, a FORM tag action parameter or (I)FRAME src parameter. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 83 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=20&Lang=ar&link=javascript%3aprompt%28982492%29%3bundefined&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to " onmouseover=prompt(965494) bad=" The input is reflected inside a tag parameter between double quotes. Request headers

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 90 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* @Amenefus 16

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

catId=2&from=20&Lang=ar&link=%22%20onmouseover%3dprompt%28965494%29%20bad%3d%22&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to javascript:prompt(997489);undefined The input is reflected inside A tag href parameter, a FORM tag action parameter or (I)FRAME src parameter. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 83 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=20&Lang=ar&link=javascript%3aprompt%28997489%29%3bundefined&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to " onmouseover=prompt(941010) bad=" The input is reflected inside a tag parameter between double quotes. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 90 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=20&Lang=ar&link=%22%20onmouseover%3dprompt%28941010%29%20bad%3d%22&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to javascript:prompt(964867);undefined The input is reflected inside A tag href parameter, a FORM tag action parameter or (I)FRAME src parameter. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 83 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=20&Lang=ar&link=javascript%3aprompt%28964867%29%3bundefined&perPage=20 /ajax/getMoreNews.php Details

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

URL encoded POST input link was set to " onmouseover=prompt(944124) bad=" The input is reflected inside a tag parameter between double quotes. Request headers @Amenefus 17

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 90 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=20&Lang=ar&link=%22%20onmouseover%3dprompt%28944124%29%20bad%3d%22&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to javascript:prompt(929716);undefined The input is reflected inside A tag href parameter, a FORM tag action parameter or (I)FRAME src parameter. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 83 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=20&Lang=ar&link=javascript%3aprompt%28929716%29%3bundefined&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to " onmouseover=prompt(934269) bad=" The input is reflected inside a tag parameter between double quotes. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 90 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=20&Lang=ar&link=%22%20onmouseover%3dprompt%28934269%29%20bad%3d%22&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to javascript:prompt(914949);undefined The input is reflected inside A tag href parameter, a FORM tag action parameter or (I)FRAME src parameter. Request headers

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 83 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* @Amenefus 18

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

catId=2&from=20&Lang=ar&link=javascript%3aprompt%28914949%29%3bundefined&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to " onmouseover=prompt(954251) bad=" The input is reflected inside a tag parameter between double quotes. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 90 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=20&Lang=ar&link=%22%20onmouseover%3dprompt%28954251%29%20bad%3d%22&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to javascript:prompt(969712);undefined The input is reflected inside A tag href parameter, a FORM tag action parameter or (I)FRAME src parameter. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 83 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=20&Lang=ar&link=javascript%3aprompt%28969712%29%3bundefined&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to " onmouseover=prompt(907786) bad=" The input is reflected inside a tag parameter between double quotes. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 90 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=20&Lang=ar&link=%22%20onmouseover%3dprompt%28907786%29%20bad%3d%22&perPage=20 /ajax/getMoreNews.php Details

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

URL encoded POST input link was set to javascript:prompt(905717);undefined The input is reflected inside A tag href parameter, a FORM tag action parameter or (I)FRAME src parameter. @Amenefus 19

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 83 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=20&Lang=ar&link=javascript%3aprompt%28905717%29%3bundefined&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to " onmouseover=prompt(993373) bad=" The input is reflected inside a tag parameter between double quotes. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 90 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=20&Lang=ar&link=%22%20onmouseover%3dprompt%28993373%29%20bad%3d%22&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to javascript:prompt(929962);undefined The input is reflected inside A tag href parameter, a FORM tag action parameter or (I)FRAME src parameter. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 83 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=20&Lang=ar&link=javascript%3aprompt%28929962%29%3bundefined&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to " onmouseover=prompt(920283) bad=" The input is reflected inside a tag parameter between double quotes. Request headers

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 90 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) @Amenefus 20

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

Accept: */* catId=2&from=20&Lang=ar&link=%22%20onmouseover%3dprompt%28920283%29%20bad%3d%22&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to javascript:prompt(926474);undefined The input is reflected inside A tag href parameter, a FORM tag action parameter or (I)FRAME src parameter. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 83 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=20&Lang=ar&link=javascript%3aprompt%28926474%29%3bundefined&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to " onmouseover=prompt(937269) bad=" The input is reflected inside a tag parameter between double quotes. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 90 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=20&Lang=ar&link=%22%20onmouseover%3dprompt%28937269%29%20bad%3d%22&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to javascript:prompt(935788);undefined The input is reflected inside A tag href parameter, a FORM tag action parameter or (I)FRAME src parameter. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 83 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=20&Lang=ar&link=javascript%3aprompt%28935788%29%3bundefined&perPage=20

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

@Amenefus

21

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

/ajax/getMoreNews.php Details URL encoded POST input link was set to " onmouseover=prompt(941380) bad=" The input is reflected inside a tag parameter between double quotes. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 90 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=20&Lang=ar&link=%22%20onmouseover%3dprompt%28941380%29%20bad%3d%22&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to javascript:prompt(952722);undefined The input is reflected inside A tag href parameter, a FORM tag action parameter or (I)FRAME src parameter. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 83 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=20&Lang=ar&link=javascript%3aprompt%28952722%29%3bundefined&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to " onmouseover=prompt(962616) bad=" The input is reflected inside a tag parameter between double quotes. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 90 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=20&Lang=ar&link=%22%20onmouseover%3dprompt%28962616%29%20bad%3d%22&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to javascript:prompt(989104);undefined The input is reflected inside A tag href parameter, a FORM tag action parameter or (I)FRAME src parameter. Request headers

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

POST /ajax/getMoreNews.php HTTP/1.1 @Amenefus 22

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

Content-Length: 83 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=20&Lang=ar&link=javascript%3aprompt%28989104%29%3bundefined&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to " onmouseover=prompt(996249) bad=" The input is reflected inside a tag parameter between double quotes. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 90 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=20&Lang=ar&link=%22%20onmouseover%3dprompt%28996249%29%20bad%3d%22&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to javascript:prompt(950012);undefined The input is reflected inside A tag href parameter, a FORM tag action parameter or (I)FRAME src parameter. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 83 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=1&from=20&Lang=ar&link=javascript%3aprompt%28950012%29%3bundefined&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to " onmouseover=prompt(996681) bad=" The input is reflected inside a tag parameter between double quotes. Request headers

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 90 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=1&from=20&Lang=ar&link=%22%20onmouseover%3dprompt%28996681%29%20bad%3d%22&perPage @Amenefus 23

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to javascript:prompt(925056);undefined The input is reflected inside A tag href parameter, a FORM tag action parameter or (I)FRAME src parameter. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 83 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=1&from=20&Lang=ar&link=javascript%3aprompt%28925056%29%3bundefined&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to " onmouseover=prompt(996499) bad=" The input is reflected inside a tag parameter between double quotes. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 90 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=1&from=20&Lang=ar&link=%22%20onmouseover%3dprompt%28996499%29%20bad%3d%22&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to javascript:prompt(931225);undefined The input is reflected inside A tag href parameter, a FORM tag action parameter or (I)FRAME src parameter. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 83 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=1&from=20&Lang=ar&link=javascript%3aprompt%28931225%29%3bundefined&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to " onmouseover=prompt(900074) bad=" The input is reflected inside a tag parameter between double quotes.

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

Request headers POST /ajax/getMoreNews.php HTTP/1.1 @Amenefus

24

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

Content-Length: 90 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=1&from=20&Lang=ar&link=%22%20onmouseover%3dprompt%28900074%29%20bad%3d%22&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to javascript:prompt(969700);undefined The input is reflected inside A tag href parameter, a FORM tag action parameter or (I)FRAME src parameter. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 83 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=1&from=20&Lang=ar&link=javascript%3aprompt%28969700%29%3bundefined&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to " onmouseover=prompt(921287) bad=" The input is reflected inside a tag parameter between double quotes. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 90 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=1&from=20&Lang=ar&link=%22%20onmouseover%3dprompt%28921287%29%20bad%3d%22&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to javascript:prompt(954579);undefined The input is reflected inside A tag href parameter, a FORM tag action parameter or (I)FRAME src parameter. Request headers

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 83 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* @Amenefus 25

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

catId=1&from=20&Lang=ar&link=javascript%3aprompt%28954579%29%3bundefined&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to " onmouseover=prompt(920319) bad=" The input is reflected inside a tag parameter between double quotes. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 90 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=1&from=20&Lang=ar&link=%22%20onmouseover%3dprompt%28920319%29%20bad%3d%22&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to javascript:prompt(944245);undefined The input is reflected inside A tag href parameter, a FORM tag action parameter or (I)FRAME src parameter. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 83 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=1&from=20&Lang=ar&link=javascript%3aprompt%28944245%29%3bundefined&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to " onmouseover=prompt(915385) bad=" The input is reflected inside a tag parameter between double quotes. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 90 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=1&from=20&Lang=ar&link=%22%20onmouseover%3dprompt%28915385%29%20bad%3d%22&perPage=20 /ajax/getMoreNews.php Details

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

URL encoded POST input link was set to javascript:prompt(952987);undefined The input is reflected inside A tag href parameter, a FORM tag action parameter or (I)FRAME src parameter. Request headers @Amenefus 26

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 83 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=1&from=20&Lang=ar&link=javascript%3aprompt%28952987%29%3bundefined&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to " onmouseover=prompt(998308) bad=" The input is reflected inside a tag parameter between double quotes. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 90 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=1&from=20&Lang=ar&link=%22%20onmouseover%3dprompt%28998308%29%20bad%3d%22&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to javascript:prompt(989150);undefined The input is reflected inside A tag href parameter, a FORM tag action parameter or (I)FRAME src parameter. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 83 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=1&from=20&Lang=ar&link=javascript%3aprompt%28989150%29%3bundefined&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to " onmouseover=prompt(914943) bad=" The input is reflected inside a tag parameter between double quotes. Request headers

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 90 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* @Amenefus 27

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

catId=1&from=20&Lang=ar&link=%22%20onmouseover%3dprompt%28914943%29%20bad%3d%22&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to javascript:prompt(968098);undefined The input is reflected inside A tag href parameter, a FORM tag action parameter or (I)FRAME src parameter. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 83 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=1&from=20&Lang=ar&link=javascript%3aprompt%28968098%29%3bundefined&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to " onmouseover=prompt(906752) bad=" The input is reflected inside a tag parameter between double quotes. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 90 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=1&from=20&Lang=ar&link=%22%20onmouseover%3dprompt%28906752%29%20bad%3d%22&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to javascript:prompt(971829);undefined The input is reflected inside A tag href parameter, a FORM tag action parameter or (I)FRAME src parameter. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 83 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=1&from=20&Lang=ar&link=javascript%3aprompt%28971829%29%3bundefined&perPage=20 /ajax/getMoreNews.php Details

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

URL encoded POST input link was set to " onmouseover=prompt(957027) bad=" The input is reflected inside a tag parameter between double quotes. Request headers @Amenefus 28

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 90 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=1&from=20&Lang=ar&link=%22%20onmouseover%3dprompt%28957027%29%20bad%3d%22&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to javascript:prompt(927678);undefined The input is reflected inside A tag href parameter, a FORM tag action parameter or (I)FRAME src parameter. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 83 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=1&from=20&Lang=ar&link=javascript%3aprompt%28927678%29%3bundefined&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to " onmouseover=prompt(984211) bad=" The input is reflected inside a tag parameter between double quotes. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 90 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=1&from=20&Lang=ar&link=%22%20onmouseover%3dprompt%28984211%29%20bad%3d%22&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to javascript:prompt(984469);undefined The input is reflected inside A tag href parameter, a FORM tag action parameter or (I)FRAME src parameter. Request headers

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 83 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* @Amenefus 29

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

catId=1&from=20&Lang=ar&link=javascript%3aprompt%28984469%29%3bundefined&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to " onmouseover=prompt(968167) bad=" The input is reflected inside a tag parameter between double quotes. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 90 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=1&from=20&Lang=ar&link=%22%20onmouseover%3dprompt%28968167%29%20bad%3d%22&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to javascript:prompt(952101);undefined The input is reflected inside A tag href parameter, a FORM tag action parameter or (I)FRAME src parameter. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 83 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=1&from=20&Lang=ar&link=javascript%3aprompt%28952101%29%3bundefined&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to " onmouseover=prompt(954777) bad=" The input is reflected inside a tag parameter between double quotes. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 90 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=1&from=20&Lang=ar&link=%22%20onmouseover%3dprompt%28954777%29%20bad%3d%22&perPage=20 /ajax/getMoreNews.php Details

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

URL encoded POST input link was set to javascript:prompt(957472);undefined The input is reflected inside A tag href parameter, a FORM tag action parameter or (I)FRAME src parameter. @Amenefus 30

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 83 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=20&Lang=ar&link=javascript%3aprompt%28957472%29%3bundefined&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to " onmouseover=prompt(919463) bad=" The input is reflected inside a tag parameter between double quotes. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 90 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=20&Lang=ar&link=%22%20onmouseover%3dprompt%28919463%29%20bad%3d%22&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to javascript:prompt(946332);undefined The input is reflected inside A tag href parameter, a FORM tag action parameter or (I)FRAME src parameter. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 83 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=20&Lang=ar&link=javascript%3aprompt%28946332%29%3bundefined&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to " onmouseover=prompt(918243) bad=" The input is reflected inside a tag parameter between double quotes. Request headers

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 90 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) @Amenefus 31

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

Accept: */* catId=1&from=20&Lang=ar&link=%22%20onmouseover%3dprompt%28918243%29%20bad%3d%22&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to javascript:prompt(929451);undefined The input is reflected inside A tag href parameter, a FORM tag action parameter or (I)FRAME src parameter. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 83 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=20&Lang=ar&link=javascript%3aprompt%28929451%29%3bundefined&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to " onmouseover=prompt(967597) bad=" The input is reflected inside a tag parameter between double quotes. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 90 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=20&Lang=ar&link=%22%20onmouseover%3dprompt%28967597%29%20bad%3d%22&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to javascript:prompt(947392);undefined The input is reflected inside A tag href parameter, a FORM tag action parameter or (I)FRAME src parameter. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 83 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=20&Lang=ar&link=javascript%3aprompt%28947392%29%3bundefined&perPage=20

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

@Amenefus

32

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

/ajax/getMoreNews.php Details URL encoded POST input link was set to " onmouseover=prompt(996484) bad=" The input is reflected inside a tag parameter between double quotes. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 90 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=20&Lang=ar&link=%22%20onmouseover%3dprompt%28996484%29%20bad%3d%22&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to javascript:prompt(910477);undefined The input is reflected inside A tag href parameter, a FORM tag action parameter or (I)FRAME src parameter. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 83 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=20&Lang=ar&link=javascript%3aprompt%28910477%29%3bundefined&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to " onmouseover=prompt(991942) bad=" The input is reflected inside a tag parameter between double quotes. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 90 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=20&Lang=ar&link=%22%20onmouseover%3dprompt%28991942%29%20bad%3d%22&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to javascript:prompt(929037);undefined The input is reflected inside A tag href parameter, a FORM tag action parameter or (I)FRAME src parameter. Request headers

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

POST /ajax/getMoreNews.php HTTP/1.1 @Amenefus 33

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

Content-Length: 83 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=20&Lang=ar&link=javascript%3aprompt%28929037%29%3bundefined&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to " onmouseover=prompt(957226) bad=" The input is reflected inside a tag parameter between double quotes. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 90 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=20&Lang=ar&link=%22%20onmouseover%3dprompt%28957226%29%20bad%3d%22&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to javascript:prompt(976063);undefined The input is reflected inside A tag href parameter, a FORM tag action parameter or (I)FRAME src parameter. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 83 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=1&from=20&Lang=ar&link=javascript%3aprompt%28976063%29%3bundefined&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to " onmouseover=prompt(927610) bad=" The input is reflected inside a tag parameter between double quotes. Request headers

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 90 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=1&from=20&Lang=ar&link=%22%20onmouseover%3dprompt%28927610%29%20bad%3d%22&perPage @Amenefus 34

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to javascript:prompt(970115);undefined The input is reflected inside A tag href parameter, a FORM tag action parameter or (I)FRAME src parameter. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 83 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=1&from=20&Lang=ar&link=javascript%3aprompt%28970115%29%3bundefined&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to " onmouseover=prompt(998253) bad=" The input is reflected inside a tag parameter between double quotes. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 90 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=1&from=20&Lang=ar&link=%22%20onmouseover%3dprompt%28998253%29%20bad%3d%22&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to javascript:prompt(900268);undefined The input is reflected inside A tag href parameter, a FORM tag action parameter or (I)FRAME src parameter. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 83 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=1&from=20&Lang=ar&link=javascript%3aprompt%28900268%29%3bundefined&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to " onmouseover=prompt(912098) bad=" The input is reflected inside a tag parameter between double quotes.

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

Request headers POST /ajax/getMoreNews.php HTTP/1.1 @Amenefus

35

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

Content-Length: 90 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=1&from=20&Lang=ar&link=%22%20onmouseover%3dprompt%28912098%29%20bad%3d%22&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to javascript:prompt(913552);undefined The input is reflected inside A tag href parameter, a FORM tag action parameter or (I)FRAME src parameter. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 83 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=1&from=20&Lang=ar&link=javascript%3aprompt%28913552%29%3bundefined&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to " onmouseover=prompt(983694) bad=" The input is reflected inside a tag parameter between double quotes. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 90 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=1&from=20&Lang=ar&link=%22%20onmouseover%3dprompt%28983694%29%20bad%3d%22&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to javascript:prompt(989593);undefined The input is reflected inside A tag href parameter, a FORM tag action parameter or (I)FRAME src parameter. Request headers

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 83 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* @Amenefus 36

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

catId=1&from=20&Lang=ar&link=javascript%3aprompt%28989593%29%3bundefined&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to " onmouseover=prompt(942368) bad=" The input is reflected inside a tag parameter between double quotes. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 90 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=1&from=20&Lang=ar&link=%22%20onmouseover%3dprompt%28942368%29%20bad%3d%22&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to javascript:prompt(996101);undefined The input is reflected inside A tag href parameter, a FORM tag action parameter or (I)FRAME src parameter. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 83 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=1&from=20&Lang=ar&link=javascript%3aprompt%28996101%29%3bundefined&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to " onmouseover=prompt(953834) bad=" The input is reflected inside a tag parameter between double quotes. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 90 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=1&from=20&Lang=ar&link=%22%20onmouseover%3dprompt%28953834%29%20bad%3d%22&perPage=20 /ajax/getMoreNews.php Details

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

URL encoded POST input link was set to javascript:prompt(938879);undefined The input is reflected inside A tag href parameter, a FORM tag action parameter or (I)FRAME src parameter. Request headers @Amenefus 37

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 83 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=1&from=20&Lang=ar&link=javascript%3aprompt%28938879%29%3bundefined&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to javascript:prompt(941984);undefined The input is reflected inside A tag href parameter, a FORM tag action parameter or (I)FRAME src parameter. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 83 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=1&from=20&Lang=ar&link=javascript%3aprompt%28941984%29%3bundefined&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to " onmouseover=prompt(955326) bad=" The input is reflected inside a tag parameter between double quotes. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 90 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=1&from=20&Lang=ar&link=%22%20onmouseover%3dprompt%28955326%29%20bad%3d%22&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to javascript:prompt(994874);undefined The input is reflected inside A tag href parameter, a FORM tag action parameter or (I)FRAME src parameter. Request headers

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 83 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* @Amenefus 38

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

catId=1&from=20&Lang=ar&link=javascript%3aprompt%28994874%29%3bundefined&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to " onmouseover=prompt(916587) bad=" The input is reflected inside a tag parameter between double quotes. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 90 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=1&from=20&Lang=ar&link=%22%20onmouseover%3dprompt%28916587%29%20bad%3d%22&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to javascript:prompt(963397);undefined The input is reflected inside A tag href parameter, a FORM tag action parameter or (I)FRAME src parameter. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 83 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=1&from=20&Lang=ar&link=javascript%3aprompt%28963397%29%3bundefined&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to " onmouseover=prompt(957467) bad=" The input is reflected inside a tag parameter between double quotes. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 90 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=1&from=20&Lang=ar&link=%22%20onmouseover%3dprompt%28957467%29%20bad%3d%22&perPage=20 /ajax/getMoreNews.php Details

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

URL encoded POST input link was set to javascript:prompt(904191);undefined The input is reflected inside A tag href parameter, a FORM tag action parameter or (I)FRAME src parameter. Request headers @Amenefus 39

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 83 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=1&from=20&Lang=ar&link=javascript%3aprompt%28904191%29%3bundefined&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to " onmouseover=prompt(980403) bad=" The input is reflected inside a tag parameter between double quotes. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 90 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=1&from=20&Lang=ar&link=%22%20onmouseover%3dprompt%28980403%29%20bad%3d%22&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to javascript:prompt(976289);undefined The input is reflected inside A tag href parameter, a FORM tag action parameter or (I)FRAME src parameter. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 83 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=1&from=20&Lang=ar&link=javascript%3aprompt%28976289%29%3bundefined&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to " onmouseover=prompt(995758) bad=" The input is reflected inside a tag parameter between double quotes. Request headers

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 90 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* @Amenefus 40

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

catId=1&from=20&Lang=ar&link=%22%20onmouseover%3dprompt%28995758%29%20bad%3d%22&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to javascript:prompt(952877);undefined The input is reflected inside A tag href parameter, a FORM tag action parameter or (I)FRAME src parameter. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 83 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=1&from=20&Lang=ar&link=javascript%3aprompt%28952877%29%3bundefined&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to " onmouseover=prompt(963136) bad=" The input is reflected inside a tag parameter between double quotes. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 90 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=1&from=20&Lang=ar&link=%22%20onmouseover%3dprompt%28963136%29%20bad%3d%22&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to javascript:prompt(916993);undefined The input is reflected inside A tag href parameter, a FORM tag action parameter or (I)FRAME src parameter. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 83 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=1&from=20&Lang=ar&link=javascript%3aprompt%28916993%29%3bundefined&perPage=20 /ajax/getMoreNews.php Details

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

URL encoded POST input link was set to " onmouseover=prompt(923470) bad=" The input is reflected inside a tag parameter between double quotes. Request headers @Amenefus 41

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 90 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=1&from=20&Lang=ar&link=%22%20onmouseover%3dprompt%28923470%29%20bad%3d%22&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to " onmouseover=prompt(956081) bad=" The input is reflected inside a tag parameter between double quotes. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 90 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=1&from=20&Lang=ar&link=%22%20onmouseover%3dprompt%28956081%29%20bad%3d%22&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to " onmouseover=prompt(903295) bad=" The input is reflected inside a tag parameter between double quotes. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 90 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=1&from=20&Lang=ar&link=%22%20onmouseover%3dprompt%28903295%29%20bad%3d%22&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to javascript:prompt(934144);undefined The input is reflected inside A tag href parameter, a FORM tag action parameter or (I)FRAME src parameter. Request headers

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 83 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) @Amenefus 42

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

Accept: */* catId=1&from=20&Lang=ar&link=javascript%3aprompt%28934144%29%3bundefined&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to " onmouseover=prompt(949615) bad=" The input is reflected inside a tag parameter between double quotes. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 90 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=1&from=20&Lang=ar&link=%22%20onmouseover%3dprompt%28949615%29%20bad%3d%22&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to javascript:prompt(925448);undefined The input is reflected inside A tag href parameter, a FORM tag action parameter or (I)FRAME src parameter. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 83 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=1&from=20&Lang=ar&link=javascript%3aprompt%28925448%29%3bundefined&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to " onmouseover=prompt(963927) bad=" The input is reflected inside a tag parameter between double quotes. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 90 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=1&from=20&Lang=ar&link=%22%20onmouseover%3dprompt%28963927%29%20bad%3d%22&perPage=20

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

@Amenefus

43

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

/ajax/getMoreNews.php Details URL encoded POST input link was set to javascript:prompt(998132);undefined The input is reflected inside A tag href parameter, a FORM tag action parameter or (I)FRAME src parameter. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 83 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=1&from=20&Lang=ar&link=javascript%3aprompt%28998132%29%3bundefined&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to " onmouseover=prompt(920636) bad=" The input is reflected inside a tag parameter between double quotes. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 90 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=1&from=20&Lang=ar&link=%22%20onmouseover%3dprompt%28920636%29%20bad%3d%22&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to javascript:prompt(936447);undefined The input is reflected inside A tag href parameter, a FORM tag action parameter or (I)FRAME src parameter. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 83 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=1&from=20&Lang=ar&link=javascript%3aprompt%28936447%29%3bundefined&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to " onmouseover=prompt(928537) bad=" The input is reflected inside a tag parameter between double quotes. Request headers

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 90 @Amenefus 44

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=1&from=20&Lang=ar&link=%22%20onmouseover%3dprompt%28928537%29%20bad%3d%22&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to javascript:prompt(935447);undefined The input is reflected inside A tag href parameter, a FORM tag action parameter or (I)FRAME src parameter. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 83 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=1&from=20&Lang=ar&link=javascript%3aprompt%28935447%29%3bundefined&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to " onmouseover=prompt(970365) bad=" The input is reflected inside a tag parameter between double quotes. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 90 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=1&from=20&Lang=ar&link=%22%20onmouseover%3dprompt%28970365%29%20bad%3d%22&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to javascript:prompt(991626);undefined The input is reflected inside A tag href parameter, a FORM tag action parameter or (I)FRAME src parameter. Request headers

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 83 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=1&from=20&Lang=ar&link=javascript%3aprompt%28991626%29%3bundefined&perPage=20 @Amenefus

45

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

/ajax/getMoreNews.php Details URL encoded POST input link was set to " onmouseover=prompt(978369) bad=" The input is reflected inside a tag parameter between double quotes. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 90 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=1&from=20&Lang=ar&link=%22%20onmouseover%3dprompt%28978369%29%20bad%3d%22&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to javascript:prompt(900138);undefined The input is reflected inside A tag href parameter, a FORM tag action parameter or (I)FRAME src parameter. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 83 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=1&from=20&Lang=ar&link=javascript%3aprompt%28900138%29%3bundefined&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to javascript:prompt(912658);undefined The input is reflected inside A tag href parameter, a FORM tag action parameter or (I)FRAME src parameter. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 83 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=1&from=20&Lang=ar&link=javascript%3aprompt%28912658%29%3bundefined&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to " onmouseover=prompt(973968) bad=" The input is reflected inside a tag parameter between double quotes. Request headers

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 90 @Amenefus

46

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=20&Lang=ar&link=%22%20onmouseover%3dprompt%28973968%29%20bad%3d%22&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to javascript:prompt(962517);undefined The input is reflected inside A tag href parameter, a FORM tag action parameter or (I)FRAME src parameter. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 83 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=20&Lang=ar&link=javascript%3aprompt%28962517%29%3bundefined&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to " onmouseover=prompt(951940) bad=" The input is reflected inside a tag parameter between double quotes. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 90 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=20&Lang=ar&link=%22%20onmouseover%3dprompt%28951940%29%20bad%3d%22&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to javascript:prompt(908285);undefined The input is reflected inside A tag href parameter, a FORM tag action parameter or (I)FRAME src parameter. Request headers

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 83 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=20&Lang=ar&link=javascript%3aprompt%28908285%29%3bundefined&perPage=20 @Amenefus

47

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

/ajax/getMoreNews.php Details URL encoded POST input link was set to " onmouseover=prompt(927110) bad=" The input is reflected inside a tag parameter between double quotes. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 90 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=20&Lang=ar&link=%22%20onmouseover%3dprompt%28927110%29%20bad%3d%22&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to javascript:prompt(990342);undefined The input is reflected inside A tag href parameter, a FORM tag action parameter or (I)FRAME src parameter. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 83 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=20&Lang=ar&link=javascript%3aprompt%28990342%29%3bundefined&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to " onmouseover=prompt(968116) bad=" The input is reflected inside a tag parameter between double quotes. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 90 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=20&Lang=ar&link=%22%20onmouseover%3dprompt%28968116%29%20bad%3d%22&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to javascript:prompt(929505);undefined The input is reflected inside A tag href parameter, a FORM tag action parameter or (I)FRAME src parameter. Request headers

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

POST /ajax/getMoreNews.php HTTP/1.1 @Amenefus 48

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

Content-Length: 83 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=20&Lang=ar&link=javascript%3aprompt%28929505%29%3bundefined&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to " onmouseover=prompt(935175) bad=" The input is reflected inside a tag parameter between double quotes. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 90 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=20&Lang=ar&link=%22%20onmouseover%3dprompt%28935175%29%20bad%3d%22&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to javascript:prompt(911238);undefined The input is reflected inside A tag href parameter, a FORM tag action parameter or (I)FRAME src parameter. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 83 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=20&Lang=ar&link=javascript%3aprompt%28911238%29%3bundefined&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to " onmouseover=prompt(921763) bad=" The input is reflected inside a tag parameter between double quotes. Request headers

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 90 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=20&Lang=ar&link=%22%20onmouseover%3dprompt%28921763%29%20bad%3d%22&perPage @Amenefus 49

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to javascript:prompt(918214);undefined The input is reflected inside A tag href parameter, a FORM tag action parameter or (I)FRAME src parameter. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 83 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=20&Lang=ar&link=javascript%3aprompt%28918214%29%3bundefined&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to " onmouseover=prompt(988107) bad=" The input is reflected inside a tag parameter between double quotes. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 90 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=20&Lang=ar&link=%22%20onmouseover%3dprompt%28988107%29%20bad%3d%22&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to javascript:prompt(900145);undefined The input is reflected inside A tag href parameter, a FORM tag action parameter or (I)FRAME src parameter. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 83 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=20&Lang=ar&link=javascript%3aprompt%28900145%29%3bundefined&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to javascript:prompt(972656);undefined The input is reflected inside A tag href parameter, a FORM tag action parameter or (I)FRAME src parameter.

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

Request headers POST /ajax/getMoreNews.php HTTP/1.1 @Amenefus

50

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

Content-Length: 83 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=20&Lang=ar&link=javascript%3aprompt%28972656%29%3bundefined&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to javascript:prompt(927890);undefined The input is reflected inside A tag href parameter, a FORM tag action parameter or (I)FRAME src parameter. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 83 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=1&from=20&Lang=ar&link=javascript%3aprompt%28927890%29%3bundefined&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to " onmouseover=prompt(910814) bad=" The input is reflected inside a tag parameter between double quotes. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 90 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=1&from=20&Lang=ar&link=%22%20onmouseover%3dprompt%28910814%29%20bad%3d%22&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to javascript:prompt(912408);undefined The input is reflected inside A tag href parameter, a FORM tag action parameter or (I)FRAME src parameter. Request headers

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 83 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=1&from=20&Lang=ar&link=javascript%3aprompt%28912408%29%3bundefined&perPage=20 @Amenefus

51

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

/ajax/getMoreNews.php Details URL encoded POST input link was set to " onmouseover=prompt(925348) bad=" The input is reflected inside a tag parameter between double quotes. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 90 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=1&from=20&Lang=ar&link=%22%20onmouseover%3dprompt%28925348%29%20bad%3d%22&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to javascript:prompt(984538);undefined The input is reflected inside A tag href parameter, a FORM tag action parameter or (I)FRAME src parameter. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 83 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=1&from=20&Lang=ar&link=javascript%3aprompt%28984538%29%3bundefined&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to " onmouseover=prompt(914465) bad=" The input is reflected inside a tag parameter between double quotes. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 90 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=1&from=20&Lang=ar&link=%22%20onmouseover%3dprompt%28914465%29%20bad%3d%22&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to " onmouseover=prompt(978508) bad=" The input is reflected inside a tag parameter between double quotes. Request headers

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

POST /ajax/getMoreNews.php HTTP/1.1 @Amenefus

52

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

Content-Length: 90 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=1&from=20&Lang=ar&link=%22%20onmouseover%3dprompt%28978508%29%20bad%3d%22&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to " onmouseover=prompt(966154) bad=" The input is reflected inside a tag parameter between double quotes. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 90 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=20&Lang=ar&link=%22%20onmouseover%3dprompt%28966154%29%20bad%3d%22&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to javascript:prompt(911026);undefined The input is reflected inside A tag href parameter, a FORM tag action parameter or (I)FRAME src parameter. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 83 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=20&Lang=ar&link=javascript%3aprompt%28911026%29%3bundefined&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to " onmouseover=prompt(926648) bad=" The input is reflected inside a tag parameter between double quotes. Request headers

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 90 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* @Amenefus 53

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

catId=2&from=20&Lang=ar&link=%22%20onmouseover%3dprompt%28926648%29%20bad%3d%22&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to " onmouseover=prompt(971460) bad=" The input is reflected inside a tag parameter between double quotes. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 90 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=1&from=20&Lang=ar&link=%22%20onmouseover%3dprompt%28971460%29%20bad%3d%22&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to javascript:prompt(986057);undefined The input is reflected inside A tag href parameter, a FORM tag action parameter or (I)FRAME src parameter. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 83 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=1&from=20&Lang=ar&link=javascript%3aprompt%28986057%29%3bundefined&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input link was set to javascript:prompt(979069);undefined The input is reflected inside A tag href parameter, a FORM tag action parameter or (I)FRAME src parameter. Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 83 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=1&from=20&Lang=ar&link=javascript%3aprompt%28979069%29%3bundefined&perPage=20 /support/index.php Details

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

URI was set to ö" onmouseover=prompt(972822) // The input is reflected inside a tag parameter between double quotes. Request headers @Amenefus 54

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

GET /support/index.php/%F6%22%20onmouseover=prompt(972822)%20// HTTP/1.1 Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */*

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

@Amenefus

55

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

PHP allow_url_fopen enabled
Severity High Type Configuration Reported by module Scripting (PHPInfo.script) Description The PHP configuration directive allow_url_fopen is enabled. When enabled, this directive allows data retrieval from remote locations (web site or FTP server). A large number of code injection vulnerabilities reported in PHP-based web applications are caused by the combination of enabling allow_url_fopen and bad input filtering. allow_url_fopen is enabled by default. Impact Application dependant - possible remote file inclusion. Recommendation You can disable allow_url_fopen from php.ini or .htaccess. php.ini allow_url_fopen = 'off' .htaccess php_flag allow_url_fopen off

Affected items /info.php Details This vulnerability was detected using the information from phpinfo() page /info.php allow_url_fopen: On Request headers GET /info.php HTTP/1.1 Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */*

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

@Amenefus

56

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

SQL injection
Severity High Type Validation Reported by module Scripting (Sql_Injection.script) Description This script is possibly vulnerable to SQL Injection attacks. SQL injection is a vulnerability that allows an attacker to alter backend SQL statements by manipulating the user input. An SQL injection occurs when web applications accept user input that is directly placed into a SQL statement and doesn't properly filter out dangerous characters. This is one of the most common application layer attacks currently being used on the Internet. Despite the fact that it is relatively easy to protect against, there is a large number of web applications vulnerable. Impact An attacker may execute arbitrary SQL statements on the vulnerable system. This may compromise the integrity of your database and/or expose sensitive information. Depending on the back-end database in use, SQL injection vulnerabilities lead to varying levels of data/system access for the attacker. It may be possible to not only manipulate existing queries, but to UNION in arbitrary data, use subselects, or append additional queries. In some cases, it may be possible to read in or write out to files, or to execute shell commands on the underlying operating system. Certain SQL Servers such as Microsoft SQL Server contain stored and extended procedures (database server functions). If an attacker can obtain access to these procedures it may be possible to compromise the entire machine. Recommendation Your script should filter metacharacters from user input. Check detailed information for more information about fixing this vulnerability. References More Advanced SQL Injection OWASP PHP Top 5 SQL Injection Walkthrough OWASP Injection Flaws Security Focus - Penetration Testing for Web Applications (Part Two) Advanced SQL Injection Acunetix SQL Injection Attack SQL Injection Attacks by Example Affected items /ajax/getMoreNews.php Details URL encoded POST input from was set to 1'" Error message found: You have an error in your SQL syntax Request headers

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 116 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=5&from=1%27%22&Lang=ar&link=%3FcatId%3D5%26Lang%3Dar%26MenuId%3D20%26ParentId%3D14%26T emplateId%3D2&perPage=20 @Amenefus 57

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

/ajax/getMoreNews.php Details URL encoded POST input from was set to 1'" Error message found: You have an error in your SQL syntax Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 119 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=8&from=1%27%22&Lang=ar&link=%3FLang%3Dar%26MenuId%3D91%26PageId%3D20%26ParentId%3D48%2 6TemplateId%3D24&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input from was set to 1'" Error message found: You have an error in your SQL syntax Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 116 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=1&from=1%27%22&Lang=ar&link=%3FLang%3Dar%26MenuId%3D41%26PageId%3D0%26ParentId%3D3%26T emplateId%3D2&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input from was set to 1'" Error message found: You have an error in your SQL syntax Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 115 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=1%27%22&Lang=ar&link=%3FcatId%3D2%26Lang%3Dar%26MenuId%3D68%26ParentId%3D4%26Te mplateId%3D2&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input from was set to 1'" Error message found: You have an error in your SQL syntax Request headers

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 129 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 @Amenefus 58

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=1%27%22&Lang=ar&link=%3FcatId%3D2%26Lang%3Dar%26MenuId%3D68%26PageId%3D0%26Pare ntId%3D14%26TemplateId%3D2&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input from was set to 1'" Error message found: You have an error in your SQL syntax Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 104 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=5&from=1%27%22&Lang=ar&link=%3FcatId%3D5%26MenuId%3D20%26ParentId%3D14%26TemplateId%3D 2&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input from was set to 1'" Error message found: You have an error in your SQL syntax Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 129 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=1%27%22&Lang=en&link=%3FcatId%3D2%26Lang%3Den%26MenuId%3D68%26PageId%3D0%26Pare ntId%3D14%26TemplateId%3D2&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input from was set to 1'" Error message found: You have an error in your SQL syntax Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 116 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=1&from=1%27%22&Lang=en&link=%3FLang%3Den%26MenuId%3D41%26PageId%3D0%26ParentId%3D3%26T emplateId%3D2&perPage=20

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

@Amenefus

59

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

/ajax/getMoreNews.php Details URL encoded POST input from was set to 1'" Error message found: You have an error in your SQL syntax Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 104 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=1&from=1%27%22&Lang=ar&link=%3FMenuId%3D41%26PageId%3D0%26ParentId%3D3%26TemplateId%3D 2&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input from was set to 1'" Error message found: You have an error in your SQL syntax Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 103 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=1%27%22&Lang=ar&link=%3FcatId%3D2%26MenuId%3D68%26ParentId%3D4%26TemplateId%3D2 &perPage=20 /ajax/getMoreNews.php Details URL encoded POST input from was set to 1'" Error message found: You have an error in your SQL syntax Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 115 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=1%27%22&Lang=en&link=%3FcatId%3D2%26Lang%3Den%26MenuId%3D68%26ParentId%3D4%26Te mplateId%3D2&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input perPage was set to 1'" Error message found: You have an error in your SQL syntax Request headers

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 119 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 @Amenefus 60

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=8&from=20&Lang=ar&link=%3FLang%3Dar%26MenuId%3D91%26PageId%3D20%26ParentId%3D48%26Temp lateId%3D24&perPage=1%27%22 /ajax/getMoreNews.php Details URL encoded POST input perPage was set to 1'" Error message found: You have an error in your SQL syntax Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 129 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=20&Lang=ar&link=%3FcatId%3D2%26Lang%3Dar%26MenuId%3D68%26PageId%3D0%26ParentId% 3D14%26TemplateId%3D2&perPage=1%27%22 /ajax/getMoreNews.php Details URL encoded POST input perPage was set to 1'" Error message found: You have an error in your SQL syntax Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 116 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=5&from=20&Lang=ar&link=%3FcatId%3D5%26Lang%3Dar%26MenuId%3D20%26ParentId%3D14%26Templa teId%3D2&perPage=1%27%22 /ajax/getMoreNews.php Details URL encoded POST input perPage was set to 1'" Error message found: You have an error in your SQL syntax Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 116 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=1&from=20&Lang=ar&link=%3FLang%3Dar%26MenuId%3D41%26PageId%3D0%26ParentId%3D3%26Templa teId%3D2&perPage=1%27%22

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

@Amenefus

61

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

/ajax/getMoreNews.php Details URL encoded POST input perPage was set to 1'" Error message found: You have an error in your SQL syntax Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 115 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=20&Lang=ar&link=%3FcatId%3D2%26Lang%3Dar%26MenuId%3D68%26ParentId%3D4%26Templat eId%3D2&perPage=1%27%22 /ajax/getMoreNews.php Details URL encoded POST input perPage was set to 1'" Error message found: You have an error in your SQL syntax Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 104 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=1&from=20&Lang=ar&link=%3FMenuId%3D41%26PageId%3D0%26ParentId%3D3%26TemplateId%3D2&per Page=1%27%22 /ajax/getMoreNews.php Details URL encoded POST input perPage was set to 1'" Error message found: You have an error in your SQL syntax Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 129 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=20&Lang=en&link=%3FcatId%3D2%26Lang%3Den%26MenuId%3D68%26PageId%3D0%26ParentId% 3D14%26TemplateId%3D2&perPage=1%27%22 /ajax/getMoreNews.php Details URL encoded POST input perPage was set to 1'" Error message found: You have an error in your SQL syntax Request headers

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 116 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 @Amenefus 62

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=1&from=20&Lang=en&link=%3FLang%3Den%26MenuId%3D41%26PageId%3D0%26ParentId%3D3%26Templa teId%3D2&perPage=1%27%22 /ajax/getMoreNews.php Details URL encoded POST input perPage was set to 1'" Error message found: You have an error in your SQL syntax Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 104 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=5&from=20&Lang=ar&link=%3FcatId%3D5%26MenuId%3D20%26ParentId%3D14%26TemplateId%3D2&per Page=1%27%22 /ajax/getMoreNews.php Details URL encoded POST input perPage was set to 1'" Error message found: You have an error in your SQL syntax Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 103 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=20&Lang=ar&link=%3FcatId%3D2%26MenuId%3D68%26ParentId%3D4%26TemplateId%3D2&perP age=1%27%22 /ajax/getMoreNews.php Details URL encoded POST input perPage was set to 1'" Error message found: You have an error in your SQL syntax Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 115 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=20&Lang=en&link=%3FcatId%3D2%26Lang%3Den%26MenuId%3D68%26ParentId%3D4%26Templat eId%3D2&perPage=1%27%22

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

@Amenefus

63

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

Application error message
Severity Medium Type Validation Reported by module Scripting (Error_Message.script) Description This page contains an error/warning message that may disclose sensitive information.The message can also contain the location of the file that produced the unhandled exception. This may be a false positive if the error message is found in documentation pages. Impact The error messages may disclose sensitive information. This information can be used to launch further attacks. Recommendation Review the source code for this script. References PHP Runtime Configuration Affected items /ajax/getMoreNews.php Details URL encoded POST input from was set to 1e309 Error message found: You have an error in your SQL syntax Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 114 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=5&from=1e309&Lang=ar&link=%3FcatId%3D5%26Lang%3Dar%26MenuId%3D20%26ParentId%3D14%26Tem plateId%3D2&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input from was set to 1e309 Error message found: You have an error in your SQL syntax Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 117 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=8&from=1e309&Lang=ar&link=%3FLang%3Dar%26MenuId%3D91%26PageId%3D20%26ParentId%3D48%26T emplateId%3D24&perPage=20

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

@Amenefus

64

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

/ajax/getMoreNews.php Details URL encoded POST input from was set to 1e309 Error message found: You have an error in your SQL syntax Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 114 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=1&from=1e309&Lang=ar&link=%3FLang%3Dar%26MenuId%3D41%26PageId%3D0%26ParentId%3D3%26Tem plateId%3D2&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input from was set to 1e309 Error message found: You have an error in your SQL syntax Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 113 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=1e309&Lang=ar&link=%3FcatId%3D2%26Lang%3Dar%26MenuId%3D68%26ParentId%3D4%26Temp lateId%3D2&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input from was set to 1e309 Error message found: You have an error in your SQL syntax Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 127 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=1e309&Lang=ar&link=%3FcatId%3D2%26Lang%3Dar%26MenuId%3D68%26PageId%3D0%26Parent Id%3D14%26TemplateId%3D2&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input from was set to 1e309 Error message found: You have an error in your SQL syntax Request headers

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 102 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 @Amenefus 65

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=5&from=1e309&Lang=ar&link=%3FcatId%3D5%26MenuId%3D20%26ParentId%3D14%26TemplateId%3D2& perPage=20 /ajax/getMoreNews.php Details URL encoded POST input from was set to 1e309 Error message found: You have an error in your SQL syntax Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 114 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=1&from=1e309&Lang=en&link=%3FLang%3Den%26MenuId%3D41%26PageId%3D0%26ParentId%3D3%26Tem plateId%3D2&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input from was set to 1e309 Error message found: You have an error in your SQL syntax Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 127 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=1e309&Lang=en&link=%3FcatId%3D2%26Lang%3Den%26MenuId%3D68%26PageId%3D0%26Parent Id%3D14%26TemplateId%3D2&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input from was set to 1e309 Error message found: You have an error in your SQL syntax Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 102 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=1&from=1e309&Lang=ar&link=%3FMenuId%3D41%26PageId%3D0%26ParentId%3D3%26TemplateId%3D2& perPage=20

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

@Amenefus

66

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

/ajax/getMoreNews.php Details URL encoded POST input from was set to 1e309 Error message found: You have an error in your SQL syntax Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 101 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=1e309&Lang=ar&link=%3FcatId%3D2%26MenuId%3D68%26ParentId%3D4%26TemplateId%3D2&p erPage=20 /ajax/getMoreNews.php Details URL encoded POST input from was set to 1e309 Error message found: You have an error in your SQL syntax Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 113 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=1e309&Lang=en&link=%3FcatId%3D2%26Lang%3Den%26MenuId%3D68%26ParentId%3D4%26Temp lateId%3D2&perPage=20 /ajax/getMoreNews.php Details URL encoded POST input perPage was set to 1e309 Error message found: You have an error in your SQL syntax Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 117 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=8&from=20&Lang=ar&link=%3FLang%3Dar%26MenuId%3D91%26PageId%3D20%26ParentId%3D48%26Temp lateId%3D24&perPage=1e309 /ajax/getMoreNews.php Details URL encoded POST input perPage was set to 1e309 Error message found: You have an error in your SQL syntax Request headers

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 127 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 @Amenefus 67

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=20&Lang=ar&link=%3FcatId%3D2%26Lang%3Dar%26MenuId%3D68%26PageId%3D0%26ParentId% 3D14%26TemplateId%3D2&perPage=1e309 /ajax/getMoreNews.php Details URL encoded POST input perPage was set to 1e309 Error message found: You have an error in your SQL syntax Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 114 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=5&from=20&Lang=ar&link=%3FcatId%3D5%26Lang%3Dar%26MenuId%3D20%26ParentId%3D14%26Templa teId%3D2&perPage=1e309 /ajax/getMoreNews.php Details URL encoded POST input perPage was set to 1e309 Error message found: You have an error in your SQL syntax Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 114 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=1&from=20&Lang=ar&link=%3FLang%3Dar%26MenuId%3D41%26PageId%3D0%26ParentId%3D3%26Templa teId%3D2&perPage=1e309 /ajax/getMoreNews.php Details URL encoded POST input perPage was set to 1e309 Error message found: You have an error in your SQL syntax Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 113 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=20&Lang=ar&link=%3FcatId%3D2%26Lang%3Dar%26MenuId%3D68%26ParentId%3D4%26Templat eId%3D2&perPage=1e309

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

@Amenefus

68

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

/ajax/getMoreNews.php Details URL encoded POST input perPage was set to 1e309 Error message found: You have an error in your SQL syntax Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 102 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=1&from=20&Lang=ar&link=%3FMenuId%3D41%26PageId%3D0%26ParentId%3D3%26TemplateId%3D2&per Page=1e309 /ajax/getMoreNews.php Details URL encoded POST input perPage was set to 1e309 Error message found: You have an error in your SQL syntax Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 114 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=1&from=20&Lang=en&link=%3FLang%3Den%26MenuId%3D41%26PageId%3D0%26ParentId%3D3%26Templa teId%3D2&perPage=1e309 /ajax/getMoreNews.php Details URL encoded POST input perPage was set to 1e309 Error message found: You have an error in your SQL syntax Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 127 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=20&Lang=en&link=%3FcatId%3D2%26Lang%3Den%26MenuId%3D68%26PageId%3D0%26ParentId% 3D14%26TemplateId%3D2&perPage=1e309 /ajax/getMoreNews.php Details URL encoded POST input perPage was set to 1e309 Error message found: You have an error in your SQL syntax Request headers

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 102 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 @Amenefus 69

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=5&from=20&Lang=ar&link=%3FcatId%3D5%26MenuId%3D20%26ParentId%3D14%26TemplateId%3D2&per Page=1e309 /ajax/getMoreNews.php Details URL encoded POST input perPage was set to 1e309 Error message found: You have an error in your SQL syntax Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 101 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=20&Lang=ar&link=%3FcatId%3D2%26MenuId%3D68%26ParentId%3D4%26TemplateId%3D2&perP age=1e309 /ajax/getMoreNews.php Details URL encoded POST input perPage was set to 1e309 Error message found: You have an error in your SQL syntax Request headers POST /ajax/getMoreNews.php HTTP/1.1 Content-Length: 113 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* catId=2&from=20&Lang=en&link=%3FcatId%3D2%26Lang%3Den%26MenuId%3D68%26ParentId%3D4%26Templat eId%3D2&perPage=1e309

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

@Amenefus

70

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

FCKeditor Arbitrary File Upload
Severity Medium Type Validation Reported by module Scripting (FCKEditor_Audit.script) Description Multiple vendor applications utilize FCKeditor. FCKeditor contains functionality to handle file uploads and file management. A remote attacker could use this functionality to upload malicous executable files on the system. To test file upload capabilities, Acunetix WVS created a file named Acunetix_WVS_File_Upload_test.txt on the server. Impact An attacker could upload and execute malicious code. Recommendation It is recommended to disable the file upload functionality in FCKeditor (if not required). References FCKeditor FCKeditor CurrentFolder directory traversal Affected items /support/FCKeditor/editor/filemanager/connectors/php/connector.php?Command=FileUpload&Type=File&Curren tFolder=/ Details No details are available. Request headers POST /support/FCKeditor/editor/filemanager/connectors/php/connector.php?Command=FileUpload&Typ e=File&CurrentFolder=/ HTTP/1.1 Content-Type: multipart/form-data; boundary=---------------------------29565348729577 Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Content-Length: 270 Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* -----------------------------29565348729577 Content-Disposition: form-data; name="NewFile"; filename="Acunetix_WVS_File_Upload_test.txt" Content-Type: text/plain Testing file upload (HoXmZQwLEznHU7iQe10g231W1wjTrX5m) -----------------------------29565348729577--

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

@Amenefus

71

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

HTML form without CSRF protection
Severity Medium Type Informational Reported by module Crawler Description This alert may be a false positive, manual confirmation is required. Cross-site request forgery, also known as a one-click attack or session riding and abbreviated as CSRF or XSRF, is a type of malicious exploit of a website whereby unauthorized commands are transmitted from a user that the website trusts. Acunetix WVS found a HTML form with no apparent CSRF protection implemented. Consult details for more information about the affected HTML form. Impact An attacker may force the users of a web application to execute actions of the attacker's choosing. A successful CSRF exploit can compromise end user data and operation in case of normal user. If the targeted end user is the administrator account, this can compromise the entire web application. Recommendation Check if this form requires CSRF protection and implement CSRF countermeasures if necessary. Affected items / Details Form name: <empty> Form action: http://www.paltelgroup.ps/index.php?TemplateId=17&Lang=ar Form method: POST Form inputs: - search [Text] - searchButton [Submit]

Request headers GET / HTTP/1.1 Pragma: no-cache Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Acunetix-Aspect-Queries: filelist;aspectalerts Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* / (975a4a1b7430a0d8d05b765506281cce) Details

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

Form name: <empty> Form action: http://www.paltelgroup.ps/index.php?TemplateId=17&Lang=en Form method: POST Form inputs: - search [Text] - searchButton [Submit]

@Amenefus

72

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

Request headers GET /?Lang=en HTTP/1.1 Pragma: no-cache Referer: http://www.paltelgroup.ps/ Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Acunetix-Aspect-Queries: filelist;aspectalerts Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* /index.php (49d67861bd12777a7a2650a300089e02) Details Form name: reg Form action: http://www.paltelgroup.ps/application_corporate_action.php Form method: POST Form inputs: - opt [Hidden] - corporates_name [Text] - corporates_owner [Text] - corporates_contact [Text] - corporates_mobile [Text] - corporates_mobile_pre [Select] - corporates_contact_mobile [Text] - corporates_contact_mobile_pre [Select] - corporates_phone [Text][/l ... (line truncated) Request headers GET /index.php?Lang=ar&MenuId=50&ParentId=4&TemplateId=15 HTTP/1.1 Pragma: no-cache Referer: http://www.paltelgroup.ps/ Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Acunetix-Aspect-Queries: filelist;aspectalerts Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* /index.php (9fc54a9bc9d01b713855ba23fe521a28) Details Form name: <empty> Form action: http://www.paltelgroup.ps/index.php Form method: POST Form inputs: - Lang [Hidden] - name [Text] - email [Text] - telenum [Text] - org [Text] - country [Select] - subject [Text] - feedback [TextArea] - capa [Text]

Request headers

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

GET /index.php?Lang=ar&ParentId=0&TemplateId=22 HTTP/1.1 Pragma: no-cache @Amenefus 73

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

Referer: http://www.paltelgroup.ps/ Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Acunetix-Aspect-Queries: filelist;aspectalerts Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* /index.php (a43aa64b6c7f5b32aff137a508ade340) Details Form name: <empty> Form action: http://www.paltelgroup.ps/index.php Form method: POST Form inputs: - Lang [Hidden] - name [Text] - email [Text] - telenum [Text] - org [Text] - country [Select] - subject [Text] - feedback [TextArea] - capa [Text]

Request headers GET /index.php?Lang=en&ParentId=0&TemplateId=22 HTTP/1.1 Pragma: no-cache Referer: http://www.paltelgroup.ps/ Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Acunetix-Aspect-Queries: filelist;aspectalerts Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* /support Details Form name: form1 Form action: http://www.paltelgroup.ps/support/index.php Form method: POST Form inputs: - name [Text] - password [Password] - security_code [Text] - login [Hidden]

Request headers

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

GET /support/ HTTP/1.1 Pragma: no-cache Referer: http://www.paltelgroup.ps/support/ Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Acunetix-Aspect-Queries: filelist;aspectalerts Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps @Amenefus 74

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* /support/FCKeditor/editor/filemanager/connectors/test.html Details Form name: <empty> Form action: http://www.paltelgroup.ps/support/FCKeditor/editor/filemanager/connectors/test.html Form method: POST Form inputs: - NewFile [File]

Request headers GET /support/FCKeditor/editor/filemanager/connectors/test.html HTTP/1.1 Pragma: no-cache Referer: http://www.paltelgroup.ps/support/FCKeditor/editor/filemanager/connectors/ Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Acunetix-Aspect-Queries: filelist;aspectalerts Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */*

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

@Amenefus

75

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

PHP open_basedir is not set
Severity Medium Type Configuration Reported by module Scripting (PHPInfo.script) Description The open_basedir configuration directive will limit the files that can be opened by PHP to the specified directory-tree. When a script tries to open a file with, for example, fopen() or gzopen(), the location of the file is checked. When the file is outside the specified directory-tree, PHP will refuse to open it. open_basedir is a good protection against remote file inclusion vulnerabilities. For a remote attacker it is not possible to break out of the open_basedir restrictions if he is only able to inject the name of a file to be included. Therefore the number of files he will be able to include with such a local file include vulnerability is limited. Impact Application dependant - possible remote code inclusion. Recommendation You can set open_basedir from php.ini php.ini open_basedir = your_application_directory

Affected items /info.php Details This vulnerability was detected using the information from phpinfo() page /info.php open_basedir: no value Request headers GET /info.php HTTP/1.1 Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */*

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

@Amenefus

76

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

PHPinfo page found
Severity Medium Type Validation Reported by module Scripting (PHPInfo.script) Description PHPinfo page has been found in this directory. The PHPinfo page outputs a large amount of information about the current state of PHP. This includes information about PHP compilation options and extensions, the PHP version, server information and environment (if compiled as a module), the PHP environment, OS version information, paths, master and local values of configuration options, HTTP headers, and the PHP License. Impact This file may expose sensitive information that may help an malicious user to prepare more advanced attacks. Recommendation Remove the file from production systems. References PHP phpinfo Affected items /info.php Details phpinfo() page found at : /info.php Request headers GET /info.php HTTP/1.1 Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* /info.php Details Pattern found: <title>phpinfo()</title> Request headers GET /info.php HTTP/1.1 Pragma: no-cache Referer: http://www.paltelgroup.ps/ Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Acunetix-Aspect-Queries: filelist;aspectalerts Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */*

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

@Amenefus

77

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

Source code disclosure
Severity Medium Type Validation Reported by module Scripting (Text_Search.script) Description Looks like the source code for this script is available. This check is using pattern matching to determine if server side tags are found in the file. In some cases this alert may generate false positives. Impact An attacker can gather sensitive information (database connection strings, application logic) by analysing the source code. This information can be used to conduct further attacks. Recommendation Remove this file from your website or change its permissions to remove access. References iMPERVA Source Code Disclosure Affected items /support/FCKeditor/editor/filemanager/connectors/asp/connector.asp Details Pattern found: <%@ CodePage=65001 Language="VBScript"%> Request headers GET /support/FCKeditor/editor/filemanager/connectors/asp/connector.asp HTTP/1.1 Pragma: no-cache Referer: http://www.paltelgroup.ps/support/FCKeditor/editor/filemanager/connectors/test.html Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Acunetix-Aspect-Queries: filelist;aspectalerts Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */*

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

@Amenefus

78

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

User credentials are sent in clear text
Severity Medium Type Informational Reported by module Crawler Description User credentials are transmitted over an unencrypted channel. This information should always be transferred via an encrypted channel (HTTPS) to avoid being intercepted by malicious users. Impact A third party may be able to read the user credentials by intercepting an unencrypted HTTP connection. Recommendation Because user credentials are considered sensitive information, should always be transferred to the server over an encrypted connection (HTTPS). Affected items /support Details Form name: form1 Form action: http://www.paltelgroup.ps/support/index.php Form method: POST Form inputs: - name [Text] - password [Password] - security_code [Text] - login [Hidden]

Request headers GET /support/ HTTP/1.1 Pragma: no-cache Referer: http://www.paltelgroup.ps/support/ Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Acunetix-Aspect-Queries: filelist;aspectalerts Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */*

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

@Amenefus

79

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

File upload
Severity Low Type Informational Reported by module Crawler Description This page allows visitors to upload files to the server. Various web applications allow users to upload files (such as pictures, images, sounds, ...). Uploaded files may pose a significant risk if not handled correctly. A remote attacker could send a multipart/form-data POST request with a specially-crafted filename or mime type and execute arbitrary code. Impact If the uploaded files are not safely checked an attacker may upload malicious files. Recommendation Restrict file types accepted for upload: check the file extension and only allow certain files to be uploaded. Use a whitelist approach instead of a blacklist. Check for double extensions such as .php.png. Check for files without a filename like .htaccess (on ASP.NET, check for configuration files like web.config). Change the permissions on the upload folder so the files within it are not executable. If possible, rename the files that are uploaded. Affected items /application_corporate_action.php Details Form name: reg Form action: http://www.paltelgroup.ps/application_corporate_action.php Form method: POST Form inputs: - opt [Hidden] - corporates_name [Text] - corporates_owner [Text] - corporates_contact [Text] - corporates_mobile [Text] - corporates_mobile_pre [Select] - corporates_contact_mobile [Text] - corporates_contact_mobile_pre [Select] - corporates_phone [Text][/l ... (line truncated) Request headers GET / HTTP/1.1 /support/FCKeditor/editor/filemanager/connectors/test.html Details Form name: <empty> Form action: http://www.paltelgroup.ps/support/FCKeditor/editor/filemanager/connectors/test.html Form method: POST Form inputs: - NewFile [File]

Request headers

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

GET /support/FCKeditor/editor/filemanager/connectors/test.html HTTP/1.1 Pragma: no-cache Referer: http://www.paltelgroup.ps/support/FCKeditor/editor/filemanager/connectors/ Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Acunetix-Aspect-Queries: filelist;aspectalerts @Amenefus 80

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */*

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

@Amenefus

81

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

Login page password-guessing attack
Severity Low Type Validation Reported by module Scripting (Html_Authentication_Audit.script) Description A common threat web developers face is a password-guessing attack known as a brute force attack. A brute-force attack is an attempt to discover a password by systematically trying every possible combination of letters, numbers, and symbols until you discover the one correct combination that works. This login page doesn't have any protection against password-guessing attacks (brute force attacks). It's recommended to implement some type of account lockout after a defined number of incorrect password attempts. Consult Web references for more information about fixing this problem. Impact An attacker may attempt to discover a weak password by systematically trying every possible combination of letters, numbers, and symbols until it discovers the one correct combination that works. Recommendation It's recommended to implement some type of account lockout after a defined number of incorrect password attempts. References Blocking Brute Force Attacks Affected items /support/index.php Details The scanner tested 10 invalid credentials and no account lockout was detected. Request headers POST /support/index.php HTTP/1.1 Content-Length: 56 Content-Type: application/x-www-form-urlencoded Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* login=yes&name=nAw6F8aD&password=Hya7Kb5P&security_code=

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

@Amenefus

82

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

Possible sensitive directories
Severity Low Type Validation Reported by module Scripting (Possible_Sensitive_Directories.script) Description A possible sensitive directory has been found. This directory is not directly linked from the website.This check looks for common sensitive resources like backup directories, database dumps, administration pages, temporary directories. Each one of these directories could help an attacker to learn more about his target. Impact This directory may expose sensitive information that could help a malicious user to prepare more advanced attacks. Recommendation Restrict access to this directory or remove it from the website. References Web Server Security and Database Server Security Affected items /images/staff Details No details are available. Request headers GET /images/staff HTTP/1.1 Accept: acunetix/wvs Range: bytes=0-99999 Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) /support/FCKeditor Details No details are available. Request headers GET /support/FCKeditor HTTP/1.1 Accept: acunetix/wvs Range: bytes=0-99999 Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) /support/FCKeditor/editor/_source Details No details are available. Request headers

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

GET /support/FCKeditor/editor/_source HTTP/1.1 Accept: acunetix/wvs Range: bytes=0-99999 Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) @Amenefus 83

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

/support/FCKeditor/editor/filemanager Details No details are available. Request headers GET /support/FCKeditor/editor/filemanager HTTP/1.1 Accept: acunetix/wvs Range: bytes=0-99999 Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) /uploads Details No details are available. Request headers GET /uploads HTTP/1.1 Accept: acunetix/wvs Range: bytes=0-99999 Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

@Amenefus

84

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

Possible sensitive files
Severity Low Type Validation Reported by module Scripting (Possible_Sensitive_Files.script) Description A possible sensitive file has been found. This file is not directly linked from the website. This check looks for common sensitive resources like password files, configuration files, log files, include files, statistics data, database dumps. Each one of these files could help an attacker to learn more about his target. Impact This file may expose sensitive information that could help a malicious user to prepare more advanced attacks. Recommendation Restrict access to this file or remove it from the website. References Web Server Security and Database Server Security Affected items /banners/.DS_Store Details No details are available. Request headers GET /banners/.DS_Store HTTP/1.1 Accept: acunetix/wvs Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) /banners/images/.DS_Store Details No details are available. Request headers GET /banners/images/.DS_Store HTTP/1.1 Accept: acunetix/wvs Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) /classes/.DS_Store Details No details are available. Request headers GET /classes/.DS_Store HTTP/1.1 Accept: acunetix/wvs Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

@Amenefus

85

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

/css/.DS_Store Details No details are available. Request headers GET /css/.DS_Store HTTP/1.1 Accept: acunetix/wvs Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) /downloads/.DS_Store Details No details are available. Request headers GET /downloads/.DS_Store HTTP/1.1 Accept: acunetix/wvs Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) /downloads/reports/.DS_Store Details No details are available. Request headers GET /downloads/reports/.DS_Store HTTP/1.1 Accept: acunetix/wvs Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) /downloads/reports_thumb/.DS_Store Details No details are available. Request headers GET /downloads/reports_thumb/.DS_Store HTTP/1.1 Accept: acunetix/wvs Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) /images/.DS_Store Details No details are available. Request headers GET /images/.DS_Store HTTP/1.1 Accept: acunetix/wvs Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

@Amenefus

86

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

/images/images/.DS_Store Details No details are available. Request headers GET /images/images/.DS_Store HTTP/1.1 Accept: acunetix/wvs Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) /images/staff/.DS_Store Details No details are available. Request headers GET /images/staff/.DS_Store HTTP/1.1 Accept: acunetix/wvs Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) /images/stories/.DS_Store Details No details are available. Request headers GET /images/stories/.DS_Store HTTP/1.1 Accept: acunetix/wvs Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) /js/.DS_Store Details No details are available. Request headers GET /js/.DS_Store HTTP/1.1 Accept: acunetix/wvs Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) /support/.DS_Store Details No details are available. Request headers GET /support/.DS_Store HTTP/1.1 Accept: acunetix/wvs Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

@Amenefus

87

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

/support/FCKeditor/.cvsignore Details No details are available. Request headers GET /support/FCKeditor/.cvsignore HTTP/1.1 Accept: acunetix/wvs Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) /support/FCKeditor/editor/filemanager/connectors/test.html Details No details are available. Request headers GET /support/FCKeditor/editor/filemanager/connectors/test.html HTTP/1.1 Accept: acunetix/wvs Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) /support/menu/test.php Details No details are available. Request headers GET /support/menu/test.php HTTP/1.1 Accept: acunetix/wvs Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

@Amenefus

88

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

Session Cookie without HttpOnly flag set
Severity Low Type Informational Reported by module Crawler Description This session cookie doesn't have the HTTPOnly flag set. When a cookie is set with the HTTPOnly flag, it instructs the browser that the cookie can only be accessed by the server and not by client-side scripts. This is an important security protection for session cookies. Impact None Recommendation If possible, you should set the HTTPOnly flag for this cookie. Affected items / Details Cookie name: "PHPSESSID" Cookie domain: "www.paltelgroup.ps" Request headers GET / HTTP/1.1 Pragma: no-cache Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Acunetix-Aspect-Queries: filelist;aspectalerts Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */*

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

@Amenefus

89

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

Session Cookie without Secure flag set
Severity Low Type Informational Reported by module Crawler Description This session cookie doesn't have the Secure flag set. When a cookie is set with the Secure flag, it instructs the browser that the cookie can only be accessed over secure SSL channels. This is an important security protection for session cookies. Impact None Recommendation If possible, you should set the Secure flag for this cookie. Affected items / Details Cookie name: "PHPSESSID" Cookie domain: "www.paltelgroup.ps" Request headers GET / HTTP/1.1 Pragma: no-cache Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Acunetix-Aspect-Queries: filelist;aspectalerts Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */*

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

@Amenefus

90

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

TRACE method is enabled
Severity Low Type Validation Reported by module Scripting (Track_Trace_Server_Methods.script) Description HTTP TRACE method is enabled on this web server. In the presence of other cross-domain vulnerabilities in web browsers, sensitive header information could be read from any domains that support the HTTP TRACE method. Impact Attackers may abuse HTTP TRACE functionality to gain access to information in HTTP headers such as cookies and authentication data. Recommendation Disable TRACE Method on the web server. References US-CERT VU#867593 IIS 6 WWW Service Registry Entries Cross-site tracing (XST) W3C - RFC 2616 Affected items Web Server Details No details are available. Request headers TRACE /sJg6vZcsot HTTP/1.1 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */*

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

@Amenefus

91

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

Broken links
Severity Informational Type Informational Reported by module Crawler Description A broken link refers to any link that should take you to a document, image or webpage, that actually results in an error. This page was linked from the website but it is inaccessible. Impact Problems navigating the site. Recommendation Remove the links to this file or make it accessible. Affected items /a Details No details are available. Request headers GET /a HTTP/1.1 Pragma: no-cache Referer: http://www.paltelgroup.ps/ Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Acunetix-Aspect-Queries: filelist;aspectalerts Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* /ajax/images/staff Details No details are available. Request headers GET /ajax/images/staff/ HTTP/1.1 Pragma: no-cache Referer: http://www.paltelgroup.ps/ajax/images/staff Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Acunetix-Aspect-Queries: filelist;aspectalerts Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */*

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

@Amenefus

92

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

Email address found
Severity Informational Type Informational Reported by module Scripting (Text_Search.script) Description One or more email addresses have been found on this page. The majority of spam comes from email addresses harvested off the internet. The spam-bots (also known as email harvesters and email extractors) are programs that scour the internet looking for email addresses on any website they come across. Spambot programs look for strings like myname@mydomain.com and then record any addresses found. Impact Email addresses posted on Web sites may attract spam. Recommendation Check references for details on how to solve this problem. References Why Am I Getting All This Spam? Spam-Proofing Your Website Affected items /index.php Details Pattern found: info@zoom.ps Request headers GET /index.php HTTP/1.1 Pragma: no-cache Referer: http://www.paltelgroup.ps/ Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Acunetix-Aspect-Queries: filelist;aspectalerts Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* /info.php Details Pattern found: license@php.net Request headers GET /info.php HTTP/1.1 Pragma: no-cache Referer: http://www.paltelgroup.ps/ Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Acunetix-Aspect-Queries: filelist;aspectalerts Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */*

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

@Amenefus

93

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

/js/jquery.hoverIntent.minified.js Details Pattern found: brian@cherne.net Request headers GET /js/jquery.hoverIntent.minified.js HTTP/1.1 Pragma: no-cache Referer: http://www.paltelgroup.ps/ Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Acunetix-Aspect-Queries: filelist;aspectalerts Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */*

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

@Amenefus

94

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

GHDB: Default phpinfo page
Severity Informational Type Informational Reported by module GHDB Description The description for this alert is contributed by the GHDB community, it may contain inappropriate language. Category : Files containing passwords This will look throught default phpinfo pages for ones that have a default mysql password. The Google Hacking Database (GHDB) appears courtesy of the Google Hacking community. Impact Not available. Check description. Recommendation Not available. Check description. References The Google Hacking Database (GHDB) community Acunetix Google hacking Affected items /info.php Details We found intitle:"phpinfo()" +"mysql.default_password" +"Zend Scripting Language Engine" Request headers GET /info.php HTTP/1.1 Pragma: no-cache Referer: http://www.paltelgroup.ps/ Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Acunetix-Aspect-Queries: filelist;aspectalerts Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */*

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

@Amenefus

95

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

GHDB: phpinfo()
Severity Informational Type Informational Reported by module GHDB Description The description for this alert is contributed by the GHDB community, it may contain inappropriate language. Category : Files containing juicy info this brings up sites with phpinfo(). There is SO much cool stuff in here that you just have to check one out for yourself! I mean full blown system versioning, SSL version, sendmail version and path, ftp, LDAP, SQL info, Apache mods, Apache env vars, *sigh* the list goes on and on! Thanks "joe!" =) The Google Hacking Database (GHDB) appears courtesy of the Google Hacking community. Impact Not available. Check description. Recommendation Not available. Check description. References Acunetix Google hacking The Google Hacking Database (GHDB) community Affected items /info.php Details We found intitle:phpinfo "PHP Version" Request headers GET /info.php HTTP/1.1 Pragma: no-cache Referer: http://www.paltelgroup.ps/ Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Acunetix-Aspect-Queries: filelist;aspectalerts Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */*

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

@Amenefus

96

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

GHDB: Possible mysql configuration file
Severity Informational Type Informational Reported by module GHDB Description The description for this alert is contributed by the GHDB community, it may contain inappropriate language. Category : Files containing juicy info This file contains port number, version number and path info to MySQL server. The Google Hacking Database (GHDB) appears courtesy of the Google Hacking community. Impact Not available. Check description. Recommendation Not available. Check description. References The Google Hacking Database (GHDB) community Acunetix Google hacking Affected items /info.php Details We found intitle:"index of" mysql.conf OR mysql_config Request headers GET /info.php HTTP/1.1 Pragma: no-cache Referer: http://www.paltelgroup.ps/ Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Acunetix-Aspect-Queries: filelist;aspectalerts Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */*

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

@Amenefus

97

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

Password type input with autocomplete enabled
Severity Informational Type Informational Reported by module Crawler Description When a new name and password is entered in a form and the form is submitted, the browser asks if the password should be saved. Thereafter when the form is displayed, the name and password are filled in automatically or are completed as the name is entered. An attacker with local access could obtain the cleartext password from the browser cache. Impact Possible sensitive information disclosure Recommendation The password autocomplete should be disabled in sensitive applications. To disable autocomplete, you may use a code similar to: <INPUT TYPE="password" AUTOCOMPLETE="off">

Affected items /support Details Password type input named password from form named form1 with action /support/index.php has autocomplete enabled. Request headers GET /support/ HTTP/1.1 Pragma: no-cache Referer: http://www.paltelgroup.ps/support/ Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Acunetix-Aspect-Queries: filelist;aspectalerts Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */*

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

@Amenefus

98

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

Possible internal IP address disclosure
Severity Informational Type Informational Reported by module Scripting (Text_Search.script) Description A string matching an internal IPv4 address was found on this page. This may disclose information about the IP addressing scheme of the internal network. This information can be used to conduct further attacks. This alert may be a false positive, manual confirmation is required. Impact Possible sensitive information disclosure. Recommendation Prevent this information from being displayed to the user. Affected items /info.php Details Pattern found: 10.160.130.11 Request headers GET /info.php HTTP/1.1 Pragma: no-cache Referer: http://www.paltelgroup.ps/ Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Acunetix-Aspect-Queries: filelist;aspectalerts Cookie: PHPSESSID=e1m0drsd8hbtrqarfqs9vljih4 Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */*

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

@Amenefus

99

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

Possible username or password disclosure
Severity Informational Type Informational Reported by module Scripting (Text_Search.script) Description A username and/or password was found in this file. This information could be sensitive. This alert may be a false positive, manual confirmation is required. Impact Possible sensitive information disclosure. Recommendation Remove this file from your website or change its permissions to remove access. Affected items /js/jq.js Details Pattern found: password:function Request headers GET /js/jq.js HTTP/1.1 Pragma: no-cache Referer: http://www.paltelgroup.ps/ Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Acunetix-Aspect-Queries: filelist;aspectalerts Host: www.paltelgroup.ps Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */*

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

@Amenefus

100

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

Scanned items (coverage report)
URL: http://www.paltelgroup.ps/ Vulnerabilities has been identified for this URL 26 input(s) found for this URL Inputs Input scheme 1 Input name Lang MenuId PageId ParentId TemplateId Input scheme 2 Input name catId Lang MenuId ParentId TemplateId Input scheme 3 Input name Lang MenuId ParentId TemplateId Input scheme 4 Input name Lang Input scheme 5 Input name MenuId PageId ParentId TemplateId Input scheme 6 Input name catId MenuId ParentId TemplateId Input scheme 7 Input name MenuId ParentId TemplateId URL: http://www.paltelgroup.ps/index.php Vulnerabilities has been identified for this URL 144 input(s) found for this URL Input type URL encoded GET URL encoded GET URL encoded GET URL encoded GET URL encoded GET Input type URL encoded GET URL encoded GET URL encoded GET URL encoded GET URL encoded GET Input type URL encoded GET URL encoded GET URL encoded GET URL encoded GET Input type URL encoded GET Input type URL encoded GET URL encoded GET URL encoded GET URL encoded GET Input type URL encoded GET URL encoded GET URL encoded GET URL encoded GET Input type URL encoded GET URL encoded GET URL encoded GET

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

Inputs @Amenefus 101

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

Input scheme 1 Input name Lang TemplateId search searchButton Input scheme 2 Input name Lang MenuId PageId ParentId TemplateId Input scheme 3 Input name Lang PageId ParentId TemplateId Input scheme 4 Input name AlbumCat Lang MenuId ParentId TemplateId Input scheme 5 Input name catId Lang MenuId ParentId TemplateId Input scheme 6 Input name Lang ParentId TemplateId Input scheme 7 Input name Lang TemplateId Input scheme 8 Input name Lang Input scheme 9 Input name Lang MenuId

Input type URL encoded GET URL encoded GET URL encoded POST URL encoded POST Input type URL encoded GET URL encoded GET URL encoded GET URL encoded GET URL encoded GET Input type URL encoded GET URL encoded GET URL encoded GET URL encoded GET Input type URL encoded GET URL encoded GET URL encoded GET URL encoded GET URL encoded GET Input type URL encoded GET URL encoded GET URL encoded GET URL encoded GET URL encoded GET Input type URL encoded GET URL encoded GET URL encoded GET Input type URL encoded GET URL encoded GET Input type URL encoded GET Input type URL encoded GET URL encoded GET

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

ParentId @Amenefus

URL encoded GET 102

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

TemplateId Input scheme 10 Input name catId Lang MenuId NewsId PageId ParentId TemplateId Input scheme 11 Input name catId Lang MenuId PageId ParentId TemplateId Input scheme 12 Input name AlbumCat catId Lang MenuId ParentId TemplateId Input scheme 13 Input name MenuId PageId ParentId TemplateId Input scheme 14 Input name Lang Lang MenuId PageId ParentId TemplateId Input scheme 15 Input name AlbumCat MenuId ParentId TemplateId Input scheme 16 Input name AlbumCat ipp

URL encoded GET Input type URL encoded GET URL encoded GET URL encoded GET URL encoded GET URL encoded GET URL encoded GET URL encoded GET Input type URL encoded GET URL encoded GET URL encoded GET URL encoded GET URL encoded GET URL encoded GET Input type URL encoded GET URL encoded GET URL encoded GET URL encoded GET URL encoded GET URL encoded GET Input type URL encoded GET URL encoded GET URL encoded GET URL encoded GET Input type URL encoded GET URL encoded GET URL encoded GET URL encoded GET URL encoded GET URL encoded GET Input type URL encoded GET URL encoded GET URL encoded GET URL encoded GET Input type URL encoded GET URL encoded GET

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

Lang @Amenefus

URL encoded GET 103

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

MenuId page ParentId TemplateId Input scheme 17 Input name catId MenuId ParentId TemplateId Input scheme 18 Input name catId ipp Lang MenuId page ParentId TemplateId Input scheme 19 Input name capa country email feedback Lang name org subject telenum Input scheme 20 Input name MenuId ParentId TemplateId Input scheme 21 Input name Lang MenuId NewsId PageId ParentId TemplateId Input scheme 22 Input name AlbumCat catId MenuId ParentId TemplateId

URL encoded GET URL encoded GET URL encoded GET URL encoded GET Input type URL encoded GET URL encoded GET URL encoded GET URL encoded GET Input type URL encoded GET URL encoded GET URL encoded GET URL encoded GET URL encoded GET URL encoded GET URL encoded GET Input type URL encoded POST URL encoded POST URL encoded POST URL encoded POST URL encoded POST URL encoded POST URL encoded POST URL encoded POST URL encoded POST Input type URL encoded GET URL encoded GET URL encoded GET Input type URL encoded GET URL encoded GET URL encoded GET URL encoded GET URL encoded GET URL encoded GET Input type URL encoded GET URL encoded GET URL encoded GET URL encoded GET URL encoded GET

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

@Amenefus

104

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

Input scheme 23 Input name AlbumCat catId ipp Lang MenuId page ParentId TemplateId Input scheme 24 Input name full id Lang MenuId ParentId TemplateId Input scheme 25 Input name ipp Lang MenuId page ParentId TemplateId Input scheme 26 Input name AlbumCat ipp MenuId page ParentId TemplateId Input scheme 27 Input name catId ipp MenuId page ParentId TemplateId Input scheme 28 Input name errro Lang MenuId ParentId TemplateId

Input type URL encoded GET URL encoded GET URL encoded GET URL encoded GET URL encoded GET URL encoded GET URL encoded GET URL encoded GET Input type URL encoded GET URL encoded GET URL encoded GET URL encoded GET URL encoded GET URL encoded GET Input type URL encoded GET URL encoded GET URL encoded GET URL encoded GET URL encoded GET URL encoded GET Input type URL encoded GET URL encoded GET URL encoded GET URL encoded GET URL encoded GET URL encoded GET Input type URL encoded GET URL encoded GET URL encoded GET URL encoded GET URL encoded GET URL encoded GET Input type URL encoded GET URL encoded GET URL encoded GET URL encoded GET URL encoded GET

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

@Amenefus

105

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

URL: http://www.paltelgroup.ps/images/ Vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/images/menu/ No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/images/press/ No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/images/inner/ No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/images/slideshow/ No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/images/slideshow/thumbs/ No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/images/stories/ Vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/images/stories/.DS_Store No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/images/banner/ No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/images/banner/icons/ No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/images/banner/icons/ar/ No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/images/staff/ Vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/images/staff/.DS_Store No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/images/.DS_Store No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/images/images/ Vulnerabilities has been identified for this URL

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

No input(s) found for this URL @Amenefus 106

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

URL: http://www.paltelgroup.ps/images/images/.DS_Store No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/images/audio/ No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/images/audio/mp3/ No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/images/projects/ No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/css_ar/ No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/css_ar/reset.css No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/css_ar/style.css No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/css_ar/paltel.css No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/css_ar/chartstyle.css No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/css_ar/style_ie8.css No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/css_ar/style_ie7.css No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/css_ar/style_ie9.css No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/css_ar/dcmegamenu.css No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/css/ Vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/css/jquery-ui.css No vulnerabilities has been identified for this URL

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

No input(s) found for this URL @Amenefus 107

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

URL: http://www.paltelgroup.ps/css/jquery.fancybox.css No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/css/style.css No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/css/reset.css No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/css/paltel.css No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/css/chartstyle.css No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/css/form.css No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/css/images/ No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/css/style_ie7.css No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/css/style_ie8.css No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/css/dcmegamenu.css No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/css/.DS_Store No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/js/ Vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/js/jq.js Vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/js/jquery.hoverIntent.minified.js Vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/js/jqc.js No vulnerabilities has been identified for this URL

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

No input(s) found for this URL @Amenefus 108

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

URL: http://www.paltelgroup.ps/js/jqEasing.js No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/js/exCanvas.js No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/js/jquery.fancybox.pack.js No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/js/jq.selectBox.js No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/js/expCanvas.js No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/js/warning.js No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/js/jquery-ui.js No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/js/jquery.dcmegamenu.1.3.3_ar.js No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/js/home_ar.js No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/js/menuInner_ar.js No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/js/all.js No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/js/home.js No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/js/jquery.dcmegamenu.1.3.3.js No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/js/menuInner.js No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/js/datetimepicker_css.js No vulnerabilities has been identified for this URL

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

No input(s) found for this URL @Amenefus 109

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

URL: http://www.paltelgroup.ps/js/.DS_Store No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/uploads/ No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/uploads/image/ No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/uploads/image/news%20and%20events%20/ No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/uploads/image/press%20release/ No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/uploads/file/ No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/uploads/flash/ No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/ajax/ No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/ajax/cal.php No vulnerabilities has been identified for this URL 2 input(s) found for this URL Inputs Input scheme 1 Input name id Lang URL: http://www.paltelgroup.ps/ajax/getReports.php No vulnerabilities has been identified for this URL 2 input(s) found for this URL Inputs Input scheme 1 Input name lang year URL: http://www.paltelgroup.ps/ajax/getTheNews.php No vulnerabilities has been identified for this URL 3 input(s) found for this URL Inputs Input scheme 1 Input type URL encoded POST URL encoded POST Input type URL encoded GET URL encoded GET

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

Input name @Amenefus

Input type 110

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

catId id Lang URL: http://www.paltelgroup.ps/ajax/getMoreNews.php Vulnerabilities has been identified for this URL 5 input(s) found for this URL Inputs Input scheme 1 Input name catId from Lang link perPage URL: http://www.paltelgroup.ps/ajax/contact.php No vulnerabilities has been identified for this URL 8 input(s) found for this URL Inputs Input scheme 1 Input name capa country email Lang name org subject telenum URL: http://www.paltelgroup.ps/ajax/getStaff.php No vulnerabilities has been identified for this URL 2 input(s) found for this URL Inputs Input scheme 1 Input name id Lang URL: http://www.paltelgroup.ps/ajax/images No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/ajax/images/staff/ Vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/downloads/ Vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/downloads/reports/ Vulnerabilities has been identified for this URL

URL encoded POST URL encoded POST URL encoded POST

Input type URL encoded POST URL encoded POST URL encoded POST URL encoded POST URL encoded POST

Input type URL encoded POST URL encoded POST URL encoded POST URL encoded POST URL encoded POST URL encoded POST URL encoded POST URL encoded POST

Input type URL encoded POST URL encoded POST

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

No input(s) found for this URL @Amenefus 111

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

URL: http://www.paltelgroup.ps/downloads/reports/.DS_Store No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/downloads/reports_thumb/ Vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/downloads/reports_thumb/.DS_Store No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/downloads/.DS_Store No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/CaptchaSecurityImages.php No vulnerabilities has been identified for this URL 3 input(s) found for this URL Inputs Input scheme 1 Input name characters height width URL: http://www.paltelgroup.ps/application_corporate_action.php Vulnerabilities has been identified for this URL 69 input(s) found for this URL Inputs Input scheme 1 Input name about_project board_director button captcha city_1 city_10 city_11 city_12 city_13 city_14 city_15 city_16 city_2 city_3 city_4 city_5 city_6 city_7 city_8 city_9 corporate_address corporate_area Input type POST (multipart) POST (multipart) POST (multipart) POST (multipart) POST (multipart) POST (multipart) POST (multipart) POST (multipart) POST (multipart) POST (multipart) POST (multipart) POST (multipart) POST (multipart) POST (multipart) POST (multipart) POST (multipart) POST (multipart) POST (multipart) POST (multipart) POST (multipart) POST (multipart) POST (multipart) Input type URL encoded GET URL encoded GET URL encoded GET

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

corporate_non_pofet @Amenefus

POST (multipart) 112

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

corporate_reg_licen_attachment corporate_register2 corporates_contact corporates_contact_mobile corporates_contact_mobile_pre corporates_email corporates_fax corporates_fax_pre corporates_mobile corporates_mobile_pre corporates_name corporates_owner corporates_phone corporates_phone_pre corporates_web corporatr_types domain_1 domain_10 domain_11 domain_12 domain_2 domain_3 domain_4 domain_5 domain_6 domain_7 domain_8 domain_9 fi2at_1 fi2at_2 fi2at_4 fi2at_5 fi2at_6 fi2at_7 fund_ammount ghayah_from_application opt prject_duration prject_serve_fi2at prject_start_date project_attachments project_finance_reports project_majal project_mustafeed project_name requested_fund URL: http://www.paltelgroup.ps/captcha.php No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/a Vulnerabilities has been identified for this URL No input(s) found for this URL

POST (multipart) POST (multipart) POST (multipart) POST (multipart) POST (multipart) POST (multipart) POST (multipart) POST (multipart) POST (multipart) POST (multipart) POST (multipart) POST (multipart) POST (multipart) POST (multipart) POST (multipart) POST (multipart) POST (multipart) POST (multipart) POST (multipart) POST (multipart) POST (multipart) POST (multipart) POST (multipart) POST (multipart) POST (multipart) POST (multipart) POST (multipart) POST (multipart) POST (multipart) POST (multipart) POST (multipart) POST (multipart) POST (multipart) POST (multipart) POST (multipart) POST (multipart) POST (multipart) POST (multipart) POST (multipart) POST (multipart) POST (multipart) POST (multipart) POST (multipart) POST (multipart) POST (multipart) POST (multipart)

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

@Amenefus

113

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

URL: http://www.paltelgroup.ps/application_corporate_action1.php No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/application_corporate_action2.php No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/info.php Vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/banners/ Vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/banners/.DS_Store No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/banners/images/ Vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/banners/images/.DS_Store No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/classes/ Vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/classes/.DS_Store No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/support/ Vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/support/index.php Vulnerabilities has been identified for this URL 4 input(s) found for this URL Inputs Input scheme 1 Input name login name password security_code URL: http://www.paltelgroup.ps/support/style.css No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/support/images/ No vulnerabilities has been identified for this URL Input type URL encoded POST URL encoded POST URL encoded POST URL encoded POST

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

No input(s) found for this URL @Amenefus 114

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

URL: http://www.paltelgroup.ps/support/CaptchaSecurityImages.php No vulnerabilities has been identified for this URL 3 input(s) found for this URL Inputs Input scheme 1 Input name characters height width URL: http://www.paltelgroup.ps/support/.DS_Store No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/support/FCKeditor/ Vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/support/FCKeditor/.cvsignore No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/support/FCKeditor/editor/ Vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/support/FCKeditor/editor/filemanager/ No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/support/FCKeditor/editor/filemanager/connectors/ Vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/support/FCKeditor/editor/filemanager/connectors/php/ No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/support/FCKeditor/editor/filemanager/connectors/php/connector.php No vulnerabilities has been identified for this URL 4 input(s) found for this URL Inputs Input scheme 1 Input name NewFile Command CurrentFolder Type Input type POST (multipart) URL encoded GET URL encoded GET URL encoded GET Input type URL encoded GET URL encoded GET URL encoded GET

URL: http://www.paltelgroup.ps/support/FCKeditor/editor/filemanager/connectors/php/config.php No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/support/FCKeditor/editor/filemanager/connectors/test.html Vulnerabilities has been identified for this URL 1 input(s) found for this URL

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

Inputs @Amenefus

115

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

Input scheme 1 Input name NewFile

Input type POST (multipart)

URL: http://www.paltelgroup.ps/support/FCKeditor/editor/filemanager/connectors/asp/ No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/support/FCKeditor/editor/filemanager/connectors/asp/connector.asp Vulnerabilities has been identified for this URL 3 input(s) found for this URL Inputs Input scheme 1 Input name Command CurrentFolder Type URL: http://www.paltelgroup.ps/support/FCKeditor/editor/_source/ No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/support/FCKeditor/editor/_source/classes/ No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/support/FCKeditor/editor/plugins/ No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/support/FCKeditor/editor/js/ No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/support/FCKeditor/editor/images/ No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/support/menu/ Vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/support/menu/test.php No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/support/menu/readme.txt No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/support/menu/css.css No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/support/menu/js.js No vulnerabilities has been identified for this URL No input(s) found for this URL Input type URL encoded GET URL encoded GET URL encoded GET

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

@Amenefus

116

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

URL: http://www.paltelgroup.ps/support/menu/hack.css No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://www.paltelgroup.ps/support/scripts/ No vulnerabilities has been identified for this URL No input(s) found for this URL

@Amenefus

117

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

// Follow us on Twitter; @Amenefus @IsraeliElite // paltel.ps – Internet provider to Gaza.

Sign up to vote on this title
UsefulNot useful